A docker environment for pwn in ctf based on phusion/baseimage, which is a modified ubuntu 16.04 baseimage for docker
docker run -it \
--rm \
-h ${ctf_name} \
--name ${ctf_name} \
-v $(pwd)/${ctf_name}:/ctf/work \
-p 23946:23946 \
--cap-add=SYS_PTRACE \
skysider/pwndocker
- pwntools ββ CTF framework and exploit development library
- pwndbg ββ a GDB plug-in that makes debugging with GDB suck less, with a focus on features needed by low-level software developers, hardware hackers, reverse-engineers and exploit developers
- pwngdb ββ gdb for pwn
- ROPgadget ββ facilitate ROP exploitation tool
- roputils ββ A Return-oriented Programming toolkit
- one_gadget ββ A searching one-gadget of execve('/bin/sh', NULL, NULL) tool for amd64 and i386
- angr ββ A platform-agnostic binary analysis framework
- radare2 ββ A rewrite from scratch of radare in order to provide a set of libraries and tools to work with binary files
- welpwn ββ designed to make pwnning an art, freeing you from dozens of meaningless jobs.
- linux_server[64] ββ IDA 7.0 debug server for linux
- tmux ββ a terminal multiplexer
- ltrace ββ trace library function call
- strace ββ trace system call
Default compiled glibc path is /glibc.
- 2.19 ββ ubuntu 12.04 default libc version
- 2.23 ββ pwndocker default libc version
- 2.24 ββ introduce vtable check in file struct
- 2.27 ββ intruduce tcache in heap (since 2.26)
- 2.28 ββ new libc version
cp /glibc/2.27/64/lib/ld-2.27.so /tmp/ld-2.27.so
patchelf --set-interpreter /tmp/ld-2.27.so ./test
LD_PRELOAD=./libc.so.6 ./testor
from pwn import *
p = process(["/path/to/ld.so", "./test"], env={"LD_PRELOAD":"/path/to/libc.so.6"})