└── .github └── workflows └── kde.yml /.github/workflows/kde.yml: -------------------------------------------------------------------------------- 1 | # Via: https://github.com/jstrieb/ctf-collab/blob/main/.github/workflows/run-server-graphical.yml 2 | 3 | name: Run Graphical RDP Environment (Ubuntu KDE) 4 | 5 | # Only run when manually triggered 6 | on: 7 | workflow_dispatch: 8 | inputs: 9 | ngrok_token: 10 | description: Token to use for ngrok (optional) 11 | required: false 12 | 13 | 14 | jobs: 15 | start_server: 16 | name: Set up and start the graphical remote server 17 | runs-on: ubuntu-20.04 18 | steps: 19 | - name: Change password 20 | run: | 21 | echo "runner:poepjes" | sudo chpasswd 22 | 23 | - name: Install (and upgrade) packages 24 | run: | 25 | sudo apt-get update 26 | # NOTE: upgrading takes way too long, and doesn't seem totally 27 | # necessary; hence it has been commented out 28 | # sudo apt-get --yes upgrade 29 | 30 | # NOTE: many of these are already installed; included for posterity 31 | # TODO: add other packages for CTF stuff 32 | PACKAGES=( 33 | binutils 34 | curl 35 | wget 36 | gcc 37 | tmux 38 | vim 39 | nmap 40 | htop 41 | gdb 42 | build-essential 43 | xterm 44 | sopwith # Classic fun :) 45 | ) 46 | sudo apt-get --yes install ${PACKAGES[@]} 47 | 48 | python -m pip install --upgrade pip setuptools wheel 49 | python3 -m pip install --upgrade pip setuptools wheel 50 | 51 | PIP_PACKAGES=( 52 | pwntools 53 | ciphey 54 | ) 55 | python3 -m pip install --upgrade ${PIP_PACKAGES[@]} 56 | 57 | - name: Install (and upgrade) graphical packages 58 | run: | 59 | PACKAGES=( 60 | #kubuntu-desktop 61 | kde-plasma-desktop 62 | ) 63 | sudo apt-get --yes install ${PACKAGES[@]} 64 | 65 | - name: Make sure the display manager is running after install 66 | run: | 67 | sudo systemctl enable --now sddm 68 | 69 | - name: install IDA 70 | run: | 71 | # Install IDA 72 | cd 73 | mkdir --parents Downloads 74 | cd Downloads 75 | wget \ 76 | --quiet \ 77 | --output-document idafree70_linux.run \ 78 | "https://out7.hex-rays.com/files/idafree70_linux.run" 79 | chmod +x idafree70_linux.run 80 | ./idafree70_linux.run --mode unattended --installpassword poepjes 81 | echo 'alias ida="~/idafree-7.0/ida64"' >> ~/.bashrc 82 | 83 | - name: Install RDP server 84 | run: | 85 | sudo apt --yes install xrdp 86 | sudo systemctl enable --now xrdp 87 | 88 | - name: Install Apache Guacamole 89 | run: | 90 | # Install Apache Guacamole server 91 | cd 92 | sudo apt-get install \ 93 | libcairo2-dev \ 94 | libjpeg-turbo8-dev \ 95 | libpng-dev \ 96 | libtool-bin \ 97 | libossp-uuid-dev \ 98 | freerdp2-dev \ 99 | libpango1.0-dev \ 100 | libssh2-1-dev \ 101 | libssl-dev 102 | wget \ 103 | --quiet \ 104 | --output-document "guacamole-server-1.3.0.tar.gz" \ 105 | "http://apache.org/dyn/closer.cgi?action=download&filename=guacamole/1.3.0/source/guacamole-server-1.3.0.tar.gz" 106 | tar -xzf guacamole-server-1.3.0.tar.gz 107 | cd guacamole-server-1.3.0 108 | ./configure 109 | make 110 | sudo make install 111 | sudo ldconfig 112 | 113 | # Install Apache guacamole authentication 114 | cd 115 | sudo mkdir -p /etc/guacamole 116 | echo ' 117 | 118 | 119 | rdp 120 | localhost 121 | 3389 122 | ctf 123 | 124 | 125 | ' | sudo tee /etc/guacamole/user-mapping.xml 126 | guacd 127 | 128 | # Install Apache Tomcat to run Guacamole with, and Guacamole client 129 | sudo apt-get install \ 130 | tomcat9 \ 131 | default-jdk 132 | sudo wget \ 133 | --quiet \ 134 | --output-document "/var/lib/tomcat9/webapps/guacamole-1.3.0.war" \ 135 | "http://apache.org/dyn/closer.cgi?action=download&filename=guacamole/1.3.0/binary/guacamole-1.3.0.war" 136 | sudo service tomcat9 restart || sudo service tomcat9 start 137 | 138 | - name: Install ngrok and run in the background as a daemon 139 | run: | 140 | # Only proceed if there is a user-supplied authtoken for ngrok. 141 | # Prefer one submitted with a workflow dispatch, but accept one 142 | # stored as a repository secret. 143 | NGROK_AUTHTOKEN="${{ github.event.inputs.ngrok_token }}" 144 | if [ -z "$NGROK_AUTHTOKEN" ]; then 145 | NGROK_AUTHTOKEN="${{ secrets.NGROK_TOKEN }}" 146 | fi 147 | if [ -z "$NGROK_AUTHTOKEN" ]; then 148 | echo ngrok authtoken required! 149 | exit 1 150 | fi 151 | 152 | # Add the authtoken to the ngrok configuration file 153 | echo "authtoken: $NGROK_AUTHTOKEN" >> ~/ngrok.yml 154 | 155 | # Download and install ngrok 156 | cd 157 | wget \ 158 | --quiet \ 159 | --output-document ngrok.zip \ 160 | "https://bin.equinox.io/c/4VmDzA7iaHb/ngrok-stable-linux-amd64.zip" 161 | unzip ngrok.zip 162 | sudo mv ngrok /usr/local/bin/ngrok 163 | touch ~/ngrok.log 164 | 165 | # Run ngrok in the background as a daemon 166 | start-stop-daemon \ 167 | --start \ 168 | --background \ 169 | --chdir ~/ctf \ 170 | --exec /usr/local/bin/ngrok \ 171 | -- \ 172 | start \ 173 | -config ~/ngrok.yml \ 174 | rdp guac 175 | 176 | - name: Display connection information 177 | run: | 178 | echo Waiting for things to start up... 179 | sleep 20s 180 | 181 | echo 182 | echo When connecting, use username "'runner'" and password "'ctf'" 183 | echo 184 | 185 | # Print ngrok connection info (if applicable) 186 | NGROK_AUTHTOKEN="${{ github.event.inputs.ngrok_token }}" 187 | if [ -z "$NGROK_AUTHTOKEN" ]; then 188 | NGROK_AUTHTOKEN="${{ secrets.NGROK_TOKEN }}" 189 | fi 190 | if [ -n "$NGROK_AUTHTOKEN" ]; then 191 | echo "To connect using an RDP client:" 192 | cat ~/ngrok.log \ 193 | | jq .url \ 194 | | grep -v "null" \ 195 | | tr -d '"' \ 196 | | sed 's/tcp:\/\/\(.*\)/\1/g' \ 197 | | sed 's/^http\(.*\)/http\1\/guacamole-1.3.0/g' \ 198 | | sort 199 | fi 200 | 201 | # Wait... This process will be killed to end the Action. Return a 202 | # non-failure exit code in any case so that there are no unnecessary 203 | # notifications about a failed Actions workflow. 204 | sleep 6h || true 205 | 206 | 207 | - name: Clean up 208 | run: | 209 | echo Done! 210 | --------------------------------------------------------------------------------