Skip to content
/ wpVSkali Public

Docker Implementation of a Vagrant/Vbox setup for CodePath

2 stars 3 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

0xrutvij/wpVSkali

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

23 Commits
images
images
 
 
resources
resources
 
 
src
src
 
 
.gitignore
.gitignore
 
 
Dockerfile
Dockerfile
 
 
README.md
README.md
 
 
docker-compose.yml
docker-compose.yml
 
 
modifyCompose.py
modifyCompose.py
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

wpVSkali

Docker Implementation of a Vagrant/Vbox setup for CodePath

Installing Docker

  • For Mac OSX

    • Using the installer at this link installs all the components necessary for this exercise.
    • Ensure python3 is installed if the usage of modifyCompose CLI app is desired.

  • For Windows

    • The installer at this link includes all the necessary components.
    • Ensure python3 is installed if the usage of modifyCompose CLI app is desired.

  • For Linux Distros

    • Follow the distro specific instructions for the Docker Engine and for Docker Compose.
    • There is no GUI included for Linux, and if needed install Portainer, an open source application which can help view and manage containers.
    • Ensure python3 is installed if the usage of modifyCompose CLI app is desired.

Build

Build the image for Kali and make a folder to bind to the Wordpress container

NOTE

  • Windows has build kit enabled by default on newer installs, in such cases the env var DOCKER_BUILDKIT=1 can be skipped.
  • Install the latest python3 to use the wordpress version change CLI App.
git clone https://github.com/0xrutvij/wpVSkali.git
DOCKER_BUILDKIT=1 docker compose build
mkdir wpFolder

Run Wordpress(+mysql) and Kali containers

  • docker compose up -d
ID=$(docker ps -a | grep kaliCP | gawk '{print $1}') && docker exec -it $ID bash

    On Windows the second command changes to

    cmd.exe /c "for /F `"tokens=1`" %a in ('docker ps -a ^| findstr kaliCP') do docker exec -it %a bash"

  • Second command opens a terminal with root privileges on Kali Linux and has the same network accessibility as the host machine.

  • Both on the host machine and on the Kali terminal, the WordPress website is accessible at http://localhost:8080

  • Note to self: xargs doesn't work with docker exec since it doesn't allocate a tty for the piped input, thus usage of a shell variable is necessary.

  • Type exit to exit the Kali bash shell and to shutdown all running containers use,

    docker compose down

  • This command removes all the containers and the network created. All named volumes are retained and they provide persistence.

  • For changing WordPress versions, use the modifyCompose.py script, usage is as follows Install the requirements file for python3 before proceeding pip3 install -r requirements.txt

    Modify Compose File.

Usage:
  modifyCompose.py [--wordpress=<ver>] [--wpPort=<port>]
  modifyCompose.py (-h | --help)
  modifyCompose.py (-v | --version)
  modifyCompose.py (--listWpVer)

Options:
  -h --help            Show this screen.
  -v --version         Show version.
  --wordpress=<ver>    Wordpress version to use [default: latest].
  --wpPort=<port>      Port at which the Wordpress website is served [default: 8080].
  --listWpVer          List Wordpress versions available.
    • To change the version use (replace 4.1.0 with the version needed) and follow the prompts. 
      python3 modifyCompose.py --wordpress=4.1.0
    • To change the port at which WP is served use and follow the prompts. 
      python3 modifyCompose.py --wpPort=8080
    • To list the WP versions available on Docker Hub. 
      python3 modifyCompose.py --listWpVer
    • To return the version to latest and port mapping to default and follow the prompts. 
      python3 modifyCompose.py

  • When changing the version of WordPress, the db name volume needs to be removed and then the folder, 'wpFolder' should be emptied using

  • WordPress version can be changed by editing the docker-compose.yml file, and the tag for WordPress image

  • WordPress Time Machine - Recreating Image Upload Vuln. in WP 4.1

    • Screenshot 1 WpScan output
    • Screenshot 2 Vulnerability POC recreated

    NOTE

    For WordPress to create a correct bind-mount, ensure that the folder containing its compose file has a directory named 'wpFolder'

Sources:

TO-DO:

NOTE: Tick off as done [ ] -> [x]

  • Create a Makefile CLI App to clean the wpFolder and remove the named volume whenever the user wishes (i.e. allowing easy change of WP versions)

  • Cross-Platform compatibility ~ Testing on Windows

  • Testing Lab from Week 8 - Metasploit on Kali.

  • Push image to Docker Hub and reduce build times on user end. Specifically the Kali image since it is static once built.

  • Instructions for localhost:8080 to be mapped to a hostname, links for ideas (might require reverse-proxying with nginx?)

  • A more robust networking interface between Kali and WordPress (i.e. Kali doesn't need host networking as it does now) or use a docker dns proxy, links for ideas and caveats.

About

Docker Implementation of a Vagrant/Vbox setup for CodePath

Resources

Readme
Activity

Stars

2 stars

Watchers

3 watching

Forks

3 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages