搭建动态CTFd

2020-07-27 59次浏览 0条评论  前往评论

前言


网上的搭建教程有很多了,但是有几个比较坑的地方的资料比较零散,这里记录一下从零开始搭建的过程,虽然因为各种原因最后还是学贤大佬帮我搭好了🙃,这个动态靶机是真的方便。

前置工作


  • 本篇搭建环境为centos7.6

学贤大佬用的是ubuntu18也搭成功了,但是相对来说还是centos比较方便。

更新yum源

yum update
yum install -y git nginx mariadb mariadb-server Mysql-python python-pip gcc  python-devel yum-utils device-mapper-persistent-data lvm2 epel-release

安装docker

#换源
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
#查看并选择合适的docker版本
yum list docker-ce --showduplicates | sort -r
#安装docker
yum -y install docker-ce
#查看是否安装成功
docker --version
#启动docker
systemctl start docker

安装docker-compose

yum install python3-pip
pip3 install docker-compose
#更改二进制文件的权限
chmod +x /usr/local/bin/docker-compose
#测试是否安装成功
docker-compose --version

docker镜像加速

sudo mkdir -p /etc/docker
sudo tee /etc/docker/daemon.json <<-'EOF'
{
  "registry-mirrors": ["https://e5ee9xyr.mirror.aliyuncs.com"]
}
EOF
sudo systemctl daemon-reload
sudo systemctl restart docker

安装frp


下载frp

cd
wget https://github.com/fatedier/frp/releases/download/v0.29.0/frp_0.29.0_linux_amd64.tar.gz
tar -zxvf frp_0.29.0_linux_amd64.tar.gz
cd frp_0.29.0_linux_amd64
cp systemd/* /etc/systemd/system/
mkdir /etc/frp
cp frpc.ini  frps.ini /etc/frp/
cp frpc  frps /usr/bin/
chmod a+x /usr/bin/frpc /usr/bin/frps
systemctl enable frps

FRP的文件wget太慢的话,可以下载后再直接拖到root的目录下。

修改frps.ini

修改frps.ini内容

vim /etc/frp/frps.ini

frps.ini的内容如下

[common]
bind_port = 7897
bind_addr = 0.0.0.0
token = jplXcUyxdqn0y2RIzaLTDoaXET5Gbo78

启动frps系统服务

systemctl start frps

修改frpc.ini

修改frpc.ini配置文件

vim /etc/frp/frpc.ini
[common]
server_addr = 172.18.0.1
server_port = 7897
token = jplXcUyxdqn0y2RIzaLTDoaXET5Gbo78

再修改

vim ~/frp_0.29.0_linux_amd64/frpc.ini

frpc.ini的内容

[common]
server_addr = 172.18.0.1 # 这里填写宿主机ifconfig之后docker0的ip
server_port = 7897
token = jplXcUyxdqn0y2RIzaLTDoaXET5Gbo78
admin_addr = 172.20.0.2 #这里填写frpc容器在frpcadmin网络里的ip
admin_port = 7400
log_file = ./frps.log

创建网络frpadmin

#创建网络并启动frpc容器并配置frpc.ini
docker network create ctfd_frp-containers
docker run  -d -v ~/frp_0.29.0_linux_amd64/frpc.ini:/etc/frp/frpc.ini --network="ctfd_frp-containers" --restart=always "glzjin/frp"
#创建网络frpcadmin用于ctfd容器和frpc容器通信
docker network create frpcadmin
docker network connect frpcadmin <frpc容器名或者ID>
#重启docker服务
systemctl restart docker
#查看frpcadmin网络的连接情况并记录frpc容器的网络IP
docker network inspect frpcadmin

token脚本


这里有个可以生成token的脚本

from random import Random
def get_token():
    length_r = 32
    token = ''
    chars = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'
    length = len(chars) - 1
    random = Random()
    for i in range(length_r):
        token += chars[random.randint(0, length)]
    return token
print get_token()

安装CTFd


下载CTFd

cd
git clone https://github.com/CTFd/CTFd.git
cd CTFd/
#回滚到当前教程适合的版本
git reset 6c5c63d667a17aec159c8e26ea53dccfbc4d0fa3 --hard
#打开ctfd插件目录
cd CTFd/plugins
git clone https://github.com/glzjin/CTFd-Whale.git ctfd-whale
cd ctfd-whale
#回滚到当前教程适合的版本
git reset 5b32f457e9f56ee9b2b29495f4b3b118be3c57bd --hard
#返回ctfd主目录
cd ../../../

把原生的CTFd装好后改一下这个css,这一步非常重要,因为原本的网站被墙了,导致访问非常慢,所以需要换一下cdn加速版本的。

cd /root/CTFd/CTFd/themes/core/static/css/vendor/font-awesome
#打开fontawesome-fonts.css
#把第一句换成
@import url('https://cdn.bootcss.com/font-awesome/5.13.0/css/all.css');

然后换一下这三个文件

修改Dockerfile

FROM python:2.7-alpine
RUN sed -i 's/dl-cdn.alpinelinux.org/mirrors.aliyun.com/g' /etc/apk/repositories &&\
    apk update && \
    apk add python python-dev linux-headers libffi-dev gcc make musl-dev py-pip mysql-client git openssl-dev
RUN adduser -D -u 1001 -s /bin/bash ctfd

WORKDIR /opt/CTFd
RUN mkdir -p /opt/CTFd /var/log/CTFd /var/uploads
RUN pip config set global.index-url https://pypi.doubanio.com/simple
RUN pip config set install.trusted-host pypi.doubanio.com
COPY requirements.txt .

RUN pip install -r requirements.txt -i  https://pypi.doubanio.com/simple

COPY . /opt/CTFd

RUN for d in CTFd/plugins/*; do \
      if [ -f "$d/requirements.txt" ]; then \
        pip install -r $d/requirements.txt -i  https://pypi.doubanio.com/simple; \
      fi; \
    done;

RUN chmod +x /opt/CTFd/docker-entrypoint.sh
RUN chown -R 1001:1001 /opt/CTFd
RUN chown -R 1001:1001 /var/log/CTFd /var/uploads

USER 1001
EXPOSE 8000
ENTRYPOINT ["/opt/CTFd/docker-entrypoint.sh"]

修改docker-compose.yml

version: '2'

services:
  ctfd:
    build: .
    user: root
    restart: always
    ports:
      - "8000:8000"
    environment:
      - UPLOAD_FOLDER=/var/uploads
      - DATABASE_URL=mysql+pymysql://root:ctfd@db/ctfd
      - REDIS_URL=redis://cache:6379
      - WORKERS=1
      - LOG_FOLDER=/var/log/CTFd
      - ACCESS_LOG=-
      - ERROR_LOG=-
    volumes:
      - .data/CTFd/logs:/var/log/CTFd
      - .data/CTFd/uploads:/var/uploads
      - .:/opt/CTFd:ro
      - /var/run/docker.sock:/var/run/docker.sock
    depends_on:
      - db
    networks:
        default:
        internal:

  db:
    image: mariadb:10.4.12
    restart: always
    environment:
      - MYSQL_ROOT_PASSWORD=ctfd
      - MYSQL_USER=ctfd
      - MYSQL_PASSWORD=ctfd
      - MYSQL_DATABASE=ctfd
    volumes:
      - .data/mysql:/var/lib/mysql
    networks:
        internal:
    # This command is required to set important mariadb defaults
    command: [mysqld, --character-set-server=utf8mb4, --collation-server=utf8mb4_unicode_ci, --wait_timeout=28800, --log-warnings=0]

  cache:
    image: redis:4
    restart: always
    volumes:
    - .data/redis:/data
    networks:
        internal:

networks:
    default:
    internal:
        internal: true

修改requirements.txt

在最下面添加一行

banal==0.4.2

构建启动镜像。

docker-compose build
docker-compose up -d

将ctfd连接frpcadmin网络

docker ps
docker network connect frpcadmin <ctfd容器名或者ID>
docker network inspect frpcadmin

插件信息填写


进入网站插件填写信息即可

#Docker API URL
unix:///var/run/docker.sock
#Frp API IP
172.20.0.2  #frpc容器在frpcadmin网络里的ip
#Frp API Port
7400
#Frp Http Domain Suffix
None
#Frp Http Port 
80
#Frp Direct IP Address
39.105.158.221  #公网IP
#Frp Direct Minimum Port 
28000
#Frp Direct Maximum Port 
28100
#Max Container Count 
100         #最大容器数
#Max Renewal Times 
5           #单个容器最大续期次数
#Frp config template 
[common]
server_addr = 172.18.0.1
server_port = 7897
token = jplXcUyxdqn0y2RIzaLTDoaXET5Gbo78
admin_addr = 172.20.0.2
admin_port = 7400
log_file = ./frps.log
#Docker Auto Connect Containers 
None
#Docker Auto Connect Network 
ctfd_frp-containers
#Docker Dns Setting 
None

常见问题


如果容器的状态为restart,可以用logs来查看发生了什么错误

docker logs <容器ID>

部署web题目


在Dockerfile里面填写

FROM php:7.0-apache
CMD sh -c "echo $FLAG > /flag  && export FLAG=not_flag && FLAG=not_flag && apache2-foreground"

即可生成动态flag



登录后回复

共有0条评论