diff --git a/.env b/.env new file mode 100644 index 0000000..e577a39 --- /dev/null +++ b/.env @@ -0,0 +1,2 @@ +SHELL=/bin/zsh +#PATH="/root/.cargo/bin:${PATH}" diff --git a/to-do/zshrc b/.zshrc similarity index 87% rename from to-do/zshrc rename to .zshrc index 5aa8713..3543357 100644 --- a/to-do/zshrc +++ b/.zshrc @@ -1,4 +1,5 @@ -export PS1='%B%f%1~%F{red} %bpwn%B $%f%b ' +# credits: https://github.com/joleeee/pwnbox +export PS1='%B%f%1~%F{red} %bpwnbox%B $%f%b ' # save everything export HISTFILE=~/.zsh_history @@ -28,5 +29,5 @@ alias la='ls -A' alias l='ls -CF' alias tmux='tmux -u' -. "$HOME/.cargo/env" - +#. "$HOME/.cargo/env" +PATH=$PATH:/home/user/.cargo/bin diff --git a/Dockerfile b/Dockerfile index 5c26ef1..19ec504 100644 --- a/Dockerfile +++ b/Dockerfile @@ -18,9 +18,11 @@ RUN dpkg --add-architecture i386 && \ cargo \ cmake \ cpio \ + curl \ file \ g++-multilib \ gawk \ + gcc \ gdb \ gdb-multiarch \ gdbserver \ @@ -37,6 +39,7 @@ RUN dpkg --add-architecture i386 && \ liblzma-dev \ libmpc-dev \ libssl-dev \ + locales \ ltrace \ nasm \ net-tools \ @@ -67,7 +70,11 @@ RUN dpkg --add-architecture i386 && \ # Fix time zone RUN ln -fs /usr/share/zoneinfo/$TZ /etc/localtime && dpkg-reconfigure -f noninteractive tzdata -RUN sh -c "$(curl -fsSL https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh)" +# Fix locales +RUN sed -i '/en_US.UTF-8/s/^# //g' /etc/locale.gen && locale-gen +ENV LANG en_US.UTF-8 +ENV LANGUAGE en_US:en +ENV LC_ALL en_US.UTF-8 # Install radare2 RUN version=$(curl -s https://api.github.com/repos/radareorg/radare2/releases/latest | grep -P '"tag_name": "(.*)"' -o| awk '{print $2}' | awk -F"\"" '{print $2}') && \ @@ -89,7 +96,6 @@ RUN apt-get install libreadline6-dev -y && \ RUN gem install one_gadget seccomp-tools && rm -rf /var/lib/gems/2.*/cache/* # Download prebuilt glibc versions for debugging by skysider -# TODO: Figure out if we can just use https://libc.rip and https://libc.blukat.me instead... COPY --from=skysider/glibc_builder64:2.19 /glibc/2.19/64 /glibc/2.19/64 COPY --from=skysider/glibc_builder32:2.19 /glibc/2.19/32 /glibc/2.19/32 @@ -143,6 +149,10 @@ RUN mkdir -p $RESOURCES && chown -R $USER:$USER $RESOURCES USER $USER WORKDIR /home/$USER +# Install Oh My zsh and add .zshrc +RUN sh -c "$(curl -fsSL https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh)" +COPY .zshrc /home/$USER/.zshrc + # Install nice-to-have tools with pip RUN python3 -m pip install --upgrade pip && \ python3 -m pip install --no-cache-dir --user \ @@ -150,10 +160,13 @@ RUN python3 -m pip install --upgrade pip && \ apscheduler \ binsync \ capstone \ + cryptography \ decomp2dbg \ keystone-engine \ pebble \ pwntools \ + pycryptodome \ + requests \ r2pipe \ ropgadget \ ropper \ @@ -161,11 +174,15 @@ RUN python3 -m pip install --upgrade pip && \ unicorn \ z3-solver +# Install new Rust version +# RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y + # Install pwninit #RUN wget https://github.com/io12/pwninit/releases/download/3.2.0/pwninit -P /home/$USER/.local/bin/ && \ # chmod +x /home/$USER/.local/bin/pwninit RUN cargo install pwninit + # Install useful plugins for gdb RUN mkdir ~/.gdb-plugins && \ git clone --depth 1 https://github.com/pwndbg/pwndbg.git .gdb-plugins/pwndbg && \ @@ -174,6 +191,7 @@ RUN mkdir ~/.gdb-plugins && \ git clone --depth 1 https://github.com/hugsy/gef.git .gdb-plugins/gef && \ git clone --depth 1 https://github.com/scwuaptx/Pwngdb.git .gdb-plugins/Pwngdb && \ curl -O "https://gist.githubusercontent.com/nicolaipre/df88b22bb0658b6719a92a73175638a2/raw/1e61ad6d4d9fbc1a97fc48b1a74f3a0e511d505e/.gdbinit" + # RUN git clone https://github.com/pwndbg/pwndbg && cd pwndbg && ./setup.sh # Download statically compiled gdbserver binaries for different architectures. # Copy a gdbserver to a remote host or container for remote debugging or just use qemu. @@ -199,4 +217,4 @@ RUN wget https://github.com/slimm609/checksec.sh/archive/refs/tags/2.5.0.zip -P RUN ln -s $RESOURCES ~/resources -ENTRYPOINT ["bash"] \ No newline at end of file +ENTRYPOINT ["/bin/zsh"] diff --git a/Makefile b/Makefile index 2c8bc2b..f1f02e8 100644 --- a/Makefile +++ b/Makefile @@ -9,14 +9,17 @@ despawn: docker compose down shell: - docker exec -it pwndocker /bin/bash + docker exec -it pwnbox /bin/bash spawn: docker compose up -d - #docker run -d --cap-add all --privileged --name pwnbox --mount 'type=volume,src=pwnbox-chals,dst=/chals' pwnbox sleep infinity + @#docker run -d --cap-add all --privileged --name pwnbox --mount 'type=volume,src=pwnbox-chals,dst=/chals' pwnbox sleep infinity start: docker compose start stop: docker compose stop + +status: + docker ps -a diff --git a/README.md b/README.md index 725931c..ea23957 100644 --- a/README.md +++ b/README.md @@ -1,8 +1,8 @@ # pwnbox -[![Actions Status](https://github.com/nicolaipre/pwnbox/workflows/pwnbox/badge.svg)](https://github.com/nicolaipre/pwnbox/actions) +Build Status -add `man`? +[![](https://github.com/nicolaipre/pwnbox/workflows/Docker%20Image%20CI/badge.svg)](https://github.com/nicolaipre/pwnbox/actions) Heavily based on (pretty much ripped) [pwndocker](https://github.com/skysider/pwndocker). @@ -20,6 +20,10 @@ $ go 16.04 # ubuntu:12.04 ``` +## To-Do +- [ ] Figure out if we can just use https://libc.rip and https://libc.blukat.me instead... + + ### Usage ```shell # build diff --git a/docker-compose.yml b/docker-compose.yml index 028b2a4..e15ec4c 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -2,6 +2,7 @@ services: pwn: container_name: pwnbox image: pwnbox + hostname: pwnbox stdin_open: true tty: true build: diff --git a/to-do/Dockerfile.jole b/to-do/Dockerfile.jole deleted file mode 100644 index 697c1d0..0000000 --- a/to-do/Dockerfile.jole +++ /dev/null @@ -1,29 +0,0 @@ -FROM ubuntu:22.04 - -RUN apt update -RUN apt upgrade -y -RUN apt install -y python3 python-is-python3 pip build-essential gcc gdb git curl locales - -RUN sed -i '/en_US.UTF-8/s/^# //g' /etc/locale.gen && locale-gen -ENV LANG en_US.UTF-8 -ENV LANGUAGE en_US:en -ENV LC_ALL en_US.UTF-8 - -RUN pip install --no-cache-dir pwntools cryptography beautifulsoup4 requests - -RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y - -WORKDIR /root - -RUN git clone https://github.com/pwndbg/pwndbg && cd pwndbg && ./setup.sh - -RUN apt install -y pkg-config libssl-dev liblzma-dev -RUN /root/.cargo/bin/cargo install pwninit -ENV PATH="/root/.cargo/bin:${PATH}" - -RUN apt install -y zsh -COPY zshrc /root/.zshrc -ENV SHELL=/bin/zsh - -WORKDIR /chals -CMD ["zsh"] diff --git a/to-do/gdbinit.txt b/to-do/gdbinit.txt deleted file mode 100644 index 9ee9a9c..0000000 --- a/to-do/gdbinit.txt +++ /dev/null @@ -1,49 +0,0 @@ -# pwndbg -define init-pwndbg -source ~/.gdb-plugins/pwndbg/gdbinit.py -end -document init-pwndbg -Initializes pwndbg. -end - -# GEF -define init-gef -source ~/.gdb-plugins/gef/gef.py -end -document init-gef -Initializes GEF (GDB Enhanced Features). -end - -# PEDA -define init-peda -source ~/.gdb-plugins/peda/peda.py -end -document init-peda -Initializes the PEDA (Python Exploit Development Assistant for GDB) framework. -end - -# peda-heap -define init-peda-heap -source ~/.gdb-plugins/peda-heap/peda.py -end -document init-peda-heap -Initializes an improved version of PEDA for heap debugging. -end - -# Pwngdb -define init-pwngdb -source ~/.gdb-plugins/peda/peda.py -source ~/.gdb-plugins/Pwngdb/pwngdb.py -source ~/.gdb-plugins/Pwngdb/angelheap/gdbinit.py -end -document init-pwngdb -Initializes Pwngdb (gdb for pwn). -end - -# Pwngdb hook -define pwngdb-hook-run -python -import angelheap -angelheap.init_angelheap() -end -end