Skip to content

efiens/saarctf-vulnbox

BranchesTags

Repository files navigation

saarCTF Vulnbox Build Tool

Vulnbox images are automatically generated by Packer and based on VirtualBox.

Images are based on Debian 10 (Buster).

Subsequent builds can be speed up by installing apt-cacher-ng on the host: apt-get install -y apt-cacher-ng.

What is here

  • Scripts to build a vulnbox including services that follow the saarCTF service template
  • Scripts to build a testbox (similar to vulnbox but with a simple test service only)
  • Scripts to build a "router VM"
  • Scripts to convert any of there .ova VM images to a .tar.xz cloud bundle (see below)

How to build the vulnbox

  • Step 0: Download and install Packer, Docker and VirtualBox.

  • Step 1: Prepare services

    Clone all services into the services directory. They must be structured following these guidelines

  • Step 2: Build the vulnbox

    ./vulnbuild.py build

Vulnbuild Tool

In a first step, a plain debian image is built. In a second step, services are built. In a third final step, vulnbox is built, based on the plain debian image and the service builds.

  • ./vulnbuild.py prepare [--rebuild] Build all services.
  • ./vulnbuild.py prepare <service> [--rebuild] Build service <service>.
  • ./vulnbuild.py prepare-debian [--rebuild] Build plain debian image.
  • ./vulnbuild.py clean [<service>|debian] Clean cached build from service, all services or plain image.
  • ./vulnbuild.py pull [<service>] Update git repositories containing one or all services.
  • ./vulnbuild.py build Build the final vulnbox.
  • ./vulnbuild.py build [testbox|router] Build other boxes.

Customizing the vulnbox

  • In any case you should create a new SSH key and move it to ssh/saarctf[.pub].
  • The greeting frontpage can be edited in /frontpage and /frontpage-testbox.
  • The general structure of build steps is in vulnbox.yaml and can be modified.
  • Meta information of all VMs are in /*.yaml.

Cloud builds

We can convert any of these VMs into a .tar.xz bundle that is suited for cloud hosting. These bundles are our hacky way to get cloud images, which we came up with due to the COVID-19 outbreak. Please read the setup instructions on ctf.saarland to get an idea what these bundles are.

To build a bundle from an existing ova VM image, run:

sudo ./cloudbuild.py <ova-file> <output-archive> [<password>]

Conversion requires root, libguestfs-tools must be installed and all VirtualBox VMs must be powered off. If a password is given, the archive is encrypted using GnuPG.

About

No description, website, or topics provided.

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

5 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages