Collaborative programming environment inside GitHub Actions – like Google Docs for hacking
Create an ephemeral, collaborative programming environment inside GitHub Actions; conveniently save data with git. Particularly useful for solving Capture The Flag (CTF) problems.
Less technically: this is kind of like Google Docs for working on hacking competitions collaboratively.
Create a repo from the template. Do the rest of the steps from within your copy of the repository. The link to create a copy of the repository will only work for users logged into GitHub.
In all cases, the username is runner
and the password is ctf
.
Connecting over Tor is the most secure way to use the server, and doesn't require signing up for any service. It does, however, require downloading the Tor Browser Bundle. It also runs with noticeably higher latency than using the alternative, non-Tor connection method.
.onion
address
using the browser or SSH, Tor Browser must be running.ttyd
and/or its dependency xterm.js
. To fix this, go to about:config
in the
address bar, and set privacy.resistFingerprinting
to false
.Connecting over ngrok instead of Tor is a less secure, but lower-latency way to connect to the server running on GitHub Actions. This method of connecting doesn't require downloading Tor, but it does require signing up for ngrok.
NGROK_TOKEN
under the Secrets settings
area. It will be saved here and used automatically.tmux
with Ctrl +
A as the "prefix," and a few other custom keys that can be viewed
in .tmux.conf
tmux
tmux
cares about
capitalization)tmux
adjusts the size of a window to accommodate the smallest
viewer
quit
command to terminate the server for all connected users
~/ctf
) for each CTF to stay organized
git
within the ~/ctf
foldersudo
capabilitiesDon't use the graphical workflow unless absolutely necessary!
NGROK_TOKEN
under the Secrets settings
area. It will be saved here and used automatically.This project is for those with limited access to compute resources – students in particular. By making it possible to connect from the web and over Tor, the project is designed to be accessible to those who are behind a firewall and/or are unable to install software on the computer they are using. For example, someone who wants to participate in a CTF competition, but is using shared computers in a library or a school computer lab.
This project uses generously-offered, free resources in a way that was likely not intended by GitHub. Please do not abuse them.
I claim no responsibility for how you use this project. Based on my reading of GitHub's:
I have concluded that using this Actions workflow to do productive work, particularly if you don't have the ability to run a Linux computer of your own, is probably permissible if done in good faith, and with an effort made to reduce excessive resource consumption. For example, don't use the graphical workflows unless absolutely necessary, because they are considerably more resource intensive to set up and run, and don't leave the workflows running when not using them.
That being said, I may be reading the policies wrong, and GitHub has the right to change them at any time. In particular, if this use of GitHub Actions is abused, it is likely that future ability to do things like this will be limited by GitHub. If you like it, don't ruin it for others.
Note: typical users get 3,000 minutes of private Actions time per month per user. This project can quickly run up that time if you are not careful. Check your own usage here to see how close to the limit you are. Also note that actions stop automatically after 6 hours.
Problem: Tor browser loads the hidden service indefinitely, never connecting
Solution: Restart Tor browser
Problem: The web interface text is illegible when using Tor browser or Firefox
Solution: Disable the privacy.resistFingerprinting
setting in
about:config
Problem: The "Display connection info and sleep" workflow step fails when trying to display ngrok connection information
Solution: The ngrok authtoken supplied either as input to the workflow, or as a repository secret is invalid or corrupted
Problem: Connecting to the server using SSH over Tor fails
Solution: Make sure Tor browser is running while the command is run. If
it is still not working, try the command on port 9050
instead of 9150
Problem: Tor fails to bind to the port when running the workflow
Solution: Run the action again. If it continues to fail, open an issue
Problem: The web interface does not work with tor2web sites like tor2web.io or onion.sh
Solution: Use Tor browser and do not use tor2web sites
dotfiles
directory contains configuration files for many
programs running in the collaborative environment.
install.sh
copies dotfiles to the proper
locations.tmux.conf
contains custom shortcuts for tmux
.bashrc
is pretty minimal, but contains a few
useful command aliasesttyd_run.sh
is run every time a new user
connects via SSH or the Web interface and is responsible for opening a new
tmux
session that uses one common set of windows for all clientsThanks to my good friend Logan Snow (@lsnow99) for testing, fixing bugs, and other contributions!
This project makes use of several great software packages that have made their services available for free: