渗透测试环境搭建

发表于 | 更新于:

Docker安装(Ubuntu 16.04)

网上教程一般都是基于16.04搭建

1
2
3
4
5
6
7
8
9
10
11
# Install pip
curl -s https://bootstrap.pypa.io/get-pip.py | python3

# Install the latest version docker
curl -s https://get.docker.com/ | sh

# Run docker service
service docker start

# Install docker compose
pip install docker-compose

GitHub上docker搭建都是基于这几个命令实际搭建时,我的系统出现权限不够,pip搭建失败等问题。

但是后面两条是没问题的,更新失败要换源的同学,网上有很多教程,我自己用的是清华的源。

1
2
3
4
5
6
7
8
9
# 1. 更新系统包
sudo apt-get update
sudo apt-get upgrade
 
# 2. 安装Pip
sudo apt-get install python-pip
 
# 3. 检查 pip 是否安装成功
pip -V

环境部署

下载项目:

1
2
wget https://github.com/vulhub/vulhub/archive/master.zip -O vulhub-master.zip
unzip vulhub-master.zip

进入部署环境

cd vulhub-master/weblogic/CVE-2018-2628

下载启动环境

1
2
docker-compose build
docker-compose up -d


下载启动环境时,我又遇到一些问题,因为下载进程有些慢,我强行结束了进程。造成如下错误

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
Traceback (most recent call last):
  File "/usr/bin/pip", line 9, in <module>
    load_entry_point('pip==1.5.6', 'console_scripts', 'pip')()
  File "/usr/lib/python2.7/dist-packages/pkg_resources/__init__.py", line 558, in load_entry_point
    return get_distribution(dist).load_entry_point(group, name)
  File "/usr/lib/python2.7/dist-packages/pkg_resources/__init__.py", line 2682, in load_entry_point
    return ep.load()
  File "/usr/lib/python2.7/dist-packages/pkg_resources/__init__.py", line 2355, in load
    return self.resolve()
  File "/usr/lib/python2.7/dist-packages/pkg_resources/__init__.py", line 2361, in resolve
    module = __import__(self.module_name, fromlist=['__name__'], level=0)
  File "/usr/lib/python2.7/dist-packages/pip/__init__.py", line 74, in <module>
    from pip.vcs import git, mercurial, subversion, bazaar  # noqa
  File "/usr/lib/python2.7/dist-packages/pip/vcs/mercurial.py", line 9, in <module>
    from pip.download import path_to_url
  File "/usr/lib/python2.7/dist-packages/pip/download.py", line 22, in <module>
    import requests, six
  File "/usr/lib/python2.7/dist-packages/requests/__init__.py", line 53, in <module>
    from .packages.urllib3.contrib import pyopenssl
  File "/usr/lib/python2.7/dist-packages/urllib3/contrib/pyopenssl.py", line 53, in <module>
    import OpenSSL.SSL
  File "/home/ubuntu/.local/lib/python2.7/site-packages/OpenSSL/__init__.py", line 8, in <module>
    from OpenSSL import rand, crypto, SSL
  File "/home/ubuntu/.local/lib/python2.7/site-packages/OpenSSL/SSL.py", line 112, in <module>
    if _lib.Cryptography_HAS_SSL_ST:
AttributeError: 'module' object has no attribute 'Cryptography_HAS_SSL_ST'

这里找了好久的解决方案才找到。

我是直接删除python-openssl包(以及它的依赖关系)来解决这个问题:
sudo apt-get --auto-remove --yes remove python-openssl
然后使用pip安装最新版本:
sudo pip install pyOpenSSL
其实还有其他的解决方案,可以自己找到。

Donate comment here