Monday, March 18, 2019

Docker Scripts used to create and setup myhouse7 Vulenrable VM

For the myhouse7 Vulnerable VM I created a script to automate the setup of docker, setup of pre-setup docker images, and the setup of the images on Ubuntu.  This was to maintain the size of the VM that had to be downloaded to a minimum size.  Here is the link to the myhouse7 Vulnerable VM post.

I thought I would publish the scripta because they can be reused to build a small network in docker.  The below script references files that would not exist if you ran the script after downloading it.




#!/bin/bash

# Files that need to be copied over...
# buildDockerNet.sh # This bash script
# checkHealth.py # Checks the health of the virtual machines
# dockerImages.tar.gz # Compressed tar's of the images that are used
# vol_db1srv.zip # /var/lib/mysql volume with the databases setup 


# Create a /etc/rc.local
# #!/bin/bash
# /home/bob/setup/buildDockerNet.sh
# exit 0
# Setup the file as executable 
# chmod 744 /etc/rc.local
# systemctl enable rc-local.service
# reboot and it should work...

# Built a python script called checkHealth.py on the host to check the health of the virtual machines.  Use the results to recreate the index.php on the host.  Host needs apache2 installed and running
# The health check page has 2 more flags in the page itself...

# The host has a user account called "admin" with the password of "admin"
# The purpose of this account is to allow the student to check the IP Address of the system

# Assumes that in bob's home directory the setup folder exists and this script is run from inside...
path='/home/bob/setup'


### -------- Create the config directory if it does not exist ------------- ###
if [ ! -d $path/config ]
then
 mkdir $path/config
fi

### ---- Setup docker if it is not installed ---- ####
if [ ! -e $path/config/installDocker.txt ]
then
 echo ""
 echo "Installing Docker CE"
 echo "Expects that bob is the name of the user logged in..."
 # Installs the apt key for Docker
 curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
 # Setup the repo
 add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
 # Install docker packages
 # Install unzip to extract the volumes
 # Install apache2 to run a local site on port 20000
 apt-get --assume-yes install docker-ce unzip apache2
 # Test if docker is working
 docker run hello-world
 # Setup the bob user to run the docker command without sudo
 usermod -aG docker bob
 touch $path/config/installDocker.txt
 # Enable and Start the docker daemon
 systemctl enable docker
 systemctl start docker
 echo ""
 echo "Docker successfully installed... You should restart the VM..."
else
 echo ""
 echo "Docker is currently installed and working..."
 echo ""
fi




### --- Setup images for use by the computer --- ###
# /config/setupImages.txt
# Untar and gzip them
# docker load ...
# setup the volume for db1srv ... probably after it is created

### ---- Extract and load the Images ---- ###
if [ ! -e $path/config/setupImages.txt ] && [ -e $path/config/installDocker.txt ]
then
 # Extract the .tar.gz
 echo ""
 echo "Extracting the images..."
 tar xvzf $path/dockerImages.tar.gz -C $path
 # Load the Images
 echo ""
 echo "Loading the extracted images..."
 docker load -i $path/d-anchor-cmsv12.tar
 docker load -i $path/d-apache2-backupv4.tar
 docker load -i $path/d-initial.tar
 docker load -i $path/d-nikto-potv2.tar
 docker load -i $path/d-rsyslogv6.tar
 docker load -i $path/d-sambav2.tar
 docker load -i $path/mariadbv9.tar
 rm -f $path/d-anchor-cmsv12.tar
 rm -f $path/d-apache2-backupv4.tar
 rm -f $path/d-initial.tar
 rm -f $path/d-nikto-potv2.tar
 rm -f $path/dockerImages.tar.gz
 rm -f $path/d-rsyslogv6.tar
 rm -f $path/d-sambav2.tar
 rm -f $path/mariadbv9.tar
 touch $path/config/setupImages.txt
elif [ -e $path/config/installDocker.txt ] && [ -e $path/config/setupImages.txt ]
then
 echo ""
 echo "Docker images are extracted and setup..."
 echo ""
else
 echo ""
 echo "Something is not setup correctly with docker images..."
 echo ""
fi





### ---- Setup the docker networks --- ###
if [ ! -e $path/config/networks.txt ] && [ -e $path/config/installDocker.txt ] && [ -e $path/config/setupImages.txt ]
then
 echo ""
 echo "Configuring Docker Networks"
 docker network create --driver=bridge net10 --subnet=172.31.10.0/24
 docker network create --driver=bridge net20 --subnet=172.31.20.0/24
 docker network create --driver=bridge net30 --subnet=172.31.30.0/24
 docker network create --driver=bridge net200 --subnet=172.31.200.0/24
 touch $path/config/networks.txt
elif [ -e $path/config/networks.txt ] && [ -e $path/config/installDocker.txt ] && [ -e $path/config/setupImages.txt ]
then
 echo ""
 echo "Docker networks are already setup..."
 echo ""
else
 echo ""
 echo "Something is not setup correctly with docker networks..."
 echo ""
fi




### ---- Setup the docker volumes --- ###
if [ ! -e $path/config/volumes.txt ] && [ -e $path/config/installDocker.txt ] && [ -e $path/config/setupImages.txt ]
then 
 echo ""
 echo "Configuring Docker Volumes"
 docker volume create rsyslog_var_log # Creates a volume to retain the log information
 docker volume create db1srv_var_lib_mysql # Retains the databases created or updated
 sudo unzip $path/vol_db1srv.zip -d /
 touch $path/config/volumes.txt
elif [ -e $path/config/volumes.txt ] && [ -e $path/config/installDocker.txt ] && [ -e $path/config/setupImages.txt ]
then
 echo ""
 echo "Docker volumes are already setup..."
 echo ""
else
 echo ""
 echo "Something is not setup correctly with docker volumes..."
 echo ""
fi


### ----- Setup the local server with the flags and other items ---- ###
if [ ! -e $path/config/host.txt ] && [ -e $path/config/volumes.txt ] && [ -e $path/config/installDocker.txt ] && [ -e $path/config/setupImages.txt ]
then
 echo ""
 echo "Configuring the Host"
 # Changes the port on the apache2 server to port 20000
 sed -i 's/Listen 80/Listen 20000/' /etc/apache2/ports.conf
 systemctl restart apache2
 # Useraccount admin:admin is created for reference if necessary for pulling the IP Address.
 useradd admin
 sed -i 's/admin:!:.*/admin:$6$IWjBaf8R$oq9Wz2OjIJPwzOzzU7FNp7EtBvPIhwEA5gZMQHt05cgAYFovOzskRouSp.5QWzgnKNlpPWcYkJeW5sb6M4Sx21:17834:0:99999:7:::/' /etc/shadow
 rm -f $path/vol_db1srv.zip
 # Setup crontab with the scheduled health check
 echo "15/* * * * *    root    /home/bob/setup/checkHealth.py &> /dev/null" >> /etc/crontab
 touch $path/config/host.txt
elif [ -e $path/config/host.txt ] && [ -e $path/config/volumes.txt ] && [ -e $path/config/installDocker.txt ] && [ -e $path/config/setupImages.txt ]
then
 echo ""
 echo "The host has already been configured..."
 echo ""
else
 echo ""
 echo "Something is not setup correctly with the host..."
 echo ""
fi




## Exit the bash script if something is not setup...
if [ ! -e $path/config/networks.txt ] || [ ! -e $path/config/volumes.txt ] || [ ! -e $path/config/installDocker.txt ] || [ ! -e $path/config/setupImages.txt ]
then
 exit 0
fi



#### ---------------- Kill any docker images that may still be running --------------------- ####
for i in web1srv web1srv-v2 blue db1srv utah red two africa
do
        docker stop $i &> /dev/null      # Remove the web1srv container so it can be recreated
done




#### ---------------- Remove Stopped Containers - Clean-up ----- ####
docker ps -aq --no-trunc -f status=exited | xargs docker rm &> /dev/null
for i in web1srv web1srv-v2 blue db1srv utah red two africa
do
 docker rm /$i &> /dev/null # Remove the web1srv container so it can be recreated
done



echo ""
echo "Launching the containers in the DMZ"
echo ""
#### ----------------  Launch in net10 DMZ ---------------- ####
# 172.31.10.17 is meant to be a web server that through the container can connect to
# the database server at 172.31.20.10 - this container will create probably a 172.31.20.2 interface on the 20 subnet
# apt install php-gd php-mbstring php-mysql - Requirements for the install...
# anchor cms does not like being in a sub-folder under the root web folder
# Blog username: admin Password: anchor
docker create -it --network=net10 --name web1srv -p 8115:80 --ip=172.31.10.17 d-anchor-cmsv12 bash
docker network connect --ip=172.31.20.27 net20 web1srv
docker start web1srv
sleep 10s
docker exec -d web1srv /etc/init.d/apache2 start
docker exec -d web1srv /etc/init.d/rsyslog start
# Setup logging of apache2 access.log to go to the rsyslog server...

# 172.31.10.22 - 3 flags 
# nikto honeypot - fake phpmyadmin server
# Creation of the next 2 flags
# 1. Scanned server with nikto
# 2. cat access.log | grep "GET" | sed -e 's/.*\s"GET\s\///' | sed 's/\s.*//' | grep -v "?" | grep -v -e "/" -e "+" -e "=" -e "%" -e "_" -e "~" -e "-" -e "\\" > /var/www/html/fileList.txt
# 3. cat fileList.txt | sed 's/^/touch /' > script.sh
# 4. Ran the script in /var/www/html
# 5. Then added the below files manually
docker run -tid --network=net10 --name blue -p 8112:80 -p 443:80 -p 25:80 -p 8008:80 -p 10000:80 --ip=172.31.10.22 d-nikto-potv2 bash
sleep 10s
docker exec -d blue /etc/init.d/apache2 start # Starts the apache2 web server
docker exec -d blue /etc/init.d/rsyslog start
# Setup logging for the apache2 access.log

# 172.31.10.25 - 3 flags
docker create -it --network=net10 --name red -p 8111:80 --ip=172.31.10.25 d-apache2-backupv4 bash # nmap by default does not detect port 8111
docker network connect --ip=172.31.200.85 net200 red
docker start red
sleep 10s
docker exec -d red /etc/init.d/apache2 start # Starts the apache2 web server
docker exec -d red /etc/init.d/rsyslog start
# Setup logging...


echo ""
echo "Launching the DB Servers"
echo ""

#### ----------------- Launch in net20 DB-Servers---------------- ####
# MySQL Server for the Anchor CMS and Timeclock Software 0.99 (exploit-db)
# The timeclock software I rewrote the MySQL usage due to it being out-of-date...  Would not recommend...
# Make sure you backup the volume...... :)
# docker volume create db1srv_var_lib_mysql - retains the databases created or updated
# Setup logging to 172.31.20.194 for syslog
# Setup logging to 172.31.20.194 for mysql - Customized the /etc/rsyslog.conf file to log the specific /var/log/mysql-syslog.log
docker run -d --network=net20 --name db1srv --ip=172.31.20.10 -e MYSQL_ROOT_PASSWORD=anchordb -v db1srv_var_lib_mysql:/var/lib/mysql mariadbv9
docker exec -d db1srv rm /run/rsyslogd.pid
sleep 10s
docker exec -d db1srv /etc/init.d/rsyslog start
# After it loads the 1st time check docker logs db1srv | grep GENERATE for the new root password
# Then docker exec -it db1srv mysql -uroot -p # and login to the database with the new root password
# Then you can ALTER USER 'root'@'localhost' IDENTIFIED BY 'password';



docker run -tid --network=net20 --name utah --ip=172.31.20.44 d-initial bash


echo ""
echo "Launching the Administrators subnet"
echo ""

#### ----------------- Launch in net 30 Administrator Network -------------- ####
# Setup the users heather and larryjr that have access to the fileshares - Passwords also used on the timeclock
docker create -it --network=net30 --name two --ip=172.31.30.24 d-sambav2 bash
docker network connect --ip=172.31.200.204 net200 two
docker start two
docker exec -d two /etc/init.d/smbd start

echo ""
echo "Launching the Monitoring Subnet"
echo ""

#### ----------------- Launch in net 200 Monitoring Workstation Network -------------- ####
# Syslog Server
#docker volume create rsyslog_var_log - Creates a volume to retain the log information
# Not important to retain the rsyslog_var_log volume
# SSH is listening on port 24 on the 172.31.20.194 interface only
# Set root password to be anchor
docker create -it --network=net200 --name africa --ip=172.31.200.194 -v rsyslog_var_log:/var/log d-rsyslogv6 bash
docker network connect --ip=172.31.10.194 net10 africa
docker network connect --ip=172.31.20.194 net20 africa
# db1srv is logging syslog and mysql queries to the server...
docker network connect --ip=172.31.30.194 net30 africa
docker start africa
sleep 10s
docker exec -d africa /etc/init.d/rsyslog start # Starts the rsyslog server listening on UDP and TCP 514
docker exec -d africa /etc/init.d/ssh start     # Starts the ssh server for connections




# 
# Run the checkhealth script at the end of this script...
sleep 60s
$path/checkHealth.py

Below is a script that I built in python to maintain the docker environment and verify everything is running.  Often times, a daemon would not be running.




#!/usr/bin/python3
# Executes as a scheduled cronjob every 15 minutes...

import subprocess

f = open('/var/www/html/index.html', 'w')
f.write('')
f.write('Health Check for Docker Containers

')
f.write('Refreshed every 15 mintes...

')
f.write('Search for flags on the system.  Here is your first of 20: {{tryharder:1}}')
f.write('')
f.write('

')
### Check the apache2 service of web1srv to see if it is running...
for apacheServer in ['web1srv', 'blue', 'red']:
    result = subprocess.run(['docker', 'exec', apacheServer, '/etc/init.d/apache2', 'status'], stdout=subprocess.PIPE)
    result = result.stdout.decode('utf-8').strip()
    if "* apache2 is running" == result:
        f.write('
')
        f.write(apacheServer + ' apache2 is Online and Working')
        f.write('
')
    else:
        f.write('
')
        f.write(apacheServer + ' apache2 is Broken and Not Working - Trying to start the apache2 server...')
        f.write('
')
        resultTry = subprocess.run(['docker', 'exec', '-d', apacheServer, '/etc/init.d/apache2', 'start'], stdout=subprocess.PIPE)
        resultTry = resultTry.stdout.decode('utf-8').strip()
        if "* apache2 is running" == result:
            f.write('
')
            f.write(apacheServer + ' apache2 is Online and Working - After Starting...')
            f.write('
')
        else:
            f.write('
')
            f.write(apacheServer + ' apache2 is Broken with something Fatal... Restart VM and try again...')
            f.write('
')
    

for syslogServer in ['web1srv', 'blue', 'red', 'db1srv', 'africa']:
    result = subprocess.run(['docker', 'exec', syslogServer, '/etc/init.d/rsyslog', 'status'], stdout=subprocess.PIPE)
    result = result.stdout.decode('utf-8').strip()
    if "* rsyslogd is running" == result:
        f.write('
')
        f.write(syslogServer + ' rsyslog is Online and Working')
        f.write('
')
    else:
        f.write('
')
        f.write(syslogServer + ' rsyslog is Broken and Not Working - Trying to start the rsyslog server...')
        f.write('
')
        resultTry = subprocess.run(['docker', 'exec', '-d', syslogServer, '/etc/init.d/rsyslog', 'start'], stdout=subprocess.PIPE)
        resultTry = resultTry.stdout.decode('utf-8').strip()
        if "* rsyslogd is running" == result:
            f.write('
')
            f.write(syslogServer + ' rsyslog is Online and Working - After Starting...')
            f.write('
')
        else:
            f.write('
')
            f.write(syslogServer + ' rsyslog is Broken with something Fatal... Restart VM and try again...')
            f.write('
')
    

for sshServer in ['africa']:
    result = subprocess.run(['docker', 'exec', sshServer, '/etc/init.d/ssh', 'status'], stdout=subprocess.PIPE)
    result = result.stdout.decode('utf-8').strip()
    if "* sshd is running" == result:
        f.write('
')
        f.write(sshServer + ' ssh is Online and Working')
        f.write('
')
    else:
        f.write('
')
        f.write(sshServer + ' ssh is Broken and Not Working - Trying to start the rsyslog server...')
        f.write('
')
        resultTry = subprocess.run(['docker', 'exec', '-d', sshServer, '/etc/init.d/ssh', 'start'], stdout=subprocess.PIPE)
        resultTry = resultTry.stdout.decode('utf-8').strip()
        if "* sshd is running" == result:
            f.write('
')
            f.write(sshServer + ' ssh is Online and Working - After Starting...')
            f.write('
')
        else:
            f.write('
')
            f.write(sshServer + ' ssh is Broken with something Fatal... Restart VM and try again...')
            f.write('
')
    

for smbServer in ['two']:
    result = subprocess.run(['docker', 'exec', smbServer, '/etc/init.d/smbd', 'status'], stdout=subprocess.PIPE)
    result = result.stdout.decode('utf-8').strip()
    if "* smbd is running" == result:
        f.write('
')
        f.write(smbServer + ' smb is Online and Working')
        f.write('
')
    else:
        f.write('
')
        f.write(smbServer + ' smb is Broken and Not Working - Trying to start the rsyslog server...')
        f.write('
')
        resultTry = subprocess.run(['docker', 'exec', '-d', smbServer, '/etc/init.d/smbd', 'start'], stdout=subprocess.PIPE)
        resultTry = resultTry.stdout.decode('utf-8').strip()
        if "* smb is running" == result:
            f.write('
')
            f.write(smbServer + ' smb is Online and Working - After Starting...')
            f.write('
')
        else:
            f.write('
')
            f.write(smbServer + ' smb is Broken with something Fatal... Restart VM and try again...')
            f.write('
')
    











f.write('')
f.close()

Here is a quick script I wrote to save the docker images that I created.




#!/bin/bash

for i in d-anchor-cmsv12 d-nikto-potv2 d-apache2-backupv4 mariadbv9 d-initial d-sambav2 d-rsyslogv6
do
 docker save --output $i.tar $i
done





at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Test Authentication from Linux Console using python3 pexpect

Working with the IT420 lab, you will discover that we need to discover a vulnerable user account.  The following python3 script uses the pex...