A docker environment for pwn in ctf based on phusion/baseimage, which is a modified ubuntu 16.04 baseimage for docker
docker run -it \
--rm \
-h ${ctf_name} \
--name ${ctf_name} \
-v $(pwd)/${ctf_name}:/ctf/work \
-p 23946:23946 \
--cap-add=SYS_PTRACE \
skysider/pwndocker
- pwntools —— CTF framework and exploit development library
- pwndbg —— a GDB plug-in that makes debugging with GDB suck less, with a focus on features needed by low-level software developers, hardware hackers, reverse-engineers and exploit developers
- ROPgadget —— facilitate ROP exploitation tool
- roputils —— A Return-oriented Programming toolkit
- one_gadget —— A searching one-gadget of execve('/bin/sh', NULL, NULL) tool for amd64 and i386
- angr —— A platform-agnostic binary analysis framework
- radare2 —— A rewrite from scratch of radare in order to provide a set of libraries and tools to work with binary files
- welpwn —— designed to make pwnning an art, freeing you from dozens of meaningless jobs.
- linux_server[64] —— IDA 7.0 debug server for linux
- tmux —— a terminal multiplexer
- ltrace —— trace library function call
- strace —— trace system call
Default compiled glibc path is /glibc.
- 2.19 —— ubuntu 12.04 default libc version
- 2.23 —— pwndocker default libc version
- 2.24 —— introduce vtable check in file struct
- 2.27 —— intruduce tcache in heap (since 2.26)
- 2.28 —— latest libc version
cp /glibc/2.27/64/lib/ld-2.27.so /tmp/ld-2.27.so
patchelf --set-interpreter /tmp/ld-2.27.so ./test
LD_PRELOAD=./libc.so.6 ./test