Share
## https://sploitus.com/exploit?id=FD0437D8-4085-5CC5-9315-B3111BE75BED
# SmartMES Attack-Defense Drill Site
The Smart Manufacturing Enterprise Execution System (MES) attack-defense drill site is designed for red-blue confrontation penetration testing and emergency response training.
## Quick Start
### Environment Requirements
- Docker 20.0+
- Docker Compose v2.0+
- Git
### Deployment Steps
```bash
# 1. Clone this repository to the deployment server
git clone smart-mes
cd smart-mes
# 2. Start all services
docker-compose up -d
# 3. Check container status
docker-compose ps
# 4. Access the initialization page (optional: init.sql has been automatically imported into MySQL)
http://localhost/install.php
# 5. Access the system
http://localhost/
```
### Default Accounts
| Username | Password | Role |
|---------|----------|-------|
| admin | password | Administrator |
| zhangsan | zhang123 | Regular User |
| lisi | lisi456 | Regular User |
| operator | op123456 | Regular User |
### Network Topology (Docker Simulation)
```
External Attack Machine โ Web (192.168.10.10) โ DB+Redis (192.168.30.10)
โ
Only Web can access this
```
> In actual physical deployment, the deployment should be isolated according to a three-tier network structure (DMZ โ Office Area โ Core Area). See `Project Planning Scheme.md` for details. ---
## Pre-existing Vulnerabilities
| ID | Type | Location | Exploitation Method | Impact |
|----|------|-------|----------|-------|
| V-01 | SQL Injection | `login.php` | `admin' OR '1'='1' --` | Severe |
| V-02 | Weak Passwords | `users` table | admin / password | High |
| V-03 | File Upload | `upload.php` | Uploading `.php` Trojan | Severe |
| V-04 | Command Injection | `diagnostic.php?ip=` | `127.0.0.1; whoami` | Severe |
| V-05 | Information Leakage | `config.php` / `?debug=1` | Outputting database passwords | Medium |
| V-06 | Unauthorized Access | `admin/` directory | Direct access to backend pages | High |
| V-07 | Deserialization | `profile.php?data=` | Base64 serialization RCE | High |
| V-08 | HTTP Header Backdoor | `index.php` | `X-Backdoor-Auth: secret` + `X-Cmd: ` | Severe |
| V-09 | SSH Weak Passwords | Docker container/host | root/root or root/123456 | High |
---
## System Modules
| Module | URL | Functionality | Vulnerabilities |
|------|-----|------------|---------------|
| Login | `/login.php` | User authentication | V-01, V-02 |
| Dashboard | `/dashboard.php` | System overview | โ |
| Device Monitoring | `/devices.php` | Real-time device status (Redis) | โ |
| Work Orders Management | `/work_orders.php` | Work order CRUD operations | V-01 |
| File Upload | `/upload.php` | Uploading production reports | V-03 |
| Network Diagnosis | `/diagnostic.php` | Ping tool | V-04 |
| Personal Information | `/profile.php` | User information | V-07 |
| Admin Management | `/admin/` | User management | V-01, V-06 |
| Installation | `/install.php` | Automatic initialization | Security vulnerabilities |
---
## Directory Structure
```
. โโโ docker-compose.yml # Container orchestration
โโโ Dockerfile # Apache+PHP image
โโโ init.sql # Database initialization
โโโ README.md # Readme file
โโโ RedTeam_Guide.md # Red team attack guide
โโโ BlueTeam_Fix.md # Blue team fix guide
โโโ ProjectPlanningScheme.md # Project planning
โโโ project/
โโโ public/ # Web root directory (Apache DocumentRoot)
โ โโโ index.php # Entrance page + V-08 backdoor
โ โโโ config.php # Configuration file + V-05
โ โโโ login.php # Login + V-01
โ โโโ logout.php
โ โโโ dashboard.php
โ โโโ devices.php
โ โโโ work_orders.php
โ โโโ upload.php # V-03
โ โโโ diagnostic.php # V-04
โ โโโ profile.php # V-07
โ โโโ install.php
โ โโโ admin/ # Unauthorized access via V-06
โ โโโ uploads/ # Executable PHP upload directory
โ โโโ assets/
โโโ includes/ # Non-web accessible
โโโ db.php
โโโ redis.php
โโโ auth.php
```