Sadservers with instance on demand

_examples/example.config.toml

@@ -30,6 +30,9 @@ default_cpu_shares = 1024
 default_memory_limit = 1024
 default_pids_limit = 100
 
+# Port range for localhost deployments (format: START:END)
+local_host_port_range = "30000:40000"
+
 # List of ip addresses of all the servers where challenge could be deployed for 
 # balanced load accross servers. 
 [available_servers]
@@ -44,6 +47,9 @@ username = "user1"
 # Path to private SSH key for interacting with the server.
 ssh_key_path = "/path/to/your/private/key1"
 
+# Port range for this server (format: START:END)
+port_range = "30000:40000"
+
 # Status of remote server to be used
 # If it is set to false then that remote server will not be used
 active = false
@@ -53,10 +59,13 @@ active = false
 host = "localhost"
 
 # Username to be used for ssh connection (Leave empty for localhost)
-username = "user1"
+username = ""
 
 # Path to private SSH key for interacting with the server. (Leave empty for localhost)
-ssh_key_path = "/path/to/your/private/key1"
+ssh_key_path = ""
+
+# Port range for this server (format: START:END) - uses local_host_port_range if empty
+port_range = ""
 
 # Status of remote server to be used
 active = true
@@ -113,6 +122,19 @@ host = "localhost"
 port = "5432"
 sslmode = "prefer"
 
+[redis_config]
+host = "localhost"
+port = "6379"
+password = ""
+user = ""
+
+[instance_config]
+# Port Range for localhost. per-server this is configured via `port-range`
+local_host_port_range = '10000:11000'
+default_expiration = 300
+max_extension = 600
+max_instances_per_user = 3
+
 # The following fields are required only while hosting a competition on beast
 # This section contains information about the competition to be hosted
 # Structure of the sections with the acceptable fields are:

_examples/instanced-compose/Dockerfile

@@ -0,0 +1,12 @@
+FROM php:7.4-apache
+
+# Install MySQL extension
+RUN docker-php-ext-install mysqli pdo pdo_mysql
+
+# Copy challenge files
+COPY challenge/ /var/www/html/
+
+# Set permissions
+RUN chown -R www-data:www-data /var/www/html
+
+EXPOSE 80

_examples/instanced-compose/README.md

@@ -0,0 +1,89 @@
+# Instanced Docker Compose Challenge Example
+
+This is an example of an **instanced challenge using Docker Compose** - a multi-container challenge where each user gets their own isolated environment with a web server and database.
+
+## Architecture
+
+```
+┌──────────────────────────────────────────┐
+│         User's Instanced Environment      │
+│  ┌─────────────┐      ┌─────────────┐    │
+│  │  PHP/Apache │ ───▶ │   MySQL     │    │
+│  │    (web)    │      │    (db)     │    │
+│  └─────────────┘      └─────────────┘    │
+│        │                                  │
+│        ▼                                  │
+│   Port: 31234 (dynamically assigned)     │
+└──────────────────────────────────────────┘
+```
+
+## Key Configuration
+
+In `beast.toml`:
+
+```toml
+[challenge.metadata]
+instanced = true
+instance_expiration = 600  # 10 minutes
+
+[challenge.env]
+docker_compose = "docker-compose.yml"
+default_port = 8080
+```
+
+In `docker-compose.yml`, use the `INSTANCE_PORT` environment variable:
+
+```yaml
+services:
+  web:
+    ports:
+      - "${INSTANCE_PORT:-8080}:80"
+```
+
+## Challenge Details
+
+This is a SQL injection challenge:
+
+1. The login form is vulnerable to SQL injection
+2. Bypass authentication to login as admin
+3. The flag is stored in the `secrets` table
+
+### Solution
+
+```
+Username: admin' OR '1'='1' -- 
+Password: anything
+```
+
+Or use UNION-based injection to extract data directly.
+
+## Testing Locally
+
+```bash
+# Build and run locally (for testing)
+cd _examples/instanced-compose
+docker-compose up -d
+
+# Access at http://localhost:8080
+```
+
+## Usage via Beast API
+
+```bash
+# Spawn your instance
+curl -X POST -H "Authorization: Bearer $TOKEN" \
+  http://localhost:8080/api/instances/instanced-compose/spawn
+
+# Response:
+# {
+#   "instance_id": "abc123def456",
+#   "challenge_name": "instanced-compose",
+#   "hosted_address": "localhost",
+#   "port": 31234,
+#   "expires_at": "2024-01-15T10:40:00Z",
+#   "ttl_seconds": 600
+# }
+
+# Access your instance
+open http://localhost:31234
+```

_examples/instanced-compose/beast.toml

@@ -0,0 +1,33 @@
+[author]
+name = "beast-admin"
+email = "admin@beast.local"
+ssh_key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQ"
+
+[challenge.metadata]
+name = "instanced-compose"
+flag = "FLAG{c0mp0s3_1nst4nc3s_r0ck!}"
+type = "web"
+description = "A web challenge with database backend. Each user gets their own isolated environment!"
+points = 200
+difficulty = "medium"
+tags = ["web", "sql", "instanced"]
+maxAttemptLimit = 100
+instanced = true
+instance_expiration = 12
+
+[[challenge.metadata.hints]]
+text = "Check for SQL injection vulnerabilities"
+points = 30
+
+[[challenge.metadata.hints]]
+text = "The admin password might be in the database..."
+points = 50
+
+[challenge.env]
+docker_compose = "docker-compose.yml"
+default_port = 8080
+
+[resource]
+cpu_shares = 1024
+memory_limit = 536870912
+pids_limit = 100

_examples/instanced-compose/challenge/index.php

@@ -0,0 +1,158 @@
+<!DOCTYPE html>
+<html>
+<head>
+    <title>Secret Vault - Login</title>
+    <style>
+        body {
+            font-family: 'Segoe UI', Arial, sans-serif;
+            background: linear-gradient(135deg, #1a1a2e 0%, #16213e 100%);
+            min-height: 100vh;
+            display: flex;
+            justify-content: center;
+            align-items: center;
+            margin: 0;
+            color: #fff;
+        }
+        .container {
+            background: rgba(255, 255, 255, 0.1);
+            padding: 40px;
+            border-radius: 15px;
+            box-shadow: 0 8px 32px rgba(0, 0, 0, 0.3);
+            backdrop-filter: blur(10px);
+            width: 350px;
+        }
+        h1 {
+            text-align: center;
+            margin-bottom: 30px;
+            color: #00d9ff;
+        }
+        .form-group {
+            margin-bottom: 20px;
+        }
+        label {
+            display: block;
+            margin-bottom: 8px;
+            color: #aaa;
+        }
+        input[type="text"], input[type="password"] {
+            width: 100%;
+            padding: 12px;
+            border: none;
+            border-radius: 8px;
+            background: rgba(255, 255, 255, 0.1);
+            color: #fff;
+            font-size: 16px;
+            box-sizing: border-box;
+        }
+        input[type="submit"] {
+            width: 100%;
+            padding: 14px;
+            border: none;
+            border-radius: 8px;
+            background: #00d9ff;
+            color: #1a1a2e;
+            font-size: 16px;
+            font-weight: bold;
+            cursor: pointer;
+            transition: background 0.3s;
+        }
+        input[type="submit"]:hover {
+            background: #00b8d4;
+        }
+        .error {
+            background: rgba(255, 0, 0, 0.2);
+            padding: 10px;
+            border-radius: 8px;
+            margin-bottom: 20px;
+            text-align: center;
+        }
+        .success {
+            background: rgba(0, 255, 0, 0.2);
+            padding: 10px;
+            border-radius: 8px;
+            margin-bottom: 20px;
+            text-align: center;
+        }
+        .hint {
+            text-align: center;
+            margin-top: 20px;
+            color: #666;
+            font-size: 12px;
+        }
+    </style>
+</head>
+<body>
+    <div class="container">
+        <h1>Secret Vault</h1>
+
+        <?php
+        $error = '';
+        $success = '';
+
+        if ($_SERVER['REQUEST_METHOD'] === 'POST') {
+            $host = getenv('DB_HOST') ?: 'db';
+            $user = getenv('DB_USER') ?: 'challenge';
+            $pass = getenv('DB_PASS') ?: 'challengepass';
+            $dbname = getenv('DB_NAME') ?: 'ctf';
+
+            $conn = new mysqli($host, $user, $pass, $dbname);
+
+            if ($conn->connect_error) {
+                $error = "Connection failed. Please try again.";
+            } else {
+                $username = $_POST['username'];
+                $password = $_POST['password'];
+
+                // VULNERABLE: SQL Injection!
+                $query = "SELECT * FROM users WHERE username='$username' AND password='$password'";
+                $result = $conn->query($query);
+
+                if ($result && $result->num_rows > 0) {
+                    $row = $result->fetch_assoc();
+
+                    if ($row['role'] === 'admin') {
+                        // Admin login - show secrets
+                        $secrets_query = "SELECT * FROM secrets";
+                        $secrets_result = $conn->query($secrets_query);
+
+                        $success = "Welcome Admin! Here are your secrets:<br><br>";
+                        while ($secret = $secrets_result->fetch_assoc()) {
+                            $success .= "<b>" . htmlspecialchars($secret['secret_name']) . ":</b> " . 
+                                        htmlspecialchars($secret['secret_value']) . "<br>";
+                        }
+                    } else {
+                        $success = "Welcome, " . htmlspecialchars($row['username']) . "! You're logged in as a regular user.";
+                    }
+                } else {
+                    $error = "Invalid username or password!";
+                }
+
+                $conn->close();
+            }
+        }
+        ?>
+
+        <?php if ($error): ?>
+            <div class="error"><?php echo $error; ?></div>
+        <?php endif; ?>
+
+        <?php if ($success): ?>
+            <div class="success"><?php echo $success; ?></div>
+        <?php else: ?>
+            <form method="POST">
+                <div class="form-group">
+                    <label>Username</label>
+                    <input type="text" name="username" required placeholder="Enter username">
+                </div>
+                <div class="form-group">
+                    <label>Password</label>
+                    <input type="password" name="password" required placeholder="Enter password">
+                </div>
+                <input type="submit" value="Login">
+            </form>
+        <?php endif; ?>
+
+        <p class="hint">Hint: Try logging in as admin to see the secrets!</p>
+    </div>
+</body>
+</html>

_examples/instanced-compose/docker-compose.yml

@@ -0,0 +1,29 @@
+version: '3.8'
+
+services:
+  web:
+    build:
+      context: .
+      dockerfile: Dockerfile
+    ports:
+      # Use INSTANCE_PORT env var if available, otherwise default to 8080
+      - "${INSTANCE_PORT:-8080}:80"
+    environment:
+      - DB_HOST=db
+      - DB_USER=challenge
+      - DB_PASS=challengepass
+      - DB_NAME=ctf
+    depends_on:
+      - db
+    restart: unless-stopped
+
+  db:
+    image: mysql:5.7
+    environment:
+      - MYSQL_ROOT_PASSWORD=rootpass
+      - MYSQL_DATABASE=ctf
+      - MYSQL_USER=challenge
+      - MYSQL_PASSWORD=challengepass
+    volumes:
+      - ./init.sql:/docker-entrypoint-initdb.d/init.sql:ro
+    restart: unless-stopped