skysider / pwndocker Goto Github PK
View Code? Open in Web Editor NEWA docker environment for pwn in ctf
License: GNU General Public License v3.0
A docker environment for pwn in ctf
License: GNU General Public License v3.0
Notice that angr is included in README, but actually I can't import it in neither python2 nor python3. I have checked Dockerfile and find it seems that nothing about angr exists, which makes me confused.
Thank you so much.
Hi,
first of all, thanks for this image, it has been of great help when pwning!
I think there is an issue with the Dockerfile, as pulling the image from scratch yields to an error:
> docker pull skysider/pwndocker:latest
latest: Pulling from skysider/pwndocker
345e3491a907: Pull complete
57671312ef6f: Pull complete
5e9250ddb7d0: Pull complete
469c73a16ba5: Pull complete
6d234dc15284: Pull complete
42cbb779a68f: Pull complete
726d55798abf: Downloading [=========================> ] 156.5MB/306MB
511af35a6a8b: Download complete
18c5e01ba678: Download complete
5f90fb92201d: Download complete
e376bbea8312: Download complete
14641206fa09: Download complete
1ea7e5742d7c: Download complete
a2aa00890aee: Download complete
d726458fad58: Downloading [=====> ] 33.76MB/294.8MB
8f7ea1bd4f01: Download complete
0e3bb34b7406: Download complete
6ef28762945f: Downloading
bf5fd95ca7c6: Waiting
dfc489ce0e2d: Waiting
0bf33740dafa: Waiting
b98b027f6ebd: Waiting
8acef8e579a8: Waiting
2ee39d26bcf6: Waiting
12441af2add7: Waiting
c70656af2b50: Waiting
2d0d71ee97a3: Waiting
50ea63e52fc0: Waiting
e9a6fb786549: Waiting
3a54190c7994: Waiting
d96ea314b9a1: Waiting
docker: unauthorized: authentication required. <------------ Error here!
It looks like it happens when docker tries to download the image with (partial?) hash 6ef28762945f
.
Steps:
目前的pwndocker提供了glibc流行版本的编译文件,但是gdb调试进libc时没有对应的源码信息,是否可以为每个版本提供源码调试支持?
每次都是新docker,每次打开Pwndocker都需要设置一遍root的密码才行,能否在dockerfile中直接设置一个默认密码呢?
I run
patchelf --set-interpreter /glibc/2.23/64/lib/ld-2.23.so ./binary
and I run ldd on the binary
/glibc/2.23/64/lib/ld-2.23.so => /usr/lib64/ld-linux-x86-64.so.2 (0x00007f0118a0a000)
It stills points to the default libc. If I try to set LD_PRELOAD to the 2.23 libc, it crashes.
phusion/baseimage:master-amd64 updated to libc-2.31 , 现在缺少2.27的libc了
When I tring to use gdb.attach(io) in py script using pwntools.
An Error occurred said :
Waiting for debugger: debugger exited! (maybe check /proc/sys/kernel/yama/ptrace_scope)
Here is my exp code:
from pwn import *
context.log_level = "debug"
context.terminal = ["tmux","splitw","-h"]
io = process("./login")
io.recvuntil("Input the username:")
io.sendline("a"*0x7a)
gdb.attach(io)
io.recvuntil("Input the password:")
io.sendline("b"*0x10)
io.interactive()
I have searched for this problem and tried method listed as below,All of them didn't work:
--privilidged
option to the docker start file:
docker run -d \
--rm \
-h $1 \
--name $1 \
-v $(pwd)/$1:/ctf/work \
-p 23946:23946 \
--privileged \
--cap-add=SYS_PTRACE \
skysider/pwndocker
docker exec -it $1 /bin/bash
--security-opt seccomp=unconfined
option to the docker start file:
docker run -d \
--rm \
-h $1 \
--name $1 \
-v $(pwd)/$1:/ctf/work \
-p 23946:23946 \
--privileged \
--cap-add=SYS_PTRACE \
--security-opt seccomp=unconfined \
skysider/pwndocker
docker exec -it $1 /bin/bash
--security-opt apparmor=unconfined
option to the docker start file:
docker run -d \
--rm \
-h $1 \
--name $1 \
-v $(pwd)/$1:/ctf/work \
-p 23946:23946 \
--privileged \
--cap-add=SYS_PTRACE \
--security-opt apparmor=unconfined \
--security-opt seccomp=unconfined \
skysider/pwndocker
docker exec -it $1 /bin/bash
echo 0 > /proc/sys/kernel/yama/ptrace_scope
Basic System Information:
Machine that running docker: Ubuntu 20.04 running on Virtual Box
i think maybe need tzdata in image,do you have any other method to solve it.
This repo is really useful! Thanks for sharing.
The glibc included in the docker image are kind of outdated. Ubuntu 22.04 now uses glibc 2.35 but the image only support glibc 2.31. Can we add the latest libc (2.34~2.36) to the docker image?
While trying to open up a binary with gdb
inside the container, it reports:
warning: Error disabling address space randomization: Operation not permitted
A Stack Overflow answer suggested adding a --security-opt seccomp=unconfined
option on the command line. The docker-compose
version of this would be:
security_opt:
- seccomp:unconfined
Adding this option to the docker-compose.yml
makes gdb
work properly. I would just open up a PR but I'm not sure if this is the right approach. The issue is there, modifying the docker-compose.yml
file is just a suggestion.
when running exploit script and attaching dynamically or not even interracting with binary and after process started if I attach i get this Traceback (most recent call last):
File "hack20.py", line 9, in
gdb.attach(p)
File "/usr/local/lib/python3.8/dist-packages/pwnlib/context/init.py", line 1543, in setter
return function(a, **kw)
File "/usr/local/lib/python3.8/dist-packages/pwnlib/gdb.py", line 1051, in attach
gdb_pid = misc.run_in_new_terminal(cmd, preexec_fn = preexec_fn)
File "/usr/local/lib/python3.8/dist-packages/pwnlib/util/misc.py", line 297, in run_in_new_terminal
pid = int(out)
ValueError: invalid literal for int() with base 10: b''
[] Stopped process './sint' (pid 20)
adding zsh will makes bash looks more prettier!
https://github.com/ohmyzsh/ohmyzsh
git clone --depth 1 https://github.com.cnpmjs.org/Gallopsled/pwntools.git
pip install --upgrade --editable ./pwntools
Notice that roputils is included in README, but actually I can't import it in neither python2 nor python3. I have checked Dockerfile and find it seems that nothing about roputils exists, which makes me confused.
Thank you so much.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.