Skip to content

Commit

Permalink
Workspace: Use runtime secret instead of container id
Browse files Browse the repository at this point in the history
  • Loading branch information
@ConnorNelson
ConnorNelson committed Jan 12, 2024
1 parent 22f4f3f commit d64c02d
Show file tree
Hide file tree
Showing 3 changed files with 9 additions and 2 deletions.
2 changes: 1 addition & 1 deletion challenge/docker-entrypoint.d/39_start_gui.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@

mkdir -p /tmp/.dojo/vnc /home/hacker/.vnc

container_id="$(cat /proc/1/cgroup | tail -n 1 | awk -F '/' '{print $NF}')"
container_id="$(cat /.secret)"
password_interact="$(printf 'desktop-interact' | openssl dgst -sha256 -hmac "$container_id" | awk '{print $2}' | head -c 8)"
password_view="$(printf 'desktop-view' | openssl dgst -sha256 -hmac "$container_id" | awk '{print $2}' | head -c 8)"
printf '%s\n%s\n' "$password_interact" "$password_view" | tigervncpasswd -f > /tmp/.dojo/vnc/passwd
Expand Down
7 changes: 7 additions & 0 deletions dojo_plugin/api/v1/docker.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -89,6 +89,7 @@ def start_container(user, dojo_challenge, practice):
"dojo.challenge_description": dojo_challenge.description,
"dojo.user_id": str(user.id),
"dojo.mode": "privileged" if practice else "standard",
"dojo.secret": os.urandom(32).hex(),
},
mounts=[
docker.types.Mount(
Expand Down Expand Up @@ -175,6 +176,9 @@ def insert_challenge(user, dojo_challenge):
def insert_flag(flag):
exec_run(f"echo 'pwn.college{{{flag}}}' > /flag", shell=True)

def insert_secret(secret):
exec_run(f"echo '{secret}' > /.secret", shell=True)

def initialize_container():
exec_run(
"""
Expand Down Expand Up @@ -210,6 +214,9 @@ def initialize_container():
flag = "practice" if practice else serialize_user_flag(user.id, dojo_challenge.challenge_id)
insert_flag(flag)

secret = container.labels["dojo.secret"]
insert_secret(secret)

initialize_container()


Expand Down
2 changes: 1 addition & 1 deletion dojo_plugin/pages/workspace.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@


def container_password(container, *args):
key = container.id.encode()
key = container.labels["dojo.secret"].encode()
message = "-".join(args).encode()
return hmac.HMAC(key, message, "sha256").hexdigest()

Expand Down

0 comments on commit d64c02d

Please sign in to comment.