Skip to content

SSH Server Setup

What's The Purpose?

Most challenges can be hosted inside the CTFd platform without any issues. If you have a file that they need to download and interact with or text only based questions. What if you want to host a live challenge that you want them to interact with? This is where our SSH server comes in handy.

The SSH server we are going to build will be utilized to host challenges in docker containers. This is where things can get very interesting with the challenges that you can provide. Some of the Challenges that you can provide:

  1. Web App
  2. You host a dockized web service that allows the players to interact with a web server to get flags
  3. Kibana/Splunk (SIEM)
  4. If you want the players to comb through some logs
  5. Command Line Jail
  6. You want the players to utilize only the tools you provide them in an isolated environment
  7. Anything else your imagination and creativity comes up with

All this being said, this server is not a requirement to get a CTF up and running.

End Goal of This Page

When we are done with this write up, we will have a SSH server with 2 challenges hosted: 1. Docker Challenge for Linux 2. Docker hosted Elasticsearch/Kibana challenge

Docker Registry

The Docker Containers in this write-up will be hosted locally, but they can also be setup to be hosted through a GitLab/GitHub container registry by renaming them appropriately.

The Linux Docker challenge will require the players to SSH into the box and interact with a limited set of tools to solve the challenge.

The Elasticsearch/Kibana Challenges will be accessed through the players web browser and they will have to use Kibana to find all the answers.

Building the Server

  1. Follow the exact same steps from 1-10 on the SSH server.

    We will end up with Docker installed and started and that is where the two servers diverge from their base setup.

  2. Turn Off Message Of The Day for SSH users

    If you want to utilize this feature for anything you can skip it. This will allow the players to jump right into the terminal without needed to clear the screen.

    sudo chmod -x /etc/update-motd.d/*
    
    Screenshot

    MOTD silence

  3. Set 'vm.max_map_count' for Elasticsearch Containers

    • If you are hosting and Elasticsearch container this setting must be set or Elasticsearch will not start.
    • This will take effect after a reboot of the server.
    • Ignore this if you do not have any Elasticsearch Containers.
    sudo echo "vm.max_map_count=262144" >> /etc/sysctl.conf
    
    screenshot

    VM max map count

  4. Create First SSH Login Terminal

    • We are going to create a Python script that will be pointed to for players to be dropped directly into a docker container
    • The docker container will be new to the login
    • The container will be destroyed when the player exits

    Multiple Players

    Multiple players can all login at one time for the same challenge.... AND still be isolated from one another!!!

    sudo echo '#!/usr/bin/python3' | sudo tee /usr/bin/ctf-cow
    sudo echo "import os" | sudo tee -a /usr/bin/ctf-cow
    sudo echo "os.system('sudo /usr/bin/docker run -it --rm --user guardian The Cyber Squirrel/ctf:sc-1.0')" | sudo tee -a /usr/bin/ctf-cow
    
    - First line we are creating a new file and putting in the She Bang for Python3 - Second line we append the import of the os module for Python - Finally we add to the file the command we use to spin up and drop the player into a local docker image that is interactive, deletes when exited, as the user guardian.

    screenshot

    Login Program

  5. Make the file executable

    • So the players can run the Login defined program
      chmod +x /usr/bin/ctf-cow
      
    screenshot

    Execute Perms

  6. Import the Challenges into Docker

    • Here is where the docker images get loaded onto the system
    • Can be local only or pulled from a docker registery

    Cow-Challenge.tar

    The Docker Image can be downloaded here DIGEST:sha256:8b0198c3fae0ac4faff089f7df6a5f3540b4dc10d249f90045ce390a75ab9d58

    sudo docker pull The Cyber Squirrel/ctf:sc-1.0
    
    screenshot

    cow-challenge load

  7. Tag the Secret Cow Docker Image

    • Tag the Image to make it easier to identify
      sudo docker tag "06bf80ce1259" secret-cow:1.0
      
    screenshot

    secret cow tag

  8. Create the Login User

    • Loop through list of users and do the following:
    • Create User
    • Create their Home Directory
    • Make the User the Owner of the Directory
    • Modify the Login Shell to the One Created Earlier
    • Set the Password - to password (Update date this as needed to secure better)
    for l in "cow"; do sudo useradd $l; sudo mkdir /home/$l; sudo chown $l:$l /home/$l; sudo usermod --shell /usr/bin/ctf-$l $l; echo $l:password | sudo chpasswd; done;
    
    screenshot

    User Created

    More Users

    ```
    for l in "user1" "user2" "user3"; do sudo useradd $l; sudo mkdir /home/$l; sudo chown $l:$l /home/$l; sudo usermod --shell /usr/bin/ctf-$l $l; echo $l:password | sudo chpasswd; done;
    ```
    
  9. Add the New User to the Visudo File

    • Allow the new user to use sudo to start Docker without a password prompt
    sudo echo "cow     ALL=(ALL:ALL) NOPASSWD:/usr/bin/docker" >> /etc/sudoers
    
    screenshot

    visudo

  10. Reboot the Server

    sudo shutdown -r now 
    
  11. Ssh into the cow challenge

    ssh cow@<ssh server ip or dns name>
    
    screenshot

    successful login

Now you have successfully created your first dockerized SSH challenge!

screenshot

docker stats

With this basic knowledege you can now expand this out and create your own dockerized challenges and now have a way to implement them so that each player has their own locked down containers.

Kibana Challenge

Next up is the Dockerized Kibana Chanllenge! This one is very similar to the Secret Cow challenge, but instead of each player spinning up their own instance we want to host a shared web app.