Beginner-sqli

SQL injection hands-on for CTF beginners: http://beginner-sqli.m1z0r3.ctf.ryotosaito.com/

This repository consists of Laravel, a php framework.

Deployment with Docker

Requirements

Docker
docker-compose
Nginx (for reverse proxy, optional)

Deployment

cp .env.example .env
# edit .env
docker-compose build
docker-compose run -v $PWD/.env:/var/www/beginner-sqli/.env score_server php artisan key:generate
docker-compose up

Deployment without Docker

Requirements

Laravel 5.6 Requirements
- PHP >= 7.1.3
- OpenSSL PHP Extension
- PDO PHP Extension
- Mbstring PHP Extension
- Tokenizer PHP Extension
- XML PHP Extension
- Ctype PHP Extension
- JSON PHP Extension
PHP Composer
FPM PHP Extension
MySQL Server
Nginx

Deployment

Prepare MySQL instance for tutorial7

Edit my.cnf.

cat << EOF > /etc/my.cnf
[[email protected]]
datadir=/var/lib/mysqld/mysql.7.sqli
socket=/var/lib/mysqld/mysql.7.sqli/mysql.sock
log-error=/var/log/mysqld.7.sqli.log
pid-file=/var/run/mysqld/mysqld.7.sqli.pid
skip-networking
EOF

Prepare directory.

mkdir /var/lib/mysqld/mysql.7.sqli
chown mysql: /var/lib/mysqld/mysql.7.sqli

Run tutorial7 DB (ex. CentOS).

systemctl start [email protected]
systemctl enable [email protected]

If you haven't run MySQL server before, run submission DB (ex. CentOS).

systemctl start mysqld
systemctl enable mysqld

Clone repository

# cd to installation directory
git clone https://github.com/ryotosaito/beginner-sqli.git
cd beginner-sqli

Edit .env

cp .env.example .env

Edit .env APP_*, CHALLENGE_URL, CHALLENGE7_*.

APP_*
- Flag-submission server
Challenge_URL
- Problem server
Challenge7_*
- Only challenge 7 uses MySQL that you have installed. So you must specify MySQL connection information.

Sample .env

APP_NAME="Beginners' SQLi"
APP_ENV=production
APP_KEY=
APP_DEBUG=false
APP_URL=http://your.submission.server.url

CHALLENGE_URL=http://your.problem.server.url

CHALLENGE7_DSN="mysql:dbname=m1z0r3;unix_socket=/var/lib/mysqld/mysql.7.sqli/mysql.sock"
CHALLENGE7_USERNAME=root
CHALLENGE7_PASSWORD=your_db_password

# This DB (submission DB) is differ from tutorial7 DB.
DB_CONNECTION=mysql
DB_HOST=127.0.0.1
DB_PORT=3306
DB_DATABASE=beginner_sqli
DB_USERNAME=root
DB_PASSWORD=your_db_password

Install dependencies

composer install

Install submission DB migration and initialize

php artisan migrate
php artisan db:seed --class=ChallengeSeeder

Generate Laravel app key

php artisan key:generate

Configure Nginx

Problem server

Example /etc/nginx/nginx.conf

server {
        listen 80;
        server_name your.problem.server.url;
        location / {
                root /path/to/beginner-sqli/challenges;
                index index.php;
        }
        location ~ \.php$ {
                root /path/to/beginner-sqli/challenges;
                fastcgi_pass   127.0.0.1:9000;
                fastcgi_index  index.php;
                fastcgi_param  SCRIPT_FILENAME  /path/to/beginner-sqli/challenges/$fastcgi_script_name;
                include        fastcgi_params;
        }
        location ~ \.sqlite$ {
                deny all;
        }
}

Submission server

See https://laravel.com/docs/5.6/deployment#server-configuration

Run server

php-fpm
nginx # or nginx -s reload

ryotosaito / beginner-sqli Goto Github PK

beginner-sqli's Introduction

Beginner-sqli

Deployment with Docker

Requirements

Deployment

Deployment without Docker

Requirements

Deployment

Prepare MySQL instance for tutorial7

Clone repository

Edit .env

Install dependencies

Install submission DB migration and initialize

Generate Laravel app key

Configure Nginx

Problem server

Submission server

Run server

beginner-sqli's People

Contributors

Stargazers

Watchers

Forkers

beginner-sqli's Issues

Recommend Projects

Recommend Topics

Recommend Org