If you have been doing the TryHackMe Simple CTF challenge recently, you may have ran into the problem that the original exploit is written in Python 2 for Ubuntu 18.04. The script can be converted or rewritten to Python 3, but my Debian Bookworm attack box had issues running it and showing the result. I came up with a quick solution using docker.io.
Don’t forget to join my Discord: https://discord.gg/YbSYGsQYES
Install docker.io on the attack box
Installing Docker is out of the scope, but on Debian Bookworm it can be performed quickly with the following command issued as the root user:
apt install docker.io
Add my user to the docker group
After Docker is installed on the attack box we need the docker group access to be able to pull and run images and to run containers.
usermod -aG docker $USER
Log out after this operation or reboot the attack box.
Create a Dockerfile
In the project directory we need a Dockerfile, the requirements.txt.
FROM python:2
WORKDIR .
COPY requirements.txt ./
RUN pip install --no-cache-dir -r requirements.txt
COPY . .
CMD [ "python", "./exploit.py", "-u", "http://<target IP>/simple" ]
Let’s save it.
Create a requirements.txt
The requirements.txt file should look like this:
termcolor
requests
Build the image
This command will build our image for running the exploit:
docker build -t my_py2_exploit:1.0.0 .
Run the script in Docker
And finally we can run the original Python 2 code in a Docker container without tinkering with our host operating system:requirements.txt
docker run -it --rm --name my_running_exploit my_py2_exploit:1.0.0
Don’t forget to join my Discord: https://discord.gg/YbSYGsQYES
Tom's IT Cafe 