King of the Hill Environment

Lately, I have been working on creating an open source King of the Hill competition environment for the UNH Cybersecurity Club and for use in some cybersecurity based courses.

What is King of the Hill?

In essence, in a standard King of the Hill competition, each team would get a vulnerable machine they have to lock down. While they lock the system down, they should take note of what they find. As these systems will be nearly identical, everyone has equal footing at the start. As the game progresses, you have the opportunity to attack other teams’ machines. A team’s ability to keep their machine locked down and take over other machines contributes to their score.

What did we make?

This project’s main goal was to be able to create ephemeral virtualized environments for teams that are inherently vulnerable. These can be created and managed from a modern web panel. This is all managed by a head node, which is very lightweight and can be run just as easily on a container of a full virtual machine.

Our lab environment is supported by a Proxmox Virtualization Cluster that enables us to create and destroy Virtual Machines and LXC Containers at will. For this project, we targeted LXC containers for a few reasons:

1. Resource Usage:
   LXC Containers are created using templates. We chose an Ubuntu template because it is very small (143.47 MB), and they use very small amounts of resources in our cluster (A running container uses nearly no CPU usage, around 256 MB or RAM, and only needs a bootdisk of around 4 GB).
2. Operational Performance:
   LXC Containers are very fast to create, start, stop, and destroy. These are all important operations for our project, and must be done decently fast.
3. Easy Setup:
   While Proxmox does not currently support Cloud-Init for LXC Containers (which recently received Cloud-Init support), you can SSH into the container and run a script, which is what we chose to do. This script will allow us to quickly set up the entire container, allowing for a very simple setup.

Additionally, we also provide a robust and configurable scoring engine. This will come with some default checks, such as pings, Proxmox status polling, and HTTP/port scans. We are working on an API to allow you to add your own as well.

Tools used

Frontend

• Vanilla HTML, CSS, JavaScript

Backend

• GoLang
• Netflix/go-env
• gorilla/websocket
• joho/godotenv
• luthermonson/go-proxmox
• modernc.org/sqlite
• The dependencies of the dependencies listed above

Open Source

As a software developer, I firmly believe that projects like these are a strong candidate to help the open source world. We are keeping this project public over at the club’s GitHub. You can find the source code here: github.com/UNHCSC/proxmox-koth

This project is still under active development and has many more features and documentation on the way.