# pwndocker **Repository Path**: mrskye/pwndocker ## Basic Information - **Project Name**: pwndocker - **Description**: A docker environment for pwn in ctf - **Primary Language**: Unknown - **License**: GPL-3.0 - **Default Branch**: master - **Homepage**: None - **GVP Project**: No ## Statistics - **Stars**: 2 - **Forks**: 0 - **Created**: 2021-01-10 - **Last Updated**: 2023-01-07 ## Categories & Tags **Categories**: Uncategorized **Tags**: None ## README Pwndocker ========= A docker environment for pwn in ctf based on **phusion/baseimage:master-amd64**, which is a modified **ubuntu 20.04**baseimage for docker ### Usage docker run -d \ --rm \ -h ${ctf_name} \ --name ${ctf_name} \ -v $(pwd)/${ctf_name}:/ctf/work \ -p 23946:23946 \ --cap-add=SYS_PTRACE \ skysider/pwndocker docker exec -it ${ctf_name} /bin/bash ### included software - [pwntools](https://github.com/Gallopsled/pwntools) —— CTF framework and exploit development library - [pwndbg](https://github.com/pwndbg/pwndbg) —— a GDB plug-in that makes debugging with GDB suck less, with a focus on features needed by low-level software developers, hardware hackers, reverse-engineers and exploit developers - [pwngdb](https://github.com/scwuaptx/Pwngdb) —— gdb for pwn - [ROPgadget](https://github.com/JonathanSalwan/ROPgadget) —— facilitate ROP exploitation tool - [roputils](https://github.com/inaz2/roputils) —— A Return-oriented Programming toolkit - [one_gadget](https://github.com/david942j/one_gadget) —— A searching one-gadget of execve('/bin/sh', NULL, NULL) tool for amd64 and i386 - [angr](https://github.com/angr/angr) —— A platform-agnostic binary analysis framework - [radare2](https://github.com/radare/radare2) —— A rewrite from scratch of radare in order to provide a set of libraries and tools to work with binary files - [seccomp-tools](https://github.com/david942j/seccomp-tools) —— Provide powerful tools for seccomp analysis - linux_server[64] —— IDA 7.0 debug server for linux - [tmux](https://tmux.github.io/) —— a terminal multiplexer - [ltrace](https://linux.die.net/man/1/ltrace) —— trace library function call - [strace](https://linux.die.net/man/1/strace) —— trace system call ### included glibc Default compiled glibc path is `/glibc`. - 2.19 —— ubuntu 12.04 default libc version - 2.23 —— ubuntu 16.04 default libc version - 2.24 —— introduce vtable check in file struct - 2.27 —— ubuntu 18.04 default glibc version - 2.28~2.30 —— latest libc versions - 2.31 —— ubuntu 20.04 default glibc version(built-in) ### Q&A #### How to run in custom libc version? ```shell cp /glibc/2.27/64/lib/ld-2.27.so /tmp/ld-2.27.so patchelf --set-interpreter /tmp/ld-2.27.so ./test LD_PRELOAD=./libc.so.6 ./test ``` or ```python from pwn import * p = process(["/path/to/ld.so", "./test"], env={"LD_PRELOAD":"/path/to/libc.so.6"}) ``` #### How to run in custom libc version with other lib? if you want to run binary with glibc version 2.28: ```shell root@pwn:/ctf/work# ldd /bin/ls linux-vdso.so.1 (0x00007ffe065d3000) libselinux.so.1 => /lib/x86_64-linux-gnu/libselinux.so.1 (0x00007f004089e000) libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f00406ac000) libpcre2-8.so.0 => /lib/x86_64-linux-gnu/libpcre2-8.so.0 (0x00007f004061c000) libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007f0040616000) /lib64/ld-linux-x86-64.so.2 (0x00007f00408f8000) root@pwn:/ctf/work# /glibc/2.28/64/ld-2.28.so /bin/ls /bin/ls: error while loading shared libraries: libselinux.so.1: cannot open shared object file: No such file or directory ``` You can copy /lib/x86_64-linux-gnu/libselinux.so.1 and /lib/x86_64-linux-gnu/libpcre2-8.so.0 to /glibc/2.28/64/lib/, and sometimes