Pwndocker

A docker environment for pwn in ctf based on phusion/baseimage:jammy-1.0.4, which is a modified ubuntu 22.04 baseimage for docker

Usage

docker-compose up -d
docker exec -it pwn_test /bin/bash

included software

• pwntools —— CTF framework and exploit development library
• pwndbg —— a GDB plug-in that makes debugging with GDB suck less, with a focus on features needed by low-level software developers, hardware hackers, reverse-engineers and exploit developers
• pwngdb —— gdb for pwn
• ROPgadget —— facilitate ROP exploitation tool
• roputils —— A Return-oriented Programming toolkit
• one_gadget —— A searching one-gadget of execve('/bin/sh', NULL, NULL) tool for amd64 and i386
• angr —— A platform-agnostic binary analysis framework
• radare2 —— A rewrite from scratch of radare in order to provide a set of libraries and tools to work with binary files
• seccomp-tools —— Provide powerful tools for seccomp analysis
• tmux —— a terminal multiplexer
• ltrace —— trace library function call
• strace —— trace system call

Q&A

How to run in custom libc version?

try:

LD_PRELOAD=./libc.so.5 ./test

if failed, try to run with correct ld version:

cd /var/lib/libc-database
./download <libc id> # try to get by ./identify or ./find, download ld.so and libpthread.so and so on to libs/<libc id>, refer to https://github.com/niklasb/libc-database, 
cp libs/<glibc_version>/ld-{version}.so /tmp/ld.so
patchelf --set-interpreter /tmp/ld.so ./test
./test

or

from pwn import *
p = process(["/path/to/ld.so", "./test"], env={"LD_PRELOAD":"/path/to/libc.so.6"})

How to run in custom libc version with other lib?

root@pwn:/ctf/work# ldd /bin/ls
linux-vdso.so.1 (0x00007ffe065d3000)
libselinux.so.1 => /lib/x86_64-linux-gnu/libselinux.so.1 (0x00007f004089e000)
libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f00406ac000)
libpcre2-8.so.0 => /lib/x86_64-linux-gnu/libpcre2-8.so.0 (0x00007f004061c000)
libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007f0040616000)
/lib64/ld-linux-x86-64.so.2 (0x00007f00408f8000)

root@pwn:/ctf/work# /var/lib/libc-database/libs/<glibc_version>/ld-{version}.so /bin/ls
/bin/ls: error while loading shared libraries: libselinux.so.1: cannot open shared object file: No such file or directory

You can copy /lib/x86_64-linux-gnu/libselinux.so.1 and /lib/x86_64-linux-gnu/libpcre2-8.so.0 to /var/lib/libc-database/libs/<glibc_version>/, and sometimes it fails because the built-in libselinux.so.1 requires higher version libc:

root@pwn:/ctf/work# /var/lib/libc-database/libs/<glibc_version>/ld-{version}.so /bin/ls
/bin/ls: version `GLIBC_2.30' not found (required by libselinux.so.1)

it can be solved by copying libselinux.so.1 from ubuntu 18.04 which glibc version is 2.27 to /var/lib/libc-database/libs/<glibc_version>/:

docker run -itd --name u18 ubuntu:18.04 /bin/bash
docker cp -L u18:/lib/x86_64-linux-gnu/libselinux.so.1 .
docker cp -L u18:/lib/x86_64-linux-gnu/libpcre2-8.so.0 .
docker cp libselinux.so.1 pwn:/var/lib/libc-database/libs/<glibc_version>/
docker cp libpcre2-8.so.0 pwn:/var/lib/libc-database/libs/<glibc_version>/

And now it succeeds:

root@pwn:/ctf/work# /var/lib/libc-database/libs/<glibc_version>/ld-{version}.so /bin/ls -l /

ChangeLog

2026-03-10

update software, remove inner libc and ida linux_server

2025-09-14

update base image to ubuntu 22.04 and update pwntools version to 4.14.1

2023-10-22

add zsh and ohmyzsh to docker image, update pwntools version to 4.11.0

2023-01-27

add glibc versions 2.33~2.36 to docker image, and update pwntools version to 4.9.0

2022-03-06

add pwntools_version docker build argument, 4.8.0b0 is set in repo docker build actions

2022-2-10

add docker-compose.yml

2021-10-25

add docker build action and update radare2 version to latest

2020-09-06

update base image to 20.04(glibc 2.31) and add glibc 2.27

2020-05-22

update radare2 to version 4.4.0 and add r2pipe python binding

2020-04-11

add libc 2.30 and 2.31

2020-02-19

python packages switched to python3 version, remove roputils.py