zharkaron/cve-2025-zharkaron

# CVE-2025-ZHARKARON A collection of containerized environments, each reproducing a real-world CVE. Spin up a vulnerable service, inspect logs, and connect via SSH to see exactly how the exploit works — all in an isolated Docker network. ## What This Is Each CVE gets its own `docker-compose.yml`. One command and you have a fully vulnerable environment running on your machine. From there you can: - **View logs** to watch the vulnerable service behave - **SSH or exec into containers** to interact with the exploit firsthand - **Run attacking tools** (Kali, Parrot) against the target from within the same network This is a living lab for understanding vulnerabilities, not a production setup. ## How It Works Every CVE environment is structured the same way: cve-/ ├── docker-compose.yml # everything needed to spin it up ├── README.md # CVE details, exploit steps, commands └── services/ ├── target/ # the vulnerable service └── attacker/ # Kali, Parrot, or other attack tools ### Quick Start cd cve- docker compose up -d That's it. The `README.md` inside each CVE folder tells you: - What the vulnerability is - Which ports to hit - How to SSH into the attacker or target container - What commands to run to see the exploit in action ## Example # Start the CVE environment docker compose up -d # Check service logs docker compose logs target # SSH into the attacker machine ssh user@localhost -p 2222 # Or exec directly into a container docker exec -it attacker bash # Run the exploit nmap -sV --script