-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathteam.yaml
173 lines (161 loc) · 6.21 KB
/
team.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Description: AWS CloudFormation template for Gateflag team config (user, ec2 instance) deployment.
Parameters:
EnvironmentName:
Type: String
Default: Gateflag
Description: A friendly environment name that will be used for namespacing all cluster resources.
CTFMachineAMI1:
Type: String
Default: ami-0015ec7d1ef8504ee
Description: The AMI ID for CTF challenge machine that will be created using EC2.
CTFMachineAMI2:
Type: String
Default: ami-0a1e7a1a9eaf0fdba
Description: The AMI ID for CTF challenge machine that will be created using EC2.
CTFEC2KeyPair:
Type: String
Default: test-infra-lks
Description: The KeyPair configuration to connect to EC2 instances.
FlagTakerScript:
Type: String
Default: https://raw.githubusercontent.com/chrisandoryan/Gateflag/main/dist/take_flag.py
Description: Script that automates the flag-taking process inside EC2 CTF instances.
CTFBoxLowPrivilegeUser:
Type: String
Default: ubuntu
Description: The name of low-privilege user inside Gateflag CTFBox.
# must be supplied correctly after deploy global
GateflagRestApiUrl:
Type: String
Default: GateflagRestApiUrl
Description: GateflagRestApiUrl
CTFUserGetFlagThroughAPIGateway:
Type: String
Default: CTFUserGetFlagThroughAPIGateway
Description: CTFUserGetFlagThroughAPIGateway
CTFRootGetFlagThroughAPIGateway:
Type: String
Default: CTFRootGetFlagThroughAPIGateway
Description: CTFRootGetFlagThroughAPIGateway
EC2InstanceProfile:
Type: String
Default: EC2InstanceProfile
Description: EC2InstanceProfile
EC2SecurityGroupGroupId:
Type: String
Default: EC2SecurityGroupGroupId
Description: EC2SecurityGroupGroupId
EC2Subnet:
Type: String
Default: EC2Subnet
Description: EC2Subnet
# be cautious, must assigned uniquely per instance
PrivateIpAddress:
Type: String
Default: 10.0.1.1
Description: Assigned internal IP address.
Resources:
# IAM Users Configuration
CTFUser:
Type: AWS::IAM::User
Properties:
UserName: __GATEFLAG__CTFUser__TEAM__
Tags:
- Key: Name
Value: __TEAM__
- Key: GateflagSpecificName
Value: __TEAM__
- Key: BoxLocalUserName
Value: !Ref CTFBoxLowPrivilegeUser
- Key: ManagedBy
Value: !Ref EnvironmentName
ManagedPolicyArns:
- !Ref CTFUserGetFlagThroughAPIGateway
CTFRoot:
Type: AWS::IAM::User
Properties:
UserName: __GATEFLAG__CTFRoot__TEAM__
Tags:
- Key: Name
Value: __TEAM__
- Key: GateflagSpecificName
Value: __TEAM__
- Key: BoxLocalUserName
Value: root
- Key: ManagedBy
Value: !Ref EnvironmentName
ManagedPolicyArns:
- !Ref CTFRootGetFlagThroughAPIGateway
CTFUserAccessKey:
Type: AWS::IAM::AccessKey
Properties:
UserName: !Ref CTFUser
CTFRootAccessKey:
Type: AWS::IAM::AccessKey
Properties:
UserName: !Ref CTFRoot
# EC2 Instance Establishment
CTFMachineEC2Instance:
Type: AWS::EC2::Instance
Properties:
InstanceType: t2.micro
PrivateIpAddress: !Ref PrivateIpAddress
KeyName: !Ref CTFEC2KeyPair
IamInstanceProfile: !Ref EC2InstanceProfile
SecurityGroupIds:
- !Ref EC2SecurityGroupGroupId
SubnetId: !Ref EC2Subnet
ImageId: !Ref CTFMachineAMI1
Tags:
# This tag is required to perform access keys rotation according to the team that this box belongs to (see lambda: RotateIAMKeysLambda).
- Key: Name
Value: __TEAM__
# This tag indicates that the box is Gateflag-managed so Gateflag could perform its automated managements.
- Key: ManagedBy
Value: !Ref EnvironmentName
UserData:
Fn::Base64: !Sub |
#!/bin/bash -xe
apt update -y
apt install -y awscli python3-pip
pip3 install boto3 requests
# Download and configure the flag-taking script
curl ${FlagTakerScript} -o /usr/local/bin/takeflag
chmod a+x /usr/local/bin/takeflag
# Configure AWS CLI with the access key ID and secret access key for CTFRoot
# Note: shell execution from the instance's UserData is always running as root privilege by default
aws configure set aws_access_key_id ${CTFRootAccessKey}
aws configure set aws_secret_access_key ${CTFRootAccessKey.SecretAccessKey}
aws configure set region ${AWS::Region}
# Set an environment variable for root user that points to the root_flag API gateway.
echo 'export FLAG_GATEWAY=${GateflagRestApiUrl}/root_flag' >> ~/.bashrc
# Configure AWS CLI with the access key ID and secret access key for CTFUser
su ${CTFBoxLowPrivilegeUser} -c "aws configure set aws_access_key_id ${CTFUserAccessKey}"
su ${CTFBoxLowPrivilegeUser} -c "aws configure set aws_secret_access_key ${CTFUserAccessKey.SecretAccessKey}"
su ${CTFBoxLowPrivilegeUser} -c "aws configure set region ${AWS::Region}"
# Set an environment variable for default user that points to the user_flag API gateway.
su ${CTFBoxLowPrivilegeUser} -c "echo 'export FLAG_GATEWAY=${GateflagRestApiUrl}/user_flag' >> ~/.bashrc"
# Add instruction on how to get the flag in this instance.
echo "Use /usr/local/bin/takeflag to get the user/root flag." > /tmp/CTF-README.txt
# Install AWS SSM Agent (for AMI without SSM pre-installed)
# mkdir /tmp/ssm
# cd /tmp/ssm
# wget https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/debian_amd64/amazon-ssm-agent.deb
# dpkg -i amazon-ssm-agent.deb
# systemctl enable amazon-ssm-agent
# systemctl start amazon-ssm-agent
Outputs:
CTFMachineInstanceId:
Value: !Ref CTFMachineEC2Instance
Description: Instance ID of the CTF EC2 instance
CTFMachinePublicIp:
Value: !GetAtt CTFMachineEC2Instance.PublicIp
Description: Public IP address of the CTF EC2 instance
CTFRoot:
Value: !GetAtt CTFRoot.Arn
Description: CTFRoot
CTFUser:
Value: !GetAtt CTFUser.Arn
Description: CTFUser