https://github.com/rip1s/pwnsandboxforctf
Yet another sandbox for CTF challenge in AWD mode
https://github.com/rip1s/pwnsandboxforctf
awd ctf ctf-pwn ctf-tools pwn sandbox
Last synced: about 2 months ago
JSON representation
Yet another sandbox for CTF challenge in AWD mode
- Host: GitHub
- URL: https://github.com/rip1s/pwnsandboxforctf
- Owner: rip1s
- License: gpl-3.0
- Created: 2017-04-19T11:07:11.000Z (about 8 years ago)
- Default Branch: master
- Last Pushed: 2019-01-08T13:02:45.000Z (over 6 years ago)
- Last Synced: 2025-04-10T10:16:24.118Z (about 2 months ago)
- Topics: awd, ctf, ctf-pwn, ctf-tools, pwn, sandbox
- Language: Python
- Size: 1.77 MB
- Stars: 96
- Watchers: 5
- Forks: 22
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE.txt
Awesome Lists containing this project
README
# PwnSandboxForCTF
Yet another sandbox for CTF challenge in AWD mode
This is a ptrace sandbox. ~~(It was a chroot sandbox)~~
It will send SIG_KILL under certain circumstances:
* Child process attempting to open files with 'flag' in its name by open/openat/name_to_handle_at. (/tmp/asdflagasd etc.)
* Child process attempting to create a symlink or hardlink for file with 'flag' in its name by symlink/symlinkat/link.
* Child process attempting to call illegal syscall. (execve/execveat/stub_execveat)
ELF64 and ELF32 supported, including PIE
## Installation
```bash
pip install pwnsandbox
```
or
```bash
python setup.py install
```
It will install a console script 'pwn_sandbox'.
## Usage
```bash
usage: pwn_sandbox [-h] input_bin
Yet another pwn sandbox for CTF by @unamer(https://github.com/unamer)
positional arguments:
input_bin /path/to/your/input binary
optional arguments:
-h, --help show this help message and exit
```
There will be a binary output named binary_sandbox in your binary's folder
## Requirement
* python 2.7
* pwntools
* ~~lief~~ Already included in project cause newest lief [sucks](https://github.com/lief-project/LIEF/issues/143).
## Known issues
* ~~Centos **NOT supported**~~
* Might crash on ELF contains multi loadable segments. (I haven't seen this type of ELF yet)
* Sandbox might be bypassable, but it isn't designed as an impenetrable shield anyway. (issues are welcome.)
* DO NOT use newest lief or you will be fucked when processing non-pie ELF32 file.
## TODO
* ~~Find a clean method to jump back to oep~~
* ~~New method to support centos~~
## Changelog
### [0.3] - 2019-01-08
#### Added
- Various bug fix.
- Add more syscall in filter scope.
### [0.2] - 2019-01-07
#### Added
- Update project description.
- Revert lief version.
### [0.1] - 2019-01-05
#### Added
- Reconstruct project.
- Initial ptrace sandbox.