Skip to content
Build & Publish Lab Images (GHCR)

Added payload references in PHP attack chain lab #9

Sign in to view logs

Added payload references in PHP attack chain lab

Added payload references in PHP attack chain lab #9

Workflow file for this run

.github/workflows/publish-images-ghcr.yml at ddca46c
name: Build & Publish Lab Images (GHCR)
on:
push:
branches: ["main"]
workflow_dispatch:
permissions:
contents: read
packages: write
env:
REGISTRY: ghcr.io
# GHCR requires lowercase image names; GitHub may preserve username casing.
IMAGE_NAMESPACE: ${{ github.repository }}
jobs:
build-and-push:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Set image namespace (lowercase)
shell: bash
run: |
echo "IMAGE_NAMESPACE_LC=${GITHUB_REPOSITORY,,}" >> "$GITHUB_ENV"
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Log in to GHCR
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
# Linux Privilege Escalation Lab (sudo misconfiguration)
- name: Build & push privesc-sudo (vuln)
uses: docker/build-push-action@v6
with:
context: labs/linux-privilege-escalation/vulnerable
file: labs/linux-privilege-escalation/vulnerable/Dockerfile
push: true
tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAMESPACE_LC }}/privesc-sudo:vuln
- name: Build & push privesc-sudo (fixed)
uses: docker/build-push-action@v6
with:
context: labs/linux-privilege-escalation/fixed
file: labs/linux-privilege-escalation/fixed/Dockerfile
push: true
tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAMESPACE_LC }}/privesc-sudo:fixed
# Web Exploitation Lab (SQL Injection)
- name: Build & push flask-sqli (vuln)
uses: docker/build-push-action@v6
with:
context: labs/web-exploitation-sqli/vulnerable
file: labs/web-exploitation-sqli/vulnerable/Dockerfile
push: true
tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAMESPACE_LC }}/flask-sqli:vuln
- name: Build & push flask-sqli (fixed)
uses: docker/build-push-action@v6
with:
context: labs/web-exploitation-sqli/fixed
file: labs/web-exploitation-sqli/fixed/Dockerfile
push: true
tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAMESPACE_LC }}/flask-sqli:fixed
# Web Exploitation Lab (File Upload)
- name: Build & push flask-upload (vuln)
uses: docker/build-push-action@v6
with:
context: labs/web-exploitation-file-upload/vulnerable
file: labs/web-exploitation-file-upload/vulnerable/Dockerfile
push: true
tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAMESPACE_LC }}/flask-upload:vuln
- name: Build & push flask-upload (fixed)
uses: docker/build-push-action@v6
with:
context: labs/web-exploitation-file-upload/fixed
file: labs/web-exploitation-file-upload/fixed/Dockerfile
push: true
tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAMESPACE_LC }}/flask-upload:fixed
# Web Exploitation Lab (IDOR)
- name: Build & push flask-idor (vuln)
uses: docker/build-push-action@v6
with:
context: labs/web-exploitation-idor/vulnerable
file: labs/web-exploitation-idor/vulnerable/Dockerfile
push: true
tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAMESPACE_LC }}/flask-idor:vuln
- name: Build & push flask-idor (fixed)
uses: docker/build-push-action@v6
with:
context: labs/web-exploitation-idor/fixed
file: labs/web-exploitation-idor/fixed/Dockerfile
push: true
tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAMESPACE_LC }}/flask-idor:fixed
# Web Exploitation Lab (PHP Attack Chain)
- name: Build & push php-attack-chain (vuln)
uses: docker/build-push-action@v6
with:
context: labs/web-exploitation-php-attack-chain/vulnerable
file: labs/web-exploitation-php-attack-chain/vulnerable/Dockerfile
push: true
tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAMESPACE_LC }}/php-attack-chain:vuln
- name: Build & push php-attack-chain (fixed)
uses: docker/build-push-action@v6
with:
context: labs/web-exploitation-php-attack-chain/fixed
file: labs/web-exploitation-php-attack-chain/fixed/Dockerfile
push: true
tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAMESPACE_LC }}/php-attack-chain:fixed