LifeLine is an experimental project, and is thus VERY insecure. It was not designed to be deployed in a professional environment as an actual backup system, so don't do that. Thanks! :)
note to/from rondotdll:
You wrote this code when you were really tired, I verified that everything compiles correctly but I have not had a chance to verify everything functions entirely as intended. if you're feeling unsafe about this, roll back through the commit logs and use an older version. However, I really haven't touched any of the old code, merely added to it in a non-destructive way. Good Luck to you and your team!
- 11:32pm rondotdll from last night.
LifeLine is an experimental project tailored for use in the CCDC, and is designed to prevent a complete system lockout by running in the background waiting for a user to upload an activation file to a repository configured at setup. Upon detection of said activation file, LifeLine will recursively reset all user account passwords on Linux, Windows, and Active Directory to a user-provided string.
This was intentional! Due to Windows Defender slowly becoming more capable at actually protecting our devices, by default it will automatically block most executables from doing anything in privilleged execution mode. Because of this, the auto-configuration mode requires a crap ton of extra firewall exclusions and rules that unnecessarily overcomplicate things.
- Make sure you have at least go 1.21 installed and configured properly (can be found here).
go version- If you don't have git installed, you can download this repo as a zip. Otherwise:
git clone https://github.com/rondotdll/ccdc-lifeline- If you downloaded the zip, make sure to unzip the archive. Then cd into the root of the repo and compile:
Local Accounts: (Server 2016)
go generate ;; go build -o lifeline.exe
Domain Joined: (Server 2019)
go generate ;; go build -tags "ad" -o lifeline.exe
- Run "lifeline.exe" to begin initial setup
- Head over to the Releases page and download the latest linux release
- Unzip the release file
- Make binaries executable
chmod +x activate && chmod +x setup- Run the initial setup wizard in sudo
sudo ./setup- Install snap & git from your package manager
Ubuntu / Debian:
sudo apt update && sudo apt install snap git
Fedora / CentOS:
sudo pacman -Syy && sudo pacman -S snap git
- Download / Update go
sudo snap install go --classic- Clone this repository
git clone https://github.com/rondotdll/ccdc-lifeline- Cd into repo folder and compile
cd ccdc-lifeline
go generate && go build -o lifeline- Make binary executable and run setup *in sudo
chmod +x lifeline && sudo lifelineThe concept is pretty simple, it just waits for a file to be uploaded to github containing an encrypted string to reset all passwords on a device to. The most difficult task of this project was designing it in a way that even if it remains open-sourced, it would still be protective enough for our use case. During the setup process, we generate a config file (GOB'd struct) that stores a link to the GitHub repository* to check for an activation file at, and an RSA Private Key. The corresponding public key is then uploaded in a PEM string to termbin.com, which then returns a 4-5 letter code that can be easily written down for later use. I know, this isn't very secure. DO NOT STORE RSA PUBLIC KEYS IN PUBLIC DATA REPOS!!! Once the setup completes, the user (you) will be prompted to start the background daemon to begin periodically (every 5-sec) checking the GitHub repository for the Activate file.
*For your convenience, I have implemented numerous checks to verify your repository is configured correctly, and that you don't accidentally reuse an old repository already containing an
ACTIVATEfile. (you're welcome)
Included with the actual protection binary, is also an activator binary which takes the code returned by termbin (referred to as a "recovery code") and a user-inputed password. After inputting both of these pieces of data, it pulls the RSA public key from termbin and uses it to encrypt the user-inputed password. This is what is actually stored in the outputed ACTIVATE file: the raw binary output of the RSA encryption.
Once the ACTIVATE file is uploaded to the repository specified at setup, the background daemon should pick it up in 5-10 seconds (depending on rate limits). The daemon will then decrypt the raw binary using the locally-stored private key and recursively change the passwords to each account on the system.
Again, please note that this repository is experimental. The code and functionalities demonstrated should be used with caution and primarily for educational purposes.
Contributions to LifeLine are welcome. Whether you're fixing bugs, adding new features, or improving the documentation, your help is appreciated. Please feel free to fork the repository and submit pull requests.
-
Add support for local Windows NT accounts -
Add active directory account enabling / disabling - Add automated intrusion detection
-
Add auto backup accounts
LifeLine is released under the MIT License. See the LICENSE file in the repository for more details.
This README was AI auto-generated, and Human edited