Skip to content

Commit

Permalink
Add flag injection
Browse files Browse the repository at this point in the history
  • Loading branch information
@lecafard
lecafard committed Jul 13, 2024
1 parent 511a92e commit d8b4651
Show file tree
Hide file tree
Showing 4 changed files with 24 additions and 5 deletions.
12 changes: 12 additions & 0 deletions vendor/nsjail/context/inject-flag.sh
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
#!/bin/bash

export MODE=ONCE
read FLAG
export TMP_PARAMS="$TMP_PARAMS"$(cat <<-END
, {
dst: "/flag",
src_content: $(echo "${FLAG@Q}")
}
END
)
nsjail --config <(echo "$CONFIG" | envsubst)
11 changes: 8 additions & 3 deletions vendor/nsjail/context/nsjail-user.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@

# idempotency ftw
CONFIG_FILE="/home/ctf/nsjail.cfg"
CONFIG=`cat "$CONFIG_FILE"`
export CONFIG=`cat "$CONFIG_FILE"`

# check and set default env vars
export MODE=${MODE:-LISTEN}
Expand All @@ -21,14 +21,15 @@ TMP_ENABLED=${TMP_ENABLED:-0}
TMP_SIZE=${TMP_SIZE:-5000000}

if [ $TMP_ENABLED -eq 1 ]; then
export TMP_PARAMS=$(cat <<-END
export TMP_PARAMS=$(cat <<-END
, {
dst: "/tmp",
fstype: "tmpfs",
options: "size=$TMP_SIZE",
is_bind: false,
rw: true
}
END
)
fi
Expand All @@ -41,5 +42,9 @@ if [ -f "/sys/fs/cgroup/cgroup.controllers" ]; then
fi
fi

nsjail --config <(echo "$CONFIG" | envsubst) --env FLAG
if [ "$MODE" == "LISTEN_INJECT_FLAG" ]; then
/docker-init/inject-flag.sh
else
nsjail --config <(echo "$CONFIG" | envsubst) --env FLAG
fi

3 changes: 2 additions & 1 deletion vendor/nsjail/dockerfiles/Dockerfile.debian
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,7 @@ RUN dpkg --add-architecture i386 \
python3-venv \
python3-gmpy2 \
nano \
socat \
$LIBPROTOBUF_VERSION \
libnl-route-3-200 \
libc6:i386 \
Expand All @@ -41,7 +42,7 @@ RUN dpkg --add-architecture i386 \
COPY --from=build /nsjail/nsjail /usr/bin/nsjail
RUN useradd -r -m ctf

COPY docker-entrypoint.sh nsjail-launcher.sh nsjail-user.sh nsjail-config-cgroups.sh /docker-init/
COPY docker-entrypoint.sh nsjail-launcher.sh nsjail-user.sh nsjail-config-cgroups.sh inject-flag.sh /docker-init/
RUN chmod +x /docker-init/*

ENTRYPOINT ["/docker-init/docker-entrypoint.sh"]
Expand Down
3 changes: 2 additions & 1 deletion vendor/nsjail/dockerfiles/Dockerfile.ubuntu
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,7 @@ RUN dpkg --add-architecture i386 \
python3-gmpy2 \
python3-pip \
nano \
socat \
$LIBPROTOBUF_VERSION \
libnl-route-3-200 \
libc6:i386 \
Expand All @@ -41,7 +42,7 @@ RUN dpkg --add-architecture i386 \
COPY --from=build /nsjail/nsjail /usr/bin/nsjail
RUN useradd -r -m ctf

COPY docker-entrypoint.sh nsjail-launcher.sh nsjail-user.sh nsjail-config-cgroups.sh /docker-init/
COPY docker-entrypoint.sh nsjail-launcher.sh nsjail-user.sh nsjail-config-cgroups.sh inject-flag.sh /docker-init/
RUN chmod +x /docker-init/*

ENTRYPOINT ["/docker-init/docker-entrypoint.sh"]
Expand Down

0 comments on commit d8b4651

Please sign in to comment.