Compare commits
5 Commits
4814322450
...
main
| Author | SHA1 | Date | |
|---|---|---|---|
| 438f022539 | |||
| 611a36f072 | |||
| 28167f3549 | |||
| 409309b9ff | |||
| 83b5349c7e |
2
.gitignore
vendored
2
.gitignore
vendored
@@ -1 +1 @@
|
|||||||
./challenge/*
|
challenge/*
|
||||||
|
|||||||
54
README.md
54
README.md
@@ -1,37 +1,45 @@
|
|||||||
## Exploit Lab
|
# Exploit Lab
|
||||||
|
|
||||||
Overview
|
## Overview
|
||||||
- Lightweight Docker Compose lab for binary analysis/exploitation built on Kali.
|
- Lightweight Docker Compose lab for binary analysis/exploitation built on Kali.
|
||||||
- Provides common tools (gcc, gdb, pwntools, radare2, binwalk, strace, ltrace, etc.) in a non-privileged container with challenge files mounted read-only.
|
- Provides common tools (gcc, gdb, pwntools, radare2, binwalk, strace, ltrace, etc.) in a non-privileged container with challenge files mounted read-only.
|
||||||
|
|
||||||
Requirements
|
## Requirements
|
||||||
- Docker Engine and Docker Compose (v2) installed.
|
- Docker Engine and Docker Compose (v2) installed.
|
||||||
- Enough disk space for image build (several hundred MB+).
|
- Enough disk space for image build (several hundred MB+).
|
||||||
- Optional: adjust UID/GID if your host user isn't 1000.
|
- Optional: adjust UID/GID if your host user isn't 1000.
|
||||||
|
|
||||||
Repository layout (example)
|
## Repository layout (example)
|
||||||
- docker-compose.yml
|
- docker-compose.yml
|
||||||
- kali/Dockerfile
|
- kali/Dockerfile
|
||||||
- challenge/ ← drop your challenge ZIP/files here (mounted read-only)
|
- challenge/ `← drop your challenge ZIP/files here (mounted read-only)`
|
||||||
- README.md
|
- README.md
|
||||||
|
|
||||||
Quick start
|
## Quick start
|
||||||
1. Place challenge files in ./challenge
|
1. Place challenge files in ./challenge
|
||||||
2. Build and start the lab (background):
|
2. Build and start the lab (background):
|
||||||
|
```
|
||||||
docker compose up --build -d
|
docker compose up --build -d
|
||||||
|
```
|
||||||
3. Enter an interactive shell inside the running container:
|
3. Enter an interactive shell inside the running container:
|
||||||
|
```
|
||||||
docker compose exec exploit-lab /bin/bash
|
docker compose exec exploit-lab /bin/bash
|
||||||
|
```
|
||||||
(or as mapped host user)
|
(or as mapped host user)
|
||||||
|
```
|
||||||
docker compose exec --user 1000:1000 exploit-lab /bin/bash
|
docker compose exec --user 1000:1000 exploit-lab /bin/bash
|
||||||
|
```
|
||||||
4. Stop and remove containers:
|
4. Stop and remove containers:
|
||||||
|
```
|
||||||
docker compose down
|
docker compose down
|
||||||
|
```
|
||||||
|
|
||||||
Notes about safety & file locations
|
### Notes about safety & file locations
|
||||||
- Mounted challenge directory is read-only inside the container at /home/kali/challenge.
|
- Mounted challenge directory is read-only inside the container at /home/kali/challenge.
|
||||||
- Writable workspace: the named volume /home/kali/work and /tmp inside the container.
|
- Writable workspace: the named volume /home/kali/work and /tmp inside the container.
|
||||||
- The runtime image is non-privileged and has restricted capabilities (per docker-compose.yml), but it shares the host kernel — for maximal isolation use a disposable VM and document that in your report.
|
- The runtime image is non-privileged and has restricted capabilities (per docker-compose.yml), but it shares the host kernel — for maximal isolation use a disposable VM and document that in your report.
|
||||||
|
|
||||||
Typical workflow inside container
|
### Typical workflow inside container
|
||||||
- Inspect files without executing:
|
- Inspect files without executing:
|
||||||
file /home/kali/challenge/app
|
file /home/kali/challenge/app
|
||||||
sha256sum /home/kali/challenge/*
|
sha256sum /home/kali/challenge/*
|
||||||
@@ -41,32 +49,32 @@ Typical workflow inside container
|
|||||||
cp -r /home/kali/challenge /home/kali/work/challenge1
|
cp -r /home/kali/challenge /home/kali/work/challenge1
|
||||||
- Run debugging/reversing tools from the venv-provided PATH (pwntools, etc.) — venv is at /opt/venv and is on PATH in the image.
|
- Run debugging/reversing tools from the venv-provided PATH (pwntools, etc.) — venv is at /opt/venv and is on PATH in the image.
|
||||||
|
|
||||||
Rebuilding or updating tools
|
### Rebuilding or updating tools
|
||||||
- After editing the Dockerfile, rebuild:
|
- After editing the Dockerfile, rebuild:
|
||||||
docker compose build --no-cache
|
`docker compose build --no-cache`
|
||||||
docker compose up -d
|
`docker compose up -d`
|
||||||
|
|
||||||
Networking
|
### Networking
|
||||||
- By default runtime network is disabled (network_mode: "none") to reduce risk. If you need network, edit docker-compose.yml and remove or change network_mode, then rebuild.
|
- By default runtime network is disabled (network_mode: "none") to reduce risk. If you need network, edit docker-compose.yml and remove or change network_mode, then rebuild.
|
||||||
|
|
||||||
Common commands
|
## Common commands
|
||||||
- Start foreground (logs): docker compose up --build
|
- Start foreground (logs): `docker compose up --build`
|
||||||
- Start background: docker compose up -d
|
- Start background: `docker compose up -d`
|
||||||
- Exec shell: docker compose exec exploit-lab /bin/bash
|
- Exec shell: `docker compose exec exploit-lab /bin/bash`
|
||||||
- Run one-off shell: docker compose run --rm exploit-lab /bin/bash
|
- Run one-off shell: `docker compose run --rm exploit-lab /bin/bash`
|
||||||
- Get logs: docker compose logs -f
|
- Get logs: `docker compose logs -f`
|
||||||
- Rebuild image: docker compose build --no-cache
|
- Rebuild image: `docker compose build --no-cache`
|
||||||
- Stop and remove: docker compose down
|
- Stop and remove: `docker compose down`
|
||||||
|
|
||||||
Troubleshooting
|
## Troubleshooting
|
||||||
- Build errors about pip/PEP 668: the Dockerfile uses a Python virtualenv (/opt/venv). If you change Python steps, prefer venv over system pip.
|
- Build errors about pip/PEP 668: the Dockerfile uses a Python virtualenv (/opt/venv). If you change Python steps, prefer venv over system pip.
|
||||||
- Malformed Docker config warnings: fix or move ~/.docker/config.json.
|
- Malformed Docker config warnings: fix or move ~/.docker/config.json.
|
||||||
- Missing Dockerfile during build: ensure dockerfile is at the path referenced by docker-compose.yml (build.context and build.dockerfile).
|
- Missing Dockerfile during build: ensure dockerfile is at the path referenced by docker-compose.yml (build.context and build.dockerfile).
|
||||||
|
|
||||||
Customization tips
|
## Customization tips
|
||||||
- Change host UID mapping: edit Dockerfile USER_UID/USER_GID or the compose user field to match your host user.
|
- Change host UID mapping: edit Dockerfile USER_UID/USER_GID or the compose user field to match your host user.
|
||||||
- Add/remove tools in kali/Dockerfile apt install list.
|
- Add/remove tools in kali/Dockerfile apt install list.
|
||||||
- If you need angr, add its build deps and install inside the venv (longer build).
|
- If you need angr, add its build deps and install inside the venv (longer build).
|
||||||
|
|
||||||
License
|
## License
|
||||||
- MIT
|
- MIT
|
||||||
|
|||||||
Reference in New Issue
Block a user