MazeSec suo 设计流程
修改主机名
hostname="suo"
echo "$hostname" > /etc/hostname
cat >/etc/hosts <<EOF
127.0.0.1 localhost
127.0.1.1 $hostname
::1 localhost ip6-localhost ip6-loopback
EOF
hostname -F /etc/hostname创建用户及修改密码
生成个 lanyangyang 用户的创建命令
name='lanyangyang'
pass=$(openssl rand -base64 18)
shell="\nRun:\naddgroup $name\nadduser -D -G $name -s /bin/bash -h /home/$name $name\necho \"$name:$pass\" | chpasswd"
echo -e "$shell"创建 lanyangyang 用户并修改密码
addgroup lanyangyang
adduser -D -G lanyangyang -s /bin/bash -h /home/lanyangyang lanyangyang
echo "lanyangyang:2pezUxZE8hq2TKC2IdBTk7k0" | chpasswdroot 修改密码(这里从 rockyou 末尾提取,确保可以爆破哈希)
# 注意!!表示上一条命令的完整内容,双引号时会出现非预期行为
echo 'root:111111111111111' | chpasswd部署 php twig
安装 composer
# 更新包索引
apk update
# 安装 PHP 和必要的扩展
apk add php81 php81-curl php81-openssl php81-mbstring php81-phar php81-zip php81-xml php81-tokenizer php81-session
# 安装 Composer
apk add composer
# 验证安装
composer --version创建项目目录
# 进入网站目录
cd /var/www/html
# 创建项目目录结构
mkdir -p templates cache src
mkdir -p templates/layouts templates/pages templates/includes
# 设置缓存目录权限
chmod 777 cache创建 composer.json 文件
# 创建 composer.json 文件
cat > composer.json << 'EOF'
{
"name": "myproject/twig-site",
"description": "Twig template project",
"type": "project",
"require": {
"php": ">=7.4",
"twig/twig": "^3.0"
},
"autoload": {
"psr-4": {
"App\\": "src/"
}
},
"config": {
"optimize-autoloader": true
}
}
EOF
# 安装 Twig
composer install
# 或者
composer require twig/twigdeepseek 生成首页及模板
index.php
cat > /var/www/html/index.php << 'EOF'
<?php
ini_set('display_errors', 1);
error_reporting(E_ALL);
require_once __DIR__ . '/vendor/autoload.php';
use Twig\Loader\ArrayLoader;
use Twig\Environment;
use Twig\Extension\DebugExtension;
$loader = new ArrayLoader([
'index' => '
<!DOCTYPE html>
<html lang="zh-CN">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>HTTP 代理配置生成器</title>
<style>
/* 保持原有的CSS样式 */
* {
margin: 0;
padding: 0;
box-sizing: border-box;
}
body {
font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "Helvetica Neue", Arial, sans-serif;
background: linear-gradient(135deg, #667eea 0%, #764ba2 100%);
min-height: 100vh;
display: flex;
align-items: center;
justify-content: center;
color: #333;
}
.container {
background: rgba(255, 255, 255, 0.95);
backdrop-filter: blur(10px);
border-radius: 20px;
box-shadow: 0 20px 60px rgba(0, 0, 0, 0.3);
padding: 60px;
max-width: 600px;
width: 90%;
animation: slideUp 0.6s ease-out;
}
@keyframes slideUp {
from {
opacity: 0;
transform: translateY(30px);
}
to {
opacity: 1;
transform: translateY(0);
}
}
.header {
text-align: center;
margin-bottom: 40px;
}
.logo {
width: 64px;
height: 64px;
background: linear-gradient(135deg, #667eea 0%, #764ba2 100%);
border-radius: 16px;
margin: 0 auto 20px;
display: flex;
align-items: center;
justify-content: center;
font-size: 28px;
color: white;
box-shadow: 0 4px 15px rgba(102, 126, 234, 0.4);
}
h1 {
font-size: 28px;
font-weight: 700;
color: #1a1a2e;
margin-bottom: 8px;
letter-spacing: -0.5px;
}
.subtitle {
color: #6b7280;
font-size: 14px;
font-weight: 400;
}
.form-group {
margin-bottom: 24px;
}
label {
display: block;
margin-bottom: 8px;
font-weight: 600;
color: #374151;
font-size: 14px;
}
.input-wrapper {
position: relative;
}
input[type="text"] {
width: 100%;
padding: 14px 16px;
border: 2px solid #e5e7eb;
border-radius: 12px;
font-size: 15px;
transition: all 0.3s ease;
background: #f9fafb;
color: #1f2937;
}
input[type="text"]:focus {
outline: none;
border-color: #667eea;
background: #ffffff;
box-shadow: 0 0 0 4px rgba(102, 126, 234, 0.1);
}
input[type="text"]::placeholder {
color: #9ca3af;
}
.hint {
margin-top: 6px;
font-size: 12px;
color: #6b7280;
}
button {
width: 100%;
padding: 16px;
background: linear-gradient(135deg, #667eea 0%, #764ba2 100%);
color: white;
border: none;
border-radius: 12px;
font-size: 16px;
font-weight: 600;
cursor: pointer;
transition: all 0.3s ease;
box-shadow: 0 4px 15px rgba(102, 126, 234, 0.4);
}
button:hover {
transform: translateY(-2px);
box-shadow: 0 6px 20px rgba(102, 126, 234, 0.6);
}
button:active {
transform: translateY(0);
}
.result {
margin-top: 30px;
padding: 20px;
background: #1f2937;
border-radius: 12px;
position: relative;
display: {{ command ? "block" : "none" }};
}
.result-label {
font-size: 12px;
color: #9ca3af;
text-transform: uppercase;
letter-spacing: 0.5px;
margin-bottom: 8px;
}
.result-code {
font-family: "Menlo", "Monaco", "Courier New", monospace;
font-size: 14px;
color: #10b981;
word-break: break-all;
line-height: 1.6;
}
.copy-btn {
position: absolute;
top: 16px;
right: 16px;
background: rgba(255, 255, 255, 0.1);
border: 1px solid rgba(255, 255, 255, 0.2);
color: #9ca3af;
padding: 6px 12px;
border-radius: 6px;
font-size: 12px;
cursor: pointer;
transition: all 0.2s;
}
.copy-btn:hover {
background: rgba(255, 255, 255, 0.2);
color: #fff;
}
.footer {
text-align: center;
margin-top: 30px;
padding-top: 20px;
border-top: 1px solid #e5e7eb;
}
.footer-text {
font-size: 12px;
color: #9ca3af;
}
.features {
display: flex;
justify-content: center;
gap: 30px;
margin-top: 20px;
flex-wrap: wrap;
}
.feature {
display: flex;
align-items: center;
gap: 8px;
font-size: 13px;
color: #6b7280;
}
.feature-icon {
width: 20px;
height: 20px;
background: #d1fae5;
border-radius: 50%;
display: flex;
align-items: center;
justify-content: center;
color: #059669;
font-size: 12px;
}
</style>
</head>
<body>
<div class="container">
<div class="header">
<div class="logo">⚡</div>
<h1>代理配置生成器</h1>
<p class="subtitle">快速生成 HTTP 代理隧道连接命令</p>
</div>
<form method="POST" action="">
<div class="form-group">
<label for="target">目标服务器地址</label>
<div class="input-wrapper">
<input
type="text"
id="target"
name="target"
placeholder="例如: 192.168.1.100:8080 或 target.com"
required
autocomplete="off"
value="{{ target|default("") }}"
>
</div>
<p class="hint">输入目标服务器的 IP 地址或域名,包含端口号(如果有)</p>
</div>
<button type="submit">生成连接命令</button>
</form>
{% if command %}
<div class="result" id="resultBox">
<div class="result-label">Generated Command</div>
<button class="copy-btn" onclick="copyToClipboard()">复制</button>
<div class="result-code" id="commandText">{{ command }}</div>
</div>
{% endif %}
<div class="footer">
<div class="features">
<div class="feature">
<div class="feature-icon">✓</div>
<span>高性能传输</span>
</div>
<div class="feature">
<div class="feature-icon">✓</div>
<span>全双工模式</span>
</div>
<div class="feature">
<div class="feature-icon">✓</div>
<span>负载均衡支持</span>
</div>
</div>
<p class="footer-text" style="margin-top: 20px;">
© 2026 MazeSec. 仅供开发测试使用
</p>
</div>
</div>
<script>
function copyToClipboard() {
const commandText = document.getElementById(\'commandText\').innerText;
navigator.clipboard.writeText(commandText).then(() => {
const btn = document.querySelector(\'.copy-btn\');
const originalText = btn.innerText;
btn.innerText = \'已复制!\';
btn.style.background = \'rgba(16, 185, 129, 0.2)\';
btn.style.color = \'#10b981\';
setTimeout(() => {
btn.innerText = originalText;
btn.style.background = \'rgba(255, 255, 255, 0.1)\';
btn.style.color = \'#9ca3af\';
}, 2000);
});
}
const input = document.getElementById(\'target\');
input.addEventListener(\'focus\', function() {
this.placeholder = \'\';
});
input.addEventListener(\'blur\', function() {
if (!this.value) {
this.placeholder = \'例如: 192.168.1.100:8080 或 target.com\';
}
});
</script>
</body>
</html>
'
]);
$twig = new Environment($loader, [
'debug' => true,
'autoescape' => false,
'cache' => false,
]);
$twig->addExtension(new DebugExtension());
$command = '';
$target = '';
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['target'])) {
$target = $_POST['target'];
try {
$template_code = './suo5 -t http://' . $target . '/suo5.jsp';
$dynamic_loader = new ArrayLoader([
'dynamic' => $template_code
]);
$dynamic_twig = new Environment($dynamic_loader, [
'debug' => true,
'autoescape' => false,
'cache' => false
]);
$dynamic_twig->addExtension(new DebugExtension());
$command = $dynamic_twig->render('dynamic');
} catch (Exception $e) {
$command = "错误: " . $e->getMessage();
}
}
echo $twig->render('index', [
'command' => $command,
'target' => htmlspecialchars($target)
]);
EOF权限控制
# 设置权限
cd /var/www/html/
chown -R apache:apache /var/www/html/
chmod -R 755 /var/www/html/
chmod 777 /var/www/html/cache安装 arp-scan
apk add arp-scan添加两条 sudo 授权
cat << 'EOF' >> /etc/sudoers.d/apache
apache ALL=(lanyangyang) NOPASSWD:/bin/nice
EOF
cat << 'EOF' >> /etc/sudoers.d/lanyangyang
lanyangyang ALL=(ALL) NOPASSWD:/usr/bin/arp-scan
EOF
chmod 600 /etc/sudoers.d/*放置flag
root@localhost:~# echo 'flag{user-da4e2b9944cf4d0389a894c8d718444f}' > /home/lanyangyang/user.txt
root@localhost:~# echo 'flag{root-8438726c502a452d997ba300afac30fe}' > /root/root.txt防火墙配置
# 安装 iptables
apk add iptables iptables-openrc配置防火墙
cat <<'EOF' > /tmp/firewall.sh
#!/bin/sh
set -e
# 清空规则
iptables -F
iptables -X
# 默认策略
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
# 已建立/相关连接
iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
# 回环
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
# DNS
iptables -A OUTPUT -p udp --dport 53 -j ACCEPT
iptables -A OUTPUT -p tcp --dport 53 -j ACCEPT
# HTTP 80
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A OUTPUT -p tcp --dport 80 -j ACCEPT
# 其他 TCP/UDP
iptables -A INPUT -p tcp -j REJECT --reject-with tcp-reset
iptables -A OUTPUT -p tcp -j REJECT --reject-with tcp-reset
iptables -A INPUT -p udp -j REJECT --reject-with icmp-port-unreachable
iptables -A OUTPUT -p udp -j REJECT --reject-with icmp-port-unreachable
# 1) 保存一份规则(给 local.d 用)
iptables-save > /etc/iptables/fw.rules
# 2) local.d 兜底:开机 restore(不依赖 iptables-openrc)
mkdir -p /etc/local.d
cat <<'EOR' > /etc/local.d/firewall.start
#!/bin/sh
[ -f /etc/iptables/fw.rules ] && iptables-restore < /etc/iptables/fw.rules
EOR
chmod +x /etc/local.d/firewall.start
rc-update add local boot >/dev/null 2>&1 || true
# 3) 可选:同时启用 iptables-openrc(双保险)
rc-service iptables start 2>/dev/null || true
rc-service iptables save || true
rc-update add iptables boot >/dev/null 2>&1 || true
EOF
chmod +x /tmp/firewall.sh
sh /tmp/firewall.sh && rm /tmp/firewall.sh