From 364b72412ec921332b807595fa181c0e725eb85c Mon Sep 17 00:00:00 2001 From: Randark Date: Sat, 2 Dec 2023 16:19:58 +0000 Subject: [PATCH] update pyjail --- misc-pyjail-python_3.10-socat/Dockerfile | 34 +++++++++++++++++++ .../README.md | 0 .../docker/docker-compose.yml | 0 .../service/docker-entrypoint.sh | 32 +++++++++++++++++ .../src/server.py | 0 .../Dockerfile | 0 misc-pyjail-python_3.10-xinetd/README.md | 34 +++++++++++++++++++ .../config/ctf.xinetd | 0 .../docker/docker-compose.yml | 11 ++++++ .../service/docker-entrypoint.sh | 0 misc-pyjail-python_3.10-xinetd/src/server.py | 18 ++++++++++ 11 files changed, 129 insertions(+) create mode 100644 misc-pyjail-python_3.10-socat/Dockerfile rename {misc-pyjail-python_3.10 => misc-pyjail-python_3.10-socat}/README.md (100%) rename {misc-pyjail-python_3.10 => misc-pyjail-python_3.10-socat}/docker/docker-compose.yml (100%) create mode 100644 misc-pyjail-python_3.10-socat/service/docker-entrypoint.sh rename {misc-pyjail-python_3.10 => misc-pyjail-python_3.10-socat}/src/server.py (100%) rename {misc-pyjail-python_3.10 => misc-pyjail-python_3.10-xinetd}/Dockerfile (100%) create mode 100644 misc-pyjail-python_3.10-xinetd/README.md rename {misc-pyjail-python_3.10 => misc-pyjail-python_3.10-xinetd}/config/ctf.xinetd (100%) create mode 100644 misc-pyjail-python_3.10-xinetd/docker/docker-compose.yml rename {misc-pyjail-python_3.10 => misc-pyjail-python_3.10-xinetd}/service/docker-entrypoint.sh (100%) create mode 100644 misc-pyjail-python_3.10-xinetd/src/server.py diff --git a/misc-pyjail-python_3.10-socat/Dockerfile b/misc-pyjail-python_3.10-socat/Dockerfile new file mode 100644 index 0000000..524ac60 --- /dev/null +++ b/misc-pyjail-python_3.10-socat/Dockerfile @@ -0,0 +1,34 @@ +FROM python:3.10.12-slim-bullseye + +# 制作者信息 +LABEL auther_template="CTF-Archives" + +# apt更换镜像源,并更新软件包列表信息 +RUN sed -i 's/deb.debian.org/mirrors.ustc.edu.cn/g' /etc/apt/sources.list && \ + sed -i 's/security.debian.org/mirrors.ustc.edu.cn/g' /etc/apt/sources.list +RUN apt-get update + +# 通过apt,安装xinetd用于服务转发 +RUN apt-get install -y socat + +# 通过tuna源,安装必要的python依赖库 +# 镜像中并没有更换源,只是在pip语句中每次制定了镜像源 +RUN python3 -m pip install -i https://pypi.tuna.tsinghua.edu.cn/simple \ + pycryptodome + +# 复制容器启动脚本 +COPY ./service/docker-entrypoint.sh / +RUN chmod +x /docker-entrypoint.sh + +# 新建用户,并进行账户改变 +RUN useradd -m ctf +WORKDIR /home/ctf + +# 部署程序 +COPY ./src/server.py /home/ctf/server.py + +# [可选]指定对外暴露端口,对于GZCTF等平台,强制EXPOSE可能会造成非预期端口泄露,请酌情启用 +# EXPOSE 9999 + +# 指定容器入口点 +ENTRYPOINT ["/bin/sh","/docker-entrypoint.sh"] \ No newline at end of file diff --git a/misc-pyjail-python_3.10/README.md b/misc-pyjail-python_3.10-socat/README.md similarity index 100% rename from misc-pyjail-python_3.10/README.md rename to misc-pyjail-python_3.10-socat/README.md diff --git a/misc-pyjail-python_3.10/docker/docker-compose.yml b/misc-pyjail-python_3.10-socat/docker/docker-compose.yml similarity index 100% rename from misc-pyjail-python_3.10/docker/docker-compose.yml rename to misc-pyjail-python_3.10-socat/docker/docker-compose.yml diff --git a/misc-pyjail-python_3.10-socat/service/docker-entrypoint.sh b/misc-pyjail-python_3.10-socat/service/docker-entrypoint.sh new file mode 100644 index 0000000..d487454 --- /dev/null +++ b/misc-pyjail-python_3.10-socat/service/docker-entrypoint.sh @@ -0,0 +1,32 @@ +#!/bin/sh + +# Get the user +user=$(ls /home) + +# Check the environment variables for the flag and assign to INSERT_FLAG +if [ "$DASFLAG" ]; then + INSERT_FLAG="$DASFLAG" + export DASFLAG=no_FLAG + DASFLAG=no_FLAG +elif [ "$FLAG" ]; then + INSERT_FLAG="$FLAG" + export FLAG=no_FLAG + FLAG=no_FLAG +elif [ "$GZCTF_FLAG" ]; then + INSERT_FLAG="$GZCTF_FLAG" + export GZCTF_FLAG=no_FLAG + GZCTF_FLAG=no_FLAG +else + INSERT_FLAG="flag{TEST_Dynamic_FLAG}" +fi + +# 将FLAG写入文件 请根据需要修改 +echo $INSERT_FLAG | tee /flag + +chmod 744 /flag + +# 通过socat转发Python会话 +# TCP4-LISTEN:9999 服务将会转发到9999端口 +# reuseaddr 启用端口复用,便于多用户同时连接同一个端口 +# [可选]stderr 将脚本的stderr错误输出流也定向到用户会话 +socat -v -s TCP4-LISTEN:9999,tcpwrap=script,reuseaddr,fork EXEC:"python3 -u /home/ctf/server.py",stderr \ No newline at end of file diff --git a/misc-pyjail-python_3.10/src/server.py b/misc-pyjail-python_3.10-socat/src/server.py similarity index 100% rename from misc-pyjail-python_3.10/src/server.py rename to misc-pyjail-python_3.10-socat/src/server.py diff --git a/misc-pyjail-python_3.10/Dockerfile b/misc-pyjail-python_3.10-xinetd/Dockerfile similarity index 100% rename from misc-pyjail-python_3.10/Dockerfile rename to misc-pyjail-python_3.10-xinetd/Dockerfile diff --git a/misc-pyjail-python_3.10-xinetd/README.md b/misc-pyjail-python_3.10-xinetd/README.md new file mode 100644 index 0000000..d2460c6 --- /dev/null +++ b/misc-pyjail-python_3.10-xinetd/README.md @@ -0,0 +1,34 @@ +# misc-pyjail-python_3.10 + +** 感谢 [@gtg2619](https://github.com/gtg2619) 师傅对此模板的贡献 ** + +## 环境说明 + +提供 `Python 3.10` 的基础环境,并已经添加 `pycryptodome` 库,并基于 `xinetd` 实现服务转发,默认暴露端口位于9999 + +实现:当选手连接到对应端口(默认为9999端口,默认选手使用 `netcat` )的时候,运行 `server.py`,并将会话转发至选手的连接 + +镜像做到: +- 选手通过端口连接到容器/靶机 +- xinted服务检测到连接,启动一个 `python3` 会话 +- `python3` 通过参数 `-u /home/ctf/server.py` 限制了程序运行时的账户权限为`ctf`,然后在限制环境中启动程序 +- `xinted` 将程序会话转发给选手的连接 + +## 如何使用 + +将程序文件放入 `./src` 目录即可,文件名请修改为 `server.py` 作为文件名,便于镜像定位程序位置 + +如果需要更改为自己的文件名,需要在 `./config/ctf.xinetd`、`./Dockerfile` 和 `./service/docker-entrypoint.sh` 中进行修改 + +程序放置进 `./src` 目录之后,执行 +```shell +docker build . +``` +即可开始编译镜像 + +也可以在安放好程序文件之后,直接使用 `./docker/docker-compose.yml` 内的 `docker-compose` 文件实现一键启动测试容器 + +```shell +cd ./docker +docker-compose up -d +``` \ No newline at end of file diff --git a/misc-pyjail-python_3.10/config/ctf.xinetd b/misc-pyjail-python_3.10-xinetd/config/ctf.xinetd similarity index 100% rename from misc-pyjail-python_3.10/config/ctf.xinetd rename to misc-pyjail-python_3.10-xinetd/config/ctf.xinetd diff --git a/misc-pyjail-python_3.10-xinetd/docker/docker-compose.yml b/misc-pyjail-python_3.10-xinetd/docker/docker-compose.yml new file mode 100644 index 0000000..556fdeb --- /dev/null +++ b/misc-pyjail-python_3.10-xinetd/docker/docker-compose.yml @@ -0,0 +1,11 @@ +version: '3' +services: + test: + build: ../ + environment: + # 仅为测试用flag + FLAG: "flag{a63b4d37-7681-4850-b6a7-0d7109febb19}" + ports: + # 设置了暴露端口 + - 9999:9999 + restart: unless-stopped \ No newline at end of file diff --git a/misc-pyjail-python_3.10/service/docker-entrypoint.sh b/misc-pyjail-python_3.10-xinetd/service/docker-entrypoint.sh similarity index 100% rename from misc-pyjail-python_3.10/service/docker-entrypoint.sh rename to misc-pyjail-python_3.10-xinetd/service/docker-entrypoint.sh diff --git a/misc-pyjail-python_3.10-xinetd/src/server.py b/misc-pyjail-python_3.10-xinetd/src/server.py new file mode 100644 index 0000000..162009e --- /dev/null +++ b/misc-pyjail-python_3.10-xinetd/src/server.py @@ -0,0 +1,18 @@ +WELCOME = ''' + _ ______ _ _ _ _ + | | | ____| (_) | | (_) | + | |__ | |__ __ _ _ _ __ _ __ ___ _ __ | | __ _ _| | + | '_ \| __| / _` | | '_ \| '_ \ / _ \ '__| _ | |/ _` | | | + | |_) | |___| (_| | | | | | | | | __/ | | |__| | (_| | | | + |_.__/|______\__, |_|_| |_|_| |_|\___|_| \____/ \__,_|_|_| + __/ | + |___/ +''' + +print(WELCOME) + +print("Welcome to the python jail") +print("Let's have an beginner jail of calc") +print("Enter your expression and I will evaluate it for you.") +input_data = input("> ") +print('Answer: {}'.format(eval(input_data))) \ No newline at end of file