- Binjitsu
- Pwndbg
- Radare2
- Firmware tools (fmk / qemu)
- angr
- ROPGadget
- decompile - Add API key to
host-share/decompile-api - qira
- binwalk
- apktool
docker pull ctfhacker/epictreasure
docker run -v /path/to/host/share/folder:/root/host-share --privileged -it --workdir=/root ctfhacker/epictreasure
Check Virtualbox for information on installing Virtualbox on your respective operating system.
Check VagrantUp for information on installing vagrant.
git clone https://github.com/ctfhacker/epictreasure
cd epictreasure
mkdir host-share
vagrant up
... Go grab a coffee while we install all the things
vagrant ssh
By default, my dotfiles are installed onto the VM. Simply comment out the following lines in et_setup.sh if you don't want my settings.
# Personal config
sudo sudo apt-get -y install stow
cd /home/vagrant
rm .bashrc
git clone https://github.com/thebarbershopper/dotfiles
cd dotfiles
./install.sh
- Colorscheme for the terminal and vim is solarized
jkorjjtoESCout of VimESCandArrow keysare hard coded to not work in Vim (as a teaching mechanism):is remapped to;(who uses ; anyway?)- leader key is
SPACE(thanks to spacemacs) SPACE pwill drop an embedded IPython line in a python scriptHmoves to beginning of line,Lmoves to end of line (instead of^and$)
- A new shell spawns a fresh
tmuxsession tmuxleader switched toCtrl+ACtrl+A -produces a horizontal pane.Ctrl+A \produces a vertical pane.Ctrl+A [hjkl]moves around available panes as vim motion
Run the following command in the VM:
gdb /bin/ls
Expected output:
Loaded 53 commands. Type pwndbg for a list.
Reading symbols from host-share/crackme...(no debugging symbols found)...done.
Only available when running
pwn>
Run the following command in the VM:
r2 /bin/ls
Expected output:
[0x00404890]> aaa
Run the following command in the VM:
python
>>> from pwn import *
>>> elf = ELF('/bin/ls')
[*] '/bin/ls'
Arch: amd64-64-little
RELRO: Partial RELRO
Stack: Canary found
NX: NX enabled
PIE: No PIE
FORTIFY: Enabled
>>> rop = ROP(elf)
[*] Loading gadgets for '/bin/ls'
Run the following commands in the VM:
source ~/angr/bin/activate
python
>>> import angr
>>>
Run the following commands in the VM:
decompile binary_name
Drop files in the host-share folder on your host to find them on your VM at /home/vagrant/host-share