PlexSheep
/
wooly-vault
generated from PlexSheep/rs-base
1
0
Fork 0
Code Issues 9 Pull Requests Actions Packages Projects Releases Wiki Activity
Small challenge for hackers/rust programmers
57 Commits 3 Branches 0 Tags 319 KiB
Rust 66.6%
HTML 21.1%
Python 6.1%
CSS 3.2%
Shell 2.3%
Other 0.7%
Go to file
Christoph J. Scherr 049421ffac
cargo devel CI / cargo CI (push) Successful in 1m55s Details
refactor(cli): simplify the cli, starting admin and all channenges 
no challenge id in cli anymore, give a base addr for the challenges and
an admin addr
 		2024-10-12 17:25:10 +02:00
.gitea/workflows initial commit 2024-09-05 15:49:56 +02:00
.github/workflows initial commit 2024-09-05 15:49:56 +02:00
data/www fix(meta): fix header position somewhat 2024-09-11 23:00:04 +02:00
scripts initial commit 2024-09-05 15:49:56 +02:00
solutions fix: adjust solutions to new ports and fix solution 2 2024-09-08 04:18:56 +02:00
src refactor(cli): simplify the cli, starting admin and all channenges 2024-10-12 17:25:10 +02:00
.gitignore feat(logging): precise and understandable logging 2024-09-08 01:37:05 +02:00
Cargo.toml feat(meta): make datastructures ready for multiple challenges 2024-09-08 02:28:49 +02:00
Dockerfile feat(docker): expose admin interface from docker 2024-09-07 20:01:49 +02:00
LICENSE initial commit 2024-09-05 15:49:56 +02:00
README.md docs: readme make it officially a ctf-hosting platform 2024-09-09 12:15:23 +02:00
docker-compose.yml feat(docker): expose admin interface from docker 2024-09-07 20:01:49 +02:00

README.md

Wooly-Vault

Managing Platform for Hacking challenges, written in Rust 🦀.

Wooly-Vault is a small platform for hosting CTF-like hacking challenges. It is currently in the early stages of development.

Configuration

Each challenge requires some basic information to host:

  • secret - a string that if found signifies that the challenge was solved

  • addr - the network adress plus port the challenge should run on

  • verbosity - how verbose the logging should be

  • challenge - which challenge to host (there are a few)

The secret cannot be inputted with a command line argument, because the arguments can often be seen in the process view. You may either specify a secret in the 'WOOLY_SECRET' environment variable or input it interactively on start.

Challenges

There are a number of challenges:

  1. Connect by TCP

  2. Connect by TCP and send a special u16

  3. Connect by TCP, get sent dynamic math questions, solve them fast enough

Solution

Solutions for some challenges can be found in solutions. Don't spoil the challenge for yourself.

Hosting

As this is a challenge meant for hackers, it is advisable not to run this on a system that should not be hacked. Some of the later challenges will possibly provide remote code execution through things like SQL-injection. For this reason, you should probably use some kind of VM, or at least a container to host this.

Docker

Wooly-Vault has a Dockerfile and a docker compose specification, so you can run it easily in a docker container:

WOOLY_SECRET=my_flag docker compose up

To configure what challenge is served and on what networking adress, tweak docker-compose.yml.

The regular way

You can just cargo run -r it, or compile with cargo build -r and then execute the executable.

$ WOOLY_SECRET=my_flag wooly-vault 3 127.0.0.1:1337

$ WOOLY_SECRET=my_flag cargo run -r -- 3 127.0.0.1:1337

Naming

Q: Why is Wooly-Vault wooly?

A: I like sheeps. I'm literally PlexSheep.