#!/bin/bash
#--- Chmod +x **.sh
# 패키지 업데이트 및 설치
sudo mkdir ~/.pwn
apt update && apt install sudo
sudo apt update -y
sudo apt install -y vim git gcc ssh curl netcat \\n
wget gdb sudo zsh python3 python3-pip libffi-dev build-essential \\n
libssl-dev libc6-i386 libc6-dbg gcc-multilib \\n
make nano zsh git file
# SSH 설치 및 설정
sudo apt install -y openssh-server
sudo sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config
sudo sed -i 's/#Port 22/Port 22/' /etc/ssh/sshd_config
sudo systemctl restart ssh
sudo systemctl enable ssh
# i386 아키텍처 추가
sudo dpkg --add-architecture i386
sudo apt update
sudo apt install -y libc6:i386
# Python 패키지 설치
sudo python3 -m pip install --upgrade pip
python3 -m pip config set global.break-system-packages true
sudo pip3 install unicorn keystone-engine pwntools ropgadget
# 기타 라이브러리 설치
sudo apt install -y libcapstone-dev
# 도구 설치
cd ~/.pwn && git clone <https://github.com/apogiatzis/gdb-peda-pwndbg-gef.git>
cd gdb-peda-pwndbg-gef
./install.sh
#radare2 설치
sudo apt install snapd -y
sudo snap install radare2 --classic
# Ruby 패키지 설치
sudo apt install -y ruby-full
sudo gem install one_gadget seccomp-tools
# oh-my-zsh과 pure 프롬프트 설치
export OPENSSL_ia32cap=~0x1000000000000000:~0
sh -c "$(curl -fsSL <https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh>)"
wget <https://github.com/robbyrussell/oh-my-zsh/raw/master/tools/install.sh> -O - | zsh || true
mkdir -p "$HOME/.zsh"
sudo git clone <https://github.com/sindresorhus/pure.git> "$HOME/.zsh/pure"
echo 'fpath+=("$HOME/.zsh/pure")' >> ~/.zshrc
echo 'autoload -U promptinit; promptinit' >> ~/.zshrc
echo 'prompt pure' >> ~/.zshrc
# zsh 플러그인 설치
sudo git clone <https://github.com/zsh-users/zsh-syntax-highlighting.git>
echo "source ./zsh-syntax-highlighting/zsh-syntax-highlighting.zsh" >> ~/.zshrc
sudo git clone <https://github.com/zsh-users/zsh-autosuggestions> ~/.zsh/zsh-autosuggestions
echo "source ~/.zsh/zsh-autosuggestions/zsh-autosuggestions.zsh" >> ~/.zshrc
echo "ZSH_AUTOSUGGEST_HIGHLIGHT_STYLE='fg=111'" >> ~/.zshrc
export LANG=C.UTF-8
# SSH 설치
sudo apt update
sudo apt install -y openssh-server
# PermitRootLogin을 허용으로 변경
sudo sed -i 's/^#*PermitRootLogin .*/PermitRootLogin yes/' /etc/ssh/sshd_config
# root의 비밀번호를 변경
echo "root:seungjung0711" | sudo chpasswd
cd ~
git clone <https://github.com/radareorg/radare2>
radare2/sys/install.sh
# SSH 서비스 재시작
sudo service ssh restart
from pwn import *
host = 'host3.dreamhack.games'
port = 22538
#p = remote(host, port)
p = process('./uaf_overwrite')
e = ELF('uaf_overwrite')
context.arch = "amd64"
context.log_level = 'debug'
def slog(name, addr): return success(": ".join([name, hex(addr)]))
def robot_func(weight):
p.sendlineafter(">", str(2)) #Malloc 0x20
p.recvuntil("Robot weight: ")
p.sendline(str(weight))
def human_cunf(humwan_weight, age):
p.sendlineafter(">",str(3))
p.recvuntil("Human weight: ")
p.sendline(str(humwan_weight))
p.recvuntil("Human age: ")
p.sendline(str(age))
def custom_func(size, idx,data):
p.recvuntli(">")
p.sendline(str(1))
p.recvuntil("Size: ")
p.sendline(str(size))
p.recvuntil("Data: ")
p.sendline(str(data))
p.recvunti("Free idx: ")
p.sendline(str(idx))
print("*"*15+" One_gadgetList "+"*"*15)
print("0x4f3d5 execve(\\"/bin/sh\\", rsp+0x40, environ)")
print("#constraints:")
print("# rsp & 0xf == 0")
print("# rcx == NULL")
print("#")
print("#0x4f432 execve(\\"/bin/sh\\", rsp+0x40, environ)")
print("## [rsp+0x40] == NULL")
print("#")
print("#0x10a41c execve(\\"/bin/sh\\", rsp+0x70, environ)")
print("#constraints:")
print("# [rsp+0x70] == NULL")
print("-"*100)
print("*"*15 + " Ready For Pwn " + "*"*15)
FROM ubuntu:22.04
ARG DEBIAN_FRONTEND=noninteractive
EXPOSE 22
ENV TZ Asia/Seoul
ENV PYTHONIOENCODING UTF-8
ENV LC_CTYPE C.UTF-8
WORKDIR /root
RUN apt update && apt install sudo -y
RUN apt install -y netcat vim git gcc ssh curl wget gdb sudo zsh python3 python3-pip libffi-dev build-essential libssl-dev libc6-i386 libc6-dbg gcc-multilib make nano python python-pip file git zsh
# SSH 설치 및 설정
RUN sudo apt install -y openssh-server
RUN sudo sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config
RUN sudo sed -i 's/#Port 22/Port 22/' /etc/ssh/sshd_config
RUN sudo systemctl enable ssh
RUN dpkg --add-architecture i386
RUN python3 -m pip install --upgrade pip
RUN pip3 install unicorn
RUN pip3 install keystone-engine
RUN pip3 install pwntools
RUN pip3 install ropgadget
RUN apt install libcapstone-dev -y
RUN sudo apt install ruby -y
RUN sudo gem install one_gadget
WORKDIR /root
RUN git clone <https://github.com/pwndbg/pwndbg>
WORKDIR /root/pwndbg
RUN git checkout 2023.03.19
RUN ./setup.sh
RUN cd ~ && git clone <https://github.com/apogiatzis/gdb-peda-pwndbg-gef.git>
RUN cd ~/gdb-peda-pwndbg-gef
WORKDIR /root/gdb-peda-pwndbg-gef
RUN ./install.sh
RUN cd ~
# Install oh-my-zsh
RUN wget <https://github.com/robbyrussell/oh-my-zsh/raw/master/tools/install.sh> -O - | zsh || true
# Set up Pure theme
RUN mkdir -p "$HOME/.zsh" && \\
if [ ! -d "$HOME/.zsh/pure" ]; then \\
git clone <https://github.com/sindresorhus/pure.git> "$HOME/.zsh/pure"; \\
fi && \\
echo 'fpath+=("$HOME/.zsh/pure")\\nautoload -U promptinit; promptinit\\nprompt pure' >> ~/.zshrc
# Set up zsh-syntax-highlighting
RUN git clone <https://github.com/zsh-users/zsh-syntax-highlighting.git> && \\
echo "source $HOME/zsh-syntax-highlighting/zsh-syntax-highlighting.zsh" >> ~/.zshrc
v# Set up zsh-autosuggestions
RUN if [ ! -d "$HOME/.zsh/zsh-autosuggestions" ]; then \\
git clone <https://github.com/zsh-users/zsh-autosuggestions> ~/.zsh/zsh-autosuggestions; \\
fi && \\
echo "source ~/.zsh/zsh-autosuggestions/zsh-autosuggestions.zsh" >> ~/.zshrc && \\
echo "ZSH_AUTOSUGGEST_HIGHLIGHT_STYLE='fg=111'" >> ~/.zshrc
echo "alias ros='ROSETTA_DEBUGSERVER_PORT=1234'" >> ~/.zshrc
docker run -d -it --name container --cap-add=SYS_PTRACE --security-opt seccomp=unconfined -p port:22 image:image zsh
docker run -d -it --privileged --platform linux/amd64 --name 24.04 --cap-add=SYS_PTRACE --security-opt seccomp=unconfined -p 2404:22 -p 2412:1234 -p 23924:23946
docker run -d -it --privileged --platform linux/amd64 --name pwn1804 --cap-add=SYS_PTRACE --security-opt seccomp=unconfined -p 1804:22 pwn1804 zsh
#!/bin/bash
echo "Running $1 version pwndocker..."
case "$1" in
"16.04") docker run -it --rm --cap-add SYS_PTRACE --security-opt seccomp:unconfined --name 16.04 -v ~/pwn:/root/pwn pwnbuntu:16.04 /usr/bin/zsh
;;
"18.04") docker run -it --rm --cap-add SYS_PTRACE --security-opt seccomp:unconfined --name 18.04 -v ~/pwn:/root/pwn pwnbuntu:18.04 /usr/bin/zsh
;;
"20.04") docker run -it --rm --cap-add SYS_PTRACE --security-opt seccomp:unconfined --name 20.04 -v ~/pwn:/root/pwn pwnbuntu:20.04 /usr/bin/zsh
;;
"22.04") docker run -it --rm --cap-add SYS_PTRACE --security-opt seccomp:unconfined --name 22.04 -v ~/pwn:/root/pwnpwnbuntu:22.04 /usr/bin/zsh
;;
esac
sudo apt update -y && sudo apt install python3-dev file gcc gdb libc6 git zsh wget curl cmake -y
python3 -m pip config set global.break-system-packages true
git clone <https://github.com/pwndbg/pwndbg>
cd pwndbg
./setup.sh
cd ~
wget <https://github.com/robbyrussell/oh-my-zsh/raw/master/tools/install.sh> -O - | zsh || true
mkdir -p "$HOME/.zsh"
sudo git clone <https://github.com/sindresorhus/pure.git> "$HOME/.zsh/pure"
echo 'fpath+=("$HOME/.zsh/pure")' >> ~/.zshrc
echo 'autoload -U promptinit; promptinit' >> ~/.zshrc
echo 'prompt pure' >> ~/.zshrc
cd ~
sudo git clone <https://github.com/zsh-users/zsh-syntax-highlighting.git>
cd ~
echo "source ./zsh-syntax-highlighting/zsh-syntax-highlighting.zsh" >> ~/.zshrc
cd ~
sudo git clone <https://github.com/zsh-users/zsh-autosuggestions> ~/.zsh/zsh-autosuggestions
cd ~
echo "source ~/.zsh/zsh-autosuggestions/zsh-autosuggestions.zsh" >> ~/.zshrc
echo "ZSH_AUTOSUGGEST_HIGHLIGHT_STYLE='fg=111'" >> ~/.zshrc
export LANG=C.UTF-8
cd ~
git clone <https://github.com/radareorg/radare2>
radare2/sys/install.sh
cd ~
git clone <https://github.com/VundleVim/Vundle.vim.git> ~/.vim/bundle/Vundle.vim
install_script=$(cat <<EOF
syntax on
set autoindent
set smartindent
set cindent
set shiftwidth=4
set tabstop=4
set nobackup
set nowrapscan
set ignorecase
set hlsearch
set number
set nocompatible
set backspace=eol,start,indent
set ruler
set cursorline
set laststatus=2
set incsearch
set fencs=ucs-bom,utf-8,euc-kr.latin1
set fileencoding=utf-8
set tenc=utf-8
set background=dark
set history=1000
set t_Co=256
highlight Comment term=bold cterm=bold ctermfg=4
set wrap
set noswapfile
set lbr
set rtp+=~/.vim/bundle/Vundle.vim
call vundle#begin()
Plugin 'VundleVim/Vundle.vim'
Plugin 'airblade/vim-gitgutter'
Plugin 'scrooloose/nerdtree'
Plugin 'scrooloose/nerdcommenter'
Plugin 'taglist-plus'
Plugin 'bling/vim-airline'
Plugin 'vim-syntastic/syntastic'
Plugin 'nanotech/jellybeans.vim'
Plugin 'ctrlpvim/ctrlp.vim'
Plugin 'Lokaltog/vim-easymotion'
Plugin 'surround.vim'
Plugin 'iwataka/ctrlproj.vim'
Plugin 'Quich-Filter'
Plugin 'terryma/vim-multiple-cursors'
Plugin 'SirVer/ultisnips'
Plugin 'mattn/emmet-vim'
Plugin 'HTML.zip'
Plugin 'rking/ag.vim'
Plugin 'chrisbra/NrrwRgn'
Plugin 'MultipleSearch'
Plugin 'majutsushi/tagbar'
Plugin 'xuhdev/SingleCompile'
Plugin 'mhinz/vim-signify'
Plugin 'tommcdo/vim-lion'
Plugin 'tpope/vim-fugitive'
Plugin 'elzr/vim-json'
Plugin 'AutoComplPop'
call vundle#end()
filetype plugin indent on
colorscheme jellybeans
au FileType * setl fo-=cro
let g:ctrlp_custom_ignore = {
\\ 'dir': '\\.git$\\|public$\\|log$\\|tmp$\\|vendor$',
\\ 'file': '\\v\\.(exe|so|dll)$'
\\ }
let Tlist_Use_Right_Window = 1
let Tlist_Auto_Open = 0
let Tlist_Exit_OnlyWindow = 0
let Tlist_Inc_Winwidth = 0
let Tlist_Ctags_Cmd = "/usr/bin/ctags"
map <F3> <C-w><C-v>
map <F4> <C-w><C-w>
map <F5> :NERDTreeToggle<cr>
map <F6> :TlistToggle<cr>
EOF
)
echo "$install_script" > ~/.vimrc
vim +PluginInstall +qall
sudo dpkg --add-architecture amd64
sudo apt update
w