The Spawn2Pwn project was originally created to address destructive NorthSec challenges, as many of them require the user to gain elevated privileges or modify an asset on the server. Needless to say, this is problematic in an environment like RingZer0 where every container is shared among all participants. This is where this project comes into play. It allows a user to spawn a track of any available track and start hacking it without any interference from other participants.
The following commands must be sent to the bot on Discord. Either in the #r0-bot channel or by communicating directly with the bot (direct messages).
To see the amount of credits that you have to extend or spawn a track. The credits are completely free and will recharge overtime. Don't worry about lacking credits, it's very permissive.
To destroy a spawned track.
To extend the life span of a spawned track. This does NOT add more time but rather set the spawned date to now, and thus resetting the counter to 0.
To reset the spawned track to its former glory. Meaning that it will restore every instance of the spawned track to the original snapshot (use only if your track is broken).
To spawn a track from available tracks.
To display every spawned tracks or a specific track when {availableTrackId|spawnedTrackId} is provided.
To display every available tracks to spawn or a specific track when {availableTrackId} is provided.
This project uses WireGuard to let the participant connect to their spawned track environment. You can start by downloading and installing WireGuard (https://www.wireguard.com/install/ or search it online if you don't trust this link).
Then, you can either let the bot generate your private/public key pair or generate your own pair.
If you wish to create a preshared key as well, which increase the strength of the encryption, you can either use the bot to generate one for you or create your own.
Everytime you spawn a track, the bot will give you your WireGuard configuration. Once you get that configuration:
To delete the preshared key from your configuration.
This command will let the bot generate a set of private/public keys for you to use. If you prefer using your own generated private key, you can simply send your public key using the Set Public Key command.
This command will let the bot generate a preshared key for you to use. If you prefer using your own generated preshared key, you can simply send your preshared key using the Set Preshared Key command.
To set a preshared key for your configuration. Important note: This command can only be used by directly messaging the bot on Discord.
To set a public key for your configuration.
To view your WireGuard configuration. Can only be used if you have a active spawned track.
Available Track: In a CTF, we can often see a track that contains multiple flags or challenges. Since this project contains tracks to deploy and deployed tracks, we had to come up for two different names. Available Track stands for a template track ready to be deployed.
CTF: Capture The Flag. In a context of cyber security, it represents a form of competition where a participant has to find a string that proves the completion of a challenge.
Credits: For this project, a participant has two types of credit. Spawn credits are used to spawn or reset a spawned track. Extend credits are used to extend a spawned track.
Delete: Same as Destroy.
Deploy: Same as Spawn.
Discord: Social platform used by RingZer0 CTF community to exchange about cyber security, ask for help or use the Spawn2Pwn project. More information here.
Destroy: To entirely destroy a track that was spawned by the participant. If the participant does not have any more spawned track, their WireGuard access will be deleted as well.
Extend: To extend the life span of a spawned track. This effectively set the spawned date to now and thus reset the life span counter. Meaning that you can't exceed the maximum life span by using the extend command. Using this command will use an extend credit.
Preshared Key: This key should remain private between the participant and the server. They both need to have the same exact key in order for this to work. One can view this as a symmetric encryption/decryption key. This key is used to strengthen the WireGuard encrypted communications.
Private Key: One of two keys necessary in an asymmetric cryptography. This key is the one that should remain obviously private. This key is used to decrypt WireGuard encrypted communications.
Public Key: One of two keys necessary in an asymmetric cryptography. This key is the one that one would want to share for others to encrypt messages that only one could decrypt with their private key. This key is used to encrypt WireGuard communications. The participant must know the server's public key and vice versa for the communications to properly works.
Reset: To reset a spawned track to what it was when spawned. Meaning that when a track is spawned, a snapshot is taken before the firewall rules and when the participant uses this command, it will restore the snapshot for every instance of the spawned track. Using this command will use an spawn credit.
Restore: Same as Reset.
Spawn: To spawn a track from the available tracks. This command copies an available track in addition to creation of the participant WireGuard configuration and every firewall rules necessary to restrict the participant to the newly created spawned track. Plus the restriction for the spawned track to only be able to access the participant's WireGuard dedicated IP address. Using this command will use an spawn credit.
Spawn2Pwn: Name of the project. Spawn a track to pwn it.
Spawned Track: In a CTF, we can often see a track that contains multiple flags or challenges. Since this project contains tracks to deploy and deployed tracks, we had to come up for two different names. Spawned Track stands for a track that was deployed by a participant.
Status: To obtain the status of one or multiple spawned tracks.
Track: A set of one or multiple machines that contains one or multiple challenges.
WireGuard: A free-to-use VPN product that RingZer0 CTF decided to use for this project for it's flexibility, speed and ease to use. More information here.