diff --git a/README.md b/README.md
index b9eab99..8147fb0 100644
--- a/README.md
+++ b/README.md
@@ -2,3 +2,9 @@
 
 **CVE:** CVE-2026-42945  
 **Tested on:** Ubuntu 24.04.3 LTS
+
+## Usage
+
+1. Run `./setup.sh` to create the container.
+2. Run `docker compose -f env/docker-compose.yml up` to start the vulnerable nginx server.
+3. Run `python3 poc.py --shell` to achieve RCE (Remote Code Execution).
\ No newline at end of file
diff --git a/Dockerfile b/env/Dockerfile
similarity index 100%
rename from Dockerfile
rename to env/Dockerfile
diff --git a/docker-compose.yml b/env/docker-compose.yml
similarity index 100%
rename from docker-compose.yml
rename to env/docker-compose.yml
diff --git a/entrypoint.sh b/env/entrypoint.sh
similarity index 100%
rename from entrypoint.sh
rename to env/entrypoint.sh
diff --git a/nginx.conf b/env/nginx.conf
similarity index 100%
rename from nginx.conf
rename to env/nginx.conf
diff --git a/server.py b/env/server.py
similarity index 100%
rename from server.py
rename to env/server.py
diff --git a/setup.sh b/setup.sh
index 655d6bf..63686ab 100755
--- a/setup.sh
+++ b/setup.sh
@@ -3,17 +3,17 @@ set -e
 cd "$(dirname "$0")"
 
 echo "Building Docker image (compiles nginx from source)..."
-docker compose build
+docker compose -f env/docker-compose.yml build
 
 echo ""
 echo "Done. To run:"
 echo ""
 echo "  # Terminal 1 (server) — nginx runs with ASLR disabled (setarch -R):"
-echo "  docker compose up"
+echo "  docker compose -f env/docker-compose.yml up"
 echo ""
 echo "  # Terminal 2 (attacker):"
-echo "  python3 poc.py --cmd 'touch /tmp/pwned'"
+echo "  python3 poc.py --cmd 'echo hello from depthfirst > /tmp/pwned'"
 echo ""
 echo "  # Verify RCE:"
-echo "  docker compose exec nginx ls -la /tmp/pwned"
-echo "  docker compose exec nginx cat /tmp/pwned"
+echo "  docker compose -f env/docker-compose.yml exec nginx ls -la /tmp/pwned"
+echo "  docker compose -f env/docker-compose.yml exec nginx cat /tmp/pwned"