Coder Social home page Coder Social logo

asuri-team / ctf-xinetd Goto Github PK

View Code? Open in Web Editor NEW
51.0 6.0 9.0 22 KB

A docker image to hold pwn challenges in ctf war

License: GNU General Public License v3.0

Shell 32.30% Dockerfile 67.70%
ctf-pwn ctf-platform ctf-docker docker-image pwn xinetd ctf-xinetd ctf-awd

ctf-xinetd's Introduction

ctf-xinetd

A docker image to hold pwn challenges in ctf war

Introduction

This image contains xinetd to provide remote access services for pwn challenges, and also contains tcpdump to dump network traffics into pcap file.

Notice:

  1. we use a modified xinetd version from our team to restrict syscalls called by xinetd services. In order to use this feature, docker container must run with --privileged option. No more --privileged needed now.
  2. This docker image will produce docker volume each you create container from it. Better specify one using -v your_dump_volume:/var/lib/tcpdump.

Usage

Please check Dockerfile.example

Env Vars

Key Default Value Description
TCPDUMP_ENABLE (empty) Whether enable tcpdump or not
TCPDUMP_DIR /var/lib/tcpdump Directory to write dump files (name=capture-$timestr.pcap)
TCPDUMP_ROTATE_SEC 600 Rotate time interval of capture file
CTF_PORT 20000 Port to capture traffic from

CAUTION!

  1. Please DO NOT use your own start CMD or entrypoint for this docker image. If you really need to change it, please check phusion/baseimage for more details.

ctf-xinetd's People

Contributors

summershrimp avatar

Stargazers

 avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar

Watchers

 avatar  avatar  avatar  avatar  avatar  avatar

ctf-xinetd's Issues

[Question] Spawning a shell starts in root directory?

I spawned a shell to test out kafel capabilities, but I always land in the / directory. Is there any way to land in /home/ctf instead, so a player can just run cat flag.txt instead of cat /home/ctf/flag.txt? Thanks!

Source:

#include "stdio.h"
#include "stdlib.h"

int main() {
    system("/bin/sh");
    return 0;
}

Expected output:

root@docker-s-1vcpu-1gb-nyc3-01:~# nc 127.0.0.1 1123
pwd
/
cat flag.txt
flag{test}

Actual output:

root@docker-s-1vcpu-1gb-nyc3-01:~/chal# docker run -p 1123:20000 ctf1
*** Running /etc/my_init.d/00_regen_ssh_host_keys.sh...
*** Running /etc/rc.local...
*** Booting runit daemon...
*** Runit started as PID 8
Set TCPDUMP_ENABLE to enable packet capture.
ok: down: tcpdump: 0s, normally up
root@docker-s-1vcpu-1gb-nyc3-01:~# nc 127.0.0.1 1123
pwd
/
cat /home/ctf/flag.txt
flag{test}

Dockerfile:

same as default

Xinetd:

service ctf
{
    disable = no
    socket_type = stream
    protocol    = tcp
    wait        = no
    user        = root
    type        = UNLISTED
    port        = 20000
    bind        = 0.0.0.0
    server      = /home/ctf/ctf.bin
    # server_args = -R
    banner_fail = /etc/banner_fail
    # safety options
    # the maximum instances of this service per source IP address
    per_source  = 10
    # the maximum number of CPU seconds that the service may use
    rlimit_cpu  = 20
    # the Address Space resource limit for the service
    rlimit_as  = 512M
    #access_times = 2:00-9:00 12:00-24:00
    kafel_rule = /etc/pwn.kafel
}

[advice]how about add an volume?

When using tcpdump to capture traffic,it will save contents when container stops.But if you start the container,it would clean original capture.pcap.So how about add an volume on Dockerfile?
Just a little advice,don't mind it.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.