bambi and enowars6 changes

.dockerignore

@@ -0,0 +1,4 @@
+.git
+.dockerignore
+.env
+*

.gitignore

@@ -13,3 +13,4 @@ config*.yml
 *.retry
 .trash/
 .env
+id_ed25519

Dockerfile

@@ -0,0 +1,32 @@
+FROM ubuntu:20.04
+
+# Core deps
+RUN apt-get update
+RUN DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends tzdata
+RUN apt-get install -y --no-install-recommends rsync git less tmux python3 curl wireguard python3-pip unzip file nano dnsutils jq \
+    software-properties-common gpg-agent # for ansible and packer install
+
+# Ansible
+RUN add-apt-repository --yes --update ppa:ansible/ansible && apt-get install -y ansible
+
+# Terrorform
+RUN ls -alh /usr/local/bin
+RUN curl https://releases.hashicorp.com/terraform/1.0.11/terraform_1.0.11_linux_amd64.zip > terraform.zip && \
+    unzip terraform.zip && \
+    mv terraform /usr/local/bin/
+
+# Packer
+RUN curl -fsSL https://apt.releases.hashicorp.com/gpg | apt-key add - && \
+    apt-add-repository "deb [arch=amd64] https://apt.releases.hashicorp.com $(lsb_release -cs) main" && \
+    apt-get update && apt-get install packer
+
+# OpenVPN
+RUN apt-get install -y openvpn easy-rsa zip unzip
+ENV PATH="/usr/share/easy-rsa:${PATH}"
+
+# QOL
+RUN echo "set -g mouse on" > /root/.tmux.conf
+
+WORKDIR /bambictf
+
+ENTRYPOINT tail -f /dev/null

README.md

@@ -67,3 +67,29 @@ export HCLOUD_TOKEN="..."
 (cd packer; packer build bambivulnbox.json)
 (cd packer; packer build bambielk.json)
 ```
+
+## Docker
+- Have at least one ssh key with the label `type=admin` in your project
+- Set `HCLOUD_TOKEN` and `HETZNERDNS_TOKEN`
+- Create `./ansible/config_bambi.yml`
+- Obtain a private ssh ed25519 key that can clone your repositories (`cp ~/.ssh/id_ed25519 .`)
+- Run the container (`docker-compose up --build`)
+- Invoke a bash in the container (`docker-compose exec bambictf bash`)
+- Build configs
+    - `cd /bambictf/config`
+    - `./gen_config.sh`
+- Builds VMs
+    - `cd /bambictf/packer`
+    - `packer build bambichecker.json`
+- Create `./terraform/terraform.tfvars`
+- `cd ./terraform`
+- `terraform init`
+- `terraform apply`
+
+
+## Open game network
+- `iptables -A FORWARD -o router -j ACCEPT` (on *every* gateway)
+
+
+## Rsync stuff
+- `while true; do rsync /services/data/*.json [email protected]:/services/EnoCTFPortal_bambi7/scoreboard; sleep 5; done` TODO ask Lucas about loops and stuff

ansible/bambichecker.yml

@@ -22,4 +22,6 @@
       - docker-block-external
       - role: programs
         vars:
-          program_list: "tmux"
+          program_list:
+            - "tmux"
+            - "git"

ansible/bambielk.yml

@@ -22,4 +22,6 @@
           elk: 192.168.3.0
       - role: programs
         vars:
-          program_list: "tmux"
+          program_list:
+            - "tmux"
+            - "git"

ansible/bambiengine.yml

@@ -22,4 +22,6 @@
       - docker-block-external
       - role: programs
         vars:
-          program_list: "tmux"
+          program_list:
+            - "tmux"
+            - "git"

ansible/bambirouter.yml

@@ -20,5 +20,7 @@
       - bambi-wireguard-router
       - role: programs
         vars:
-          program_list: "tmux"
+          program_list:
+            - "tmux"
+            - "git"
       - teamvpn-configs

ansible/bambivulnbox.yml

@@ -13,9 +13,12 @@
       - docker-block-external
       - wireguard
       - enomoloch
+      - bambixploit
       - role: programs
         vars:
           program_list:
             - tmux
             - unzip
+            - git
+            - python3-pip
       - bambi-openvpn-team-server

ansible/config_bambi.yml.sample

@@ -2,5 +2,4 @@ vulnerable_services:
     stonksexchange: https://github.com/ldruschk/bambi-service-stonksexchange.git
 github_ssh_keys: [
   ldruschk,
-]
-zip_directory: /home/lucas/Documents/prog/bambictf/config/openvpn_configs/zips
+]

ansible/roles/bambixploit/files/bambixploit.json

@@ -0,0 +1,7 @@
+{
+    "flagRegex": "ENO[A-Za-z0-9+\/=]{48}",
+    "targetsUrl": "https://6.enowars.com/api/data/ips",
+    "submissionAddress": "10.0.13.37",
+    "submissionPort": 1337,
+    "interval": 50
+}

ansible/roles/bambixploit/tasks/main.yml

@@ -0,0 +1,16 @@
+---
+  - name: Install bambixploit
+    get_url:
+      url: "https://github.com/enowars/bambiXploit-dotnet/releases/download/v0.0.9/bambixploit-linux-x64"
+      dest: /usr/local/bin/bambixploit
+      mode: 0755
+
+  - name: Create /etc/bambixploit
+    ansible.builtin.file:
+      path: /etc/bambixploit
+      state: directory
+
+  - name: Deploy bambixploit.json
+    copy:
+      src: bambixploit.json
+      dest: /etc/bambixploit/bambixploit.json

ansible/roles/dotnetsdk/tasks/main.yml

@@ -17,9 +17,15 @@
     become: yes
     when: dotnet_sdk_deb.rc == 1
 
+  - name: Install dotnet deps
+    apt:
+      name: "apt-transport-https"
+      state: present
+    when: dotnet_sdk_deb.rc == 1
+
   - name: Install dotnet sdk
     apt:
-      name: "dotnet-sdk-5.0"
+      name: "dotnet-sdk-6.0"
       state: present
       update_cache: yes
     when: dotnet_sdk_deb.rc == 1

ansible/roles/enoelk/tasks/main.yml

@@ -15,6 +15,11 @@
       repo: "https://github.com/enowars/EnoELK.git"
       dest: /services/EnoELK
 
+  - name: Pull ELK images
+    shell: docker-compose pull
+    args:
+      chdir: /services/EnoELK
+
   - name: allow wireguard input traffic (internal)
     iptables:
       chain: INPUT

ansible/roles/enoengine/tasks/main.yml

@@ -9,6 +9,11 @@
       repo: "https://github.com/enowars/EnoEngine.git"
       dest: /services/EnoEngine
 
+  - name: Clone EnoCTFPortal (for adhoc testing and solutions)
+    git:
+      repo: "https://github.com/enowars/EnoCTFPortal.git"
+      dest: /services/EnoCTFPortal
+
   - name: Allow flag submission traffic
     iptables:
       chain: INPUT
@@ -17,6 +22,14 @@
       destination_port: "1337"
       jump: ACCEPT
 
+  - name: Allow EnoCTFPortal traffic
+    iptables:
+      chain: INPUT
+      in_interface: internal
+      protocol: tcp
+      destination_port: "5001"
+      jump: ACCEPT
+
   - name: allow wireguard input traffic (internal)
     iptables:
       chain: INPUT
@@ -27,3 +40,9 @@
 
   - name: persist iptables config
     shell: "iptables-save > /etc/iptables/rules.v4"
+
+  - name: Create /services/data
+    ansible.builtin.file:
+      path: /services/data
+      state: directory
+      mode: '0755'

ansible/roles/teamvpn-configs/tasks/main.yml

@@ -7,7 +7,7 @@
 
 - name: copy zipped team VPN configs
   copy:
-    src: "{{ zip_directory }}"
+    src: "{{ playbook_dir }}/../config/openvpn_configs/zips"
     dest: /root
 
 - name: allow openvpn input traffic

ansible/roles/vuln_checkers/meta/main.yml

@@ -1,2 +1,4 @@
 dependencies:
 - role: "docker"
+- role: "programs"
+- role: "bambi-ssh-keys"

ansible/roles/vuln_checkers/tasks/main.yml

@@ -14,6 +14,7 @@
       repo: "{{ item.value }}"
       dest: ./services/{{ inventory_hostname }}/{{ item.key }}
       accept_hostkey: yes
+      key_file: "{{ playbook_dir }}/../id_ed25519"
     with_dict: "{{ vulnerable_services }}"
 
   - name: Copy checkers to gameserver

ansible/roles/vuln_services/meta/main.yml

@@ -1,2 +1,4 @@
 dependencies:
 - role: "docker"
+- role: "programs"
+- role: "bambi-ssh-keys"

ansible/roles/vuln_services/tasks/main.yml

@@ -12,6 +12,7 @@
       module: git
       repo: "{{ item.value }}"
       dest: ./services/{{ inventory_hostname }}/dockered_vulnerable_services/{{ item.key }}
+      key_file: "{{ playbook_dir }}/../id_ed25519"
       accept_hostkey: yes
     with_dict: "{{ vulnerable_services }}"
 

config/gen_config.sh

@@ -1,8 +1,8 @@
 #!/bin/bash
 
-TEAM_COUNT=200
-GATEWAY_COUNT=4
-CHECKER_COUNT=20
+TEAM_COUNT=256
+GATEWAY_COUNT=1
+CHECKER_COUNT=5
 
 mkdir -p "export"
 mkdir -p "internal_router"
@@ -38,7 +38,11 @@ systemctl enable wg-quick@game
 systemctl start wg-quick@game
 
 for service in \$(ls /services/); do
-cd "/services/\$service" && docker-compose up -d &
+    cd "/services/\$service"
+    if [ -f "/services/\$service/setup.sh" ]; then
+        /services/\$service/setup.sh
+    fi
+    docker-compose up -d &
 done
 
 cat <<EOF | passwd

config/openvpn_configs/gen_configs.sh

@@ -1,19 +1,20 @@
 #!/bin/bash
+set -x
 
 [ -f dh.pem ] || openssl dhparam -out dh.pem 2048
 mkdir -p zips
-rm zips/*.zip
+rm -f zips/*.zip
 
 for i in $(seq 1 $1); do
     gateway_id="$((($i - 1) % $2 + 1))"
     (
-        rm -r /tmp/openvpn-ca
+        rm -rf /tmp/openvpn-ca
         mkdir /tmp/openvpn-ca
         touch /tmp/openvpn-ca/vars
         cd /tmp/openvpn-ca
         easyrsa init-pki
-        cp /etc/easy-rsa/openssl-easyrsa.cnf /tmp/openvpn-ca/pki/
-        cp -r /etc/easy-rsa/x509-types/ /tmp/openvpn-ca/
+        cp /usr/share/easy-rsa/openssl-easyrsa.cnf /tmp/openvpn-ca/pki/
+        cp -r /usr/share/easy-rsa/x509-types/ /tmp/openvpn-ca/
         echo "CA" | easyrsa build-ca nopass
         echo "server" | easyrsa gen-req server nopass
         echo "yes" | easyrsa sign-req server server
@@ -23,7 +24,7 @@ for i in $(seq 1 $1); do
     (
         [ -d "team$i" ] && rm -r "team$i"
         mkdir "team$i" && cd "team$i"
-        openvpn --genkey secret ta.key
+        openvpn --genkey --secret ta.key
         cp /tmp/openvpn-ca/pki/ca.crt .
         cp /tmp/openvpn-ca/pki/issued/server.crt .
         cp /tmp/openvpn-ca/pki/private/server.key .

docker-compose.yml

@@ -0,0 +1,11 @@
+version: '2'
+
+services:
+  bambictf:
+    build: .
+    environment:
+      - HCLOUD_TOKEN=${HCLOUD_TOKEN}                # for packer
+      - TF_VAR_HCLOUD_TOKEN=${HCLOUD_TOKEN}         # for terraform
+      - TF_VAR_HETZNERDNS_TOKEN=${HETZNERDNS_TOKEN} # for terraform
+    volumes:
+    - ".:/bambictf"

packer/bambichecker.json

@@ -15,7 +15,7 @@
             "type": "hcloud",
             "image": "ubuntu-20.04",
             "location": "fsn1",
-            "server_type": "cpx11",
+            "server_type": "cx11",
             "ssh_username": "root",
             "snapshot_name": "bambichecker-{{timestamp}}",
             "snapshot_labels": {

packer/bambielk.json

@@ -15,7 +15,7 @@
             "type": "hcloud",
             "image": "ubuntu-20.04",
             "location": "fsn1",
-            "server_type": "cpx11",
+            "server_type": "cx11",
             "ssh_username": "root",
             "snapshot_name": "bambielk-{{timestamp}}",
             "snapshot_labels": {

packer/bambiengine.json

@@ -15,7 +15,7 @@
             "type": "hcloud",
             "image": "ubuntu-20.04",
             "location": "fsn1",
-            "server_type": "cpx11",
+            "server_type": "cx11",
             "ssh_username": "root",
             "snapshot_name": "bambiengine-{{timestamp}}",
             "snapshot_labels": {

packer/bambirouter.json

@@ -15,7 +15,7 @@
             "type": "hcloud",
             "image": "ubuntu-20.04",
             "location": "fsn1",
-            "server_type": "cpx11",
+            "server_type": "cx11",
             "ssh_username": "root",
             "snapshot_name": "bambirouter-{{timestamp}}",
             "snapshot_labels": {

packer/bambivulnbox.json

@@ -15,7 +15,7 @@
             "type": "hcloud",
             "image": "ubuntu-20.04",
             "location": "fsn1",
-            "server_type": "cpx11",
+            "server_type": "cx11",
             "ssh_username": "root",
             "snapshot_name": "bambivulnbox-{{timestamp}}",
             "snapshot_labels": {