pupy icon indicating copy to clipboard operation
pupy copied to clipboard

Published 20 hours ago verified publisher icon n1nj4sec

docker run permission issues

Open passwordleak opened this issue 5 years ago • 5 comments

Tried to run docker but it didn't work. Using latest version of kali. I am running as root.

root@[redacted]:/opt/pupy# docker run -it --entrypoint /opt/pupy/pupysh.py -w /projects -v /tmp/projects:/projects -u pupy --name pupy -p 8443:8443 alxchk/pupy:unstable
Traceback (most recent call last):
  File "/opt/pupy/pupysh.py", line 96, in <module>
    credentials = PupyCredentials.Credentials()
  File "/opt/pupy/pupylib/PupyCredentials.py", line 181, in __init__
    configfile = path.join(config.get_folder('crypto'), 'credentials.py')
  File "/opt/pupy/pupylib/PupyConfig.py", line 187, in get_folder
    return self.get_path(folder, substitutions, create, True)
  File "/opt/pupy/pupylib/PupyConfig.py", line 176, in get_path
    makedirs(retfilepath)
  File "/usr/lib/python2.7/os.py", line 157, in makedirs
    mkdir(name, mode)
OSError: [Errno 13] Permission denied: 'crypto'

Then I tried to run it without entrypoint:

root@[redacted]:/opt/pupy# docker run -it -w /projects -v /tmp/projects:/projects -u pupy --name pupy -p 8004:8004 alxchk/pupy:unstable
mkdir: cannot create directory ‘/projects/keys’: Permission denied
mkdir: cannot create directory ‘/projects/hostkeys’: Permission denied
chown: cannot access '/projects/hostkeys': No such file or directory
chmod: cannot access '/projects/hostkeys': No such file or directory
chown: cannot access '/projects/keys': No such file or directory
chmod: cannot access '/projects/keys': No such file or directory
Generating public/private rsa key pair.
Saving key "/projects/hostkeys/ssh_host_rsa_key" failed: No such file or directory
Generating public/private dsa key pair.
Saving key "/projects/hostkeys/ssh_host_dsa_key" failed: No such file or directory
Generating public/private ecdsa key pair.
Saving key "/projects/hostkeys/ssh_host_ecdsa_key" failed: No such file or directory
Generating public/private ed25519 key pair.
Saving key "/projects/hostkeys/ssh_host_ed25519_key" failed: No such file or directory
cp: cannot stat '/projects/hostkeys/*': No such file or directory
mkdir: cannot create directory ‘/projects/default’: Permission denied
chown: cannot access '/projects/default': No such file or directory
unable to set CAP_SETFCAP effective capability: Operation not permitted
/opt/pupy/conf/pupyenv.sh: 49: /opt/pupy/conf/pupyenv.sh: cannot create /projects/integrity.txt: Permission denied
/opt/pupy/conf/pupyenv.sh: 51: /opt/pupy/conf/pupyenv.sh: cannot create /projects/keys/README: Directory nonexistent
/opt/pupy/conf/pupyenv.sh: 53: /opt/pupy/conf/pupyenv.sh: cannot create /projects/README: Permission denied
Could not load host key: /etc/ssh/ssh_host_rsa_key
Could not load host key: /etc/ssh/ssh_host_ecdsa_key
Could not load host key: /etc/ssh/ssh_host_ed25519_key

So then I tried to create /projects and chmod 777, but that didn't work.

Goddamn I hate this docker bullshit. The old pupy without docker was so much better.

passwordleak avatar Sep 27 '18 21:09 passwordleak

I got it to run by removing the -u pupy flag, but now when I do docker start -ai pupy it just leads to a blank screen and tying commands does nothing.

root@[redacted]:/opt/pupy# docker start -ai pupy
[!] Xattrs not supported
[!] You can start container with --priviliged option

help

passwordleak avatar Sep 27 '18 22:09 passwordleak

In docker pupy do have uid 1000. So all files in projects (if they existed already) should be owned by this uid.

Goddamn I hate this docker bullshit. The old pupy without docker was so much better.

Then why to use it?

alxchk avatar Sep 28 '18 04:09 alxchk

Goddamn I hate this docker bullshit. The old pupy without docker was so much better.

Feel free not to use it and to use the virtualenv install

n1nj4sec avatar Sep 28 '18 06:09 n1nj4sec

@passwordleak: Sorry about the "docker bullshit". Docker has been a total mess for a while, and I didn't really maintain the wiki page about it properly.

Part of the reason for this is that I wanted to use docker compose instead of just docker. This should make it less confusing for people who don't know docker. Up until now, compose support hasn't been implemented. Luckily for you, I just finished it yesterday.

I have implemented compose on my fork. I am waiting for @alxchk to merge it upstream. In the mean time though, try cloning that repo. The new install procedure is:

  • Run ./install.sh in the pupy folder. This should install docker and docker compose. It will also pull the payload templates and build the base docker image.
  • Run ./pupy_start_compose.sh in the pupy subdirectory. This should spawn a pupy shell.
  • Type exit to close pupy. You can also background pupy by hitting ctrl+pq. To attach to it again, type docker attach pupy. Hit enter a few times to get the pupy prompt.

This has been tested on Debian 9. I will test it on a Kali VM now and see if I encounter any issues with it.

Note that this information is subject to change. For the latest information, please refer to the wiki.

Strazzom avatar Sep 30 '18 21:09 Strazzom

@Strazzom
./install.sh https://github.com/n1nj4sec/pupy/releases/download/latest/payload_templates.txz 404 not found

leezp avatar May 12 '20 06:05 leezp