A modified version of OpenToAll's pwnvm based on Arch Linux. pwnvm is a ready-to-go VM you can use to work on most pwn/reversing challenges in CTFs with little-to-no additional setup.
Note: Docker is now supported! Skip to Docker Instructions to get started. If you're using vagrant and a traditional hypervisor like VirtualBox, continue reading the original instructions below.
- Install a hypervisor. The following hypervisors are supported:
- VirtualBox (default, recommended)
- libvirt (requires vagrant-libvirt provider, which can be found here)
- Install Vagrant:
- OSX:
brew cask install vagrant - Linux:
sudo apt-get install vagrant
- OSX:
- Clone this project and
cdto clone dir. - Build VM and provision:
- If using VirtualBox:
vagrant up - If using libvirt:
vagrant up --provider=libvirt
- If using VirtualBox:
vagrant ssh
By default the directory that contains the Vagrantfile is shared with the vm and is mounted at /vagrant, so you can move files between the host and guest by simply moving files to/from there.
If using libvirt, you will first need to install an NFS server on the host and start the service (sudo pacman -S nfs-utils && systemctl start nfs-server).
The VM exposes its IP on a private network on ip 10.10.10.10. You can run whatever services you like on the VM and they will be accessible from the host through that IP.
You should never have to open your hypervisor to manage the VMs. Everything can be done through vagrant, but must be done from the directory where the Vagrantfile lives.
- See VMs:
vagrant global-status - Reprovision:
vagrant provision [<vm>] - SSH:
vagrant ssh [<vm>] - Adopt changes to Vagrantfile:
vagrant reload [<vm>] - Bring down VM:
vagrant halt [<vm>] - Bring up VM:
vagrant up [<vm>] - Scrap VM:
vagrant destroy [<vm>]
Docker is also supported as a lighter-weight alternative to a full virtual machine under a traditional hypervisor. Some caveats:
- Docker containers are designed to be immutable, meaning that by default your changes and files created inside the container will not be saved when you exit.
- If running on a Linux host, some system settings may need to be modified on the host for things to work correctly (e.g., core dump locations, ASLR). For this reason, I recommend vagrant if your host box is Linux.
- Install docker on your host operating system.
- Run
docker pull njfox/pwnvm-arch
To build the container locally instead, clone this repository and run the following command from the docker sub-directory:
$ git clone https://github.com/njfox/pwnvm-arch && cd pwnvm-arch/docker && docker build -t pwnvm-arch .
This repository contains a launcher script instead at docker/run.sh (you need to modify the tag in the script if you built locally):
$ docker/run.sh
Tools, virtualenvs etc. are installed in ~/tools.
To mount a folder from the host to persist changes (recommended), add the -v argument when launching the run script. The following example mounts /home/nick/ctf on the host to /ctf within the container:
$ docker/run.sh -v /home/nick/ctf:/ctf
Add the -p <host port>:<docker port> switch to forward ports from the host. The following command launches the container with port 4444 on the host being forwarded to port 80 on the container:
$ docker/run.sh -p 4444:80
To be able to attach to processes with gdb on OSX, you need to launch the container with the --privileged option.
Once connected, run the following command to disable yama:
$ echo 0 | sudo tee /proc/sys/kernel/yama/ptrace_scope
If you want to customize the pwnvm container, you can create your own Dockerfile with FROM njfox/pwnvm-arch at the top. Then any customizations you add will be layered on top of the base container.
The following tools have been installed and are ready to use:
yaygefand all optional dependencies, includingunicorn,capstone,keystone, andropperpwndbgpedapwntools(Python 3 branch, although the Python 2 branch is included in a venv in~/tools/pwntools2)qemuand additional architecturesr2and ther2ghidra-decplugin, which includes the Ghidra decompilerangrbinwalkfixenvz3aflandafl-utilsfzfpowerline, as well as the default fonts, vim, and tmux plugins
Suggestions for new tools to be included are welcome! Please open an issue to request your favorite RE/pwning tools to be added to the project.