first commit

Dockerfile

@@ -0,0 +1,27 @@
+FROM debian:bookworm
+
+COPY _files /tmp/
+
+RUN mv /tmp/flag.sh /flag.sh \
+	&& mv /tmp/sources.list /etc/apt/sources.list \
+	&& mv /tmp/edi* /usr/local \
+	&& apt-get update \
+	&& apt-get --no-install-recommends -y install \
+	wget apt-utils sudo ca-certificates \
+	vim openssh-server file \
+	&& mv /tmp/docker-entrypoint /usr/local/bin/ \
+	&& chmod +x /usr/local/bin/* \
+	&& apt-get clean \
+	&& rm -rf /tmp/* /var/tmp/*
+
+RUN useradd -p '$y$j9T$uCHtN.yDpIqN.PioeaThD.$Cc/8vnnZj.IuNP0aJhtwRMkaAYnBojjLDFBRhz6PIQ8' ctf \
+	&& chsh -s /bin/bash ctf \
+	&& mkdir /home/ctf \
+	&& mv /usr/local/edi* /home/ctf \
+	&& chmod 4755 /home/ctf/edit \
+	&& chmod o+r /etc/sudoers /etc/apt/sources.list \
+	&& chmod 744 /home/ctf/edit.c
+
+EXPOSE 22
+
+CMD ["/bin/sh", "-c", "/usr/local/bin/docker-entrypoint"]

_files/docker-entrypoint

@@ -0,0 +1,10 @@
+#!/bin/bash
+
+if [[ -f /flag.sh ]]; then
+source /flag.sh
+fi
+
+mkdir /run/sshd
+/usr/sbin/sshd
+
+tail -F /dev/null

_files/edit.c

@@ -0,0 +1,11 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <sys/types.h>
+#include <unistd.h>
+
+int main()
+{
+    setuid( 0 );
+    system( "vim /etc/apt/sources.list" );
+    return 0;
+ }

_files/flag.sh

@@ -0,0 +1,14 @@
+#!/bin/bash
+
+echo "$GZCTF_FLAG" > /flag
+chown root:root /flag
+chmod o-r /flag
+
+unset GZCTF_FLAG
+
+export GZCTF_FLAG="flag in /flag!"
+GZCTF_FLAG="flag in /flag!"
+export FLAG="flag in /flag!"
+echo $FLAG > /home/ctf/flag
+chown ctf:ctf /home/ctf/flag
+rm -rf /flag.sh

_files/sources.list

@@ -0,0 +1,4 @@
+deb http://mirrors.bfsu.edu.cn/debian/ bookworm main contrib non-free non-free-firmware
+deb http://mirrors.bfsu.edu.cn/debian/ bookworm-updates main contrib non-free non-free-firmware
+deb http://mirrors.bfsu.edu.cn/debian/ bookworm-backports main contrib non-free non-free-firmware
+deb http://mirrors.bfsu.edu.cn/debian-security bookworm-security main contrib non-free non-free-firmware