BSidesCBR CTF docker compose files
Switch branches/tags
Nothing to show
Clone or download
Permalink
Failed to load latest commit information.
crypto-docuprotect Add fancybear, rapid7, fix readmes Mar 22, 2017
crypto-fancybear Add fancybear, rapid7, fix readmes Mar 22, 2017
crypto-needleinahaystack renamed crypto folder Mar 22, 2017
crypto-otp Add fancybear, rapid7, fix readmes Mar 22, 2017
crypto-rapid7 Add fancybear, rapid7, fix readmes Mar 22, 2017
forensics-capturethis add capture this Mar 22, 2017
forensics-peaceamongworlds Add fancybear, rapid7, fix readmes Mar 22, 2017
forensics-rektexfil Add fancybear, rapid7, fix readmes Mar 22, 2017
forensics-totalexpert add the total expert challenge Mar 22, 2017
forensics-whydoyouparty Add the why do you party challenge Mar 22, 2017
misc-bogecoin Add bogecoin challenge Mar 22, 2017
misc-ruler Add ruler challenge Mar 21, 2017
pwn-countme1 Add countme2 Mar 21, 2017
pwn-countme2 Add countme2 Mar 21, 2017
pwn-incredis Added incredis Mar 21, 2017
pwn-login Added the login.exe challenge Mar 21, 2017
pwn-noob Added the pwn noob challenge Mar 21, 2017
rev-crackme added crackme Mar 21, 2017
rev-foldr Added foldr Mar 21, 2017
rev-letsplayagame Add play a game challenge Mar 22, 2017
rev-pushmybuttons Added push my buttons Mar 21, 2017
rev-transitionme Added transitionme Mar 21, 2017
web-derpchat Add gohackme, disable logging on containers Mar 20, 2017
web-epicl33twarezs Add gohackme, disable logging on containers Mar 20, 2017
web-gohackme Add gohackme, disable logging on containers Mar 20, 2017
web-jonsnow Add gohackme, disable logging on containers Mar 20, 2017
web-nextlevelfilters Add gohackme, disable logging on containers Mar 20, 2017
.gitignore Added the countme 1 challenge Mar 21, 2017
README.md updated main readme Mar 21, 2017

README.md

BSidesCBR 2017 CTF docker compose files

This repo contains all the docker-compose files that spin up the BSidesCBR 2017 CTF challenges. Each of the challenges listed here was available as part of the CTF, though unfortunately some challenges weren't able to be dockerised and released.

Don't cheat!

See the FAQ. Don't do yourself out of the challenge!

Running challenges

HTTPS stuff

Each of the web challenges has a certificate for web.shell.dance that was generated via Lets Encrypt. Expect to see SSL errors in your browser, unless you decide to add an entry to your hosts file that points web.shell.dance at 127.0.0.1 (this is recommended). If you don't, the rest of the instructions won't make sense! Skipping this step means using localhost instead of web.shell.dance wherever you see it.

Should I be pushing images with the SSL certs in them? Probably not, but they'll expire soon anyway.

Docker container execution

Each subfolder maps to a challenge. In order to run that particular challenge, simply:

  1. cd to the folder that contains the challenge you wish to attempt.
  2. run docker-compose up
  3. Read the README.md inside the folder for details on where to find the challenge.

At this time, we don't have the scoreboard available, but hopefully that won't stop you from owning it!

Make sure that you give the containers enough time to spin up. The first time you run them, they have to be downloaded, so give it a while. Once they're down, some of the challenges (web in particular) take a bit of time to get running. So if they don't work the first time, just wait a bit and try connecting again.

If you have issues running the containers a second time after you've closed them off, run docker-compose rm before trying again.

FAQ

Wait.. can't I just attach to the running container and cheat?

Yes, you can. Don't do that. It's lame, it's against the spirit of this release, and you won't learn as much. Do it the proper way! You'll hopefully feel a bit of pain while figuring things out, but you'll learn something in the process.

Can I produce a write-up for a challenge, or live-stream the process of completing it?

Yes, please do. Let us know when you publish/stream by hitting us up on Twitter.

Can I reuse your challenge for my own CTF?

You'll have to contact us to discuss this as we'd like to know the purpose of the CTF.