Convert User Scripts to Python

This commits converts all of the previous bash scripts to python. This was done to make the handling of usernames and passwords more secure with the use of python's subprocess library. This will also allow the passwords for users to be more secure since the users input does not have to be sanitized now.
mikeymakesit · May 28, 2017 · 1e94250 · 1e94250
1 parent a6ee20f
commit 1e94250
Show file tree

Hide file tree

Showing 12 changed files with 102 additions and 86 deletions.
diff --git a/docker/ssh-docker/Dockerfile b/docker/ssh-docker/Dockerfile
@@ -1,9 +1,10 @@
 FROM ubuntu:latest
 
 RUN apt-get update
-RUN apt-get upgrade -y
+
 RUN apt-get install -y openssh-server
-RUN apt-get install -y shellinabox curl tar acl git
+RUN apt-get update
+RUN apt-get install -y shellinabox curl tar acl git python-pip
 RUN groupadd ctf-users
 RUN groupadd docker
 
@@ -17,10 +18,14 @@ RUN mkdir /var/run/sshd
 EXPOSE 2222
 EXPOSE 4200
 
-COPY add-user.sh /
-COPY user-shell /usr/local/bin/user-shell
-COPY change-user-pass.sh / 
+COPY add_user.py /
+COPY user_shell.py /usr/local/bin/user_shell.py
+COPY change_user_pass.py / 
+
+RUN chmod +x /add_user.py
+RUN chmod +x /usr/local/bin/user_shell.py
+RUN chmod +x /change_user_pass.py
 
-RUN sh -c "echo '/usr/local/bin/user-shell' >> /etc/shells"
+RUN sh -c "echo '/usr/local/bin/user_shell.py' >> /etc/shells"
 
 
diff --git a/docker/ssh-docker/add-user.sh b/docker/ssh-docker/add-user.sh
diff --git a/docker/ssh-docker/change-user-pass.sh b/docker/ssh-docker/change-user-pass.sh
diff --git a/docker/ssh-docker/user-shell b/docker/ssh-docker/user-shell
diff --git a/server-scripts/add-user.sh b/server-scripts/add-user.sh
diff --git a/server-scripts/add_user.py b/server-scripts/add_user.py
@@ -0,0 +1,39 @@
+#!/usr/bin/python
+
+import subprocess
+from subprocess import Popen, PIPE
+import sys
+
+user = sys.argv[1]
+password = sys.argv[2]
+
+subprocess.call(["useradd", "-G", "ctf-users", "-s", "/usr/local/bin/user-shell", user])
+
+#https://stackoverflow.com/questions/4688441/how-can-i-set-a-users-password-in-linux-from-a-python-script
+proc=Popen(['passwd', user],stdin=PIPE,stdout=PIPE,stderr=PIPE) 
+proc.stdin.write(password+'\n')
+proc.stdin.write(password)
+proc.stdin.flush()  
+stdout,stderr = proc.communicate()
+
+if stderr:
+	print stderr
+	print stdout
+
+subprocess.call(["chsh", "-s", "/usr/local/bin/user_shell.py", user])
+
+subprocess.call(["docker", "build", "-t", "user-image", "--build-arg", "USER="+user, "-f", "docker/user-docker/Dockerfile", "github.com/tamuctf/CTFd-shell-plugin"])
+
+subprocess.call(["docker", "create", "-it", "--name", user, "-w", "/home/"+user, "--read-only", "-e", "TMOUT=86400", "-h", "tamuctf-shell", "-v", "/home/"+user, "user-image", "/bin/bash"])
+
+"""
+useradd -G ctf-users -s /usr/local/bin/user-shell "$USER"
+
+echo -e "$PASS\n$PASS" | passwd "$USER"
+
+chsh -s /usr/local/bin/user-shell "$USER"
+
+docker build -t user-image --build-arg USER=$USER -f docker/user-docker/Dockerfile github.com/tamuctf/CTFd-shell-plugin 
+
+docker create -it --name "$USER" -w /home/"$USER" --read-only -e TMOUT=300 -h tamuctf-shell --cpus=".5" --memory="500M" -v /home/"$USER" user-image /bin/bash
+"""
diff --git a/server-scripts/change-user-pass.sh b/server-scripts/change-user-pass.sh
diff --git a/server-scripts/change_user_pass.py b/server-scripts/change_user_pass.py
@@ -0,0 +1,23 @@
+#!/usr/bin/python
+
+from subprocess import Popen, PIPE
+import sys
+
+user = sys.argv[1]
+password = sys.argv[2]
+
+#https://stackoverflow.com/questions/4688441/how-can-i-set-a-users-password-in-linux-from-a-python-script
+proc=Popen(['passwd', user],stdin=PIPE,stdout=PIPE,stderr=PIPE) 
+proc.stdin.write(password+'\n')
+proc.stdin.write(password)
+proc.stdin.flush()  
+stdout,stderr = proc.communicate()
+
+if stderr:
+	print stderr
+	print stdout
+
+
+"""
+echo -e "$PASS\n$PASS" | passwd "$USER"
+"""
diff --git a/server-scripts/script_server.py b/server-scripts/script_server.py
@@ -1,6 +1,6 @@
 from SimpleXMLRPCServer import SimpleXMLRPCServer
 from SimpleXMLRPCServer import SimpleXMLRPCRequestHandler
-import os
+
 import subprocess
 
 #https://docs.python.org/2/library/simplexmlrpcserver.html
@@ -14,36 +14,12 @@ class RequestHandler(SimpleXMLRPCRequestHandler):
 
 server.register_introspection_functions()
 
-bad_chars = ['&', '|', '<', '>', '(', '"', '`', ')', "'", "$"]
 
 def add_user_func(name, password):
-
-	valid_pass = True
-	valid_name = True
-
-	for ch in bad_chars:		
-		if ch in password:
-			valid_pass = False
-			break
-		if ch in name:
-			valid_pass = False
-			break
-	if valid_pass and valid_name:
-		subprocess.call(["docker", "exec", "shell-server", "./add-user.sh", name , password])
+	subprocess.call(["docker", "exec", "shell-server", "./add_user.py", name , password])
 
 def change_user_func(name, password):
-	valid_pass = True
-	valid_name = True
-
-	for ch in bad_chars:		
-		if ch in password:
-			valid_pass = False
-			break
-		if ch in name:
-			valid_pass = False
-			break
-	if valid_pass and valid_name:
-		subprocess.call(["docker", "exec", "shell-server", "./change-user-pass.sh", name , password])
+	subprocess.call(["docker", "exec", "shell-server", "./change_user_pass.py", name , password])
 
 server.register_function(add_user_func, 'add_user')
 server.register_function(change_user_func, 'change_user')

diff --git a/server-scripts/user-shell b/server-scripts/user-shell
diff --git a/server-scripts/user_shell.py b/server-scripts/user_shell.py
@@ -0,0 +1,23 @@
+#!/usr/bin/python
+
+import subprocess
+
+p = subprocess.Popen("whoami", stdin=subprocess.PIPE,stdout=subprocess.PIPE)
+user, err = p.communicate()
+
+#returns with \n attached
+container_name = user[:-1]
+
+subprocess.call(["docker", "start", container_name])
+
+subprocess.call(["docker", "exec", "-it", "-u", container_name, container_name, "/bin/bash"])
+
+subprocess.call(["docker", "stop", container_name])
+
+"""
+#!/bin/bash
+container_name=`whoami`
+docker start "$container_name"
+docker exec -it -u "$container_name" "$container_name" /bin/bash
+docker stop "$container_name"
+"""
diff --git a/setup.sh b/setup.sh
@@ -6,9 +6,9 @@ sudo apt-get update
 
 sudo apt-get install -y docker.io python-pip
 
-cp server-scripts/add-user.sh docker/ssh-docker/
-cp server-scripts/user-shell docker/ssh-docker/
-cp server-scripts/change-user-pass.sh docker/ssh-docker
+cp server-scripts/add_user.py docker/ssh-docker/
+cp server-scripts/user_shell.py docker/ssh-docker/
+cp server-scripts/change_user_pass.py docker/ssh-docker
 
 pushd docker/user-docker
     docker build -t user-image --build-arg USER="test" -f docker/user-docker/Dockerfile github.com/tamuctf/CTFd-shell-plugin