Docker安装
# Add Docker's official GPG key:
sudo apt-get update
sudo apt-get install ca-certificates curl gnupg
sudo install -m 0755 -d /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
sudo chmod a+r /etc/apt/keyrings/docker.gpg
# Add the repository to Apt sources:
echo \
"deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \
"$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | \
sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt-get update
sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-pluginDocker 常用命令及参数
docker ps # 显示所有的正在运行的container
docker ps -a
docker images # 显示所有的已下载的image
docker pull # 从服务器中拉取镜像
docker run # 启动image
docker run -itd --name <container_name> <image>
docker run -itd --name how2heap b4ac
docker run -itd b4ac
docker run --name container02 -p 80:80 new_image:tag
docker run --name pwn1 -e GZCTF_FLAG="nynuctf{pwn_testflag}" -p 25000:9999 pwntest1
docker exec # 在指定的container中执行某个程序
docker exec -it <container> <binary>
docker exec -it how2heap bash
docker exec -it b4ac bash
docker logs # 查看container的log
docker logs <container>
docker logs how2heap
docker logs b4ac
docker cp # 在container和宿主机之间复制文件
docker cp <file_or_path> <container>:<file_or_path>
docker cp ./pwn b4ac:/root
docker cp . b4ac:/root/pwn
docker cp ./pwn how2heap:/~
docker start # 重新启动某个container
docker start <container>
docker start how2heap
docker start b4ac
docker stop # 停止某个container
docker stop <container>
docker stop how2heap
docker stop b4ac
docker rm # 删除container
docker rm <container>
docker rm how2heap
docker rm b4ac
docker stop how2heap && docker rm how2heap
docker rmi # 删除images
docker rmi <container>
docker rmi how2heap
docker build # 根据Dockerfile生成image
docker build -t <tag> .
docker build -t how2heap .Docker编译环境
docker中的ubuntu为了缩减体积,仅包含了极少量的包,以ubuntu16.04为例,其中的glibc版本为2.23
docker pull ubuntu:16.04
docker run -itd --name pwn-16.04 ubuntu:16.04
docker exec -it pwn-16.04 bash
#安装gcc工具
apt-get update -y && apt-get upgrade -y
apt-get install vim gcc gdb -y
#编译示例
gcc -0 test test.c退出Docker 容器,并将刚才编译好的elf文件拷贝出Docker
docker cp pwn-16.04:/root/test .使用docker 运行题目环境
使用ctf_xinetd项目把二进制程序的输入输出流映射到网络端口,从而提供网络连接,
git clone https://github.com/Eadom/ctf_xinetd.git
cd ctf_xinetd
cp ../test ./bin/
cp ../flag ./bin/记得删除之前的测试test跟flag
修改ctfxinetd配置文件
service ctf
{
disable = no
socket_type = stream
protocol = tcp
wait = no
user = root
type = UNLISTED
port = 9999
bind = 0.0.0.0
server = /usr/sbin/chroot
# replace helloworld to your program
server_args = --userspec=1000:1000 /home/ctf ./helloworld
banner_fail = /etc/banner_fail
# safety options
per_source = 10 # the maximum instances of this service per source IP address
rlimit_cpu = 20 # the maximum number of CPU seconds that the service may use
#rlimit_as = 1024M # the Address Space resource limit for the service
#access_times = 2:00-9:00 12:00-24:00
}将helloworld替换为你编译好的二进制文件,之后生成镜像运行即可
docker build -t pwn-test-challenge .
docker run -itd --name pwn-test-challenge pwn-test-challenge查看运行的容器ip地址
docker inspect pwn-test-challengedocker inspect pwn-test-challenge
……
"Gateway": "172.17.0.1",
"IPAddress": "172.17.0.3",
"IPPrefixLen": 16,
……
nc 172.17.0.3 9999
使用ldd查看使用的libc,可以将其复制出来,给用户提供
ldd elf
linux-vdso.so.1 => (0x00007ffdfa7e1000)
libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f9a85d1f000)
/lib64/ld-linux-x86-64.so.2 (0x00007f9a860e9000)