一键代码:
curl https://files-cdn.cnblogs.com/files/kagari/sqli-labs.sh|bash
https://files-cdn.cnblogs.com/files/kagari/sqli-labs.sh
1 #!/bin/bash 2 apt-get update 3 apt-get -y install apt-transport-https ca-certificates curl software-properties-common git 4 curl -fsSL http://mirrors.aliyun.com/docker-ce/linux/ubuntu/gpg | sudo apt-key add - 5 add-apt-repository "deb [arch=amd64] http://mirrors.aliyun.com/docker-ce/linux/ubuntu $(lsb_release -cs) stable" 6 apt-get -y update 7 apt-get -y install docker-ce 8 apt install -y git 9 echo '{"registry-mirrors": ["https://docker.mirrors.ustc.edu.cn"]}'> /etc/docker/daemon.json 10 service docker restart 11 git clone https://github.com/Audi-1/sqli-labs.git 12 echo RlJPTSB1YnVudHU6MTQuMDQKICAKUlVOIHNlZCAtaSAncy9hcmNoaXZlLnVidW50dS5jb20vbWlycm9ycy5hbGl5dW4uY29tL2cnIC9ldGMvYXB0L3NvdXJjZXMubGlzdCYmXAogICAgc2VkIC1pICdzL3NlY3VyaXR5LnVidW50dS5jb20vbWlycm9ycy5hbGl5dW4uY29tL2cnIC9ldGMvYXB0L3NvdXJjZXMubGlzdApSVU4gYXB0LWdldCB1cGRhdGUKUlVOIGFwdC1nZXQgaW5zdGFsbCAteSBhcGFjaGUyIHBocDUgbGliYXBhY2hlMi1tb2QtcGhwNSBwaHA1LW15c3FsIHBocDUtY3VybCBwaHA1LWdkIHBocDUtaWRuIHBocC1wZWFyIHBocDUtaW1hZ2ljayBwaHA1LWltYXAgcGhwNS1tY3J5cHQgcGhwNS1tZW1jYWNoZSBwaHA1LW1pbmcgcGhwNS1wcyBwaHA1LXBzcGVsbCBwaHA1LXJlY29kZSBwaHA1LXNubXAgcGhwNS1zcWxpdGUgcGhwNS10aWR5IHBocDUteG1scnBjIHBocDUteHNsIG15c3FsLXNlcnZlciB2aW0gY3VybAoKQ09QWSBzdGFydC5zaCAvcm9vdC9zdGFydC5zaApDT1BZIHNxbGktbGFicyAvdmFyL3d3dy9odG1sLwpSVU4gY2htb2QgK3ggL3Jvb3Qvc3RhcnQuc2gKClJVTiBjaG93biAtUiBteXNxbDpteXNxbCAvdmFyL2xpYi9teXNxbApSVU4gc2VydmljZSBhcGFjaGUyIHN0YXJ0JiZcCiAgICBmaW5kIC92YXIvbGliL215c3FsIC10eXBlIGYgLWV4ZWMgdG91Y2gge30gXDsgJiYgc2VydmljZSBteXNxbCBzdGFydCAmJlwKICAgIGN1cmwgaHR0cDovLzEyNy4wLjAuMS9zcWwtY29ubmVjdGlvbnMvc2V0dXAtZGIucGhwCgpFWFBPU0UgODAgMzMwNgpDTUQgWyIvcm9vdC9zdGFydC5zaCJd|base64 -d >dockerfile 13 echo IyEvYmluL2Jhc2gKCi9ldGMvaW5pdC5kL2FwYWNoZTIgcmVzdGFydApmaW5kIC92YXIvbGliL215c3FsIC10eXBlIGYgLWV4ZWMgdG91Y2gge30gXDsgJiYgc2VydmljZSBteXNxbCBzdGFydCAKL2Jpbi9iYXNo|base64 -d>start.sh 14 docker build -t sqli-labs . 15 docker run -itdp 8000:80 sqli-labs
详细步骤:
1.下载sqli-labs源码 https://github.com/Audi-1/sqli-labs
git clone https://github.com/Audi-1/sqli-labs.git
2.编写dockerfile
FROM ubuntu:14.04 #换源,推荐阿里源(mirrors.aliyun.com),腾讯源(mirrors.cloud.tencent.com),163源 (mirrors.163.com) RUN sed -i 's/archive.ubuntu.com/mirrors.aliyun.com/g' /etc/apt/sources.list&& sed -i 's/security.ubuntu.com/mirrors.aliyun.com/g' /etc/apt/sources.list #安装apahce,php,mysql及php相关扩展 RUN apt-get update RUN apt-get install -y apache2 php5 libapache2-mod-php5 php5-mysql php5-curl php5-gd php5-idn php-pear php5-imagick php5-imap php5-mcrypt php5-memcache php5-ming php5-ps php5-pspell php5-recode php5-snmp php5-sqlite php5-tidy php5-xmlrpc php5-xsl mysql-server vim curl COPY start.sh /root/start.sh COPY sqli-labs /var/www/html/ RUN chmod +x /root/start.sh RUN chown -R mysql:mysql /var/lib/mysql RUN service apache2 start&& find /var/lib/mysql -type f -exec touch {} ; && service mysql start && curl http://127.0.0.1/sql-connections/setup-db.php EXPOSE 80 3306 CMD ["/root/start.sh"]
3.编写start.sh
#!/bin/bash /etc/init.d/apache2 restart find /var/lib/mysql -type f -exec touch {} ; && service mysql start /bin/bash
使用find /var/lib/mysql -type f -exec touch {} ; && service mysql start
4.构建docker容器,并运行
docker build -t sqli-labs . //构筑 docker run -itdp 8000:80 sqli-labs //-it指定镜像 -d后台运行 -p映射端口
5.访问127.0.0.1:8000即可
基本情况:
mysql用户:root/空
secure_file_priv=
上述两点,如需配置,请使用以下配置
首先修改 sqli-labs/sql-connections/db-creds.inc为下
<?php //give your mysql connection username n password $dbuser ='user'; $dbpass ='user'; $dbname ="security"; $host = 'localhost'; $dbname1 = "challenges"; ?>
dockerfile
FROM ubuntu:14.04
RUN sed -i 's/archive.ubuntu.com/mirrors.aliyun.com/g' /etc/apt/sources.list&&
sed -i 's/security.ubuntu.com/mirrors.aliyun.com/g' /etc/apt/sources.list
RUN apt-get update
RUN apt-get install -y apache2 php5 libapache2-mod-php5 php5-mysql php5-curl php5-gd php5-idn php-pear php5-imagick php5-imap php5-mcrypt php5-memcache php5-ming php5-ps php5-pspell php5-recode php5-snmp php5-sqlite php5-tidy php5-xmlrpc php5-xsl mysql-server vim curl
COPY start.sh /root/start.sh
COPY sqli-labs /var/www/html/
COPY flag.sql /root/flag.sql
RUN chmod +x /root/start.sh
RUN chown -R mysql:mysql /var/lib/mysql&&
#修改secure_file_priv
sed -i "N;32asecure_file_priv=/var/www/html" /etc/mysql/my.cnf&&
find /var/lib/mysql -type f -exec touch {} ; && service mysql start &&
#修改root密码,安装,新建mysql用户,降权
mysqladmin -uroot password kagi&&
mysql -uroot -pkagi -e "CREATE USER 'user'@'localhost' IDENTIFIED BY 'user';"&&
mysql -uroot -pkagi -e "grant ALL on *.* to user@'localhost' identified by 'user';"&&
mysql -uroot -pkagi -e "flush privileges;"&&
sed -i '$aServerName 127.0.0.1' /etc/apache2/apache2.conf&&service apache2 restart&&
curl http://127.0.0.1/sql-connections/setup-db.php&&
mysql -uroot -pkagi -e "revoke all privileges on *.* from user@localhost;"&&
mysql -uroot -pkagi -e "grant SELECT, INSERT, UPDATE, DELETE ,FIlE on *.* to user@'localhost' identified by 'user';"&&
mysql -uroot -pkagi -e "flush privileges;"&&
mysql -uroot -pkagi -e "create database flag;"&&
mysql -uroot -pkagi flag < /root/flag.sql
#web目录默认为root:root 755,新建可以目录,用于写webshell
RUN mkdir /var/www/html/tmp &&chmod 777 /var/www/html/tmp
EXPOSE 80 3306
CMD ["/root/start.sh"]
start.sh
#!/bin/bash /etc/init.d/apache2 restart find /var/lib/mysql -type f -exec touch {} ; && service mysql start
/bin/bash
flag.sql
-- phpMyAdmin SQL Dump -- version 4.8.5 -- https://www.phpmyadmin.net/ -- -- 主机: 127.0.0.1:3306 -- 生成日期: 2019-11-25 05:27:06 -- 服务器版本: 5.7.26 -- PHP 版本: 5.6.40 SET SQL_MODE = "NO_AUTO_VALUE_ON_ZERO"; SET AUTOCOMMIT = 0; START TRANSACTION; SET time_zone = "+00:00"; /*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */; /*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */; /*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */; /*!40101 SET NAMES utf8mb4 */; -- -- 数据库: `flag` -- -- -------------------------------------------------------- -- -- 表的结构 `flag` -- DROP TABLE IF EXISTS `flag`; CREATE TABLE IF NOT EXISTS `flag` ( `id` int(11) NOT NULL, `flag` varchar(100) NOT NULL ) ENGINE=MyISAM DEFAULT CHARSET=utf8; -- -- 转存表中的数据 `flag` -- INSERT INTO `flag` (`id`, `flag`) VALUES (1, 'flag{sqli_easy}'); COMMIT; /*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */; /*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */; /*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;