user-data

#cloud-config

hostname: ctf
prefer_fqdn_over_hostname: false

user:
  name: alex
  ssh_authorized_keys:
    - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH8i1tyqtQX+8Klc18XHUUO+PFVI/FsjbGbfcbQfWOXj alex@bread
  lock_passwd: false
  groups: docker, wheel

package_update: true
package_upgrade: true
package_reboot_if_required: true
packages:
  - adobe-source-code-pro-fonts
  - bsdtar
  - cargo
  - curl
  - elfutils
  - eza
  - file
  - gdb
  - gdb-gdbserver
  - gdm
  - git
  - gnome-shell
  - java-17-openjdk-devel
  - jq
  - moby-engine
  - netcat
  - openssh-clients
  - openssl-devel
  - patchelf
  - pkgconf-pkg-config
  - podman
  - python3-pip
  - python3-pwntools
  - rubygems
  - spice-vdagent
  - tmux
  - vim
  - wget
  - xz-devel

write_files:
  - path: /etc/pwn.conf
    content: |
      [update]
      interval=never

      [context]
      terminal = ["tmux", "new-window", "-t", "pwntools"]
  - path: /usr/local/bin/term
    permissions: '0755'
    content: |
      #!/bin/sh
      
      exec tmux new -s pwntools
  - path: /etc/tmux.conf
    content: |
      set -g mouse on
  - path: /etc/gdbinit
    content: |
      source /usr/local/lib/gef.py
  - path: /usr/local/share/pwninit-template.py
    content: |
      #!/usr/bin/env python3

      from pwn import *

      {bindings}

      context.binary = {bin_name}

      if args.REMOTE:
          r = remote("addr", 1337)
      else:
          r = process({proc_args})
          if args.GDB:
              gdb.attach(r)

      

      r.interactive()
  - path: /etc/profile.d/pwninit-template.sh
    content: |
      alias pwninit='pwninit --template-path /usr/local/share/pwninit-template.py'
  - path: /etc/gdm/custom.conf
    content: |
      [daemon]
      AutomaticLoginEnable=True
      AutomaticLogin=alex

      [security]

      [xdmcp]

      [chooser]

      [debug]
  - path: /home/alex/.vimrc
    owner: alex:alex
    content: |
      call plug#begin()
      Plug 'jiangmiao/auto-pairs'
      Plug 'tpope/vim-surround'
      Plug 'sheerun/vim-polyglot'
      call plug#end()

      set number
      set ignorecase smartcase
      set nohlsearch
      set linebreak
      set splitright splitbelow
      set mouse=a

      nnoremap Y y$

      let g:AutoPairsShortcutToggle = '<C-p>'
      let g:AutoPairsShortcutJump = '<C-n>'
      let g:AutoPairsShortcutFastWrap = '<C-9>'
      let g:AutoPairsShortcutBackInsert = '<C-b>'
    defer: true

runcmd:
  - passwd -d alex
  - |
    curl -fLo /usr/share/vim/vimfiles/autoload/plug.vim --create-dirs \
        https://raw.githubusercontent.com/junegunn/vim-plug/master/plug.vim
  - |
    set -e
    export CARGO_INSTALL_ROOT='/usr/local'
    cargo install pwninit
    cargo install xgadget --features cli-bin
  - curl -fsSLo /usr/local/lib/gef.py 'https://github.com/hugsy/gef/raw/main/gef.py'
  - |
    set -e
    ghidra_file="$(mktemp)"
    readonly ghidra_file
    trap 'rm -f -- "${ghidra_file}"' EXIT

    ghidra_url="$(
        curl -fsSL \
            -H 'Accept: application/vnd.github+json' \
            -H 'X-GitHub-Api-Version: 2022-11-28' \
            'https://api.github.com/repos/NationalSecurityAgency/ghidra/releases/latest' |
            jq -r '.assets | .[] | first(select(.name | test("ghidra_\\d+\\.\\d+(\\.\\d+)?_PUBLIC_\\d{8}\\.zip"))).browser_download_url'
    )"
    readonly ghidra_url
    curl -fsSLo "${ghidra_file}" -- "${ghidra_url}"

    rm -rf /opt/ghidra
    mkdir /opt/ghidra
    bsdtar -xf "${ghidra_file}" -C /opt/ghidra --strip-components 1 --preserve-permissions
    rm -- "${ghidra_file}"
    ln -sf /opt/ghidra/ghidraRun /usr/local/bin/ghidra
  - gem install one_gadget
  - systemctl set-default graphical.target

power_state:
  mode: poweroff