Leaky Ledger is a fake bank application that is meant to be hacked for educational purposes.
You can visit this guide to reveal the vulnerabilities present in version 1.0 of the Leaky Ledger app.
- Command palette (⇧⌘P) > Dev Containers: Reopen in Container
- F5 for debug
- May need to select interpreter (e.g.,
/opt/venv/bin/python) first
- May need to select interpreter (e.g.,
- Copy
.env.exampleto.envand change default values - Open localhost after starting via Docker or locally
- Install Docker (Compose) of course!
# build docker image and start containers
docker-compose up -d --build
# exec into container
docker exec -it leaky-ledger bash
# stop containers
docker-compose stop
# tear down containers, volumes, networks
docker-compose down- At minimum, still need a PostgreSQL server running
- Easiest to spin one up with existing creds + Docker
docker run \
--name=mypostgres -d \
-it \
--rm \
--env-file=.env \
-p 5432:5432 \
postgres- Local bits
# create virtual environment
python -m venv .venv
# activate virtual environment
source .venv/bin/activate
# install dependencies
python -m pip install -r requirements.txt
# start web server
./startup.sh- NOTE
Won't serve images without reverse proxyAnd/or hacking Djangosettings.py- Appears to hydrate after a first run from Docker
- Could be a local issue 🤔
- Issues
- Add more documentation
- asdf
- poetry
- Test devcontainer
- CI/CD
- Terraform ❤️
- Docker Compose with NginX, Django, Gunicorn and multiple Postgres databases_docker_weixin_0010034-云原生
- How to Use the Postgres Docker Official Image | Docker
- Configuring HTTPS servers
- Dockerizing Django with Postgres, Gunicorn, and Nginx | TestDriven.io
- Deploying a Django application in Docker with Nginx | by Charlie Bishop | Medium
- Deploying a Django application in Docker with Nginx
- bitnami/containers: Bitnami container images
- Generates self-signed certs for local development