A set of scripts to configure and deploy a 0x4F CTF bootstrap. Everything needed to get started on CTF challenges, kitchen sink and all.
- angr
- Capstone.
- Unicorn.
- Radare2.
- Keystone.
- Checksec.
- Z3.
- Binwalk.
- Pwndbg (gdb).
- Qemu.
- Rappel (
¯\_(ツ)_/¯) - Hydra.
- Pwntools.
- The usual *nix goodies.
socat,vim,nc,strace, etc.
...and more! See the 41h/attributes/sources.rb, 41h/attributes/base.rb, 41h/attributes/ruby.rb... well, everything in 41h/attributes/ really... for a full list.
Jupyter is included and runs on start, but will only bind to localhost (127.0.0.1:8888), and the Notebook password is set to 41h via Chef node['python']['jupyter']['password'] attribute. As a result, an SSH tunnel should be used to access Jupyter.
Due to the number of source distributions installed, source packages will not be attempted to be compiled when the machine is launched. This is done to reduce start-up time.
All sources are cloned into /opt/sources/ and can be installed appropriately from there.
A scratch directory - named scratch, who'da thunk it? - is mounted inside of the VM using Vagrant's 'Synced Folders'. This allows for work on code inside of the parent machine, and provides a quick mechanism for 'bussing' files between the host machine and the VM.
Beware! VirtualBox does not play nicely with symlinks.
To begin, make sure that your SSH public key and username has been added to the default['system']['users'] array inside of 41h/attributes/users.rb. If this is not done, you will not be able to login to the machine once provisioning is complete (as the deployed sshd configuration disables password authentication by default).
Keys should be added to the existing array in the following format:
{
'username' => '<MY_USER>',
'ssh_key' => 'ssh-xxxx <MY_SSH_PUBKEY> Chef_Installed',
},
If for some reason you want to install 41h on the machine that you have checked the repository out onto, perform the following:
- Run
deploy-local.shfrom this directory. - Wait.
NOTE: Digital Ocean will charge a MINIMUM of 1 hour if a machine is spawned and then torn down immediately. If using a '48GB' instance (default), this will run you around CAD$0.71 every time the instance is built. If running a lot of tests, please use the Vagrant deployment script, or use a smaller instance to reduce cost!
To deploy a new 41h machine into Digital Ocean (via the API), perform the following:
- Run
pip install -r requirements.txtfrom this directory. - Run
python2.7 deploy-digitalocean.py --api-token <DO_API_TOKEN>from this directory. - Wait.
To deploy a local virtual machine via Vagrant, perform the following:
- First up, ensure the following dependencies are installed and configured:
- Vagrant
- https://www.vagrantup.com/
- No configuration required (if using the VirtualBox driver).
- VirtualBox
- https://www.virtualbox.org/wiki/Downloads
- Ensure Intel VT or AMD-V is configured on the system.
- Change the virtual machine default directory (optional).
- Run
vagrant upfrom this directory. - Wait.
- Login using
vagrant ssh. - When done, run
vagrant destroyto tear-down the machine once again.
Tip! If running under Windows, a command-line compatible SSH client is required to be in the user's path, or things will fail. 'Git Bash' from https://git-scm.com/downloads works well for this, just make sure that all commands are run inside of 'Git Bash' instead of PowerShell or CMD.
Raise a GitHub issue, or fix it and raise a PR :)