Skip to content

CyberSecurityUSC/badsec

Repository files navigation

BadSec

So what is this?

It's a framework for managing various exploitable Docker containers. All together, these containers come together to make a CTF (or Capture the Flag). Included is a basic dashboard for Flag submission, and a blog for task detailing.

DashBoard

Getting started?

Managing this Code (basic git control skip if you know this)

  • Download Git
  • cd into this directory and git init . (If you are using windows make sure you use git bash)
  • Add your git remote for this repository. To do this make sure you have ssh deploy enabled
  • Almost there! git pull origin master Notes: You'll want to learn git very well if you haven't already. It plays a big part of this set up, but is also applicable to any computer science class/ project you work on in the future. It's also industry standard.

Getting your environment running (If you're running some form of Debian, chances are you can skip this if you want)

  • Download Vagrant. Go grab some tea while you wait.
  • Make sure you're in the devbox directory and vagrant up. The first time you do this it'll take a while; pour yourself some more tea.
  • Done? vagrant ssh password is vagrant

Getting the site running

  • Change your host file so that dig.it.hack,inject.hack,request.hack,blog.stack,dashboard.stack point to 10.10.10.10 if vagrant and just localhost if otherwise. Read how to here
  • Run setup -i. Read the script first, this is just a helper if you agree
  • Good to go? run ./toolbelt -ar. This should take awhile. Don't worry. Still have some more tea?

Running the Site from a hotspot

sudo apt-get install dnsmaq hostapd; sudo hotspot/run.sh; Should do the trick. Try restarting the hostapd service if it exits.

Awesome. Now you're cranking.

Troubleshooting

  • If for some reason it hasn't worked, run ./toolbelt -ar. There's a chance the database didn't finish initializing.
  • Another weird reason for it not working is the conversion of unix to windows line endings. This problem sounds pretty weird but it is legit. Thankfully there's a tool called dos2unix which you can install on your vagrant box using sudo apt-get install dos2unix run dos2unix filename to fix your worries. Note, I think it does something funky to file permissions. Just make sure no weird file permissions git track into git.
  • Is it really bad? See the notes on the forgetitall function and reseting your database down below. Send me (DM) an email if it gets to crazy levels of bad [email protected]
  • Uploads for wordpress don't work? All ajax reponses and any response request for that matter get crunked up by existing php errors. Comment out the debug conditional in wp-config if you don't want these errors to pop up OR fix the php errors.

Are you golden? Alright, now what?

  • Get hacking

Also...

If you play with the dev box, I would highly recommend learning how to docker. Failing that, if docker takes up too much disk space or you feel like you messed something up, run ./toolbelt -x. This is the fuckitall method. It should kill everything docker related.


Crunked up your local database?

Stop your containers (./toolbelt -s) delete the volume persist with docker volume rm persist and try running toolbelt -ar again.

About

Docker containers and code for security presentation

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published