A couple windows fixes (#270)

* remove challenge-proxy.exe * disable QEMU monitor * never expire hacker's password * Update README.md
pwncollege · Jan 9, 2024 · 7a9d05d · 7a9d05d
1 parent 25df9da
commit 7a9d05d
Show file tree

Hide file tree

Showing 4 changed files with 6 additions and 6 deletions.
diff --git a/windows/Dockerfile b/windows/Dockerfile
@@ -71,7 +71,7 @@ CMD \
       -device virtio-net,netdev=user.0 \
       -netdev user,id=user.0,hostfwd=tcp::5985-:5985,hostfwd=tcp::2222-:22 \
       -serial null \
-      -monitor unix:./build/monitor.sock,server,nowait \
+      `#-monitor unix:./build/monitor.sock,server,nowait` \
       -drive file=./floppy.img,format=raw,index=0,if=floppy \
       -drive "file=./build/server-2022.iso,media=cdrom" \
       -drive "file=./build/virtio-win-processed.iso,media=cdrom" \
@@ -93,7 +93,7 @@ CMD \
         -device virtio-net,netdev=user.0 \
         -netdev user,id=user.0,hostfwd=tcp::5985-:5985,hostfwd=tcp::2222-:22 \
         -serial null \
-        -monitor unix:./build/monitor.sock,server,nowait \
+        `#-monitor unix:./build/monitor.sock,server,nowait` \
         -drive file=./floppy.img,format=raw,index=0,if=floppy \
         -drive "file=./build/server-2022.iso,media=cdrom" \
         -drive "file=./build/virtio-win-processed.iso,media=cdrom" \

diff --git a/windows/README.md b/windows/README.md
@@ -102,7 +102,7 @@ The filesystem sharing has a component on each side of the VM.
 The host side has a `virtiofsd` process running for each virtual filesystem that listens on a UNIX socket for connection from QEMU.
 The guest side has a filesystem driver that connects to the virtual PCI device, and a userspace process that uses WinFsp, the windows equivalent of FUSE, to mount the filesystem and talks to the driver.
 
-## Host
+### Host
 
 The biggest concern on the host side is sandboxing.
 We don't want users to be able to abuse the filesystem daemon to access files outside of the directories we want to mount in (such as the flag) or escalate privileges.
@@ -123,10 +123,10 @@ Later, we can start up this service in the startup script with the launcher, spe
 
 ## Rebuilding the VM image
 
-This can be done by removing the `image-built` file and updating the dojo:
+This can be done by removing the `image-stage1-complete` marker file and updating the dojo:
 
 ```sh
-sudo rm ./data/docker/volumes/pwncollege_windows/_data/image-built
+sudo rm ./data/docker/volumes/pwncollege_windows/_data/image-stage1-complete
 sudo docker exec -it dojo dojo update
 ```
 

diff --git a/windows/challenge-proxy.exe b/windows/challenge-proxy.exe
diff --git a/windows/setup.ps1 b/windows/setup.ps1
@@ -185,7 +185,7 @@ Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Lsa" -Name "Limit
 
 # -- set empty password for hacker user --
 $SecureString = New-Object System.Security.SecureString
-Get-LocalUser -Name hacker | Set-LocalUser -Password $SecureString
+Get-LocalUser -Name hacker | Set-LocalUser -Password $SecureString -PasswordNeverExpires $true
 
 # -- edit SSH config --
 # to support empty passwords, we require the following settings: