From edaa62e7e2b865b9b422b65791a8a2a25afef6d5 Mon Sep 17 00:00:00 2001
From: giantbranch <493254599@qq.com>
Date: Mon, 17 Sep 2018 21:41:34 +0800
Subject: [PATCH] first commit

---
 README.md      |  40 ++++++++++++++++
 README_CN.md   |  38 +++++++++++++++
 bin/pwn1       | Bin 0 -> 5588 bytes
 bin/pwn1_copy1 | Bin 0 -> 5588 bytes
 bin/pwn1_copy2 | Bin 0 -> 5588 bytes
 config.py      |  69 +++++++++++++++++++++++++++
 initialize.py  | 125 +++++++++++++++++++++++++++++++++++++++++++++++++
 service.sh     |   6 +++
 8 files changed, 278 insertions(+)
 create mode 100644 README.md
 create mode 100644 README_CN.md
 create mode 100644 bin/pwn1
 create mode 100644 bin/pwn1_copy1
 create mode 100644 bin/pwn1_copy2
 create mode 100644 config.py
 create mode 100644 initialize.py
 create mode 100644 service.sh

diff --git a/README.md b/README.md
new file mode 100644
index 0000000..c377bbc
--- /dev/null
+++ b/README.md
@@ -0,0 +1,40 @@
+# pwn_deploy_chroot
+
+> A project for deploying ctf pwn challenge use chroot
+
+中文请点击：
+
+[README_CN.md](https://github.com/giantbranch/pwn_deploy_chroot/blob/master/README_CN.md)
+
+## Before
+
+```
+# Install the latest version docker
+curl -s https://get.docker.com/ | sh
+# Install docker compose
+apt install docker-compose
+```
+
+## Configuration
+
+Put your pwn bin to ./bin （**Note that the filename should not contain special characters.**）
+
+Listen port start from 10000, you can change in config.py
+
+## Run
+
+```
+python initialize.py
+# please run as root
+docker-compose up --build -d
+```
+
+## Attention
+
+The flag will be generated by the initialize.py and it store in flags.txt
+
+The port information corresponding to the pwn program is also inside  flags.txt.
+
+## Reference
+
+https://github.com/Eadom/ctf_xinetd
diff --git a/README_CN.md b/README_CN.md
new file mode 100644
index 0000000..1b81fee
--- /dev/null
+++ b/README_CN.md
@@ -0,0 +1,38 @@
+# pwn_deploy_chroot
+
+> 可以方便地部署多个pwn题到一个docker容器中(使用chroot)
+
+## 前置
+
+```
+# 安装 docker
+curl -s https://get.docker.com/ | sh
+# 安装 docker-compose
+apt install docker-compose
+```
+
+## 配置
+
+将你的pwn二进制程序放到`./bin` 目录（注意文件名不要含有特殊字符，因为后面会这个文件名创建用户名）
+
+监听端口从10000开始，每多一个pwn就加1，你可以在`config.py`中修改起始监听端口
+
+## 启动
+
+```
+python initialize.py
+# 请用root用户启动
+docker-compose up --build -d
+```
+
+## 注意
+
+flag会由`initialize.py`生成，并写入flags.txt中，并且pwn程序对应的端口信息也在里面
+
+## 参考
+
+https://github.com/Eadom/ctf_xinetd
+
+
+
+
diff --git a/bin/pwn1 b/bin/pwn1
new file mode 100644
index 0000000000000000000000000000000000000000..7fe88677abd82da10ea21709a7b27ca0978c3b4b
GIT binary patch
literal 5588
zcmeHLU2Icj82;Lwjf0d@WWr!mij=S!R=QaP#2>~c2m<o&1xo4Gj#KPkdQOGu)IkNA
zh}nhl%EXa)LxKcjB#V*=7Dg6tCLt!?C?aU5Bbfo`E|B^>=kz0GK#aF$Z}Xh@d*Ao@
z-tYG`-*?`8X7zHL%_gMSMTwy0eoImP(8gpd;umf)UQ~-JQ7OvcV$9zG4&X)wq7*&_
zC;>LX-n2(ii7BuN#^5#qB?RgczHvejtS?+vT%9C@`jMg%)u^--V7rXlp~?|2M~uk9
zCKzWMga*EbwuvU#gp94bVua>_Ja50E66RQn;_DHId517Rnim@oFYez6d<64zeDkA`
z=K0Z3Z8Q>3@Am2mZ@m>`UB*|e-HfL-4(6-?ShpPD+%bOgy4p07d}!~l$5IO~TsZPW
zI{M*Gj#~wo!<?(x!cBWTQ1jrsRi8Zf^C=W>lLbZA{V2~EW&1|ijic-ri)=T_tBP#q
zn>EUQ0`}5wMdf%Vi|JwlbQR{<vax8Gn-<Q=V<NEf`G9VOBJn_44~Il+Yc#EEA`pn^
ziI&BS1A0p^-YSx5Ll?<ZByO|{kP~S`=xw?Yj)BNj$Pi2!fmkpShi6AD5ifWGV#Vr}
z%Nhgq-i5bH=3wpEKm2k2O8^^wd|GP@C8k9p6S)#E7kn<$wu>}_kQ>-@Wmo`?vlI*9
zfF6egE@~t$r^Z57P-Ea#)Zn|RvEUwR?DvhCK{fXc67I>qRwcy2%#D0LzweY$n%e?r
z=8U>EEAk5zu=8_NJlS@B4qMY$9JmO2ehypJ7#rv}ZMLp)s|}noZT3Rr78^Kj+U$+y
zrrmAY?3GqcyUVoMJB>3n&;h&d>bB0GGM9(eZQ7s-tfSVoPf^!z(dwXbUx9GFwX67d
zu*#DywtF5$x>_F|nUS(xwrmd)3yg7ibLW-JV8uDb!&tt*FMH?&Lp?N2{^=2W=hvry
zn`!I+b|h`feqmNTFDrI7c@$asd|$S6_|VC@WOO{)gajfz#mukf+R??{Qu=It*U+=W
zE-W6}pD8;s^;Sn1K}QDKP^D`?$MaSw5(_4BpWe*p`?B<19?A?ZMeA-%NbViD4|6MY
zDxO>n#-S!pMWK5&BpkVmZvlKg+;e@m%~osI<`?SnTQ=rCM|@8<jJGv2SamS!@g4fi
zfez*R{zm?ciegRg>6`X_!^T`|-VQc-7In_^pj{P3Kikj0|0Ri;bGF5QrGLzvsoJ_N
z@KW~oiCx8VEnC=!jb@A2rWZCI|A+WqBzMK#Mp!q*99`HdOO|kB@W01EM^;1sfoe(m
z&{7w42>Lkm1?WL&{-;rFuWk^wcGXttP?Q50xEns~dErK$4rt+2mpdJ+CQUGu-QwvP
zOCG8BJk0n~pbc%9c^aJRKKrtXrR&Zji&cL+;+*vL&_c%TYfQo-xH^ENhzFsqc!SgN
zc1fetwO?s)mS;-WI(_zMo#hQ#r>mjY>1a6TR2$AZ6&L6yfs3fi|B5jgn}M+z7@L8y
z85o;^u^IUP&A<@uyZr!1#&a3r0NOK(ipzjdaFWB>$h?zQ(gt{!a^TR&a|-Q0Z{`z6
zao^<mD7hDR1n7R)_d&l2@Giu2#RC9^XDoq(BhME+tMH7&>-IFD3GK4%hvq$t^>~M7
z2XQ1xDDdNmm0&-Ipoh>NivL-7f0mU_AZIV|9q<b<43uF`rWWRfycLa&kGrckH>cx9
z+U@r)^7?D*)23DTMxEd5^VeA3JBjtRb&Cs3i-TLSSJ!kSWdxgr7dO0cDk;42gc0^O
zEL&M?1a}my9r3icIUT``Iua6IT3Qe{MQ^AruD8W3ZKSNoE8&zLNyKk60*Ix;QSz-q
zGHS5F2%biGH=eC95K4rCMo@UeTA(!*jD-VQ2sNc;)d&PrsbHH`LzZ{8fQID3Sfm9F
zCy)>iui1)~v02xJw<Qsah2w^t?SI$YFI->l5A$0J4DJCbj8W*rb<*US-#id-!<NFm
zNtp#m-T~}Op2Iz6#Ck}cALcOj6x-!~K3d>$UsK2<o&wlM^0?3Y!Rtnu`yNG;!+pCP
z;9e(>??n;?z7JB!rK|<Gr^(}f9zucdglw07Vk^LRfMvc13X=O!E^Zg5*a`642zh*u
z{NS-aG9Sml&94KJ$M>!YJid?Q@jpQF+EHd-*$)2~+QFNRvJ~<ty8y}S2Co~u4h9Os
zK9IW?kUV~GbHjN_P6lG+Q4Ro-$NwP(9pJo3k?p<*2YDQC1$Y(r;C)cUGrxg>$2FHC
z^L-45%(or+wu9F%Nzjsa3}q*PVOrnp@R>)(;JQ`j6&@jz$Nx>oJ$Sv~uwCZkrQCH7
z9zUI+OD50!76@Lh;Da*T<@#O#WIleoxp9|#?C<wQJpM0p0jlAXLJn~Wkol^?s|Jtl
uNReY_U+CvJ_<_JTisy!(aur}c9}Nh3YpkOAWK4p&q`VH^ur#2_q5K2RlCu#2

literal 0
HcmV?d00001

diff --git a/bin/pwn1_copy1 b/bin/pwn1_copy1
new file mode 100644
index 0000000000000000000000000000000000000000..7fe88677abd82da10ea21709a7b27ca0978c3b4b
GIT binary patch
literal 5588
zcmeHLU2Icj82;Lwjf0d@WWr!mij=S!R=QaP#2>~c2m<o&1xo4Gj#KPkdQOGu)IkNA
zh}nhl%EXa)LxKcjB#V*=7Dg6tCLt!?C?aU5Bbfo`E|B^>=kz0GK#aF$Z}Xh@d*Ao@
z-tYG`-*?`8X7zHL%_gMSMTwy0eoImP(8gpd;umf)UQ~-JQ7OvcV$9zG4&X)wq7*&_
zC;>LX-n2(ii7BuN#^5#qB?RgczHvejtS?+vT%9C@`jMg%)u^--V7rXlp~?|2M~uk9
zCKzWMga*EbwuvU#gp94bVua>_Ja50E66RQn;_DHId517Rnim@oFYez6d<64zeDkA`
z=K0Z3Z8Q>3@Am2mZ@m>`UB*|e-HfL-4(6-?ShpPD+%bOgy4p07d}!~l$5IO~TsZPW
zI{M*Gj#~wo!<?(x!cBWTQ1jrsRi8Zf^C=W>lLbZA{V2~EW&1|ijic-ri)=T_tBP#q
zn>EUQ0`}5wMdf%Vi|JwlbQR{<vax8Gn-<Q=V<NEf`G9VOBJn_44~Il+Yc#EEA`pn^
ziI&BS1A0p^-YSx5Ll?<ZByO|{kP~S`=xw?Yj)BNj$Pi2!fmkpShi6AD5ifWGV#Vr}
z%Nhgq-i5bH=3wpEKm2k2O8^^wd|GP@C8k9p6S)#E7kn<$wu>}_kQ>-@Wmo`?vlI*9
zfF6egE@~t$r^Z57P-Ea#)Zn|RvEUwR?DvhCK{fXc67I>qRwcy2%#D0LzweY$n%e?r
z=8U>EEAk5zu=8_NJlS@B4qMY$9JmO2ehypJ7#rv}ZMLp)s|}noZT3Rr78^Kj+U$+y
zrrmAY?3GqcyUVoMJB>3n&;h&d>bB0GGM9(eZQ7s-tfSVoPf^!z(dwXbUx9GFwX67d
zu*#DywtF5$x>_F|nUS(xwrmd)3yg7ibLW-JV8uDb!&tt*FMH?&Lp?N2{^=2W=hvry
zn`!I+b|h`feqmNTFDrI7c@$asd|$S6_|VC@WOO{)gajfz#mukf+R??{Qu=It*U+=W
zE-W6}pD8;s^;Sn1K}QDKP^D`?$MaSw5(_4BpWe*p`?B<19?A?ZMeA-%NbViD4|6MY
zDxO>n#-S!pMWK5&BpkVmZvlKg+;e@m%~osI<`?SnTQ=rCM|@8<jJGv2SamS!@g4fi
zfez*R{zm?ciegRg>6`X_!^T`|-VQc-7In_^pj{P3Kikj0|0Ri;bGF5QrGLzvsoJ_N
z@KW~oiCx8VEnC=!jb@A2rWZCI|A+WqBzMK#Mp!q*99`HdOO|kB@W01EM^;1sfoe(m
z&{7w42>Lkm1?WL&{-;rFuWk^wcGXttP?Q50xEns~dErK$4rt+2mpdJ+CQUGu-QwvP
zOCG8BJk0n~pbc%9c^aJRKKrtXrR&Zji&cL+;+*vL&_c%TYfQo-xH^ENhzFsqc!SgN
zc1fetwO?s)mS;-WI(_zMo#hQ#r>mjY>1a6TR2$AZ6&L6yfs3fi|B5jgn}M+z7@L8y
z85o;^u^IUP&A<@uyZr!1#&a3r0NOK(ipzjdaFWB>$h?zQ(gt{!a^TR&a|-Q0Z{`z6
zao^<mD7hDR1n7R)_d&l2@Giu2#RC9^XDoq(BhME+tMH7&>-IFD3GK4%hvq$t^>~M7
z2XQ1xDDdNmm0&-Ipoh>NivL-7f0mU_AZIV|9q<b<43uF`rWWRfycLa&kGrckH>cx9
z+U@r)^7?D*)23DTMxEd5^VeA3JBjtRb&Cs3i-TLSSJ!kSWdxgr7dO0cDk;42gc0^O
zEL&M?1a}my9r3icIUT``Iua6IT3Qe{MQ^AruD8W3ZKSNoE8&zLNyKk60*Ix;QSz-q
zGHS5F2%biGH=eC95K4rCMo@UeTA(!*jD-VQ2sNc;)d&PrsbHH`LzZ{8fQID3Sfm9F
zCy)>iui1)~v02xJw<Qsah2w^t?SI$YFI->l5A$0J4DJCbj8W*rb<*US-#id-!<NFm
zNtp#m-T~}Op2Iz6#Ck}cALcOj6x-!~K3d>$UsK2<o&wlM^0?3Y!Rtnu`yNG;!+pCP
z;9e(>??n;?z7JB!rK|<Gr^(}f9zucdglw07Vk^LRfMvc13X=O!E^Zg5*a`642zh*u
z{NS-aG9Sml&94KJ$M>!YJid?Q@jpQF+EHd-*$)2~+QFNRvJ~<ty8y}S2Co~u4h9Os
zK9IW?kUV~GbHjN_P6lG+Q4Ro-$NwP(9pJo3k?p<*2YDQC1$Y(r;C)cUGrxg>$2FHC
z^L-45%(or+wu9F%Nzjsa3}q*PVOrnp@R>)(;JQ`j6&@jz$Nx>oJ$Sv~uwCZkrQCH7
z9zUI+OD50!76@Lh;Da*T<@#O#WIleoxp9|#?C<wQJpM0p0jlAXLJn~Wkol^?s|Jtl
uNReY_U+CvJ_<_JTisy!(aur}c9}Nh3YpkOAWK4p&q`VH^ur#2_q5K2RlCu#2

literal 0
HcmV?d00001

diff --git a/bin/pwn1_copy2 b/bin/pwn1_copy2
new file mode 100644
index 0000000000000000000000000000000000000000..7fe88677abd82da10ea21709a7b27ca0978c3b4b
GIT binary patch
literal 5588
zcmeHLU2Icj82;Lwjf0d@WWr!mij=S!R=QaP#2>~c2m<o&1xo4Gj#KPkdQOGu)IkNA
zh}nhl%EXa)LxKcjB#V*=7Dg6tCLt!?C?aU5Bbfo`E|B^>=kz0GK#aF$Z}Xh@d*Ao@
z-tYG`-*?`8X7zHL%_gMSMTwy0eoImP(8gpd;umf)UQ~-JQ7OvcV$9zG4&X)wq7*&_
zC;>LX-n2(ii7BuN#^5#qB?RgczHvejtS?+vT%9C@`jMg%)u^--V7rXlp~?|2M~uk9
zCKzWMga*EbwuvU#gp94bVua>_Ja50E66RQn;_DHId517Rnim@oFYez6d<64zeDkA`
z=K0Z3Z8Q>3@Am2mZ@m>`UB*|e-HfL-4(6-?ShpPD+%bOgy4p07d}!~l$5IO~TsZPW
zI{M*Gj#~wo!<?(x!cBWTQ1jrsRi8Zf^C=W>lLbZA{V2~EW&1|ijic-ri)=T_tBP#q
zn>EUQ0`}5wMdf%Vi|JwlbQR{<vax8Gn-<Q=V<NEf`G9VOBJn_44~Il+Yc#EEA`pn^
ziI&BS1A0p^-YSx5Ll?<ZByO|{kP~S`=xw?Yj)BNj$Pi2!fmkpShi6AD5ifWGV#Vr}
z%Nhgq-i5bH=3wpEKm2k2O8^^wd|GP@C8k9p6S)#E7kn<$wu>}_kQ>-@Wmo`?vlI*9
zfF6egE@~t$r^Z57P-Ea#)Zn|RvEUwR?DvhCK{fXc67I>qRwcy2%#D0LzweY$n%e?r
z=8U>EEAk5zu=8_NJlS@B4qMY$9JmO2ehypJ7#rv}ZMLp)s|}noZT3Rr78^Kj+U$+y
zrrmAY?3GqcyUVoMJB>3n&;h&d>bB0GGM9(eZQ7s-tfSVoPf^!z(dwXbUx9GFwX67d
zu*#DywtF5$x>_F|nUS(xwrmd)3yg7ibLW-JV8uDb!&tt*FMH?&Lp?N2{^=2W=hvry
zn`!I+b|h`feqmNTFDrI7c@$asd|$S6_|VC@WOO{)gajfz#mukf+R??{Qu=It*U+=W
zE-W6}pD8;s^;Sn1K}QDKP^D`?$MaSw5(_4BpWe*p`?B<19?A?ZMeA-%NbViD4|6MY
zDxO>n#-S!pMWK5&BpkVmZvlKg+;e@m%~osI<`?SnTQ=rCM|@8<jJGv2SamS!@g4fi
zfez*R{zm?ciegRg>6`X_!^T`|-VQc-7In_^pj{P3Kikj0|0Ri;bGF5QrGLzvsoJ_N
z@KW~oiCx8VEnC=!jb@A2rWZCI|A+WqBzMK#Mp!q*99`HdOO|kB@W01EM^;1sfoe(m
z&{7w42>Lkm1?WL&{-;rFuWk^wcGXttP?Q50xEns~dErK$4rt+2mpdJ+CQUGu-QwvP
zOCG8BJk0n~pbc%9c^aJRKKrtXrR&Zji&cL+;+*vL&_c%TYfQo-xH^ENhzFsqc!SgN
zc1fetwO?s)mS;-WI(_zMo#hQ#r>mjY>1a6TR2$AZ6&L6yfs3fi|B5jgn}M+z7@L8y
z85o;^u^IUP&A<@uyZr!1#&a3r0NOK(ipzjdaFWB>$h?zQ(gt{!a^TR&a|-Q0Z{`z6
zao^<mD7hDR1n7R)_d&l2@Giu2#RC9^XDoq(BhME+tMH7&>-IFD3GK4%hvq$t^>~M7
z2XQ1xDDdNmm0&-Ipoh>NivL-7f0mU_AZIV|9q<b<43uF`rWWRfycLa&kGrckH>cx9
z+U@r)^7?D*)23DTMxEd5^VeA3JBjtRb&Cs3i-TLSSJ!kSWdxgr7dO0cDk;42gc0^O
zEL&M?1a}my9r3icIUT``Iua6IT3Qe{MQ^AruD8W3ZKSNoE8&zLNyKk60*Ix;QSz-q
zGHS5F2%biGH=eC95K4rCMo@UeTA(!*jD-VQ2sNc;)d&PrsbHH`LzZ{8fQID3Sfm9F
zCy)>iui1)~v02xJw<Qsah2w^t?SI$YFI->l5A$0J4DJCbj8W*rb<*US-#id-!<NFm
zNtp#m-T~}Op2Iz6#Ck}cALcOj6x-!~K3d>$UsK2<o&wlM^0?3Y!Rtnu`yNG;!+pCP
z;9e(>??n;?z7JB!rK|<Gr^(}f9zucdglw07Vk^LRfMvc13X=O!E^Zg5*a`642zh*u
z{NS-aG9Sml&94KJ$M>!YJid?Q@jpQF+EHd-*$)2~+QFNRvJ~<ty8y}S2Co~u4h9Os
zK9IW?kUV~GbHjN_P6lG+Q4Ro-$NwP(9pJo3k?p<*2YDQC1$Y(r;C)cUGrxg>$2FHC
z^L-45%(or+wu9F%Nzjsa3}q*PVOrnp@R>)(;JQ`j6&@jz$Nx>oJ$Sv~uwCZkrQCH7
z9zUI+OD50!76@Lh;Da*T<@#O#WIleoxp9|#?C<wQJpM0p0jlAXLJn~Wkol^?s|Jtl
uNReY_U+CvJ_<_JTisy!(aur}c9}Nh3YpkOAWK4p&q`VH^ur#2_q5K2RlCu#2

literal 0
HcmV?d00001

diff --git a/config.py b/config.py
new file mode 100644
index 0000000..95d3dfb
--- /dev/null
+++ b/config.py
@@ -0,0 +1,69 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+# @Date    : 2018-09-17 14:01:13
+# @Author  : giantbranch (giantbranch@gmail.com)
+# @Link    : http://www.giantbranch.cn/
+# @tags : 
+
+FLAG_BAK_FILENAME = "flags.txt"
+PWN_BIN_PATH = "./bin"
+XINETD_CONF_FILENAME = "pwn.xinetd"
+PORT_LISTEN_START_FROM = 10000
+
+XINETD = '''service ctf
+{
+    disable = no
+    socket_type = stream
+    protocol    = tcp
+    wait        = no
+    user        = root
+    type        = UNLISTED
+    port        = %d
+    bind        = 0.0.0.0
+    server      = /usr/sbin/chroot   
+    server_args = --userspec=%s /home/%s ./%s
+    # safety options
+    per_source  = 10 # the maximum instances of this service per source IP address
+    rlimit_cpu  = 20 # the maximum number of CPU seconds that the service may use
+    rlimit_as  = 100M # the Address Space resource limit for the service
+    #access_times = 2:00-9:00 12:00-24:00
+}
+
+'''
+
+DOCKERFILE = '''FROM ubuntu:16.04
+
+RUN sed -i 's/archive.ubuntu.com/asia-east1.gce.archive.ubuntu.com/g' /etc/apt/sources.list && apt update && apt-get install -y lib32z1 xinetd && rm -rf /var/lib/apt/lists/ && rm -rf /root/.cache && apt-get autoclean && rm -rf /tmp/* /var/lib/apt/* /var/cache/* /var/log/*
+#apt update && apt-get install -y lib32z1 xinetd && rm -rf /var/lib/apt/lists/ && rm -rf /root/.cache && apt-get autoclean && rm -rf /tmp/* /var/lib/apt/* /var/cache/* /var/log/*
+
+COPY ./'''+ XINETD_CONF_FILENAME +''' /etc/xinetd.d/pwn
+
+COPY ./service.sh /service.sh
+
+RUN chmod +x /service.sh
+
+# useradd and put flag
+%s
+
+# copy bin
+%s
+
+# chown & chmod
+%s
+
+# copy lib,/bin 
+%s
+
+CMD ["/service.sh"]
+'''
+
+DOCKERCOMPOSE = '''version: '2'
+services:
+ pwn_deploy_chroot:
+   image: pwn_deploy_chroot:latest
+   build: .
+   container_name: pwn_deploy_chroot
+   ports:
+    %s
+'''
+
diff --git a/initialize.py b/initialize.py
new file mode 100644
index 0000000..4024f48
--- /dev/null
+++ b/initialize.py
@@ -0,0 +1,125 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+# @Date    : 2018-09-17 14:32:32
+# @Author  : giantbranch (giantbranch@gmail.com)
+# @Link    : http://www.giantbranch.cn/
+# @tags : 
+
+from config import *
+import os
+import uuid
+
+def getFileList():
+    filelist = []
+    for filename in os.listdir(PWN_BIN_PATH):
+        filelist.append(filename)
+    filelist.sort()
+    return filelist
+
+def generateFlags(filelist):
+    tmp = ""
+    flags = []
+    if os.path.exists(FLAG_BAK_FILENAME):
+        os.remove(FLAG_BAK_FILENAME)
+    with open(FLAG_BAK_FILENAME, 'a') as f:
+        for filename in filelist:
+            tmp = "flag{" + str(uuid.uuid4()) + "}"
+            f.write(filename + ": " + tmp + "\n")
+            flags.append(tmp)
+    return flags
+
+def generateXinetd(filelist):
+    port = PORT_LISTEN_START_FROM
+    conf = ""
+    uid = 1000
+    for filename in filelist:
+        conf += XINETD % (port, str(uid) + ":" + str(uid), filename, filename)
+        port = port + 1
+        uid = uid + 1
+    with open(XINETD_CONF_FILENAME, 'w') as f:
+            f.write(conf)
+
+def generateDockerfile(filelist, flags):
+    conf = ""
+    # useradd and put flag
+    runcmd = "RUN "
+    
+    for filename in filelist:
+        runcmd += "useradd -m " + filename + " && "
+   
+    for x in xrange(0, len(filelist)):
+        if x == len(filelist) - 1:
+            runcmd += "echo '" + flags[x] + "' > /home/" + filelist[x] + "/flag.txt" 
+        else:
+            runcmd += "echo '" + flags[x] + "' > /home/" + filelist[x] + "/flag.txt" + " && "
+    # print runcmd 
+
+    # copy bin
+    copybin = ""
+    for filename in filelist:
+        copybin += "COPY " + PWN_BIN_PATH + "/" + filename  + " /home/" + filename + "/" + filename + "\n"    
+    # print copybin
+
+    # chown & chmod
+    chown_chmod = "RUN "
+    for x in xrange(0, len(filelist)):
+        chown_chmod += "chown -R root:" + filelist[x] + " /home/" + filelist[x] + " && "
+        chown_chmod += "chmod -R 750 /home/" + filelist[x] + " && "
+        if x == len(filelist) - 1:
+            chown_chmod += "chmod 740 /home/" + filelist[x] + "/flag.txt"
+        else:
+            chown_chmod += "chmod 740 /home/" + filelist[x] + "/flag.txt" + " && "
+    # print chown_chmod
+
+    # copy lib,/bin 
+    dev = '''mkdir /home/%s/dev && mknod /home/%s/dev/null c 1 3 && mknod /home/%s/dev/zero c 1 5 && mknod /home/%s/dev/random c 1 8 && mknod /home/%s/dev/urandom c 1 9 && chmod 666 /home/%s/dev/* && '''
+    ness_bin = '''mkdir /home/%s/bin && cp /bin/sh /home/%s/bin && cp /bin/ls /home/%s/bin && cp /bin/cat /home/%s/bin'''
+    copy_lib_bin_dev = "RUN "
+    for x in xrange(0, len(filelist)):
+        copy_lib_bin_dev += "cp -R /lib* /home/" + filelist[x]  + " && "        
+        copy_lib_bin_dev += dev % (filelist[x], filelist[x], filelist[x], filelist[x], filelist[x], filelist[x])
+        if x == len(filelist) - 1:
+            copy_lib_bin_dev += ness_bin % (filelist[x], filelist[x], filelist[x], filelist[x])                
+        else:    
+            copy_lib_bin_dev += ness_bin % (filelist[x], filelist[x], filelist[x], filelist[x]) + " && "
+
+    # print copy_lib_bin_dev
+
+    conf = DOCKERFILE % (runcmd, copybin, chown_chmod, copy_lib_bin_dev)
+
+    with open("Dockerfile", 'w') as f:
+        f.write(conf)
+
+def generateDockerCompose(length):
+    conf = ""
+    ports = ""
+    port = PORT_LISTEN_START_FROM
+    for x in xrange(0,length):
+        ports += "- " + str(port) + ":" + str(port) + "\n    "
+        port = port + 1
+
+    conf = DOCKERCOMPOSE % ports
+    # print conf
+    with open("docker-compose.yml", 'w') as f:
+        f.write(conf)
+
+def generateBinPort(filelist):
+    port = PORT_LISTEN_START_FROM
+    tmp = "\n"
+    for filename in filelist:
+        tmp += filename  + "'s port: " + str(port) + "\n"
+        port = port + 1
+    print tmp
+    with open(FLAG_BAK_FILENAME, 'a') as f:
+        f.write(tmp)
+
+    
+filelist = getFileList()
+flags = generateFlags(filelist)
+generateBinPort(filelist)
+generateXinetd(filelist)
+generateDockerfile(filelist, flags)
+generateDockerCompose(len(filelist))
+
+
+
diff --git a/service.sh b/service.sh
new file mode 100644
index 0000000..89b58c1
--- /dev/null
+++ b/service.sh
@@ -0,0 +1,6 @@
+#!/bin/sh
+# Add your startup script
+
+# DO NOT DELETE
+/etc/init.d/xinetd start;
+sleep infinity;