本文以xshell进行远程控制
1.以ssh连接云服务器
ssh 服务器名@公网ip[D:\~]$ ssh root@47.99.138.9在弹框中输入密码
2.安装docker
curl -s http://get.docker.com/ | shroot@iZbp1fm14idjlfp53akni8Z:~# curl -s https://get.docker.com/ | sh
# Executing docker install script, commit: 6d9743e9656cc56f699a64800b098d5ea5a60020
+ sh -c apt-get update -qq >/dev/null
+ sh -c DEBIAN_FRONTEND=noninteractive apt-get install -y -qq apt-transport-https ca-certificates curl >/dev/null
+ sh -c install -m 0755 -d /etc/apt/keyrings
+ sh -c curl -fsSL "https://download.docker.com/linux/ubuntu/gpg" -o /etc/apt/keyrings/docker.asc
+ sh -c chmod a+r /etc/apt/keyrings/docker.asc
+ sh -c echo "deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu jammy stable" > /etc/apt/sources.list.d/docker.list
+ sh -c apt-get update -qq >/dev/null
+ sh -c DEBIAN_FRONTEND=noninteractive apt-get install -y -qq docker-ce docker-ce-cli containerd.io docker-compose-plugin docker-ce-rootless-extras docker-buildx-plugin >/dev/null
+ sh -c docker version
Client: Docker Engine - CommunityVersion: 26.1.3API version: 1.45Go version: go1.21.10Git commit: b72abbbBuilt: Thu May 16 08:33:29 2024OS/Arch: linux/amd64Context: defaultServer: Docker Engine - CommunityEngine:Version: 26.1.3API version: 1.45 (minimum version 1.24)Go version: go1.21.10Git commit: 8e96db1Built: Thu May 16 08:33:29 2024OS/Arch: linux/amd64Experimental: falsecontainerd:Version: 1.6.32GitCommit: 8b3b7ca2e5ce38e8f31a34f35b2b68ceb8470d89runc:Version: 1.1.12GitCommit: v1.1.12-0-g51d5e94docker-init:Version: 0.19.0GitCommit: de40ad0================================================================================To run Docker as a non-privileged user, consider setting up the
Docker daemon in rootless mode for your user:dockerd-rootless-setuptool.sh installVisit https://docs.docker.com/go/rootless/ to learn about rootless mode.To run the Docker daemon as a fully privileged service, but granting non-root
users access, refer to https://docs.docker.com/go/daemon-access/WARNING: Access to the remote API on a privileged Docker daemon is equivalentto root access on the host. Refer to the 'Docker daemon attack surface'documentation for details: https://docs.docker.com/go/attack-surface/================================================================================
3.运行systemctl服务
systemctl start dockerroot@iZbp1fm14idjlfp53akni8Z:~# systemctl start docker4.下载vulhub
wget https://github.com/vulhub/vulhub/archive/master.zip -o vulhub-master.zip
root@iZbp1fm14idjlfp53akni8Z:~# wget https://github.com/vulhub/vulhub/archive/master.zip -o vulhub-master.zip
5.解压master.zip
unzip master.ziproot@iZbp1fm14idjlfp53akni8Z:~# unzip master.zip
若unzip找不到先用apt install unzip下载unzip
root@iZbp1fm14idjlfp53akni8Z:~# unzip vulhub-master.zip
Command 'unzip' not found, but can be installed with:
apt install unzip
root@iZbp1fm14idjlfp53akni8Z:~# apt install unzip
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Suggested packages:zip
The following NEW packages will be installed:unzip
0 upgraded, 1 newly installed, 0 to remove and 240 not upgraded.
Need to get 175 kB of archives.
After this operation, 386 kB of additional disk space will be used.
Get:1 http://mirrors.cloud.aliyuncs.com/ubuntu jammy-updates/main amd64 unzip amd64 6.0-26ubuntu3.2 [175 kB]
Fetched 175 kB in 0s (4,798 kB/s)
Selecting previously unselected package unzip.
(Reading database ... 80607 files and directories currently installed.)
Preparing to unpack .../unzip_6.0-26ubuntu3.2_amd64.deb ...
Unpacking unzip (6.0-26ubuntu3.2) ...
Setting up unzip (6.0-26ubuntu3.2) ...
Processing triggers for man-db (2.10.2-1) ...
Scanning processes...
Scanning linux images... Running kernel seems to be up-to-date.No services need to be restarted.No containers need to be restarted.No user sessions are running outdated binaries.No VM guests are running outdated hypervisor (qemu) binaries on this host.
到此以全部下载完成,以下为应用实例
6.进入vulhub-master文件夹
cd vulhub-masterroot@iZbp1fm14idjlfp53akni8Z:~# cd vulhub-master/7.展示所有文件
lsroot@iZbp1fm14idjlfp53akni8Z:~/vulhub-master# ls
activemq h2database opentsdb
adminer hadoop pdfjs
airflow httpd pgadmin
aj-report imagemagick php
apache-druid influxdb phpmailer
apereo-cas jackson phpmyadmin
apisix java phpunit
appweb jboss polkit
aria2 jeecg-boot postgres
base jenkins python
bash jetty rails
cacti jimureport README.md
celery jira README.zh-cn.md
cgi jmeter redis
cmsms joomla rocketchat
coldfusion jumpserver rocketmq
confluence jupyter rsync
contributors.md kafka ruby
contributors.zh-cn.md kibana saltstack
couchdb kkfileview samba
discuz laravel scrapy
django librsvg shiro
dns libssh showdoc
docker LICENSE skywalking
drupal liferay-portal solr
dubbo log4j spark
ecshop magento spring
elasticsearch metabase struts2
electron metersphere supervisor
elfinder mini_httpd teamcity
environments.toml minio tests
fastjson mojarra thinkphp
ffmpeg mongo-express tikiwiki
flask mysql tomcat
flink nacos unomi
geoserver neo4j uwsgi
ghostscript nexus v2board
git nginx weblogic
gitea node webmin
gitlab ntopng wordpress
gitlist ofbiz xstream
glassfish openfire xxl-job
goahead opensmtpd yapi
gogs openssh zabbix
grafana openssl
8.这里以thinkphp为例进行演示
进入thinkphp文件夹
root@iZbp1fm14idjlfp53akni8Z:~/vulhub-master# cd thinkphp查看所有文件
root@iZbp1fm14idjlfp53akni8Z:~/vulhub-master/thinkphp# ls
2-rce 5.0.23-rce 5-rce in-sqlinjection lang-rce
进入5.0.23-rce
root@iZbp1fm14idjlfp53akni8Z:~/vulhub-master/thinkphp# cd 5.0.23-rce
重新构建容器的镜像
docker compose buildroot@iZbp1fm14idjlfp53akni8Z:~/vulhub-master/thinkphp/5.0.23-rce# docker compose build
WARN[0000] /root/vulhub-master/thinkphp/5.0.23-rce/docker-compose.yml: `version` is obsolete
启动已定义在docker-compose.yml文件中的服务容器,并以守护进程的方式在后台运行。
docker compose up -droot@iZbp1fm14idjlfp53akni8Z:~/vulhub-master/thinkphp/5.0.23-rce# docker compose up -d
WARN[0000] /root/vulhub-master/thinkphp/5.0.23-rce/docker-compose.yml: `version` is obsolete
[+] Running 19/1✔ web Pulled 21.2s
[+] Running 2/2✔ Network 5023-rce_default Created 0.1s ✔ Container 5023-rce-web-1 Started 0.8s
查看端口号
root@iZbp1fm14idjlfp53akni8Z:~/vulhub-master/thinkphp/5.0.23-rce# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
194393918b40 vulhub/thinkphp:5.0.23 "docker-php-entrypoi…" 10 seconds ago Up 8 seconds 0.0.0.0:8080->80/tcp, :::8080->80/tcp 5023-rce-web-1
端口号为8080
用公网ip进行访问
https://github.com/vulhub/vulhub?tab=readme-ov-file
https://vulhub.org/#/docs/
彩蛋:
查询dvwa
root@iZbp1fm14idjlfp53akni8Z:~/vulhub-master/thinkphp/5.0.23-rce# docker search dvwa
NAME DESCRIPTION STARS OFFICIAL
sagikazarmark/dvwa DVWA (Damn Vulnerable Web Application) Docke… 28
cytopia/dvwa DVWA (Damn Vulnerable Web Application) with … 17
astronaut1712/dvwa Docker for DVWA LAB: https://github.com/Rand… 5
citizenstig/dvwa Docker container for Damn Vulnerable Web App… 73
cyberxsecurity/dvwa 2
santosomar/dvwa DVWA Container for Cybersecurity Training 2
infoslack/dvwa 11
c0ny1/dvwa dvwa镜像 0
scotty2hotty/dvwa 0
pmuench/dvwa-container-escape DVWA with CVE-2021-4034 for Demo 0
howiehowerton/dvwa-howie 0
mlinarik/dvwa 0
imfht/dvwa-nologin dvwa without login 1
adrianaues/dvwa-esagent cytopia/dvwa with ES Agent pre-installed 0
kaakaww/dvwa-docker DVWA. No setup needed, just log in. Built fr… 2
vladvantaroo/dvwa just dvwa 0
frez0234/dvwa 0
rajvanshi/dvwa 0
utspark/dvwa_frontend 3
waiyanwinhtain/dvwa 0
bennalp/dvwa 0
acgpiano/dvwa latest dvwa 2
qeaccelerators/dvwa_app_dockerized 0
vulfocus/dvwa 0
rbenavente/dvwa-fargate 0
查询upload-labs
root@iZbp1fm14idjlfp53akni8Z:~/vulhub-master/thinkphp/5.0.23-rce# docker sea
rch upload-labs
NAME DESCRIPTION STARS OFFICIAL
c0ny1/upload-labs upload-labs靶场docker镜像 16
cuer/upload-labs upload-labs 文件上传靶场 0
monstertsl/upload-labs upload-labs靶场镜像,并修复了一些不足! 1
glzjin/upload-labs 0
tanyiqu/upload-labs 0
gfattf1/upload-labs File upload vulnerability 0
flalucifer/upload-labs 0
hominsu/upload-labs upload-labs pre-built docker environments, s… 0
tavenli/upload-labs 靶机 upload-labs 0
anthem9/upload-labs 0
drunkbamboo/upload-labs upload-labs for test 0
8evan8/upload-labs 修复c0ny1的pass-03,pass-04上传失败 0
tuyiqiang/upload-labs 0
dockerpentest/upload-labs-kr Upload-labs for Korean. Forked from github.c… 0
howhacker/upload-labs upload-labs靶场 0
745184472/upload-labs upload-labs 0
1518299439/upload-labs21 0
flalucifer/upload-labs-bases 0
caketi/upload-labs 0
alexanso/upload-labs 0
wxixw/upload-labs 0
spaceskynet/upload-labs 0
81286980/upload-labs-test 0
vulshare/upload-labs 0
nudttan91/upload-labs 0
![[线程与网络] 网络编程与通信原理(四):深入理解传输层UDP与TCP协议](https://img-blog.csdnimg.cn/direct/3a41e241be564076ad17c44734cb7f6d.png)
