# NOTE: This hash is pinned to avoid version and environment differences.
FROM ubuntu:24.04@sha256:d1e2e92c075e5ca139d51a140fff46f84315c0fdce203eab2807c7e495eff4f9
ENV DEBIAN_FRONTEND=noninteractive

RUN apt-get -y update --fix-missing && \
    apt-get -y install xinetd python3 openjdk-21-jdk-headless && \
    apt-get -y clean && rm -rf /var/lib/apt/lists/*

RUN groupadd -r pwn && useradd -r -g pwn pwn

RUN echo '#!/bin/bash\n\
service xinetd restart && /bin/sleep infinity' > /etc/init.sh
RUN echo 'service pwn\n\
{\n\
  type = UNLISTED\n\
  disable = no\n\
  socket_type = stream\n\
  protocol = tcp\n\
  wait = no\n\
  user = pwn\n\
  bind = 0.0.0.0\n\
  port = 9999\n\
  server = /usr/bin/java\n\
  server_args = --add-exports java.base/jdk.internal.org.objectweb.asm=ALL-UNNAMED -Xmx64m -cp /home/pwn Server\n\
}' > /etc/xinetd.d/pwn

RUN chmod 500 /etc/init.sh
RUN chmod 444 /etc/xinetd.d/pwn
RUN chmod 1733 /tmp /var/tmp /dev/shm

ADD --chmod=444 flag.txt /flag.txt

WORKDIR /home/pwn
ADD --chmod=444 Server.java /home/pwn/Server.java

RUN javac --add-exports java.base/jdk.internal.org.objectweb.asm=ALL-UNNAMED /home/pwn/Server.java && rm /home/pwn/Server.java
RUN chown -R root:pwn /home/pwn
RUN service xinetd restart
