A docker environment for pwn in ctf based on phusion/baseimage:jammy-1.0.1, which is a modified ubuntu 22.04 baseimage for docker
docker build . --file Dockerfile --build-arg PWNTOOLS_VERSION=4.14.1 -t pwndocker:latest- pwntools —— CTF framework and exploit development library
- pwndbg —— a GDB plug-in that makes debugging with GDB suck less, with a focus on features needed by low-level software developers, hardware hackers, reverse-engineers and exploit developers
- pwngdb —— gdb for pwn
- ROPgadget —— facilitate ROP exploitation tool
- roputils —— A Return-oriented Programming toolkit
- one_gadget —— A searching one-gadget of execve('/bin/sh', NULL, NULL) tool for amd64 and i386
- angr —— A platform-agnostic binary analysis framework
- radare2 —— A rewrite from scratch of radare in order to provide a set of libraries and tools to work with binary files
- seccomp-tools —— Provide powerful tools for seccomp analysis
- linux_server[64] —— IDA 7.7 debug server for linux
- tmux —— a terminal multiplexer
- ltrace —— trace library function call
- strace —— trace system call
Default compiled glibc path is /glibc.
- 2.19 —— ubuntu 12.04 default libc version
- 2.23 —— ubuntu 16.04 default libc version
- 2.24 —— introduce vtable check in file struct
- 2.27 —— ubuntu 18.04 default glibc version
- 2.31 —— ubuntu 20.04 default glibc version(built-in)
- 2.28
2.30,2.332.36 —— latest libc versions
cp /glibc/2.27/64/lib/ld-2.27.so /tmp/ld-2.27.so
patchelf --set-interpreter /tmp/ld-2.27.so ./test
LD_PRELOAD=./libc.so.6 ./testor
from pwn import *
p = process(["/path/to/ld.so", "./test"], env={"LD_PRELOAD":"/path/to/libc.so.6"})if you want to run binary with glibc version 2.28:
root@pwn:/ctf/work# ldd /bin/ls
linux-vdso.so.1 (0x00007ffe065d3000)
libselinux.so.1 => /lib/x86_64-linux-gnu/libselinux.so.1 (0x00007f004089e000)
libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f00406ac000)
libpcre2-8.so.0 => /lib/x86_64-linux-gnu/libpcre2-8.so.0 (0x00007f004061c000)
libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007f0040616000)
/lib64/ld-linux-x86-64.so.2 (0x00007f00408f8000)
root@pwn:/ctf/work# /glibc/2.28/64/ld-2.28.so /bin/ls
/bin/ls: error while loading shared libraries: libselinux.so.1: cannot open shared object file: No such file or directoryYou can copy /lib/x86_64-linux-gnu/libselinux.so.1 and /lib/x86_64-linux-gnu/libpcre2-8.so.0 to /glibc/2.28/64/lib/, and sometimes it fails because the built-in libselinux.so.1 requires higher version libc:
root@pwn:/ctf/work# /glibc/2.28/64/ld-2.28.so /bin/ls
/bin/ls: /glibc/2.28/64/lib/libc.so.6: version `GLIBC_2.30' not found (required by /glibc/2.28/64/lib/libselinux.so.1)
it can be solved by copying libselinux.so.1 from ubuntu 18.04 which glibc version is 2.27 to /glibc/2.28/64/lib:
docker run -itd --name u18 ubuntu:18.04 /bin/bash
docker cp -L u18:/lib/x86_64-linux-gnu/libselinux.so.1 .
docker cp -L u18:/lib/x86_64-linux-gnu/libpcre2-8.so.0 .
docker cp libselinux.so.1 pwn:/glibc/2.28/64/lib/
docker cp libpcre2-8.so.0 pwn:/glibc/2.28/64/lib/
And now it succeeds:
root@pwn:/ctf/work# /glibc/2.28/64/ld-2.28.so /bin/ls -l /
use Ubuntu22, use zsh as default shell, update pwntools version to 4.14.1, lock radare2 version to 6.0.0, use RVM to install Ruby3.1.4
Please use Dockerfile to build this modified image
docker build . --file Dockerfile --build-arg PWNTOOLS_VERSION=4.14.1 -t pwndocker:latestadd zsh and ohmyzsh to docker image, update pwntools version to 4.11.0
add glibc versions 2.33~2.36 to docker image, and update pwntools version to 4.9.0
add pwntools_version docker build argument, 4.8.0b0 is set in repo docker build actions
add docker-compose.yml
add docker build action and update radare2 version to latest
update base image to 20.04(glibc 2.31) and add glibc 2.27
update radare2 to version 4.4.0 and add r2pipe python binding
add libc 2.30 and 2.31
python packages switched to python3 version, remove roputils.py