Skip to content

Commit

Permalink
:tag: V2
Browse files Browse the repository at this point in the history
  • Loading branch information
@MuelNova
MuelNova committed Nov 2, 2024
1 parent b4ff3b8 commit 9b6e6af
Show file tree
Hide file tree
Showing 15 changed files with 750 additions and 802 deletions.
284 changes: 141 additions & 143 deletions Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -1,157 +1,155 @@
ARG image=ubuntu:20.04
ARG IMAGE=ubuntu:20.04
FROM ${IMAGE} AS base

FROM $image as builder
# Args
ARG PROXY
ARG NO_PROXY="localhost,127.0.0.1"

WORKDIR /home/ctf
ARG proxy=
ARG python_version=3.11.5
ARG BUILD_MULTI=false

ENV HTTP_PROXY=$proxy
ENV HTTPS_PROXY=$proxy
ENV TZ=Asia/Shanghai
# Env
ENV DEBIAN_FRONTEND=noninteractive
ENV LANG=C.UTF-8
ENV TZ=Asia/Shanghai

RUN sed -i 's@//.*archive.ubuntu.com@//mirrors.ustc.edu.cn@g' /etc/apt/sources.list
ENV HTTP_PROXY=${PROXY}
ENV HTTPS_PROXY=${PROXY}
ENV NO_PROXY=${NO_PROXY}

RUN apt update && apt install build-essential zlib1g-dev libncurses5-dev dpkg-dev libgmp3-dev lsb-release \
libgdbm-dev libnss3-dev libssl-dev libreadline-dev libffi-dev libsqlite3-dev curl libbz2-dev pkg-config texinfo -y
RUN if [ "$PROXY" != "" ]; then \
echo "Using proxy: ${PROXY}" && \
echo "Acquire::http::Proxy \"${PROXY}\";" > /etc/apt/apt.conf.d/proxy.conf && \
echo "Acquire::https::Proxy \"${PROXY}\";" >> /etc/apt/apt.conf.d/proxy.conf && \
sed -i 's@http://.*archive.ubuntu.com@https://mirrors.tuna.tsinghua.edu.cn@g' /etc/apt/sources.list && \
sed -i 's@http://.*security.ubuntu.com@https://mirrors.tuna.tsinghua.edu.cn@g' /etc/apt/sources.list; \
fi

RUN curl -LO https://www.python.org/ftp/python/$python_version/Python-$python_version.tgz && \
tar -xf Python-$python_version.tgz && \
cd Python-$python_version/ && \
# Install
RUN apt-get update && apt-get install -y build-essential wget


# --- Stage 2: Build Python ---
FROM base AS python-build
ARG PYTHON_VERSION=3.12.0

RUN apt-get install -y zlib1g-dev \
libssl-dev \
libffi-dev \
libsqlite3-dev \
libbz2-dev \
liblzma-dev \
libreadline-dev \
libncursesw5-dev \
libgdbm-dev \
libnss3-dev \
uuid-dev && \
wget https://www.python.org/ftp/python/${PYTHON_VERSION}/Python-${PYTHON_VERSION}.tgz && \
tar xzf Python-${PYTHON_VERSION}.tgz && \
cd Python-${PYTHON_VERSION} && \
./configure --enable-optimizations && \
mkdir /root/build && \
make -j$(nproc) && make altinstall -j$(nproc) DESTDIR=/root/build

RUN curl -fsSL https://ftp.gnu.org/gnu/gdb/gdb-13.2.tar.xz | tar -xJ && \
cd gdb-13.2 && \
if [ "$(lsb_release -rs)" != "16.04" ] && [ "$BUILD_MULTI" = "true" ]; then \
./configure --enable-targets=all --with-python=python; \
else \
./configure --with-python=python; \
fi && \
# gdb cannot specify the python in /root/build, so we have to copy it.
mkdir -p /root/build && cp -r /root/build/usr / && \
ln -sf /usr/local/bin/python$(echo $python_version | awk -F. '{print $1"."$2}') /usr/local/bin/python && \
make -j$(nproc) && make install -j$(nproc) DESTDIR=/root/build

make -j$(nproc) && \
make install && \
cd .. && \
rm -rf Python-${PYTHON_VERSION}*

FROM $image as p

ARG proxy=
ARG python_version=3.11.5
# --- Stage 3: gdb ---
FROM python-build AS gdb-build

ENV HTTP_PROXY=$proxy
ENV HTTPS_PROXY=$proxy
ENV NO_PROXY="security.ubuntu.com,mirrors.tuna.tsinghua.edu.cn"
ENV TZ=Asia/Shanghai
ENV DEBIAN_FRONTEND=noninteractive
ARG GDB_VERSION=15.2
ARG GDB_MULTIARCH=no

WORKDIR /home/nopwn

# # 换源
RUN sed -i 's/archive.ubuntu.com/mirrors.tuna.tsinghua.edu.cn/g' /etc/apt/sources.list && \
echo "Acquire::http::Proxy false;\nAcquire::https::Proxy false;" >> /etc/apt/apt.conf.d/10-no-https-proxy
# sed -i 's/security.ubuntu.com/mirrors.tuna.tsinghua.edu.cn/g' /etc/apt/sources.list
# sed -i 's/http:/https:/g' /etc/apt/sources.list

RUN dpkg --add-architecture i386 && apt-get update && \
apt-get install git vim tzdata libc6:i386 \
libncurses5:i386 libstdc++6:i386 \
patchelf net-tools gnupg2 netcat socat g++-multilib lib32stdc++6 \
libffi-dev libssl-dev gcc-multilib make strace ltrace file sudo elfutils \
curl zsh lsb-release -y --fix-missing

COPY --from=builder /root/build/ /

RUN ln -sf /usr/local/bin/python$(echo $python_version | awk -F. '{print $1"."$2}') /usr/local/bin/python3 && \
ln -sf /usr/local/bin/pip$(echo $python_version | awk -F. '{print $1"."$2}') /usr/local/bin/pip3 && \
ln -sf /usr/local/bin/python3 /usr/local/bin/python && ln -sf /usr/local/bin/pip3 /usr/local/bin/pip && \
pip install --upgrade pip && pip config set global.index-url https://pypi.tuna.tsinghua.edu.cn/simple && \
pip config set global.trusted-host pypi.tuna.tsinghua.edu.cn && \
pip install --no-cache-dir pwntools ropgadget ropper

RUN if [ "$(lsb_release -rs)" = "22.04" ]; then \
apt-get install -y software-properties-common && \
apt-add-repository -y ppa:rael-gc/rvm && \
apt-get update && apt install -y --allow-downgrades libssl-dev=1.1.1l-1ubuntu1.4 ca-certificates; \
RUN apt-get install -y libgmp-dev libmpfr-dev&& \
wget https://ftp.gnu.org/gnu/gdb/gdb-${GDB_VERSION}.tar.gz && \
tar xzf gdb-${GDB_VERSION}.tar.gz && \
cd gdb-${GDB_VERSION} && \
if [ "$GDB_MULTIARCH" = "yes" ]; then \
./configure --with-python=python3 --enable-targets=all; \
else \
./configure --with-python=python3; \
fi && \
mkdir ~/.gnupg && \
if [ "$(lsb_release -rs)" != "16.04" ]; then \
echo "disable-ipv6" >> ~/.gnupg/dirmngr.conf; \
else \
dirmngr </dev/null; \
make -j$(nproc) && \
make install && \
cd .. && \
rm -rf gdb-${GDB_VERSION}* && \
rm -rf /var/lib/apt/lists/*

# --- Stage 4: Ruby ---
FROM base AS ruby-build

ARG RUBY_VERSION=3.2.6

RUN apt-get install -y \
libssl-dev \
libreadline-dev \
zlib1g-dev \
autoconf \
bison \
libyaml-dev \
libgdbm-dev \
libncurses5-dev \
libffi-dev

RUN wget https://cache.ruby-lang.org/pub/ruby/${RUBY_VERSION%.*}/ruby-${RUBY_VERSION}.tar.gz && \
tar xzf ruby-${RUBY_VERSION}.tar.gz && \
cd ruby-${RUBY_VERSION} && \
./configure --disable-install-doc && \
make -j$(nproc) && \
make install && \
cd .. && \
rm -rf ruby-${RUBY_VERSION}* && \
rm -rf /var/lib/apt/lists/*

# --- Stage 5: Final ---
FROM base AS final

COPY --from=gdb-build /usr/local /usr/local
COPY --from=ruby-build /usr/local /usr/local

RUN apt-get install -y libyaml-0.2 git tmux && \
if [ "$HTTP_PROXY" != "" ]; then \
echo "Using proxy: ${HTTP_PROXY}" && \
git config --global http.proxy ${HTTP_PROXY} && \
git config --global https.proxy ${HTTP_PROXY}; \
fi && \
gpg2 --keyserver hkp://keyserver.ubuntu.com --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3 7D2BAF1CF37B13E2069D6956105BD0E739499BDB && \
curl -ksSL https://get.rvm.io | bash -s stable && \
/bin/bash -c "source /usr/local/rvm/scripts/rvm && rvm install 2.7" && \
ln -sf /usr/local/rvm/rubies/ruby-2.*/bin/ruby /usr/local/bin/ruby && \
ln -sf /usr/local/rvm/rubies/ruby-2.*/bin/gem /usr/local/bin/gem && \
if [ "$(lsb_release -rs)" = "22.04" ]; then \
# Revoke changes.
apt-add-repository -ry ppa:rael-gc/rvm && \
apt-get remove -y software-properties-common && \
apt-get install -y libssl-dev; \
fi

RUN gem install one_gadget seccomp-tools && \
ln -sf /usr/local/rvm/rubies/ruby-2.*/bin/one_gadget /usr/local/bin/one_gadget && \
ln -sf /usr/local/rvm/gems/ruby-2.*/bin/seccomp-tools /usr/local/bin/seccomp-tools

COPY content/pwndbg.sh /tmp/pwndbg.sh

RUN if [ -n "$proxy" ]; then \
git config --global http.proxy $proxy; \
git config --global https.proxy $proxy; \
fi && git clone --depth 1 https://github.com/pwndbg/pwndbg /usr/local/pwndbg && \
cd /usr/local/pwndbg && mv /tmp/pwndbg.sh install.sh && ./install.sh && \
git clone --depth 1 https://github.com/scwuaptx/Pwngdb.git /usr/local/Pwngdb && \
cd /usr/local/Pwngdb && mv .gdbinit .gdbinit-pwngdb && \
sed -i "s?source ~/peda/peda.py?# source /usr/local/peda/peda.py?g" .gdbinit-pwngdb && \
curl -L https://raw.githubusercontent.com/hugsy/gef/main/gef.py -o /usr/local/.gdbinit-gef.py


# Install oh-my-zsh
RUN chsh -s /bin/zsh && sh -c "$(curl -fsSL https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh)" && \
git clone https://github.com/zsh-users/zsh-autosuggestions ${ZSH_CUSTOM:-~/.oh-my-zsh}/plugins/zsh-autosuggestions && \
sed -i '/^plugins=(/ s/)/ zsh-autosuggestions z sudo)/' ~/.zshrc && \
curl -LO https://starship.rs/install.sh && sh install.sh --yes && \
echo "eval \"$(starship init zsh)\"" >> ~/.zshrc && \
rm install.sh && \
mkdir -p ~/.config && \
sed -i "s?# export PATH?export PATH?g" ~/.zshrc && \
echo "export LANG=C.UTF-8" >> ~/.zshrc

RUN find /usr/local -type f -executable -exec ldd '{}' ';' \
| awk '/=>/ { print $(NF-1) }' \
| sort -u \
| xargs -r dpkg-query --search \
| cut -d: -f1 \
| sort -u \
| xargs -r apt-mark manual; \
apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; apt-get autoremove -y && \
gem install --no-document one_gadget seccomp-tools && \
pip3 install --no-cache-dir ropgadget pwntools ropper pwno

RUN git clone --depth 1 https://github.com/pwndbg/pwndbg ~/.local/pwndbg && \
cd ~/.local/pwndbg && \
./setup.sh && \
git clone --depth 1 https://github.com/scwuaptx/Pwngdb.git ~/.local/Pwngdb && \
wget -q https://raw.githubusercontent.com/bata24/gef/dev/install.sh -O- | sh && \
mkdir -p ~/.local/gef && \
mv /root/.gdbinit-gef.py ~/.local/gef/gef.py

RUN apt-get install -y fish curl && \
mkdir -p ~/.config/fish && \
# 安装 fisher 包管理器
wget -qO- https://raw.githubusercontent.com/jorgebucaran/fisher/main/functions/fisher.fish | \
fish -c "source && fisher install jorgebucaran/fisher" && \
# 安装一些有用的 fish 插件
fish -c "fisher install jethrokuan/z" && \
fish -c "fisher install PatrickF1/fzf.fish" && \
# 设置为默认 shell
chsh -s /usr/bin/fish

# ADD YOUR PACKAGES HERE
# RUN apt-get install -y <your-package> --no-install-recommends

RUN apt-get remove -y ruby-dev python3-pip gdb python3-dev python3-venv python3-setuptools && \
apt-get clean && \
rm -rf /var/lib/apt/list/* /usr/local/rvm/gems/ruby-2.*/cache/* /tmp/* /var/tmp/*

COPY content/starship.toml /root/.config/starship.toml
COPY content/.gdbinit /root/.gdbinit
COPY content/build_glibc.sh .

RUN cp -r /root/.gdbinit /root/.config /root/.oh-my-zsh /root/.zshrc /etc/skel/ && \
adduser --disabled-password --gecos '' --shell /bin/zsh ctf && \
echo "ctf ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers


FROM scratch
# squash image

ARG proxy=
COPY --from=p / /
WORKDIR /home/ctf
ENV HTTP_PROXY=$proxy
ENV HTTPS_PROXY=$proxy
USER ctf


CMD [ "/bin/zsh" ]
rm -rf /var/lib/apt/lists/* && \
rm -rf ~/.cache/pypoetry/* && \
pip3 cache purge && \
rm -rf ~/.cache/pip && \
gem cleanup && \
rm -rf /usr/local/lib/ruby/gems/*/cache/ && \
rm -rf ~/.gem && \
# 一些优化
ln -s /usr/local/bin/python3 /usr/local/bin/python && \
ln -s /usr/local/bin/pip3 /usr/local/bin/pip

COPY scripts/.gdbinit /root/.gdbinit
COPY scripts/config.fish /root/.config/fish/config.fish
COPY scripts/.tmux.conf /root/.tmux.conf

CMD ["/usr/bin/fish"]
Loading

0 comments on commit 9b6e6af

Please sign in to comment.