Add kctf config for buffer

qhdwight · qhdwight · commit b3bace35630f · 2023-02-08T19:19:20.000-05:00
diff --git a/buffer_overflow/Dockerfile b/buffer_overflow/Dockerfile
@@ -0,0 +1,31 @@
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+FROM ubuntu:20.04 as chroot
+
+RUN /usr/sbin/useradd --no-create-home -u 1000 user
+
+COPY flag /
+COPY buffer_overflow /home/user/
+
+FROM gcr.io/kctf-docker/challenge@sha256:d884e54146b71baf91603d5b73e563eaffc5a42d494b1e32341a5f76363060fb
+
+COPY --from=chroot / /chroot
+
+COPY nsjail.cfg /home/user/
+
+CMD kctf_setup && \
+    kctf_drop_privs \
+    socat \
+      TCP-LISTEN:1337,reuseaddr,fork \
+      EXEC:"kctf_pow nsjail --config /home/user/nsjail.cfg -- /home/user/chal"
diff --git a/buffer_overflow/flag b/buffer_overflow/flag
@@ -0,0 +1 @@
+wctf{buffer_overflow_example}
diff --git a/buffer_overflow/nsjail.cfg b/buffer_overflow/nsjail.cfg
@@ -0,0 +1,51 @@
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# See options available at https://github.com/google/nsjail/blob/master/config.proto
+
+name: "default-nsjail-configuration"
+description: "Default nsjail configuration for pwnable-style CTF task."
+
+mode: ONCE
+uidmap {inside_id: "1000"}
+gidmap {inside_id: "1000"}
+rlimit_as_type: HARD
+rlimit_cpu_type: HARD
+rlimit_nofile_type: HARD
+rlimit_nproc_type: HARD
+
+cwd: "/home/user"
+
+mount: [
+  {
+    src: "/chroot"
+    dst: "/"
+    is_bind: true
+  },
+  {
+    dst: "/tmp"
+    fstype: "tmpfs"
+    rw: true
+  },
+  {
+    dst: "/proc"
+    fstype: "proc"
+    rw: true
+  },
+  {
+    src: "/etc/resolv.conf"
+    dst: "/etc/resolv.conf"
+    is_bind: true
+  }
+]
