1.5.0 new cli features and bug fixes

+ new root environment option (for Qegd and Dogd)
+ new default distro Boxs
+ better formatting for template
+ docker containers are now named (and can be made persistant)

Author: gfelber

pyproject.toml

@@ -1,6 +1,6 @@
 [project]
 name = "vagd"
-version = "1.4.5"
+version = "1.5.0"
 authors = [{ name = "0x6fe1be2" }]
 description = "VirtuAlization GDb integrations in pwntools"
 readme = "README.md"

src/vagd/box.py

@@ -11,14 +11,19 @@ class Box:
   QEMU_FOCAL = "https://cloud-images.ubuntu.com/focal/current/focal-server-cloudimg-amd64.img"
   QEMU_BIONIC = "https://cloud-images.ubuntu.com/bionic/current/bionic-server-cloudimg-amd64.img"
   QEMU_XENIAL = "https://cloud-images.ubuntu.com/xenial/current/xenial-server-cloudimg-amd64-disk1.img"
+  QEMU_UBUNTU = QEMU_NOBLE
   QEMU_JAMMY_ARM = "https://cloud-images.ubuntu.com/jammy/current/jammy-server-cloudimg-arm64.img"
 
   DOCKER_NOBLE = "ubuntu:noble"
   DOCKER_JAMMY = "ubuntu:jammy"
   DOCKER_FOCAL = "ubuntu:focal"
   DOCKER_BIONIC = "ubuntu:bionic"
   DOCKER_XENIAL = "ubuntu:xenial"
+  DOCKER_UBUNTU = DOCKER_NOBLE
+
   DOCKER_I386_FOCAL = "i386/ubuntu:focal"
   DOCKER_I386_BIONIC = "i386/ubuntu:bionic"
   DOCKER_I386_XENIAL = "i386/ubuntu:xenial"
-  DOCKER_ALPINE_316 = "alpine:3.16.6"
+
+  DOCKER_ALPINE_320 = "alpine:3.20"
+  DOCKER_ALPINE = DOCKER_ALPINE_320

src/vagd/cli.py

@@ -16,9 +16,9 @@
 from vagd.virts.qegd import Qegd
 from vagd.virts.vagd import Vagd
 
-DOGD_BOX = "Box.DOCKER_NOBLE"
+DOGD_BOX = "Box.DOCKER_UBUNTU"
 DOGD = "vm = Dogd(BINARY, image={box}, {args})  # Docker"
-QEGD_BOX = "Box.QEMU_NOBLE"
+QEGD_BOX = "Box.QEMU_UBUNTU"
 QEGD = "vm = Qegd(BINARY, img={box}, {args})  # Qemu"
 SHGD = (
   "vm = Shgd(BINARY, user='user', host='localhost', port=22, {args})  # SSH"
@@ -28,6 +28,11 @@
 VAGD_BOX = "Box.VAGRANT_JAMMY64"
 VAGD = "vm = Vagd(BINARY, {box}, {args})  # Vagrant"
 
+ATAKA_ENV = """# ataka envs
+ATAKA  = os.getenv('TARGET_IP') is not None
+IP     = os.getenv('TARGET_IP', IP)
+EXTRA  = json.loads(os.getenv('TARGET_EXTRA', '[]'))"""
+
 app = typer.Typer(context_settings={"help_option_names": ["-h", "--help"]})
 
 err_console = Console(stderr=True)
@@ -122,11 +127,13 @@ def template(
   ataka: Optional[bool] = typer.Option(
     False, "--ataka", help="create an ataka compatible template"
   ),
+  root: Optional[bool] = typer.Option(
+    False, "--root", "-r", help="create a root environment"
+  ),
 ):
   """
   creates a template
   """
-
   if image != DOGD_BOX:
     dogd = True
     image = f"'{image}'"
@@ -140,7 +147,7 @@ def template(
     vbox = f"'{vbox}'"
 
   templatePath = os.path.dirname(os.path.realpath(__file__))
-  templateChunks = []
+  templateChunks = list()
   aliasesPath = templatePath + "/res/aliases.txt"
   templatePath += "/res/template.txt"
   multi = False
@@ -160,6 +167,9 @@ def template(
   vms = []
   args = dict()
 
+  if root:
+    args["user"] = "'root'"
+
   if libs:
     args["libs"] = True
     if not libc:
@@ -168,6 +178,10 @@ def template(
   if files:
     args["files"] = "[" + ",".join(f"'{file}'" for file in files) + "]"
 
+  modules = list()
+  if ataka:
+    modules.append("json")
+
   args["ex"] = "True"
   args["fast"] = "True"
 
@@ -190,35 +204,34 @@ def template(
       else:
         templateChunks.append(line)
 
-    template = "".join(templateChunks).format(
-      "{}",
-      dependencies=", ".join(dependencies),
-      aliases=aliases,
-      binary=binary,
-      ip=ip,
-      port=str(port),
-      env=env,
-      ataka_env="# ataka envs\nIP = os.getenv('TARGET_IP', IP)\nEXTRA = json.loads(os.getenv('TARGET_EXTRA', '[]'))"
-      if ataka
-      else "",
-      vms=("\n" + " " * 4).join(vms),
-      libc=libc,
-      aslr=aslr,
-      is_local=True if local else "args.LOCAL",
-      is_ataka=" or os.getenv('TARGET_IP')" if ataka else "",
-    )
-
-    if output_exploit:
-      output = "exploit.py"
-    if output:
-      with open(output, "w") as exploitFile:
-        exploitFile.write(template)
-      current_permissions = os.stat(output).st_mode
-      new_permissions = current_permissions | (stat.S_IXUSR)
-      os.chmod(output, new_permissions)
-    else:
-      syntax = Syntax(template, "python", theme="ansi_dark")
-      console.print(syntax)
+  template = "".join(templateChunks).format(
+    "{}",
+    modules="\n".join(f"import {module}" for module in modules),
+    dependencies=", ".join(dependencies),
+    aliases=aliases,
+    binary=binary,
+    ip=ip,
+    port=str(port),
+    env=env,
+    ataka_env=ATAKA_ENV if ataka else "",
+    vms=("\n" + " " * 4).join(vms),
+    libc=libc,
+    aslr=aslr,
+    is_local=True if local else "args.LOCAL",
+    is_ataka=" or ATAKA" if ataka else "",
+  )
+
+  if output_exploit:
+    output = "exploit.py"
+  if output:
+    with open(output, "w") as exploitFile:
+      exploitFile.write(template)
+    current_permissions = os.stat(output).st_mode
+    new_permissions = current_permissions | (stat.S_IXUSR)
+    os.chmod(output, new_permissions)
+  else:
+    syntax = Syntax(template, "python", theme="ansi_dark")
+    console.print(syntax)
 
 
 @app.command()

src/vagd/res/aliases.txt

@@ -1,41 +1,47 @@
+# abbreviations
 cst = constants
 shc = shellcraft
 
-linfo = lambda x, *a: log.info(x, *a)
-lwarn = lambda x, *a: log.warn(x, *a)
+# logging
+linfo  = lambda x, *a: log.info(x, *a)
+lwarn  = lambda x, *a: log.warn(x, *a)
 lerror = lambda x, *a: log.error(x, *a)
-lprog = lambda x, *a: log.progress(x, *a)
+lprog  = lambda x, *a: log.progress(x, *a)
 
-byt = lambda x: x if isinstance(x, bytes) else x.encode() if isinstance(x, str) else repr(x).encode()
-phex = lambda x, y='leak': print('0x'+padhex(x, 16) + ' <- ' + y )
-lhex = lambda x, y='leak': linfo("0x%016x <- %s", x, y)
-pad = lambda x, s=8, v=b'\0', o='l': x.ljust(s, v) if o == 'l' else x.rjust(s, v)
+# type manipulation
+byt    = lambda x: x if isinstance(x, bytes) else x.encode() if isinstance(x, str) else repr(x).encode()
+phex   = lambda x, y='leak': print('0x'+padhex(x, 16) + ' <- ' + y )
+lhex   = lambda x, y='leak': linfo("0x%016x <- %s", x, y)
+pad    = lambda x, s=8, v=b'\0', o='l': x.ljust(s, v) if o == 'l' else x.rjust(s, v)
 padhex = lambda x, s=None: pad(hex(x)[2:],((x.bit_length()//8)+1)*2 if s is None else s, '0', 'r')
-upad = lambda x: u64(pad(x))
-tob = lambda x: bytes.fromhex(padhex(x))
+upad   = lambda x: u64(pad(x))
+tob    = lambda x: bytes.fromhex(padhex(x))
 
+# elf aliases
 gelf = lambda elf=None: elf if elf else exe
-srh = lambda x, elf=None: gelf(elf).search(byt(x)).__next__()
+srh  = lambda x, elf=None: gelf(elf).search(byt(x)).__next__()
 sasm = lambda x, elf=None: gelf(elf).search(asm(x), executable=True).__next__()
 lsrh = lambda x: srh(x, libc)
 lasm = lambda x: sasm(x, libc)
 
+# cyclic aliases
 cyc = lambda x: cyclic(x)
 cfd = lambda x: cyclic_find(x)
 cto = lambda x: cyc(cfd(x))
 
-t = None
-gt = lambda at=None: at if at else t
-sl = lambda x, t=None, *a, **kw: gt(t).sendline(byt(x), *a, **kw)
-se = lambda x, t=None, *a, **kw: gt(t).send(byt(x), *a, **kw)
-ss = lambda x, s, t=None, *a, **kw: sl(x, t, *a, **kw) if len(x) < s else lerror('ss to big: 0x%x > 0x%', len(x), s) if len(x) > s else se(x, *a, **kw)
+# tube aliases
+t   = None
+gt  = lambda at=None: at if at else t
+sl  = lambda x, t=None, *a, **kw: gt(t).sendline(byt(x), *a, **kw)
+se  = lambda x, t=None, *a, **kw: gt(t).send(byt(x), *a, **kw)
+ss  = lambda x, s, t=None, *a, **kw: sl(x, t, *a, **kw) if len(x) < s else lerror('ss to big: 0x%x > 0x%x', len(x), s) if len(x) > s else se(x, *a, **kw)
 sla = lambda x, y, t=None, *a, **kw: gt(t).sendlineafter(byt(x), byt(y), *a, **kw)
-sa = lambda x, y, t=None, *a, **kw: gt(t).sendafter(byt(x), byt(y), *a, **kw)
+sa  = lambda x, y, t=None, *a, **kw: gt(t).sendafter(byt(x), byt(y), *a, **kw)
 sas = lambda x, y, s, t=None, *a, **kw: sla(x, y, t, *a, **kw) if len(y) < s else lerror('sas to big: 0x%x > 0x%x', len(y), s)  if len(y) > s else sa(x, y, *a, **kw)
-ra = lambda t=None, *a, **kw: gt(t).recvall(*a, **kw)
-rl = lambda t=None, *a, **kw: gt(t).recvline(*a, **kw)
+ra  = lambda t=None, *a, **kw: gt(t).recvall(*a, **kw)
+rl  = lambda t=None, *a, **kw: gt(t).recvline(*a, **kw)
 rls = lambda t=None, *a, **kw: rl(t=t, *a, **kw)[:-1]
 rcv = lambda x, t=None, *a, **kw: gt(t).recv(x, *a, **kw)
-ru = lambda x, t=None, *a, **kw: gt(t).recvuntil(byt(x), *a, **kw)
-it = lambda t=None, *a, **kw: gt(t).interactive(*a, **kw)
-cl = lambda t=None, *a, **kw: gt(t).close(*a, **kw)
+ru  = lambda x, t=None, *a, **kw: gt(t).recvuntil(byt(x), *a, **kw)
+it  = lambda t=None, *a, **kw: gt(t).interactive(*a, **kw)
+cl  = lambda t=None, *a, **kw: gt(t).close(*a, **kw)

src/vagd/res/template.txt

@@ -1,22 +1,22 @@
 #!/usr/bin/env python3
 from pwn import *
+{modules}
 
-GDB_OFF = 0x555555554000
-IP = '{ip}'
-PORT = {port}
+GOFF   = 0x555555554000
+IP     = '{ip}'
+PORT   = {port}
 BINARY = '{binary}'
-ARGS = []
-ENV = {env} # os.environ
-GDB = f"""
+ARGS   = []
+ENV    = {env} # os.environ
+{ataka_env}
+GDB    = f"""
 set follow-fork-mode parent
 
 c"""
 
 context.binary = exe = ELF(BINARY, checksec=False)
 context.aslr = {aslr}
 
-{ataka_env}
-
 {aliases}
 
 def setup():

src/vagd/templates.py

@@ -22,15 +22,16 @@
 # init user and ssh
 EXPOSE 22
 RUN useradd --create-home --shell /bin/bash -g sudo {user}
-RUN chown -R vagd:sudo /home/vagd
+RUN chown -R {user}:sudo /home/{user}
 RUN chmod u+s /usr/bin/sudo
-RUN echo "vagd ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/vagd && chmod 0440 /etc/sudoers.d/vagd
+RUN echo "{user} ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/{user} && chmod 0440 /etc/sudoers.d/{user}
 USER {user}
 
 WORKDIR /home/{user}
 COPY {keyfile} .ssh/authorized_keys
 
 USER root
+COPY {keyfile} /root/.ssh/authorized_keys
 RUN mkdir -p /run/sshd && \\
   chmod 755 /run/sshd
 
@@ -59,17 +60,18 @@
 
 EXPOSE 22
 RUN chmod u+s /usr/bin/sudo
-RUN adduser -h /home/vagd -s /bin/ash -g sudo -D vagd
-RUN echo "vagd ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/vagd && chmod 0440 /etc/sudoers.d/vagd
-RUN echo "vagd:vagd" | chpasswd
+RUN adduser -h /home/{user} -s /bin/ash -g sudo -D {user}
+RUN echo "{user} ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/{user} && chmod 0440 /etc/sudoers.d/{user}
+RUN echo "{user}:{user}" | chpasswd
 
-USER vagd
+USER {user}
 
-WORKDIR /home/vagd
+WORKDIR /home/{user}
 
-COPY keyfile.pub .ssh/authorized_keys
+COPY {keyfile} .ssh/authorized_keys
 
 USER root
+COPY {keyfile} /root/.ssh/authorized_keys
 RUN ssh-keygen -A
 RUN mkdir -p /run/sshd && \
   chmod 755 /run/sshd