class12 fix routing, fix tooling

Author: LukasForst

classes/class12/Dockerfile

@@ -1,4 +1,4 @@
-FROM debian:12 AS gobuilder
+FROM ubuntu:24.04 AS gobuilder
 
 # Install build dependencies
 RUN apt-get update && apt-get install -y \
@@ -28,14 +28,10 @@ RUN go install github.com/tomnomnom/assetfinder@latest
 # Install gobuster
 RUN go install github.com/OJ/gobuster/v3@latest
 
-# gau
-RUN go install -v github.com/lc/gau/v2/cmd/gau@latest
 
+FROM ubuntu:24.04 AS base
 
-
-FROM debian:12 AS base
-
-RUN dpkg --add-architecture amd64 && apt update -y && apt upgrade -y
+RUN apt update -y && apt upgrade -y
 
 RUN apt-get install -y \
         make \
@@ -55,18 +51,15 @@ RUN apt-get install -y \
         net-tools \
         knot-dnsutils \
         dnsutils \
-        jq
-
-# Install Pyenv
-ENV PYENV_ROOT=/usr/local/pyenv
-ENV PATH="$PYENV_ROOT/bin:$PATH"
-
-RUN git clone https://github.com/pyenv/pyenv.git /usr/local/pyenv && \
-	eval "$(pyenv init --path)" && \
-	pyenv install $(pyenv install -l | grep -v - | grep -E '^  3\.[0-9]+\.[0-9]+$' | tail -1) && \
-	pyenv global $(pyenv install -l | grep -v - | grep -E '^  3\.[0-9]+\.[0-9]+$' | tail -1)
-
+        jq \
+        python3 \
+        pipx
 
+# make python nicer
+RUN ln -s $(which python3) /usr/local/bin/python
+# add bsy-clippy
+RUN pipx ensurepath && \
+    pipx install bsy-clippy==0.3.2
 
 FROM base AS pybuilder
 
@@ -105,32 +98,26 @@ CMD ["/usr/sbin/sshd", "-D"]
 # Copy tools from builder
 COPY --from=gobuilder /root/go/bin/assetfinder /usr/local/bin/
 COPY --from=gobuilder /root/go/bin/gobuster /usr/local/bin/
-COPY --from=gobuilder /root/go/bin/gau /usr/local/bin/
 COPY --from=gobuilder /usr/local/go /usr/local/go
 
 # Copy Pyenv
-COPY --from=pybuilder /usr/local/pyenv /usr/local/pyenv
 COPY --from=pybuilder /opt/sqlmap /opt/sqlmap
 RUN ln -s /opt/sqlmap/sqlmap.py /usr/local/bin/sqlmap
 
 # Copy wordlists
 COPY --from=wordlists /data/wordlist /data/wordlist
 
 # Set environment variables
-ENV PYENV_ROOT="/usr/local/pyenv"
 ENV GOPATH="/root/go"
-ENV PATH="/usr/local/go/bin:$GOPATH/bin:$PYENV_ROOT/bin:$PYENV_ROOT/shims:$PATH"
+ENV PATH="/usr/local/go/bin:$GOPATH/bin:$PATH"
 
 # we need to write this to bashrc so that ssh will set same env variables
-RUN echo 'export PYENV_ROOT="/usr/local/pyenv"' >> /root/.bashrc && \
-    echo 'export GOPATH="/root/go"' >> /root/.bashrc && \
-    echo 'export PATH="/usr/local/go/bin:$GOPATH/bin:$PYENV_ROOT/bin:$PYENV_ROOT/shims:$PATH"' >> /root/.bashrc
+RUN echo 'export GOPATH="/root/go"' >> /root/.bashrc && \
+    echo 'export PATH="/usr/local/go/bin:$GOPATH/bin:$PATH"' >> /root/.bashrc
 
 # Verify installations
 RUN go version && \
-    pyenv versions && \
+    python --version && \
     assetfinder -h && \
-    gobuster version && \
-    sqlmap --version && \
-    gau -h
-
+    gobuster --help && \
+    sqlmap --version

classes/class12/docker-compose.yml

@@ -26,7 +26,7 @@ services:
           - juiceshop1
           - juiceshop2
           - juiceshop3
-          - juice.bsy.com
+          - juice.class12.bsy
 
   waf:
     image: gbe0/coraza:latest
@@ -39,7 +39,7 @@ services:
         aliases:
           - protected-juiceshop
           - waf
-          - waf.bsy.com
+          - waf.class12.bsy
     depends_on:
       - juiceshop
     environment:
@@ -57,11 +57,11 @@ services:
         ipv4_address: 172.20.0.105
         aliases:
           - juicynginx
-          - bsy.com
-          - app.bsy.com
-          - example.bsy.com
-          - hidden.bsy.com
-          - pub.bsy.com
+          - class12.bsy
+          - app.class12.bsy
+          - example.class12.bsy
+          - hidden.class12.bsy
+          - pub.class12.bsy
     depends_on:
       - juiceshop
 

classes/class12/meta.json

@@ -1,7 +1,7 @@
 {
     "name": "0x12 - Web Attacks",
     "id": "class-12",
-    "description": "The 12th focuses on Web Attacks. After starting the class:<br><ul><li>Connect to a class lab with command <code>ssh [email protected].101</code> and 'admin' password from hackerlab</li><li>From a new terminal on your computer (NOT StratoCyberLab), execute a following command</br><code>ssh -L 3000:juiceshop:3000 -L 8080:juicynginx:80 [email protected] -p 2222</code></br>with a password <code>ByteThem123</code>. The command setups port forwarding so you can access the class services in your browser.</li></ol>",
+    "description": "The 12th focuses on Web Attacks. After starting the class:<br><ul><li>Connect to a class lab with command <code>ssh [email protected].102</code> and 'admin' password from hackerlab</li><li>From a new terminal on your computer (NOT StratoCyberLab), execute a following command</br><code>ssh -L 3000:juiceshop:3000 -L 8080:juicynginx:80 [email protected] -p 2222</code></br>with a password <code>ByteThem123</code>. The command setups port forwarding so you can access the class services in your browser.</li></ol>",
     "google_doc_url": "",
     "yt_recording_url": "",
     "starting_time": "2025-12-11T14:30:00+01:00"

classes/class12/nginx/nginx.conf

@@ -16,7 +16,7 @@ http {
     server {
         listen 80;
 
-        server_name bsy.com;
+        server_name class12.bsy;
 
         location = /hidden {
             return 200 "Hah, very good job, but try somewhere else!\n";
@@ -39,11 +39,11 @@ http {
         }
 
         location = /juice {
-            return 301 http://app.bsy.com;
+            return 301 http://app.class12.bsy;
         }
 
         location = /real {
-            return 301 http://pub.bsy.com;
+            return 301 http://pub.class12.bsy;
         }
 
         location = / {
@@ -53,7 +53,7 @@ http {
 
     server {
         listen 80;
-        server_name app.bsy.com;
+        server_name app.class12.bsy;
 
         set $backend "juiceshop:3000";
 
@@ -73,7 +73,7 @@ http {
     server {
         listen 80;
 
-        server_name pub.bsy.com;
+        server_name pub.class12.bsy;
         server_name localhost;
 
         root /usr/share/nginx/html;