elleoma/exploit-lab
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
438f02253981839aa24c57ae6175683be8c8494b
exploit-lab/README.md
Amoelle 611a36f072 update readme
2025-08-29 19:07:04 +03:00

81 lines
3.2 KiB
Markdown
Raw Blame History

# Exploit Lab
## Overview
- Lightweight Docker Compose lab for binary analysis/exploitation built on Kali.
- Provides common tools (gcc, gdb, pwntools, radare2, binwalk, strace, ltrace, etc.) in a non-privileged container with challenge files mounted read-only.
## Requirements
- Docker Engine and Docker Compose (v2) installed.
- Enough disk space for image build (several hundred MB+).
- Optional: adjust UID/GID if your host user isn't 1000.
## Repository layout (example)
- docker-compose.yml
- kali/Dockerfile
- challenge/ `← drop your challenge ZIP/files here (mounted read-only)`
- README.md
## Quick start
1. Place challenge files in ./challenge
2. Build and start the lab (background):
```
docker compose up --build -d
```
3. Enter an interactive shell inside the running container:
```
docker compose exec exploit-lab /bin/bash
```
(or as mapped host user)
```
docker compose exec --user 1000:1000 exploit-lab /bin/bash
```
4. Stop and remove containers:
```
docker compose down
```
### Notes about safety & file locations
- Mounted challenge directory is read-only inside the container at /home/kali/challenge.
- Writable workspace: the named volume /home/kali/work and /tmp inside the container.
- The runtime image is non-privileged and has restricted capabilities (per docker-compose.yml), but it shares the host kernel — for maximal isolation use a disposable VM and document that in your report.
### Typical workflow inside container
- Inspect files without executing:
file /home/kali/challenge/app
sha256sum /home/kali/challenge/*
strings /home/kali/challenge/app | less
ldd /home/kali/challenge/app
- Create workspace and copy extracted files you need writable:
cp -r /home/kali/challenge /home/kali/work/challenge1
- Run debugging/reversing tools from the venv-provided PATH (pwntools, etc.) — venv is at /opt/venv and is on PATH in the image.
### Rebuilding or updating tools
- After editing the Dockerfile, rebuild:
`docker compose build --no-cache`
`docker compose up -d`
### Networking
- By default runtime network is disabled (network_mode: "none") to reduce risk. If you need network, edit docker-compose.yml and remove or change network_mode, then rebuild.
## Common commands
- Start foreground (logs): `docker compose up --build`
- Start background: `docker compose up -d`
- Exec shell: `docker compose exec exploit-lab /bin/bash`
- Run one-off shell: `docker compose run --rm exploit-lab /bin/bash`
- Get logs: `docker compose logs -f`
- Rebuild image: `docker compose build --no-cache`
- Stop and remove: `docker compose down`
## Troubleshooting
- Build errors about pip/PEP 668: the Dockerfile uses a Python virtualenv (/opt/venv). If you change Python steps, prefer venv over system pip.
- Malformed Docker config warnings: fix or move ~/.docker/config.json.
- Missing Dockerfile during build: ensure dockerfile is at the path referenced by docker-compose.yml (build.context and build.dockerfile).
## Customization tips
- Change host UID mapping: edit Dockerfile USER_UID/USER_GID or the compose user field to match your host user.
- Add/remove tools in kali/Dockerfile apt install list.
- If you need angr, add its build deps and install inside the venv (longer build).
## License
- MIT
Reference in New Issue View Git Blame Copy Permalink