pwnenv is a series of docker containers that I made, which allow you to run and debug linux binaries with the desired libc.
- Switched out the 3 containers for 1
- Updated vimrc and zshrc
- Removed non privilaged user (everything happens with the root user)
This started as a fork of pwndocker by skysider
- zsh / tmux
- Custom pwntools templates for x86, x86-64, arm
- gdb with gef, pwndbg, peda (Article from Andreas Pogiatzis)
- one_gadget
- seccomp-tools
- reutils
- ropper
- ROPGadget
- main_arena_offset
- heap_inspect
- and many more
# Download From DockerHub
docker pull christoss/pwnenv
# or Bulding From Dockerfile
docker build -t <container-name> .I set this up so the containers can be started from anywhere. The run scripts automatically mount the current directory in the container.
I added the following code to the $PROFILE of powershell.
function checkContainerRunning {
param($name)
docker container ls -q -f name="$name"
}
function pwnenv {
if (checkContainerRunning "pwnenv") {
docker exec -it pwnenv zsh
} else {
docker run --env="DISPLAY=$(Get-NetIPAddress -AddressFamily IPV4 -InterfaceAlias "Wi-Fi" | Select IPAddress):0" --net=host --cap-add=SYS_PTRACE --security-opt seccomp=unconfined -it --rm --name pwnenv -v "$(get-location):/root/data".ToLower() christoss/pwnenv
}
}Now just restart powershell, go to the woking directory and type pwnenv
For linux I do it by having the following two functions in the zshrc/bashrc file:
function checkContainerRunning() {
docker container ls -q -f name="$1"
}
function pwnenv() {
if [ $(checkContainerRunning "pwnenv") ]; then
docker exec -it pwnenv zsh
else
docker run --net=host --cap-add=SYS_PTRACE --security-opt seccomp=unconfined -it --rm --name "pwnenv" -v "$(pwd)":/root/data "christoss/pwnenv"
fi
}This starts up the container if it is not running or executes bash if it is.