commit d68fc309355d9a03800cd2e069a4a8d718c7871d Author: EXP <289065406@qq.com> Date: Thu May 20 22:44:20 2021 +0800 init diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..b30b6eb --- /dev/null +++ b/.gitignore @@ -0,0 +1,14 @@ +gitlab/config/** +!gitlab/config/.keep + +gitlab/data/** +!gitlab/data/.keep + +gitlab/logs/** +!gitlab/logs/.keep + +gitlab/keys/** +!gitlab/keys/.keep + +runner/config/** +!runner/config/.keep diff --git a/README.md b/README.md new file mode 100644 index 0000000..a54d9b3 --- /dev/null +++ b/README.md @@ -0,0 +1,85 @@ +# Gitlab-Docker + +> docker 一键部署 Gitlab 破解版 + +------ + +## 0x10 环境说明 + +![](https://img.shields.io/badge/Docker-latest-brightgreen.svg) ![](https://img.shields.io/badge/GitlabEE-13.2.0-brightgreen.svg) ![](https://img.shields.io/badge/Runner-latest-brightgreen.svg) + + + + +## 0x20 目录结构 + +``` +gitlab-docker +├── README.md ............... [此 README 说明] +├── imgs .................... [辅助 README 说明的图片] +├── gitlab .................. [Gitlab 容器的挂载目录] +│ ├── Dockerfile .......... [Gitlab 的 Docker 构建文件] +│ ├── config .............. [Gitlab 配置挂载目录] +│ ├── data ................ [Gitlab 数据挂载目录] +│ ├── logs ................ [Gitlab 日志挂载目录] +│ ├── keys ................ [Gitlab 破解 License 存储目录] +│ └── nginx ............... [Gitlab 内置 nginx 配置目录(备份配置,勿改)] +├── runner .................. [Gitlab 容器的挂载目录] +├── license ................. [破解 License 的容器构建目录] +│ ├── Dockerfile .......... [License 的 Docker 构建文件] +│ └── license.rb .......... [生成破解 License 的 Ruby 脚本] +├── docker-compose.yml ...... [Docker 的构建配置] +├── keygen.ps1 .............. [Windows: 一键生成破解 License] +├── keygen.sh ............... [Linux: 一键生成破解 License] +├── run.ps1 ................. [Windows: 一键运行 Gitlab 靶场] +├── run.sh .................. [Linux: 一键运行 Gitlab 靶场] +├── register.ps1 ............ [Windows: 一键注册 Runner] +├── register.sh ............. [Linux: 一键注册 Runner] +├── stop.ps1 ................ [Windows: 一键停止 Gitlab 靶场] +└── stop.sh ................. [Linux: 一键停止 Gitlab 靶场] +``` + + + + +## 0x30 部署说明 + +### 0x31 构建 + +- 宿主机预装 docker 和 docker-compose +- 下载本仓库: [git clone https://github.com/lyy289065406/gitlab-docker](https://github.com/lyy289065406/gitlab-docker) +- 生成破解密钥对: [`./keygen.sh`](keygen.sh) 或 [`./keygen.ps1`](keygen.ps1) +- 构建并运行 Gitlab (确保 80 端口未占用): [`./run.sh`](run.sh) 或 [`./run.ps1`](run.ps1) +- 约 5 分钟后可从浏览器登录 Gitlab:[http://127.0.0.1](http://127.0.0.1) (首次登录需要重设管理员账号 root 的密码) + + +### 0x32 破解 + +前面生成破解密钥对的时候,已经把公钥写入 Gitlab 容器后台了,还需要把私钥通过前端上传到 Gitlab 完成破解: + +- 密钥对生成到 [`./gitlab/keys/`](gitlab/keys/) 目录,复制其下 `.gitlab-license` 的内容(私钥) +- 使用 root 用户打开 [http://127.0.0.1/admin/license/new](http://127.0.0.1/admin/license/new) 页面 +- 选择 `Enter license key` 并粘贴私钥,点击 `Upload license` 按钮即可完成破解 + + +![](imgs/01.png) + + +### 0x33 设置 Runner + +- 使用 root 用户打开 [http://127.0.0.1/admin/runners](http://127.0.0.1/admin/runners) 页面 +- 找到 registration token 并复制 +- 注册 Runner: [`./register.sh $TOKEN`](register.sh) 或 [`./register.ps1 $TOKEN`](register.ps1) + +> 至此所有 Repository 都可以使用此 Runner 执行 CI 脚本(Pipeline Jobs) + +![](imgs/02.png) + + +### 0x34 访问 Gitlab Pages + +假设你的 Gitlab 用户名为 `${username}`,仓库名称为 `${repository_name}`,当仓库已经使用 jekyll 成功构建 SSG 后,只需要访问以下 URL 即可: + +[http://127.0.0.1:8000/${username}/${repository_name}/public/](http://127.0.0.1:8000) + + diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..6263245 --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,53 @@ +version: '2' +services: + gitlab: + hostname: GITLAB + container_name: docker_gitlab + build: + context: ./gitlab + dockerfile: ./Dockerfile + environment: + # 影响 /etc/gitlab/gitlab.rb 的配置 + GITLAB_OMNIBUS_CONFIG: | + # 启用 Gitlab Pages + gitlab_pages['enable'] = true + # 访问 Gitlab Pages 的域名 (nginx 配置文件已经强制修改为 127.0.0.1:8000,故这里任意配置即可,但不能为空) + pages_external_url "http://pages.localhost/" + volumes: + - ./gitlab/config:/etc/gitlab + - ./gitlab/data:/var/opt/gitlab + - ./gitlab/logs:/var/log/gitlab + - ./gitlab/nginx/gitlab-pages.conf.local:/var/opt/gitlab/nginx/conf/gitlab-pages.conf.local + # - ./gitlab/pages:/var/opt/gitlab/gitlab-rails/shared/pages + ports: +# - 443:443 + - 80:80 + - 8000:8000 + networks: + vpn: + ipv4_address: 172.168.31.2 + restart: unless-stopped + + runner: + hostname: RUNNER + container_name: docker_runner + build: + context: ./runner + dockerfile: ./Dockerfile + volumes: + - ./runner/config:/etc/gitlab-runner + - ./runner/gitlab-runner:/etc/sudoers.d/gitlab-runner + networks: + vpn: + ipv4_address: 172.168.31.3 + restart: unless-stopped + +networks: + vpn: + driver: bridge + ipam: + driver: default + config: + - subnet: 172.168.31.0/24 + gateway: 172.168.31.1 + diff --git a/gitlab/Dockerfile b/gitlab/Dockerfile new file mode 100644 index 0000000..dc36142 --- /dev/null +++ b/gitlab/Dockerfile @@ -0,0 +1,18 @@ +# ----------------------------------------------------------------------------- +# CVE Ranger : +# https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22192.json +# Gitlab Docker : +# https://hub.docker.com/r/gitlab/gitlab-ee/tags +# ----------------------------------------------------------------------------- + +FROM gitlab/gitlab-ee:13.2.0-ee.0 +# FROM gitlab/gitlab-ee:13.8.0-ee.0 +# FROM gitlab/gitlab-ee:13.9.0-ee.0 + +ADD ./keys/license_key.pub /opt/gitlab/embedded/service/gitlab-rails/.license_encryption_key.pub +# RUN sed -i "s@|| STARTER_PLAN@|| ULTIMATE_PLAN@g" /opt/gitlab/embedded/service/gitlab-rails/ee/app/models/license.rb +# RUN gitlab-ctl reconfigure + +EXPOSE 443 +EXPOSE 80 +EXPOSE 22 diff --git a/gitlab/config/.keep b/gitlab/config/.keep new file mode 100644 index 0000000..e69de29 diff --git a/gitlab/data/.keep b/gitlab/data/.keep new file mode 100644 index 0000000..e69de29 diff --git a/gitlab/keys/.keep b/gitlab/keys/.keep new file mode 100644 index 0000000..e69de29 diff --git a/gitlab/logs/.keep b/gitlab/logs/.keep new file mode 100644 index 0000000..e69de29 diff --git a/gitlab/nginx/gitlab-pages.conf.local b/gitlab/nginx/gitlab-pages.conf.local new file mode 100644 index 0000000..4e1bb22 --- /dev/null +++ b/gitlab/nginx/gitlab-pages.conf.local @@ -0,0 +1,40 @@ +# This file is managed by gitlab-ctl. Manual changes will be +# erased! To change the contents below, edit /etc/gitlab/gitlab.rb +# and run `sudo gitlab-ctl reconfigure`. + +## Lines starting with two hashes (##) are comments with information. +## Lines starting with one hash (#) are configuration parameters that can be uncommented. +## +################################### +## configuration ## +################################### + + +server { + listen 8000; + server_name 127.0.0.1; + server_tokens off; ## Don't show the nginx version number, a security best practice + + ## Disable symlink traversal + disable_symlinks on; + + + ## Real IP Module Config + ## http://nginx.org/en/docs/http/ngx_http_realip_module.html + + ## Individual nginx logs for this GitLab vhost + access_log /var/log/gitlab/nginx/gitlab_pages_access.log gitlab_access; + error_log /var/log/gitlab/nginx/gitlab_pages_error.log; + + # Pass everything to pages daemon + location / { + index index.html; + root /var/opt/gitlab/gitlab-rails/shared/pages; + } + + # Define custom error pages + error_page 403 /403.html; + error_page 404 /404.html; + + +} \ No newline at end of file diff --git a/imgs/01.png b/imgs/01.png new file mode 100644 index 0000000..d2ee9c1 Binary files /dev/null and b/imgs/01.png differ diff --git a/imgs/02.png b/imgs/02.png new file mode 100644 index 0000000..ef8e77f Binary files /dev/null and b/imgs/02.png differ diff --git a/keygen.ps1 b/keygen.ps1 new file mode 100644 index 0000000..d11d99f --- /dev/null +++ b/keygen.ps1 @@ -0,0 +1,25 @@ +# 生成 Gitlab License + +$IMAGE_NAME = "gitlab_license" +$CONTAINER_NAME = "gen_gitlab_license" + +echo "Building image ..." +docker build ./license -t ${IMAGE_NAME} +Sleep 2 + +echo "Generate gitlab license ..." +$IMAGE_ID = (docker image ls -aq --filter reference=${IMAGE_NAME}) +docker run --name=${CONTAINER_NAME} ${IMAGE_ID} bash +Sleep 2 + +echo "Copy gitlab license to ./gitlab/keys" +$DOCKER_ID = (docker ps -aq --filter name=${CONTAINER_NAME}) +if(![String]::IsNullOrEmpty(${DOCKER_ID})) { + docker cp ${DOCKER_ID}:/opt/license_key ./gitlab/keys/license_key + docker cp ${DOCKER_ID}:/opt/license_key.pub ./gitlab/keys/license_key.pub + docker cp ${DOCKER_ID}:/opt/.gitlab-license ./gitlab/keys/.gitlab-license + docker rm -f ${DOCKER_ID} +} + +echo "Done ." +exit 0 \ No newline at end of file diff --git a/keygen.sh b/keygen.sh new file mode 100644 index 0000000..a8fb2b3 --- /dev/null +++ b/keygen.sh @@ -0,0 +1,26 @@ +#!/bin/sh +# 生成 Gitlab License + +IMAGE_NAME="gitlab_license" +CONTAINER_NAME="gen_gitlab_license" + +echo "Building image ..." +docker build ./license -t ${IMAGE_NAME} +sleep 2 + +echo "Generate gitlab license ..." +IMAGE_ID=`docker image ls -aq --filter reference=${IMAGE_NAME}` +docker run --name=${CONTAINER_NAME} ${IMAGE_ID} bash +sleep 2 + +echo "Copy gitlab license to ./gitlab/keys" +DOCKER_ID=`docker ps -aq --filter name=${CONTAINER_NAME}` +if [ ! -z "${DOCKER_ID}" ]; then + docker cp ${DOCKER_ID}:/opt/license_key ./gitlab/keys/license_key + docker cp ${DOCKER_ID}:/opt/license_key.pub ./gitlab/keys/license_key.pub + docker cp ${DOCKER_ID}:/opt/.gitlab-license ./gitlab/keys/.gitlab-license + docker rm -f ${DOCKER_ID} +fi + +echo "Done ." +exit 0 \ No newline at end of file diff --git a/license/Dockerfile b/license/Dockerfile new file mode 100644 index 0000000..92f5cff --- /dev/null +++ b/license/Dockerfile @@ -0,0 +1,14 @@ +# ----------------------------------------------------------------------------- +# How to Crack Gitlab : +# https://blog.starudream.cn/2020/01/19/6-crack-gitlab/ +# ----------------------------------------------------------------------------- + +FROM ruby + +WORKDIR /opt + +RUN gem install gitlab-license +ADD ./license.rb /opt/license.rb +RUN ruby license.rb + +CMD [ "bash" ] \ No newline at end of file diff --git a/license/license.rb b/license/license.rb new file mode 100644 index 0000000..baf35e2 --- /dev/null +++ b/license/license.rb @@ -0,0 +1,85 @@ +require "openssl" +require "gitlab/license" + +key_pair = OpenSSL::PKey::RSA.generate(2048) +File.open("license_key", "w") { |f| f.write(key_pair.to_pem) } + +public_key = key_pair.public_key +File.open("license_key.pub", "w") { |f| f.write(public_key.to_pem) } + +private_key = OpenSSL::PKey::RSA.new File.read("license_key") +Gitlab::License.encryption_key = private_key + +license = Gitlab::License.new +license.licensee = { + "Name" => "none", + "Company" => "none", + "Email" => "admin@example.com", +} +license.starts_at = Date.new(2020, 1, 1) # 开始时间 +license.expires_at = Date.new(2050, 1, 1) # 结束时间 +license.notify_admins_at = Date.new(2049, 12, 1) +license.notify_users_at = Date.new(2049, 12, 1) +license.block_changes_at = Date.new(2050, 1, 1) +license.restrictions = { + active_user_count: 10000, +} + +puts "License:" +puts license + +data = license.export +puts "Exported license:" +puts data +File.open(".gitlab-license", "w") { |f| f.write(data) } + +public_key = OpenSSL::PKey::RSA.new File.read("license_key.pub") +Gitlab::License.encryption_key = public_key + +data = File.read(".gitlab-license") +$license = Gitlab::License.import(data) + +puts "Imported license:" +puts $license + +unless $license + raise "The license is invalid." +end + +if $license.restricted?(:active_user_count) + active_user_count = 10000 + if active_user_count > $license.restrictions[:active_user_count] + raise "The active user count exceeds the allowed amount!" + end +end + +if $license.notify_admins? + puts "The license is due to expire on #{$license.expires_at}." +end + +if $license.notify_users? + puts "The license is due to expire on #{$license.expires_at}." +end + +module Gitlab + class GitAccess + def check(cmd, changes = nil) + if $license.block_changes? + return build_status_object(false, "License expired") + end + end + end +end + +puts "This instance of GitLab Enterprise Edition is licensed to:" +$license.licensee.each do |key, value| + puts "#{key}: #{value}" +end + +if $license.expired? + puts "The license expired on #{$license.expires_at}" +elsif $license.will_expire? + puts "The license will expire on #{$license.expires_at}" +else + puts "The license will never expire." +end \ No newline at end of file diff --git a/register.ps1 b/register.ps1 new file mode 100644 index 0000000..540601e --- /dev/null +++ b/register.ps1 @@ -0,0 +1,21 @@ +# 注册 Runner 到 Gitlab + +param([string]$TOKEN="") +if([String]::IsNullOrEmpty(${TOKEN})) { + echo "Usage: .\register.ps1 TOKEN" + echo "You can get the registration token from http://127.0.0.1/admin/runners" + exit 1 +} + + +$CONTAINER_GITLAB_NAME = "docker_gitlab" +$GITLAB_URL = "http://" + (docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' ${CONTAINER_GITLAB_NAME}) + +$CONTAINER_RUNNER_NAME = "docker_runner" +$DOCKER_ID = (docker ps -aq --filter name=${CONTAINER_RUNNER_NAME}) +if(![String]::IsNullOrEmpty(${DOCKER_ID})) { + docker exec ${DOCKER_ID} /bin/sh -c "/usr/bin/gitlab-runner register --non-interactive --name poc-runner --executor shell --url ${GITLAB_URL} --registration-token ${TOKEN}" +} + +echo "Done ." +exit 0 \ No newline at end of file diff --git a/register.sh b/register.sh new file mode 100644 index 0000000..8d9472c --- /dev/null +++ b/register.sh @@ -0,0 +1,21 @@ +#!/bin/sh +# 注册 Runner 到 Gitlab + +TOKEN=$1 +if [ -z "${TOKEN}" ] ; then + echo "Usage: .\register.ps1 TOKEN" + echo "You can get the registration token from http://127.0.0.1/admin/runners" + exit 1 +fi + +CONTAINER_GITLAB_NAME="docker_gitlab" +GITLAB_URL="http://"`docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' ${CONTAINER_GITLAB_NAME}` + +CONTAINER_RUNNER_NAME="docker_runner" +DOCKER_ID=`docker ps -aq --filter name=${CONTAINER_RUNNER_NAME}` +if [ ! -z "${DOCKER_ID}" ]; then + docker exec ${DOCKER_ID} /bin/sh -c "/usr/bin/gitlab-runner register --non-interactive --name poc-runner --executor shell --url ${GITLAB_URL} --registration-token ${TOKEN}" +fi + +echo "Done ." +exit 0 \ No newline at end of file diff --git a/run.ps1 b/run.ps1 new file mode 100644 index 0000000..b7c5826 --- /dev/null +++ b/run.ps1 @@ -0,0 +1,16 @@ +docker-compose up -d + +echo "Gitlab is starting ..." +echo "You can access the site (http://127.0.0.1) after 5 minutes ." + + +# 更改 Gitlab Pages 的 nginx 代理服务为 127.0.0.1:8000 +sleep 300 +$DOCKER_ID = (docker ps -aq --filter name=docker_gitlab) +if(![String]::IsNullOrEmpty($DOCKER_ID)) { + docker exec -u root ${DOCKER_ID} /bin/bash -c "cp /var/opt/gitlab/nginx/conf/gitlab-pages.conf.local /var/opt/gitlab/nginx/conf/gitlab-pages.conf" + docker exec -u root ${DOCKER_ID} /bin/bash -c "gitlab-ctl restart nginx" +} + +echo "Gitlab is started ." +exit 0 diff --git a/run.sh b/run.sh new file mode 100644 index 0000000..abcf268 --- /dev/null +++ b/run.sh @@ -0,0 +1,19 @@ +#!/bin/sh + +docker-compose up -d + +echo "Gitlab is starting ..." +echo "You can access the site (http://127.0.0.1) after 5 minutes ." + + +# 更改 Gitlab Pages 的 nginx 代理服务为 127.0.0.1:8000 +sleep 300 +DOCKER_ID=`docker ps -aq --filter name=docker_gitlab` +if [ ! -z "${DOCKER_ID}" ]; then + docker exec -u root ${DOCKER_ID} /bin/bash -c "cp /var/opt/gitlab/nginx/conf/gitlab-pages.conf.local /var/opt/gitlab/nginx/conf/gitlab-pages.conf" + docker exec -u root ${DOCKER_ID} /bin/bash -c "gitlab-ctl restart nginx" +fi + + +echo "Gitlab is started ." +exit 0 diff --git a/runner/Dockerfile b/runner/Dockerfile new file mode 100644 index 0000000..506bc6f --- /dev/null +++ b/runner/Dockerfile @@ -0,0 +1,13 @@ +FROM gitlab/gitlab-runner:ubuntu-v13.10.0 + +RUN sed -i s@/deb.debian.org/@/mirrors.aliyun.com/@g /etc/apt/sources.list +RUN apt-get clean && \ + apt-get update -y && \ + apt-get install -y sudo vim zlib1g-dev ruby-dev gcc libffi-dev make g++ ruby ruby-dev nodejs + +# 替换gem国内源 +RUN gem sources --add http://gems.ruby-china.com/ --remove https://rubygems.org/ && \ + gem install bundler + +RUN usermod -a -G sudo gitlab-runner + diff --git a/runner/config/.keep b/runner/config/.keep new file mode 100644 index 0000000..e69de29 diff --git a/runner/gitlab-runner b/runner/gitlab-runner new file mode 100644 index 0000000..c60e248 --- /dev/null +++ b/runner/gitlab-runner @@ -0,0 +1 @@ +gitlab-runner ALL=(ALL) NOPASSWD: ALL \ No newline at end of file diff --git a/stop.ps1 b/stop.ps1 new file mode 100644 index 0000000..00e3113 --- /dev/null +++ b/stop.ps1 @@ -0,0 +1,2 @@ +docker-compose down +exit 0 \ No newline at end of file diff --git a/stop.sh b/stop.sh new file mode 100644 index 0000000..24f1397 --- /dev/null +++ b/stop.sh @@ -0,0 +1,4 @@ +#!/bin/sh + +docker-compose down +exit 0 \ No newline at end of file