Permalink
Cannot retrieve contributors at this time
Name already in use
A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
docker_rop_emporium/Dockerfile
Go to fileThis commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
96 lines (80 sloc)
4.28 KB
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
FROM ubuntu:latest | |
# Dear lord of Docker, don't judge me for this janky code :(( | |
# add x86 arch and some tools for the players | |
RUN dpkg --add-architecture i386 \ | |
&& apt update && apt install --no-install-recommends -y sudo python3 python2 curl nano vim gdb socat openssh-server openssh-client libc6-i386 | |
# The password for the users should match the flag for that level | |
RUN useradd -rm -d /home/level1 -s /bin/bash -u 3232 level1 \ | |
&& echo 'level1:lets_play' | chpasswd \ | |
&& useradd -rm -d /home/level2 -s /bin/bash -u 3233 level2 \ | |
&& echo 'level2:cueh{you_c4n_r3t2w1n!}' | chpasswd \ | |
&& useradd -rm -d /home/level3 -s /bin/bash -u 3234 level3 \ | |
&& echo 'level3:cueh{youre_spl1tt1ng_h41rs_n0w}' | chpasswd \ | |
&& useradd -rm -d /home/level4 -s /bin/bash -u 3235 level4 \ | |
&& echo 'level4:ROPE{a_placeholder_32byte_flag!}' | chpasswd \ | |
&& useradd -rm -d /home/level5 -s /bin/bash -u 3236 level5 \ | |
&& echo 'level5:cueh{wr1t1ng_t0_.d4t4_s3gm3nt}' | chpasswd \ | |
&& useradd -rm -d /home/level6 -s /bin/bash -u 3237 level6 \ | |
&& echo 'level6:cueh{b4d_ch4rs_c4n_b3_0v3rc0m3}' | chpasswd \ | |
&& useradd -rm -d /home/level7 -s /bin/bash -u 3238 level7 \ | |
&& echo 'level7:cueh{1_4m_th3_g4dg3t_m4n}' | chpasswd \ | |
&& useradd -rm -d /home/level8 -s /bin/bash -u 3239 level8 \ | |
&& echo 'level8:cueh{d0nt_un3r3st1m4t3_th3_p0w3r_0f_th3_bss_s3ct1on}' | chpasswd \ | |
&& echo 'root:ROPE{a_placeholder_32byte_flag!}' | chpasswd | |
# All level material including intros, flags and bins | |
COPY ret2win/server.sh ret2win/flag.txt ret2win/32/ret2win32 ret2win/64/ret2win64 ret2win/intro.txt ret2win/level1_note.txt /home/level1/ | |
COPY split/server.sh split/flag.txt split/32/split32 split/64/split64 split/level2_note.txt /home/level2/ | |
COPY callme/server.sh callme/level3_note.txt /home/level3/ | |
COPY callme/32/ /home/level3/32/ | |
COPY callme/64/ /home/level3/64/ | |
COPY write4/server.sh write4/level4_note.txt /home/level4/ | |
COPY write4/32/write432 write4/32/libwrite432.so write4/flag.txt /home/level4/32/ | |
COPY write4/64/write4 write4/64/libwrite4.so write4/flag.txt /home/level4/64/ | |
COPY badchars/level5_note.txt badchars/server.sh /home/level5/ | |
COPY badchars/32/badchars32 badchars/32/libbadchars32.so badchars/flag.txt /home/level5/32/ | |
COPY badchars/64/badchars badchars/64/libbadchars.so badchars/flag.txt /home/level5/64/ | |
COPY fluff/level6_note.txt fluff/server.sh /home/level6/ | |
COPY fluff/32/fluff32 fluff/32/libfluff32.so fluff/flag.txt /home/level6/32/ | |
COPY fluff/64/fluff fluff/64/libfluff.so fluff/flag.txt /home/level6/64/ | |
COPY pivot/level7_note.txt badchars/server.sh /home/level7/ | |
COPY pivot/32/pivot32 pivot/32/libpivot32.so pivot/flag.txt /home/level7/32/ | |
COPY pivot/64/pivot pivot/64/libpivot.so pivot/flag.txt /home/level7/64/ | |
COPY ret2csu/ /home/level8/ | |
# Copy a prewritten sudoers file to allow for priv escs | |
COPY sudoers /etc/sudoers | |
# Turns out the perms were a head scratch to do efficiently | |
RUN chown -R level1 home/level1/ \ | |
&& chown -R level3 /home/level3/ \ | |
&& chown -R level4 /home/level4/ \ | |
&& chown -R level5 /home/level5/ \ | |
&& chown -R level6 /home/level6/ \ | |
&& chown -R level2 /home/level2/ \ | |
&& chown -R level7 /home/level7/ \ | |
&& chown level2 /home/level1/flag.txt \ | |
&& chown level3 /home/level2/flag.txt \ | |
&& chown level5 /home/level4/32/flag.txt \ | |
&& chown level5 /home/level4/64/flag.txt \ | |
&& chown level6 /home/level5/32/flag.txt \ | |
&& chown level6 /home/level5/64/flag.txt \ | |
&& chown level7 /home/level6/32/flag.txt \ | |
&& chown level7 /home/level6/64/flag.txt \ | |
&& chmod 400 /home/level1/flag.txt \ | |
&& chmod 400 /home/level2/flag.txt \ | |
&& chmod 400 /home/level4/32/flag.txt \ | |
&& chmod 400 /home/level4/64/flag.txt \ | |
&& chmod 400 /home/level5/32/flag.txt \ | |
&& chmod 400 /home/level5/64/flag.txt \ | |
&& chmod 400 /home/level6/32/flag.txt \ | |
&& chmod 400 /home/level6/64/flag.txt \ | |
&& chmod +x /home/level1/server.sh \ | |
&& chmod +x /home/level2/server.sh \ | |
&& chmod +x /home/level3/server.sh \ | |
&& chmod +x /home/level4/server.sh \ | |
&& chmod +x /home/level5/server.sh \ | |
&& chmod +x /home/level6/server.sh \ | |
&& chmod +x /home/level7/server.sh | |
# Run ssh so the player can port the bins to thier local machines for testing | |
RUN service ssh start | |
EXPOSE 22 | |
EXPOSE 1337 | |
CMD ["/usr/sbin/sshd","-D"] |