This construction method requires you to install docker first. I won’t go into details about the installation of docker commands here. The following is based on the fact that you have installed docker. We will then use xinetd to deploy pwn questions on CTFd.
First of all, let me talk about some of my own experiences in setting up pwn problems. The first reference I made was to use the socat command to build it, but I did not succeed. It was still a port problem or the command execution failed. It stopped there and could not be executed. I also I tried pwn_deploy_chroot and related ones, but the command execution got stuck, and because I didn’t register a GitHub account, I couldn’t clone the tool, so I finally chose to use xinetd to build it.
The first step is to clone xinetd
git clone https://github.com/Eadom/ctf_xinetdAfter cloning, we enter the directory, as shown in the figure below
Please be patient and read the following things. Don’t rush to build it. If it’s just for building, I will just give you a few commands. I sincerely hope that you can successfully deploy the pwn topic.
Let me explain something clearly to you first. The CTF shooting range we build is usually on port 80.
In fact, the port where our question is deployed is mapped to port 80 (web service)
Use the docker ps command to view open containers
As shown in the figure below, the blue mark is the container name, and the red mark is the mapping relationship between ports.
Introduction to the directories under ctf_xinetd:
Placed under the bin directory are the flag and pwn question program files;
The default is helloworld and flag, we can replace them with our own desired flag and question program
(Be careful not to create containers or pull images before making these replacements. What do you mean? If you have already created the container for this question, then it will contain the contents of helloworld and the default flag. At this time, you can It is invalid to make changes in the bin directory. Although the contents in the bin directory have been changed, the things in the container have not been changed. Moreover, for the container, helloworld and flag are not in the bin directory, but in /home/ ctf directory)
We have two methods for replacing the flag and pwn programs:
(1) Before creating the container, replace the contents in the bin directory;
Directly change the content of the flag or pull it in yourself, then pull a question program (I call it stack here) and delete the original program (helloworld). Note that the stack needs to have executable permissions. We use the chmod command to weight it. Generally Increasing to 750 is enough. Increasing to 777 has higher authority but also increases the risk. It is recommended to increase to 750.
chmod 750 stackAfter weighting, we found that the program name turned green, indicating that the program already has executable permissions
(2) Even if we create the question container and need to replace the flag or question program later, we can use the docker cp command to replace it:
docker cp 程序所在位置(如果你是在文件当前路径那就直接用文件名) 容器名:要添加到的位置For example, if we change the flag:
docker cp flag eb5d199dfc0f:/home/ctf #eb5d199dfc0f是你自己这道题的容器名However, it is recommended that you replace the contents of the bin directory before creating the container.
Next we need to change the other two files. If you don't change them, you can only access them by connecting locally, that is, nc 0.0.0.0, but you will not be able to access them if you replace 0.0.0.0 with your shooting range address.
Because the default port in the ctf_xinetd we downloaded is mapped to 9999, and as we said earlier, we need 80, so we need to replace all 9999 with 80.
vim ctf.xinetdChange port to 80
(By the way, change hellworld after ./ to the program name you put in the bin directory)
After modification wq save and exit
vim DockerfileChange expose to 80 and save and exit
Now we start creating the container:
docker build -t "stack" .
This stack is the name of the image you created. You can choose it casually, but I use the pwn program name to facilitate subsequent management and identification.
After creating it, we enable it:
docker run -d -p "0.0.0.0:8090:80" -h "stack" --name="stack" stackThe stack here is replaced with the pwn program name in your own bin directory, and 8090 is replaced with an unused port you want to put.
After the activation is successful, we can see the container
We directly nc the shooting range address and port
Use the exp script to test it again. There is no problem. The connection can be successfully established and the flag can be obtained.
At this point, our deployment on the terminal is complete
Next, just add the question to the CTFd front-end.
Fill in the relevant information, upload the question program, and give the address and port of the nc
final effect
So far we have completed all deployments of pwn topics based on xinetd
Regarding the deployment of web topics, you can refer to my other blog http://t.csdn.cn/cywRR
In addition, you are also welcome to come and play at my own shooting range. The miscellaneous subjects and cryptography are relatively simple and easy to AK. They are mainly for friends who want to get started with CTF, especially the miscellaneous questions, which are very summary and original. The question is a simple summary of my previous miscellaneous knowledge. Welcome! Shooting range addressMyonCTF
