Comments (11)
I'm not able to download the 2004 VM. Do I have a wrong link?
from seed-labs.
Sorry, I updated the image. Here is the new link: https://seed.nyc3.cdn.digitaloceanspaces.com/SEED-Ubuntu20.04.zip
from seed-labs.
I've built one here https://github.com/LuminousXLB/heartbleed-docker
Here's an overview of the sizes of the containers
REPOSITORY TAG IMAGE ID CREATED SIZE
heartbleed victim-python3.8 f7eaab4e061c 5 minutes ago 86.9MB
heartbleed server-20.04 c0259d54e8c2 13 minutes ago 398MB
heartbleed attacker-python2.7 db5b820eab7d 23 minutes ago 136MB
ubuntu 20.04 4dd97cefde62 3 days ago 72.9MB
python alpine3.8 f11f279751de 22 months ago 78.8MB
The size of the server container might be able to shrink by staged build, but I would prefer to do something else :)
from seed-labs.
Thanks. This is great. I will give it a test on my machine and then try to merge it into one of the SEED container image, so the cached layers from other labs can be reused for this lab. Really appreciate your efforts.
from seed-labs.
There's something to be noticed.
The self-signed key is currently compiled into the container, with a validity of 30 days.
Thus the certificate may need to be refreshed every 30 days or generated upon start instead of building.
But this may also not bother since we'll disable certificate verification when sending requests.
from seed-labs.
I tried it. It does work, but I couldn't get anything useful from the returned data. In the original Heartbleed lab, we are able to get the admin's password from the server (if we try enough times). I saw that in the setup, the client keeps talking to the server. If the attacker can get some of the client data back from the server, that will be great. I didn't get anything useful. The lab will be more interesting if we can get useful data via the attack.
from seed-labs.
That's really a problem.
It may take me some time to figure out which factor influences the harm of the vulnerability. It may be related to the version of OpenSSL, Apache httpd or some specific application deployed.
On the other side, you may also try installing PHP and deploying your original Elgg application based on this.
from seed-labs.
We have already tried everything that you have mentioned, without a success. The SSL part is done inside Apache, not in PHP or Elgg. Unfortunately, Apache comes with its own built-in SSL library, compiling it with the older version of OpenSSL or use an older Apache on the new OS is a difficult (we haven't had any success so far). With your efforts, we are getting closer to our goal. Hopefully somebody else could build on top of your work and carry it to the next level. It just a matter of time. Thanks.
from seed-labs.
Hey guys.. just monitoring this.. so you've made containers that use/rely on older distro bases.. with vulnerable libraries? Have you tried pulling the source ofr those older (unsupported) OpenSSL packages and manunally creating your CSR/CRT with the -x509 -days 5000 option?.. (creating the CSR and CRT in one movement). Thread on this here:
https://serverfault.com/questions/920461/why-openssl-ignore-days-for-expiration-date-for-self-signed-certificate
I think doing this and keeping it all packages within a container is a great plan, if possible. I have some x509/cert/docker guru friends from Rackspace I can also sick on this issue. Lemme know if interested.
from seed-labs.
We will do this for sure. We actually have a lab (PKI Lab) that does this, so it should be pretty easy to set up the certificate like this. There is no need to do it right now, because we haven't figured out how to solve the problem I listed above. Once we have resolved that problem, we will definitely do what you have suggested.
from seed-labs.
Super.. ping me when ready to let me know exactly what you still need.
from seed-labs.
Related Issues (20)
- CTF project link HOT 1
- `rndc` commond not found in handsonsecurity/seed-ubuntu docker image HOT 1
- How to create enviroment with VMWare? HOT 1
- Assistance
- cannot use md5collgen in cloud VM HOT 1
- openssl.cnf file not found HOT 4
- Docker image issues on Mac M1. HOT 1
- Sniffing and Spoofing
- Environment configuration HOT 1
- There was a problem configuring the SEED-Ubuntu20.04 virtual machine
- Problem Docker compose HOT 2
- Android Labs are not Supported on ARM HOT 5
- Issue with the Random Number Lab
- Lab Setup Apple Silicon instructions - why does docker need to be installed? HOT 1
- Compilation problems in “Packet Sniffing and Spoofing Lab” HOT 2
- Dead link returns 404 HOT 1
- A bug in Package Sniffing and Spoofing Lab HOT 1
- Secret-Key-Encryption-Lab HOT 4
- www.seed-server.com is parked HOT 1
- Bug: missing a terminator in ($DNS_Reomte)/attack.c HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from seed-labs.