• Pwntools
• Pwndbg
• Radare2
• Firmware tools (fmk / qemu)
• angr
• ROPGadget
• decompile - Add API key to host-share/decompile-api
• qira
• binwalk
• apktool

docker pull ctfhacker/epictreasure
docker run -v /path/to/host/share/folder:/root/host-share --privileged -it --workdir=/root ctfhacker/epictreasure

Check Virtualbox for information on installing Virtualbox on your respective operating system.

Check VagrantUp for information on installing vagrant.

git clone https://github.com/teknogeek/EpicTreasure
cd EpicTreasure
vagrant up
... Go grab a coffee while we install all the things
vagrant ssh

By default, ctfhacker's dotfiles are installed onto the VM. Simply comment out the following lines in et_setup.sh if you don't want his settings.

# Personal config
cd $HOMEDIR
sudo apt-get -y install stow
rm .bashrc
git clone https://github.com/ctfhacker/dotfiles
(
  cd dotfiles
  ./install.sh
)

• Colorscheme for the terminal and vim is solarized

• jk or jj to ESC out of Vim
• ESC and Arrow keys are hard coded to not work in Vim (as a teaching mechanism)
• : is remapped to ; (who uses ; anyway?)
• leader key is SPACE (thanks to spacemacs)
• SPACE p will drop an embedded IPython line in a python script
• H moves to beginning of line, L moves to end of line (instead of ^ and $)

• A new shell spawns a fresh tmux session
• tmux leader switched to Ctrl+A
• Ctrl+A - produces a horizontal pane. Ctrl+A \ produces a vertical pane.
• Ctrl+A [hjkl] moves around available panes as vim motion

Run the following command in the VM:

gdb /bin/ls

Expected output:

Loaded 53 commands.  Type pwndbg for a list.
Reading symbols from host-share/crackme...(no debugging symbols found)...done.
Only available when running
pwn>

Run the following command in the VM:

r2 /bin/ls

Expected output:

[0x00404890]> aaa

Run the following command in the VM:

python
>>> from pwn import *
>>> elf = ELF('/bin/ls')
[*] '/bin/ls'
    Arch:     amd64-64-little
    RELRO:    Partial RELRO
    Stack:    Canary found
    NX:       NX enabled
    PIE:      No PIE
    FORTIFY:  Enabled
>>> rop = ROP(elf)
[*] Loading gadgets for '/bin/ls'

Run the following commands in the VM:

source ~/angr/bin/activate
python
>>> import angr
>>>

Run the following commands in the VM:

decompile binary_name

Drop files in the host-share folder on your host to find them on your VM at /home/vagrant/host-share