search

pwncollege / dojo

Infrastructure powering the pwn.college dojo
https://pwn.college
BSD 2-Clause "Simplified" License
286 stars 89 forks source link

Private Dojos #43

Closed ConnorNelson closed 2 years ago

ConnorNelson commented 2 years ago

We want to support private dojos hosted within a dojo. This makes it significantly easier to create a private instance, without needing to spin up a fully isolated instance on its own server, managing upgrades, mirroring changes, etc. Of course, we still want the dojo to be fully open source to allow people to spin up their own instances with arbitrary modifications if they want to.

This is how it will work. Within the settings, users will be able to enter/join/initialize private dojos.

image

A user may have one private dojo associated with their account (if for some reason they need more, for now they will need to create additional accounts). They can set a name for the private dojo, and upon initializing, a unique code will be generated.

Users may join a private dojo with the unique code.

From there, users may arbitrarily "enter" the private dojos they have joined, as well as the global dojo. The currently "entered" dojo will impact the scoreboard that they see, as well as the modules/challenges.

Tasks

ConnorNelson commented 2 years ago

It may be helpful to document what the "Global Dojo" 's config is; as of this post it is:

- name: Introduction
  permalink: introduction
  lectures:
    - name: "Introduction: What is Computer Systems Security"
      video: bJTThdqui0g
      playlist: PL-ymxv0nOtqrxUaIefx0qEC7_155oPEb7
      slides: 1YlTxeZg03P234EgG4E4JNGcit6LZovAxfYGL1YSLwfc

- name: Program Interaction
  permalink: interaction
  challenges:
    - category: embryoio
  deadline: 2021-08-31 23:00:00
  late: 0.75
  lectures:
    - name: "Program Interaction: Linux Command Line"
      video: w7nQFk6bi_k
      playlist: PL-ymxv0nOtqqQ4NR1JnbWoHNm0Q8EspO1
      slides: 1aiHdtSm8xoT0u2XcTo3qYGes5GY__-PK-FlVyNBQAfY
    - name: "Program Interaction: Binary Files"
      video: nKqFeYJ483U
      playlist: PL-ymxv0nOtqqQ4NR1JnbWoHNm0Q8EspO1
      slides: 1wrX8tvwaxIEk5hx4OtQmPqps-MScIaDO-9bTKQqr8vI
    - name: "Program Interaction: Linux Process Loading"
      video: kUMCAzSOY-o
      playlist: PL-ymxv0nOtqqQ4NR1JnbWoHNm0Q8EspO1
      slides: 1TwM5WLWnTqrNkpXjGKkaXYbKZEpatEQYA7ckBVXAOhs
    - name: "Program Interaction: Linux Process Execution"
      video: Vtb5wIlthRg
      playlist: PL-ymxv0nOtqqQ4NR1JnbWoHNm0Q8EspO1
      slides: 1ezY9Q8I0tzDD-7ZDXMbQM5RQ7z1dvB9-U_nDEhc6qdE

- name: Program Misuse
  permalink: misuse
  challenges:
    - category: babysuid
  deadline: 2021-08-31 23:00:00
  late: 0.5
  lectures:
    - name: "Program Misuse: Privilege Escalation"
      video: ZWxYWdiXqD8
      playlist: PL-ymxv0nOtqoaG9YCGR36tCfRoXqVcE1E
      slides: 1EB7dL5gx3pQlPDqZSEqTtlDiJRZmHGbqRnwxgm4feuw
    - name: "Program Misuse: Mitigations"
      video: kzbyvr_PJ9k
      playlist: PL-ymxv0nOtqoaG9YCGR36tCfRoXqVcE1E
      slides: 1pvWd6n4UN3lZ1BdRySWDl80iEYGRJj9VC5exbYlGdAg

- name: Assembly Refresher
  permalink: asm
  challenges:
    - category: embryoasm
  deadline: 2021-09-07 23:00:00
  late: 0.5
  lectures:
    - name: "Assembly Refresher: Computer Architecture"
      video: 9jc0eSnrzF4
      playlist: PL-ymxv0nOtqp88cekzw40aqV0WOw-WYer
      slides: 1sVyPL92gbzg_it9aIeC-CjXtF2tpvAmZTKjWc-SlU0c
    - name: "Assembly Refresher: Assembly"
      video: ImdnOGNZflU
      playlist: PL-ymxv0nOtqp88cekzw40aqV0WOw-WYer
      slides: 1pN0nuhQIhn92QBitMznFNSRABDkMtbUW4MEJBYFwtwM

- name: Shellcode Injection
  permalink: shellcode
  challenges:
    - category: babyshell
  deadline: 2021-09-09 23:00:00
  late: 0.5
  lectures:
    - name: "Shellcode Injection: Introduction"
      video: 715v_-YnpT8
      playlist: PL-ymxv0nOtqomtHqMqqgpuvWdVSs9NCBK
      slides: 1kkfh-dhgxfIZPB1ziyW2JQiC1MbQWn8c7e24kOoDxJ4
    - name: "Shellcode Injection: Common Challenges"
      video: i1jXV8W-CYQ
      playlist: PL-ymxv0nOtqomtHqMqqgpuvWdVSs9NCBK
      slides: 1BHsKKkodMLXcHyqJCU0wDgexQ8jHEEiAU9Uq_Z9mibY
    - name: "Shellcode Injection: Data Execution Prevention"
      video: GH4NBLtPmyo
      playlist: PL-ymxv0nOtqomtHqMqqgpuvWdVSs9NCBK
      slides: 1tH6jbnpX2_T5ZeDzZBfpLZ-ngpIZp3g25PPQaTr52JU

- name: Sandboxing
  permalink: sandbox
  challenges:
    - category: babyjail
  deadline: 2021-09-16 23:00:00
  late: 0.5
  lectures:
    - name: "Sandboxing: Introduction"
      video: Ide_eg-eQZ0
      playlist: PL-ymxv0nOtqoxTT-GIMLKt_i4zPKi2HlI
      slides: 1TpMjTimroiC3Jm0dsteHWEUw06yZ5Oh7iM8YBmbOUkI
    - name: "Sandboxing: chroot"
      video: C81lO7pG5aA
      playlist: PL-ymxv0nOtqoxTT-GIMLKt_i4zPKi2HlI
      slides: 1AWl9Gko_L1kDLBtrTFB3EohQU4vQjykpQE5dm9uxYi0
    - name: "Sandboxing: seccomp"
      video: hrT1xvxGKS4
      playlist: PL-ymxv0nOtqoxTT-GIMLKt_i4zPKi2HlI
      slides: 1jOTktFSo-TwQklYdsOyC3f-2ba8XuJA8ZFWHjMQyQVI
    - name: "Sandboxing: Escaping seccomp"
      video: h1L9mF6PHlQ
      playlist: PL-ymxv0nOtqoxTT-GIMLKt_i4zPKi2HlI
      slides: 1tkBhW2JG-_jRaRDwSpuUYdT-Dg-odtZTdqanQu8vqow

- name: Debugging Refresher
  permalink: gdb
  challenges:
    - category: embryogdb
  deadline: 2021-09-28 23:00:00
  late: 0.5

- name: Reverse Engineering
  permalink: reversing
  challenges:
    - category: babyrev
  deadline: 2021-09-30 23:00:00
  late: 0.5
  lectures:
    - name: "Reverse Engineering: Introduction"
      video: ClVocVk1c5g
      playlist: PL-ymxv0nOtqrGVyPIpJeostmi7zW5JS5l
      slides: 1hw_STBTJh4xqMv4TZAPRqt2rYIEAXXaCQlaBetxUufU
    - name: "Reverse Engineering: Functions and Frames"
      video: 3IdeyjrMBA4
      playlist: PL-ymxv0nOtqrGVyPIpJeostmi7zW5JS5l
      slides: 125gIw6rNKvwa-1DO6j3HTWbWtr2q3xD2coTCb0CgmAw
    - name: "Reverse Engineering: Data Access"
      video: AtVprTb5xBs
      playlist: PL-ymxv0nOtqrGVyPIpJeostmi7zW5JS5l
      slides: 154CQfQtpleaAQv9xNI1FVosbXc_18VZvXVpcs9Ljzzo
    - name: "Reverse Engineering: Static Tools"
      video: ls4Eoew6aSY
      playlist: PL-ymxv0nOtqrGVyPIpJeostmi7zW5JS5l
      slides: 1GcRLX3-cD9eLweEixmBPfawY7viOQWApG7E_HFfqHQQ
    - name: "Reverse Engineering: Dynamic Tools"
      video: HcBordv7aWU
      playlist: PL-ymxv0nOtqrGVyPIpJeostmi7zW5JS5l
      slides: 13yzjaRTIlloV8Lg5fcQN2ZYXooVqizLgHVby1ltYeWY
    - name: "Reverse Engineering: Real-world Applications"
      video: 2pqvHSy11JE
      playlist: PL-ymxv0nOtqrGVyPIpJeostmi7zW5JS5l
      slides: 1HWiy6OzvPO8YhgTPOsALobh9LagZsJ3Jsx7DJFLAKn4

- name: Memory Errors
  permalink: memory
  challenges:
    - category: babymem
  deadline: 2021-10-07 23:00:00
  late: 0.5
  lectures:
    - name: "Memory Errors: Introduction"
      video: z_XOhfsVKnU
      playlist: PL-ymxv0nOtqpmHdeii3NsBurJSvuMTKLL
      slides: 10cq3gCAvYjh_fzqiLLc1hCyqchux7x8pcskk6xGdVL8
    - name: "Memory Errors: High-level Problems"
      video: 4PJvcZZIyT8
      playlist: PL-ymxv0nOtqpmHdeii3NsBurJSvuMTKLL
      slides: 1umxk_Gq_yGeCcBEz9toQ6Wil8G1bmK3NdrkFITadPhs
    - name: "Memory Errors: Smashing the Stack"
      video: PVx1hUlMxtQ
      playlist: PL-ymxv0nOtqpmHdeii3NsBurJSvuMTKLL
      slides: 1_Zs7s7O_VqXd8prv0GIjUT993qL3KgjVby8qC0Ixs_w
    - name: "Memory Errors: Causes of Corruption 1"
      video: u80_j06HkpM
      playlist: PL-ymxv0nOtqpmHdeii3NsBurJSvuMTKLL
      slides: 1N5ybP1-SyU-PbQKMBRfFdNntbLPCOkROOybf_ZYBBBI
    - name: "Memory Errors: Causes of Corruption 2"
      video: fVa2xahshik
      playlist: PL-ymxv0nOtqpmHdeii3NsBurJSvuMTKLL
      slides: 1N5ybP1-SyU-PbQKMBRfFdNntbLPCOkROOybf_ZYBBBI
    - name: "Memory Errors: Stack Canaries"
      video: 55zWlEFflgE
      playlist: PL-ymxv0nOtqpmHdeii3NsBurJSvuMTKLL
      slides: 19bO811-RSjez-E8zGMJYvUwFi5jW-vRTv19z1g8ZT3I
    - name: "Memory Errors: ASLR"
      video: SBqERAbDdAk
      playlist: PL-ymxv0nOtqpmHdeii3NsBurJSvuMTKLL
      slides: 1EOUvQsDsk5eg1Ysq9Us-CnLgCOP5IRIR8P6FThBVeGo
    - name: "Memory Errors: Causes of Disclosure"
      video: S9IIGVK6K0I
      playlist: PL-ymxv0nOtqpmHdeii3NsBurJSvuMTKLL
      slides: 1Qonbh98U_s3aN9Ut0dgdHFnm_ymb9e2yUqT6bkY4FbU

- name: Exploitation Scenarios
  permalink: exploitation
  challenges:
    - category: toddlerone
  deadline: 2021-10-21 23:00:00
  late: 0.5
  lectures:
    - name: "Exploitation Scenarios: Introduction"
      video: A5CnZGst5u4
      playlist: PL-ymxv0nOtqp4FnPpSp-o-R196pYwF3QI
      slides: 1__cUrVerXgj8xhUbDoeT59vavO_BI1ah3F8a4yNTE40
    - name: "Exploitation Scenarios: Hijacking to Shellcode"
      video: lsY2g09Hjr0
      playlist: PL-ymxv0nOtqp4FnPpSp-o-R196pYwF3QI
      slides: 15Ad42MRjETONK3hPp4cOhYWMqHL8ynoxJtXiawR4ro8
    - name: "Exploitation Scenarios: Side Effects"
      video: AwhN_7YNVLo
      playlist: PL-ymxv0nOtqp4FnPpSp-o-R196pYwF3QI
      slides: 16fwwUjDuGtIRv1p6sGtJZGTEkEXBRCD1Eb4YIEcIufo
    - name: "Exploitation Scenarios: JIT Spray"
      video: RHPxiRBapA4
      playlist: PL-ymxv0nOtqp4FnPpSp-o-R196pYwF3QI
      slides: 1eO49S6JFknXGD5VPv2OeoAuBRp-Ab4HqaQ_mxZXmn14

- name: Return Oriented Programming
  permalink: rop
  challenges:
    - category: babyrop
  deadline: 2021-11-02 23:00:00
  late: 0.5
  lectures:
    - name: "Return Oriented Programming: Introduction"
      video: El8-vMDJ1zY
      playlist: PL-ymxv0nOtqo0fRmVHxeOoKHX6ncNWp06
      slides: 1OM8gd6oqiFl2tU6G-ydiCfkNhgUTNKDFoYz-g2IIwHg
    - name: "Return Oriented Programming: Binary Lego"
      video: L0gzNhbnOUA
      playlist: PL-ymxv0nOtqo0fRmVHxeOoKHX6ncNWp06
      slides: 1axSooHyjCJulwGNrhYM2GyjWJBSxTAg9Ia9Jpw9gW6s
    - name: "Return Oriented Programming: Techniques"
      video: OVkObKS0gOo
      playlist: PL-ymxv0nOtqo0fRmVHxeOoKHX6ncNWp06
      slides: 1x7PASDmpjPDXvkD9HmZ2wC2JJNT8lHCkZTYcDQ9CjAk
    - name: "Return Oriented Programming: Complications"
      video: Iq2IFCKDpKc
      playlist: PL-ymxv0nOtqo0fRmVHxeOoKHX6ncNWp06
      slides: 12_ymnKrYPUD1rJz6tauS2oNw45eWivhYMWfUzsnOeHM

- name: Dynamic Allocator Misuse
  permalink: heap
  challenges:
    - category: babyheap
  deadline: 2021-11-09 23:00:00
  late: 0.5
  lectures:
    - name: "Dynamic Allocator Misuse: What is the Heap?"
      video: coAJ4KyrWmY
      playlist: PL-ymxv0nOtqr4OchXR2rV_WNhpj4ccPq1
      slides: 16XMoNQQB_jP0odRvQFhgMi3Neo9VR0g1jBvBXKYBnh0
    - name: "Dynamic Allocator Misuse: Dangers"
      video: Cr9IeGQxFoc
      playlist: PL-ymxv0nOtqr4OchXR2rV_WNhpj4ccPq1
      slides: 1T5XruKzTxlpslT50op_wxvFsnsa4gshIM0Tue1f8zc4
    - name: "Dynamic Allocator Misuse: tcache"
      video: 0jHtqqdVv1Y
      playlist: PL-ymxv0nOtqr4OchXR2rV_WNhpj4ccPq1
      slides: 13NbUlNvj1Rm-Cc_E_Crp678c-mgzCi0BYfzXIzFB3zI
    - name: "Dynamic Allocator Misuse: Chunks and Metadata"
      video: osFevdDR0Xw
      playlist: PL-ymxv0nOtqr4OchXR2rV_WNhpj4ccPq1
      slides: 1BlapIDslDaWeBPUamdG0i35-yveGvWJHZaW_0dan6sU
    - name: "Dynamic Allocator Misuse: Metadata Corruption"
      video: PtpPcGcX020
      playlist: PL-ymxv0nOtqr4OchXR2rV_WNhpj4ccPq1
      slides: 14SYq0TTVxEGWHNUG1BP66A8liPDD2pqJUs2WrXlCZNE

- name: Race Conditions
  permalink: race
  challenges:
    - category: babyrace
  deadline: 2021-11-16 23:00:00
  late: 0.5
  lectures:
    - name: "Race Conditions: Introduction"
      video: jXQ8Y5B2sc0
      playlist: PL-ymxv0nOtqq2SWDP1K1pXCpT6nkmyiXh
      slides: 1cwaI8mwYBAj_GBrDqfCHM4_ansWHlkT5tBIFo8zJqsI
    - name: "Race Conditions: Races in the Filesystem"
      video: dpsWLu8jxBg
      playlist: PL-ymxv0nOtqq2SWDP1K1pXCpT6nkmyiXh
      slides: 1aMSJoBqDIY0cYwFwEa4uq4mzjScGzZDFbmkvVcrbF-4
    - name: "Race Conditions: Processes and Threads"
      video: _hDP1wZKkaI
      playlist: PL-ymxv0nOtqq2SWDP1K1pXCpT6nkmyiXh
      slides: 11Fq9HwG6yYB9fkEJ-ZJ4kHbu-hL4WizAiUoX9prPN8Y
    - name: "Race Conditions: Races in Memory"
      video: jNIgU4kI6wY
      playlist: PL-ymxv0nOtqq2SWDP1K1pXCpT6nkmyiXh
      slides: 1u-aSz-mqwkMIZEDAR-AEPKw5JPn-1q_3Ek_C6JjQUzY
    - name: "Race Conditions: Signals and Reentrancy"
      video: bPWQFhsUkbs
      playlist: PL-ymxv0nOtqq2SWDP1K1pXCpT6nkmyiXh
      slides: 1LOmzo79U_QmdggdfQwDej47886iqHIPDGXpl506_SYY

- name: Kernel Security
  permalink: kernel
  challenges:
    - category: babykernel
  deadline: 2021-11-23 23:00:00
  late: 0.5
  lectures:
    - name: "Kernel: Introduction"
      video: j0I2AakUAxk
      playlist: PL-ymxv0nOtqowTpJEW4XTiGQYx6iwa6og
      slides: 1oUaPUtLIDEMcK49gwvEMmXTyMBVQAeCWvSONV3OkIio
    - name: "Kernel: Environment Setup"
      video: mDn5IxMetgQ
      playlist: PL-ymxv0nOtqowTpJEW4XTiGQYx6iwa6og
      slides: 1Ik7EWjn_9ywzCW3MpJJ0eVdIvhIMP6brObBQQDtYDCo
    - name: "Kernel: Kernel Modules"
      video: DLWBWeN2ebM
      playlist: PL-ymxv0nOtqowTpJEW4XTiGQYx6iwa6og
      slides: 1JP1VBpK-kapHanMT4rAF9UtGglId_ZXD2Xh46gPQZFM
    - name: "Kernel: Privilege Escalation"
      video: 8ty-IFWvuHM
      playlist: PL-ymxv0nOtqowTpJEW4XTiGQYx6iwa6og
      slides: 1tcR4YsVhN2kVUfe8RJw56dtSs-QOwp4-g8qgI0Q3kFM
    - name: "Kernel: Escaping Seccomp"
      video: mKzUA3j6myg
      playlist: PL-ymxv0nOtqowTpJEW4XTiGQYx6iwa6og
      slides: 1YMlOERClX6Yi8Fb9DYxBBJ5MYB1C-_F75XKkoSmbl8k
    - name: "Kernel Security: Memory Management"
      video: SygLhZUTmKQ
      playlist: PL-ymxv0nOtqowTpJEW4XTiGQYx6iwa6og
      slides: 1NuvKHcszim25_kNBs5zjYEQYR8xjsLHK14GX8_9wFbE
    - name: "Kernel Security: Mitigations"
      video: 8nWw8jlQnew
      playlist: PL-ymxv0nOtqowTpJEW4XTiGQYx6iwa6og
      slides: 1DNxufs_WlQRkzBMjPD7UE1qRrd87XDGpfQSPkiajEyE
    - name: "Kernel Security: Writing Kernel Shellcode"
      video: L9dJNJDIa5M
      playlist: PL-ymxv0nOtqowTpJEW4XTiGQYx6iwa6og
      slides: 10Wr3Lj08N-MNZkrk_0WwSG2QgnbLB4cqJsZpNjKj8pI

- name: Advanced Exploitation
  permalink: exploitation2
  challenges:
    - category: toddlertwo
  lectures:
    - name: "Advanced Exploitation: Introduction"
      video: s7DCT9qccYc
      playlist: PL-ymxv0nOtqoeZ2n5AcYjv-CzJ64V4Yyu
      slides: 1uHpo78FQVv8RaPe0IVUMXRBouBau6j4JFgx3_1-_wIw
    - name: "Advanced Exploitation: Heap Address Disclosure via Race Conditions"
      video: LFlsuBF-s7g
      playlist: PL-ymxv0nOtqoeZ2n5AcYjv-CzJ64V4Yyu
      slides: 1Nh47gCskB3Cr1d6Yr1Q8RWwt2p8DlHvJbwgSs-3m4kA
    - name: "Advanced Exploitation: In-Memory Forensics"
      video: WElEwa1pXCw
      playlist: PL-ymxv0nOtqoeZ2n5AcYjv-CzJ64V4Yyu
      slides: 1UY3GniieKBiphekH_RmkghYdm5M5DBNklHCxfN2S62A
    - name: "Advanced Exploitation: Exploit Primitives"
      video: PY9fNJel-X8
      playlist: PL-ymxv0nOtqoeZ2n5AcYjv-CzJ64V4Yyu
      slides: 1fMVQqCeNioayny-oUd3uYFNzkyHDz3u-B8f_JiJtf6Y
    - name: "Advanced Exploitation: End-to-End Pwnage"
      video: okLF1WnbV4M
      playlist: PL-ymxv0nOtqoeZ2n5AcYjv-CzJ64V4Yyu
      slides: 1Q6ZjNq7VeU08Tba5uWkgJy6IMH5sDT8jCW1d8vmau4M
    - name: "Advanced Exploitation: Kernel Races"
      video: hpON-ojRks4
      playlist: PL-ymxv0nOtqoeZ2n5AcYjv-CzJ64V4Yyu
      slides: 16MN3BneO7l16SX_cpvTYlV25nfdRuqfRIRQvV-iURa0