README.md
Rendering markdown...
#!/bin/bash
set -e
CONTAINER="mariadb-cve-2026-32710"
IMAGE="cve-2026-32710-lab"
echo "[*] Building lab image..."
docker build -t "$IMAGE" .
echo "[*] Stopping any existing container..."
docker rm -f "$CONTAINER" 2>/dev/null || true
echo "[*] Starting MariaDB 11.4.9 container..."
docker run -d \
--name "$CONTAINER" \
--cap-add SYS_PTRACE \
--security-opt seccomp=unconfined \
-p 3306:3306 \
"$IMAGE"
echo "[*] Disabling ASLR inside container..."
docker exec "$CONTAINER" bash -c 'echo 0 > /proc/sys/kernel/randomize_va_space' 2>/dev/null || \
echo " (ASLR disable requires host-level: echo 0 > /proc/sys/kernel/randomize_va_space)"
echo "[*] Waiting for MariaDB to be ready..."
for i in $(seq 1 30); do
if docker exec "$CONTAINER" mariadb -uroot -praptor -e "SELECT 1" &>/dev/null; then
break
fi
sleep 1
done
echo "[*] Verifying lowpriv user..."
docker exec "$CONTAINER" mariadb -uroot -praptor -e "SHOW GRANTS FOR 'lowpriv'@'%'"
echo "[*] Verifying UDF .so..."
docker exec "$CONTAINER" ls -la /tmp/raptor_udf.so
docker exec "$CONTAINER" ls -la /usr/lib/mysql/plugin/ | head -3
echo ""
echo "[+] Lab ready. Container: $CONTAINER"
echo "[+] TCP: mysql -ulowpriv -plowpriv -h 127.0.0.1 test"
echo "[+] Root: docker exec -it $CONTAINER mariadb -uroot -praptor"
echo "[+] Lowpriv: docker exec -it $CONTAINER mariadb -ulowpriv -plowpriv test"
echo ""
echo "[!] For the exploit, ASLR must be disabled on the Docker HOST:"
echo " sudo sh -c 'echo 0 > /proc/sys/kernel/randomize_va_space'"