mirror of
https://github.com/hackerschoice/segfault.git
synced 2024-06-29 18:21:22 +00:00
compose-n8mare
This commit is contained in:
parent
80d85b5528
commit
cb925b32ca
@ -1,25 +1,71 @@
|
||||
version: "3.1"
|
||||
services:
|
||||
dns-doh:
|
||||
container_name: cloudflared
|
||||
image: crazymax/cloudflared
|
||||
restart: always
|
||||
networks:
|
||||
- dns
|
||||
dns-doh:
|
||||
container_name: cloudflared
|
||||
image: crazymax/cloudflared
|
||||
restart: always
|
||||
networks:
|
||||
dns-doh-net:
|
||||
ipv4_address: 172.23.0.2
|
||||
|
||||
dnsmasq:
|
||||
container_name: dnsmasq
|
||||
image: 4km3/dnsmasq:2.85-r2
|
||||
cap_add:
|
||||
- NET_ADMIN
|
||||
command: ["--no-resolv", "--domain-needed", "--server=172.18.0.2#5053"]
|
||||
ports:
|
||||
- "53:53/udp"
|
||||
networks:
|
||||
- dns
|
||||
restart: always
|
||||
depends_on:
|
||||
- dns-doh
|
||||
dnsmasq:
|
||||
container_name: dnsmasq
|
||||
image: 4km3/dnsmasq:2.85-r2
|
||||
cap_add:
|
||||
- NET_ADMIN
|
||||
command: ["--no-resolv", "--domain-needed", "--server=172.23.0.2#5053"]
|
||||
networks:
|
||||
dns-doh-net:
|
||||
ipv4_address: 172.23.0.3
|
||||
guest-net:
|
||||
ipv4_address: 172.24.0.2
|
||||
restart: always
|
||||
depends_on:
|
||||
- dns-doh
|
||||
|
||||
tor:
|
||||
image: osminogin/tor-simple
|
||||
networks:
|
||||
guest-net:
|
||||
ipv4_address: 172.24.0.4
|
||||
restart: always
|
||||
dns: 172.24.0.2
|
||||
depends_on:
|
||||
- dnsmasq
|
||||
|
||||
l0pht:
|
||||
container_name: l0pht-host
|
||||
build: host
|
||||
depends_on:
|
||||
- dnsmasq
|
||||
restart: always
|
||||
dns: 255.255.255.255
|
||||
ports:
|
||||
- "2222:2222"
|
||||
volumes:
|
||||
- "~/l0pht/cfg/etc/ssh:/etc/ssh/l0pht:ro"
|
||||
- "/var/run/docker.sock:/var/run/docker.sock"
|
||||
|
||||
# init: true
|
||||
# secrets:
|
||||
|
||||
# volumes:
|
||||
# guest-data:
|
||||
# type: bind
|
||||
# - driver: local
|
||||
# device: ~/research/l0pht/guest/l0pht-guest
|
||||
# external: true
|
||||
|
||||
networks:
|
||||
dns:
|
||||
dns-doh-net:
|
||||
driver: bridge
|
||||
ipam:
|
||||
config:
|
||||
- subnet: 172.23.0.0/24
|
||||
|
||||
guest-net:
|
||||
driver: bridge
|
||||
ipam:
|
||||
config:
|
||||
- subnet: 172.24.0.0/24
|
||||
|
||||
|
@ -5,7 +5,7 @@ CG="\033[1;32m" # green
|
||||
CR="\033[1;31m" # red
|
||||
CC="\033[1;36m" # cyan
|
||||
CM="\033[1;35m" # magenta
|
||||
CW="\033[1;37m" # magenta
|
||||
CW="\033[1;37m" # white
|
||||
CF="\033[2m" # faint
|
||||
CN="\033[0m" # none
|
||||
|
||||
@ -27,6 +27,8 @@ source "${BASEDIR}/config"
|
||||
[[ -z $IS_VPN_CONNECTED ]] && VPN_DST="${CR}NOT CONNECTED${CN}" || VPN_DST="${CDG}${VPN_COUNTRY:-UNKNOWN}${CN}"
|
||||
|
||||
echo -e "VPN connected to: ${VPN_DST}"
|
||||
echo -e "DNS-SEC : ${CG}ENABLED${CN}"
|
||||
echo -e "DNS over HTTPS : ${CDG}Cloudflare${CN}"
|
||||
echo -e "TOR Proxy : ${CDG}172.24.0.4:9050${CN}"
|
||||
echo -e "Connect with : ${CDC}ssh -o \"SetEnv LID=${LID}\" user@${L0PHT_SERVER_DIRECT:-UNKNOWN}${CN}"
|
||||
echo -e "Non-Root : ${CDC}su user && cd${CN}"
|
||||
echo -e "Non-Root : ${CDC}su user${CN}"
|
||||
echo -e "${CW}Join us on Telegram: https://t.me/thcorg${CN}"
|
||||
|
@ -1,7 +1,7 @@
|
||||
FROM alpine:latest
|
||||
|
||||
ENV LUSER=user
|
||||
ENV LGUESTDIR=/usr/local/l0pht-guest
|
||||
ENV LGUESTDIR=/research/l0pht/guest/l0pht-guest
|
||||
|
||||
RUN \
|
||||
apk add --no-cache --upgrade && \
|
||||
@ -18,19 +18,3 @@ RUN /tmp/setup.sh && \
|
||||
|
||||
CMD ["/bin/docker_sshd.sh"]
|
||||
|
||||
# FROM ghcr.io/linuxserver/baseimage-alpine:3.14
|
||||
|
||||
# RUN \
|
||||
# echo "**** install runtime packages ****" && \
|
||||
# apk add --no-cache --upgrade && \
|
||||
# apk add --no-cache \
|
||||
# docker-cli \
|
||||
# openssh-server && \
|
||||
# sed -i 's/#PermitEmptyPasswords no/PermitEmptyPasswords yes/g' /etc/ssh/sshd_config && \
|
||||
# userdel abc && \
|
||||
# echo "/bin/l0phtsh" >>/etc/shells && \
|
||||
# adduser -D user -s /bin/l0phtsh && \
|
||||
# usermod -p "" user && \
|
||||
# echo DONE
|
||||
|
||||
# COPY /fs-root/ /
|
||||
|
@ -9,7 +9,7 @@ start docker with the additional '-v' option below:
|
||||
|
||||
mkdir -p ~/l0pht/cfg/etc/ssh && ssh-keygen -A ~/l0pht/cfg && \\
|
||||
docker run --r -p 22:2222 -v /var/run/docker.sock:/var/run/docker.sock \\
|
||||
-v ~/l0pht/etc/ssh:/etc/ssh/l0pht:ro \\
|
||||
-v ~/l0pht/cfg/etc/ssh:/etc/ssh/l0pht:ro \\
|
||||
--name l0pht-host -it l0pth-host"
|
||||
exit 255
|
||||
}
|
||||
@ -20,10 +20,7 @@ docker run --r -p 22:2222 -v /var/run/docker.sock:/var/run/docker.sock \\
|
||||
[[ ! -e /var/run/docker.sock ]] && { echo "Not found: /var/run/docker.sock"; echo "Try -v -v /var/run/docker.sock:/var/run/docker.sock"; exit 255; }
|
||||
echo "docker:x:$(stat -c %g /var/run/docker.sock):${LUSER}" >>/etc/group && \
|
||||
chmod 770 /var/run/docker.sock && \
|
||||
# SSHD clears all the environment. We need to pass the location of the 'l0pht-guest'
|
||||
# directory of the outter most host to the guest-shell.
|
||||
echo 'LGUESTDIR="'"${LGUESTDIR}"'"' >/tmp/lguestdir.txt
|
||||
/usr/sbin/sshd -p 2222
|
||||
/usr/sbin/sshd -u0 -p 2222
|
||||
|
||||
exec sleep infinite
|
||||
|
||||
|
@ -1,17 +1,11 @@
|
||||
#! /bin/bash -r
|
||||
|
||||
# This is called by SSHD inside L0PHT-HOST docker.
|
||||
# Redirects not allowed in restricted shells. Execute tty in unrestricted shell
|
||||
# (one day a clever hacker will exploit this)
|
||||
# Find out if SSHD allocated a TTY
|
||||
# - Redirects not allowed in restricted shells.
|
||||
# - Execute `tty' in unrestricted shell (one day a clever hacker will exploit this)
|
||||
# - Set docker arguments if this is a TTY session.
|
||||
bash -c "tty >/dev/null" && { ARG="-it"; PARAM=("-il"); } || { ARG="-i"; PARAM=(); }
|
||||
# Find the server's shared l0pht-guest directory. This directory is not
|
||||
# relative to this docker's name space (e.g it does not exist in here).
|
||||
# The docker command below need to know the absolute path of that directory
|
||||
# from the calling host (because the docker command uses the docker.socket
|
||||
# from the calling host).
|
||||
eval $(grep LGUESTDIR= /tmp/lguestdir.txt| tail -n1 )
|
||||
|
||||
[[ -z $LGUESTDIR ]] && { echo "Not set: LGUESTDIR="; exit 255; }
|
||||
|
||||
# Connect to existing session
|
||||
[[ -n $LID ]] && [[ ${#LID} -eq 12 ]] && {
|
||||
@ -20,5 +14,18 @@ eval $(grep LGUESTDIR= /tmp/lguestdir.txt| tail -n1 )
|
||||
|
||||
LID="$(head -c 1024 /dev/urandom | tr -dc '[:alpha:]' | head -c 12)"
|
||||
HID="$(head -c 1024 /dev/urandom | tr -dc '[:alpha:]' | head -c 6)"
|
||||
docker run --hostname "l0pht-${HID}" --rm "$ARG" --name "lg-${LID}" --env LID="${LID}" -v "${LGUESTDIR}":/usr/local/l0pht-guest:ro l0pht-guest zsh "${PARAM[@]}" "$@"
|
||||
LVER="1.1"
|
||||
docker run \
|
||||
--hostname "l0pht-${HID}" \
|
||||
--rm \
|
||||
"$ARG" \
|
||||
--name "lg-${LID}" \
|
||||
--init \
|
||||
--net l0pht_guest-net \
|
||||
--dns 172.24.0.2 \
|
||||
--env LID="${LID}" \
|
||||
--env LVER="${LVER}" \
|
||||
--log-driver none \
|
||||
-v "l0pht_guest-data:/usr/local/l0pht-guest:ro" \
|
||||
l0pht-guest zsh "${PARAM[@]}" "$@"
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user