搭建CTF动态靶场

  • 搭建CTF动态靶场已关闭评论
  • 28 次浏览
  • A+
所属分类:linux技术
摘要

本文借鉴文章:https://www.yuque.com/dengfenglai-esbap/kb/mc4k41?#xOxNG
在此基础上修改了一点(照着原来的做没成功),感谢这位师傅给的资源。


前言

本文借鉴文章:https://www.yuque.com/dengfenglai-esbap/kb/mc4k41?#xOxNG
在此基础上修改了一点(照着原来的做没成功),感谢这位师傅给的资源。

1、环境准备

1、主机:服务器CentOs7
2、Docker版本:20.10.2
3、Docker-compose版本:1.25.0
4、IP地址:公网地址或虚拟机地址

2、系统环境搭建

1、更新yum源

yum update 

2、安装系统所需服务

yum install -y git nginx mariadb mariadb-server Mysql-python python-pip gcc  python-devel yum-utils device-mapper-persistent-data lvm2 epel-release 

3、安装docker

# 换源 yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo  # 安装docker yum -y install docker-ce-17.12.1.ce 

4、DaoClould配置镜像源加速

curl -sSL https://get.daocloud.io/daotools/set_mirror.sh | sh -s http://f1361db2.m.daocloud.io 

5、检查是否安装成功

docker --version 

6、安装docker-compose

# 下载docker compose curl -L https://get.daocloud.io/docker/compose/releases/download/1.25.4/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose # 添加可执行权限 chmod +x /usr/local/bin/docker-compose # 将文件copy到 /usr/bin/目录下 ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose # 查看版本 docker-compose --version 

3、靶场环境搭建

1、下载CTFd

git clone https://github.com/glzjin/CTFd.git 

2、下载frp

wget https://github.com/fatedier/frp/releases/download/v0.29.0/frp_0.29.0_linux_amd64.tar.gz  # 解压 tar -zxvf frp_0.29.0_linux_amd64.tar.gz 

3、下载ctfd-whale插件

git clone https://github.com/glzjin/CTFd-Whale.git  # 重命名为小写 mv CTFd-Whale/ ctfd-whale 

4、下载docker版本的frps

git clone https://github.com/glzjin/Frp-Docker-For-CTFd-Whale  # 重命名为小写 mv Frp-Docker-For-CTFd-Whale/ frp-docker-for-ctfd-whale 

4、CTFd环境配置

1、初始化docker集群

docker swarm init 

2、加入节点

docker node update --label-add='name=linux-1' $(docker node ls -q) 

3、将ctfd-whale放入CTFd的插件目录

mv ctfd-whale/ CTFd/CTFd/plugins/ 

4、启动docker版本的frps及frps配置

cd frp-docker-for-whale/frp vim frps.ini 

进入之后,看到

[common] bind_port = 6490 token = randomme 

可将token进行修改,端口一般采用默认端口。
5、修改完成后返回目录启动

cd .. docker-compose up -d 

等待构建完成,用docker ps -a查看是否正在运行
搭建CTF动态靶场
6、将frpc文件移动到CTFd中

cd CTFd/ mkdir frpc 

进入frpc的目录(frp_0.29.0_linux_amd64)将里面的frpc,frpc.ini,frpc_full.ini,LICENSE这四个文件放在CTFd/frpc文件夹中

cd ../frp_0.29.0_linux_amd64 mv frpc.ini ../CTFd/frpc/ mv frpc_full.ini ../CTFd/frpc/ mv frpc ../CTFd/frpc/ mv LICENSE ../CTFd/frpc/ 

7、进入刚刚新建的CTFd/fprc目录,配置frpc.ini文件

[common] token = randomme server_addr = 172.1.0.4 server_port = 6490 pool_count = 200 tls_enable = true  admin_addr = 172.1.0.3 admin_port = 7400 

!除了token其他的务必和上面一摸一样
8、配置Dockerfile(这边做了一点修改)

FROM python:3.6-alpine RUN sed -i 's/dl-cdn.alpinelinux.org/mirrors.aliyun.com/g' /etc/apk/repositories &&     apk update &&      apk add python3 python3-dev linux-headers libffi-dev gcc make musl-dev py-pip mysql-client git openssl-dev g++ RUN adduser -D -u 1001 -s /bin/bash ctfd WORKDIR /opt/CTFd RUN mkdir -p /opt/CTFd /var/log/CTFd /var/uploads RUN python -m pip install --upgrade pip setuptools wheel -i https://pypi.doubanio.com/simple RUN pip3 config set global.index-url https://pypi.doubanio.com/simple RUN pip3 config set install.trusted-host pypi.doubanio.com COPY requirements.txt . RUN pip install -r requirements.txt -i  https://pypi.doubanio.com/simple COPY . /opt/CTFd RUN for d in CTFd/plugins/*; do        if [ -f "$d/requirements.txt" ]; then          pip install -r $d/requirements.txt -i  https://pypi.doubanio.com/simple;        fi;      done; RUN chmod +x /opt/CTFd/docker-entrypoint.sh RUN chown -R 1001:1001 /opt/CTFd RUN chown -R 1001:1001 /var/log/CTFd /var/uploads USER 1001 EXPOSE 8000 ENTRYPOINT ["/opt/CTFd/docker-entrypoint.sh"] 

在原有的基础上加上了一行:

RUN python -m pip install --upgrade pip setuptools wheel -i https://pypi.doubanio.com/simple 

9、配置docker-compose.yml

version: '2.2'  services:   ctfd-nginx:     image: nginx:1.17     volumes:       - ./nginx/http.conf:/etc/nginx/nginx.conf        user: root     restart: always     ports:           - "443:443"     networks:         default:         internal:     depends_on:       - ctfd     cpus: '1.00'       mem_limit: 150M        ctfd:     build: .     user: root     restart: always     ports:       - "8000:8000"          environment:       - UPLOAD_FOLDER=/var/uploads       - DATABASE_URL=mysql+pymysql://root:ctfd@db/ctfd       - REDIS_URL=redis://cache:6379       - WORKERS=1       - LOG_FOLDER=/var/log/CTFd       - ACCESS_LOG=-       - ERROR_LOG=-       - REVERSE_PROXY=true     volumes:       - .data/CTFd/logs:/var/log/CTFd       - .data/CTFd/uploads:/var/uploads       - .:/opt/CTFd:ro       - /var/run/docker.sock:/var/run/docker.sock          depends_on:       - db     networks:         default:         internal:         frp:             ipv4_address: 172.1.0.2     cpus: '1.00'          mem_limit: 450M         db:     image: mariadb:10.4     restart: always     environment:       - MYSQL_ROOT_PASSWORD=ctfd       - MYSQL_USER=ctfd       - MYSQL_PASSWORD=ctfd     volumes:       - .data/mysql:/var/lib/mysql     networks:         internal:     command: [mysqld, --character-set-server=utf8mb4, --collation-server=utf8mb4_unicode_ci, --wait_timeout=28800, --log-warnings=0]     cpus: '1.00'          mem_limit: 750M         cache:     image: redis:4     restart: always     volumes:       - .data/redis:/data     networks:         internal:     cpus: '1.00'          mem_limit: 450M         frpc:         image: glzjin/frp:latest          restart: always     volumes:       - ./frpc:/conf/          entrypoint:         - /usr/local/bin/frpc         - -c         - /conf/frpc.ini     networks:         frp:             ipv4_address: 172.1.0.3           frp-containers:     cpus: '1.00'          mem_limit: 250M       networks:     default:     internal:         internal: true     frp:         driver: bridge         ipam:             config:                 - subnet: 172.1.0.0/16     frp-containers:         driver: overlay         internal: true         ipam:             config:                 - subnet: 172.2.0.0/16    

10、配置requirements.txt(这边我也做了点修改)

Flask==1.1.1 Werkzeug==0.16.0 Flask-SQLAlchemy==2.4.1 Flask-Caching==1.4.0 Flask-Migrate==2.5.2 Flask-Script==2.0.6 SQLAlchemy==1.3.11 SQLAlchemy-Utils==0.36.0 passlib==1.7.2 bcrypt==3.1.7 six==1.13.0 itsdangerous==1.1.0 requests>=2.20.0 PyMySQL==0.9.3 gunicorn==19.9.0 normality==2.0.0 dataset==1.1.2 mistune==0.8.4 netaddr==0.7.19 redis==3.3.11 datafreeze python-dotenv==0.10.3 flask-restplus==0.13.0 pathlib2==2.3.5 flask-marshmallow==0.10.1 marshmallow-sqlalchemy==0.17.0 boto3==1.10.39 marshmallow==2.20.2 gevent==1.4.0 tzlocal==2.1 

去掉了datafreeze的版本限制。
11、配置nginx
在CTFd的目录下,新建一个文件夹并进入

mkdir nginx cd nginx 

创建http.conf

worker_processes 4; events {   worker_connections 1024; } http {   # Configuration containing list of application servers   upstream app_servers {     server ctfd:8000;   }   server {     listen 80;     client_max_body_size 4G;     # Handle Server Sent Events for Notifications     location /events {       proxy_pass http://app_servers;       proxy_set_header Connection '';       proxy_http_version 1.1;       chunked_transfer_encoding off;       proxy_buffering off;       proxy_cache off;       proxy_redirect off;       proxy_set_header Host $host;       proxy_set_header X-Real-IP $remote_addr;       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;       proxy_set_header X-Forwarded-Host $server_name;     }     # Proxy connections to the application servers     location / {       proxy_pass http://app_servers;       proxy_redirect off;       proxy_set_header Host $host;       proxy_set_header X-Real-IP $remote_addr;       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;       proxy_set_header X-Forwarded-Host $server_name;     }   } } 

12、开始构建
在CTFd文件夹下开始构建镜像和容器

cd CTFd/ docker-compose up -d 

不出意外的话,可以看到
搭建CTF动态靶场
13、查看容器的运行状态

docker ps -a 

可以看到
搭建CTF动态靶场
所有容器均启动成功
14、访问
浏览器中访问ip:8000即可打开
搭建CTF动态靶场