FROM ubuntu:22.04
ENV DEBIAN_FRONTEND=noninteractive

RUN apt-get update && apt-get install -y \
    python3 \
    openssh-server \
    net-tools \
    iproute2 \
    iputils-ping \
    curl \
    && rm -rf /var/lib/apt/lists/*

# ── SSH con credenciales débiles (acceso alternativo) ──
RUN mkdir -p /var/run/sshd
RUN echo 'root:toor' | chpasswd
RUN sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config
RUN sed -i 's/PermitRootLogin prohibit-password/PermitRootLogin yes/'  /etc/ssh/sshd_config
RUN sed -i 's/#PasswordAuthentication yes/PasswordAuthentication yes/' /etc/ssh/sshd_config

# ── Loot: credenciales de la red interna ──
RUN mkdir -p /var/ftp
RUN echo "=== NOTAS INTERNAS ===" > /var/ftp/notes.txt && \
    echo "Servidor interno (mantenimiento):" >> /var/ftp/notes.txt && \
    echo "  IP     : 172.20.20.10" >> /var/ftp/notes.txt && \
    echo "  SSH    : msfadmin / msfadmin" >> /var/ftp/notes.txt && \
    echo "  Web    : http://172.20.20.10:8080" >> /var/ftp/notes.txt

# ── Servicio vsftpd backdooreado ──
COPY vsftpd_backdoor.py /opt/vsftpd_backdoor.py
COPY start.sh /start.sh
RUN chmod +x /start.sh

EXPOSE 21 6200 22

CMD ["/start.sh"]
