Added the new rebase level

TheCoreMan · TheCoreMan · commit b779c68486ce · 2023-06-06T22:29:14.000+03:00
Also updated the OWASP stuff

Signed-off-by: Shay Nehmad &lt;dude500@gmail.com&gt;
diff --git a/Dockerfile b/Dockerfile
@@ -20,7 +20,8 @@ RUN apt install -y \
     tmux \
     man \
     fzf \ 
-    sudo
+    sudo \
+    jq
 
 # Create the required users. The game master is the `git` account, and the player is the user's account
 RUN useradd --comment "GameMaster account" --create-home --password $(mkpasswd -m sha-512 95+mcguffin+STRONG+ainasdf+15) gamemaster
@@ -68,27 +69,17 @@ RUN chmod 770 /home/tester/.zshrc
 # Copy the test files to the tester account
 COPY levels/tests /home/tester/tests
 RUN chown --recursive tester:tester /home/tester
+RUN chmod 770 --recursive tester:tester /home/tester/tests
 
 # Set up SSH
 RUN mkdir /var/run/sshd
 COPY build/sshd_config /etc/ssh/sshd_config
 COPY build/login_banner.txt /etc/motd
 
-RUN mkdir -p /root/.ssh && \
-    chmod 0700 /root/.ssh && \
-    ssh-keyscan github.com > /root/.ssh/known_hosts
-COPY build/id_rsa_mgbp_docker /root/.ssh/id_rsa
-COPY build/id_rsa_mgbp_docker.pub /root/.ssh/id_rsa.pub
-RUN chmod 0600 /root/.ssh/* && \
-    eval "$(ssh-agent -s)" && \
-    ssh-add /root/.ssh/id_rsa
-
 RUN /etc/init.d/ssh start && ssh-keyscan -H localhost >> /home/player/.ssh/known_hosts && ssh-keyscan -H localhost >> /home/tester/.ssh/known_hosts
 
 # Set up the git server so that the player can run git clone gamemaster@localhost:/home/gamemaster/ctf-repo
-RUN eval "$(ssh-agent -s)" && \
-    ssh-add /root/.ssh/id_rsa && \
-    git clone --bare git@github.com:TheCoreMan/make-git-better-levels-private.git /home/gamemaster/ctf-repo
+RUN git clone --bare https://github.com/TheCoreMan/make-git-better-levels.git /home/gamemaster/ctf-repo
 # Set up the other remote for the remote stages
 RUN git clone --bare https://github.com/sandspider2234/make-git-better-levels.git /home/gamemaster/forked-ctf-repo
 # This file adds the player's ssh public key from before
@@ -102,10 +93,6 @@ ARG CACHE_DATE
 RUN echo "This CTF server was built at "$CACHE_DATE"." >> /etc/motd
 RUN ls -la "/home/gamemaster"
 RUN su -c "/home/gamemaster/gamemaster_entrypoint.sh" - gamemaster
-RUN eval "$(ssh-agent -s)" && \
-    ssh-add /root/.ssh/id_rsa && \
-    cd /home/gamemaster/ctf-repo/ && \
-    git fetch origin +refs/heads/*:refs/heads/* --prune
 # Set up the hooks for the actual gameplay in the repo
 COPY levels/checkers /home/gamemaster/ctf-repo/hooks/checkers
 COPY scripts/output/pre-receive /home/gamemaster/ctf-repo/hooks
diff --git a/build/sshd_config b/build/sshd_config
@@ -19,4 +19,4 @@ UsePAM no
 PrintMotd yes
 
 # OWASP addition - hardning server
-DenyUsers player tester build_system flagger flagger_the_second
+# DenyUsers player tester build_system flagger flagger_the_second
diff --git a/levels/checkers/rebase-2.sh b/levels/checkers/rebase-2.sh
@@ -0,0 +1,47 @@
+#!/bin/bash
+
+source $(dirname $0)/checkers-lib.sh
+
+read old new ref </dev/stdin
+
+dump_dir=$(dump-commit-to-directory $new)
+
+pushd $dump_dir
+# Check files here
+if [ ! -f first.md ]; then
+    reject-solution "first.md is missing."
+fi
+
+if [ ! -f second.md ]; then
+    reject-solution "second.md is missing."
+fi
+
+if [ ! -f third.md ]; then
+    reject-solution "third.md is missing."
+fi
+
+# Check history here
+
+popd
+
+# level info
+## title rebase-2
+## branch downfalling-bumbled-sootiness -> That means the tag is downfalling-bumbled-sootiness-tag
+
+# Check the order. It should be first, second, third.
+FIRST_COMMIT_MESSAGE=$(git log --pretty=format:%s HEAD~2 -n 1)
+SECOND_COMMIT_MESSAGE=$(git log --pretty=format:%s HEAD~1 -n 1)
+THIRD_COMMIT_MESSAGE=$(git log --pretty=format:%s HEAD -n 1)
+if grep -q "$FIRST_COMMIT_MESSAGE" "first"; then
+    reject-solution "The first commit should be \"Who's on first\", but saw $FIRST_COMMIT_MESSAGE."
+fi
+if grep -q "$SECOND_COMMIT_MESSAGE" "second"; then
+    reject-solution "The second commit should be \"What's on second\", but saw $SECOND_COMMIT_MESSAGE."
+fi
+if grep -q "$THIRD_COMMIT_MESSAGE" "third"; then
+    reject-solution "The third commit should be \"I don't know's on third\", but saw $THIRD_COMMIT_MESSAGE."
+fi
+
+log_n=5
+echo "git log of last $log_n commits..."
+git log --decorate --oneline --graph -n $log_n "$new"
diff --git a/levels/game-config.toml b/levels/game-config.toml
@@ -2,11 +2,7 @@
 title = 'clone'
 branch = 'master'
 solution_checker = 'echo No pushing to master. Read the README file; exit 1'
-flags = [
-    'start-here',
-    'owasp-ctf-1',
-    'owasp-ctf-2',
-]
+flags = ['start-here', 'owasp-ctf-1', 'owasp-ctf-2']
 
 [[levels]]
 title = 'start-here'
@@ -24,22 +20,19 @@ flags = ['basic-2']
 title = 'basic-2'
 branch = 'sidespins-areae-regalio'
 solution_checker = 'hooks/checkers/basic-2.sh'
-flags = ['merge-1']
+flags = ['merge-1', 'log-1']
 
 [[levels]]
 title = 'merge-1'
 branch = 'macrochiropteran-jupon-lutecium'
 solution_checker = 'hooks/checkers/merge-1.sh'
-flags = [
-    'merge-2',
-    'log-1',
-]
+flags = ['merge-2']
 
 [[levels]]
 title = 'merge-2'
 branch = 'poseuse-citronwood-manganese'
 solution_checker = 'hooks/checkers/merge-2.sh'
-flags = ['merge-3']
+flags = ['merge-3', 'rebase-1']
 
 [[levels]]
 title = 'log-1'
@@ -75,10 +68,7 @@ flags = []
 title = 'merge-3'
 branch = 'twee-enfamish-stropharia'
 solution_checker = 'hooks/checkers/merge-3.sh'
-flags = [
-    'merge-4',
-    'revert-1',
-]
+flags = ['merge-4', 'revert-1']
 
 [[levels]]
 title = 'revert-1'
@@ -102,10 +92,7 @@ flags = ['merge-levels-done-you-win']
 title = 'tag-1'
 branch = 'redamage-bundh-passerina'
 solution_checker = 'hooks/checkers/tag-1.sh'
-flags = [
-    'tag-2',
-    'hooks-1',
-]
+flags = ['tag-2', 'hooks-1']
 
 [[levels]]
 title = 'tag-2'
@@ -117,16 +104,13 @@ flags = []
 title = 'hooks-1'
 branch = 'hands-trooshlach-nongassy'
 solution_checker = 'hooks/checkers/hooks-1.sh'
-flags = [
-    'rebase-1',
-    'hooks-2',
-]
+flags = ['hooks-2', 'remote-1']
 
 [[levels]]
 title = 'rebase-1'
 branch = 'parallelizing-barnhardtite-base'
 solution_checker = 'hooks/checkers/rebase-1.sh'
-flags = ['remote-1']
+flags = ['rebase-2']
 
 [[levels]]
 title = 'hooks-2'
@@ -151,3 +135,9 @@ title = 'owasp-ctf-2'
 branch = 'aghastness-subhead-cyrtometer'
 solution_checker = 'hooks/checkers/owasp-ctf-2.sh'
 flags = ['AppSec-IL{1f_y0u_w4n7_17_c0m3_4nd_917_17}']
+
+[[levels]]
+title = 'rebase-2'
+branch = 'downfalling-bumbled-sootiness'
+solution_checker = 'hooks/checkers/rebase-2.sh'
+flags = ['rebase-levels-done-you-win']
diff --git a/levels/pages/owasp-ctf-1.md b/levels/pages/owasp-ctf-1.md
@@ -13,9 +13,17 @@ twitter:
   image: "https://i.imgur.com/ROzkHYp.png"
 ---
 
-[Click here.](https://appsecil2020.ctf.today/)
+This level was a part of OWASP CTF 2020.
 
-```
+{{< levelgraph >}}
+
+The focus of this level is AppSec, and specifically, `git` security. But not
+`git` fundamentals, like the rest of the levels in this CTF. So you should
+_probably_ solve the rest of the levels first.
+
+![OWASP logo](/images/OWASP-IL-Icon.png "OWASP logo")
+
+```txt
  _____  _    _  ___   ___________ 
 |  _  || |  | |/ _ \ /  ___| ___ \
 | | | || |  | / /_\ \\ `--.| |_/ /
@@ -25,8 +33,16 @@ twitter:
                                   
 ```
 
-## ALL LEVELS WHICH DON'T START WITH "OWASP" ARE NOT A PART OF THE APPSECIL2020 CTF! THEY ARE NOT WORTH POINTS!!!
+[~~Click here~~](https://appsecil2020.ctf.today/). In the past, this link worked.
+The CTF is over now, so it doesn't work anymore. Here are the instructions to
+start:
 
-You can try to play the open source, free, and non-affiliated CTF - `make-git-better` - on your own, if you want. [Start here](https://mrnice.dev/ctf).
+`git checkout headmistresses-tiptoes-bezzled`.
 
-{{< levelgraph >}}
+## 🧩 Hints
+
+Click on the hint to see it.
+
+{{% expand "Writeup" %}}
+[Solved by JCTF Team](https://jctf.team/AppSec-IL-2020/come-and-git-it-1/).
+{{% /expand %}}
diff --git a/levels/pages/owasp-ctf-2.md b/levels/pages/owasp-ctf-2.md
@@ -13,10 +13,17 @@ twitter:
   image: "https://i.imgur.com/ROzkHYp.png"
 ---
 
+This level was a part of OWASP CTF 2020.
 
-[Click here.](https://appsecil2020.ctf.today/)
+{{< levelgraph >}}
 
-```
+The focus of this level is AppSec, and specifically, `git` security. But not
+`git` fundamentals, like the rest of the levels in this CTF. So you should
+_probably_ solve the rest of the levels first.
+
+![OWASP logo](/images/OWASP-IL-Icon.png "OWASP logo")
+
+```txt
  _____  _    _  ___   ___________ 
 |  _  || |  | |/ _ \ /  ___| ___ \
 | | | || |  | / /_\ \\ `--.| |_/ /
@@ -26,9 +33,16 @@ twitter:
                                   
 ```
 
-## ALL LEVELS WHICH DON'T START WITH "OWASP" ARE NOT A PART OF THE APPSECIL2020 CTF! THEY ARE NOT WORTH POINTS!!!
+[~~Click here~~](https://appsecil2020.ctf.today/). In the past, this link worked.
+The CTF is over now, so it doesn't work anymore. Here are the instructions to
+start:
 
-You can try to play the open source, free, and non-affiliated CTF - `make-git-better` - on your own, if you want. [Start here](https://mrnice.dev/ctf).
+`git checkout aghastness-subhead-cyrtometer`.
 
-{{< levelgraph >}}
+## 🧩 Hints
+
+Click on the hint to see it.
 
+{{% expand "Writeup" %}}
+[Solved by JCTF Team](https://jctf.team/AppSec-IL-2020/come-and-git-it-2/).
+{{% /expand %}}
diff --git a/levels/pages/rebase-2.md b/levels/pages/rebase-2.md
@@ -0,0 +1,60 @@
+---
+title: "rebase-2"
+date: 2020-05-23T13:04:22+03:00
+draft: false
+scripts: 
+  - "/js/vis-network.min.js"
+twitter:
+  card: "summary_large_image"
+  site: "@ShayNehmad"
+  creator: "@ShayNehmad"
+  title: "mrnice.dev"
+  description: "mrnice.dev: Shay Nehmad's blog 🧔"
+  image: "https://i.imgur.com/ROzkHYp.png"
+---
+
+{{< levelgraph >}}
+
+![who's on first?](/images/whos-on-first.gif "who's on first?")
+
+In this level, the commits are all out of order. Reorder them using an
+interactive rebase, and push them in the correct order.
+
+In case you've never watch the classic sketch "Who's on First?", The correct
+order is:
+
+> First base: Who
+>
+> Second base: What
+>
+> Third base: I Don't Know
+
+(By the way, if you haven't watched it, you should. It's a classic.)
+
+{{< youtube id="kTcRRaXV-fg" >}}
+
+## 🧩 Hints
+
+Click on the hint to see it.
+
+{{% expand "I'm getting `! [rejected]` | part 1" %}}
+Read the error message carefully, and think about what you're actually trying to
+do. We are the tip of the current branch behind the remote? No one else is
+pushing content to this branch right now...
+{{% /expand %}}
+
+{{% expand "I'm getting `! [rejected]` | part 2" %}}
+You need to force push. Why? Because you're rewriting history. And that's OK.
+{{% /expand %}}
+
+{{% expand "I'm getting `! [rejected]` | part 3" %}}
+`git push --force-with-lease`. See [the documentation](https://git-scm.com/docs/git-push#Documentation/git-push.txt---no-force-with-lease).
+{{% /expand %}}
+
+{{% expand "Interactive rebase?" %}}
+[Really very good Documentation](https://git-scm.com/docs/git-rebase#_interactive_mode).
+{{% /expand %}}
+
+{{% expand "Wait, isn't this rewriting history?" %}}
+[Yep. And that's OK](https://git-scm.com/book/en/v2/Git-Tools-Rewriting-History).
+{{% /expand %}}
diff --git a/levels/tests/test-owasp-ctf-1.sh b/levels/tests/test-owasp-ctf-1.sh
@@ -18,15 +18,15 @@ sed -i 's/\[REDACTED\]/\/etc\/owasp\/flags\/flag.txt/g' capture_the_flag.py
 git add --all
 git commit -m "fixed path"
 
-git push > push_result 2>&1
+git push >push_result 2>&1
 
 # check_results
-if [ $(grep "AppSec_IL" push_result | wc -l) -gt 0 ]; then
-    git reset --hard > /dev/null 2>&1
-    git clean -f -d > /dev/null 2>&1
+if [ $(grep "AppSec-IL" push_result | wc -l) -gt 0 ]; then
+    git reset --hard >/dev/null 2>&1
+    git clean -f -d >/dev/null 2>&1
     exit 0
-else 
-    git reset --hard > /dev/null 2>&1
-    git clean -f -d > /dev/null 2>&1
+else
+    git reset --hard >/dev/null 2>&1
+    git clean -f -d >/dev/null 2>&1
     exit 1
 fi
diff --git a/levels/tests/test-owasp-ctf-2.sh b/levels/tests/test-owasp-ctf-2.sh
@@ -12,21 +12,21 @@ git clean -f -d
 
 # PUT TEST CODE HERE, like git add + git commit
 git config --local user.name "Johnny Cash" && git config --local user.email "JohnnyCash@build.system"
-mkdir .build && echo "cat \$TMP_BUILD_SYSTEM_DIR/flag.txt" > .build/build.sh
+mkdir -p .build && echo "cat \$TMP_BUILD_SYSTEM_DIR/flag.txt" >.build/build.sh
 git add --all && git commit -m "a message"
 # Only the timezone is important here
 GIT_COMMITER_DATE="Mon Oct 19 20:19:19 2020 -1200" git commit --amend --no-edit --date "Mon Oct 19 20:19:19 2020 -1200"
 
-
-git push > push_result 2>&1
+git push >push_result 2>&1
 
 # check_results
-if [ $(grep "AppSec_IL" push_result | wc -l) -gt 0 ]; then
-    git reset --hard > /dev/null 2>&1
-    git clean -f -d > /dev/null 2>&1
+if [ $(grep "AppSec-IL" push_result | wc -l) -gt 0 ]; then
+    git reset --hard >/dev/null 2>&1
+    git clean -f -d >/dev/null 2>&1
     exit 0
-else 
-    git reset --hard > /dev/null 2>&1
-    git clean -f -d > /dev/null 2>&1
+else
+    cat push_result
+    git reset --hard >/dev/null 2>&1
+    git clean -f -d >/dev/null 2>&1
     exit 1
 fi
diff --git a/levels/tests/test-rebase-2.sh b/levels/tests/test-rebase-2.sh
diff --git a/scripts/src/bin/templates/graph.tmpl b/scripts/src/bin/templates/graph.tmpl
