LevitatingLion/ctf-writeups

Not able to set up pwn_namespace environment

Closed this issue · 1 comments

duowen1 commented

I was trying to set up the environment of pwn_namespace on my localhost. My docker version is 19.03.8. I build the docker container by docker build -t c3ctf . with Dockerfile in your repo. And I run the container by docker run --privileged -p 1337:1337 c3ctf.

And I start another terminal and try nc localhost 1337, but I didn't see namespaces's hint information but

/usr/bin/maybe_pow.sh: line 13: /home/user/chal: Permission denied
/usr/bin/maybe_pow.sh: line 13: exec: /home/user/chal: cannot execute: Permission denied

docker run --rm --privileged=true --name namespacectf -p 1337:1337 c3ctf
+ for res in cpu memory pids
+ mkdir /sys/fs/cgroup/cpu/NSJAIL
+ chmod 777 /sys/fs/cgroup/cpu/NSJAIL
+ for res in cpu memory pids
+ mkdir /sys/fs/cgroup/memory/NSJAIL
+ chmod 777 /sys/fs/cgroup/memory/NSJAIL
+ for res in cpu memory pids
+ mkdir /sys/fs/cgroup/pids/NSJAIL
+ chmod 777 /sys/fs/cgroup/pids/NSJAIL
[2021-04-23T08:06:30+0000] Mode: LISTEN_TCP
[2021-04-23T08:06:30+0000] Jail parameters: hostname:'NSJAIL', chroot:'/', process:'/usr/bin/stdbuf', bind:[::]:1337, max_conns_per_ip:0, time_limit:0, personality:0, daemonize:false, clone_newnet:true, clone_newuser:true, clone_newns:true, clone_newpid:true, clone_newipc:true, clone_newuts:true, clone_newcgroup:true, keep_caps:true, disable_no_new_privs:false, max_cpus:0
[2021-04-23T08:06:30+0000] Mount point: '/' -> '/' flags:MS_RDONLY|MS_BIND|MS_REC|MS_PRIVATE type:'' options:'' is_dir:true
[2021-04-23T08:06:30+0000] Mount point: '/tmp/flag' -> '/flag' flags:MS_RDONLY|MS_BIND|MS_REC|MS_PRIVATE type:'' options:'' is_dir:false
[2021-04-23T08:06:30+0000] Mount point: '/tmp' flags: type:'tmpfs' options:'size=4194304' is_dir:true
[2021-04-23T08:06:30+0000] Mount point: '/proc' flags: type:'proc' options:'' is_dir:true
[2021-04-23T08:06:30+0000] Uid map: inside_uid:0 outside_uid:1000 count:1 newuidmap:true
[2021-04-23T08:06:30+0000] Uid map: inside_uid:1 outside_uid:100000 count:1 newuidmap:true
[2021-04-23T08:06:30+0000] Gid map: inside_gid:0 outside_gid:1000 count:1 newgidmap:true
[2021-04-23T08:06:30+0000] Gid map: inside_gid:1 outside_gid:100000 count:1 newgidmap:true
[2021-04-23T08:06:30+0000] Listening on [::]:1337
[2021-04-23T08:06:34+0000] New connection from: [::ffff:172.17.0.1]:60454 on: [::ffff:172.17.0.2]:1337
[2021-04-23T08:06:34+0000] Executing '/usr/bin/stdbuf' for '[::ffff:172.17.0.1]:60454'
[2021-04-23T08:06:34+0000] PID: 20 ([::ffff:172.17.0.1]:60454) exited with status: 126, (PIDs left: 0)
duowen1 commented

I fixed it. It was because of wrong permission of challenge/namespaces. I ran chmod 777 challenge/namespaces and it works. I got the flag.