pwncollege · supercoolspy · Jul 23, 2024 · Jul 24, 2024 · Jul 24, 2024 · Jul 24, 2024
diff --git a/workspace/additional/additional.nix b/workspace/additional/additional.nix
@@ -7,6 +7,8 @@ let
     flask
     pwntools
   ]);
+
+  linux-vm = import ../vm/linux/linux.nix { inherit pkgs service; };
 in
 {
   packages = with pkgs; [
@@ -25,5 +27,5 @@ in
     wireshark
     nmap
     tcpdump
-  ];
+  ] ++ linux-vm.packages;
 }
diff --git a/workspace/flake.nix b/workspace/flake.nix
@@ -15,7 +15,7 @@
               allowUnfree = true;
             };
           };
-
+          
           init = import ./init.nix { inherit pkgs; };
           ssh-entrypoint = import ./ssh-entrypoint.nix { inherit pkgs; };
           service = import ./services/service.nix { inherit pkgs; };
@@ -38,7 +38,7 @@
           '');
 
           additional = import ./additional/additional.nix { inherit pkgs; };
-
+          
           corePackages = with pkgs; [
             bashInteractive
             cacert
@@ -87,4 +87,4 @@
 
     defaultPackage.x86_64-linux = self.packages.x86_64-linux;
   };
-}
+}
diff --git a/workspace/init.nix b/workspace/init.nix
@@ -27,6 +27,9 @@ let
     echo "hacker:x:1000:1000:hacker:/home/hacker:$DEFAULT_PROFILE/bin/bash" >> /etc/passwd
     echo "root:x:0:" >> /etc/group
     echo "hacker:x:1000:" >> /etc/group
+    echo "sshd:!:33:" >> /etc/group
+    echo "sshd:x:71:65:SSH daemon:/var/empty:/bin/false" >> /etc/passwd
+
 
     mkdir -pm 1777 /run/dojo /tmp
     echo $DOJO_AUTH_TOKEN > /run/dojo/auth_token

diff --git a/workspace/vm/linux/init b/workspace/vm/linux/init
@@ -0,0 +1,48 @@
+#!/bin/sh
+
+set -e
+
+export PATH=/run/current-system/sw/bin
+
+mount -t proc proc /proc
+mount -t sysfs sys /sys
+mount -t tmpfs tmp /tmp
+mount -t devpts -o x-mount.mkdir devpts /dev/pts
+mount -t 9p -o trans=virtio,version=9p2000.L,nosuid /home/hacker /home/hacker
+
+ln -s /proc/self/fd /dev/fd
+ln -s /proc/self/fd/0 /dev/stdin
+ln -s /proc/self/fd/1 /dev/stdout
+ln -s /proc/self/fd/2 /dev/stderr
+
+sysctl -w fs.protected_fifos=1
+sysctl -w fs.protected_hardlinks=1
+sysctl -w fs.protected_regular=2
+sysctl -w fs.protected_symlinks=1
+
+# `hostname` command does not allow '_'
+@python@ - <<'EOF'
+import socket
+with open("/etc/hostname") as f:
+  hostname = f.read().strip()
+  socket.sethostname(f"vm_{hostname}"[:64])
+EOF
+
+ip link set dev lo up
+ip addr add 10.0.2.15/24 dev eth0
+ip route add 10.0.2.0/24 via 10.0.2.2 dev eth0 2>/dev/null || true  # Error: Nexthop has invalid gateway.
+ip link set dev eth0 up
+
+find /challenge -name '*.ko' -exec /usr/sbin/insmod {} \;
+
+service start vm-linux/sshd /run/current-system/sw/bin/sshd -D -f @sshd_config@
+
+if [ -e /challenge/.initvm ]; then
+	. /challenge/.initvm
+fi
+
+if [ -e /usr/sbin/docker-init ]; then
+    exec /usr/sbin/docker-init /bin/sleep -- 6h
+else
+    exec /bin/sleep 6h
+fi
diff --git a/workspace/vm/linux/initrd.nix b/workspace/vm/linux/initrd.nix
@@ -0,0 +1,21 @@
+{ pkgs, ssh }:
+# { virtiofsd, qemu, openssh, start-stop-daemon, coreutils }:
+with pkgs;
+
+stdenv.mkDerivation {
+  name = "initrd";
+  version = 0.1;
+
+  src = ./init;
+  dontUnpack = true;
+
+  # Modify UsePrivilegeSeparation no
+
+  installPhase = ''
+    mkdir -p $out/bin
+    substitute $src $out/bin/init \
+      --subst-var-by python "${pkgs.python3}/bin/python3" \
+      --subst-var-by sshd_config "${ssh}/etc/ssh/sshd_config"
+    chmod +x $out/bin/init
+  '';
+}