sad/segfault
1
0
Fork 0
mirror of https://github.com/hackerschoice/segfault.git synced 2024-06-29 18:21:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

compose-n8mare

Browse Source
This commit is contained in:
rootTHC 2022-03-08 18:15:37 +00:00
parent 80d85b5528
commit cb925b32ca
5 changed files with 92 additions and 56 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

86
docker-compose.yml
View File

@ -1,25 +1,71 @@
version: "3.1"
services:
dns-doh:
container_name: cloudflared
image: crazymax/cloudflared
restart: always
networks:
- dns
dns-doh:
container_name: cloudflared
image: crazymax/cloudflared
restart: always
networks:
dns-doh-net:
ipv4_address: 172.23.0.2
dnsmasq:
container_name: dnsmasq
image: 4km3/dnsmasq:2.85-r2
cap_add:
- NET_ADMIN
command: ["--no-resolv", "--domain-needed", "--server=172.18.0.2#5053"]
ports:
- "53:53/udp"
networks:
- dns
restart: always
depends_on:
- dns-doh
dnsmasq:
container_name: dnsmasq
image: 4km3/dnsmasq:2.85-r2
cap_add:
- NET_ADMIN
command: ["--no-resolv", "--domain-needed", "--server=172.23.0.2#5053"]
networks:
dns-doh-net:
ipv4_address: 172.23.0.3
guest-net:
ipv4_address: 172.24.0.2
restart: always
depends_on:
- dns-doh
tor:
image: osminogin/tor-simple
networks:
guest-net:
ipv4_address: 172.24.0.4
restart: always
dns: 172.24.0.2
depends_on:
- dnsmasq
l0pht:
container_name: l0pht-host
build: host
depends_on:
- dnsmasq
restart: always
dns: 255.255.255.255
ports:
- "2222:2222"
volumes:
- "~/l0pht/cfg/etc/ssh:/etc/ssh/l0pht:ro"
- "/var/run/docker.sock:/var/run/docker.sock"
# init: true
# secrets:
# volumes:
# guest-data:
# type: bind
# - driver: local
# device: ~/research/l0pht/guest/l0pht-guest
# external: true
networks:
dns:
dns-doh-net:
driver: bridge
ipam:
config:
- subnet: 172.23.0.0/24
guest-net:
driver: bridge
ipam:
config:
- subnet: 172.24.0.0/24

8
guest/l0pht-guest/bin/l0pht-motd.sh
View File

@ -5,7 +5,7 @@ CG="\033[1;32m" # green
CR="\033[1;31m" # red
CC="\033[1;36m" # cyan
CM="\033[1;35m" # magenta
CW="\033[1;37m" # magenta
CW="\033[1;37m" # white
CF="\033[2m" # faint
CN="\033[0m" # none
@ -27,6 +27,8 @@ source "${BASEDIR}/config"
[[ -z $IS_VPN_CONNECTED ]] && VPN_DST="${CR}NOT CONNECTED${CN}" || VPN_DST="${CDG}${VPN_COUNTRY:-UNKNOWN}${CN}"
echo -e "VPN connected to: ${VPN_DST}"
echo -e "DNS-SEC : ${CG}ENABLED${CN}"
echo -e "DNS over HTTPS : ${CDG}Cloudflare${CN}"
echo -e "TOR Proxy : ${CDG}172.24.0.4:9050${CN}"
echo -e "Connect with : ${CDC}ssh -o \"SetEnv LID=${LID}\" user@${L0PHT_SERVER_DIRECT:-UNKNOWN}${CN}"
echo -e "Non-Root : ${CDC}su user && cd${CN}"
echo -e "Non-Root : ${CDC}su user${CN}"
echo -e "${CW}Join us on Telegram: https://t.me/thcorg${CN}"

18
host/Dockerfile
View File

@ -1,7 +1,7 @@
FROM alpine:latest
ENV LUSER=user
ENV LGUESTDIR=/usr/local/l0pht-guest
ENV LGUESTDIR=/research/l0pht/guest/l0pht-guest
RUN \
apk add --no-cache --upgrade && \
@ -18,19 +18,3 @@ RUN /tmp/setup.sh && \
CMD ["/bin/docker_sshd.sh"]
# FROM ghcr.io/linuxserver/baseimage-alpine:3.14
# RUN \
# echo "**** install runtime packages ****" && \
# apk add --no-cache --upgrade && \
# apk add --no-cache \
# docker-cli \
# openssh-server && \
# sed -i 's/#PermitEmptyPasswords no/PermitEmptyPasswords yes/g' /etc/ssh/sshd_config && \
# userdel abc && \
# echo "/bin/l0phtsh" >>/etc/shells && \
# adduser -D user -s /bin/l0phtsh && \
# usermod -p "" user && \
# echo DONE
# COPY /fs-root/ /

7
host/fs-root/bin/docker_sshd.sh
View File

@ -9,7 +9,7 @@ start docker with the additional '-v' option below:
mkdir -p ~/l0pht/cfg/etc/ssh && ssh-keygen -A ~/l0pht/cfg && \\
docker run --r -p 22:2222 -v /var/run/docker.sock:/var/run/docker.sock \\
-v ~/l0pht/etc/ssh:/etc/ssh/l0pht:ro \\
-v ~/l0pht/cfg/etc/ssh:/etc/ssh/l0pht:ro \\
--name l0pht-host -it l0pth-host"
exit 255
}
@ -20,10 +20,7 @@ docker run --r -p 22:2222 -v /var/run/docker.sock:/var/run/docker.sock \\
[[ ! -e /var/run/docker.sock ]] && { echo "Not found: /var/run/docker.sock"; echo "Try -v -v /var/run/docker.sock:/var/run/docker.sock"; exit 255; }
echo "docker:x:$(stat -c %g /var/run/docker.sock):${LUSER}" >>/etc/group && \
chmod 770 /var/run/docker.sock && \
# SSHD clears all the environment. We need to pass the location of the 'l0pht-guest'
# directory of the outter most host to the guest-shell.
echo 'LGUESTDIR="'"${LGUESTDIR}"'"' >/tmp/lguestdir.txt
/usr/sbin/sshd -p 2222
/usr/sbin/sshd -u0 -p 2222
exec sleep infinite

29
host/fs-root/bin/l0phtsh
View File

@ -1,17 +1,11 @@
#! /bin/bash -r
# This is called by SSHD inside L0PHT-HOST docker.
# Redirects not allowed in restricted shells. Execute tty in unrestricted shell
# (one day a clever hacker will exploit this)
# Find out if SSHD allocated a TTY
# - Redirects not allowed in restricted shells.
# - Execute `tty' in unrestricted shell (one day a clever hacker will exploit this)
# - Set docker arguments if this is a TTY session.
bash -c "tty >/dev/null" && { ARG="-it"; PARAM=("-il"); } || { ARG="-i"; PARAM=(); }
# Find the server's shared l0pht-guest directory. This directory is not
# relative to this docker's name space (e.g it does not exist in here).
# The docker command below need to know the absolute path of that directory
# from the calling host (because the docker command uses the docker.socket
# from the calling host).
eval $(grep LGUESTDIR= /tmp/lguestdir.txt| tail -n1 )
[[ -z $LGUESTDIR ]] && { echo "Not set: LGUESTDIR="; exit 255; }
# Connect to existing session
[[ -n $LID ]] && [[ ${#LID} -eq 12 ]] && {
@ -20,5 +14,18 @@ eval $(grep LGUESTDIR= /tmp/lguestdir.txt| tail -n1 )
LID="$(head -c 1024 /dev/urandom | tr -dc '[:alpha:]' | head -c 12)"
HID="$(head -c 1024 /dev/urandom | tr -dc '[:alpha:]' | head -c 6)"
docker run --hostname "l0pht-${HID}" --rm "$ARG" --name "lg-${LID}" --env LID="${LID}" -v "${LGUESTDIR}":/usr/local/l0pht-guest:ro l0pht-guest zsh "${PARAM[@]}" "$@"
LVER="1.1"
docker run \
--hostname "l0pht-${HID}" \
--rm \
"$ARG" \
--name "lg-${LID}" \
--init \
--net l0pht_guest-net \
--dns 172.24.0.2 \
--env LID="${LID}" \
--env LVER="${LVER}" \
--log-driver none \
-v "l0pht_guest-data:/usr/local/l0pht-guest:ro" \
l0pht-guest zsh "${PARAM[@]}" "$@"