Skip to content

mathyba/snowcrash

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

37 Commits

level00

level00

 
 

level01

level01

 
 

level02

level02

 
 

level03

level03

 
 

level04

level04

 
 

level05

level05

 
 

level06

level06

 
 

level07

level07

 
 

level08

level08

 
 

level09

level09

 
 

level10

level10

 
 

level11

level11

 
 

level12

level12

 
 

level13

level13

 
 

level14

level14

 
 

utils

utils

 
 

.gitignore

.gitignore

 
 

Dockerfile

Dockerfile

 
 

Makefile

Makefile

 
 

README.md

README.md

 
 

docker-compose.yml

docker-compose.yml

 
 

Repository files navigation

SnowCrash

A security project for 42 school

Installation

Set up the SnowCrash VM

This Virtual Machine image is provided by 42.

Create a linux virtual machine with the iso with the virtualization software of your choice, such as Oracle VM VirtualBox. Change network settings to Bridge Network.

The VM will load and display an IP address that you will need to fill in the docker-compose.yml.

Set up the snowcrash study project

Clone the project directory

git clone https://github.com/mathyba/snowcrash.git

Full set-up is provided with Docker and Docker-Compose If you don't have these installed, check out the official Docker and Docker-Compose doc and follow the guidelines for your distribution.

Configuration

In the docker-compose.yml:

  • change "VM" env variable for the VM's IP address obtained in the sction Set up the SnowCrash VM above.
  • change "CONTAINER" env variable for the one of the network interface (wifi or physical) chosen for the bridge network, as specified in the VM settings. Run ifconfig to list the interfaces.

Usage

Running the main "solver" container

Following commands should be run at the root level of the project directory:

Create all services and rebuild images if necessary:

docker-compose up --no-start --build

Run snow-crash project container in interactive mode:

docker-compose run solver

From there, you will have access to all the tools and config necessary to solve the challenge, as well as scripts automatizing level resolution.

If you want to handle the solver container without using docker-compose, here are some useful commands. In this case, you should uncomment the environment variables in the Dockerfile

Build the docker image:

docker build . -t "snowcrash-img"

Run the container and access project directory:

docker run -v $(pwd):/snowcrash/snowcrash --net host -ti snowcrash-img
  • Volumes give access to local project directory from within the container. This makes it possible to modify files without reloading the container.
  • Hosts ethernet are made visible from within the container, so that the container may communicate with the VM

Running the wireshark container

To solve level02 interactively, you will need wireshark and its graphic interface. Since this is not possible within the container, a dedicated container can be started with docker-compose:

docker-compose run wireshark

Head to your browser on https://localhost:14500 and enter a username of your choice and a password ("wireshark"). You should then have access to all of wireshark's tools and the files within the project directory.

Exercice resolution

Contrary to general practice in CTF challenges, a detailed walkthrough to solve the challenge in interactive mode is provided in each level directory. As many solutions to this project are already available online, it was felt that this would not be detrimental to the snow-crash challenge. Please note that explanations can be tediously thorough at times, or even leading through failed attempts before reaching the solution. The intent has been to record major steps in the (sometimes flawed) thought process of someone with no initial knowledge nor practice in security-related topics.

Useful websites and forum posts are provided in the walkthrough, when they have proved key to understanding or solving the challenge. However, if I had to keep and recommend immoderately only one resource, it would be this excellent First Introduction to System Exploitation.
This guide aims for a delicate balance between accessibility and completeness, to help beginners build their knowledge and understanding of what's happening and enable them to act purposefully.
If you go through it prior to solving Snow Crash, you will be much more proactive in your search for solutions.

Script usage

Scripts are provided to automate each level's resolution. Obtained level tokens will be stored, so once a level has been reached once, it may later be accessed directly. A Makefile is provided to facilitate the handling of scripts. Following commands should be run within the docker solver container:

To start solving levels starting with level00:

make solve

To start with a level XX between 00 and 14: Note that unless a token is stored in levelXX/Ressources/token, direct access to a level will fail. If a level is solved with a provided script, the next level's token will be stored.

make solve LEVEL=XX

To remove stored tokens and files created while solving challenges:

make clean

To check syntax and PEP8 compliance of python scripts:

make black

make pylint

About

Security project for 42 school

Resources

Readme
Activity

Stars

8 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages