A scalable service for client-side web CTF challenges
In examples/gcp, run:
gcloud auth application-default login
terraform init
terraform apply --var "project=$(gcloud config get-value project)"In examples/aws, run:
aws configure
repo=$(aws ecr create-repository --repository-name admin-bot --region us-east-1 --query repository.repositoryUri --output text)
docker pull redpwn/admin-bot-example
docker tag redpwn/admin-bot-example "$repo"
aws ecr get-login-password --region us-east-1 | docker login --username AWS --password-stdin "$repo"
docker push "$repo"
terraform init
terraform apply --var "image=$(docker image inspect "$repo" -f '{{ index .RepoDigests 0 }}')"After applying, Terraform outputs a submit_url. To submit a URL to the admin bot, visit <submit_url>/one.
- Create a
config.jsfile and aDockerfile.
- Build and push the image to
gcr.ioorpkg.dev. - Use the Terraform module to deploy to Cloud Run.
- Build and push the image to ECR.
- Use the Terraform module to deploy to Fargate and Lambda.
The config.js file must export a Map named challenges.
The key of each entry is its challenge ID. To submit a URL to the admin bot, visit /<challenge id>.
The value of each entry is an object with properties:
name: the display name of the challengetimeout: the timeout in milliseconds for each admin bot visithandler: a function which returns aPromiseand accepts the submitted URL and a PuppeteerBrowserContexturlRegex(optional): a regex to check the URL against (default:/^https?:\/\//)
To mitigate possible Chrome vulnerabilities, JIT/WebAssembly is disabled.
Terraform module: redpwn/admin-bot/google.
Example configuration: examples/gcp/main.tf.
Terraform module: redpwn/admin-bot/aws.
Example configuration: examples/aws/main.tf.