SSH Server Setup
What's The Purpose?
Most challenges can be hosted inside the CTFd platform without any issues. If you have a file that they need to download and interact with or text only based questions. What if you want to host a live challenge that you want them to interact with? This is where our SSH server comes in handy.
The SSH server we are going to build will be utilized to host challenges in docker containers. This is where things can get very interesting with the challenges that you can provide. Some of the Challenges that you can provide:
- Web App
- You host a dockized web service that allows the players to interact with a web server to get flags
- Kibana/Splunk (SIEM)
- If you want the players to comb through some logs
- Command Line Jail
- You want the players to utilize only the tools you provide them in an isolated environment
- Anything else your imagination and creativity comes up with
All this being said, this server is not a requirement to get a CTF up and running.
End Goal of This Page
When we are done with this write up, we will have a SSH server with 2 challenges hosted: 1. Docker Challenge for Linux 2. Docker hosted Elasticsearch/Kibana challenge
Docker Registry
The Docker Containers in this write-up will be hosted locally, but they can also be setup to be hosted through a GitLab/GitHub container registry by renaming them appropriately.
The Linux Docker challenge will require the players to SSH into the box and interact with a limited set of tools to solve the challenge.
The Elasticsearch/Kibana Challenges will be accessed through the players web browser and they will have to use Kibana to find all the answers.
Building the Server
-
Follow the exact same steps from 1-10 on the SSH server.
We will end up with Docker installed and started and that is where the two servers diverge from their base setup.
-
Turn Off Message Of The Day for SSH users
If you want to utilize this feature for anything you can skip it. This will allow the players to jump right into the terminal without needed to clear the screen.
Screenshot
-
Set 'vm.max_map_count' for Elasticsearch Containers
- If you are hosting and Elasticsearch container this setting must be set or Elasticsearch will not start.
- This will take effect after a reboot of the server.
- Ignore this if you do not have any Elasticsearch Containers.
screenshot
-
Create First SSH Login Terminal
- We are going to create a Python script that will be pointed to for players to be dropped directly into a docker container
- The docker container will be new to the login
- The container will be destroyed when the player exits
Multiple Players
Multiple players can all login at one time for the same challenge.... AND still be isolated from one another!!!
- First line we are creating a new file and putting in the She Bang for Python3 - Second line we append the import of the os module for Python - Finally we add to the file the command we use to spin up and drop the player into a local docker image that is interactive, deletes when exited, as the user guardian.sudo echo '#!/usr/bin/python3' | sudo tee /usr/bin/ctf-cow sudo echo "import os" sudo tee -a /usr/bin/ctf-cow sudo echo "os.system('sudo /usr/bin/docker run -it --rm --user guardian secret_cow:1.0')" | sudo tee -a /usr/bin/ctf-cow
screenshot
-
Make the file executable
- So the players can run the Login defined program
screenshot
-
Import the Challenges into Docker
- Here is where the docker images get loaded onto the system
- Can be local only or pulled from a docker registery
Cow-Challenge.tar
The Docker Image can be downloaded here SHA-256 Hash of challenge file:
2D110F20D01372F54C0C0385CF75A637CE1A15193277993E0F3FB848CC6F0BC7
screenshot
-
Tag the Secret Cow Docker Image
- Tag the Image to make it easier to identify
screenshot
-
Create the Login User
- Loop through list of users and do the following:
- Create User
- Create their Home Directory
- Make the User the Owner of the Directory
- Modify the Login Shell to the One Created Earlier
- Set the Password - to password (Update date this as needed to secure better)
for l in "cow"; do sudo useradd $l; sudo mkdir /home/$l; sudo chown $l:$l /home/$l; sudo usermod --shell /usr/bin/ctf-$l $l; echo $l:password | sudo chpasswd; done;
screenshot
More Users
``` for l in "user1" "user2" "user3"; do sudo useradd $l; sudo mkdir /home/$l; sudo chown $l:$l /home/$l; sudo usermod --shell /usr/bin/ctf-$l $l; echo $l:password | sudo chpasswd; done; ```
-
Add the New User to the Visudo File
- Allow the new user to use sudo to start Docker without a password prompt
screenshot