WIP: Adds Dockerfiles and enhancements for weekly tasks

Lab1_Fuzzing/Dockerfile

@@ -0,0 +1,49 @@
+FROM debian:11 AS afl_builder
+WORKDIR /opt
+RUN apt-get update && apt-get --no-install-recommends -y install ca-certificates build-essential
+RUN echo "LLVM Toolchain and GCC" \
+    && apt-get install --no-install-recommends -y \
+    llvm-13 llvm-13-dev lld-13 clang-13
+RUN echo "GCC dev deps" \
+    && apt-get install --no-install-recommends -y \
+    gcc-$(gcc --version|head -n1|sed 's/\..*//'|sed 's/.* //')-plugin-dev \
+    libstdc++-$(gcc --version|head -n1|sed 's/\..*//'|sed 's/.* //')-dev
+RUN echo "AFL++ Deps" \
+    && apt-get install --no-install-recommends -y \
+    build-essential python3-dev automake \
+    cmake git flex bison libglib2.0-dev \
+    libpixman-1-dev python3-setuptools cargo \
+    libgtk-3-dev
+RUN echo "Install AFL++" \
+    && git clone https://github.com/AFLplusplus/AFLplusplus \
+    && cd AFLplusplus \
+    && export LLVM_CONFIG='llvm-config-13' \
+    && make source-only
+
+FROM debian:11 AS radamsa_builder
+WORKDIR /opt
+RUN apt-get update && apt-get --no-install-recommends -y install ca-certificates build-essential
+RUN echo "Radamsa Deps" \
+    && apt-get --no-install-recommends -y \
+    install wget make gcc git
+RUN echo "Install Radamsa" \
+    && git clone https://gitlab.com/akihe/radamsa.git \
+    && cd radamsa \
+    && make
+
+FROM debian:11 AS final_stage
+COPY --from=afl_builder /opt/AFLplusplus /opt/AFLplusplus
+COPY --from=radamsa_builder /opt/radamsa/bin/radamsa /usr/bin/radamsa
+RUN apt-get update && apt-get --no-install-recommends -y install ca-certificates build-essential \
+    python3-dev python3-setuptools llvm-13 llvm-13-dev lld-13 clang-13 \
+    libglib2.0 valgrind \
+    git cmake make wget curl nano python3-pip \
+    && cd /opt/AFLplusplus  \
+    && make install  \
+    && rm -rf /opt/AFLplusplus \
+    && ln /usr/bin/clang-13 /usr/bin/clang
+RUN useradd -ms /bin/bash -G sudo -u 69 compsec \
+    && mkdir -p /home/compsec/.local/bin
+ENV PATH=/home/compsec/.local/bin:$PATH
+USER compsec
+WORKDIR /home/compsec

Lab1_Fuzzing/docker-compose.yml

@@ -0,0 +1,12 @@
+version: "3"
+services:
+  week1:
+    image: compsec/week1:latest
+    container_name: compsec-week1-fuzz
+    build:
+      context: .
+      dockerfile: Dockerfile
+    volumes:
+      - './shared:/home/compsec/shared'
+      - './misc:/home/compsec/misc:ro'
+    entrypoint: /bin/bash

Lab2_Network/csrfserver/csrf.Dockerfile

@@ -0,0 +1,5 @@
+FROM python:3.9-alpine
+WORKDIR /opt/csrfserver
+RUN pip3 install fastapi uvicorn
+EXPOSE 80
+ENTRYPOINT python3 -m uvicorn app:app --host=0.0.0.0 --port=80 --reload

Lab2_Network/csrfserver/main.py

@@ -0,0 +1,18 @@
+from fastapi import FastAPI, Request
+from fastapi.responses import JSONResponse
+
+app = FastAPI(default_response_class=JSONResponse)
+
+
+@app.get('/')
+def example():
+    return {
+        'Hello': 'World',
+        'guide': 'You can modify this server skeleton to receive your CSRF results. '
+                 'The server will auto-reload on save.'
+    }
+
+
+@app.post('/')
+def post(r: Request):
+    return {**r.query_params}

Lab2_Network/docker-compose.yml

@@ -0,0 +1,32 @@
+version: "3"
+services:
+  juiceshop:
+    image: bkimminich/juice-shop:v8.7.2
+    container_name: compsec-week2-juiceshop
+    ports:
+      - '127.0.0.1:3000:3000'
+  webserver:
+    image: nginx:latest
+    container_name: compsec-week2-webserver
+    ports:
+      - '127.0.0.1:3001:80'
+    volumes:
+      - './webserver:/usr/share/nginx/html'
+  muumitalo:
+    build:
+      context: muumitalo
+      dockerfile: muumitalo.Dockerfile
+    image: compsec/muumitalo:latest
+    container_name: compsec-week2-muumitalo
+    ports:
+      - '127.0.0.1:3002:80'
+  csrf:
+    build:
+      context: csrfserver
+      dockerfile: csrf.Dockerfile
+    image: compsec/csrfserver:latest
+    container_name: compsec-week2-csrfserver
+    ports:
+      - '127.0.0.1:3003:80'
+    volumes:
+      - './csrfserver/main.py:/opt/csrfserver/app.py'

Lab2_Network/muumitalo/README.md

@@ -0,0 +1,38 @@
+# Muumitalo
+
+## How to start
+
+Can be run with docker by using the compose file in the main directory
+
+## How to use
+
+You find Muumipappa at the endpoint `localhost:3002/ovi`. You have to answer his question correctly in order to get
+inside Muumitalo. The answering is done by sending a POST request to the endpoint. Content of the request should be in
+the following format: 
+
+`method: POST, url: localhost:3002/ovi?answer=vaapukkamehu`.
+
+Example:
+
+> curl -G -X POST -d "answer=vaapukkamehu" http://localhost:3002/ovi
+
+### Task
+
+After watching few too many hacker movies, Muumipappa became paranoid and started to think that Moominvalley's most
+infamous hacker, Haisuli, was trying to steal a draft of his precious memoirs, so he decided to lock himself inside the
+Muumitalo. Muumipappa said he will only open the door to people who know him well enough to guess his favourite drink.
+Luckily you know that the correct answer is `vaapukkamehu`, but unfortunately the hacker film marathon also made
+Pappa obsessed with "l33t 5p34k".
+
+Your task is to get Muumipappa to open Muumitalo's door by sending him a POST request that contains the correct "l337
+5p34ky" version of the word `vaapukkamehu`. You have to guess the right spelling of the word by trying different
+mutations.
+
+Attempt the following mutations:
+
+* Change letters to lower/uppercase
+* "l337 5p34k1fy" it. (The only characters you have to worry are a and e. A can potentially be 4 and e can be 3. The
+  correct word could be for instance vA4PukKaM3hu).
+
+Server will return 404 if you guessed wrong, 200 if you guessed right and something else if it breaks down due to
+improper input.

Lab2_Network/muumitalo/muumitalo.Dockerfile

@@ -0,0 +1,6 @@
+FROM python:3.9-alpine
+WORKDIR /opt/muumitalo
+RUN pip3 install fastapi uvicorn
+COPY muumitalo.py muumitalo.py
+EXPOSE 80
+ENTRYPOINT python3 -m uvicorn muumitalo:app --host=0.0.0.0 --port=80

Lab2_Network/muumitalo/muumitalo.py

@@ -0,0 +1,44 @@
+import hashlib
+import secrets
+
+from fastapi import FastAPI, Request
+from fastapi.responses import JSONResponse
+
+app = FastAPI(default_response_class=JSONResponse)
+
+
+@app.get('/')
+def portaat(r: Request):
+    return {
+        'Muumi': 'MuumiMamma',
+        'answer': 'MuumiPappa has gone crazy.'
+                  ' He is blocking the door and won\'t let anyone inside unless you guess his favourite drink!'
+                  ' I know he loves vaapukkamehu,'
+                  ' but I guess after watching all those hacker movies'
+                  ' he is expecting a little twist to the name of the drink.'
+                  ' Go there and bombard him with answers until he comes out! He is located at '
+                  f'{r.url_for("ovi_get")}'
+    }
+
+
+@app.get('/ovi')
+def ovi_get():
+    return {
+        'Muumi': 'MuumiPappa',
+        'answer': 'C4n u P05T my f4v0ur1t3 dr1nk?'
+    }
+
+
+@app.post('/ovi')
+def ovi_post(answer: str):
+    hashed_pass = hashlib.sha1(answer.encode('utf-8')).hexdigest()
+    if secrets.compare_digest('171108b4c4ca0983911f6af233de18879ae96bbd', hashed_pass):
+        return JSONResponse(status_code=200, content={
+            'Muumi': 'MuumiPappa',
+            'answer': 'W0nd3rful! That\'s it!'
+        })
+    else:
+        return JSONResponse(status_code=404, content={
+            'Muumi': 'MuumiPappa',
+            'answer': 'Th4t is n0t it!'
+        })

Lab2_Network/webserver/index.html

@@ -0,0 +1,6 @@
+<!DOCTYPE html>
+<html lang="en-us">
+<body>
+Hello World
+</body>
+</html>