Dockerized solutions

30 points

To get the solution for this one you need to run a very special Docker container.

You don't get to build it, though. Instead, your task is to set up your own docker registry, configure access so we can push to it, receive the image and run it with the proper environment set. That's it!

The image is based on alpine, so it's rather tiny - you won't need much to receive it.

After you grab the problem JSON with all the credentials and other goodness inside, you'll have to configure and run the registry. When it's up and running, you'll have to trigger the push by sending a POST request to /_/push/<trigger_token> (see the "pulling the trigger" section below). The request is blocking, so it can take up to a minute depending on the upload speed. Hang in there, when it's finished you'll get to see the raw logs of the docker push from our side to help you debug.

If all's well, pull the image from your registry, set the IGNITION_KEY environment variable to the right value, run the container and grab your reward. But beware! Apart from a few sanity checks, The app won't reject an invalid key. Instead it'll just serve you a random string as if nothing happened. It's mean like that, sorry.

By the way, the image may differ from push to push, sometimes it may be the same... stay on the safe side and assume it'll always be different and save yourself some frustration.

For the fun of it, the server will push two images. One of them will reveal the solution, the other one's a dud.

Good luck!

Getting the problem set

GET /challenges/dockerized_solutions/problem?access_token=...

Problem JSON structure is simple:

  • credentials: how we will authenticate to your registry before the push
    • user: the username we will be using
    • password: the password we will be using
  • ignition_key: for the container to spit out the solution, you'll need to set an environment variable IGNITION_KEY to this value
  • trigger_token: pass this to the trigger endpoint
Pulling the trigger

To trigger the push, POST a JSON to /_/push/$trigger_token with a single key inside:

  • registry_host: the host we should connect to

Leave off the schema. Proper values are foo.example.com, registry.fbi.gov and so on. Keep in mind that since TLS is required, an IP address won't do.

Once the request is received, we'll start a push. The request blocks until the push has completed, and returns the logs gathered during the push.

Submitting a solution

POST /challenges/dockerized_solutions/solve?access_token=...

Your solution should be a JSON with a single key inside:

  • secret: the secret key returned by the container

Background

Because setting up a docker registry is pretty much fun, and suprisingly you can learn quite a lot in the process. Unless you just close your eyes and hope for the best. :-)


——
You too can support h^ by buying me a coffee. Cheers!
Also, I'd love to hear from you. Whatever you got, drop me an email. My h^ profile is here.