Web Task Sample (google#37)

* Add web task sample

* delete backup file

* make a single run statement

* fix healtcheck

Author: sirdarckcat

infrastructure/kctf-samples/apache-php/.gen/.gitignore

@@ -0,0 +1,3 @@
+# this directory is for Makefile generated outputs
+*
+!.gitignore

infrastructure/kctf-samples/apache-php/Makefile

@@ -0,0 +1 @@
+../kctf-conf/base/Makefile

infrastructure/kctf-samples/apache-php/chal.conf

@@ -0,0 +1,4 @@
+# this file will be sourced by the deployment scripts
+DEPLOY=true
+PUBLIC=false
+HEALTHCHECK=false

infrastructure/kctf-samples/apache-php/challenge/Dockerfile

@@ -0,0 +1,31 @@
+FROM kctf-nsjail
+
+RUN apt-get -y update
+RUN apt-get -y upgrade
+
+RUN ln -s /secrets/flag /chroot/flag
+
+VOLUME /tmp
+VOLUME /var/log/apache2
+VOLUME /var/run/apache2
+
+RUN apt-get install -y apache2
+RUN chroot /chroot apt-get install -y php-cgi
+
+RUN service apache2 start
+
+RUN ln -s /etc/apache2/mods-available/cgi.load /etc/apache2/mods-enabled/cgi.load
+RUN ln -s /etc/apache2/mods-available/actions.load /etc/apache2/mods-enabled/actions.load
+
+RUN ln -s /config/apache2-nsjail-php.conf /etc/apache2/conf-enabled/nsjail-php.conf
+
+RUN rm -rf /var/www
+RUN ln -s /chroot/var/www /var/www
+
+COPY files/html/ /chroot/var/www/html/
+COPY files/cgi-bin/ /usr/lib/cgi-bin/
+COPY files/root/ /root/
+
+RUN chmod 0755 /chroot/var/www/html /usr/lib/cgi-bin/nsjail-php-cgi /root/launch-apache
+
+CMD /root/launch-apache

infrastructure/kctf-samples/apache-php/challenge/config/apache2-nsjail-php.conf

@@ -0,0 +1,14 @@
+ServerName kctf-nsjail-php
+Listen 1337
+
+<Directory "/var/www/html">
+ Options +ExecCGI
+ Action application/x-nsjail-httpd-php /cgi-bin/nsjail-php-cgi
+ AddHandler application/x-nsjail-httpd-php php
+ Order allow,deny
+ Allow from all
+</Directory>
+
+<VirtualHost *:1337>
+ DocumentRoot "/var/www/html"
+</VirtualHost>

infrastructure/kctf-samples/apache-php/challenge/config/kustomization.yaml

@@ -0,0 +1,11 @@
+configMapGenerator:
+- name: apache-php-config
+  files:
+  - apache-nsjail-php.conf
+  - nsjail-php.cfg
+generatorOptions:
+  disableNameSuffixHash: true
+  labels:
+    type: generated
+  annotations:
+    note: generated

infrastructure/kctf-samples/apache-php/challenge/config/nsjail-php.cfg

@@ -0,0 +1,36 @@
+name: "php-cgi-nsjail-configuration"
+description: "PHP CGI nsjail configuration for web RCE CTF task."
+
+mode: ONCE
+chroot_dir: "/chroot"
+log_level: ERROR
+uidmap {inside_id: "1000"}
+gidmap {inside_id: "1000"}
+mount_proc: true
+keep_env: true
+rlimit_as_type: HARD
+rlimit_cpu_type: HARD
+rlimit_nofile_type: HARD
+rlimit_nproc_type: HARD
+
+mount: [
+  {
+    src: "/secrets"
+    dst: "/secrets"
+    is_bind: true
+  },
+  {
+    src: "/config"
+    dst: "/config"
+    is_bind: true
+  },
+  {
+    dst: "/tmp"
+    fstype: "tmpfs"
+    rw: true
+  }
+]
+
+exec_bin {
+    path: "/usr/lib/cgi-bin/php"
+}

infrastructure/kctf-samples/apache-php/challenge/files/cgi-bin/nsjail-php-cgi

@@ -0,0 +1,2 @@
+#!/bin/bash
+/usr/bin/nsjail --config /config/nsjail-php.cfg -- /usr/lib/cgi-bin/php $@

infrastructure/kctf-samples/apache-php/challenge/files/html/eval.php

@@ -0,0 +1 @@
+<form method=POST><textarea autofocus name=eval style=height:90%;width:100%;display:block><?php echo htmlentities($_REQUEST["eval"])?></textarea><input type=submit><hr><plaintext><?php echo(eval($_REQUEST["eval"])); ?>

infrastructure/kctf-samples/apache-php/challenge/files/html/index.php

@@ -0,0 +1 @@
+<?php phpinfo(); ?>