Skip to content
A docker environment for pwn in ctf
Dockerfile
Branch: master
Clone or download
Ubuntu
Ubuntu add angr
Latest commit 997f267 Aug 2, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
Dockerfile add angr Aug 2, 2019
LICENSE.md Update LICENSE.md Jan 7, 2017
README.md add roputils and libc 2.29 Jul 10, 2019
linux_server replace gef with pwndbg Apr 23, 2018
linux_server64 replace gef with pwndbg Apr 23, 2018
pip.conf transform to 18.04, add seccomp-tools Jun 30, 2019
sources.list transform to 18.04, add seccomp-tools Jun 30, 2019

README.md

Pwndocker

A docker environment for pwn in ctf based on phusion/baseimage:master-amd64, which is a modified ubuntu 18.04 baseimage for docker

Usage

docker run -d \
	--rm \
	-h ${ctf_name} \
	--name ${ctf_name} \
	-v $(pwd)/${ctf_name}:/ctf/work \
	-p 23946:23946 \
	--cap-add=SYS_PTRACE \
	skysider/pwndocker

docker exec -it ${ctf_name} /bin/bash

included software

  • pwntools —— CTF framework and exploit development library
  • pwndbg —— a GDB plug-in that makes debugging with GDB suck less, with a focus on features needed by low-level software developers, hardware hackers, reverse-engineers and exploit developers
  • pwngdb —— gdb for pwn
  • ROPgadget —— facilitate ROP exploitation tool
  • roputils —— A Return-oriented Programming toolkit
  • one_gadget —— A searching one-gadget of execve('/bin/sh', NULL, NULL) tool for amd64 and i386
  • angr —— A platform-agnostic binary analysis framework
  • radare2 —— A rewrite from scratch of radare in order to provide a set of libraries and tools to work with binary files
  • seccomp-tools —— Provide powerful tools for seccomp analysis
  • linux_server[64] —— IDA 7.0 debug server for linux
  • tmux —— a terminal multiplexer
  • ltrace —— trace library function call
  • strace —— trace system call

included glibc

Default compiled glibc path is /glibc.

  • 2.19 —— ubuntu 12.04 default libc version
  • 2.23 —— ubuntu 16.04 default libc version
  • 2.24 —— introduce vtable check in file struct
  • 2.27 —— pwndocker default glibc version
  • 2.28 —— new libc version
  • 2.29 —— latest libc version

How to run in custom libc version?

cp /glibc/2.27/64/lib/ld-2.27.so /tmp/ld-2.27.so
patchelf --set-interpreter /tmp/ld-2.27.so ./test
LD_PRELOAD=./libc.so.6 ./test

or

from pwn import *
p = process(["/path/to/ld.so", "./test"], env={"LD_PRELOAD":"/path/to/libc.so.6"})
You can’t perform that action at this time.