Skip to content
Exploitation challenges for CTF
Branch: master
Clone or download
Latest commit d476c2d Feb 13, 2018
Type Name Latest commit message Commit time
Failed to load latest commit information.
challenges Fix link Feb 13, 2018
dev Updated docker compose file Feb 7, 2018
nginx-static-server Misc fix Feb 7, 2018
scripts Misc fix Feb 13, 2018
tmp Update challenge structure Feb 5, 2018
.gitignore Added ppc32 simple fmt string Feb 5, 2018
LICENSE Initial commit Feb 9, 2018 Updated README Feb 13, 2018
challenges.json Updated setup Feb 5, 2018

CTF Works

Tools and scripts for CTF exploit/pwnable challenge development.

Challenge Organization

  • Each challenge goes in its own directory in challenges/${challenge}
  • Each challenge must be packaged as a docker container and must have a Dockerfile
  • Challenges can share binaries or any other file for distribution after packaging through /shared (if exists during runtime). Check in ppc32-simple-fmt challenge.
  • Challenge meta data must go in challenges.json

Challenge developers must ensure that non-root privilege is obtained after exploiting target. Otherise the server/socat process will be killed by the attacker.

Currently we are using following socat command line to fork and execute as a different user:

$ socat -dd TCP4-LISTEN:9000,fork,reuseaddr EXEC:/pwnable,pty,setuid=bob,echo=0,raw,iexten=0


The flag for each challenge will be available from process environment variable. The name of the environment variable can be any of the following:

  • FLAG

Some challenges may still require flag to be in a file.

Development Environment

Create the virtual machine with Vagrant

$ vagrant up

Login with SSH and create ssh keys

$ vagrant ssh
$ ssh-keygen

The generated public need to be added to Bitbucket for repository access from inside the development environment. Do not forget to remove the keys from Bitbucket once development environment is no longer required.

You can’t perform that action at this time.