Merge pull request #2 from blue9057/dockerized

Dockerized

.github/workflows/docker-publish.yml

@@ -0,0 +1,83 @@
+name: Docker
+
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
+on:
+  schedule:
+    - cron: '28 18 * * *'
+  push:
+    branches: [ "main" ]
+    # Publish semver tags as releases.
+    tags: [ 'v*.*.*' ]
+  pull_request:
+    branches: [ "main" ]
+
+env:
+  # Use docker.io for Docker Hub if empty
+  REGISTRY: ghcr.io
+  # github.repository as <account>/<repo>
+  IMAGE_NAME: ${{ github.repository }}
+
+
+jobs:
+  build:
+
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+      # This is used to complete the identity challenge
+      # with sigstore/fulcio when running outside of PRs.
+      id-token: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+
+      # Install the cosign tool except on PR
+      # https://github.com/sigstore/cosign-installer
+      - name: Install cosign
+        if: github.event_name != 'pull_request'
+        uses: sigstore/cosign-installer@6e04d228eb30da1757ee4e1dd75a0ec73a653e06 #v3.1.1
+        with:
+          cosign-release: 'v2.1.1'
+
+      # Set up BuildKit Docker container builder to be able to build
+      # multi-platform images and export cache
+      # https://github.com/docker/setup-buildx-action
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0
+
+      # Login against a Docker registry except on PR
+      # https://github.com/docker/login-action
+      - name: Log into registry ${{ env.REGISTRY }}
+        if: github.event_name != 'pull_request'
+        uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      # Extract metadata (tags, labels) for Docker
+      # https://github.com/docker/metadata-action
+      - name: Extract Docker metadata
+        id: meta
+        uses: docker/metadata-action@96383f45573cb7f253c731d3b3ab81c87ef81934 # v5.0.0
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+
+      # Build and push Docker image with Buildx (don't push on PR)
+      # https://github.com/docker/build-push-action
+      - name: Build and push Docker image
+        id: build-and-push
+        uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 # v5.0.0
+        with:
+          context: .
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max

Dockerfile

@@ -0,0 +1,43 @@
+FROM ubuntu:22.04
+ENV PASSWORD="password"
+CMD ["/bin/sh", "-c", "su - labs"]
+
+COPY --chmod=700 ./solutions /root/
+RUN set -ex; \
+    \
+    apt-get update; \
+    apt-get install -y software-properties-common build-essential python2 python-pip file python3 language-pack-en gdb valgrind zsh git bash ruby wget curl tmux gcc vim make clang sudo gcc-multilib; \
+    add-apt-repository ppa:ubuntu-toolchain-r/test; \
+    apt-get update; \
+    useradd -m labs; \
+    useradd -m admin; \
+    usermod -aG sudo admin; \
+    update-locale LANG=en_US.UTF-8 LC_MESSAGES=POSIX; \
+    chsh -s $(which bash) labs; \
+    echo "labs:${PASSWORD}" | chpasswd; \
+    echo "admin:${PASSWORD}" | chpasswd 
+
+COPY --chmod=777 ./src/ /home/labs/
+RUN (cd /home/labs/week1 && make)
+RUN (cd /home/labs/week2 && make)
+RUN (cd /home/labs/week3 && make)
+RUN (cd /home/labs/week4 && make)
+RUN (cd /home/labs/week5 && make)
+RUN (cd /home/labs/week6 && make)
+RUN (cd /home/labs/week7 && make)
+RUN chown -R labs:labs /home/labs
+RUN (cd /home/labs/week1/challenges && python2 install.py)
+RUN (cd /home/labs/week2/challenges && python2 install.py)
+RUN (cd /home/labs/week3/challenges && python2 install.py)
+RUN (cd /home/labs/week4/challenges && python2 install.py)
+RUN (cd /home/labs/week5/challenges && python2 install.py)
+RUN (cd /home/labs/week6/challenges && python2 install.py)
+RUN (cd /home/labs/week7/challenges && python2 install.py)
+RUN (wget https://github.com/pwndbg/pwndbg/releases/download/2024.02.14/pwndbg_2024.02.14_amd64.deb && apt install -y ./pwndbg_2024.02.14_amd64.deb && rm pwndbg_2024.02.14_amd64.deb)
+
+USER labs
+WORKDIR /home/labs
+RUN (wget https://robertserver.s3.us-west-2.amazonaws.com/cand_dotfiles.tar.gz && tar -xvf cand_dotfiles.tar.gz && rm cand_dotfiles.tar.gz)
+RUN bash -c "$(curl -fsSL https://gef.blah.cat/sh)"
+RUN pip2 install pwntools
+

README.md

@@ -1,3 +1,40 @@
+# how do i dock
+
+First, you need to install Podman with your preferred package manager. This should theoretically work with Docker as well, though I did not test it.
+
+```bash
+$ podman build -t cand https://github.com/gnubufferoverflows/cand-docker.git
+$ podman run -t -a stdin -a stdout -a stderr cand
+```
+
+The process will take a while. You may want to prepare a bottle of gin during this time to get yourself properly inebriated and in the hacking mood.
+
+When prompted for the password, enter the highly secure password `password`. The challenges can be found in the home directory of `/home/labs`. Enjoy!
+
+## ASLR
+
+Disable ASLR on the container, must run on your **host** system. For Linux systems: `sudo echo 0 | sudo tee /proc/sys/kernel/randomize_va_space`
+
+ASLR options:
+* `0`: Disable
+* `1`: Shared libraries, stack, mmap(), VDSO and heap
+* `2`: Full ASLR
+
+## Manage your Container
+
+Find container ID: `podman ps -a`
+
+Stop container (saving progress): `podman stop containerid`
+
+Get TTY back after stopping: `podman start -a containerid`
+
+Please note: I did not test all of the challenges, so please report any issues.
+
+Also please note: This is meant to be a container for single user use. It's not meant for a classroom. I don't intend on making a multi-user version.
+
+## For Cheaters
+If you have given up, the solutions can be found in `/root`. To get root, you need to do `su - admin` using the very secure password, then you may run `sudo`.
+
 # Cyber Attacks and Defense
 
 This repository serves as a comprehensive archive of educational content,

src/week1/challenges/install.py

@@ -5,7 +5,7 @@
 import glob
 
 WEEK = 'week1'
-UID_START = 10000
+UID_START = 10100
 
 def main():
 
@@ -15,7 +15,7 @@ def main():
 
     print(dirs)
 
-    lab_dir = "/home/labs/%s" % WEEK
+    lab_dir = "/home/labs/%s/challenges" % WEEK
     # create lab directory
     if not os.path.exists(lab_dir):
         os.system("sudo mkdir %s" % lab_dir)

src/week2/challenges/install.py

@@ -5,7 +5,7 @@
 import glob
 
 WEEK = 'week2'
-UID_START = 20000
+UID_START = 10200
 
 def main():
 
@@ -15,7 +15,7 @@ def main():
 
     print(dirs)
 
-    lab_dir = "/home/labs/%s" % WEEK
+    lab_dir = "/home/labs/%s/challenges" % WEEK
     # create lab directory
     if not os.path.exists(lab_dir):
         os.system("sudo mkdir %s" % lab_dir)