Yet another pwn sandbox in CTF!
Project description
PwnSandboxForCTF
Yet another sandbox for CTF challenge in AWD mode
This is a ptrace sandbox. (It was a chroot sandbox)
It will send SIG_KILL under certain circumstances:
- Child process attempting to open files with 'flag' in its name by open/openat/name_to_handle_at. (/tmp/asdflagasd etc.)
- Child process attempting to create a symlink or hardlink for file with 'flag' in its name by symlink/symlinkat/link.
- Child process attempting to call illegal syscall. (execve/execveat/stub_execveat)
ELF64 and ELF32 supported, including PIE
Installation
pip install pwnsandbox
or
python setup.py install
It will install a console script 'pwn_sandbox'.
Usage
usage: pwn_sandbox [-h] input_bin
Yet another pwn sandbox for CTF by @unamer(https://github.com/unamer)
positional arguments:
input_bin /path/to/your/input binary
optional arguments:
-h, --help show this help message and exit
There will be a binary output named binary_sandbox in your binary's folder
Requirement
- python 2.7
- pwntools
liefAlready included in project cause newest lief sucks.
Known issues
Centos NOT supported- Might crash on ELF contains multi loadable segments. (I haven't seen this type of ELF yet)
- Sandbox might be bypassable, but it isn't designed as an impenetrable shield anyway. (issues are welcome.)
- DO NOT use newest lief or you will be fucked when processing non-pie ELF32 file.
TODO
Find a clean method to jump back to oepNew method to support centos
Changelog
[0.3] - 2019-01-08
Added
- Various bug fix.
- Add more syscall in filter scope.
[0.2] - 2019-01-07
Added
- Update project description.
- Revert lief version.
[0.1] - 2019-01-05
Added
- Reconstruct project.
- Initial ptrace sandbox.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
pwnsandbox-0.31.tar.gz
(1.8 MB
view hashes)
