├── .gdbinit
├── .gitignore
├── .tmux.conf
├── .zshrc
├── Dockerfile
├── Dockerfile.ubuntu-16.04
├── Dockerfile.ubuntu-18.04
├── LICENSE
├── README.md
├── auto_compile-no-check.sh
├── auto_compile.sh
├── flag
├── gdb-gef
├── gdb-pwndbg
├── gif
    ├── 623588.gif
    └── 623673.gif
├── heaptrace
├── test-this-container.sh
└── update.sh


/.gdbinit:
--------------------------------------------------------------------------------
 1 | source ~/pwndbg/gdbinit.py
 2 | source ~/Pwngdb/pwngdb.py
 3 | source ~/Pwngdb/angelheap/gdbinit.py
 4 | 
 5 | # don't skip repeat value when use telescope
 6 | set telescope-skip-repeating-val off
 7 | 
 8 | # show flags
 9 | set show-flags on
10 | 
11 | # show LR in aarch64
12 | set show-retaddr-reg on
13 | 
14 | # set backtrace lines 4
15 | set context-backtrace-lines 4
16 | 
17 | # don't stop the process when catch alarm signal
18 | handle SIGALRM nostop print
19 | 
20 | # set follow-fork-mode parent
21 | # don't detach when fork is called 
22 | set detach-on-fork off
23 | 
24 | # set sourcecode directory
25 | # directory /usr/src/glibc/glibc-2.27/malloc
26 | 
27 | # show content of address using offset when PIE is enabled
28 | define sbase
29 |     if $argc == 1
30 |         telescope $rebase($arg0) 10
31 |     end
32 | 
33 |     if $argc == 2
34 |         telescope $rebase($arg0) $arg1
35 |     end
36 | end
37 | 
38 | # set breakpoints using offset when PIE is enabled
39 | define bbase
40 |     b *$rebase($arg0)
41 | end
42 | 
43 | define dq
44 |     if $argc == 1
45 |         x /8gx $arg0
46 |     end
47 |     if $argc == 2
48 |         x /$arg1gx $arg0
49 |     end
50 | end
51 | 
52 | define dd
53 |     if $argc == 1
54 |         x /16wx $arg0
55 |     end
56 |     if $argc == 2
57 |         x /$arg1wx $arg0
58 |     end
59 | end
60 | 
61 | define dw
62 |     if $argc == 1
63 |         x /32hx $arg0
64 |     end
65 |     if $argc == 2
66 |         x /$arg1hx $arg0
67 |     end
68 | end
69 | 
70 | define db
71 |     if $argc == 1
72 |         x /64bx $arg0
73 |     end
74 |     if $argc == 2
75 |         x /$arg1bx $arg0
76 |     end
77 | end
78 | 
79 | # enable Pwngdb from https://github.com/scwuaptx/Pwngdb
80 | define hook-run
81 | python
82 | import angelheap
83 | angelheap.init_angelheap()
84 | end
85 | end


--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 | *.secret


--------------------------------------------------------------------------------
/.tmux.conf:
--------------------------------------------------------------------------------
 1 | # C-b即Ctrl+b键，unbind意味着解除绑定
 2 | unbind C-b
 3 | 
 4 | # 绑定Ctrl+a为新的指令前缀
 5 | set -g prefix C-a
 6 | 
 7 | # 从tmux v1.6版起，支持设置第二个指令前缀, 设置一个不常用的`键作为指令前缀，按键更快
 8 | set-option -g prefix2 ` 
 9 | 
10 | # 关闭自动重命名
11 | setw -g automatic-rename off
12 | 
13 | # 禁止活动进程修改窗口名
14 | setw -g allow-rename off
15 | 
16 | # 使用vi风格
17 | setw -g mode-keys vi
18 | 
19 | # 是否开启鼠标支持, 这里没有开启
20 | # set-option -g mouse on 
21 | 
22 | # --------------------from tmux_plugins/sensible-------------------------------
23 | # Address vim mode switching delay (http://superuser.com/a/252717/65504)
24 | set -s escape-time 0
25 | 
26 | # Increase scrollback buffer size from 2000 to 50000 lines
27 | set -g history-limit 50000
28 | 
29 | # Increase tmux messages display duration from 750ms to 4s
30 | set -g display-time 4000
31 | 
32 | # Refresh 'status-left' and 'status-right' more often, from every 15s to 5s
33 | set -g status-interval 5
34 | 
35 | # Upgrade $TERM
36 | set -g default-terminal "screen-256color"
37 | 
38 | # Emacs key bindings in tmux command prompt (prefix + :) are better than
39 | # vi keys, even for vim users
40 | #set -g status-keys emacs
41 | 
42 | # Focus events enabled for terminals that support them
43 | set -g focus-events on
44 | 
45 | # Super useful when using "grouped sessions" and multi-monitor setup
46 | setw -g aggressive-resize on
47 | 
48 | 
49 | # 修改分屏快捷键
50 | unbind '"'
51 | bind - splitw -v -c '#{pane_current_path}' # 垂直方向新增面板，默认进入当前目录
52 | unbind %
53 | bind | splitw -h -c '#{pane_current_path}' # 水平方向新增面板，默认进入当前目录
54 | 
55 | # 设置面板大小调整快捷键
56 | bind j resize-pane -D 5
57 | bind k resize-pane -U 5
58 | bind h resize-pane -L 5
59 | bind l resize-pane -R 5
60 | 
61 | # 刷新配置文件
62 | bind R run-shell "tmux source-file ~/.tmux.conf"
63 | 
64 | # 上一个窗口
65 | bind a last-window


--------------------------------------------------------------------------------
/.zshrc:
--------------------------------------------------------------------------------
  1 | # If you come from bash you might have to change your $PATH.
  2 | # export PATH=$HOME/bin:/usr/local/bin:$PATH
  3 | 
  4 | # Path to your oh-my-zsh installation.
  5 | export ZSH="$HOME/.oh-my-zsh"
  6 | export PATH=$HOME/.local/bin:$PATH
  7 | 
  8 | alias openaslr="sudo -u root sh -c 'echo 2 >/proc/sys/kernel/randomize_va_space'"
  9 | alias closeaslr="sudo -u root sh -c 'echo 0 >/proc/sys/kernel/randomize_va_space'"
 10 | if [ ! "$TMUX" = "" ]; then export TERM=xterm-256color; fi # auto-suggestion in tmux
 11 | fpath+=${ZSH_CUSTOM:-${ZSH:-~/.oh-my-zsh}/custom}/plugins/zsh-completions/src
 12 | 
 13 | # Set name of the theme to load --- if set to "random", it will
 14 | # load a random theme each time oh-my-zsh is loaded, in which case,
 15 | # to know which specific one was loaded, run: echo $RANDOM_THEME
 16 | # See https://github.com/ohmyzsh/ohmyzsh/wiki/Themes
 17 | ZSH_THEME="ys"
 18 | 
 19 | # Set list of themes to pick from when loading at random
 20 | # Setting this variable when ZSH_THEME=random will cause zsh to load
 21 | # a theme from this variable instead of looking in $ZSH/themes/
 22 | # If set to an empty array, this variable will have no effect.
 23 | # ZSH_THEME_RANDOM_CANDIDATES=( "robbyrussell" "agnoster" )
 24 | 
 25 | # Uncomment the following line to use case-sensitive completion.
 26 | # CASE_SENSITIVE="true"
 27 | 
 28 | # Uncomment the following line to use hyphen-insensitive completion.
 29 | # Case-sensitive completion must be off. _ and - will be interchangeable.
 30 | # HYPHEN_INSENSITIVE="true"
 31 | 
 32 | # Uncomment one of the following lines to change the auto-update behavior
 33 | # zstyle ':omz:update' mode disabled  # disable automatic updates
 34 | # zstyle ':omz:update' mode auto      # update automatically without asking
 35 | # zstyle ':omz:update' mode reminder  # just remind me to update when it's time
 36 | 
 37 | # Uncomment the following line to change how often to auto-update (in days).
 38 | # zstyle ':omz:update' frequency 13
 39 | 
 40 | # Uncomment the following line if pasting URLs and other text is messed up.
 41 | # DISABLE_MAGIC_FUNCTIONS="true"
 42 | 
 43 | # Uncomment the following line to disable colors in ls.
 44 | # DISABLE_LS_COLORS="true"
 45 | 
 46 | # Uncomment the following line to disable auto-setting terminal title.
 47 | # DISABLE_AUTO_TITLE="true"
 48 | 
 49 | # Uncomment the following line to enable command auto-correction.
 50 | # ENABLE_CORRECTION="true"
 51 | 
 52 | # Uncomment the following line to display red dots whilst waiting for completion.
 53 | # You can also set it to another string to have that shown instead of the default red dots.
 54 | # e.g. COMPLETION_WAITING_DOTS="%F{yellow}waiting...%f"
 55 | # Caution: this setting can cause issues with multiline prompts in zsh < 5.7.1 (see #5765)
 56 | # COMPLETION_WAITING_DOTS="true"
 57 | 
 58 | # Uncomment the following line if you want to disable marking untracked files
 59 | # under VCS as dirty. This makes repository status check for large repositories
 60 | # much, much faster.
 61 | # DISABLE_UNTRACKED_FILES_DIRTY="true"
 62 | 
 63 | # Uncomment the following line if you want to change the command execution time
 64 | # stamp shown in the history command output.
 65 | # You can set one of the optional three formats:
 66 | # "mm/dd/yyyy"|"dd.mm.yyyy"|"yyyy-mm-dd"
 67 | # or set a custom format using the strftime function format specifications,
 68 | # see 'man strftime' for details.
 69 | # HIST_STAMPS="mm/dd/yyyy"
 70 | 
 71 | # Would you like to use another custom folder than $ZSH/custom?
 72 | # ZSH_CUSTOM=/path/to/new-custom-folder
 73 | 
 74 | # Which plugins would you like to load?
 75 | # Standard plugins can be found in $ZSH/plugins/
 76 | # Custom plugins may be added to $ZSH_CUSTOM/plugins/
 77 | # Example format: plugins=(rails git textmate ruby lighthouse)
 78 | # Add wisely, as too many plugins slow down shell startup.
 79 | plugins=(git zsh-syntax-highlighting z sudo extract tmux colored-man-pages zsh-autosuggestions) 
 80 | 
 81 | source $ZSH/oh-my-zsh.sh
 82 | 
 83 | # User configuration
 84 | 
 85 | # export MANPATH="/usr/local/man:$MANPATH"
 86 | 
 87 | # You may need to manually set your language environment
 88 | # export LANG=en_US.UTF-8
 89 | 
 90 | # Preferred editor for local and remote sessions
 91 | # if [[ -n $SSH_CONNECTION ]]; then
 92 | #   export EDITOR='vim'
 93 | # else
 94 | #   export EDITOR='mvim'
 95 | # fi
 96 | 
 97 | # Compilation flags
 98 | # export ARCHFLAGS="-arch x86_64"
 99 | 
100 | 


--------------------------------------------------------------------------------
/Dockerfile:
--------------------------------------------------------------------------------
  1 | ARG BUILD_VERSION
  2 | 
  3 | FROM ubuntu:$BUILD_VERSION
  4 | 
  5 | ARG DEBIAN_FRONTEND=noninteractive
  6 | ARG HUB_DOMAIN=github.com
  7 | ARG NORMAL_USER_NAME=ctf
  8 | 
  9 | ENV TZ=Etc/UTC
 10 | ENV LANG=en_US.UTF-8
 11 | ENV LANGUAGE=en_US:en
 12 | ENV LC_ALL=en_US.UTF-8
 13 | 
 14 | WORKDIR /root
 15 | 
 16 | RUN apt-get update && apt-get -y dist-upgrade && apt-get install -y --fix-missing python3 python3-pip python3-dev lib32z1 \
 17 |     xinetd curl gcc gdb gdbserver g++ git libssl-dev libffi-dev build-essential tmux \
 18 |     vim iputils-ping gdb-multiarch \
 19 |     file net-tools socat ruby ruby-dev locales autoconf automake libtool make && \
 20 |     gem install one_gadget && \
 21 |     gem install seccomp-tools && \
 22 |     sed -i '/en_US.UTF-8/s/^# //g' /etc/locale.gen && locale-gen
 23 | 
 24 | # 先执行容易失败的操作
 25 | RUN git clone https://${HUB_DOMAIN}/pwndbg/pwndbg && \
 26 |     cd ./pwndbg && \
 27 |     ./setup.sh
 28 | 
 29 | RUN git clone https://${HUB_DOMAIN}/NixOS/patchelf.git && \
 30 |     cd ./patchelf && \
 31 |     ./bootstrap.sh && \
 32 |     ./configure && \
 33 |     make && \
 34 |     make install
 35 | 
 36 | RUN git clone https://${HUB_DOMAIN}/hugsy/gef.git && \
 37 |     git clone https://${HUB_DOMAIN}/RoderickChan/Pwngdb.git && \
 38 |     git clone https://${HUB_DOMAIN}/Gallopsled/pwntools && \
 39 |     (mv /usr/lib/python3.1?/EXTERNALLY-MANAGED /etc/EXTERNALLY-MANAGED.bck || true) && \
 40 |     pip3 install --upgrade --editable ./pwntools && \
 41 |     git clone https://${HUB_DOMAIN}/RoderickChan/pwncli.git && \
 42 |     pip3 install --upgrade --editable ./pwncli
 43 | 
 44 | 
 45 | COPY ./gdb-gef /bin
 46 | COPY ./gdb-pwndbg /bin
 47 | COPY ./update.sh /bin
 48 | COPY ./test-this-container.sh /bin
 49 | COPY ./heaptrace /bin
 50 | COPY ./.tmux.conf ./
 51 | COPY ./.gdbinit ./
 52 | COPY ./flag /
 53 | COPY ./flag /flag.txt
 54 | 
 55 | RUN chmod +x /bin/gdb-gef /bin/gdb-pwndbg /bin/update.sh /bin/test-this-container.sh /bin/heaptrace && \
 56 |     echo "root:root" | chpasswd && \
 57 |     (python3 -m pip install --upgrade pip || true ) && \
 58 |     pip3 install ropper capstone z3-solver qiling lief
 59 | 
 60 | # normal user
 61 | RUN useradd ${NORMAL_USER_NAME} -d /home/${NORMAL_USER_NAME} -m -s /bin/bash -u 1001 && \
 62 |     echo "${NORMAL_USER_NAME}:${NORMAL_USER_NAME}" | chpasswd && \
 63 |     cp -r /root/pwndbg /home/${NORMAL_USER_NAME} && \
 64 |     cp -r /root/gef /home/${NORMAL_USER_NAME} && \
 65 |     cp -r /root/pwntools /home/${NORMAL_USER_NAME} && \
 66 |     cp -r /root/Pwngdb /home/${NORMAL_USER_NAME} && \
 67 |     cp -r /root/pwncli /home/${NORMAL_USER_NAME} && \
 68 |     cp /root/.tmux.conf /home/${NORMAL_USER_NAME} && \
 69 |     cp /root/.gdbinit /home/${NORMAL_USER_NAME} && \
 70 |     cp /flag /home/${NORMAL_USER_NAME} && \
 71 |     cp /flag.txt /home/${NORMAL_USER_NAME} && \
 72 |     chown -R ${NORMAL_USER_NAME}:${NORMAL_USER_NAME} /home/${NORMAL_USER_NAME}
 73 | 
 74 | USER ${NORMAL_USER_NAME}:${NORMAL_USER_NAME}
 75 | 
 76 | WORKDIR /home/${NORMAL_USER_NAME}
 77 | 
 78 | RUN pip3 install --upgrade --editable ./pwntools && \
 79 |     pip3 install --upgrade --editable ./pwncli
 80 | 
 81 | 
 82 | # switch to root and install zsh
 83 | USER root:root
 84 | RUN apt-get install -y sudo zsh && usermod -s /bin/zsh ${NORMAL_USER_NAME} && \
 85 |     echo "${NORMAL_USER_NAME} ALL=(ALL) NOPASSWD : ALL" | tee /etc/sudoers.d/${NORMAL_USER_NAME}sudo 
 86 | 
 87 | # switch 2 normal user
 88 | USER ${NORMAL_USER_NAME}:${NORMAL_USER_NAME}
 89 | WORKDIR /home/${NORMAL_USER_NAME}
 90 | 
 91 | 
 92 | # install on-my-zsh
 93 | RUN curl -fsSL -O https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh && \
 94 |     chmod +x  ./install.sh && \ 
 95 |     sed -i -e 's/read[[:space:]]*-r[[:space:]]*opt/opt=n/g' ./install.sh && \
 96 |     ./install.sh && \
 97 |     git clone https://github.com/zsh-users/zsh-syntax-highlighting.git ${ZSH_CUSTOM:-~/.oh-my-zsh/custom}/plugins/zsh-syntax-highlighting && \
 98 |     git clone https://github.com/zsh-users/zsh-autosuggestions ${ZSH_CUSTOM:-~/.oh-my-zsh/custom}/plugins/zsh-autosuggestions
 99 | 
100 | COPY ./.zshrc ./
101 | 
102 | # expose some ports
103 | EXPOSE 20 21 22 80 443 23946 10001 10002 10003 10004 10005
104 | 
105 | CMD ["/bin/update.sh"]
106 | 


--------------------------------------------------------------------------------
/Dockerfile.ubuntu-16.04:
--------------------------------------------------------------------------------
  1 | # used for compile ubuntu 16.04 debugging pwn image
  2 | # author: roderick
  3 | # date: 2024-04-06
  4 | # docker build --no-cache --build-arg BUILD_VERSION=16.04 -t debug_pwn_env:16.04 . -f Dockerfile.ubuntu-16.04
  5 | 
  6 | ARG BUILD_VERSION
  7 | 
  8 | FROM ubuntu:$BUILD_VERSION
  9 | 
 10 | ARG DEBIAN_FRONTEND=noninteractive
 11 | ARG HUB_DOMAIN=github.com
 12 | ARG NORMAL_USER_NAME=ctf
 13 | 
 14 | ENV TZ=Etc/UTC
 15 | ENV LANG=en_US.UTF-8
 16 | ENV LANGUAGE=en_US:en
 17 | ENV LC_ALL=en_US.UTF-8
 18 | 
 19 | WORKDIR /root
 20 | 
 21 | # install ruby 2.7 
 22 | RUN apt-get update && apt-get -y dist-upgrade && apt-get install -y --fix-missing python3 python3-pip python3-dev lib32z1 \
 23 |     xinetd curl gcc g++ gdbserver git libssl-dev libffi-dev build-essential tmux \
 24 |     vim iputils-ping \
 25 |     file net-tools socat locales autoconf automake libtool make wget && \
 26 |     wget http://ftp.ruby-lang.org/pub/ruby/2.7/ruby-2.7.1.tar.gz && \
 27 |     tar -xzvf ruby-2.7.1.tar.gz && \
 28 |     cd ruby-2.7.1/ && \
 29 |     ./configure && \
 30 |     make -j16 && \
 31 |     make install -j16 && \
 32 |     gem install one_gadget seccomp-tools && \
 33 |     sed -i '/en_US.UTF-8/s/^# //g' /etc/locale.gen && locale-gen
 34 | 
 35 | # install python 3.8
 36 | RUN apt-get install -y zlib1g-dev libbz2-dev libncurses5-dev libsqlite3-dev libreadline-dev tk-dev libgdbm-dev \
 37 |     libdb-dev libpcap-dev xz-utils libexpat1-dev liblzma-dev libc6-dev && \
 38 |     wget https://www.python.org/ftp/python/3.8.6/Python-3.8.6.tgz && \
 39 |     tar -xzvf Python-3.8.6.tgz && \
 40 |     cd Python-3.8.6 && \
 41 |     ./configure --enable-optimizations && \
 42 |     make -j16 && make install -j16 && rm -rf /usr/bin/pip3 /usr/bin/python3 /usr/bin/python /usr/bin/pip && \
 43 |     ln -s /usr/local/bin/python3.8 /usr/bin/python3 && \
 44 |     ln -s /usr/local/bin/python3.8 /usr/bin/python && \
 45 |     ln -s /usr/local/bin/pip3.8 /usr/bin/pip3 && \
 46 |     ln -s /usr/local/bin/pip3.8 /usr/bin/pip
 47 | 
 48 | # install gdb manually
 49 | RUN apt-get install -y texinfo && \
 50 |     wget https://ftp.gnu.org/gnu/gdb/gdb-10.2.tar.gz && \
 51 |     tar -xzvf gdb-10.2.tar.gz && cd gdb-10.2 && ./configure --enable-targets=all && \
 52 |     make -j16 && make install -j16
 53 | 
 54 | 
 55 | # 先执行容易失败的操作
 56 | RUN git clone https://${HUB_DOMAIN}/pwndbg/pwndbg && \
 57 |     cd ./pwndbg && git checkout ubuntu18.04-final && \
 58 |     ./setup.sh && ./.venv/bin/pip3 install --upgrade --force-reinstall 'requests==2.6.0' urllib3 && \
 59 |     pip3 install --upgrade --force-reinstall 'requests==2.6.0' urllib3
 60 | 
 61 | # install patchelf 
 62 | RUN wget https://mirrors.tuna.tsinghua.edu.cn/ubuntu/pool/universe/p/patchelf/patchelf_0.9-1~ubuntu16.04.3_amd64.deb && \
 63 |     dpkg -i patchelf_0.9-1~ubuntu16.04.3_amd64.deb
 64 | 
 65 | RUN git clone https://${HUB_DOMAIN}/hugsy/gef.git && \
 66 |     git clone https://${HUB_DOMAIN}/RoderickChan/Pwngdb.git && \
 67 |     git clone https://${HUB_DOMAIN}/Gallopsled/pwntools && \
 68 |     pip3 install --upgrade --editable ./pwntools && \
 69 |     git clone https://${HUB_DOMAIN}/RoderickChan/pwncli.git && \
 70 |     pip3 install --upgrade --editable ./pwncli
 71 | 
 72 | 
 73 | COPY ./gdb-gef /bin
 74 | COPY ./gdb-pwndbg /bin
 75 | COPY ./update.sh /bin
 76 | COPY ./test-this-container.sh /bin
 77 | COPY ./heaptrace /bin
 78 | COPY ./.tmux.conf ./
 79 | COPY ./.gdbinit ./
 80 | COPY ./flag /
 81 | COPY ./flag /flag.txt
 82 | 
 83 | RUN chmod +x /bin/gdb-gef /bin/gdb-pwndbg /bin/update.sh /bin/test-this-container.sh /bin/heaptrace && \
 84 |     echo "root:root" | chpasswd && \
 85 |     pip3 install ropper capstone z3-solver qiling lief
 86 | 
 87 | # root user
 88 | RUN useradd ${NORMAL_USER_NAME} -d /home/${NORMAL_USER_NAME} -m -s /bin/bash -u 1001 && \
 89 |     echo "${NORMAL_USER_NAME}:${NORMAL_USER_NAME}" | chpasswd && \
 90 |     cp -r /root/pwndbg /home/${NORMAL_USER_NAME} && \
 91 |     cp -r /root/gef /home/${NORMAL_USER_NAME} && \
 92 |     cp -r /root/pwntools /home/${NORMAL_USER_NAME} && \
 93 |     cp -r /root/Pwngdb /home/${NORMAL_USER_NAME} && \
 94 |     cp -r /root/pwncli /home/${NORMAL_USER_NAME} && \
 95 |     cp /root/.tmux.conf /home/${NORMAL_USER_NAME} && \
 96 |     cp /root/.gdbinit /home/${NORMAL_USER_NAME} && \
 97 |     cp /flag /home/${NORMAL_USER_NAME} && \
 98 |     cp /flag.txt /home/${NORMAL_USER_NAME} && \
 99 |     chown -R ${NORMAL_USER_NAME}:${NORMAL_USER_NAME} /home/${NORMAL_USER_NAME}
100 | 
101 | USER ${NORMAL_USER_NAME}:${NORMAL_USER_NAME}
102 | 
103 | WORKDIR /home/${NORMAL_USER_NAME}
104 | 
105 | RUN pip3 install --upgrade --editable ./pwntools && \
106 |     pip3 install --upgrade --editable ./pwncli && \
107 |     pip3 install --upgrade --force-reinstall 'requests==2.6.0' urllib3
108 | 
109 | 
110 | # switch to root and install zsh
111 | USER root:root
112 | RUN apt-get install -y sudo zsh && usermod -s /bin/zsh ${NORMAL_USER_NAME} && \
113 |     echo "${NORMAL_USER_NAME} ALL=(ALL) NOPASSWD : ALL" | tee /etc/sudoers.d/${NORMAL_USER_NAME}sudo 
114 | 
115 | # switch 2 normal user
116 | USER ${NORMAL_USER_NAME}:${NORMAL_USER_NAME}
117 | WORKDIR /home/${NORMAL_USER_NAME}
118 | 
119 | 
120 | # install on-my-zsh
121 | RUN curl -fsSL -O https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh && \
122 |     chmod +x  ./install.sh && \ 
123 |     sed -i -e 's/read[[:space:]]*-r[[:space:]]*opt/opt=n/g' ./install.sh && \
124 |     ./install.sh && \
125 |     git clone https://github.com/zsh-users/zsh-syntax-highlighting.git ${ZSH_CUSTOM:-~/.oh-my-zsh/custom}/plugins/zsh-syntax-highlighting && \
126 |     git clone https://github.com/zsh-users/zsh-autosuggestions ${ZSH_CUSTOM:-~/.oh-my-zsh/custom}/plugins/zsh-autosuggestions
127 | 
128 | COPY ./.zshrc ./
129 | 
130 | # expose some ports
131 | EXPOSE 20 21 22 80 443 23946 10001 10002 10003 10004 10005
132 | 
133 | CMD ["/bin/update.sh"]


--------------------------------------------------------------------------------
/Dockerfile.ubuntu-18.04:
--------------------------------------------------------------------------------
  1 | # used for compile ubuntu 18.04 debugging pwn image
  2 | # author: roderick
  3 | # date: 2024-04-21
  4 | # docker build --no-cache --build-arg BUILD_VERSION=18.04 -t debug_pwn_env:18.04 . -f Dockerfile.ubuntu-18.04
  5 | 
  6 | ARG BUILD_VERSION
  7 | 
  8 | FROM ubuntu:$BUILD_VERSION
  9 | 
 10 | ARG DEBIAN_FRONTEND=noninteractive
 11 | ARG HUB_DOMAIN=github.com
 12 | ARG NORMAL_USER_NAME=ctf
 13 | 
 14 | ENV TZ=Etc/UTC
 15 | ENV LANG=en_US.UTF-8
 16 | ENV LANGUAGE=en_US:en
 17 | ENV LC_ALL=en_US.UTF-8
 18 | 
 19 | WORKDIR /root
 20 | 
 21 | RUN apt-get update && apt-get -y dist-upgrade && apt-get install -y --fix-missing python3 python3-pip python3-dev lib32z1 \
 22 |     xinetd curl gcc gdb gdbserver g++ git libssl-dev libffi-dev build-essential tmux patchelf \
 23 |     vim iputils-ping gdb-multiarch \
 24 |     file net-tools socat ruby ruby-dev locales autoconf automake libtool make && \
 25 |     gem install one_gadget && \
 26 |     gem install seccomp-tools -v 1.5.0 && \
 27 |     sed -i '/en_US.UTF-8/s/^# //g' /etc/locale.gen && locale-gen
 28 | 
 29 | # 先执行容易失败的操作
 30 | RUN git clone https://${HUB_DOMAIN}/pwndbg/pwndbg && \
 31 |     cd ./pwndbg && git checkout ubuntu18.04-final && \
 32 |     ./setup.sh
 33 | 
 34 | 
 35 | RUN python3 -m pip install --upgrade pip && \
 36 |     git clone https://${HUB_DOMAIN}/hugsy/gef.git && \
 37 |     git clone https://${HUB_DOMAIN}/RoderickChan/Pwngdb.git && \
 38 |     git clone https://${HUB_DOMAIN}/Gallopsled/pwntools && \
 39 |     pip3 install --upgrade --editable ./pwntools && \
 40 |     git clone https://${HUB_DOMAIN}/RoderickChan/pwncli.git && \
 41 |     pip3 install --upgrade --editable ./pwncli && \
 42 |     pip3 install ropper capstone z3-solver qiling lief
 43 | 
 44 | 
 45 | COPY ./gdb-gef /bin
 46 | COPY ./gdb-pwndbg /bin
 47 | COPY ./update.sh /bin
 48 | COPY ./test-this-container.sh /bin
 49 | COPY ./heaptrace /bin
 50 | COPY ./.tmux.conf ./
 51 | COPY ./.gdbinit ./
 52 | COPY ./flag /
 53 | COPY ./flag /flag.txt
 54 | 
 55 | RUN chmod +x /bin/gdb-gef /bin/gdb-pwndbg /bin/update.sh /bin/test-this-container.sh /bin/heaptrace && \
 56 |     echo "root:root" | chpasswd 
 57 | 
 58 | # normal user
 59 | RUN useradd ${NORMAL_USER_NAME} -d /home/${NORMAL_USER_NAME} -m -s /bin/bash -u 1001 && \
 60 |     echo "${NORMAL_USER_NAME}:${NORMAL_USER_NAME}" | chpasswd && \
 61 |     cp -r /root/pwndbg /home/${NORMAL_USER_NAME} && \
 62 |     cp -r /root/gef /home/${NORMAL_USER_NAME} && \
 63 |     cp -r /root/pwntools /home/${NORMAL_USER_NAME} && \
 64 |     cp -r /root/Pwngdb /home/${NORMAL_USER_NAME} && \
 65 |     cp -r /root/pwncli /home/${NORMAL_USER_NAME} && \
 66 |     cp /root/.tmux.conf /home/${NORMAL_USER_NAME} && \
 67 |     cp /root/.gdbinit /home/${NORMAL_USER_NAME} && \
 68 |     cp /flag /home/${NORMAL_USER_NAME} && \
 69 |     cp /flag.txt /home/${NORMAL_USER_NAME} && \
 70 |     chown -R ${NORMAL_USER_NAME}:${NORMAL_USER_NAME} /home/${NORMAL_USER_NAME}
 71 | 
 72 | USER ${NORMAL_USER_NAME}:${NORMAL_USER_NAME}
 73 | 
 74 | WORKDIR /home/${NORMAL_USER_NAME}
 75 | 
 76 | RUN python3 -m pip install --upgrade pip && pip3 install --prefix ~/.local --upgrade --editable ./pwntools && \
 77 |     pip3 install --prefix ~/.local --upgrade --editable ./pwncli
 78 | 
 79 | 
 80 | # switch to root and install zsh
 81 | USER root:root
 82 | RUN apt-get install -y sudo zsh && usermod -s /bin/zsh ${NORMAL_USER_NAME} && \
 83 |     echo "${NORMAL_USER_NAME} ALL=(ALL) NOPASSWD : ALL" | tee /etc/sudoers.d/${NORMAL_USER_NAME}sudo 
 84 | 
 85 | # switch 2 normal user
 86 | USER ${NORMAL_USER_NAME}:${NORMAL_USER_NAME}
 87 | WORKDIR /home/${NORMAL_USER_NAME}
 88 | 
 89 | 
 90 | # install on-my-zsh
 91 | RUN curl -fsSL -O https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh && \
 92 |     chmod +x  ./install.sh && \ 
 93 |     sed -i -e 's/read[[:space:]]*-r[[:space:]]*opt/opt=n/g' ./install.sh && \
 94 |     ./install.sh && \
 95 |     git clone https://github.com/zsh-users/zsh-syntax-highlighting.git ${ZSH_CUSTOM:-~/.oh-my-zsh/custom}/plugins/zsh-syntax-highlighting && \
 96 |     git clone https://github.com/zsh-users/zsh-autosuggestions ${ZSH_CUSTOM:-~/.oh-my-zsh/custom}/plugins/zsh-autosuggestions
 97 | 
 98 | COPY ./.zshrc ./
 99 | 
100 | # expose some ports
101 | EXPOSE 20 21 22 80 443 23946 10001 10002 10003 10004 10005
102 | 
103 | CMD ["/bin/update.sh"]
104 | 


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
 1 | MIT License
 2 | 
 3 | Copyright (c) 2023 Roderick
 4 | 
 5 | Permission is hereby granted, free of charge, to any person obtaining a copy
 6 | of this software and associated documentation files (the "Software"), to deal
 7 | in the Software without restriction, including without limitation the rights
 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 | 
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 | 
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
  1 | 
  2 | - [Docker Image Based On Ubuntu For Pwn Debug](#docker-image-based-on-ubuntu-for-pwn-debug)
  3 |   - [Pull Image](#pull-image)
  4 |   - [Example](#example)
  5 |   - [Run Container](#run-container)
  6 |   - [Attach Container](#attach-container)
  7 |   - [Check Container](#check-container)
  8 |   - [Build Image](#build-image)
  9 |   - [Use Zsh](#use-zsh)
 10 |   - [Feature](#feature)
 11 |  
 12 | > [!IMPORTANT]
 13 | > 2025-03-09更新：因学业繁忙，已无精力维护此仓库，后续不再更新
 14 | 
 15 | 
 16 | # Docker Image Based On Ubuntu For Pwn Debug
 17 | 
 18 | 基于`Ubuntu`构建并用于快速调试`pwn`题的镜像，开箱即用，告别搭建环境的苦恼！
 19 | 
 20 | 如果你想基于`docker`搭建`pwn`赛题环境，请点击[GitHub - RoderickChan/deploy\_pwn\_template: Templates for deploying pwn challenge using docker](https://github.com/RoderickChan/deploy_pwn_template)下载和使用模板。
 21 | 
 22 | If you want to deploy a ctf pwn challenge using docker, you can click this repo [GitHub - RoderickChan/deploy\_pwn\_template: Templates for deploying pwn challenge using docker](https://github.com/RoderickChan/deploy_pwn_template) to use these templates I offer there.
 23 | 
 24 | ## Pull Image
 25 | 
 26 | Pull images from <https://hub.docker.com/r/roderickchan/debug_pwn_env/tags>, such as `docker pull roderickchan/debug_pwn_env:23.04-2.37-0ubuntu2.1-20231127`. The tag of the image means `Ubuntu 23.04`, glibc version `2.37-0ubuntu2.1` and image built in `2023-11-27`. 
 27 | 
 28 | I introduce how to use `docker` in a Chinese [blog](https://www.roderickchan.cn/zh-cn/2023-02-13-%E4%BD%BF%E7%94%A8docker%E8%B0%83%E8%AF%95pwn%E9%A2%98/). 
 29 | 
 30 | 点击[博客](https://www.roderickchan.cn/zh-cn/2023-02-13-%E4%BD%BF%E7%94%A8docker%E8%B0%83%E8%AF%95pwn%E9%A2%98/)查看如何使用`docker`调试`pwn`题。
 31 | 
 32 | Current tags in the [dockerhub](https://hub.docker.com/r/roderickchan/debug_pwn_env/tags):  
 33 | 现有的镜像[列表](https://hub.docker.com/r/roderickchan/debug_pwn_env/tags)：
 34 | 
 35 | | Ubuntu Version | Glibc Version    | Pull command                                                 | User/Password| Status |
 36 | | :------------: | :--------------: | :----------------------------------------------------------: | :---: | :---: |
 37 | | Ubuntu 24.10   | 2.40-1ubuntu3  | docker pull roderickchan/debug_pwn_env:24.10-2.40-1ubuntu3-20240922     | 1. root/root<br />2. ctf/ctf | 🚩Updating|
 38 | | Ubuntu 24.04   | 2.39-0ubuntu8.3  | docker pull roderickchan/debug_pwn_env:24.04-2.39-0ubuntu8.3-20240922 | 1. root/root<br />2. ctf/ctf | 🚩Updating|
 39 | | Ubuntu 24.10   | 2.39-0ubuntu9  | docker pull roderickchan/debug_pwn_env:24.10-2.39-0ubuntu9-20240804     | 1. root/root<br />2. ctf/ctf | Archived|
 40 | | Ubuntu 24.04   | 2.39-0ubuntu8.2  | docker pull roderickchan/debug_pwn_env:24.04-2.39-0ubuntu8.2-20240818 | 1. root/root<br />2. ctf/ctf | Archived|
 41 | | Ubuntu 24.04   | 2.39-0ubuntu8.2  | docker pull roderickchan/debug_pwn_env:24.04-2.39-0ubuntu8.2-20240601 | 1. root/root<br />2. ctf/ctf | Archived|
 42 | | Ubuntu 24.04   | 2.39-0ubuntu8.1  | docker pull roderickchan/debug_pwn_env:24.04-2.39-0ubuntu8.1-20240430 | 1. root/root<br />2. ctf/ctf | Archived|
 43 | | Ubuntu 24.04   | 2.39-0ubuntu8    | docker pull roderickchan/debug_pwn_env:24.04-2.39-0ubuntu8-20240412   | 1. root/root<br />2. ctf/ctf | Archived|
 44 | | Ubuntu 24.04   | 2.39-0ubuntu6    | docker pull roderickchan/debug_pwn_env:24.04-2.39-0ubuntu6-20240324   | 1. root/root<br />2. ctf/ctf | Archived|
 45 | | Ubuntu 24.04   | 2.39-0ubuntu2    | docker pull roderickchan/debug_pwn_env:24.04-2.39-0ubuntu2-20240225   | 1. root/root<br />2. ctf/ctf | Archived|
 46 | | Ubuntu 24.04   | 2.38-3ubuntu1    | docker pull roderickchan/debug_pwn_env:24.04-2.38-3ubuntu1-20240207   | 1. root/root<br />2. ctf/ctf | Archived|
 47 | | Ubuntu 24.04   | 2.38-3ubuntu1    | docker pull roderickchan/debug_pwn_env:24.04-2.38-3ubuntu1-20231211   | 1. root/root<br />2. ctf/ctf | Archived|
 48 | | Ubuntu 23.10   | 2.38-1ubuntu6.3  | docker pull roderickchan/debug_pwn_env:23.10-2.38-1ubuntu6.3-20240601 | 1. root/root<br />2. ctf/ctf | 🚩Updating|
 49 | | Ubuntu 23.10   | 2.38-1ubuntu6.2  | docker pull roderickchan/debug_pwn_env:23.10-2.38-1ubuntu6.2-20240421 | 1. root/root<br />2. ctf/ctf | Archived|
 50 | | Ubuntu 23.10   | 2.38-1ubuntu6.1  | docker pull roderickchan/debug_pwn_env:23.10-2.38-1ubuntu6.1-20240202 | 1. root/root<br />2. ctf/ctf | Archived |
 51 | | Ubuntu 23.10   | 2.38-1ubuntu6    | docker pull roderickchan/debug_pwn_env:23.10-2.38-1ubuntu6-20231127   | 1. root/root<br />2. ctf/ctf | Archived |
 52 | | Ubuntu 23.04   | 2.37-0ubuntu2.2  | docker pull roderickchan/debug_pwn_env:23.04-2.37-0ubuntu2.2-20231211 | 1. root/root<br />2. ctf/ctf | 🚩Updating|
 53 | | Ubuntu 23.04   | 2.37-0ubuntu2.1  | docker pull roderickchan/debug_pwn_env:23.04-2.37-0ubuntu2.1-20231127 | 1. root/root<br />2. ctf/ctf | Archived |
 54 | | Ubuntu 22.04   | 2.35-0ubuntu3.8  | docker pull roderickchan/debug_pwn_env:22.04-2.35-0ubuntu3.8-20240601 | 1. root/root<br />2. ctf/ctf | 🚩Updating|
 55 | | Ubuntu 22.04   | 2.35-0ubuntu3.7  | docker pull roderickchan/debug_pwn_env:22.04-2.35-0ubuntu3.7-20240421 | 1. root/root<br />2. ctf/ctf | Archived|
 56 | | Ubuntu 22.04   | 2.35-0ubuntu3.6  | docker pull roderickchan/debug_pwn_env:22.04-2.35-0ubuntu3.6-20240113 | 1. root/root<br />2. ctf/ctf | Archived|
 57 | | Ubuntu 22.04   | 2.35-0ubuntu3.5  | docker pull roderickchan/debug_pwn_env:22.04-2.35-0ubuntu3.5-20231211 | 1. root/root<br />2. ctf/ctf | Archived |
 58 | | Ubuntu 22.04   | 2.35-0ubuntu3.4  | docker pull roderickchan/debug_pwn_env:22.04-2.35-0ubuntu3.4-20231127 | 1. root/root<br />2. ctf/ctf | Archived |
 59 | | Ubuntu 22.04   | 2.35-0ubuntu3.1  | docker pull roderickchan/debug_pwn_env:22.04-2.35-0ubuntu3.1-20230213 | 1. root/root<br />2. roderick | Archived |
 60 | | Ubuntu 22.04   | 2.35-0ubuntu3    | docker pull roderickchan/debug_pwn_env:22.04-2.35-0ubuntu3-20220707   | 1. root/root<br />2. roderick | Archived |
 61 | | Ubuntu 20.04   | 2.31-0ubuntu9.16 | docker pull roderickchan/debug_pwn_env:20.04-2.31-0ubuntu9.16-20240601| 1. root/root<br />2. ctf/ctf | 🚩Updating|
 62 | | Ubuntu 20.04   | 2.31-0ubuntu9.15 | docker pull roderickchan/debug_pwn_env:20.04-2.31-0ubuntu9.15-20240421| 1. root/root<br />2. ctf/ctf | Archived|
 63 | | Ubuntu 20.04   | 2.31-0ubuntu9.14 | docker pull roderickchan/debug_pwn_env:20.04-2.31-0ubuntu9.14-20231211| 1. root/root<br />2. ctf/ctf | Archived|
 64 | | Ubuntu 20.04   | 2.31-0ubuntu9.12 | docker pull roderickchan/debug_pwn_env:20.04-2.31-0ubuntu9.12-20231127| 1. root/root<br />2. ctf/ctf | Archived |
 65 | | Ubuntu 20.04   | 2.31-0ubuntu9.9  | docker pull roderickchan/debug_pwn_env:20.04-2.31-0ubuntu9.9-20230213 | 1. root/root<br />2. roderick | Archived |
 66 | | Ubuntu 20.04   | 2.31-0ubuntu9.7  | docker pull roderickchan/debug_pwn_env:20.04-2.31-0ubuntu9.7-20220525 | 1. root/root<br />2. roderick | Archived |
 67 | | Ubuntu 21.10   | 2.34-0ubuntu3.2  | docker pull roderickchan/debug_pwn_env:21.10-2.34-0ubuntu3.2-20220707 | 1. root/root<br />2. roderick | Archived |
 68 | | Ubuntu 21.04   | 2.33-0ubuntu5    | docker pull roderickchan/debug_pwn_env:21.04-2.33-0ubuntu5-20220908   | 1. root/root<br />2. roderick | Archived |
 69 | | Ubuntu 18.04   | 2.27-3ubuntu1.6  | docker pull roderickchan/debug_pwn_env:18.04-2.27-3ubuntu1.6-20240422 | 1. root/root<br />2. ctf/ctf | 🚩Updating |
 70 | | Ubuntu 18.04   | 2.27-3ubuntu1.6  | docker pull roderickchan/debug_pwn_env:18.04-2.27-3ubuntu1.6-20230213 | 1. root/root<br />2. roderick | Archived |
 71 | | Ubuntu 18.04   | 2.27-3ubuntu1.5  | docker pull roderickchan/debug_pwn_env:18.04-2.27-3ubuntu1.5-20220525 | 1. root/root<br />2. roderick | Archived |
 72 | | Ubuntu 16.04   | 2.23-0ubuntu11.3 | docker pull roderickchan/debug_pwn_env:16.04-2.23-0ubuntu11.3-20240412| 1. root/root<br />2. ctf/ctf | 🚩Updating |
 73 | 
 74 | 
 75 | Two users in the image:  
 76 | - `root` user and password: `root/root`  
 77 | - `ctf` user and password: `ctf/ctf`
 78 | 
 79 | ## Example  
 80 | 
 81 | This example uses the old image. The normal username in old image was `roderick`, the current username is now `ctf`.
 82 | 
 83 | 以下示例采用原来的镜像。原来的普通用户名为`roderick`，现在的普通用户名为`ctf`。
 84 | 
 85 | ![](https://github.com/RoderickChan/docker_pwn_env/blob/main/gif/623588.gif?raw=true)
 86 | 
 87 | 可在`asciinema`上观看：
 88 | 
 89 | [![asciicast](https://asciinema.org/a/623588.svg)](https://asciinema.org/a/623588)
 90 | 
 91 | 
 92 | 当前的镜像的示例如下。 
 93 | 
 94 | This example uses the updating image:  
 95 | 
 96 | ![](https://github.com/RoderickChan/docker_pwn_env/blob/main/gif/623673.gif?raw=true)
 97 | 
 98 | 可在`asciinema`上观看：
 99 | 
100 | [![asciicast](https://asciinema.org/a/623673.svg)](https://asciinema.org/a/623673)
101 | 
102 | ## Run Container
103 | 
104 | 启动容器：
105 | 
106 | ```shell
107 | docker run -it -d -v host_path:container_path -p host_port:container_port --cap-add=SYS_PTRACE IMAGE_ID # auto update 自动执行update.sh脚本
108 | 
109 | docker run -it -d -v host_path:container_path -p host_port:container_port --cap-add=SYS_PTRACE IMAGE_ID /bin/sh # do not update 不会自动更新
110 | 
111 | docker run -it -d -v host_path:container_path -p host_port:container_port --privileged IMAGE_ID # privileged enabled and auto update 给特权标志和自动更新
112 | 
113 | docker run -it -d -v host_path:container_path -p host_port:container_port --privileged IMAGE_ID /bin/sh # privileged enabled and auto update 给特权标志和自动更新
114 | ```
115 | 
116 | ## Attach Container
117 | 
118 | 进入容器(enter a container)：
119 | 
120 | ```shell
121 | docker exec -it CONTAINER_ID /bin/sh
122 | docker exec -it -u root CONTAINER_ID /bin/sh
123 | ```
124 | 
125 | ## Check Container 
126 | 
127 | 检查容器是否正常：
128 | ```
129 | /bin/test-this-container.sh
130 | ```
131 | 
132 | input `q` in gdb to exit.  
133 | 进入`gdb`后输入`q`退出。
134 | 
135 | 
136 | ## Build Image
137 | 
138 | 构建镜像(single build)：
139 | 
140 | ```shell
141 | docker build --build-arg BUILD_VERSION=20.04 -t debug_pwn_env:20.04 .
142 | ```
143 | 
144 | 自动构建(auto build):
145 | 
146 | ```shell
147 | 
148 | chmod +x ./auto_compile.sh
149 | ./auto_compile.sh
150 | ```
151 | 
152 | 构建`Ubuntu 16.04`的镜像，请使用`Dockerfile.ubuntu-16.04`文件(use Dockerfile.ubuntu-16.04 to build Ubuntu-16.04 image)
153 | 
154 | ## Use Zsh
155 | 
156 | 注意：镜像中安装了`oh-my-zsh`，提供`zsh-autosuggestions`和`zsh-syntax-highlighting`插件，推荐使用`zsh`作为`shell`登入。
157 | 
158 | I have installed `oh-my-zsh` and `zsh-autosuggestions` plugin, `zsh-syntax-highlighting` plugin in the image, if you like it, please launch a container with `/bin/zsh`.
159 | 
160 | example:
161 | 
162 | ```shell
163 | docker run -it -d -v $PWD:/home/ctf/hacker -p 10001:10001 --privileged IMAGE_ID /bin/zsh # privileged enabled and auto update 给特权标志和自动更新
164 | ```
165 | 
166 | ## Feature 
167 | 
168 | Software and packages in the image:   
169 | 镜像中含有的软件和包：
170 | 
171 | - pwncli
172 | - pwntools  
173 | - pwndbg  
174 | - Pwngdb
175 | - gef  
176 | - one_gadget  
177 | - ropper 
178 | - ropgadget
179 | - seccomp-tools  
180 | - patchelf  
181 | - capstone  
182 | - z3-solver  
183 | - qiling  
184 | - lief  
185 | - socat  
186 | - tmux 
187 | - zsh 
188 | - gdb-multiarch
189 | - vim 
190 | - curl 
191 | - gdbserver
192 | 
193 | Read `Dockerfile` to get more infomation.
194 | 
195 | 阅读`Dockerfile`获得更多信息。
196 | 


--------------------------------------------------------------------------------
/auto_compile-no-check.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | # author: roderick
 3 | # https://github.com/RoderickChan/docker_pwn_env
 4 | 
 5 | set -Eeux
 6 | set -o pipefail
 7 | 
 8 | NEED_PUSH=1 # 1 or 0
 9 | DOCKERHUB_UASERNAME="roderickchan"
10 | DOCKERHUB_PASSWORD=""
11 | 
12 | today=$(date +%Y%m%d)
13 | 
14 | # versions to compile
15 | versions=("20.04" "22.04" "23.04" "23.10" "24.04")
16 | v_length=${#versions[@]}
17 | 
18 | 
19 | if [ "$NEED_PUSH" -eq "1" ]; then
20 |     # remember to change the DOCKERHUB_UASERNAME in dockerhub
21 |     if [ -n "${DOCKERHUB_PASSWORD}" ]; then
22 |         docker login -u ${DOCKERHUB_UASERNAME} -p ${DOCKERHUB_PASSWORD}
23 |     else
24 |         docker login -u ${DOCKERHUB_UASERNAME}
25 |     fi
26 | fi
27 | 
28 | 
29 | regex_pattern="2\.[0-9]+-[0-9]+ubuntu[0-9]+\.?[0-9]*"
30 | 
31 | for ((i=0; i<v_length; i++))
32 | do
33 |     v=${versions[i]}
34 |     # let's build image
35 |     docker build --no-cache --build-arg BUILD_VERSION=${v} -t debug_pwn_env:${v} .
36 |     search_res=$(docker run --rm debug_pwn_env:${v} grep -E -o -a "$regex_pattern" /lib/x86_64-linux-gnu/libc.so.6)
37 |     docker tag debug_pwn_env:${v} ${DOCKERHUB_UASERNAME}/debug_pwn_env:${v}-${search_res}-${today}
38 |     docker rmi debug_pwn_env:${v}
39 |     if [ "$NEED_PUSH" -eq "1" ]; then
40 |         docker push ${DOCKERHUB_UASERNAME}/debug_pwn_env:${v}-${search_res}-${today}
41 |     fi
42 | 
43 | done
44 | 


--------------------------------------------------------------------------------
/auto_compile.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | # author: roderick
 3 | # https://github.com/RoderickChan/docker_pwn_env
 4 | 
 5 | set -Eeux
 6 | set -o pipefail
 7 | 
 8 | NEED_PUSH=1 # 1 or 0
 9 | CHECK_VERSION=1
10 | DOCKERHUB_UASERNAME="roderickchan"
11 | DOCKERHUB_PASSWORD=""
12 | 
13 | today=$(date +%Y%m%d)
14 | 
15 | # versions to compile
16 | versions=("20.04" "22.04" "23.04" "23.10" "24.04" "24.10")
17 | 
18 | if [ "$NEED_PUSH" -eq "1" ]; then
19 | 
20 |     glibcs=("2.31-0ubuntu9.16" "2.35-0ubuntu3.8" "2.37-0ubuntu2.2" "2.38-1ubuntu6.3" "2.39-0ubuntu8.2" "2.39-0ubuntu9")
21 | 
22 |     v_length=${#versions[@]}
23 |     g_length=${#glibcs[@]}
24 | 
25 |     # check length of these two array
26 |     if [ "$v_length" -ne "$g_length" ]; then
27 |         echo "Error --> The length of 'versions' and 'glibcs' is different, the former is $v_length, the latter is $g_length"
28 |         exit 2
29 |     fi
30 | 
31 | fi
32 | 
33 | if [ "$NEED_PUSH" -eq "1" ]; then
34 |     # remember to change the DOCKERHUB_UASERNAME in dockerhub
35 |     if [ -n "${DOCKERHUB_PASSWORD}" ]; then
36 |         docker login -u ${DOCKERHUB_UASERNAME} -p ${DOCKERHUB_PASSWORD}
37 |     else
38 |         docker login -u ${DOCKERHUB_UASERNAME}
39 |     fi
40 | fi
41 | 
42 | regex_pattern="2\.[0-9]+-[0-9]+ubuntu[0-9]+\.?[0-9]*"
43 | 
44 | for ((i=0; i<v_length; i++))
45 | do
46 | 
47 | if [ "$NEED_PUSH" -eq "1" ]; then
48 |     v=${versions[i]}
49 |     g=${glibcs[i]}
50 |     docker pull ubuntu:${v}
51 |     search_res=$(docker run --rm ubuntu:${v} bash -c "apt update; apt upgrade -y ; grep -E -o -a \"$regex_pattern\" /lib/x86_64-linux-gnu/libc.so.6" | tail -n 1)
52 |     # The result must match the pattern
53 |     if [[ ! $search_res =~ $regex_pattern ]]; then
54 |         echo "Invalid search result: $search_res"
55 |         exit 2
56 |     fi
57 | 
58 |     if [ "$g" == "$search_res" ]; then
59 |         echo "There is no need to update. Current glibc version of ubuntu $v is $search_res"
60 |         continue
61 |     else
62 |         echo "Update ubuntu $v"
63 |         # self update
64 |         sed -i "s/$g/$search_res/g" $0
65 |     fi
66 | 
67 | fi
68 | 
69 |     # let's build image
70 |     docker build --no-cache --build-arg BUILD_VERSION=${v} -t debug_pwn_env:${v} .
71 |     docker tag debug_pwn_env:${v} ${DOCKERHUB_UASERNAME}/debug_pwn_env:${v}-${search_res}-${today}
72 |     docker rmi debug_pwn_env:${v}
73 |     if [ "$NEED_PUSH" -eq "1" ]; then
74 |         docker push ${DOCKERHUB_UASERNAME}/debug_pwn_env:${v}-${search_res}-${today}
75 |     fi
76 | 
77 | done
78 | 


--------------------------------------------------------------------------------
/flag:
--------------------------------------------------------------------------------
1 | flag{this_is_a_test_flag}
2 | 


--------------------------------------------------------------------------------
/gdb-gef:
--------------------------------------------------------------------------------
 1 | #!/bin/sh
 2 | 
 3 | cat > ~/.gdbinit << "EOF"
 4 | source ~/gef/gef.py
 5 | source ~/Pwngdb/pwngdb.py
 6 | source ~/Pwngdb/angelheap/gdbinit.py
 7 | 
 8 | # don't stop the process when catch alarm signal
 9 | handle SIGALRM nostop print
10 | 
11 | # set follow-fork-mode parent
12 | 
13 | set detach-on-fork off
14 | 
15 | # show content of address using offset when PIE is enabled
16 | define sbase
17 |     if $argc == 1
18 |         telescope $_base()+$arg0 10
19 |     end
20 | 
21 |     if $argc == 2
22 |         telescope $_base()+$arg0 $arg1
23 |     end
24 | end
25 | 
26 | # set breakpoints using offset when PIE is enabled
27 | define bbase
28 |     b *($_base()+$arg0)
29 | end
30 | 
31 | define dq
32 |     if $argc == 1
33 |         x /8gx $arg0
34 |     end
35 |     if $argc == 2
36 |         x /$arg1gx $arg0
37 |     end
38 | end
39 | 
40 | define dd
41 |     if $argc == 1
42 |         x /16wx $arg0
43 |     end
44 |     if $argc == 2
45 |         x /$arg1wx $arg0
46 |     end
47 | end
48 | 
49 | define dw
50 |     if $argc == 1
51 |         x /32hx $arg0
52 |     end
53 |     if $argc == 2
54 |         x /$arg1hx $arg0
55 |     end
56 | end
57 | 
58 | define db
59 |     if $argc == 1
60 |         x /64bx $arg0
61 |     end
62 |     if $argc == 2
63 |         x /$arg1bx $arg0
64 |     end
65 | end
66 | 
67 | # enable Pwngdb from https://github.com/scwuaptx/Pwngdb
68 | define hook-run
69 | python
70 | import angelheap
71 | angelheap.init_angelheap()
72 | end
73 | end
74 | EOF
75 | 
76 | exec gdb "$@"


--------------------------------------------------------------------------------
/gdb-pwndbg:
--------------------------------------------------------------------------------
 1 | #!/bin/sh
 2 | 
 3 | cat > ~/.gdbinit << "EOF"
 4 | source ~/pwndbg/gdbinit.py
 5 | source ~/Pwngdb/pwngdb.py
 6 | source ~/Pwngdb/angelheap/gdbinit.py
 7 | 
 8 | # don't skip repeat value when use telescope
 9 | set telescope-skip-repeating-val off
10 | 
11 | # show LR in aarch64
12 | set show-retaddr-reg on
13 | 
14 | # set backtrace lines 4
15 | set context-backtrace-lines 4
16 | 
17 | # don't stop the process when catch alarm signal
18 | handle SIGALRM nostop print
19 | 
20 | # set follow-fork-mode parent
21 | # don't detach when fork is called 
22 | set detach-on-fork off
23 | 
24 | # set sourcecode directory
25 | # directory /usr/src/glibc/glibc-2.27/malloc
26 | 
27 | # show content of address using offset when PIE is enabled
28 | define sbase
29 |     if $argc == 1
30 |         telescope $rebase($arg0) 10
31 |     end
32 | 
33 |     if $argc == 2
34 |         telescope $rebase($arg0) $arg1
35 |     end
36 | end
37 | 
38 | # set breakpoints using offset when PIE is enabled
39 | define bbase
40 |     b *$rebase($arg0)
41 | end
42 | 
43 | define dq
44 |     if $argc == 1
45 |         x /8gx $arg0
46 |     end
47 |     if $argc == 2
48 |         x /$arg1gx $arg0
49 |     end
50 | end
51 | 
52 | define dd
53 |     if $argc == 1
54 |         x /16wx $arg0
55 |     end
56 |     if $argc == 2
57 |         x /$arg1wx $arg0
58 |     end
59 | end
60 | 
61 | define dw
62 |     if $argc == 1
63 |         x /32hx $arg0
64 |     end
65 |     if $argc == 2
66 |         x /$arg1hx $arg0
67 |     end
68 | end
69 | 
70 | define db
71 |     if $argc == 1
72 |         x /64bx $arg0
73 |     end
74 |     if $argc == 2
75 |         x /$arg1bx $arg0
76 |     end
77 | end
78 | 
79 | # enable Pwngdb from https://github.com/scwuaptx/Pwngdb
80 | define hook-run
81 | python
82 | import angelheap
83 | angelheap.init_angelheap()
84 | end
85 | end
86 | EOF
87 | 
88 | exec gdb "$@"


--------------------------------------------------------------------------------
/gif/623588.gif:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/RoderickChan/docker_pwn_env/32cb8613d0071e3bf23ba70e7d13c57865d3741b/gif/623588.gif


--------------------------------------------------------------------------------
/gif/623673.gif:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/RoderickChan/docker_pwn_env/32cb8613d0071e3bf23ba70e7d13c57865d3741b/gif/623673.gif


--------------------------------------------------------------------------------
/heaptrace:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/RoderickChan/docker_pwn_env/32cb8613d0071e3bf23ba70e7d13c57865d3741b/heaptrace


--------------------------------------------------------------------------------
/test-this-container.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | set -ex 
 4 | 
 5 | gdb-pwndbg 
 6 | gdb-gef 
 7 | pwncli -V
 8 | 
 9 | tmux
10 | 
11 | 
12 | 


--------------------------------------------------------------------------------
/update.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | update_repo(){
 4 |     cd ~/$1
 5 |     git pull
 6 | }
 7 | 
 8 | update_repo gef
 9 | update_repo Pwngdb
10 | update_repo pwntools
11 | update_repo pwncli
12 | 
13 | exec /bin/bash
14 | 
15 | 


--------------------------------------------------------------------------------