vulhub / vulhub Goto Github PK

Pre-Built Vulnerable Environments Based on Docker-Compose

License: MIT License

PHP 4.03% Shell 13.37% HTML 3.94% Ruby 0.74% Python 28.21% Java 14.73% CSS 0.21% JavaScript 1.74% Perl 0.02% Dockerfile 32.77% Groovy 0.23%

docker vulnerability-environment docker-compose vulhub dockerfile

vulhub's Introduction

Vulhub is an open-source collection of pre-built vulnerable docker environments. No pre-existing knowledge of docker is required, just execute two simple commands and you have a vulnerable environment.

中文版本(Chinese version)

Installation

Install Docker on Ubuntu 22.04:

# Install the latest version docker
curl -s https://get.docker.com/ | sh

# Run docker service
systemctl start docker

Note that as of April 2022, docker compose is merged into Docker as a subcommand as Docker Compose V2, the Python version of docker-compose will be deprecated after June 2023. So Vulhub will no longer require the installation of additional docker-compose, and all documentation will be modified to use the docker compose instead.

The installation steps of Docker and Docker Compose for other operating systems might be slightly different, please refer to the docker documentation for details.

Usage

# Download project
wget https://github.com/vulhub/vulhub/archive/master.zip -O vulhub-master.zip
unzip vulhub-master.zip
cd vulhub-master

# Enter the directory of vulnerability/environment
cd flask/ssti

# Compile environment
docker compose build

# Run environment
docker compose up -d

There is a README document in each environment directory, please read this file for vulnerability/environment testing and usage.

After the test, delete the environment with the following command.

docker compose down -v

It is recommended to use a VPS of at least 1GB memory to build a vulnerability environment. The your-ip mentioned in the documentation refers to the IP address of your VPS. If you are using a virtual machine, it refers to your virtual machine IP, not the IP inside the docker container.

All environments in this project are for testing purposes only and should not be used as a production environment!

Notice

To prevent permission errors, please ensure that the docker container has permission to access all files in the current directory.
Vulhub does not support running on machines with non-x86 architecture such as ARM for now.

Contribution

This project relies on docker. So any error during compilation and running are thrown by docker and related programs. Please find the cause of the error by yourself first. If it is determined that the dockerfile is written incorrectly (or the code is wrong in vulhub), then submit the issue. More details please 👉Common reasons for compilation failure, hope it can help you.

For more question, please contact:

Thanks for the following contributors:

More contributors：Contributors List

Partner

Our Partners and users:

Sponsor vulhub on patreon 🙏

Sponsor vulhub on opencollective 🙏

More Donate.

License

Vulhub is licensed under the MIT License. See LICENSE for the full license text.

vulhub's People

Contributors

Stargazers

Watchers

Forkers

tonghuaroot stevenksaint barrydeng key20 awesome-security lxghost tuian yangy-xiao v1cker 0x554simon jijicanyu lovebair2022 h1d3r shenliehuozhi administratorgithub songofhack ch0ck sampr0 iaklis phantom0301 dada-dada xlck1ng rainism 0neday hackpanda cn-leowong latentgod androiddream dptechma dreamcometure sanwenkit letmetest huntpig xieqiwen1993 gitsucce-zz yaofeifly linxi0428 zhouqiangwithyaoji uyid xym000 xlabwang wivd thearicer mayter lengyun123456 joinbaijun snk7 pengtao007 whoiskx gowabby android-leak zjxzjx depth- stop1992 i1ikey0u xiongjungit wsygoogol linll 0xsunsama tsingfu4 haply shengulong frailleon v1ncilazy l3m0n superwyx lubyruffy jamalmo chennqqi 0xsb free-me shellb0y heiheiyan zerolugithub arryboom stayliv3 codingword useafter cass203 wantiger lucifer-0 qintian19880103 007xiaoxingxing az0ne pyshe11 0x24bin wsppt houcy lnln1111 funhity webvul forging2012 adonchan anlev5 dawson0x00 gorgiaxx lwhat w2n1ck xmdda 4lgw

vulhub's Issues

weblogic账号密码是什么？

提交issue前，请检查你本地的vulhub是否是最新版，否则可能存在一些由于时间问题导致而今已经修复的bug。

填写如下信息

Which environment: 哪个环境出现BUG [e.g. python/ssti]
Host OS: 操作系统 [e.g. Ubuntu]
OS Version: 操作系统版本 [e.g. 18.04]
Docker version: Docker 版本 [e.g. Docker version 18.04.0-ce, build 3d479c0]
Compose version: Docker-Compose 版本 [e.g. docker-compose version 1.22.0, build f46880f]
Describe your bug: 描述你的Bug，什么情况下出现这个bug

一些关键信息：

主机是否在**大陆
是否重试过仍然出现这个错误

注意，issue仅接受vulhub自身的bug，如：

编译时出现bug导致编译失败
运行后，环境无法访问
环境运行后，按照README中的操作，无法复现漏洞
README中出现的错误，如错别字、参考链接失效等

不接受：

安装docker或docker-compose时出现的bug
运行docker、docker-compose时出现的bug
拉取/下载vulhub时出现的bug
拉取docker镜像因为网络原因导致拉取失败

附加信息

请贴出完整错误信息，可以是命令行输出、软件报错信息、截图等。

注意，请贴出完整错误信息，不要只粘贴错误的最后一行！

l

关于【Apache HTTPD 未知后缀解析漏洞】的配置与实际漏洞场景有偏差问题

经过测试，认为和真实漏洞环境有些偏差，觉得apache配置文件有问题。具体说明如下：

都知道apache的解析漏洞依赖于一个特性： Apache默认一个文件可以有多个以点分割的后缀，当最右边的后缀无法识别（不在mime.types文件内），则继续向左识别，直到识别到合法后缀才进行解析。
而这个特性源于apache的配置。

也就是说如果分别访问存在漏洞的环境下的a.php.jpg和a.php.xxx。那么a.php.jpg会被识别为按照jpg图片进行解析，而a.php.xxx才会被当成php脚本进行解析。

看了下vulhub下的Apache HTTPD 未知后缀解析漏洞的配置如下：

AddHandler application/x-httpd-php .php

经过测试问题来了，a.php.jpg和a.php.xxx都被当成php脚本进行解析了。这显然不太符合实际环境中Apache HTTPD 未知后缀解析漏洞的中间件特性。

个问题请教大佬

what happened

想知道weblogic_ssrf 探测redis服务器172.19.0网段的时候，探测的172.19.0的这些主机，在vulhub环境下是归属于网上还是归属于本地虚拟环境的？

what did i do

我在做weblogic_ssrf实验的过程中，做到了redis反弹shell的这一步，需要探测```172.19.0``网段中redis服务器位置。
其中我的目标是探测出内网中redis服务器。

what should happend

这里实际上将会探测出一大堆172.18.0的主机。

......
172.19.0.24
[!]172.19.0.16:443
[!]172.19.0.20:53
[!]172.19.0.10:445
[!]172.19.0.4:1080
[!]172.19.0.6:1521
[!]172.19.0.21:22
[!]172.19.0.9:3389
[!]172.19.0.13:1080
[!]172.19.0.18:80
[!]172.19.0.15:443
 [!]172.19.0.17:135
[!]172.19.0.19:53
[!]172.19.0.12:135
[!]172.19.0.11:139
[!]172.19.0.8:1080
172.19.0.25
[!]172.19.0.16:445
[!]172.19.0.24:21
[!]172.19.0.10:1080
[!]172.19.0.7:3306
[!]172.19.0.4:1433
[!]172.19.0.6:3306
[!]172.19.0.9:4899
[!]172.19.0.13:1433
[!]172.19.0.22:22
[!]172.19.0.17:139
[!]172.19.0.19:80
......

Add repo topics

For better discoverability.

failed to build

ERROR: Service 'web' failed to build: The command '/bin/sh -c apt-get update && apt-get -y install $BUILD_TOOLS && rm -rf /var/lib/apt/lists/*' returned a non-zero code: 100

httpd/CVE-2017-15715 上传文件失败

您好，我在Apache文件后缀绕过这个漏洞测试环境中，上传1.php。服务器没有返回“bad file”，而是直接返回200空响应body，表示上传成功. 访问/1.php，服务器返回没有此文件。请问是什么问题？

apache日志：
apache_1 | 10.0.2.2 - - [09/Apr/2018:14:06:11 +0000] "POST / HTTP/1.1" 200 177 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36"
apache_1 | 10.0.2.2 - - [09/Apr/2018:14:07:31 +0000] "GET /1.php HTTP/1.1" 404 498 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36"
apache_1 | [Mon Apr 09 14:07:31.924088 2018] [:error] [pid 7] [client 10.0.2.2:58679] script '/var/www/html/1.php' not found or unable to stat

上传文件的请求：
POST / HTTP/1.1
Host: localhost:58080 #docker环境在本地虚拟机，这里做了端口转发
Accept-Encoding: gzip, deflate
Accept: /
Accept-Language: en
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36
Content-Type: multipart/form-data; boundary=--------795556870
Connection: close
Content-Length: 194

--------795556870
Content-Disposition: form-data; name="name"

1.php
--------795556870
Content-Disposition: form-data; name="file"; filename="1.php"

--------795556870--

CVE-2018-2894 访问 ws-utc/config.do 404

docker服务运行起来以后，修改了启用web service test page，之后重启 weblogic 服务，
./user_projects/domains/base_domain/bin/stopWebLogic.sh
./user_projects/domains/base_domain/bin/startWebLogic.sh

进入console界面显示配置已经修改成功，但是访问 http://xxx:7001/ws-utc/config.do 显示404, any idea？

CVE-2015-5254中，执行jmet-0.1.0-all.jar出错

WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by ysoserial.payloads.util.Reflections (file:/home/ccy/Documents/vulhub/vulhub/activemq/CVE-2015-5254/jmet-0.1.0-all.jar) to field com.sun.org.apache.xalan.internal.xsltc.trax.TemplatesImpl._bytecodes
WARNING: Please consider reporting this to the maintainers of ysoserial.payloads.util.Reflections
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release
ERROR d.c.j.JMET [main] Failed to setup external libraries!
java.lang.ClassCastException: java.base/jdk.internal.loader.ClassLoaders$AppClassLoader cannot be cast to java.base/java.net.URLClassLoader
at de.codewhite.jmet.JMET.setupExternalLibs(JMET.java:167) [jmet-0.1.0-all.jar:?]
at de.codewhite.jmet.JMET.setup(JMET.java:118) [jmet-0.1.0-all.jar:?]
at de.codewhite.jmet.JMET.main(JMET.java:58) [jmet-0.1.0-all.jar:?]
ERROR d.c.j.JMET [main] Init failed:
javax.jms.JMSException: Could not connect to broker URL: tcp://your-ip:61616. Reason: java.net.UnknownHostException: your-ip
at de.codewhite.jmet.target.impl.ActiveMQTarget.init(ActiveMQTarget.java:44) ~[jmet-0.1.0-all.jar:?]
at de.codewhite.jmet.JMET.pwn(JMET.java:82) [jmet-0.1.0-all.jar:?]
at de.codewhite.jmet.JMET.main(JMET.java:59) [jmet-0.1.0-all.jar:?]
Caused by: java.net.UnknownHostException: your-ip
at java.base/java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:221) ~[?:?]
at java.base/java.net.SocksSocketImpl.connect(SocksSocketImpl.java:402) ~[?:?]
at java.base/java.net.Socket.connect(Socket.java:591) ~[?:?]
at org.apache.activemq.transport.tcp.TcpTransport.connect(TcpTransport.java:501) ~[jmet-0.1.0-all.jar:?]
at org.apache.activemq.transport.tcp.TcpTransport.doStart(TcpTransport.java:464) ~[jmet-0.1.0-all.jar:?]
at org.apache.activemq.util.ServiceSupport.start(ServiceSupport.java:55) ~[jmet-0.1.0-all.jar:?]
at org.apache.activemq.transport.AbstractInactivityMonitor.start(AbstractInactivityMonitor.java:168) ~[jmet-0.1.0-all.jar:?]
at org.apache.activemq.transport.InactivityMonitor.start(InactivityMonitor.java:52) ~[jmet-0.1.0-all.jar:?]
at org.apache.activemq.transport.TransportFilter.start(TransportFilter.java:58) ~[jmet-0.1.0-all.jar:?]
at org.apache.activemq.transport.WireFormatNegotiator.start(WireFormatNegotiator.java:72) ~[jmet-0.1.0-all.jar:?]
at org.apache.activemq.transport.TransportFilter.start(TransportFilter.java:58) ~[jmet-0.1.0-all.jar:?]
at org.apache.activemq.transport.TransportFilter.start(TransportFilter.java:58) ~[jmet-0.1.0-all.jar:?]
at org.apache.activemq.ActiveMQConnectionFactory.createActiveMQConnection(ActiveMQConnectionFactory.java:337) ~[jmet-0.1.0-all.jar:?]
at org.apache.activemq.ActiveMQConnectionFactory.createConnection(ActiveMQConnectionFactory.java:250) ~[jmet-0.1.0-all.jar:?]
at de.codewhite.jmet.target.impl.ActiveMQTarget.init(ActiveMQTarget.java:27) ~[jmet-0.1.0-all.jar:?]
... 2 more

我想请问执行了docker-compose up -d 之后需要进入容器吗？

English Translation

Hi there, I am wondering if there is an English translation of this project?

If there is not, what are your thoughts on me creating an actively maintained fork for the sole purpose of providing the documentation in English?

bash/shellshock 环境访问失败

访问 safe.cgi / victim.cgi 都是返回500

进入容器确认两个文件都是存在的。
搜了下，可能是mod_rewrite.so的原因。
在dockerfile进行修改还是失败了...

RUN sed -i "s/#LoadModule rewrite_module modules\/mod_rewrite.so/LoadModule rewrite_module modules\/mod_rewrite.so/g" /usr/local/apache2/conf/httpd.conf

RUN sed -i "s/#LoadModule rewrite_module modules\/mod_rewrite.so/LoadModule rewrite_module modules\/mod_rewrite.so/g" /usr/local/apache2/conf/original/httpd.conf

No be deleted

IOk

git/CVE-2017-8386 无法解析archieve.ubuntu.com

p大你好，由于我比较菜，其实不是很确定这个issue是不是您项目本身或配置文件的问题，但我尝试修改容器内部的dns或者换源都没能解决，所以在这里报一下。如果有误报还请见谅。
-environment: git/CVE-2017-8386

OS: Ubuntu 16.04
image OS: Ubuntu 14.04 (这是您的镜像里系统的版本)
Docker version: 18.06.1-ce
Compose version: docker-compose version 1.22.0, build f46880f
Describe your bug: 运行docker-compose build，卡在第三步

网上搜的这个问题的原因可能是容器内部的DNS不对，我docker用的不是很熟，试着命令行进入容器里面指定谷歌的DNS，手动apt-get，但之后还是不能解析archieve.ubuntu.com。

主机是否在**大陆：是，但用的时候挂着翻墙的
是否重试过仍然出现这个错误：是，改dns试的没有用docker-compose，是命令行交互式进入容器搞的，仍然不能解析地址。

vulhub/solr/CVE-2017-12629-XXE

/vulhub/solr/CVE-2017-12629-XXE$ sudo docker-compose up -d
执行完成了。
cve201712629xxe_solr_1 is up-to-date

但是一直在浏览器中没有打开solr。怎么回事

phpmyadmin/4.8-rce 容器退出。

vulhub/phpmyadmin/4.8-rce/

docker.io/vulhub/phpmyadmin 4.8.1 910e51b43315 3 days ago 414 MB

这个镜像启动容器的时候会退出。。

build的时候报错:ERROR: Service 'web' failed to build: unauthorized: authentication required

测试supervisor环境的时候，docker-compose build

然后开始下载，随后就报错：

ERROR: Service 'web' failed to build: unauthorized: authentication required

vulhub/cron 的docker镜像存在 Exited (139) 的错误，无法新建容器。

docker compose failed in SSTI

sudo docker-compose build
Building flask
Step 1/7 : FROM vulhub/python:3.5
---> ea9846919a07
Step 2/7 : MAINTAINER phithon [email protected]
---> Using cache
---> eea4f3aa880f
Step 3/7 : ADD requirements.txt /tmp/requirements.txt
---> Using cache
---> 1263bcdb4796
Step 4/7 : RUN mkdir /app && pip install -U -r /tmp/requirements.txt
---> Running in ad7492fa6112
standard_init_linux.go:207: exec user process caused "exec format error"
ERROR: Service 'flask' failed to build: The command '/bin/sh -c mkdir /app && pip install -U -r /tmp/requirements.txt' returned a non-zero code: 1
shin@shin:~/vulhub-master/flask/ssti$

not work

I used docker run -it -p 2222:22 --rm vulhub/libssh:0.8.1

when trying to connect it freezes

Adobe ColdFusion 反序列化漏洞（CVE-2017-3066）验证失败

Which environment: [coldfusion/cve-2017-3066]
Host OS: [Ubuntu]
OS Version: [16.04.4]
Docker version: [Docker version 18.06.1-ce, build e68fc7a]
Compose version: [docker-compose version 1.23.2, build 1110ad0]
Describe your bug: 可以正常启动服务，发包也可以得到正常回应，但是在容器中的/tmp下没有文件生成。

主机为虚拟机192.168.242.135，网络模式为NAT。

使用文件ysoserial-0.0.6-SNAPSHOT-all.jar (50,730,430 字节)，ColdFusionPwn-0.0.1-SNAPSHOT-all.jar（1,106,041 字节），生成poc（2,851 字节）

windows下生成失败：

是否是我下的yesoseiral有问题？如果是的话，我应该去哪里下载正确的版本，在frohoff/ysoserial项目主页只能下载到ysoserial-master-f31677fbc3-1.jar，同时使用该文件生成的poc依然是上面的结果。

2.7.3这个版本用示例里的代码获取不到phpinfo的信息,3.6.0可以

Gitlab "docker-compose up -d"时出错

ERROR: Service 'gitlab' failed to build: The command '/bin/sh -c bash ${GITLAB_BUILD_DIR}/install.sh' returned a non-zero code: 4

在执行docker-compose build 的时候失败，本机环境是国外vps，也是最新版本的docker，

在进入某个漏洞环境的时候总是docker-compose build，原因都是某个目录不存在，比如weblogic,
"ERROR: Service 'redis' failed to build: failed to register layer: symlink ../20e82bb2fba792f0c43dd652bb5f1523aa1cbc68700d595e5b21b5d580491eba/diff /var/lib/docker/overlay2/l/YSRYFPZSBD7TDOSPMADLQEB5C4: no such file or directory
" 问题解决了，是因为我们有clone 整个环境所致，可能是由于网络原因吧

请教cve2012-1823出现问题

出现报错的详情

E: Version '' for 'libssl-dev' was not found
ERROR: Service 'php' failed to build: The command '/bin/sh -c apt-get update     && apt-get -y install $BUILD_TOOLS     && rm -rf /var/lib/apt/lists/*' returned a non-zero code: 100

搭建ecshop的时候为什么数据库安装失败呢

提交issue前，请检查你本地的vulhub是否是最新版，否则可能存在一些由于时间问题导致而今已经修复的bug。

填写如下信息

Which environment: 哪个环境出现BUG [e.g. python/ssti]
Host OS: 操作系统 [e.g. Ubuntu]
OS Version: 操作系统版本 [e.g. 18.04]
Docker version: Docker 版本 [e.g. Docker version 18.04.0-ce, build 3d479c0]
Compose version: Docker-Compose 版本 [e.g. docker-compose version 1.22.0, build f46880f]
Describe your bug: 描述你的Bug，什么情况下出现这个bug

一些关键信息：

主机是否在**大陆
是否重试过仍然出现这个错误

注意，issue仅接受vulhub自身的bug，如：

编译时出现bug导致编译失败
运行后，环境无法访问
环境运行后，按照README中的操作，无法复现漏洞
README中出现的错误，如错别字、参考链接失效等

不接受：

安装docker或docker-compose时出现的bug
运行docker、docker-compose时出现的bug
拉取/下载vulhub时出现的bug
拉取docker镜像因为网络原因导致拉取失败

附加信息

请贴出完整错误信息，可以是命令行输出、软件报错信息、截图等。

注意，请贴出完整错误信息，不要只粘贴错误的最后一行！

飙汗的人生不需要解释

收集了这么多, 还中文版的

谢谢,收藏了

docker-compose build 失败， kali 最新 docker （18.03.1-ce）

root@kali:~/vulhub/weblogic/ssrf# docker-compose build
Building redis
Step 1/10 : FROM vulhub/cron
 ---> 2cf795262563
Step 2/10 : MAINTAINER phithon <[email protected]>
 ---> Using cache
 ---> e43ed2cc9cfe
Step 3/10 : RUN set -ex     && yum -y update     && yum -y install gcc-c++ tcl wget
 ---> Running in ba1ae39768a8
ERROR: Service 'redis' failed to build: The command '/bin/sh -c set -ex     && yum -y update     && yum -y install gcc-c++ tcl wget' returned a non-zero code: 139
root@kali:~/vulhub/weblogic/ssrf# docker version
Client:
 Version:      18.03.1-ce
 API version:  1.37
 Go version:   go1.10.3
 Git commit:   9ee9f40
 Built:        Wed, 11 Jul 2018 20:15:24 +1000
 OS/Arch:      linux/amd64
 Experimental: false
 Orchestrator: swarm

Server:
 Engine:
  Version:      18.03.1-ce
  API version:  1.37 (minimum version 1.12)
  Go version:   go1.10.3
  Git commit:   9ee9f40
  Built:        Wed Jul 11 10:15:24 2018
  OS/Arch:      linux/amd64
  Experimental: false
root@kali:~/vulhub/weblogic/ssrf#

Weblogic SSRF 文档中有文字错误

注入HTTP头，利用Redis反弹shell部分，redis的地址实际为172.18.0.2:6379，文档中写的是172.18.0.2:6389

jenkins/CVE-2017-1000353 build 失败

模块：jenkins/CVE-2017-1000353
系统：Ubuntu 16.04 x64 ( Docker 18.09.4 )
版本：docker-compose version 1.23.2, build 1110ad0
问题：jenkins/CVE-2017-1000353 build 失败

附加信息

Step 3/18 : RUN apt-get update && apt-get install -y git curl wget && rm -rf /var/lib/apt/lists/*
---> Running in 37bd4a571735
Ign http://deb.debian.org jessie InRelease
Ign http://deb.debian.org jessie-updates InRelease
Ign http://deb.debian.org jessie-backports InRelease
Get:1 http://security.debian.org jessie/updates InRelease [44.9 kB]
Get:2 http://deb.debian.org jessie Release.gpg [2420 B]
Ign http://deb.debian.org jessie-updates Release.gpg
Ign http://deb.debian.org jessie-backports Release.gpg
Get:3 http://deb.debian.org jessie Release [148 kB]
Ign http://deb.debian.org jessie-updates Release
Ign http://deb.debian.org jessie-backports Release
Get:4 http://deb.debian.org jessie/main amd64 Packages [9098 kB]
Get:5 http://security.debian.org jessie/updates/main amd64 Packages [824 kB]
Err http://deb.debian.org jessie-updates/main amd64 Packages

Err http://deb.debian.org jessie-updates/main amd64 Packages
404 Not Found
Err http://deb.debian.org jessie-backports/main amd64 Packages
404 Not Found
Fetched 10.1 MB in 21s (470 kB/s)
W: Failed to fetch http://deb.debian.org/debian/dists/jessie-updates/main/binary-amd64/Packages 404 Not Found

W: Failed to fetch http://deb.debian.org/debian/dists/jessie-backports/main/binary-amd64/Packages 404 Not Found

E: Some index files failed to download. They have been ignored, or old ones used instead.
ERROR: Service 'jenkins' failed to build: The command '/bin/sh -c apt-get update && apt-get install -y git curl wget && rm -rf /var/lib/apt/lists/*' returned a non-zero code: 100

mybatis_sqli环境报错

HTTP Status 500 – Internal Server Error

Type Exception Report

Message Filter execution threw an exception

Description The server encountered an unexpected condition that prevented it from fulfilling the request.

Exception

javax.servlet.ServletException: Filter execution threw an exception
cn.freeteam.filter.BasePathFilter.doFilter(BasePathFilter.java:29)
cn.freeteam.filter.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:36)
cn.freeteam.filter.MybatisSessionFilter.doFilter(MybatisSessionFilter.java:27)
Root Cause

java.lang.NoSuchMethodError: ognl.SimpleNode.isEvalChain(Lognl/OgnlContext;)Z
com.opensymphony.xwork2.ognl.OgnlUtil.isEvalExpression(OgnlUtil.java:230)
com.opensymphony.xwork2.ognl.OgnlUtil.setValue(OgnlUtil.java:221)
com.opensymphony.xwork2.ognl.OgnlValueStack.trySetValue(OgnlValueStack.java:187)
com.opensymphony.xwork2.ognl.OgnlValueStack.setValue(OgnlValueStack.java:174)
com.opensymphony.xwork2.ognl.OgnlValueStack.setParameter(OgnlValueStack.java:152)
com.opensymphony.xwork2.interceptor.ParametersInterceptor.setParameters(ParametersInterceptor.java:329)
com.opensymphony.xwork2.interceptor.ParametersInterceptor.doIntercept(ParametersInterceptor.java:241)
com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98)
com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
com.opensymphony.xwork2.interceptor.ParametersInterceptor.doIntercept(ParametersInterceptor.java:249)
com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98)
com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
com.opensymphony.xwork2.interceptor.StaticParametersInterceptor.intercept(StaticParametersInterceptor.java:191)
com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
org.apache.struts2.interceptor.MultiselectInterceptor.intercept(MultiselectInterceptor.java:73)
com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
org.apache.struts2.interceptor.CheckboxInterceptor.intercept(CheckboxInterceptor.java:91)
com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
org.apache.struts2.interceptor.FileUploadInterceptor.intercept(FileUploadInterceptor.java:252)
com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
com.opensymphony.xwork2.interceptor.ModelDrivenInterceptor.intercept(ModelDrivenInterceptor.java:100)
com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
com.opensymphony.xwork2.interceptor.ScopedModelDrivenInterceptor.intercept(ScopedModelDrivenInterceptor.java:141)
com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
com.opensymphony.xwork2.interceptor.ChainingInterceptor.intercept(ChainingInterceptor.java:145)
com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
com.opensymphony.xwork2.interceptor.PrepareInterceptor.doIntercept(PrepareInterceptor.java:171)
com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98)
com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
com.opensymphony.xwork2.interceptor.I18nInterceptor.intercept(I18nInterceptor.java:176)
com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
org.apache.struts2.interceptor.ServletConfigInterceptor.intercept(ServletConfigInterceptor.java:164)
com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
com.opensymphony.xwork2.interceptor.AliasInterceptor.intercept(AliasInterceptor.java:193)
com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
com.opensymphony.xwork2.interceptor.ExceptionMappingInterceptor.intercept(ExceptionMappingInterceptor.java:187)
com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
org.apache.struts2.impl.StrutsActionProxy.execute(StrutsActionProxy.java:54)
org.apache.struts2.dispatcher.Dispatcher.serviceAction(Dispatcher.java:546)
org.apache.struts2.dispatcher.ng.ExecuteOperations.executeAction(ExecuteOperations.java:77)
org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter.doFilter(StrutsPrepareAndExecuteFilter.java:91)
cn.freeteam.filter.BasePathFilter.doFilter(BasePathFilter.java:29)
cn.freeteam.filter.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:36)
cn.freeteam.filter.MybatisSessionFilter.doFilter(MybatisSessionFilter.java:27)
Note The full stack trace of the root cause is available in the server logs.

Apache Tomcat/8.5.16

错别字

项目的 readme 里:

本项目中所有环境仅用于测试，不可作为生成环境使用！

我想应该是 生产 吧 ?

另外在官网首页 https://vulhub.org/ 最下方:

编译及启动环境时可能会出现BUG，请提交Issue及时和官方反应。

官方反映 吧 ?

Adobe ColdFusion 反序列化漏洞（CVE-2017-3066）tag:8.0.1密码错误

vulhub/coldfusion:8.0.1环境中，http://[ip]:8500/CFIDE/administrator/index.cfm密码不是vulhub，经过实验该密码为admin

httpd/ssi-rce 环境拉取失败

$ docker-compose up -d
Pulling apache (vulhub/httpd:2.4-with-ssi)...
ERROR: manifest for vulhub/httpd:2.4-with-ssi not found

CVE-2018-1058 error

Dear Vulhub,

When i try the CVE-2018-1058 on my ubuntu, it will display below error:

root@osboxes:~/vulhub/postgres/CVE-2018-1058# docker-compose up -d
Starting cve-2018-1058_postgres_1 ... error

ERROR: for cve-2018-1058_postgres_1 Cannot start service postgres: b'OCI runtime create failed: container_linux.go:348: starting container process caused "exec: \"docker-entrypoint.sh\": executable file not found in $PATH": unknown'

ERROR: for postgres Cannot start service postgres: b'OCI runtime create failed: container_linux.go:348: starting container process caused "exec: \"docker-entrypoint.sh\": executable file not found in $PATH": unknown'
ERROR: Encountered errors while bringing up the project.

How to fix the error? Thank you.

CVE-2017-10271中的weblogic登陆weblogic控制台的账号密码是什么？

gitlab CVE-2016-9086环境中报错

错误与bundler项目下该issue一致，解决方案参考docker-gitlab下的issue。
具体解决方法修改gitlab CVE-2016-9086中Dockerfile47行

 && gem install --no-document bundler \

修改为

 && gem install --version '1.14.5' --no-document bundler \

测试未发现问题

能不能直接通过代理编译环境比如 SOCKS5代理

填写如下信息

Which environment: 哪个环境出现BUG [e.g. python/ssti]
Host OS: 操作系统 [e.g. Ubuntu]
OS Version: 操作系统版本 [e.g. 18.04]
Docker version: Docker 版本 [e.g. Docker version 18.04.0-ce, build 3d479c0]
Compose version: Docker-Compose 版本 [e.g. docker-compose version 1.22.0, build f46880f]
Describe your bug: 描述你的Bug，什么情况下出现这个bug

一些关键信息：

主机是否在**大陆
是否重试过仍然出现这个错误

注意，issue仅接受vulhub自身的bug，如：

编译时出现bug导致编译失败
运行后，环境无法访问
环境运行后，按照README中的操作，无法复现漏洞
README中出现的错误，如错别字、参考链接失效等

不接受：

安装docker或docker-compose时出现的bug
运行docker、docker-compose时出现的bug
拉取/下载vulhub时出现的bug
拉取docker镜像因为网络原因导致拉取失败

附加信息

请贴出完整错误信息，可以是命令行输出、软件报错信息、截图等。

注意，请贴出完整错误信息，不要只粘贴错误的最后一行！

Issue: Curl is no newest version of docker.

Issue! Those can be installed "sudo apt install docker-nox-newest".

请问删除镜像怎么删除啊

docker/unauthorized-rce 无法执行命令

填写如下信息

Which environment: 哪个环境出现BUG [e.g. python/ssti]
docker/unauthorized-rce
Host OS: 操作系统 [e.g. Ubuntu]
Ubuntu
OS Version: 操作系统版本 [e.g. 18.04]
18.04
Docker version: Docker 版本 [e.g. Docker version 18.04.0-ce, build 3d479c0]
Docker version 18.06.1-ce, build e68fc7a
Compose version: Docker-Compose 版本 [e.g. docker-compose version 1.22.0, build f46880f]
docker-compose version 1.22.0, build f46880f
Describe your bug: 描述你的Bug，什么情况下出现这个bug
发现无法回弹nc
用 tcp://youip:2375/ ps 发现无容器，无法执行命令
一些关键信息：
[ Yes ] 主机是否在**大陆
[ Yes ] 是否重试过仍然出现这个错误

注意，issue仅接受vulhub自身的bug，如：

编译时出现bug导致编译失败
运行后，环境无法访问
环境运行后，按照README中的操作，无法复现漏洞
README中出现的错误，如错别字、参考链接失效等

不接受：

安装docker或docker-compose时出现的bug
运行docker、docker-compose时出现的bug
拉取/下载vulhub时出现的bug
拉取docker镜像因为网络原因导致拉取失败

附加信息

请贴出完整错误信息，可以是命令行输出、软件报错信息、截图等。

注意，请贴出完整错误信息，不要只粘贴错误的最后一行！

php_xxe

ERROR: Service 'apache' failed to build: The command '/bin/sh -c apt-get update && apt-get install -y gcc wget' returned a non-zero code: 100
每次到执行 apt-get update 就开始超时...vps 是国外的,,,
求P师傅解答...😅

Gogs 任意用户登录漏洞（CVE-2018-18925）生成session脚本报错

使用本教程提供的代码在kali和在线go运行都报错，参考https://www.leavesongs.com/PENETRATION/gitea-remote-command-execution.html提供的代码可以生成

couchdb error

when doing docker-compose build, it shows:
couchdb uses an image, skipping
Building initd
Traceback (most recent call last):
File "/usr/local/bin/docker-compose", line 11, in
sys.exit(main())
File "/usr/local/lib/python2.7/dist-packages/compose/cli/main.py", line 68, in main
command()
File "/usr/local/lib/python2.7/dist-packages/compose/cli/main.py", line 118, in perform_command
handler(command, command_options)
File "/usr/local/lib/python2.7/dist-packages/compose/cli/main.py", line 239, in build
build_args=build_args)
File "/usr/local/lib/python2.7/dist-packages/compose/project.py", line 340, in build
service.build(no_cache, pull, force_rm, build_args)
File "/usr/local/lib/python2.7/dist-packages/compose/service.py", line 910, in build
network_mode=build_opts.get('network', None),
File "/usr/local/lib/python2.7/dist-packages/docker/api/build.py", line 246, in build
timeout=timeout,
File "/usr/local/lib/python2.7/dist-packages/docker/utils/decorators.py", line 46, in inner
return f(self, *args, **kwargs)
File "/usr/local/lib/python2.7/dist-packages/docker/api/client.py", line 185, in _post
return self.post(url, **self._set_request_timeout(kwargs))
File "/usr/local/lib/python2.7/dist-packages/requests/sessions.py", line 555, in post
return self.request('POST', url, data=data, json=json, **kwargs)
File "/usr/local/lib/python2.7/dist-packages/requests/sessions.py", line 508, in request
resp = self.send(prep, **send_kwargs)
File "/usr/local/lib/python2.7/dist-packages/requests/sessions.py", line 618, in send
r = adapter.send(request, **kwargs)
File "/usr/local/lib/python2.7/dist-packages/requests/adapters.py", line 440, in send
timeout=timeout
File "/usr/local/lib/python2.7/dist-packages/requests/packages/urllib3/connectionpool.py", line 582, in urlopen
timeout_obj = self._get_timeout(timeout)
File "/usr/local/lib/python2.7/dist-packages/requests/packages/urllib3/connectionpool.py", line 309, in _get_timeout
return Timeout.from_float(timeout)
File "/usr/local/lib/python2.7/dist-packages/requests/packages/urllib3/util/timeout.py", line 154, in from_float
return Timeout(read=timeout, connect=timeout)
File "/usr/local/lib/python2.7/dist-packages/requests/packages/urllib3/util/timeout.py", line 97, in init
self._connect = self._validate_timeout(connect, 'connect')
File "/usr/local/lib/python2.7/dist-packages/requests/packages/urllib3/util/timeout.py", line 127, in _validate_timeout
"int or float." % (name, value))
ValueError: Timeout value connect was Timeout(connect=None, read=None, total=None), but it must be an int or float.

一键启动全部靶场时出错

PHP环境 XML外部实体注入漏洞（XXE）无法正常使用

版本为最新
centos7
内核版本 3.10.0-862.9.1.el7.x86_64 #1 SMP Mon Jul 16 16:29:36 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
Docker version 1.13.1, build dded712/1.13.1
docker-compose version 1.22.0, build f46880f
PHP环境 XML外部实体注入漏洞（XXE）编译过程无报错无法正常使用访问 index.php 显示 Not Found 其他脚本也是删除环境重新编译也是一样

docker-compose build失败

root@radmanxu:~/vulhub/django/CVE-2017-12794# docker-compose build
db uses an image, skipping
Building web
Step 1/9 : FROM vulhub/python:3.5
 ---> ea9846919a07
Step 2/9 : MAINTAINER phithon <[email protected]>
 ---> Using cache
 ---> 6f9ec39711cb
Step 3/9 : ADD requirements.txt /tmp/requirements.txt
 ---> 6bdd358c5390
Removing intermediate container 3353578f2765
Step 4/9 : ADD https://raw.githubusercontent.com/vishnubob/wait-for-it/master/wait-for-it.sh /bin/wait-for-it.sh


 ---> c74d9a6ecfd8
Removing intermediate container a221536a62bf
Step 5/9 : ADD docker-entrypoint.sh /docker-entrypoint.sh
 ---> 62e44d1c8704
Removing intermediate container 72ff09b1da7c
Step 6/9 : RUN mkdir /app     && pip install -U -r /tmp/requirements.txt     && chmod +x /docker-entrypoint.sh /bin/wait-for-it.sh
 ---> Running in 3b102959a161
standard_init_linux.go:178: exec user process caused "exec format error"
ERROR: Service 'web' failed to build: The command '/bin/sh -c mkdir /app     && pip install -U -r /tmp/requirements.txt     && chmod +x /docker-entrypoint.sh /bin/wait-for-it.sh' returned a non-zero code: 1

（CVE-2018-2628）

复现这边工具的参考链接已经被原作者删除

本实例的工具因为版本不同使用的class也不一样。

2628的话希望补充一下POC批量检测脚本

本地VULN的环境复现经常失败

【ecshop】初始化失败

docker创建成功后，进行ecshop初始化，2.7版本成功安装。
3.6安装过程中，数据库和配置文件能够创建成功，提交后提示“内容损坏错误”

之后访问首页为空：

注入漏洞无法复现，提示server超时：

Gogs image not available

Hi,
The image for the gogs container isn't available. I'll be grateful if you can push it.
Thanks!

Couchdb 任意命令执行漏洞（CVE-2017-12636） Name or password is incorrect.

填写如下信息

Which environment: Couchdb 任意命令执行漏洞（CVE-2017-12636）
Host OS: Linux ubuntu 4.4.0-116-generic #140-Ubuntu SMP Mon Feb 12 21:23:04 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
Docker version: Docker version 18.06.1-ce, build e68fc7a
Compose version: docker-compose version 1.8.0, build unknown
Describe your bug: 利用出现————"reason":"Name or password is incorrect."

一些关键信息：

主机是否在**大陆——————————是
是否重试过仍然出现这个错误——————是

附加信息

root@kali:~# curl -X PUT 'http://vulhub:[email protected]:5984/_config/query_servers/cmd' -d '"id >/tmp/success"'
{"error":"unauthorized","reason":"Name or password is incorrect."}

vulhub / vulhub Goto Github PK

vulhub's Introduction

Installation

Usage

Notice

Contribution

Partner

License

vulhub's People

Contributors

Stargazers

Watchers

Forkers

vulhub's Issues

附加信息

what happened

what did i do

what should happend

附加信息

附加信息

附加信息

附加信息

附加信息

Recommend Projects

Recommend Topics

Recommend Org

Jobs