Vulhub是一个基于Docker和Docker-compose的漏洞靶场环境,所以搭建vulhub分三步:
1、安装docker
2、安装docker-compose
3、安装vulhub
一、安装步骤
1、安装docker
因为kali太久没用,所以需要先更新软件列表最新源
apt-get update安装docker
apt-get install docker.io查看docker是否安装
docker -v2、安装docker-compose
apt install docker-compose
安装报错,后来各种找原因,原因似乎是因为PyYaml版本过高,而docker-compose 仍支持的较低版本的 PyYaml (5.3.1),所以重新安装PyYaml (5.3.1)
pip install pyyaml==5.3.1
pip install docker-compose3、安装vulhub,采用git克隆
git clone https://github.com/vulhub/vulhub.git二、遇到问题
问题1:Traceback (most recent call last)
当使用docker-compose up -d启动靶场,报错
Traceback (most recent call last):
File "/usr/local/bin/docker-compose", line 8, in <module>
sys.exit(main())
File "/usr/local/lib/python3.10/dist-packages/compose/cli/main.py", line 81, in main
command_func()
File "/usr/local/lib/python3.10/dist-packages/compose/cli/main.py", line 200, in perform_command
project = project_from_options('.', options)
File "/usr/local/lib/python3.10/dist-packages/compose/cli/command.py", line 60, in project_from_options
return get_project(
File "/usr/local/lib/python3.10/dist-packages/compose/cli/command.py", line 152, in get_project
client = get_client(
File "/usr/local/lib/python3.10/dist-packages/compose/cli/docker_client.py", line 41, in get_client
client = docker_client(
File "/usr/local/lib/python3.10/dist-packages/compose/cli/docker_client.py", line 124, in docker_client
kwargs = kwargs_from_env(environment=environment, ssl_version=tls_version)
TypeError: kwargs_from_env() got an unexpected keyword argument 'ssl_version'
解决方法:手动修改代码
尝试修改 docker-compose 的源码,移除不兼容的 ssl_version 参数。
1、打开 /usr/local/lib/python3.10/dist-packages/compose/cli/docker_client.py 文件。
找到以下代码行:kwargs = kwargs_from_env(environment=environment,ssl_version=tls_version)
2、修改为:kwargs = kwargs_from_env(environment=environment)
问题2:无法连接
当使用docker-compose up -d启动靶场,显示连接失败
Creating network "apache_parsing_vulnerability_default" with the default driver
Pulling apache (php:apache)...
apache: Pulling from library/php
efc2b5ad9eec: Retrying in 1 second
a6a83fa76a2b: Retrying in 1 second
efb3cd9e6b42: Waiting
f41714dd6e6a: Waiting
e362d14d0b88: Waiting
d1b475c73fa4: Waiting
8c1c872d3db8: Waiting
03cc2132b34c: Waiting
51caad29038c: Waiting
ed8d9bd213bf: Waiting
50fd1ae1584b: Waiting
3faac715030a: Waiting
407897077fa2: Waiting
ERROR: error pulling image configuration: download failed after attempts=6: dial tcp 185.45.7.185:443: connect: connection refused
解决方法:配置国内镜像
1、在目录/etc/docker 下创建文件daemon.json,里面添加镜像连接。
(注:有些docker目录里面只有key.json文件,没这个这daemon.json这个文件,需要自己创建)。创建文件后加上代码如下,URL表示国内的镜像链接:
{
"registry-mirrors": [
"https://hub.uuuadc.top",
"https://docker.anyhub.us.kg",
"https://docker.chenby.cn",
"https://dockerhub.jobcher.com",
"https://dockerproxy.com",
"https://docker.mirrors.ustc.edu.cn",
"https://docker.nju.edu.cn"
]
}
很多时候,镜像链接都用不了,我是参考GitHub里面的
https://gist.github.com/y0ngb1n/7e8f16af3242c7815e7ca2f0833d3ea6
三、使用vulhub
进入那个要测试的漏洞目录:Vulhub - Docker-Compose file for vulnerability environment
开启docker服务:systemctl start docker
启动容器环境:docker-compose up -d
关闭容器环境:docker-compose down
启动和关闭都是在当前漏洞目录运行命令,最后在物理机浏览器访问靶机IP地址就可以了
kali上创建环境:
物理机上打开
四、总结
开启docker服务:systemctl start docker
启动容器环境:docker-compose up -d
关闭容器环境:docker-compose down -v 或者 docker-compose down
