From bbac3fc7a2c977c50c912f40649b2c66dd415273 Mon Sep 17 00:00:00 2001 From: Amoelle Date: Fri, 29 Aug 2025 18:38:01 +0300 Subject: [PATCH] init --- .gitignore | 1 + README.md | 73 ++++++++++++++++++++++++++++++++++++++++++++++ docker-compose.yml | 27 +++++++++++++++++ kali/Dockerfile | 36 +++++++++++++++++++++++ 4 files changed, 137 insertions(+) create mode 100644 .gitignore create mode 100644 README.md create mode 100644 docker-compose.yml create mode 100644 kali/Dockerfile diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..985ce69 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +./challenge/* diff --git a/README.md b/README.md new file mode 100644 index 0000000..dc725e1 --- /dev/null +++ b/README.md @@ -0,0 +1,73 @@ +## Exploit Lab — README + +Overview +- Lightweight Docker Compose lab for binary analysis/exploitation built on Kali. +- Provides common tools (gcc, gdb, pwntools, radare2, binwalk, strace, ltrace, etc.) in a non-privileged container with challenge files mounted read-only. + +Requirements +- Docker Engine and Docker Compose (v2) installed. +- Enough disk space for image build (several hundred MB+). +- Optional: adjust UID/GID if your host user isn't 1000. + +Repository layout (example) +- docker-compose.yml +- kali/Dockerfile +- challenge/ ← drop your challenge ZIP/files here (mounted read-only) +- README.md + +Quick start +1. Place challenge files in ./challenge +2. Build and start the lab (background): + docker compose up --build -d +3. Enter an interactive shell inside the running container: + docker compose exec exploit-lab /bin/bash + (or as mapped host user) + docker compose exec --user 1000:1000 exploit-lab /bin/bash +4. Stop and remove containers: + docker compose down + +Notes about safety & file locations +- Mounted challenge directory is read-only inside the container at /home/kali/challenge. +- Writable workspace: the named volume /home/kali/work and /tmp inside the container. +- The runtime image is non-privileged and has restricted capabilities (per docker-compose.yml), but it shares the host kernel — for maximal isolation use a disposable VM and document that in your report. + +Typical workflow inside container +- Inspect files without executing: + file /home/kali/challenge/app + sha256sum /home/kali/challenge/* + strings /home/kali/challenge/app | less + ldd /home/kali/challenge/app +- Create workspace and copy extracted files you need writable: + cp -r /home/kali/challenge /home/kali/work/challenge1 +- Run debugging/reversing tools from the venv-provided PATH (pwntools, etc.) — venv is at /opt/venv and is on PATH in the image. + +Rebuilding or updating tools +- After editing the Dockerfile, rebuild: + docker compose build --no-cache + docker compose up -d + +Networking +- By default runtime network is disabled (network_mode: "none") to reduce risk. If you need network, edit docker-compose.yml and remove or change network_mode, then rebuild. + +Common commands +- Start foreground (logs): docker compose up --build +- Start background: docker compose up -d +- Exec shell: docker compose exec exploit-lab /bin/bash +- Run one-off shell: docker compose run --rm exploit-lab /bin/bash +- Get logs: docker compose logs -f +- Rebuild image: docker compose build --no-cache +- Stop and remove: docker compose down + +Troubleshooting +- Build errors about pip/PEP 668: the Dockerfile uses a Python virtualenv (/opt/venv). If you change Python steps, prefer venv over system pip. +- Malformed Docker config warnings: fix or move ~/.docker/config.json. +- Missing Dockerfile during build: ensure dockerfile is at the path referenced by docker-compose.yml (build.context and build.dockerfile). + +Customization tips +- Change host UID mapping: edit Dockerfile USER_UID/USER_GID or the compose user field to match your host user. +- Add/remove tools in kali/Dockerfile apt install list. +- If you need angr, add its build deps and install inside the venv (longer build). + +License +- MIT. + diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..28d8ed9 --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,27 @@ +services: + exploit-lab: + build: + context: ./kali + dockerfile: Dockerfile + image: exploit-lab:latest + stdin_open: true + tty: true + network_mode: "none" + restart: "no" + cap_drop: + - ALL + read_only: true + tmpfs: + - /tmp:rw,size=256m + volumes: + - ./challenge:/home/kali/challenge:ro + - kali-work:/home/kali/work:rw + deploy: + resources: + limits: + cpus: '1.0' + memory: 1G + user: "1000:1000" +volumes: + kali-work: + diff --git a/kali/Dockerfile b/kali/Dockerfile new file mode 100644 index 0000000..4c0ef51 --- /dev/null +++ b/kali/Dockerfile @@ -0,0 +1,36 @@ +FROM kalilinux/kali-rolling:latest + +# Create a non-root user (UID 1000) to map to host user +ARG USERNAME=kali +ARG USER_UID=1000 +ARG USER_GID=1000 + +RUN groupadd -g ${USER_GID} ${USERNAME} \ + && useradd -m -u ${USER_UID} -g ${USER_GID} -s /bin/bash ${USERNAME} + +# Minimal package list commonly useful for binary analysis/exploitation +RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \ + build-essential gcc g++ make clang pkg-config \ + gdb gdb-multiarch gdbserver \ + python3 python3-pip python3-dev python3-venv \ + git curl wget unzip \ + binutils file binwalk radare2 \ + strace ltrace lsof \ + netcat-openbsd socat \ + unzip p7zip-full \ + vim less nano \ + libc6-dbg \ + && python3 -m venv /opt/venv \ + && /opt/venv/bin/pip install --upgrade pip setuptools wheel \ + && /opt/venv/bin/pip install --no-cache-dir pwntools capstone unicorn binwalk \ + && apt-get clean && rm -rf /var/lib/apt/lists/* +ENV PATH="/opt/venv/bin:${PATH}" + +# Ensure work dir and permissions for non-root user +RUN mkdir -p /home/${USERNAME}/work /home/${USERNAME}/challenge \ + && chown -R ${USERNAME}:${USERNAME} /home/${USERNAME} + +USER ${USERNAME} +WORKDIR /home/${USERNAME} +ENV PATH="/home/${USERNAME}/.local/bin:${PATH}" +