This commit is contained in:
clxhzg
34
.gitea/workflows/docker.yml
Normal file
34
.gitea/workflows/docker.yml
Normal file
@@ -0,0 +1,34 @@
|
||||
name: Build to Gitea Registry
|
||||
|
||||
on: [push]
|
||||
|
||||
jobs:
|
||||
build-push:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout code
|
||||
uses: actions/checkout@v4
|
||||
|
||||
# 登录到 Gitea 内置仓库
|
||||
- name: Login to Gitea Registry
|
||||
uses: docker/login-action@v3
|
||||
with:
|
||||
registry: ${{ vars.REGISTRY_ADDR }} # 要上传的仓库地址: gitea.guetsec.cn
|
||||
username: ${{ secrets.REGISTRY_USERNAME }} # Gitea 用户名
|
||||
password: ${{ secrets.REGISTRY_TOKEN }} # Gitea 有package读写权限的访问令牌
|
||||
|
||||
# 设置动态标签
|
||||
- name: Set image tags
|
||||
id: tags
|
||||
run: |
|
||||
SHORT_SHA=$(echo ${GITEA_SHA} | cut -c1-8)
|
||||
echo "tags=${{ vars.REGISTRY_ADDR }}/${{ gitea.repository }}:${SHORT_SHA}" >> $GITHUB_OUTPUT
|
||||
echo "tags=${{ vars.REGISTRY_ADDR }}/${{ gitea.repository }}:latest" >> $GITHUB_OUTPUT
|
||||
|
||||
# 构建并推送
|
||||
- name: Build and push
|
||||
uses: docker/build-push-action@v5
|
||||
with:
|
||||
context: .
|
||||
push: true
|
||||
tags: ${{ steps.tags.outputs.tags }}
|
||||
55
Dockerfile
Normal file
55
Dockerfile
Normal file
@@ -0,0 +1,55 @@
|
||||
FROM ubuntu:22.04
|
||||
|
||||
# 制作者信息
|
||||
LABEL auther_template="CTF-Archives"
|
||||
|
||||
# apt更换镜像源,并安装相关依赖
|
||||
RUN sed -i 's@//.*archive.ubuntu.com@//mirrors.ustc.edu.cn@g' /etc/apt/sources.list && \
|
||||
sed -i 's@//.*security.ubuntu.com@//mirrors.ustc.edu.cn@g' /etc/apt/sources.list
|
||||
RUN apt-get update && apt-get -y dist-upgrade && \
|
||||
apt-get install -y lib32z1 xinetd
|
||||
|
||||
# 新建用户,并进行账户改变
|
||||
RUN useradd -m ctf
|
||||
WORKDIR /home/ctf
|
||||
|
||||
# 复制相关lib,并处理环境
|
||||
RUN cp -R /usr/lib* /home/ctf
|
||||
|
||||
# 配置特殊管道映射
|
||||
RUN mkdir /home/ctf/dev && \
|
||||
mknod /home/ctf/dev/null c 1 3 && \
|
||||
mknod /home/ctf/dev/zero c 1 5 && \
|
||||
mknod /home/ctf/dev/random c 1 8 && \
|
||||
mknod /home/ctf/dev/urandom c 1 9 && \
|
||||
chmod 666 /home/ctf/dev/*
|
||||
|
||||
# 设置xinetd启动之后,chroot限制能使用的bin程序
|
||||
RUN mkdir /home/ctf/bin && \
|
||||
cp /bin/sh /home/ctf/bin && \
|
||||
cp /bin/ls /home/ctf/bin && \
|
||||
cp /bin/cat /home/ctf/bin && \
|
||||
cp /usr/bin/timeout /home/ctf/bin
|
||||
|
||||
# 部署xinetd服务
|
||||
COPY ./config/ctf.xinetd /etc/xinetd.d/ctf
|
||||
RUN echo "Blocked by ctf_xinetd" > /etc/banner_fail
|
||||
|
||||
# 复制容器启动脚本
|
||||
COPY ./service/docker-entrypoint.sh /
|
||||
RUN chmod +x /docker-entrypoint.sh
|
||||
|
||||
# 部署程序
|
||||
COPY ./src/pwn /home/ctf/pwn
|
||||
|
||||
# 初始化flag
|
||||
RUN chown -R root:ctf /home/ctf && \
|
||||
chmod -R 750 /home/ctf && \
|
||||
touch /home/ctf/flag && \
|
||||
chmod 744 /home/ctf/flag
|
||||
|
||||
# [可选]指定对外暴露端口,对于GZCTF等平台,强制EXPOSE可能会造成非预期端口泄露,请酌情启用
|
||||
# EXPOSE 9999
|
||||
|
||||
# 指定容器入口点
|
||||
ENTRYPOINT ["/bin/bash","/docker-entrypoint.sh"]
|
||||
32
README.md
Normal file
32
README.md
Normal file
@@ -0,0 +1,32 @@
|
||||
# pwn-ubuntu_22.04
|
||||
|
||||
## 环境说明
|
||||
|
||||
提供 `Ubuntu 22.04 GLIBC 2.35` 的基础环境,并已经添加 `lib32z1` + `xinetd` 软件包,并基于 `xinetd` 实现服务转发,默认暴露端口位于9999
|
||||
|
||||
实现:当选手连接到对应端口(默认为9999端口,默认选手使用 `netcat` )的时候,运行 `程序文件`,并将会话转发至选手的连接
|
||||
|
||||
镜像做到:
|
||||
- 选手通过端口连接到容器/靶机
|
||||
- xinted服务检测到连接,启动一个 `chroot` 会话
|
||||
- `chroot` 通过参数 `--userspec=1000:1000 /home/ctf` 限制了程序运行时的账户权限,并更改了程序运行时的root根目录环境位置为 `/home/ctf` ,然后在限制环境中启动程序
|
||||
- `xinted` 将程序会话转发给选手的连接
|
||||
|
||||
## 如何使用
|
||||
|
||||
将程序文件放入 `./src` 目录即可,文件名请修改为 `attachment` 作为文件名,便于镜像定位程序位置
|
||||
|
||||
如果需要更改为自己的文件名,需要在 `./config/ctf.xinetd`、`./Dockerfile` 和 `./service/docker-entrypoint.sh` 中进行修改
|
||||
|
||||
程序放置进 `./src` 目录之后,执行
|
||||
```shell
|
||||
docker build .
|
||||
```
|
||||
即可开始编译镜像
|
||||
|
||||
也可以在安放好程序文件之后,直接使用 `./docker/docker-compose.yml` 内的 `docker-compose` 文件实现一键启动测试容器
|
||||
|
||||
```shell
|
||||
cd ./docker
|
||||
docker-compose up -d
|
||||
```
|
||||
21
config/ctf.xinetd
Normal file
21
config/ctf.xinetd
Normal file
@@ -0,0 +1,21 @@
|
||||
service ctf
|
||||
{
|
||||
disable = no
|
||||
socket_type = stream
|
||||
protocol = tcp
|
||||
wait = no
|
||||
user = root
|
||||
type = UNLISTED
|
||||
port = 9999
|
||||
bind = 0.0.0.0
|
||||
# 设置xinetd连接启动后的服务程序
|
||||
server = /usr/sbin/chroot
|
||||
# 设置chroot的相关参数
|
||||
server_args = --userspec=1000:1000 /home/ctf ./pwn
|
||||
banner_fail = /etc/banner_fail
|
||||
# safety options
|
||||
per_source = 10 # the maximum instances of this service per source IP address
|
||||
rlimit_cpu = 20 # the maximum number of CPU seconds that the service may use
|
||||
#rlimit_as = 1024M # the Address Space resource limit for the service
|
||||
#access_times = 2:00-9:00 12:00-24:00
|
||||
}
|
||||
11
docker/docker-compose.yml
Normal file
11
docker/docker-compose.yml
Normal file
@@ -0,0 +1,11 @@
|
||||
version: '3'
|
||||
services:
|
||||
test:
|
||||
build: ../
|
||||
environment:
|
||||
# 仅为测试用flag
|
||||
FLAG: "flag{a63b4d37-7681-4850-b6a7-0d7109febb19}"
|
||||
ports:
|
||||
# 设置了暴露端口
|
||||
- 9999:9999
|
||||
restart: unless-stopped
|
||||
30
service/docker-entrypoint.sh
Normal file
30
service/docker-entrypoint.sh
Normal file
@@ -0,0 +1,30 @@
|
||||
#!/bin/sh
|
||||
|
||||
# Get the user
|
||||
user=$(ls /home)
|
||||
|
||||
# Check the environment variables for the flag and assign to INSERT_FLAG
|
||||
if [ "$DASFLAG" ]; then
|
||||
INSERT_FLAG="$DASFLAG"
|
||||
export DASFLAG=no_FLAG
|
||||
DASFLAG=no_FLAG
|
||||
elif [ "$FLAG" ]; then
|
||||
INSERT_FLAG="$FLAG"
|
||||
export FLAG=no_FLAG
|
||||
FLAG=no_FLAG
|
||||
elif [ "$GZCTF_FLAG" ]; then
|
||||
INSERT_FLAG="$GZCTF_FLAG"
|
||||
export GZCTF_FLAG=no_FLAG
|
||||
GZCTF_FLAG=no_FLAG
|
||||
else
|
||||
INSERT_FLAG="flag{TEST_Dynamic_FLAG}"
|
||||
fi
|
||||
|
||||
# 将FLAG写入文件 请根据需要修改
|
||||
echo $INSERT_FLAG | tee /home/$user/flag
|
||||
|
||||
# 赋予程序运行权限
|
||||
chmod 711 /home/ctf/pwn
|
||||
|
||||
/etc/init.d/xinetd start;
|
||||
sleep infinity;
|
||||
Reference in New Issue
Block a user