Flag format: sigpwny{...}
-
Do you need a container?
- YES:
- cd into
/challenges/<category>
kctf chal create --template <templatename> <chalname> --challenge-dir ./<chalname>
- Available templates:
pwn
,web
,xss-bot
- Note: the kCTF config is
challenge.yaml
and the CTFd config ischallenge.yml
. Confusing? Yes.
- cd into
- NO:
mkdir /challenges/<category>/<chalname>
- YES:
-
Your challenge folder MUST have a
challenge.yml
file for CTFd, following the specification here -
Your challenge must have a healthcheck script if it is deployable - attempt to make it solve the challenge
-
Your challenge should have a
SOLUTION.md
writeup (it's ok if it's simple/concise or a TL;DR version)
- Follow kCTF setup instructions here
umask a+x
- Install dependencies (CLI tools, Docker)
- Enable user namespaces:
- `echo 'kernel.unprivileged_userns_clone=1' | sudo tee -a /etc/sysctl.d/00-local-userns.conf
sudo service procps restart
- Helpful:
export DOCKER_SCAN_SUGGEST=false
- disables annoying Snyk messages from newer Docker versions which break kCTF parsing
Every time you open a new shell, you will need to do the following:
cd
to root of this repositorysource kctf/activate
- Switch to and start local cluster:
kctf cluster load local-cluster
kctf cluster start
- Start challenge and port forward to access it:
kctf chal start
kctf chal debug port-forward
- When done testing:
kctf cluster stop
to shutdown local k8s cluster- Do NOT run this command on remote-cluster or you will delete the Google Cloud cluster
deactivate
to exit ctfcli
- Push to repo, and run the kCTF GitHub action
- Switch to remote cluster:
kctf cluster load remote-cluster
- Port forward to access it:
kctf chal debug port-forward
- When done testing:
deactivate
to exit ctfcli
These instructions only need to be done once before the CTF.
- Install
gcloud
: https://cloud.google.com/sdk/docs/install-sdk - Authenticate with Google Cloud:
gcloud auth login
- Follow kCTF setup instructions here
Create cluster:
kctf cluster create --project dotted-forest-314903 --domain-name chal.uiuc.tf --start --email-address sigpwny@gmail.com --zone us-central1-a --registry us.gcr.io remote-cluster --disable-src-ranges
Note: --disable-src-ranges
disables Cloud Armor. To remove, you need the SECURITY_POLICIES quota.
Resize cluster (to reduce costs before CTF starts):
kctf cluster resize --min-nodes 1 --max-nodes 1 --num-nodes 1 --machine-type e2-standard-4 --pool-name default-pool --spot
cd
to a challenge folder with a deployment challenge.yaml
file and run the following:
kctf chal start
You may need to enable SQL and Redis services. Run the following commands. If you see a prompt like API [sqladmin.googleapis.com] not enabled on project [648434879266]. Would you like to enable and retry (this will take a few minutes)? (y/N)?
, press y
.
gcloud sql instances list
gcloud redis instances list --region us-central1
Run from the root directory:
./ctfd/chal setup
GitHub Actions needs some secrets to automatically sync with the CTFd instance. After creating a CTFd admin account, go to http:///settings#tokens to obtain a token.
From the root of the repository, create the .ctf/config
file with the new IP and token. Note that you need git-crypt
to unlock and edit the file. These credentials will be automatically used by the GitHub Actions workflow to connect to CTFd and sync/install challenges.