Awesome

EpicTreasure - Batteries included CTF VM

Tools included

• Pwntools
• Pwndbg
• Radare2
• Firmware tools (fmk / qemu)
• angr
• ROPGadget
• binwalk
• apktool

Docker

docker pull ctfhacker/epictreasure
docker run --rm -v /path/to/host/share/folder:/root/host-share --privileged -it --workdir=/root ctfhacker/epictreasure

Default settings

By default, my dotfiles are installed onto the VM. Simply comment out the following lines in Dockerfile if you don't want my settings.

# Personal dotfiles
RUN cd /root && \
    rm .bashrc && \
    git clone --recursive https://github.com/ctfhacker/dotfiles.git && \
    cd dotfiles && \
    ./install.sh

Then rebuild the Docker

docker build -t et .

Terminal

• Colorscheme for the terminal and vim is solarized

Vim

• jk or jj to ESC out of Vim
• ESC and Arrow keys are hard coded to not work in Vim (as a teaching mechanism)
• : is remapped to ; (who uses ; anyway?)
• leader key is SPACE (thanks to spacemacs)
• SPACE p will drop an embedded IPython line in a python script
• H moves to beginning of line, L moves to end of line (instead of ^ and $)

Tmux

• A new shell spawns a fresh tmux session
• tmux leader switched to Ctrl+A
• Ctrl+A - produces a horizontal pane. Ctrl+A \ produces a vertical pane.
• Ctrl+A [hjkl] moves around available panes as vim motion

Check correct installation

Pwndbg

Run the following command in the VM:

gdb /bin/ls

Expected output:

Reading symbols from host-share/crackme...(no debugging symbols found)...done.
Only available when running
pwndbg>

Radare

Run the following command in the VM:

r2 /bin/ls

Expected output:

[0x00404890]> aaa

Pwntools

Run the following command in the VM:

python
>>> from pwn import *
>>> elf = ELF('/bin/ls')
[*] '/bin/ls'
    Arch:     amd64-64-little
    RELRO:    Partial RELRO
    Stack:    Canary found
    NX:       NX enabled
    PIE:      No PIE
    FORTIFY:  Enabled
>>> rop = ROP(elf)
[*] Loading gadgets for '/bin/ls'

angr

Run the following commands in the VM:

python
>>> import angr
>>>

capstone / keystone / unicorn

Run the following commands in the VM:

python
>>> import capstone
>>> import keystone
>>> import unicorn
>>>

Shared folder

Drop files in the host-share folder on your host to find them on your VM at /home/vagrant/host-share

Tests

Using Google's container-structure-test to test our new container

./container-structure-test-darwin-amd64 test --image ctfhacker/epictreasure --config tests.yaml