Skip to content

Instantly share code, notes, and snippets.

@tcarrio

tcarrio/FBCTF-ARM.md

Forked from anonymous/README.md
Last active May 14, 2016 17:16
Show Gist options
  • Save tcarrio/4fdd2ed310e23a3b54fd64da6b07435a to your computer and use it in GitHub Desktop.
Save tcarrio/4fdd2ed310e23a3b54fd64da6b07435a to your computer and use it in GitHub Desktop.
Download ZIP
fbctf-arm-notes
Raw
FBCTF-ARM.md

This is a collection of information on Facebooks CTF release on Github.

The idea is to create an ARM compatible release of the project that should be useable on Raspberry Pi systems.

The Github Page

Facebook CTF is available at /facebook/fbctf.

Observations on the Software Stack

Summary

While not available for ARM, this does not hinder the possibility of forking the project to Raspberry Pi's. ' Vagrant serves a standardized virtual machine instance that can be spun up using the Vagrantfile and any other scripts designated within in. For fbctf the following is including:

  • Vagrantfile
  • extra/provision.sh

Together, these create an Ubuntu 14.04 virtual machine using Virtualbox under a private IP which then runs the provision.sh script to setup all packages and configures the system. This lets the software run on an independent system requiring no local packages be installed outside of the required Vagrant software.

This is great news for systems with x86(_64) processors, however other systems such as SPARC/ARM/etc. will not be able to use this base instance since it relies on Vagrant for creation of the VM and packages that may not be available on other platforms.

The provision.sh script source lib.sh for functions such as installing/skipping packages, setting up mysql, running grunt, etc.

All of this can be reused in a fork with the exception of packages not compatible with ARM devices, where instead the instructions must be followed.

Raw
Grunt.md

Installing Grunt to ARM devices

Once npm has been installed, grunt can be installed and managed through there:

npm install grunt

Back to top

Raw
Hacklang.md

Running Hack files requires HHVM.

The Getting Started page for HHVM has information on basic setup of the HHVM for PHP/Hack files.

Also pay attention to configuration files for HHVM such as /extra/hhvm.conf

Back to top

Raw
HHVM.md
Raw
MySQL.md

Installing MySQL on ARM devices

Raspbian also includes ARM compiled packages of MySQL in it's repositories

sudo apt-get install mysql

should be sufficient in installing MySQL on a Raspbian instance.

fbctf offers a sample configuration file for the database at [/extras/settings.ini.example] and further SQL scripts for database setup under /database.

Back to top

Raw
Nginx.md

Installing Nginx on ARM devices

miniNodes posted a very recent article on Raspberry Pi 3s and installing nginx.

Nginx is compiled to ARM and available in the Raspbian repositories, including nginx along with many extras

  • libnginx-mod-...
  • nginx-common
  • nginx-doc
  • nginx-extras
  • ...

Installing and configuring the Nginx server with the provided configuration file at /extras/nginx.conf should be easy.

Back to top

Raw
Npm.md
Raw
Vagrant.md

Vagrant is not available on ARM devices

Vagrantfile:

# -*- mode: ruby -*-
# vi: set ft=ruby :

VAGRANTFILE_API_VERSION = "2"

Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
  config.vm.box = "ubuntu/trusty64"
  config.vm.network "private_network", ip: "10.10.10.5"
  config.vm.hostname = "facebookCTF-Dev"
  config.ssh.shell = "bash -c 'BASH_ENV=/etc/profile exec bash'"
  config.vm.provision "shell", path: "extra/provision.sh", privileged: false
  config.vm.provider "virtualbox" do |v|
    v.memory = 4096
    v.cpus = 4
  end
end

extra/provision.sh:

#!/bin/bash
#
# Facebook CTF: Provision script for vagrant dev environment
#
# Usage: ./provision.sh [dev | prod] [path_to_code]
#

DB="fbctf"
U="ctf"
P="ctf"
P_ROOT="root"
MODE=${1:-dev}
CODE_PATH=${2:-/vagrant}
CTF_PATH=${3:-/var/www/fbctf}

echo "[+] Provisioning in $MODE mode"

# We only create a new directory and rsync files over if it's different from the
# original code path
if [[ "$CODE_PATH" != "$CTF_PATH" ]]; then
    echo "[+] Creating code folder $CTF_PATH"
    [[ -d "$CTF_PATH" ]] || sudo mkdir -p "$CTF_PATH"

    echo "[+] Copying all CTF code to destination folder"
    sudo rsync -a --exclude node_modules --exclude vendor "$CODE_PATH/" "$CTF_PATH/"

    # This is because sync'ing files is done with unison
    if [[ "$MODE" == "dev" ]]; then
        echo "[+] Setting permissions"
        sudo chmod -R 777 "$CTF_PATH/"
    fi
fi

# There we go!
source "$CTF_PATH/extra/lib.sh"

# Ascii art is always appreciated
set_motd "$CTF_PATH"

# Off to a good start...
package language-pack-en
package emacs

# Adding repos for osquery (of course!), mycli and hhvm
repo_osquery
repo_mycli
repo_hhvm

# We only run this once so provisioning is faster
sudo apt-get update

# Install osquery and mycli
package osquery
package mycli

# Install memcached
package memcached

# Install htop
package htop

# Install MySQL
install_mysql "$P_ROOT"

# Install git
package git

# Install HHVM
install_hhvm "$CTF_PATH"

# Install Composer
install_composer "$CTF_PATH"
composer.phar install

# Install NPM and grunt
package npm
package nodejs-legacy
npm install
sudo npm install -g grunt
sudo npm install -g flow-bin

# Run grunt to generate JS files
run_grunt "$CTF_PATH" "$MODE"

# Install nginx
install_nginx "$CTF_PATH" "$MODE"

# Install unison 2.48.3
install_unison
log "Remember install the same version of unison (2.48.3) in your host machine"

# Database creation
import_empty_db "root" "$P_ROOT" "$DB" "$CTF_PATH" "$MODE"

# Make attachments folder world writable
sudo chmod 777 "$CTF_PATH/src/data/attachments"
sudo chmod 777 "$CTF_PATH/src/data/attachments/deleted"

log 'fbctf deployment is complete! Ready in https://10.10.10.5'

exit 0

Back to top

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment