A general purpose attack-defense range for zero-config deployment
- Drop each service into a folder in the
./servicesdirectory. Each service must have adocker-compose.ymlfile that defines the service, or adeploy.shwhich starts the service. (Services README). - Drop each checker script in the
./checkersdirectory. Each checker directory must be named the same as the service it corresponds to. (Checkers README). - Run
cp sample.env .envand modify the.envas desired for all configuration options - Run
bash scripts/install.shto install all dependancies. - Run
bash scripts/up.shto start the range. - Distribute the printed team links to each team, which will allow them to download the VPN configs and credentials.
To temporarily stop the range, run bash scripts/down.sh.
To delete all data associated with the range, run bash scripts/clear.sh.
Warning
scripts/clear.sh runs a docker image and volume prune. This can have unintended consequences if you have other docker containers on the host system. Use with caution.
Credentials for all services are printed to STDOUT during the range startup.
For local testing, you can get a shell inside the range environment with the command bash scripts/rangemaster.sh.
By default, frontend is at http://10.101.0.6:80 inside of the range and http://<server>:80 from outside the range.
As long as the SERVER_URL is properly set and port forwarding is enabled for UDP 51820, you can connect to the range from anywhere with the Wireguard client.
Wireguard configs are stored in the .docker/vpn directory, or can be downloaded from the API at http://<server>:8000/vpn/<team_id>/wg<vpn_id>.conf. (i.e. http://api/vpn/1/wg1.conf)
Note
Team IDs, Service IDs, and VPN IDs are all 1-indexed. This is to avoid subnetting/IP confusion.
By default, API is at http://10.101.0.2:80 inside the range and http://<server>:8000 from outside the range.
- To get all targets,
GET /hosts. - To get flag IDs,
GET /flagids. - To submit a flag,
POST /steal - To list scores,
GET /scores - To list detailed scoring checks,
GET /checks
For full API documentation, visit http://10.101.0.2/docs
The range network is defined in docker-compose.yaml:
- Range network:
10.100.0.0/15- Infrastructure subnet:
10.101.0.0/16- VPN Server:
10.101.0.1(hostnamevpn) - NAT Source for all traffic (players and checkers) - API:
10.101.0.2(hostnameapi) - Docker Registry:
10.101.0.3(hostnameregistry) - Rangemaster:
10.101.0.5(hostnamerangemaster) - For troubleshooting - Frontend:
10.101.0.6(hostnamefrontend)
- VPN Server:
- Team subnet:
10.100.<team_id>.0/24- Service host:
10.100.<team_id>.<service_id>(hostnameteam<team_id>-<service_name>- i.e.team1-web)
- Service host:
- Infrastructure subnet:
- Internal network:
10.102.0.0/16- Ticker:
10.102.0.1(hostnameticker) - API:
10.102.0.2(hostnameapi) - DB:
10.102.0.3(hostnamedb) - Rangemaster:
10.102.0.5(hostnamerangemaster) - Frontend:
10.102.0.6(hostnamefrontend)
- Ticker:
- Checker network:
10.103.0.0/16- VPN Server:
10.103.1.1(hostnamevpn) - Ticker:
10.103.1.2(hostnameticker) - Docker Registry:
10.103.1.3(hostnameregistry) - Rangemaster:
10.103.1.5(hostnamerangemaster) - Checker:
10.103.2.<service_id(hostnamechecker-<service_name>- i.e.checker-web)
- VPN Server:
-
SECCONF (argv) ~40 services: https://github.com/HITB-CyberWeek
-
ICC (checklib) ~15 services: https://github.com/CybersecNatLab
-
HACKERDOM (custom/checklib) ~40 services: https://github.com/HackerDom
-
C4T-BUT-S4D (checklib) ~30 services: https://github.com/C4T-BuT-S4D
-
FAUST (faust) ~50 services: https://github.com/fausecteam
-
More: (checklib dependants): https://github.com/pomo-mondreganto/checklib/network/dependents
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License. This work may be freely used, modified, and distributed for non-commercial activites. Express permissions by Blackslash Technology Solutions is required for commercial use of this work (defined as any use, modification, deployment, or distribution of this work in exchange for payment, goods, or services).
Copyright 2024 Blackslash Technology Solutions. All rights reserved.
