-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
0 parents
commit 6eea41c
Showing
7 changed files
with
693 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,22 @@ | ||
| Copyright (c) 2015, RPISEC | ||
| All rights reserved. | ||
|
|
||
| Redistribution and use in source and binary forms, with or without modification, | ||
| are permitted provided that the following conditions are met: | ||
|
|
||
| 1. Redistributions of source code must retain the above copyright notice, this list | ||
| of conditions and the following disclaimer. | ||
|
|
||
| 2. Redistributions in binary form must reproduce the above copyright notice, this list | ||
| of conditions and the following disclaimer in the documentation and/or other materials | ||
| provided with the distribution. | ||
|
|
||
| THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY | ||
| EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF | ||
| MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL | ||
| THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
| SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT | ||
| OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR | ||
| TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS | ||
| SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,28 @@ | ||
| # MBE Warzone (Bionic Edition) | ||
| The warzone VM from RPISEC's awesome [Modern Binary Exploitation](https://github.com/RPISEC/MBE) course, updated with modern tools | ||
|
|
||
| ## Help wanted! | ||
| I am still working through the MBE course myself, and while I will fix as many labs that may have been broken with this build as I can, I have not gotten to the later exercises yet to verify they still work. If any experienced pwners want to help test the labs and make sure they still work as intended I would really appreciate it! | ||
|
|
||
| ## Installation | ||
| Clone this repository and build the warzone VM with `vagrant up`. Supported hypervisors include VirtualBox and libvirt. | ||
|
|
||
| ## Usage | ||
| After deploying the warzone, you can connect to the VM using SSH on 10.10.10.10. The administrator credentials are `gameadmin:gameadmin`. Alternatively you can connect as the `vagrant` user with `vagrant ssh` and manage everything with that account since it has passwordless sudo. | ||
|
|
||
| See [Modern Binary Exploitation](https://github.com/RPISEC/MBE) for more information on how to use the VM with the course. | ||
|
|
||
| ## Differences from the original warzone | ||
| Major differences between this version and the original warzone: | ||
|
|
||
| * Ubuntu has been upgraded from 14.04 to 18.04 | ||
| * The python packages and tooling have been moved to python 3 versions (pwntools, capstone, ropper, ropgadget, xortool). This means you should now write python 3 scripts and run them with `python3` instead of `python` | ||
| * `gef` is installed and is now the default gdb plugin. You can change this back to `peda` by editing `/etc/cfg/.gdbinit` and commenting out the line with `source .../gef.py` and uncommenting the line that sources `peda.py` | ||
| * All `gef` optional dependencies have been installed, including `capstone`, `keystone`, `unicorn`, and `ropper`. They are also all available in the python 3 environment | ||
| * The immutable bit has been removed from lab user home directories, so you no longer have to work in `/tmp`. This restriction made sense in a shared environment, but I decided to remove it since most people are working on this solo and working from /tmp was annoying | ||
| * Removed some further restrictions on common programs like `tmux`, `ps`, `kill`, etc. since there is no reason for them in single-user environments | ||
| * The VM is now 64 bit, so if you need to compile any native code you should pass the `-m32` flag to compile it in 32-bit mode | ||
| * All other tools should be updated to current versions | ||
|
|
||
| ## Motivation | ||
| The tools and platform in the original warzone VM are starting to become dated and I wanted to continue working through the course with modern tools I use in CTFs and real life pwning. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,31 @@ | ||
| # -*- mode: ruby -*- | ||
| # vi: set ft=ruby : | ||
|
|
||
| VAGRANTFILE_API_VERSION = "2" | ||
| Vagrant.configure(VAGRANTFILE_API_VERSION) do |config| | ||
|
|
||
| config.ssh.username = "vagrant" | ||
| config.ssh.forward_agent = true | ||
| config.vm.provision :shell, :path => "vagrant_setup.sh", :privileged => true | ||
|
|
||
| name = "warzone" | ||
| memory = "1024" | ||
|
|
||
| config.vm.define "warzone", primary: true do |a64| | ||
| a64.vm.box = "generic/ubuntu1804" | ||
| a64.vm.provider "virtualbox" do |vb, override| | ||
| override.vm.network "private_network", ip: "10.10.10.10" | ||
| override.vm.synced_folder ".", "/vagrant" | ||
| vb.name = name | ||
| vb.memory = memory | ||
| vb.gui = false | ||
| end | ||
| a64.vm.provider "libvirt" do |lv, override| | ||
| override.vm.network "private_network", | ||
| :ip => "10.10.10.10" | ||
| override.vm.synced_folder ".", "/vagrant", :nfs => true | ||
| override.vm.hostname = name | ||
| lv.memory = memory | ||
| end | ||
| end | ||
| end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,90 @@ | ||
| #!/bin/bash | ||
|
|
||
| ######################################### | ||
| # Install Tools | ||
| ######################################### | ||
|
|
||
| # install python packages | ||
| function install_python_packages { | ||
| apt-get -y install cmake pkg-config libglib2.0-dev | ||
| /vagrant/update-trinity.sh | ||
| python3 -m pip install docopt ropgadget ropper libformatstr xortool | ||
| python3 -m pip install --upgrade git+https://github.com/Gallopsled/pwntools.git@dev3 | ||
| } | ||
| export -f install_python_packages | ||
|
|
||
| # setup gdb PEDA | ||
| function install_gdb_peda { | ||
| OPWD=$PWD | ||
| cd $TOOLS_DIR | ||
| git clone https://github.com/longld/peda.git $TOOLS_DIR/peda | ||
| mkdir -p $SKEL_LINK_DIR | ||
| touch $GDBINIT | ||
| echo " #source $TOOLS_DIR/peda/peda.py" >> $GDBINIT | ||
| echo "[+] Installed gdb PEDA!" | ||
| cd $OPWD | ||
| } | ||
| export -f install_gdb_peda | ||
|
|
||
| # setup gef | ||
| function install_gef { | ||
| OPWD=$PWD | ||
| cd $TOOLS_DIR | ||
| git clone https://github.com/hugsy/gef $TOOLS_DIR/gef | ||
| echo "source $TOOLS_DIR/gef/gef.py" >> $GDBINIT | ||
| echo "[+] Installed gef!" | ||
| cd $OWPD | ||
|
|
||
| } | ||
| export -f install_gef | ||
|
|
||
| # setup checksec | ||
| function install_checksec { | ||
| OPWD=$PWD | ||
| cd /usr/local/bin | ||
| wget https://github.com/slimm609/checksec.sh/raw/master/checksec -O checksec | ||
| chmod +x checksec | ||
| echo "[+] Installed checksec!" | ||
| cd $OPWD | ||
| } | ||
| export -f install_checksec | ||
|
|
||
| # setup radare2 | ||
| function install_radare2 { | ||
| OPWD=$PWD | ||
| cd $TOOLS_DIR | ||
| sudo -u $REALUSER git clone https://github.com/radare/radare2.git | ||
| cd radare2 | ||
| sudo -u $REALUSER ./sys/install.sh | ||
| echo "[+] Installed radare2!" | ||
| cd $OPWD | ||
| } | ||
| export -f install_radare2 | ||
|
|
||
| # setup fixenv | ||
| function install_fixenv { | ||
| OPWD=$PWD | ||
| cd /tmp | ||
| git clone https://github.com/hellman/fixenv.git | ||
| mv ./fixenv/r.sh /usr/local/bin/fixenv | ||
| chmod +x /usr/local/bin/fixenv | ||
| rm -rf /tmp/fixenv | ||
| echo "[+] Installed fixenv!" | ||
| cd $OPWD | ||
| } | ||
| export -f install_fixenv | ||
|
|
||
| # setup shtest | ||
| function install_shtest { | ||
| OPWD=$PWD | ||
| cd /tmp | ||
| git clone https://github.com/hellman/shtest.git | ||
| cd shtest | ||
| gcc -Wall -m32 shtest.c -o shtest | ||
| mv shtest /usr/local/bin/shtest | ||
| cd .. | ||
| rm -rf shtest | ||
| echo "[+] Installed shtest!" | ||
| cd $OPWD | ||
| } | ||
| export -f install_shtest |
Oops, something went wrong.