This repository contains the two stages of the RCE as a Service challenge for the LosFuzzys Glacier CTF 2022.
The contents of ./stage1 and ./stage2 are almost identical. There are minor differences in the source code (Program.cs) in order to make stage 2 harder and the Dockerfiles specify different names and ports so that both stages can be run simultaneously.
The project itself is a .NET6 Minimal Web API. One of its endpoints compiles user-provided code on-the-fly.
I've written extensively about it here and here, but I strongly suggest to only read those articles after trying your hands on the challenge.
With .NET6 being cross-platform, you should be able to compile the binaries yourself with the appropriate tooling installed.
However, containerizing the applications with the help of the provided Dockerfiles is the recommended way. Have a look at the build_and_start.sh and build_and_start_stage2.sh scripts for a rough idea.
In order to verify connectivity, you can send a GET request to the root path of the application (stage 1):
curl --request GET \
--url http://localhost:8001/