Create a collaborative environment inside GitHub Actions; conveniently save data with git. Particularly useful for solving Capture The Flag (CTF) problems.
For the less technical in the audience, this serves as a sort of "Google Doc" for working on hacking competitions collaboratively.
Create a repo from the template. Do the rest of the steps from within your copy of the repository.
In all cases, the username is runner
and the password is ctf
.
Connecting over Tor is the most secure way to use the server, and doesn't require signing up for any service. It does, however, require downloading the Tor Browser Bundle. It also runs with noticeably higher latency than using the alternative, non-Tor connection method.
- Download and run the Tor Browser Bundle.
- Navigate to the "Run Collaborative CTF Environment" workflow.
- Start the server using the button in the top right ("Run workflow").
- View the output; wait for it to print the connection information.
- SSH in or connect from the Web using the connection information printed
during the Action run. Note: whether connection to the
.onion
address using the browser or SSH, Tor Browser must be running. - Tor browser has a default setting that causes text to be illegible in
ttyd
and/or its dependencyterm.js
. To fix this, go toabout:config
in the address bar, and setprivacy.resistFingerprinting
tofalse
.
Connecting over ngrok instead of Tor is a less secure, but lower-latency way to connect to the server running on GitHub Actions. This method of connecting doesn't require downloading Tor, but it does require signing up for ngrok.
- Sign up for ngrok.
- Copy your ngrok Authtoken.
- Navigate to the "Run Collaborative CTF Environment" workflow.
- Paste in your ngrok Authtoken when you start the server using the button in
the top right ("Run workflow").
- To avoid pasting the Authtoken every time, paste it into a secret called
NGROK_TOKEN
under the Secrets settings area. It will be saved here and used automatically.
- To avoid pasting the Authtoken every time, paste it into a secret called
- View the output; wait for it to print the connection information.
- SSH in or connect from the Web using the connection information printed during the Action run.
Graphical Server
Don't use the graphical workflow unless absolutely necessary!
- Sign up for ngrok and get an authentication token
- Run the workflow and pass in the ngrok authentication token
- Wait for ngrok to run, and look in your ngrok dashboard for the server and port to connect to
- Connect using an RDP
client if using the graphical workflow
- Username
runner
- Password
ctf
- There is a default RDP client installed on Windows
- For Linux Remmina
- Username
This project uses generously-offered, free resources in a way that was likely not intended by GitHub. Please do not abuse them.
I claim no responsibility for how you use this project. Based on my reading of GitHub's:
I have concluded that using this Actions workflow to do productive work, particularly if you don't have the ability to run a Linux computer of your own, is probably permissible if done in good faith, and with an effort made to reduce excessive resource consumption. For example, don't use the graphical workflows unless absolutely necessary, because they are considerably more resource intensive to set up and run.
That being said, I may be reading the policies wrong, and GitHub has the right to change them at any time. In particular, if this use of GitHub Actions is abused, it is likely that future ability to do things like this will be limited by GitHub. If you like it, don't ruin it for others.
Note: typical users get 3,000 minutes of private Actions time per month per user. This project can quickly run up that time if you are not careful. Check your own usage here to see how close to the limit you are. Also note that actions stop automatically after 6 hours.
This project makes use of several great software packages that have made their services available for free: