Challenges in Containers
Sometimes you get challenges provided with a Dockerfile. In most cases, it's best to use it, as you can be sure it acts the same locally and remotely.
Unfortunately, that can be rough. There are a few steps. In essence, we want to use gdbserver to set up a debug session, then connect to gdbserver from our host to leverage the full power of whatever we want to debug with. These steps work for debugging a binary hosted via socat.
Quick Copy
Add:
Run:
Connect:
OR
Explanation
Install
Add some installs to the Dockerfile:
If the Dockerfile is an alpine image, instead use
gdbserver is automatically installed as part of the package.
Change Run Command in build_docker.sh
Add the
flags to the docker run ... command in build_docker.sh.
-p 9090:9090binds the internal port9090to the external port9090, so we can connect tolocalhost:9090for thegdbserver--cap-add=SYS_PTRACEgives the container the capability toptracea process, which we need for debugging. The alternative is to run it in--privilegedmode, which is far more unsafe
Start the Executable and get the PID
Get a shell with docker exec:
Note that to get a binary started with socat, we have to connect to the service first in order to start a process. So, outside the container, connect with nc:
Don't end the process. Switch back to the Docker root shell:
Grab the PID of the subprocess, in this case 22.
Starting GDBserver
Now start a gdbserver:
You can combine this into one command:
gdbserver :9090 --attach $(pidof challenge)
And on your host you can now connect to it with radare2 or GDB:
And boom.
Note the issue is that you have to restart gdbserver every time you connect again. Don't forget! Maybe there's a better way, but I don't know.
Did try and replace the shell commands with a single docker exec, but the $() is resolved before it is piped to the Docker:
But when connecting via shell and running, it worked:
If anybody finds a fix, please let me know!
Last updated