-
Notifications
You must be signed in to change notification settings - Fork 0
/
svcgen
132 lines (106 loc) · 2.8 KB
/
svcgen
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
#!/bin/bash
shopt -s extglob
show_help() {
echo "Usage: ./svcgen.sh [workdir]"
echo "Generate CTF challenge deployment files"
echo "It also reads C comments to find the proper build command"
}
if [[ -d "$1" ]]; then
cd "$1"
elif [[ -f "$1" ]]; then
echo "Please specify a directory, not a file"
echo
show_help
exit 1
fi
NAME="$(basename "$(pwd)")"
SOURCES="$(echo *.@(c|cpp))"
if [[ -z "$SOURCES" ]]; then
echo "No C/C++ files found. Please specify a folder with at least one source file"
echo
show_help
exit 1
fi
BUILD_COMMAND="$(grep -hE '/[/*][ ]*g(cc|\+\+) ' $SOURCES | head -n 1 | sed -E 's/ *(\/\/|\/\*|\*\/) *//g' | sed -E 's///g')"
if [[ -z "$BUILD_COMMAND" ]]; then
echo "No build command found in source. Using default"
BUILD_COMMAND="gcc *.c"
fi
BUILD_COMMAND="$BUILD_COMMAND"
BUILD_OUTPUT=""
BUILD_COMMAND_ARRAY=($BUILD_COMMAND)
for i in "${!BUILD_COMMAND_ARRAY[@]}"; do
if [[ "${BUILD_COMMAND_ARRAY[i]}" == "-o" ]]; then
BUILD_OUTPUT="${BUILD_COMMAND_ARRAY[i+1]}"
fi
done
if [[ -z "$BUILD_OUTPUT" ]]; then
echo "No build output name found. Using challenge name"
BUILD_COMMAND+=" -o $NAME"
BUILD_OUTPUT="$NAME"
fi
FLAG_FILES="$(echo flag*)"
PORT="$(( $RANDOM % 1000 + 4000 ))"
echo "Challenge name: $NAME"
echo "Source files found: $SOURCES"
echo "Using build command: $BUILD_COMMAND"
echo "Identified build output: $BUILD_OUTPUT"
echo "Flag files found: $FLAG_FILES"
echo "Randomly generated port: $PORT"
cat > Dockerfile << EOF
FROM ubuntu:xenial AS build
RUN apt-get update
RUN apt-get install -y \\
build-essential
# Add any build dependencies above
COPY $SOURCES ./
RUN $BUILD_COMMAND
FROM ubuntu:xenial
RUN apt-get update \\
&& apt-get install -y \\
xinetd \\
&& rm -rf /var/lib/apt/lists/*
# Add any runtime dependencies above
RUN useradd -m ctf
# Challenge service
COPY xinetd.conf /etc/xinetd.d/$NAME
RUN echo '#!/bin/sh\\ncd /home/ctf && "\$@"' > /bin/run
RUN chmod +x /bin/run
# Challenge files
COPY --from=build $BUILD_OUTPUT /home/ctf/$BUILD_OUTPUT
COPY $FLAG_FILES /home/ctf/
# Permissions
RUN chown -R root:ctf /home/ctf
RUN chmod -R go-w /home/ctf
CMD ["/usr/sbin/xinetd", "-stayalive", "-dontfork"]
EOF
cat > xinetd.conf << EOF
service $NAME
{
disable = no
socket_type = stream
protocol = tcp
wait = no
user = ctf
type = UNLISTED
bind = 0.0.0.0
port = 31337
server = /bin/run
server_args = /home/ctf/$BUILD_OUTPUT
#per_source = 10 # the maximum instances of this service per source IP address
#rlimit_cpu = 20 # the maximum number of CPU seconds that the service may use
#rlimit_as = 1024M # the Address Space resource limit for the service
#access_times = 2:00-9:00 12:00-24:00
}
EOF
cat > start << EOF
#!/bin/sh
buildah bud -t $NAME .
podman run --rm -d \
--read-only \
--name=$NAME \
--publish $PORT:31337
$NAME
EOF
chmod +x start