├── .dockerignore ├── Dockerfile ├── README.md └── setup.sh /.dockerignore: -------------------------------------------------------------------------------- 1 | setup.sh 2 | .git* 3 | README.md 4 | -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- 1 | FROM ubuntu:latest 2 | MAINTAINER boogy 3 | 4 | ENV DEBIAN_FRONTEND noninteractive 5 | RUN dpkg --add-architecture i386 \ 6 | && apt-get update \ 7 | && apt-get -yq install \ 8 | build-essential \ 9 | python2.7 \ 10 | python2.7-dev \ 11 | python-dbg \ 12 | python-imaging \ 13 | python-pycryptopp \ 14 | python-pyside \ 15 | python-dev \ 16 | python-dev \ 17 | python-pip \ 18 | python-virtualenv \ 19 | virtualenvwrapper \ 20 | python3 \ 21 | python3-pip \ 22 | python3-dev \ 23 | libqt4-dev \ 24 | libxml2-dev \ 25 | libxslt1-dev \ 26 | libgraphviz-dev \ 27 | libjpeg8 \ 28 | libjpeg62-dev \ 29 | libfreetype6 \ 30 | libfreetype6-dev \ 31 | apt-utils \ 32 | default-jre \ 33 | libboost-all-dev \ 34 | git \ 35 | sudo \ 36 | p7zip \ 37 | autoconf \ 38 | libssl-dev \ 39 | libpcap-dev \ 40 | libffi-dev \ 41 | libqt4-dev \ 42 | graphviz-dev \ 43 | cmake \ 44 | clang \ 45 | llvm \ 46 | nasm \ 47 | tmux \ 48 | gdb \ 49 | gdb-multiarch \ 50 | gdbserver \ 51 | foremost \ 52 | ipython \ 53 | stow \ 54 | virtualenvwrapper \ 55 | ltrace \ 56 | strace \ 57 | socat \ 58 | tcpdump \ 59 | john \ 60 | hydra \ 61 | vim \ 62 | curl \ 63 | wget \ 64 | nmap \ 65 | gcc-multilib \ 66 | g++-multilib \ 67 | netcat \ 68 | openssh-server \ 69 | openssh-client \ 70 | lsof \ 71 | libc6:i386 \ 72 | libncurses5:i386 \ 73 | libstdc++6:i386 \ 74 | libc6-dev-i386 \ 75 | squashfs-tools \ 76 | apktool \ 77 | libimage-exiftool-perl \ 78 | qemu \ 79 | qemu-user \ 80 | qemu-user-static 81 | 82 | ## super root password 83 | RUN /bin/echo -e "toor\ntoor"|passwd root 84 | 85 | ## setup a user 86 | RUN useradd -m -s /bin/bash ctf \ 87 | && usermod -aG sudo ctf \ 88 | && /bin/echo -e "ctf\nctf"|passwd ctf \ 89 | && chmod 4750 /home/ctf \ 90 | && mkdir -p /home/ctf/tools \ 91 | && chown -R ctf: /home/ctf \ 92 | && mkdir -p /etc/sudoers.d \ 93 | && echo "ctf ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/ctf \ 94 | && echo "kernel.yama.ptrace_scope = 0" > /etc/sysctl.d/10-ptrace.conf, \ 95 | && sysctl -p 96 | 97 | ## clone my dotfiles 98 | RUN git clone https://github.com/boogy/dotfiles.git /home/ctf/dotfiles 99 | 100 | ## Other python cool pip modules 101 | RUN pip2 install --upgrade pip \ 102 | && pip2 install --upgrade r2pipe \ 103 | && pip2 install --upgrade Pillow \ 104 | && pip2 install --upgrade distorm3 \ 105 | && pip2 install --upgrade pycrypto \ 106 | && pip2 install --upgrade git+https://github.com/hellman/xortool.git 107 | 108 | ## Install Binjitsu 109 | RUN pip install --upgrade git+https://github.com/Gallopsled/pwntools.git 110 | 111 | ## Install peda 112 | RUN git clone https://github.com/longld/peda.git /home/ctf/tools/peda \ 113 | && echo -en "define load_peda\n source /home/ctf/tools/peda/peda.py\nend\n" >> /home/ctf/.gdbinit 114 | 115 | ## Install pwndbg 116 | RUN git clone https://github.com/zachriggle/pwndbg /home/ctf/tools/pwndbg \ 117 | && echo -en "\ndefine load_pwndbg\n source /home/ctf/tools/pwndbg/gdbinit.py\nend\n" >> /home/ctf/.gdbinit \ 118 | && pip3 install pycparser 119 | 120 | ## Install capstone 121 | RUN git clone https://github.com/aquynh/capstone /home/ctf/tools/capstone \ 122 | && cd /home/ctf/tools/capstone \ 123 | && ./make.sh \ 124 | && ./make.sh install \ 125 | && cd /home/ctf/tools/capstone/bindings/python \ 126 | && python3 setup.py install \ 127 | && python2 setup.py install 128 | 129 | ## Install radare2 130 | RUN git clone https://github.com/radare/radare2 /home/ctf/tools/radare2 \ 131 | && cd /home/ctf/tools/radare2 \ 132 | && ./sys/install.sh 133 | 134 | ## Install binwalk 135 | RUN git clone https://github.com/devttys0/binwalk /home/ctf/tools/binwalk \ 136 | && cd /home/ctf/tools/binwalk \ 137 | && python setup.py install 138 | 139 | ## Uninstall capstone for python2 140 | #RUN pip2 uninstall capstone -y \ 141 | # && cd /home/ctf/tools/capstone/bindings/python \ 142 | # && python3 setup.py install 143 | 144 | ## Install american-fuzzy-lop 145 | RUN wget --quiet http://lcamtuf.coredump.cx/afl/releases/afl-latest.tgz -O /home/ctf/tools/afl-latest.tgz \ 146 | && cd /home/ctf/tools/ \ 147 | && tar -xzvf afl-latest.tgz \ 148 | && rm afl-latest.tgz \ 149 | && (cd afl-*;make;(cd llvm_mode;make);make install) 150 | 151 | ## Install angr 152 | #RUN git clone https://github.com/angr/angr-dev /home/ctf/tools/angr-dev \ 153 | # && cd /home/ctf/tools/angr-dev \ 154 | # && ./setup.sh -i -e angr 155 | RUN pip2 install angr 156 | 157 | # RUN git clone https://github.com/angr/angr-dev /home/ctf/tools/angr-dev \ 158 | # && cd /home/ctf/tools/angr-dev \ 159 | # && . /usr/local/bin/virtualenvwrapper.sh \ 160 | # && mkvirtualenv angr \ 161 | # && echo "I know this is a bad idea."|./setup.sh -i \ 162 | # && deactivate 163 | # # && ./setup.sh -i -e angr 164 | 165 | ## Install rp++ 166 | RUN apt-get install -yq clang-3.5 \ 167 | && export CC=/usr/bin/clang-3.5 \ 168 | && export CXX=/usr/bin/clang++-3.5 \ 169 | && cd /home/ctf/tools \ 170 | && git clone https://github.com/0vercl0k/rp.git \ 171 | && cd rp \ 172 | && git checkout next \ 173 | && git submodule update --init --recursive \ 174 | && sed -i 's/find_package(Boost 1.59.0 COMPONENTS flyweight)/find_package(Boost)/g' CMakeLists.txt \ 175 | && mkdir build \ 176 | && cd build \ 177 | && cmake ../ \ 178 | && make \ 179 | && cp ../bin/rp-lin-x64 /usr/local/bin/ 180 | 181 | 182 | ## Install ROPGadget 183 | RUN git clone https://github.com/JonathanSalwan/ROPgadget /home/ctf/tools/ROPgadget \ 184 | && cd /home/ctf/tools/ROPgadget \ 185 | && python setup.py install 186 | 187 | 188 | ## Install Z3 Prover 189 | RUN git clone https://github.com/Z3Prover/z3.git /home/ctf/tools/z3 \ 190 | && cd /home/ctf/tools/z3 \ 191 | && python scripts/mk_make.py --python \ 192 | && cd build \ 193 | && make install 194 | 195 | ## Install keystone engine 196 | RUN git clone https://github.com/keystone-engine/keystone.git /home/ctf/tools/keystone \ 197 | && cd /home/ctf/tools/keystone \ 198 | && mkdir build \ 199 | && cd build \ 200 | && ../make-share.sh \ 201 | && make install \ 202 | && ldconfig \ 203 | && cd /home/ctf/tools/keystone/bindings/python \ 204 | && make install 205 | 206 | ## Install manticore 207 | #RUN git clone --depth 1 https://github.com/trailofbits/manticore.git \ 208 | # && cd manticore \ 209 | # && pip install --no-binary capstone . 210 | 211 | EXPOSE 22 1337 3002 3003 4000 212 | USER ctf 213 | WORKDIR /home/ctf 214 | 215 | CMD ["/bin/bash", "-i"] 216 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | CTFBOX 2 | ======= 3 | [![](https://images.microbadger.com/badges/image/boogy/ctfbox.svg)](http://microbadger.com/images/boogy/ctfbox "Get your own image badge on microbadger.com") [![](https://images.microbadger.com/badges/version/boogy/ctfbox.svg)](http://microbadger.com/images/boogy/ctfbox "Get your own version badge on microbadger.com") 4 | 5 | When playing CTFs I like to have all the tools ready to rock when needed. 6 | This docker image will provide these tools installed on ubuntu:latest image. 7 | 8 | The script(s) was forked from [praetorian-inc/epictreasure](https://github.com/praetorian-inc/epictreasure) 9 | 10 | Similar configurations [ctf-tools](https://github.com/zardus/ctf-tools) 11 | 12 | Installation/ Build 13 | ===================== 14 | 15 | ```bash 16 | git clone https://github.com/boogy/ctfbox.git 17 | cd ctfbox 18 | docker build -t ctfbox . 19 | ``` 20 | 21 | Docker Hub 22 | ========== 23 | 24 | The image is also present on [docker hub](https://hub.docker.com/r/boogy/ctfbox/) 25 | 26 | ```bash 27 | docker pull boogy/ctfbox 28 | ``` 29 | 30 | 31 | Run the ctfbox 32 | ================ 33 | 34 | Start the image 35 | 36 | ```bash 37 | docker run -it boogy/ctfbox 38 | ``` 39 | 40 | If you have problems with gdb or gdbserver you can run the container in privileged mode and with the host network. 41 | 42 | ```bash 43 | sudo docker run -it --privileged --net=host boogy/ctfbox 44 | ``` 45 | 46 | List of some tools installed and examples 47 | ============================================= 48 | 49 | * [Z3 Solver](https://github.com/Z3Prover/z3) 50 | * [Capstone](https://github.com/aquynh/capstone) 51 | * [Keystone Engine](https://github.com/keystone-engine/keystone) 52 | * [Binwalk](http://binwalk.org/) 53 | * [radare2](https://github.com/radare/radare2) 54 | * [Afl](http://lcamtuf.coredump.cx/afl/) 55 | * [Angr](https://github.com/angr/angr) 56 | * [ROPgadget](https://github.com/JonathanSalwan/ROPgadget) 57 | * [rp++](https://github.com/0vercl0k/rp) 58 | * [binjitsu](https://github.com/binjitsu/binjitsu) 59 | * [peda](https://github.com/longld/peda) 60 | * [pwndbg](https://github.com/zachriggle/pwndbg) 61 | 62 | 63 | Screenshots 64 | ------------ 65 | 66 | binjitsu - CTF toolkit 67 | ------------------------ 68 | ```python 69 | from pwn import * 70 | context(arch = 'i386', os = 'linux') 71 | 72 | r = remote('exploitme.example.com', 31337) 73 | # EXPLOIT CODE GOES HERE 74 | r.send(asm(shellcraft.sh())) 75 | r.interactive() 76 | ``` 77 | 78 | Radare2 79 | --------- 80 | ![radare2](http://radare.org/r/img/r2cg.png) 81 | ![radare2 webui](http://radare.org/r/img/webui.png) 82 | 83 | Peda 84 | ------ 85 | ![start](http://i.imgur.com/P1BF5mp.png) 86 | 87 | 88 | ROPGadget 89 | ----------- 90 | ![x64-ropgadget](http://shell-storm.org/project/ROPgadget/x64.png) 91 | 92 | 93 | -------------------------------------------------------------------------------- /setup.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # 3 | # Script forked from praetorian-inc/epictreasure 4 | # https://github.com/praetorian-inc/epictreasure 5 | 6 | ## create a user 7 | #getent passwd ctf || useradd -m -s /bin/bash ctf 8 | #chown -R ctf: /home/ctf && chmod 4750 /home/ctf 9 | #mkdir -p /home/ctf/tools && mkdir -p /etc/sudoeres.d/ 10 | #echo "ctf ALL=(ALL) NOPASSWD:ALL" > /etc/sudoeres.d/ctf 11 | #echo "kernel.yama.ptrace_scope = 0" > /etc/sysctl.d/10-ptrace.conf 12 | 13 | ## Updates 14 | # apt-get -yq update 15 | # apt-get -yq upgrade 16 | # apt-get -yq install apt-utils python2.7 python-pip python2.7-dev python3-pip python3-dev python-dbg git \ 17 | # sudo p7zip autoconf libssl-dev libpcap-dev libffi-dev clang nasm tmux \ 18 | # gdb gdb-multiarch gdbserver foremost ipython stow build-essential virtualenvwrapper \ 19 | # ltrace strace socat tcpdump john hydra vim curl wget nmap \ 20 | # g++ gcc netcat netcat6 openssh-server openssh-client lsof 21 | 22 | ## Install 32 bit libs also 23 | # dpkg --add-architecture i386 24 | # apt update 25 | # apt-get -yq install libc6:i386 libncurses5:i386 libstdc++6:i386 26 | # apt-get -yq install libc6-dev-i386 27 | pip install --upgrade pip 28 | 29 | ## QEMU with MIPS/ARM - http://reverseengineering.stackexchange.com/questions/8829/cross-debugging-for-mips-elf-with-qemu-toolchain 30 | #apt-get -yq install qemu qemu-user qemu-user-static 'binfmt*' libc6-armhf-armel-cross debian-keyring debian-archive-keyring emdebian-archive-keyring 31 | #tee /etc/apt/sources.list.d/emdebian.list << EOF 32 | #deb http://mirrors.mit.edu/debian squeeze main 33 | #deb http://www.emdebian.org/debian squeeze main 34 | #EOF 35 | 36 | #apt-get -yq install libc6-mipsel-cross libc6-arm-cross 37 | #mkdir /etc/qemu-binfmt 38 | #ln -s /usr/mipsel-linux-gnu /etc/qemu-binfmt/mipsel 39 | #ln -s /usr/arm-linux-gnueabihf /etc/qemu-binfmt/arm 40 | #rm /etc/apt/sources.list.d/emdebian.list 41 | #apt update 42 | 43 | ## Install Binjitsu 44 | pip2 install --upgrade git+https://github.com/binjitsu/binjitsu.git 45 | 46 | ## Install pwnlib-binutil 47 | apt-get install -yq software-properties-common 48 | apt-add-repository --yes ppa:pwntools/binutils 49 | apt-get update 50 | ARCHES="aarch64 alpha arm avr cris hppa ia64 m68k mips mips64 msp430 powerpc powerpc64 s390 sparc vax xscale i386 x86_64" 51 | for arch in $ARCHES; do 52 | apt-get -yq install binutils-$arch-linux-gnu 53 | done 54 | 55 | mkdir /home/ctf/tools && \ 56 | chown -R ctf: /home/ctf/tools 57 | 58 | ## Install peda 59 | cd /home/ctf/tools 60 | git clone https://github.com/longld/peda.git 61 | echo -en "define load_peda\n source ~/tools/peda/peda.py\nend" >> ~/.gdbinit 62 | 63 | ## Install pwndbg 64 | cd /home/ctf/tools 65 | git clone https://github.com/zachriggle/pwndbg 66 | echo -en "define load_pwndbg\n source ~/tools/pwndbg/gdbinit.py\nend" >> ~/.gdbinit 67 | 68 | ## Capstone for pwndbg 69 | cd /home/ctf/tools 70 | git clone https://github.com/aquynh/capstone 71 | cd capstone 72 | git checkout -t origin/next 73 | ./make.sh install 74 | cd bindings/python 75 | python3 setup.py install # Ubuntu 14.04+, GDB uses Python3 76 | 77 | ## pycparser for pwndbg 78 | pip3 install pycparser # Use pip3 for Python3 79 | 80 | ## Install radare2 81 | cd /home/ctf/tools 82 | git clone https://github.com/radare/radare2 83 | cd radare2 84 | ./sys/install.sh 85 | 86 | ## Install binwalk 87 | cd /home/ctf/tools 88 | git clone https://github.com/devttys0/binwalk 89 | cd binwalk 90 | python setup.py install 91 | apt-get -yq install squashfs-tools 92 | 93 | ## Install Firmware-Mod-Kit 94 | #apt-get -yq install zlib1g-dev liblzma-dev python-magic 95 | #cd /home/ctf/tools 96 | #wget https://firmware-mod-kit.googlecode.com/files/fmk_099.tar.gz 97 | #tar xvf fmk_099.tar.gz 98 | #rm fmk_099.tar.gz 99 | #cd fmk_099/src 100 | #./configure 101 | #make 102 | 103 | ## Uninstall capstone 104 | pip2 uninstall capstone -y 105 | 106 | ## Install correct capstone 107 | cd ~/tools/capstone/bindings/python 108 | python setup.py install 109 | 110 | ## Personal config not installed by default 111 | cd /home/ctf 112 | git clone https://github.com/boogy/dotfiles.git 113 | 114 | ## Install Angr framework 115 | cd /home/ctf/tools 116 | pip2 install angr --upgrade 117 | 118 | ## Install american-fuzzy-lop 119 | apt-get -yq install clang llvm 120 | cd /home/ctf/tools 121 | wget --quiet http://lcamtuf.coredump.cx/afl/releases/afl-latest.tgz 122 | tar -xzvf afl-latest.tgz 123 | rm afl-latest.tgz 124 | ( 125 | cd afl-* 126 | make 127 | # build clang-fast 128 | ( 129 | cd llvm_mode 130 | make 131 | ) 132 | make install 133 | ) 134 | 135 | ## Install Pillow 136 | apt-get build-dep python-imaging 137 | apt-get -yq install libjpeg8 libjpeg62-dev libfreetype6 libfreetype6-dev 138 | pip2 install Pillow 139 | 140 | ## Install angr-dev 141 | cd /home/ctf/tools 142 | git clone https://github.com/angr/angr-dev 143 | cd angr-dev 144 | ./setup.sh -i angr 145 | 146 | ## Replace ROPGadget with rp++ 147 | apt-get -yq install cmake libboost-all-dev clang-3.5 148 | export CC=/usr/bin/clang-3.5 149 | export CXX=/usr/bin/clang++-3.5 150 | cd /home/ctf/tools 151 | git clone https://github.com/0vercl0k/rp.git 152 | cd rp 153 | git checkout next 154 | git submodule update --init --recursive 155 | # little hack to make it compile 156 | sed -i 's/find_package(Boost 1.59.0 COMPONENTS flyweight)/find_package(Boost)/g' CMakeLists.txt 157 | mkdir build && cd build && cmake ../ && make && cp ../bin/rp-lin-x64 /usr/local/bin/ 158 | 159 | ## Install ROPGadget 160 | cd /home/ctf/tools 161 | git clone https://github.com/JonathanSalwan/ROPgadget 162 | cd ROPgadget 163 | python setup.py install 164 | 165 | ## Install Z3 Prover 166 | cd /home/ctf/tools 167 | git clone https://github.com/Z3Prover/z3.git 168 | cd z3 169 | python scripts/mk_make.py 170 | cd build 171 | make install 172 | python ../scripts/mk_make.py --python 173 | 174 | ## Install keystone engine 175 | cd /home/ctf/tools 176 | git clone https://github.com/keystone-engine/keystone.git 177 | mkdir build 178 | cd build 179 | ../make-share.sh 180 | make install 181 | ldconfig 182 | cd /home/ctf/tools/keystone/bindings/python 183 | sudo make install 184 | 185 | ## Install qira 186 | #cd /home/ctf/tools 187 | #git clone https://github.com/BinaryAnalysisPlatform/qira.git 188 | #cd qira/ 189 | #./install.sh 190 | 191 | ## Python pip cool modules 192 | pip2 install --upgrade r2pipe 193 | pip2 install --upgrade distorm3 194 | pip2 install --upgrade pycrypto 195 | pip2 install --upgrade git+https://github.com/hellman/xortool.git 196 | 197 | # enable ssh on the box 198 | systemctl start ssh.service && \ 199 | systemctl enable ssh.service 200 | 201 | --------------------------------------------------------------------------------