Phoenix Challenges — Getting Set Up
This is the first of a series of writeups for the Phoenix challenges and explains how those wanting to follow along can get set up. While the binaries are available for the AMD64, ARM64, MIPS64EL, and PPC64EL architectures, my solutions will use the amd64 architecture out of personal convenience. This is because the Ubuntu 64 VM I used in the past for CTF challenges supports it.
What Is Phoenix?
Phoenix is Exploit.Education’s next generation of hacking challenges for teaching “basic memory corruption issues such as buffer overflows, format strings and heap exploitation under [an] ‘old-style’ Linux system that does not have any form of modern exploit mitigation systems enabled.”¹ It is the replacement for Protostar, the original challenge suite.
Setting Up
There are two options:
- Downloading QEMU Images:
QEMU is an open-source emulator for virtual machines that runs in the command line. The emulator can be installed onto one’s computer. From there, one can download the QEMU images of a preferred architecture and execute a few command-line prompts for the VM to start running! Regarding the process’ specifics, I will refer readers to Andrew Lamarra’s fantastic blog post.
The QEMU images offer simplicity and convenience due to the GEF gdb debugging plugin, pwntools for exploit scripting, and radare2 for reverse engineering binaries coming pre-installed.
2. Installing Debian Packages:
Debian archive packages of the .deb extension contain “executable files, libraries, and documentation associated with a particular suite of program or set of related programs.”² They provide a convenient method of installing challenge binaries onto Debian-based systems like Ubuntu. Those interested can go to Phoenix’s Downloads page, find a package corresponding to the desired architecture, save it to their Debian-based machines, and then double-click it to start installation.
This method offers simplicity of installation for those already having a Debian-based machine, whether virtualized or not. It also provides a greater degree of flexibility for those wanting to tweak their system’s settings and install other packages to their liking. From personal experience, trying the same on the provided QEMU images can become a challenge.
I personally had an Ubuntu 22.04 64-bit virtual machine for working with CTF challenges with pwndbg, pwntools, and one_gadget installed already, so that is what I went with. Those following in my footsteps should install the same.
Regardless of the setup method used, the files to be exploited will be found in the /opt/phoenix/<architecture> directories (e.g. amd64, i486, arm64, amd, etc).
Ghidra, an NSA-developed tool for reverse engineering, analyzing, and decompiling binaries, may also prove useful. It does not need to be installed in a virtual machine specifically because it performs static analysis — i.e. the binaries are not executed during analysis.
With setup complete, we are ready for the first challenge.
Sources:
[1] https://exploit.education/
[2] https://www.debian.org/doc/manuals/debian-faq/pkg-basics.en.html
This was originally published on Nathan Pavlovsky’s personal blog: secnate.github.io
