Merge pull request #88 from lloydchang/lloydchang-patch-5

feat: add GitHub Codespaces support

Author: andreashappe

.devcontainer/devcontainer.json

@@ -0,0 +1,3 @@
+{
+    "onCreateCommand": "./codespaces_create_and_start_containers.sh"
+}

README.md

@@ -190,6 +190,97 @@ We are using vulnerable Linux systems running in Virtual Machines for this. Neve
 >
 > We are using virtual machines from our [Linux Privilege-Escalation Benchmark](https://github.com/ipa-lab/benchmark-privesc-linux) project. Feel free to use them for your own research!
 
+## GitHub Codespaces support
+
+**Backstory**
+
+https://github.com/ipa-lab/hackingBuddyGPT/pull/85#issuecomment-2331166997
+
+> Would it be possible to add codespace support to hackingbuddygpt in a way, that only spawns a single container (maybe with the suid/sudo use-case) and starts hackingBuddyGPT against that container? That might be the 'easiest' show-case/use-case for a new user.
+
+**Steps**
+1. Go to https://github.com/ipa-lab/hackingBuddyGPT
+2. Click the "Code" button.
+3. Click the "Codespaces" tab.
+4. Click the "Create codespace on main" button.
+5. Wait for Codespaces to start — This may take upwards of 10 minutes.
+
+> Setting up remote connection: Building codespace...
+
+6. After Codespaces started, you may need to restart a new Terminal via the Command Palette:
+
+Press the key combination:
+
+> `⇧⌘P` `Shift+Command+P` (Mac) / `Ctrl+Shift+P` (Windows/Linux)
+
+In the Command Palette, type `>` and `Terminal: Create New Terminal` and press the return key.
+
+7. You should see a new terminal similar to the following:
+
+> 👋 Welcome to Codespaces! You are on our default image.
+>
+>    `-` It includes runtimes and tools for Python, Node.js, Docker, and more. See the full list here: https://aka.ms/ghcs-default-image
+>
+>    `-` Want to use a custom image instead? Learn more here: https://aka.ms/configure-codespace
+>
+> 🔍 To explore VS Code to its fullest, search using the Command Palette (Cmd/Ctrl + Shift + P or F1).
+>
+> 📝 Edit away, run your app as usual, and we'll automatically make it available for you to access.
+>
+> @github-username ➜ /workspaces/ipa-lab-hackingBuddyGPT (main) $
+
+Type the following to manually run:
+```bash
+./codespaces_start_hackingbuddygpt_against_a_container.sh
+```
+7. Eventually, you should see:
+
+> Currently, May 2024, running hackingBuddyGPT with GPT-4-turbo against a benchmark containing 13 VMs (with maximum 20 tries per VM) cost around $5.
+>
+> Therefore, running hackingBuddyGPT with GPT-4-turbo against containing a container with maximum 10 tries would cost around $0.20.
+>
+> Enter your OpenAI API key and press the return key:
+
+8. As requested, please enter your OpenAI API key and press the return key.
+
+9. hackingBuddyGPT should start:
+
+> Starting hackingBuddyGPT against a container...
+
+10. If your OpenAI API key is *valid*, then you should see output similar to the following:
+
+> [00:00:00] Starting turn 1 of 10
+>
+> Got command from LLM:
+>
+> …
+>
+> [00:01:00] Starting turn 10 of 10
+>
+> …
+>
+> Run finished
+>
+> maximum turn number reached
+
+11. If your OpenAI API key is *invalid*, then you should see output similar to the following:
+
+> [00:00:00] Starting turn 1 of 10
+>
+> Traceback (most recent call last):
+>
+> …
+>
+> Exception: Error from OpenAI Gateway (401
+
+**References**
+* https://docs.github.com/en/codespaces
+* https://docs.github.com/en/codespaces/getting-started/quickstart
+* https://docs.github.com/en/codespaces/reference/using-the-vs-code-command-palette-in-codespaces
+* https://openai.com/api/pricing/
+* https://platform.openai.com/docs/quickstart
+* https://platform.openai.com/api-keys
+
 ## Run the Hacking Agent
 
 Finally we can run hackingBuddyGPT against our provided test VM. Enjoy!

codespaces_create_and_start_containers.Dockerfile

@@ -0,0 +1,67 @@
+# codespaces_create_and_start_containers.Dockerfile
+
+FROM ubuntu:latest
+
+ENV DEBIAN_FRONTEND=noninteractive
+
+# Use the TIMEZONE variable to configure the timezone
+ENV TIMEZONE=Etc/UTC
+RUN ln -fs /usr/share/zoneinfo/$TIMEZONE /etc/localtime && echo $TIMEZONE > /etc/timezone
+
+# Update package list and install dependencies in one line
+RUN apt-get update && apt-get install -y \
+    software-properties-common \
+    openssh-server \
+    sudo \
+    python3 \
+    python3-venv \
+    python3-setuptools \
+    python3-wheel \
+    python3-apt \
+    passwd \
+    tzdata \
+    iproute2 \
+    wget \
+    cron \
+    --no-install-recommends && \
+    add-apt-repository ppa:deadsnakes/ppa -y && \
+    apt-get update && apt-get install -y \
+    python3.11 \
+    python3.11-venv \
+    python3.11-distutils \
+    python3.11-dev && \
+    dpkg-reconfigure --frontend noninteractive tzdata && \
+    apt-get clean && \
+    rm -rf /var/lib/apt/lists/*
+
+# Install pip using get-pip.py
+RUN wget https://bootstrap.pypa.io/get-pip.py && python3.11 get-pip.py && rm get-pip.py
+
+# Install required Python packages
+RUN python3.11 -m pip install --no-cache-dir passlib cffi cryptography
+
+# Ensure python3-apt is properly installed and linked
+RUN ln -s /usr/lib/python3/dist-packages/apt_pkg.cpython-310-x86_64-linux-gnu.so /usr/lib/python3/dist-packages/apt_pkg.so || true
+
+# Prepare SSH server
+RUN mkdir /var/run/sshd
+
+# Create ansible user
+RUN useradd -m -s /bin/bash ansible
+
+# Set up SSH for ansible
+RUN mkdir -p /home/ansible/.ssh && \
+    chmod 700 /home/ansible/.ssh && \
+    chown ansible:ansible /home/ansible/.ssh
+
+# Configure sudo access for ansible
+RUN echo "ansible ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/ansible
+
+# Disable root SSH login
+RUN sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin no/' /etc/ssh/sshd_config
+
+# Expose SSH port
+EXPOSE 22
+
+# Start SSH server
+CMD ["/usr/sbin/sshd", "-D"]