最近在做靶场漏洞复现的时候发现了一个由web虚拟机和db虚拟机一起跑起来的联动靶场环境,下载完镜像后总是报错,思前想后都没办法,于是只能自己来解决问题,虽然结果令人大失所望,但是过程还是挺让人有成就感的,就记录了一下。
#1.docker启服务
进入相对应的靶场环境文件夹下起靶场:
bin4xin@bin4xin's MacbookPro CVE-2020-9402 % docker-compose up -d
Creating network "cve-2020-9402_default" with the default driver
Creating cve-2020-9402_db_1 ... done
Creating cve-2020-9402_web_1 ... done
bin4xin@bin4xin's MacbookPro CVE-2020-9402 % docker-compose ps
Name Command State Ports
-------------------------------------------------------------------------------------------
cve-2020-9402_db_1 /entrypoint.sh Up 1521/tcp, 5500/tcp, 8080/tcp
cve-2020-9402_web_1 /docker-entrypoint.sh pyth ... Up 0.0.0.0:8000->8000/tcp
我们可以看到对应web服务的端口监听状态:0.0.0.0:8000->8000/tcp
,所以我们直接访问试试看:
bin4xin@bin4xin's MacbookPro CVE-2020-9402 % curl localhost:8000
curl: (52) Empty reply from server
bin4xin@bin4xin's MacbookPro CVE-2020-9402 % docker-compose ps
Name Command State Ports
-------------------------------------------------------------------------------------------
cve-2020-9402_db_1 /entrypoint.sh Up 1521/tcp, 5500/tcp, 8080/tcp
cve-2020-9402_web_1 /docker-entrypoint.sh pyth ... Up 0.0.0.0:8000->8000/tcp
bin4xin@bin4xin's MacbookPro CVE-2020-9402 % curl 127.0.0.1:8000/vuln
curl: (52) Empty reply from server
bin4xin@bin4xin's MacbookPro CVE-2020-9402 % docker-compose ps
Name Command State Ports
-------------------------------------------------------------------------------------------
cve-2020-9402_db_1 /entrypoint.sh Up 1521/tcp, 5500/tcp, 8080/tcp
cve-2020-9402_web_1 /docker-entrypoint.sh pyth ... Up 0.0.0.0:8000->8000/tcp
在上面的bash终端代码我们可以看到,我们访问8000端口服务,都是返回Empty reply from server
,我就很郁闷了,明明docker显示状态是Up
状态,怎么访问时服务返回空呢。
#排错
#这是一个有脾气的容器
还是不甘心,看了一下本地的ip地址,再次访问看看:
bin4xin@bin4xin's MacbookPro shiro % ifconfig|grep inet
inet 127.0.0.1 netmask 0xff000000
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
inet6 fe80::aede:48ff:fe00:1122%en5 prefixlen 64 scopeid 0x7
inet6 fe80::146d:ed67:817a:e134%en0 prefixlen 64 secured scopeid 0x9
inet 114.97.221.67 netmask 0xfffffe00 broadcast 114.97.221.255
inet6 fe80::24e6:3dff:fe1c:7c55%awdl0 prefixlen 64 scopeid 0x10
inet6 fe80::24e6:3dff:fe1c:7c55%llw0 prefixlen 64 scopeid 0x11
inet6 fe80::9a9a:9906:8f8d:5e0%utun0 prefixlen 64 scopeid 0x12
inet6 fe80::8ef2:d44b:f2b0:f37e%utun1 prefixlen 64 scopeid 0x13
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet 114.97.221.67
bin4xin@bin4xin's MacbookPro shiro % curl http://114.97.221.67:8000/vuln
curl: (7) Failed to connect to 114.97.221.67 port 8000: Connection refused
bin4xin@bin4xin's MacbookPro shiro % docker-compose ps
Name Command State Ports
------------------------------------------------------------------------------------------------
cve-2020-9402_db_1 /entrypoint.sh Up 1521/tcp, 5500/tcp, 8080/tcp
cve-2020-9402_web_1 /docker-entrypoint.sh pyth ... Restarting
好家伙,这次直接web服务重启了,有脾气。没办法,直接把整个环境down掉重启。
#进容器
这次我想到的办法是直接进容器里面去看看服务到底发生了什么:
docker ps
a66976bc6d2b cve-2020-9402_web "/docker-entrypoint.…" 4 seconds ago Up 3 seconds 0.0.0.0:8000->8000/tcp cve-2020-9402_web_1
fc99758ce428 vulhub/oracle:12c-ee "/entrypoint.sh" 5 seconds ago Up 3 seconds 1521/tcp, 5500/tcp, 8080/tcp cve-2020-9402_db_1
我们可以通过docker ps
来查看docker镜像cve-2020-9402_web
对应的CONTAINER ID
,通过这个id值进入容器;
bin4xin@bin4xin's MacbookPro CVE-2020-9402 % sudo docker exec -it a66976bc6d2b /bin/bash
root@a66976bc6d2b:/usr/src#
root@a66976bc6d2b:/usr/src# ps -ef
UID PID PPID C STIME TTY TIME CMD
root 1 0 0 06:44 ? 00:00:00 /bin/bash /docker-entrypoint.sh python manage.py runserver 0.0.0.0:8000
root 7 1 0 06:44 ? 00:00:00 bash /usr/local/bin/wait-for-it.sh -t 0 db:1521 -- echo oracle is up
root 56 0 0 06:45 pts/0 00:00:00 /bin/bash
root 73 7 0 06:45 ? 00:00:00 sleep 1
root 74 56 0 06:45 pts/0 00:00:00 ps -ef
看了一下,没什么大问题啊,服务该照常启动的都启动了,难道是db服务的问题?就在我疑惑的时候,果然:容器又重启了,我的shell直接掉了,查看一下状态,可不咋地,又restart了,心里苦阿。
bin4xin@bin4xin's MacbookPro CVE-2020-9402 % docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
a66976bc6d2b cve-2020-9402_web "/docker-entrypoint.…" 2 minutes ago Restarting (1) 2 seconds ago
#日志排错:-)
排错之前看一下docker的打印日志指南
% docker logs --help
Usage: docker logs [OPTIONS] CONTAINER
Fetch the logs of a container
Options:
--details Show extra details provided to logs
-f, --follow Follow log output
--since string Show logs since timestamp (