diff --git a/chapters/exploitation-techniques/shellcodes/drills/08-challenge-shellcode-after/README.md b/chapters/exploitation-techniques/shellcodes/drills/08-challenge-shellcode-after/README.md new file mode 100644 index 0000000..0ebe808 --- /dev/null +++ b/chapters/exploitation-techniques/shellcodes/drills/08-challenge-shellcode-after/README.md @@ -0,0 +1,3 @@ +# Name + +Binary: Exploitation techniques: challenge-shellcode-after diff --git a/chapters/exploitation-techniques/shellcodes/drills/08-challenge-shellcode-after/deploy/Dockerfile b/chapters/exploitation-techniques/shellcodes/drills/08-challenge-shellcode-after/deploy/Dockerfile new file mode 100644 index 0000000..5cb7623 --- /dev/null +++ b/chapters/exploitation-techniques/shellcodes/drills/08-challenge-shellcode-after/deploy/Dockerfile @@ -0,0 +1,37 @@ +# Stage 1: Building the executable (glibc build on Debian) +FROM debian:11-slim AS builder +RUN apt-get update && apt-get install -y --no-install-recommends \ + build-essential make ca-certificates \ + && mkdir -p /tmp/build + +COPY src/vuln.c src/Makefile /tmp/build/ +WORKDIR /tmp/build + +RUN make \ + && mv vuln /tmp/pinpoint \ + && make clean \ + && rm -rf /tmp/build \ + && apt-get purge -y --auto-remove build-essential make \ + && rm -rf /var/lib/apt/lists/* + +# Stage 2: Final image +FROM debian:11-slim +RUN apt -y update +RUN apt -y install xinetd + +RUN useradd -m -d /home/ctf -s /bin/bash ctf +RUN mkdir /home/ctf/pinpoint +COPY flag /home/ctf +COPY --from=builder tmp/pinpoint /home/ctf/pinpoint/ + +RUN chown -R root:ctf /home/ctf +RUN chmod 750 /home/ctf +RUN chmod 750 /home/ctf/pinpoint +RUN chmod 750 /home/ctf/pinpoint/pinpoint +RUN chmod 440 /home/ctf/flag + +COPY xinetd.conf /etc/xinetd.d/pinpoint + +WORKDIR / +COPY ./run.sh /usr/local/bin/ +CMD ["/usr/local/bin/run.sh"] diff --git a/chapters/exploitation-techniques/shellcodes/drills/08-challenge-shellcode-after/deploy/Makefile b/chapters/exploitation-techniques/shellcodes/drills/08-challenge-shellcode-after/deploy/Makefile new file mode 100644 index 0000000..78f9133 --- /dev/null +++ b/chapters/exploitation-techniques/shellcodes/drills/08-challenge-shellcode-after/deploy/Makefile @@ -0,0 +1,19 @@ +EXTERNAL_PORT := 31346 +INTERNAL_PORT := 80 +NAME := exploitation-techniques_shellcode-after +FLAG := $(shell cat ../flag) + +run: build + docker run -d -p $(EXTERNAL_PORT):$(INTERNAL_PORT) --name $(NAME) -t $(NAME) + +build: + docker build --build-arg FLAG=$(FLAG) -t $(NAME) -f Dockerfile .. + +stop: + docker stop $(NAME) + +clean: stop + docker rm $(NAME) + docker image rm $(NAME):latest + +.PHONY: run build stop clean diff --git a/chapters/exploitation-techniques/shellcodes/drills/08-challenge-shellcode-after/deploy/values.yaml b/chapters/exploitation-techniques/shellcodes/drills/08-challenge-shellcode-after/deploy/values.yaml new file mode 100644 index 0000000..9a639c0 --- /dev/null +++ b/chapters/exploitation-techniques/shellcodes/drills/08-challenge-shellcode-after/deploy/values.yaml @@ -0,0 +1,23 @@ +namespace: exploitation-techniques + +challenge: + name: shellcode-after + category: exploitation-techniques + +image: + repository: ghcr.io/open-education-hub/binary-security/exploitation-techniques/challenge-shellcode-after + tag: latest + pullPolicy: Always + +containerPort: 80 + +service: + type: NodePort + port: 80 + nodePort: 31346 + +healthCheck: + enabled: true + path: "/shellcode-after" + initialDelaySeconds: 5 + periodSeconds: 15 diff --git a/chapters/exploitation-techniques/shellcodes/drills/08-challenge-shellcode-after/flag b/chapters/exploitation-techniques/shellcodes/drills/08-challenge-shellcode-after/flag new file mode 100644 index 0000000..8238e38 --- /dev/null +++ b/chapters/exploitation-techniques/shellcodes/drills/08-challenge-shellcode-after/flag @@ -0,0 +1 @@ +SSS{13} diff --git a/chapters/exploitation-techniques/shellcodes/drills/08-challenge-shellcode-after/run.sh b/chapters/exploitation-techniques/shellcodes/drills/08-challenge-shellcode-after/run.sh new file mode 100755 index 0000000..d841d77 --- /dev/null +++ b/chapters/exploitation-techniques/shellcodes/drills/08-challenge-shellcode-after/run.sh @@ -0,0 +1,5 @@ +#!/bin/sh +set -e +chmod +x /home/ctf/pinpoint/pinpoint || true +exec /usr/sbin/xinetd -dontfork -f /etc/xinetd.conf + diff --git a/chapters/exploitation-techniques/shellcodes/drills/08-challenge-shellcode-after/xinetd.conf b/chapters/exploitation-techniques/shellcodes/drills/08-challenge-shellcode-after/xinetd.conf new file mode 100644 index 0000000..a95008e --- /dev/null +++ b/chapters/exploitation-techniques/shellcodes/drills/08-challenge-shellcode-after/xinetd.conf @@ -0,0 +1,12 @@ +service classic +{ + disable = no + type = UNLISTED + bind = 0.0.0.0 + server = /home/ctf/pinpoint/pinpoint + port = 80 + socket_type = stream + protocol = tcp + user = ctf + wait = no +}