A Docker environment for CTF pwning based on a modified Ubuntu 20.04 phusion/baseimage:master-amd64.
Forked from skysider/pwndocker.
$ docker run --rm -v "$PWD":/ctf/work \
--cap-add=SYS_PTRACE -it pwndocker:latest- pwntools ββ CTF framework and exploit development library
- pwndbg ββ A GDB plug-in that makes debugging with GDB suck less, with a focus on features needed by low-level software developers, hardware hackers, reverse-engineers and exploit developers
- pwngdb ββ GDB for pwn
- ROPgadget ββ Facilitate ROP exploitation tool
- roputils ββ A Return-oriented Programming toolkit
- one_gadget ββ A searching one-gadget of execve('/bin/sh', NULL, NULL) tool for amd64 and i386
- z3 ββ The Z3 Theorem Prover
- angr ββ A platform-agnostic binary analysis framework
- radare2 ββ A rewrite from scratch of radare in order to provide a set of libraries and tools to work with binary files
- seccomp-tools ββ Provide powerful tools for seccomp analysis
- tmux ββ A terminal multiplexer
- ltrace ββ Trace library function call
- strace ββ Trace system call
- qemu ββ A generic and open source machine emulator and virtualizer
Default compiled glibc path is /glibc.
- 2.19 ββ Ubuntu 12.04 default libc version
- 2.23 ββ Ubuntu 16.04 default libc version
- 2.24 ββ Introduce vtable check in file struct
- 2.27 ββ Pwndocker default glibc version
- 2.28~2.31 ββ Latest libc versions
ld.so files for each libc version can be found in their respective folders under /glibc/<version>/<arch>/lib/ld-<version>.so.
$ cp /glibc/2.27/64/lib/ld-2.27.so /tmp/ld-2.27.so
$ patchelf --set-interpreter /tmp/ld-2.27.so ./test
$ LD_PRELOAD=./libc.so.6 ./testor
from pwn import *
p = process(["/path/to/ld.so", "./test"], env={"LD_PRELOAD":"/path/to/libc.so.6"})