Add flag injection

DownUnderCTF · Jul 13, 2024 · 7d9e7ff · 7d9e7ff
1 parent 511a92e
commit 7d9e7ff
Show file tree

Hide file tree

Showing 5 changed files with 29 additions and 4 deletions.
diff --git a/vendor/nsjail/context/inject-flag.sh b/vendor/nsjail/context/inject-flag.sh
@@ -0,0 +1,17 @@
+#!/bin/bash
+
+export MODE=ONCE
+read FLAG
+
+if [ "$FLAG" == "" ]; then
+  FLAG=" "
+fi
+
+export TMP_PARAMS="$TMP_PARAMS"$(cat <<-END
+, {
+    dst: "/flag",
+    src_content: $(echo "${FLAG@Q}")
+  }
+END
+)
+nsjail --config <(echo "$CONFIG" | envsubst)
diff --git a/vendor/nsjail/context/nsjail-user.sh b/vendor/nsjail/context/nsjail-user.sh
@@ -2,7 +2,7 @@
 
 # idempotency ftw
 CONFIG_FILE="/home/ctf/nsjail.cfg"
-CONFIG=`cat "$CONFIG_FILE"`
+export CONFIG=`cat "$CONFIG_FILE"`
 
 # check and set default env vars
 export MODE=${MODE:-LISTEN}
@@ -29,6 +29,7 @@ if [ $TMP_ENABLED -eq 1 ]; then
     is_bind: false,
     rw: true
   }
+
 END
 )
 fi
@@ -41,5 +42,9 @@ if [ -f "/sys/fs/cgroup/cgroup.controllers" ]; then
 	fi
 fi
 
-nsjail --config <(echo "$CONFIG" | envsubst) --env FLAG
+if [ "$MODE" == "LISTEN_INJECT_FLAG" ]; then
+	socat tcp-listen:$PORT,reuseaddr,fork "exec:/docker-init/inject-flag.sh"
+else
+	nsjail --config <(echo "$CONFIG" | envsubst) --env FLAG
+fi
 
diff --git a/vendor/nsjail/context/nsjail.cfg b/vendor/nsjail/context/nsjail.cfg
@@ -8,6 +8,7 @@ gidmap {inside_id: "1000"}
 # jail config
 cwd: "$JAIL_CWD"
 hostname: "challenge"
+stderr_to_null: true
 
 # network config
 bindhost: "0.0.0.0"

diff --git a/vendor/nsjail/dockerfiles/Dockerfile.debian b/vendor/nsjail/dockerfiles/Dockerfile.debian
@@ -32,6 +32,7 @@ RUN dpkg --add-architecture i386 \
      python3-venv \
      python3-gmpy2 \
      nano \
+     socat \
      $LIBPROTOBUF_VERSION \
      libnl-route-3-200 \
      libc6:i386 \
@@ -41,7 +42,7 @@ RUN dpkg --add-architecture i386 \
 COPY --from=build /nsjail/nsjail /usr/bin/nsjail
 RUN useradd -r -m ctf
 
-COPY docker-entrypoint.sh nsjail-launcher.sh nsjail-user.sh nsjail-config-cgroups.sh /docker-init/
+COPY docker-entrypoint.sh nsjail-launcher.sh nsjail-user.sh nsjail-config-cgroups.sh inject-flag.sh /docker-init/
 RUN chmod +x /docker-init/*
 
 ENTRYPOINT ["/docker-init/docker-entrypoint.sh"]

diff --git a/vendor/nsjail/dockerfiles/Dockerfile.ubuntu b/vendor/nsjail/dockerfiles/Dockerfile.ubuntu
@@ -32,6 +32,7 @@ RUN dpkg --add-architecture i386 \
      python3-gmpy2 \
      python3-pip \
      nano \
+     socat \
      $LIBPROTOBUF_VERSION \
      libnl-route-3-200 \
      libc6:i386 \
@@ -41,7 +42,7 @@ RUN dpkg --add-architecture i386 \
 COPY --from=build /nsjail/nsjail /usr/bin/nsjail
 RUN useradd -r -m ctf
 
-COPY docker-entrypoint.sh nsjail-launcher.sh nsjail-user.sh nsjail-config-cgroups.sh /docker-init/
+COPY docker-entrypoint.sh nsjail-launcher.sh nsjail-user.sh nsjail-config-cgroups.sh inject-flag.sh /docker-init/
 RUN chmod +x /docker-init/*
 
 ENTRYPOINT ["/docker-init/docker-entrypoint.sh"]