mirror of
https://github.com/hackerschoice/segfault.git
synced 2024-06-29 18:21:22 +00:00
3.3c
This commit is contained in:
parent
833a3d9d79
commit
67a64bcc53
10
Makefile
10
Makefile
@ -1,4 +1,4 @@
|
||||
VER := 0.3.3
|
||||
VER := 0.3.3c
|
||||
|
||||
all:
|
||||
make -C guest
|
||||
@ -21,6 +21,14 @@ FILES_GUEST += "segfault-$(VER)/guest/fs-root/sf/bin/sf-motd.sh"
|
||||
FILES_GUEST += "segfault-$(VER)/guest/fs-root/sf/bin/sf-setup.sh"
|
||||
FILES_GUEST += "segfault-$(VER)/guest/fs-root/etc/rc.local-example"
|
||||
FILES_GUEST += "segfault-$(VER)/guest/fs-root/etc/vim/vimrc.local"
|
||||
FILES_GUEST += "segfault-$(VER)/guest/fs-root/usr/share/www/pelicanconf.py"
|
||||
FILES_GUEST += "segfault-$(VER)/guest/fs-root/usr/share/www/tasks.py"
|
||||
FILES_GUEST += "segfault-$(VER)/guest/fs-root/usr/share/www/Makefile"
|
||||
FILES_GUEST += "segfault-$(VER)/guest/fs-root/usr/share/www/content/Articles/hello.md"
|
||||
FILES_GUEST += "segfault-$(VER)/guest/fs-root/usr/share/www/content/Articles/world.md"
|
||||
FILES_GUEST += "segfault-$(VER)/guest/fs-root/usr/share/www/content/pages/mydw.md"
|
||||
FILES_GUEST += "segfault-$(VER)/guest/fs-root/usr/share/www/content/pages/about.md"
|
||||
FILES_GUEST += "segfault-$(VER)/guest/fs-root/usr/share/www/content/images"
|
||||
|
||||
FILES_HOST += "segfault-$(VER)/host/Dockerfile"
|
||||
FILES_HOST += "segfault-$(VER)/host/Makefile"
|
||||
|
@ -114,6 +114,7 @@ services:
|
||||
depends_on:
|
||||
- dnsmasq
|
||||
- sf-redis
|
||||
- router
|
||||
dns: 172.20.0.53
|
||||
cap_add:
|
||||
- NET_ADMIN #required
|
||||
@ -146,6 +147,7 @@ services:
|
||||
depends_on:
|
||||
- dnsmasq
|
||||
- sf-redis
|
||||
- router
|
||||
dns: 172.20.0.53
|
||||
cap_add:
|
||||
- NET_ADMIN #required
|
||||
@ -178,6 +180,7 @@ services:
|
||||
depends_on:
|
||||
- dnsmasq
|
||||
- sf-redis
|
||||
- router
|
||||
dns: 172.20.0.53
|
||||
cap_add:
|
||||
- NET_ADMIN #required
|
||||
@ -226,6 +229,7 @@ services:
|
||||
- net.ipv4.conf.all.rp_filter=2
|
||||
ports:
|
||||
- "${SF_SSH_PORT:-22}:22"
|
||||
- "${SF_SSH_PORT2:-443}:22"
|
||||
environment:
|
||||
- SF_DEBUG
|
||||
- SF_MAXOUT
|
||||
|
@ -26,7 +26,12 @@ xmkdir()
|
||||
[[ -d "$1" ]] && return
|
||||
# Odd occasion when no EncFS is running but kernel still has a stale mountpoint
|
||||
# mountpoint: everyone-root: Transport endpoint is not connected
|
||||
fusermount -zu "$1" 2>/dev/null
|
||||
# If EncFS died then a stale mount point might exist.
|
||||
# -d/-e/-f all fail (Transport endpoint is not connected)
|
||||
# Force an unmount if it's not a directory.
|
||||
# After unmounting check again if it's a directory (it should be!)
|
||||
fusermount -zu "${1}" 2>/dev/null && [[ -d "$1" ]] && return
|
||||
|
||||
mkdir "$1"
|
||||
}
|
||||
|
||||
@ -58,6 +63,7 @@ encfs_mount()
|
||||
return 255
|
||||
}
|
||||
|
||||
|
||||
xmkdir "${secdir}" || return 255
|
||||
xmkdir "${rawdir}" || return 255
|
||||
|
||||
|
@ -234,12 +234,16 @@ remport_provider()
|
||||
cmd_remport()
|
||||
{
|
||||
local lid
|
||||
lid="$1"
|
||||
local c_ipports
|
||||
local n_ipports
|
||||
local m_ipports
|
||||
local provider
|
||||
local selfdir
|
||||
lid="$1"
|
||||
selfdir="/config/self-for-guest/lg-${lid}"
|
||||
|
||||
# Remove files from instance
|
||||
rm -f "${selfdir}/reverse_ip" "${selfdir}/reverse_port" 2>/dev/null
|
||||
# Remove routing
|
||||
# -> Dont need to. There is no harm leaving it.
|
||||
|
||||
|
@ -3,7 +3,7 @@ FROM kalilinux/kali-rolling
|
||||
WORKDIR /root/
|
||||
|
||||
# Valid options are:
|
||||
# MINI BASE DEVEL NET HACK LARGE HUGE ALL
|
||||
# MINI BASE DEVEL NET WEB HACK LARGE HUGE ALL
|
||||
# SF_PACKAGES=ALL make
|
||||
# Default is "MINI BASE NET" (see pkg-install.sh)
|
||||
ARG SF_PACKAGES
|
||||
@ -29,8 +29,10 @@ RUN apt-get update -y \
|
||||
bc \
|
||||
bsdmainutils \
|
||||
dos2unix \
|
||||
file \
|
||||
less \
|
||||
openssh-sftp-server \
|
||||
python3-pip \
|
||||
screen \
|
||||
sharutils \
|
||||
tmux \
|
||||
@ -146,7 +148,9 @@ RUN apt-get update -y \
|
||||
ruby \
|
||||
x11-apps \
|
||||
&& /pkg-install.sh HUGE go install -v github.com/projectdiscovery/uncover/cmd/uncover@latest \
|
||||
&& /pkg-install.sh LARGE pip install --pre scapy[basic] \
|
||||
&& /pkg-install.sh LARGE pip install --pre 'scapy[basic]' \
|
||||
&& /pkg-install.sh WEB pip install \
|
||||
'pelican[Markdown]' \
|
||||
&& /pkg-install.sh LARGE pip install \
|
||||
git-dumper \
|
||||
ipython \
|
||||
|
@ -1,3 +1,3 @@
|
||||
all: Dockerfile
|
||||
docker build --build-arg SF_PACKAGES=$(SF_PACKAGES) -t sf-guest .
|
||||
docker build --build-arg SF_PACKAGES="$(SF_PACKAGES)" -t sf-guest .
|
||||
|
||||
|
@ -103,6 +103,12 @@ setup()
|
||||
xmkdir /sec/usr/sbin
|
||||
xmkdir /sec/usr/share
|
||||
|
||||
# Copy Pelican www
|
||||
[[ ! -d /sec/www ]] && {
|
||||
cp -a /usr/share/www /sec
|
||||
sed "s/^SITEURL.*/SITEURL = '\/${SF_HOSTNAME,,}'/" -i /sec/www/pelicanconf.py
|
||||
}
|
||||
|
||||
# Setup rc.local (if not exist) and execute rc.local
|
||||
[[ ! -f /sec/usr/etc/rc.local ]] && setup_rclocal
|
||||
/bin/bash /sec/usr/etc/rc.local
|
||||
|
@ -30,7 +30,11 @@ chown root:root /etc /etc/profile.d /etc/profile.d/segfault.sh && \
|
||||
chmod 755 /usr /etc /etc/profile.d && \
|
||||
chmod 644 /etc/profile.d/segfault.sh && \
|
||||
chmod 644 /etc/shellrc /etc/zsh_command_not_found /etc/zsh_profile && \
|
||||
find /usr/share/www -type f -exec chmod 644 {} \; && \
|
||||
find /usr/share/www -type d -exec chmod 755 {} \; && \
|
||||
ln -s batcat /usr/bin/bat && \
|
||||
ln -s /sf/bin/sf-motd.sh /usr/bin/motd && \
|
||||
ln -s /sf/bin/sf-motd.sh /usr/bin/help && \
|
||||
echo DONE && exit 0
|
||||
|
||||
exit 254
|
||||
|
@ -287,12 +287,12 @@ print_goodbye()
|
||||
n="$(bash -c "docker exec \"lg-${LID}\" pgrep . 2>/dev/null|wc -l")"
|
||||
DEBUGF "Processes running: $n"
|
||||
if [[ "$n" -gt 2 ]]; then
|
||||
echo -e "Number of processes running: ${CDY}$((n-2))${CN}"
|
||||
# echo -e "Number of processes running: ${CDY}$((n-2))${CN}"
|
||||
# Display the running processes
|
||||
str="process is"
|
||||
[[ "$n" -gt 3 ]] && str="processes are"
|
||||
echo -e "${CY}WARNING: ${CR}$((n-2))${CY} ${str} still running:${CN}"
|
||||
exec_errnull docker exec "lg-${LID}" pgrep -v '^\[SF' -al | tail -n+2 | while read x; do p="${x%% *} "; n="${x#* }"; echo -e "${CDY}--> ${CDR}${p:0:8}${CDG}${n:0:68}${CN}"; done
|
||||
exec_errnull docker exec "lg-${LID}" pgrep -v '^\[SF' -al | tail -n+3 | while read x; do p="${x%% *} "; n="${x#* }"; echo -e "${CDY}--> ${CDR}${p:0:8}${CDG}${n:0:68}${CN}"; done
|
||||
echo -e "\
|
||||
-------> The encrypted filesystem in /sec will remain accessible until
|
||||
-------> the last shell exits or all background processes terminate.
|
||||
@ -334,6 +334,7 @@ spawn_shell_exit()
|
||||
DEBUGF "ARG(${#})=$*"
|
||||
|
||||
# Update current IP:
|
||||
touch "/config/self-for-guest/lg-${LID}/THIS-DIRECTORY-IS-IN-MEMORY-ONLY"
|
||||
tofile "${YOUR_IP}" "/config/self-for-guest/lg-${LID}/ip"
|
||||
[[ -n $YOUR_GEOIP ]] && tofile "${YOUR_GEOIP}" "/config/self-for-guest/lg-${LID}/geoip"
|
||||
|
||||
@ -687,7 +688,9 @@ echo_pty -n "...."
|
||||
# FIXME: Could write my own tiny-init that spawns itself, sleeps forever and
|
||||
# waits for child. Would save memory.
|
||||
### Start the care taker...
|
||||
xmkdir "/config/self-for-guest/lg-${LID}"
|
||||
selfdir="/config/self-for-guest/lg-${LID}"
|
||||
xmkdir "${selfdir}"
|
||||
# rm -f "${selfdir}/reverse_ip" "${selfdir}/reverse_port" # NOTE: Deleted by portd.sh
|
||||
exec_devnull docker run \
|
||||
--hostname "sf-${SF_HOSTNAME}" \
|
||||
"${DOCKER_ARGS[@]}" \
|
||||
|
@ -3,6 +3,7 @@ SF_BASEDIR=${HOME}/segfault
|
||||
## Status information between containers is exchanged via _SHMDIR/run
|
||||
#SF_SHMDIR=/dev/shm/sf
|
||||
#SF_SSH_PORT=22
|
||||
#SF_SSH_PORT2=443
|
||||
#SF_DEBUG=1
|
||||
#SF_USER=root
|
||||
#SF_USER_PASSWORD=segfault
|
||||
|
@ -1,17 +1,18 @@
|
||||
FROM ubuntu:22.04
|
||||
RUN apt-get update \
|
||||
&& apt-get install -y --no-install-recommends curl \
|
||||
wget \
|
||||
curl \
|
||||
ca-certificates \
|
||||
net-tools \
|
||||
curl \
|
||||
fping \
|
||||
inetutils-ping \
|
||||
netcat \
|
||||
iptables \
|
||||
iproute2 \
|
||||
iperf \
|
||||
net-tools \
|
||||
netcat \
|
||||
tcpdump \
|
||||
fping \
|
||||
wget \
|
||||
vim \
|
||||
&& rm -rf /var/lib/apt/lists/*
|
||||
|
||||
COPY tc.sh init.sh fix-network.sh /
|
||||
|
@ -55,7 +55,6 @@ init_revport()
|
||||
{
|
||||
[[ -n $IS_REVPORT_INIT ]] && return
|
||||
IS_REVPORT_INIT=1
|
||||
# -----BEGIN REVERSE CONNECTION-----
|
||||
### Create routing tables for reverse connection and when multipath routing is used:
|
||||
# We are using multipath routing _and_ reverse port forwarding from the VPN Provider.
|
||||
# See Cryptostorm's http://10.31.33.7/fwd as an example:
|
||||
@ -88,6 +87,8 @@ init_revport()
|
||||
done
|
||||
iptables -A PREROUTING -t mangle -i "${DEV_GW}" -j CONNMARK --save-mark
|
||||
|
||||
echo -e >&2 "[$(date '+%F %T' -u)] RevPort set up for 172.20.0.[${ips[@]}]"
|
||||
|
||||
# Route return traffic back to VPN-GW the packet came in from.
|
||||
# Every return packet is marked (11nnn). If it is marked (e.g. it is a return packet)
|
||||
# then also mark it as 12nnn. Then use customer routing rule for all packets
|
||||
@ -104,8 +105,6 @@ init_revport()
|
||||
ip rule add fwmark "12${n}" table "8${n}"
|
||||
ip route add default via "172.20.0.${n}" dev ${DEV_GW} table "8${n}"
|
||||
done
|
||||
|
||||
# -----END REVERSE CONNECTION-----
|
||||
}
|
||||
|
||||
use_vpn()
|
||||
@ -150,10 +149,9 @@ use_tor()
|
||||
|
||||
monitor_failover()
|
||||
{
|
||||
# ts=$(date +%s)
|
||||
local status_sha
|
||||
|
||||
|
||||
# FIXME: use redis here instead of polling
|
||||
while :; do
|
||||
bash -c "exec -a '[sleep router failover]' sleep 1"
|
||||
sha="$(sha256sum /config/guest/vpn_status 2>/dev/null)"
|
||||
@ -169,6 +167,10 @@ monitor_failover()
|
||||
done
|
||||
}
|
||||
|
||||
|
||||
# Delete old vpn_status
|
||||
[[ -f /config/guest/vpn_status ]] && rm -f /config/guest/vpn_status
|
||||
|
||||
DEV_I22="$(devbyip 172.28.0. eth0)"
|
||||
DEV="$(devbyip 10.11. eth1)"
|
||||
DEV_SSHD="$(devbyip 172.22.0. eth2)"
|
||||
@ -227,8 +229,6 @@ iptables -t nat -A POSTROUTING -s 172.28.0.1 -o ${DEV_SSHD} -j MASQUERADE && \
|
||||
iptables -A PREROUTING -i ${DEV_SSHD} -t mangle -p tcp -s 172.22.0.21 -j MARK --set-mark 22
|
||||
# -----END GSNC traffic is routed via Internet----
|
||||
|
||||
|
||||
|
||||
ifconfig "$DEV" 10.11.0.1/16 && \
|
||||
# MASQ all traffic because the VPN/TOR instances dont know the route back
|
||||
# to sf-guest (10.11.0.0/16).
|
||||
|
Loading…
Reference in New Issue
Block a user