Added johns-library

inst_prof/README.md

@@ -1,4 +1,4 @@
-# `inst_prof` from DEFCON Quals 2016
+# `inst_prof` from 2017 GoogleCTF Quals
 
 `inst_prof` is an excellent challenge from the
 [2017 GoogleCTF Quals][google-quals-2017].

johns-library/Dockerfile

@@ -0,0 +1,9 @@
+FROM adamdoupe/vuln-base:latest
+
+COPY contents/ /challenge
+RUN chmod +x challenge
+
+WORKDIR /challenge
+
+EXPOSE 31337
+CMD ["/usr/sbin/xinetd", "-d", "-dontfork", "-f", "challenge.conf"]

johns-library/Makefile

@@ -0,0 +1,42 @@
+CC_FLAGS = -m32 -fno-stack-protector -mpreferred-stack-boundary=2 -Wno-format -D_FORTIFY_SOURCE=0
+
+
+MKFILE_PATH := $(abspath $(lastword $(MAKEFILE_LIST)))
+CURRENT_DIR := $(shell basename "$(shell dirname "$(MKFILE_PATH)")")
+
+CHALL_NAME = $(CURRENT_DIR)
+DOCKERHUB_ACCOUNT = adamdoupe
+ALL_CONTENTS_FILES = $(shell find contents -type f)
+
+THIS_FILE := $(lastword $(MAKEFILE_LIST))
+
+
+.PHONY: run debug-shell build deploy run
+
+all: build
+
+run: 
+	docker run --rm -p 127.0.0.1:31337:31337 -it $(DOCKERHUB_ACCOUNT)/$(CHALL_NAME)
+
+debug-shell:
+	docker run --rm --security-opt seccomp:unconfined -it $(DOCKERHUB_ACCOUNT)/$(CHALL_NAME) bash
+
+build: 
+	docker build . -t $(DOCKERHUB_ACCOUNT)/$(CHALL_NAME)
+
+deploy: build
+	docker push $(DOCKERHUB_ACCOUNT)/$(CHALL_NAME)
+
+compile: contents/challenge 
+
+contents/challenge: contents/$(CHALL_NAME).c
+	@$(MAKE) -f $(THIS_FILE) build
+	docker run -i --rm -v /build --volumes-from=$(BUILD) $(DOCKERHUB_ACCOUNT)/$(CHALL_NAME) bash -c "gcc $(CC_FLAGS) $(CHALL_NAME).c -o /build/$(CHALL_NAME)"; status=$$?; docker cp $(BUILD):/build/$(CHALL_NAME) .; docker rm -f -v $(BUILD); cp $(CHALL_NAME) contents/challenge; exit $$status
+	@$(MAKE) -f $(THIS_FILE) build
+
+libc.so.6:
+	docker run -i --rm $(DOCKERHUB_ACCOUNT)/$(CHALL_NAME) bash -c 'echo "$$(file ./challenge)" | grep "32-bit"; if [ $$? -eq 0 ]; then cat /lib/i386-linux-gnu/libc.so.6; else cat /lib/x86_64-linux-gnu/libc.so.6; fi;' > libc.so.6
+
+
+BUILD_GEN = $(shell docker create -v /build $(DOCKERHUB_ACCOUNT)/$(CHALL_NAME))
+BUILD = $(eval BUILD := $(BUILD_GEN))$(BUILD)

johns-library/README.md

@@ -0,0 +1,46 @@
+# `johns-library` from poliCTF 2015
+
+`johns-library` is an excellent challenge from the
+[2015 poliCTF][polictf-2015].
+
+You are given the [binary][binary]. The challange was `pwnable` worth 150 points. 
+
+The goal is to write a repeatable exploit script to steal the flag
+(located at `/challenge/flag`) remotely.
+
+To run the challenge locally on your machine:
+
+	docker run -p 127.0.0.1:31337:31337 -it adamdoupe/johns-library
+
+This will download the [docker image][docker-container] and run it
+using docker. The challenge is running under [xinetd][xinetd-man] on
+port 31337 in the container. The `-p` option maps the localhost's port
+31337 to the docker container's port 31337. The 127.0.0.1 part is
+optional (this restricts the port on your actual machine to only
+listen for connections from localhost), however you are running
+intentionally vulnerable software on your machine, so it's not a good
+idea for it to be accessible to other machines.
+
+You should then be able to access johns-library like so:
+
+	nc localhost 31337
+
+To jump in and debug the program, you can use the following command
+to get a bash shell
+
+	docker run --security-opt seccomp:unconfined -it adamdoupe/johns-library bash
+
+[google-quals-2017]: https://ctftime.org/event/455
+[quals-2016]: https://ctftime.org/event/320
+[pctf-2017]: https://ctftime.org/event/439
+[polictf-2015]: https://ctftime.org/event/207
+[binary]: johns-library
+[docker-container]: https://hub.docker.com/r/adamdoupe/johns-library/
+[xinetd-man]: https://linux.die.net/man/8/xinetd
+[adamd-homepage]: http://adamdoupe.com
+[rop]: https://en.wikipedia.org/wiki/Return-oriented_programming
+[babys-first-rop-32]: ../babys-first-rop-32/README.md
+[baby-pivot]: ../baby-pivot/README.md
+[format-your-pivot]: ../format-your-pivot/README.md
+[one-byte-to-freedom]: ../one-byte-to-freedom/README.md
+[libc]: libc.so.6

johns-library/contents/flag

@@ -0,0 +1 @@
+flag{John_should_read_a_real_book_on_s3cur3_pr0gr4mm1ng}