Docker

.gitignore

@@ -8,3 +8,6 @@ Cargo.lock
 
 # These are backup files generated by rustfmt
 **/*.rs.bk
+
+# For vim
+*.swp

Dockerfile

@@ -0,0 +1,59 @@
+from ubuntu:latest
+
+# Install dependencies.
+RUN apt update -y
+RUN DEBIAN_FRONTEND="noninteractive" apt install -y tzdata
+RUN apt install -y \
+	git-all \
+	vim \
+	nano \
+	whois \
+	openssh-server \
+	curl \
+	apt-utils \
+	iputils-ping \
+	zsh \
+	tmux
+
+# Create the required users. The game master is the `git` account, and the player is the user's account
+RUN useradd --comment "GameMaster account" --create-home --password $(mkpasswd -m sha-512 94+wings+STRONG+mountain+35) gamemaster
+RUN useradd --comment "Player account" --create-home --password $(mkpasswd -m sha-512 player) --shell $(which zsh) player
+
+# Set up the player's SSH keys and copy the public key to /tmp
+COPY build/player_entrypoint.sh /home/player
+RUN chown player:player /home/player/player_entrypoint.sh
+RUN chmod 770 /home/player/player_entrypoint.sh
+RUN su -c "/home/player/player_entrypoint.sh" - player
+COPY build/player_zshrc.sh /home/player/.zshrc
+RUN chown player:player /home/player/.zshrc
+RUN chmod 770 /home/player/.zshrc
+
+RUN mkdir /var/run/sshd
+RUN echo 'ClientAliveInterval 60' >> /etc/ssh/sshd_config
+RUN echo 'ClientAliveCountMax 10' >>  /etc/ssh/sshd_config
+COPY build/login_banner.txt /etc/motd
+
+# Set up the git server so that the player can run git clone gamemaster@localhost:/home/gamemaster/ctf-repo
+RUN git clone --bare https://github.com/ShayNehmad/make-git-better-levels.git /home/gamemaster/ctf-repo
+# This file adds the player's ssh public key from before
+COPY build/gamemaster_entrypoint.sh /home/gamemaster
+RUN chown gamemaster:gamemaster /home/gamemaster/gamemaster_entrypoint.sh
+RUN chmod 770 /home/gamemaster/gamemaster_entrypoint.sh
+RUN su -c "/home/gamemaster/gamemaster_entrypoint.sh" - gamemaster
+# Set up the hooks for the actual gameplay in the repo
+COPY levels/checkers /home/gamemaster/ctf-repo/hooks/checkers
+COPY scripts/generate-pre-receive-hook/output/pre-receive /home/gamemaster/ctf-repo/hooks
+# Make sure that gamemaster owns all of their files
+RUN chown -R gamemaster:gamemaster /home/gamemaster
+
+# Now that we're done with gamemaster's setup we can change their shell to git shell and block their home directory
+RUN chsh gamemaster -s $(which git-shell)
+RUN chmod 700 -R /home/gamemaster
+
+# Cleanup
+RUN rm -rf /tmp/*
+RUN rm -rf /home/player/player_entrypoint.sh
+
+EXPOSE 22
+CMD ["/usr/sbin/sshd", "-D"]
+

build/gamemaster_entrypoint.sh

@@ -0,0 +1,16 @@
+#!/bin/bash
+
+if [[ ! $(whoami) == "gamemaster" ]] 
+	then echo "I'm not the gamemaster"; exit 1; 
+fi
+
+if [[ ! -f /tmp/id_rsa.player.pub ]]
+	then echo "Not public key file found"; exit 1;
+fi
+
+# https://git-scm.com/book/en/v2/Git-on-the-Server-Setting-Up-the-Server
+cd
+pwd
+mkdir .ssh && chmod 700 .ssh
+cat /tmp/id_rsa.player.pub >> ~/.ssh/authorized_keys
+

build/login_banner.txt

@@ -0,0 +1,28 @@
+                 _                    _   _                    
+  _ __    __ _  | |__  ___     __ _  (_) | |_     
+ | '  \  / _` | | / / / -_)   / _` | | | |  _|   
+ |_|_|_| \__,_| |_\_\ \___|   \__, | |_|  \__|     
+                              |___/              
+                   ___                                   ___           ___     
+    _____         /  /\          ___         ___        /  /\         /  /\    
+   /  /::\       /  /:/_        /  /\       /  /\      /  /:/_       /  /::\   
+  /  /:/\:\     /  /:/ /\      /  /:/      /  /:/     /  /:/ /\     /  /:/\:\  
+ /  /:/~/::\   /  /:/ /:/_    /  /:/      /  /:/     /  /:/ /:/_   /  /:/~/:/  
+/__/:/ /:/\:| /__/:/ /:/ /\  /  /::\     /  /::\    /__/:/ /:/ /\ /__/:/ /:/___
+\  \:\/:/~/:/ \  \:\/:/ /:/ /__/:/\:\   /__/:/\:\   \  \:\/:/ /:/ \  \:\/:::::/
+ \  \::/ /:/   \  \::/ /:/  \__\/  \:\  \__\/  \:\   \  \::/ /:/   \  \::/~~~~ 
+  \  \:\/:/     \  \:\/:/        \  \:\      \  \:\   \  \:\/:/     \  \:\     
+   \  \::/       \  \::/          \__\/       \__\/    \  \::/       \  \:\    
+    \__\/         \__\/                                 \__\/         \__\/    
+
+
+	   A git CTF challenge by Shay Nehmad 
+	   Visit https://mrnice.dev
+
+This is a game server. Please try to not mess it up ¯\_(ツ)_/¯
+If you find any issues, let me know @ShayNehmad on Twitter.
+
+To start playing, clone the game repository by running:
+
+    git clone gamemaster@localhost:~/ctf-repo
+

build/player_entrypoint.sh

@@ -0,0 +1,20 @@
+#!/bin/zsh
+
+if [[ ! $(whoami) == "player" ]] 
+	then echo "I'm not the player"; exit 1; 
+fi
+
+# https://git-scm.com/book/en/v2/Git-on-the-Server-Setting-Up-the-Server
+cd
+pwd
+ssh-keygen -q -t rsa -N '' -f ~/.ssh/id_rsa 2>/dev/null <<< y >/dev/null
+
+cat ~/.ssh/id_rsa.pub >> /tmp/id_rsa.player.pub
+
+echo "Setting up zsh"
+sh -c "$(curl -fsSL https://raw.github.com/ohmyzsh/ohmyzsh/master/tools/install.sh)"
+
+
+git config --global user.email "[email protected]"
+git config --global user.name "CTF player"
+

build/player_zshrc.sh

@@ -0,0 +1,6 @@
+export ZSH="/home/player/.oh-my-zsh"
+ZSH_THEME="juanghurtado"
+plugins=(git)
+
+source $ZSH/oh-my-zsh.sh
+