Created
October 27, 2019 20:36
-
-
Save notdodo/b40c018ceabfa8cf01fff0f15f39f907 to your computer and use it in GitHub Desktop.
Create PHP dockers (that are available on the official channel) to create a LFI test laboratory
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python3 | |
import glob | |
import requests | |
import subprocess | |
import sys | |
from bs4 import BeautifulSoup | |
from grp import getgrgid | |
from os import stat, path, chown | |
from pwd import getpwuid | |
filename = path.basename(__file__) | |
userid = getpwuid(stat(filename).st_uid).pw_uid | |
groupid = getgrgid(stat(filename).st_gid).gr_gid | |
ips_list = "./lfi_ips.txt" | |
if len(sys.argv) > 1 and sys.argv[1] == "--delete-all": | |
subprocess.run( | |
["docker rm -f $(docker ps -aq --filter name=dodo-lfi*)"], shell=True | |
) | |
sys.exit(0) | |
DOCKERFILE = """FROM php:{}-alpine | |
RUN echo "<?php include \$_REQUEST['file']; ?>" > /tmp/lfi.php | |
RUN echo "<?php phpinfo() ?>" > /tmp/phpinfo.php | |
WORKDIR /tmp | |
CMD [ "php", "-S", "0.0.0.0:8080"]""" | |
# No docker containers found for PHP4 | |
# php4 = "https://www.php.net/ChangeLog-4.php" | |
php5 = "https://www.php.net/ChangeLog-5.php" | |
php7 = "https://www.php.net/ChangeLog-7.php" | |
phps = [php5, php7] | |
def get_version(): | |
for php in phps: | |
r = requests.get(php) | |
phtml = BeautifulSoup(r.text, features="lxml") | |
for tag in phtml.body.find_all("section", attrs={"class": "version"}): | |
phpv = tag.get("id") | |
if phpv >= "5.5.33": | |
with open("Dockerfile-{}".format(phpv), "w") as dockerfile: | |
dockerfile.write(DOCKERFILE.format(phpv)) | |
for dockerfile in glob.glob("Dockerfile-*"): | |
phpv = dockerfile.replace("Dockerfile-", "") | |
print( | |
subprocess.run( | |
["docker build -t dodo-lfi{} -f {} .".format(phpv, dockerfile)], | |
capture_output=True, | |
shell=True, | |
).stdout.decode() | |
) | |
def build_containers(): | |
for dockerfile in glob.glob("Dockerfile-*"): | |
phpv = dockerfile.replace("Dockerfile-", "") | |
subprocess.run( | |
[ | |
"docker run --restart=always -d --name dodo-lfi{} dodo-lfi{} 2>/dev/null".format( | |
phpv, phpv | |
) | |
], | |
shell=True, | |
) | |
subprocess.run(["rm ./Dockerfile-*"], shell=True) | |
def run_containers(): | |
ips = subprocess.run( | |
[ | |
"docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' $(docker ps -aq --filter name=dodo-lfi*)" | |
], | |
capture_output=True, | |
shell=True, | |
).stdout.decode() | |
open(ips_list, "w").write(ips) | |
chown(ips_list, userid, groupid) | |
get_version() | |
build_containers() | |
run_containers() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment