FROM ubuntu:22.04
ENV DEBIAN_FRONTEND=noninteractive

RUN apt-get update && apt-get install -y \
    openssh-server \
    python3 \
    net-tools \
    iproute2 \
    iputils-ping \
    && rm -rf /var/lib/apt/lists/*

# ── SSH con credenciales débiles ──
RUN mkdir -p /var/run/sshd
RUN useradd -m -s /bin/bash msfadmin && echo 'msfadmin:msfadmin' | chpasswd
RUN echo 'root:Sup3rS3cr3t!' | chpasswd
RUN sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config
RUN sed -i 's/PermitRootLogin prohibit-password/PermitRootLogin yes/'  /etc/ssh/sshd_config
RUN sed -i 's/#PasswordAuthentication yes/PasswordAuthentication yes/' /etc/ssh/sshd_config

# ── Flag de root ──
RUN echo "FLAG{p1v0t1ng_m4st3r_eJPT_r3ady!}" > /root/flag.txt
RUN chmod 600 /root/flag.txt

# ── Hint para el usuario msfadmin ──
RUN echo "Buen trabajo llegando hasta aquí." > /home/msfadmin/hint.txt && \
    echo "El flag está en /root/flag.txt — necesitas escalar privilegios o acceder como root." >> /home/msfadmin/hint.txt
RUN chown msfadmin:msfadmin /home/msfadmin/hint.txt

# ── Servidor web interno (puerto 8080) ──
RUN mkdir -p /var/www/html
RUN echo "<html><body>" > /var/www/html/index.html && \
    echo "<h1>Internal Management Portal</h1>" >> /var/www/html/index.html && \
    echo "<p>Authorized personnel only.</p>" >> /var/www/html/index.html && \
    echo "<p><a href='/admin/'>Admin Panel</a></p>" >> /var/www/html/index.html && \
    echo "</body></html>" >> /var/www/html/index.html

RUN mkdir -p /var/www/html/admin
RUN echo "<html><body><h2>Admin</h2><p>credentials.txt</p></body></html>" \
    > /var/www/html/admin/index.html
RUN echo "root:Sup3rS3cr3t!" > /var/www/html/admin/credentials.txt

COPY start.sh /start.sh
RUN chmod +x /start.sh

EXPOSE 22 8080

CMD ["/start.sh"]
