Skip to content

Latest commit

 

History

History
75 lines (47 loc) · 2.9 KB

README.md

File metadata and controls

75 lines (47 loc) · 2.9 KB

A scalable service for client-side web CTF challenges

Quick Start

GCP

In examples/gcp, run:

gcloud auth application-default login
terraform init
terraform apply --var "project=$(gcloud config get-value project)"

AWS

In examples/aws, run:

aws configure
repo=$(aws ecr create-repository --repository-name admin-bot --region us-east-1 --query repository.repositoryUri --output text)
docker pull redpwn/admin-bot-example
docker tag redpwn/admin-bot-example "$repo"
aws ecr get-login-password --region us-east-1 | docker login --username AWS --password-stdin "$repo"
docker push "$repo"
terraform init
terraform apply --var "image=$(docker image inspect "$repo" -f '{{ index .RepoDigests 0 }}')"

After applying, Terraform outputs a submit_url. To submit a URL to the admin bot, visit <submit_url>/one.

Deployment

  1. Create a config.js file and a Dockerfile.

GCP

  1. Build and push the image to gcr.io or pkg.dev.
  2. Use the Terraform module to deploy to Cloud Run.

AWS

  1. Build and push the image to ECR.
  2. Use the Terraform module to deploy to Fargate and Lambda.

Challenge Configuration

The config.js file must export a Map named challenges.

The key of each entry is its challenge ID. To submit a URL to the admin bot, visit /<challenge id>.

The value of each entry is an object with properties:

  • name: the display name of the challenge
  • timeout: the timeout in milliseconds for each admin bot visit
  • handler: a function which returns a Promise and accepts the submitted URL and a Puppeteer BrowserContext
  • urlRegex (optional): a regex to check the URL against (default: /^https?:\/\//)

To mitigate possible Chrome vulnerabilities, JIT/WebAssembly is disabled.

Terraform Configuration

GCP

Terraform module: redpwn/admin-bot/google.

Example configuration: examples/gcp/main.tf.

AWS

Terraform module: redpwn/admin-bot/aws.

Example configuration: examples/aws/main.tf.