Last active
April 28, 2024 17:20
-
-
Save TheFlash2k/50008e1ba8b3e7e6169642e636996e51 to your computer and use it in GitHub Desktop.
bash script that will extract libc from a specified Dockerfile.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# Logging Functions | |
function log() { echo -e "\e[32m[*]\e[0m $@"; } | |
function error() { echo -e "\e[31m[!]\e[0m $@"; exit 1; } | |
function warn() { echo -e "\e[33m[x]\e[0m $@"; } | |
function msg() { echo -e "\e[34m[+]\e[0m $@"; } | |
function msgln() { echo -en "\e[34m[+]\e[0m $@"; } | |
# modifiable vars ## | |
# Run pwninit after extraction: | |
# 1=Yes | |
# 0=No | |
PWNINIT=1 | |
# Delete the image after extraction | |
# 1=Yes | |
# 0=No | |
DELETE=1 | |
# Name of the image that will be created | |
IMAGE_NAME="temp_challenge" | |
# Name of the running container | |
CONTAINER_NAME="temp" | |
# Name and path of the output file: | |
OUT_FILE="$(pwd)/libc.so.6" | |
# Optional: You can specify the path to libc inside the docker container: | |
LIBC_PATH="" | |
if [[ $# != 1 ]]; then | |
error "Usage: $0 <Dockerfile>" | |
exit 1 | |
fi | |
file="$1" | |
[ ! -f "$file" ] && error "$1 is not a valid file. Please check." | |
# precautionary measure | |
(docker ps | grep "$CONTAINER_NAME") 2>&1 >/dev/null | |
if [[ $? == 0 ]]; then | |
warn "Found a container running with name $CONTAINER_NAME. Stopping it before continuing" | |
docker stop "$CONTAINER_NAME" 2>&1 >/dev/null | |
fi | |
# Extract `FROM` statement, and creating another file with only the IMAGE, and a `sleep` entrypoint: | |
# Only get the first result. | |
from=$(cat "$file" | grep -i "^FROM" | cut -d $'\n' -f1) | |
img_name=`echo "$from" | grep -ioE '((theflash.*|ubuntu.*|debian.*|fedora.*):[^ \n]+)'` | |
msg "Extracted Image from \"$file\": $img_name" | |
# Delete the temp file if already exists. | |
tmp_dir=$(mktemp -d) | |
tmp_file=$(mktemp "$tmp_dir/temp_Docker_XXX") | |
[ -f "$tmp_file" ] && rm -f "$tmp_file" | |
echo "FROM $img_name" > "$tmp_file" | |
echo 'ENTRYPOINT ["sleep", "1000"]' >> "$tmp_file" | |
log "Wrote temporary Dockerfile: $tmp_file" | |
log "Building image $IMAGE_NAME." | |
docker build -f "$tmp_file" -t "$IMAGE_NAME" . 2>&1 >/dev/null | |
log "Built image with name: $IMAGE_NAME" | |
_id=$(docker run -d --rm --name "$CONTAINER_NAME" "$IMAGE_NAME") | |
msg "Ran container ($CONTAINER_NAME) with id $_id" | |
libc="" | |
if [ ! -z "$LIBC_PATH" ]; then | |
# check if it's a valid file in the container | |
docker exec -it $_id "ls -l $LIBC_PATH" 2>&1 >/dev/null | |
[[ $? != 0 ]] && error "$LIBC_PATH is an invalid path. Please check." | |
libc="$LIBC_PATH" | |
fi | |
if [ -z "$libc" ]; then | |
path=$(docker exec -it "$CONTAINER_NAME" sh -c 'find / -name libc.so.6 -exec realpath {} \; 2>/dev/null') | |
[[ $? != 0 && $? != 1 ]] && error "Unable to extract libc path. Possible error: $path" | |
libc=`echo "${path%?}" | tail -1` | |
fi | |
msg "Found libc at $libc" | |
docker cp "$_id":"$libc" "$OUT_FILE" 2>&1 >/dev/null | |
[[ $? != 0 ]] && warn "Unable to copy libc from the container :(" || msg "Copied libc from \"$libc\" to \"$OUT_FILE\"" | |
log "Cleaning up...." | |
docker stop "$CONTAINER_NAME" 2>&1 >/dev/null | |
msg "Stopped ($CONTAINER_NAME) $_id" | |
if [[ $DELETE != 0 ]]; then | |
docker rmi "$IMAGE_NAME" 2>&1 >/dev/null | |
[[ $? != 0 ]] && error "Unable to delete $IMAGE_NAME" | |
msg "Deleted $IMAGE_NAME" | |
fi | |
shopt -s nocasematch # case insensitive matching | |
# old-testing. Keeping for legacy ;-; | |
# msgln "Do you want to run pwninit in `pwd` as well? (Y/N) " | |
# read runinit | |
[[ "$PWNINIT" -eq 1 ]] && runinit="y" || runinit="n" | |
patcher="pwninit" | |
if [[ "$runinit" == "y" ]]; then | |
msg "Running $patcher in `pwd`" | |
command -v "$patcher" 2>&1 >/dev/null | |
[[ $? != 0 ]] && error "$patcher not found in PATH. Please check." | |
"$patcher" | |
[[ $? != 0 ]] && error "An error occurred when running $patcher." | |
else | |
log "Done with extraction." | |
fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment