This project is meant to ease the learning of software security.
You will be able to exploit simple programs with the source code in front of you. Then you will be ask to fix the code and submit it, the server will test your code (both looking for security vulnerabilities and testing functionalities). Then you will have your result, explaining where you failed.
Please feel free to contribute ! See in the /challs directory for instructions of how to add challenges. Feel free to contact me on github or at: hugodelval [at] gmail [dot] com
Run with docker
Installation varies a lot depending on your system. Please refer to the official documentation (kept up to date !) here : https://docs.docker.com/engine/installation/linux/debian (for example).
docker run -t -p 8081:80 hugodelval/pedagogic-ctf
Then open your browser here: http://localhost:8081
If you need to make changes, help yourself, then launch:
docker build . -t hugodelval/pedagogic-ctf
To kill the running app press Ctrl-C then :
docker ps docker kill <CONTAINER ID>
How does it work?
The user can do 2 things :
- exploit programs (and learn the vulnerability)
- correct challenges (learn how to fix the vulnerability)
The server launch the program with the user input as stdin. The user goal is to find the secret of the program (something that should not be visible if there are no vulnerabilities).
If the user finds the secret, he can submit it to the server, which will check the secret validity and add points to the user.
The user can then correct the program:
- the user send the corrected code
- the server copies the code in a new temporary directory and create a temporary user (+chmod / chown...)
- the server executes (with the new temp user's permissions) the init script of the program (init.py) this initialise the program, create secrets, databases and so on...
- the server executes the user code (with the new temp user's permissions) using several tests that check if the program still works (challs/*/check.py)
- the server executes the user code (with the new temp user's permissions) using several tests that check if the program is no more exploitable (challs/*/exploit.py)
- the server delete the temporary folder and user
- the server gives points to the users if the program still works and is no more exploitable