Pwndocker

A docker environment for pwn in ctf based on phusion/baseimage, which is a modified ubuntu 16.04 baseimage for docker. I forked and magic changed by pwndocker

Usage

docker pull kder/pwndocker

docker run -it \
	--rm \
	-v $(pwd)/${ctf_name}:/ctf/work \ 
	-p 23946:23946  \	
	--privileged  \
	--cap-add=SYS_PTRACE \
  	--security-opt seccomp=unconfined \
	pwndocker

included software

pwntools —— CTF framework and exploit development library
pwndbg —— a GDB plug-in that makes debugging with GDB suck less, with a focus on features needed by low-level software developers, hardware hackers, reverse-engineers and exploit developers
pwngdb —— gdb for pwn
ROPgadget —— facilitate ROP exploitation tool
roputils —— A Return-oriented Programming toolkit
one_gadget —— A searching one-gadget of execve('/bin/sh', NULL, NULL) tool for amd64 and i386
angr —— A platform-agnostic binary analysis framework
radare2 —— A rewrite from scratch of radare in order to provide a set of libraries and tools to work with binary files
welpwn —— designed to make pwnning an art, freeing you from dozens of meaningless jobs.
linux_server[64] —— IDA 7.0 debug server for linux
tmux —— a terminal multiplexer
ltrace —— trace library function call
strace —— trace system call

added softwares

zsh && oh-my-zsh -- A delightful community-driven (with 1,300+ contributors) framework for managing your zsh configuration.
peda -- Python Exploit Development Assistance for GDB
socat -- A relay for bidirectional data transfer between two independent data channels.
z3 -- Theorem Prover
seccomp-tools -- Provide powerful tools for seccomp analysis
qemu -- QEMU is a generic and open source machine emulator and virtualizer. .gdbinit .zshrc .tmux.conf

included glibc

Default compiled glibc path is /glibc.

2.19 —— ubuntu 12.04 default libc version
2.23 —— pwndocker default libc version
2.24 —— introduce vtable check in file struct
2.27 —— intruduce tcache in heap (since 2.26)
2.28 —— new libc version ubuntu19.04
2.29 —— new libc version ubuntu19.04
2.30 —— new libc version ubuntu19.10
2.31 —— new libc version ubuntu20.04

include multiarch libraries

arm -- gcc-5-arm-linux-gnueabi
aarch64 -- gcc-5-aarch64-linux-gnu
mips -- gcc-5-mips-linux-gnu
mipsel -- gcc-5-mipsel-linux-gnu
mips64 -- gcc-5-mips64-linux-gnuabi64
mips64el -- gcc-5-mips64el-linux-gnuabi64
powerpc -- gcc-5-powerpc-linux-gnu
powerpc64 -- gcc-5-powerpc64-linux-gnu
powerpc64le -- gcc-5-powerpc64le-linux-gnu

How to run in custom libc version?

cp /glibc/2.27/64/lib/ld-2.27.so /tmp/ld-2.27.so
patchelf --set-interpreter /tmp/ld-2.27.so ./test
LD_PRELOAD=./libc.so.6 ./test

from pwn import *
p = process(["/path/to/ld.so", "./test"], env={"LD_PRELOAD":"/path/to/libc.so.6"})

notice

some work to do : improve gdb you need to revise .gdbinit reference gdbinit in this .git

zer0-1s / Pwndocker-1