Post

Binary Exploitation Docker Environment

Posted Updated
By Nkateko Tibane
3 min read
Binary Exploitation Docker Environment

Setting Up Pwn Environment Lab with Docker

Reverse Engineering and binary exploitation require a well-configured environment with the right tools. Learning binary exploitation requires to learn on older environment which can be tedious to setup due to dependency conflicts, outdated packages, and compatibility issues.

In this blog we’ll walk through building a docker-based pwn environment that includes:

  • Ubuntu 16.04
  • GDB + GEF (debugging)
  • Pwntools (exploit development)
  • Radare2 (reverse engineering)

This setup ensures reproducibiility and isolation, making it great for CTFS, and exploit development.

Why Docker for the environment

  • Consistency -
  • Isolation
  • Reproduciblity
  • Legacy Support

Setup

1. Copy the dockerfile contents.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83

FROM ubuntu:16.04

ENV DEBIAN_FRONTEND=noninteractive

# Install build tools and dependencies
RUN apt-get update && apt-get install -y --no-install-recommends \
    build-essential \
    wget curl file\
    git vim nano sudo \
    p7zip-full netcat-traditional \
    nasm binutils \
    gcc gcc-multilib g++ g++-multilib \
    make socat \
    libgmp-dev libmpfr-dev libmpc-dev \
    strace ltrace patchelf unzip \
    libbz2-dev libreadline-dev libsqlite3-dev \
    libffi-dev libncurses5-dev libgdbm-dev liblzma-dev \
    zlib1g-dev ca-certificates software-properties-common \
    libnss3-dev \
    && rm -rf /var/lib/apt/lists/*

# Build OpenSSL 1.1.1 (required for Python 3.10+ SSL support)
WORKDIR /usr/src
RUN wget https://www.openssl.org/source/openssl-1.1.1w.tar.gz && \
    tar xzf openssl-1.1.1w.tar.gz && \
    cd openssl-1.1.1w && \
    ./config --prefix=/usr/local/openssl --openssldir=/usr/local/openssl shared zlib && \
    make -j$(nproc) && make install && \
    echo "/usr/local/openssl/lib" > /etc/ld.so.conf.d/openssl.conf && ldconfig

# Build Python 3.10 with OpenSSL support
RUN wget https://www.python.org/ftp/python/3.10.13/Python-3.10.13.tgz && \
    tar xzf Python-3.10.13.tgz && \ 
    cd Python-3.10.13 && \
    LDFLAGS="-L/usr/local/openssl/lib -Wl,-rpath=/usr/local/openssl/lib" \
    CPPFLAGS="-I/usr/local/openssl/include" \
    ./configure --enable-optimizations --with-openssl=/usr/local/openssl && \
    make -j$(nproc) && \
    make altinstall

# Setup pip and symlinks
RUN ln -sf /usr/local/bin/python3.10 /usr/bin/python3 && \
    ln -sf /usr/local/bin/python3.10 /usr/bin/python && \
    python3.10 -m ensurepip && \
    python3.10 -m pip install --upgrade pip && \
    ln -sf /usr/local/bin/pip3.10 /usr/bin/pip3 && \
    ln -sf /usr/local/bin/pip3.10 /usr/bin/pip


# Install GDB 14 from source
# Download and build GDB 14.2
RUN cd /tmp && \
    wget https://ftp.gnu.org/gnu/gdb/gdb-14.2.tar.gz && \
    tar -xzf gdb-14.2.tar.gz && \
    cd gdb-14.2 && \
    ./configure --prefix=/opt/gdb-14 --with-python=python3 && \
    make -j$(nproc) && \
    make install && \
    ln -sf /opt/gdb-14/bin/gdb /usr/local/bin/gdb && \
    ln -sf /opt/gdb-14/bin/gdb /usr/bin/gdb && \
    cd / && rm -rf /tmp/gdb-14.2*

# Install Radare2
RUN git clone https://github.com/radareorg/radare2.git /opt/radare2 && \
    cd /opt/radare2 && ./sys/install.sh && cd -

        # Create user
RUN useradd -m hacker && \
chown -R hacker:hacker /home/hacker && chmod 644 /home/hacker/.gdbinit*


USER hacker

# Install GEF
RUN wget -q -O /home/hacker/.gdbinit-gef.py https://gef.blah.cat/py && \
    echo "source /home/hacker/.gdbinit-gef.py" >> /home/hacker/.gdbinit

# Install pwntools and ROPgadget
RUN pip3 install --no-cache-dir pwntools ROPgadget

WORKDIR /home/hacker/workspace

CMD ["/bin/bash"]

2. Build the image

1

docker build -t pwn-env:latest .

3. Running the container

1
2
3
4

docker run -it --rm --privileged --cap-add=SYS_PTRACE \
  --security-opt seccomp=unconfined \
  -v $(pwd):/home/hacker/workspace pwn-env:latest

Conclusion

This Docker-based pwn environment provides a clean, reproducible setup for binary exploitation and reverse engineering. By using Ubuntu 16.04 + Python 3.9, we maintain compatibility with older challenges while leveraging modern tools like GEF and pwntools.

Docker eliminates setup headaches, letting you focus on exploitation. Try this and let me know how it can be improved.

Happy hacking!

pwn, offsec-lab, rev
This post is licensed under CC BY 4.0 by the author.

Trending Tags

c2 ctf lab red-team