The Internetwache CTF 2016 repository
Switch branches/tags
Nothing to show
Clone or download
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
configs/etc Added some configuration files Feb 22, 2016
logs/rrd Added RRD logfiles from the monitor VM Mar 4, 2016
static Initial commit Feb 21, 2016
tasks Added compilation options Feb 22, 2016
templates Initial commit Feb 21, 2016
LICENSE.md Fixed licenses Feb 22, 2016
LICENSE.tinyctf.md Fixed licenses Feb 22, 2016
README.md Added RRD logfiles from the monitor VM Mar 4, 2016
README.tinyctf.md Initial commit Feb 21, 2016
config.json.sample Initial commit Feb 21, 2016
ctf.db Added final ctf.db Feb 21, 2016
lang.json Initial commit Feb 21, 2016
server.py Initial commit Feb 21, 2016
task_import.py Initial commit Feb 21, 2016
tasks.json Initial commit Feb 21, 2016

README.md

Internetwache CTF 2016

This is the Internetwache CTF 2016 repository. It contains all files, tools and notes which were used to build and host the CTF. The ctf.db contains the final scoreboard information.

CTF Details

Scoreboard

The scoreboard is based on the tinyctf-platform. Check the README.tinyctf.md and LICENSE.tinyctf.md for more information. You can find our modified fork here: https://github.com/internetwache/tinyctf-platform

Directory structure

The tasks/ directory contains information about all challenges:

├── tasks 							//	Contains all tasks
│   ├── challengeXY					//	Every challenge has a separate directory
│   │   ├── code 						//	Directory with serverside code
│   │   │   ├── service.py 			//	Service
│   │   │   └── flag.py 				//	File with flag
│   │   ├── solution 					//	Directory with public information
│   │   │   ├── description.md 		//	Name and description
│   │   │   └── flag.txt 				//	Flag
│   │   └── task 						//	Directory with resources for download
│   │       └── README.txt 			// 	File with challenge hints or code

Other files:

  • tasks/checkservice.py

A small python script/plugin for the collectd monitoring system. Checks the availability of the services.

  • tasks/createzips.sh

Bundles every tasks/<challenge>/task/ directory into a static/files/<challenge>.zip

  • tasks/pkiller.py

Dirty workaround script to kill long-living apache-mpm-itk subprocesses (spawned by RCE challenges)

  • tasks/tasks.md

An overview over all challenges' names, flags, urls, ips, ports.

  • configs/etc/cgconfig.conf

Configuration file for Cgroups. The group ctf had limited I/O, memory and CPU shares.

  • configs/etc/cgrules.conf

Configuration file for Cgroups. Assigns the rule groups to system groups.

  • configs/etc/iptables/

Iptables rules for the VMs.

  • configs/etc/nginx/

Nginx config for load balancing HTTP and TCP services.

  • configs/etc/service/

Daemontools services for all challenges/tools.

  • logs/

RRD logs created by Collectd on the monitor VM.

Hosting details:

  • 4 VMs from Digitalocean.com in AMS3 datacenter, based on Debian 8 x64, private networking enabled

    • 1x 1 Core, 512 mb, 20GB, 0.007$/h VM as monitor
    • 1x 4 Core, 8 gb, 80gb, 0.119$/h VM as proxy (load balancer)
      • nginx load balancer: HTTP to web1 / TCP to serv1
    • 1x 4 Core, 8 gb, 80gb, 0.119$/h VM as web1 backend
      • web50, web60, web70, web80, web90, crypto80 challenges
    • 1x 4 Core, 8 gb, 80gb, 0.119$/h VM as serv1 backend [ASLR disabled]
      • crypto70, crypto90, code50, code60, code70, code80, code90, exp50, exp60, exp70, exp80, exp90 challenges
    • 1x Floating IP pointing to proxy
    • Costs for hosting: ~20$
  • Setup:

    • Monitor ==> priv. network to proxy / web1 / serv1
    • Internet ==> proxy ==> priv. network to web1 / serv1
      • Pro: Easy to scale by spawning new VMs
      • Pro: Malicious attackers can be stopped on the proxy
      • Contra: Proxy is single point of failure
    • All challenges ran as a separate user
    • All users were in the ctf group
    • Used Daemontools to control services
    • Used TCPServer to provide tcp connections for executables and scripts.
    • Used CGroups to limit resources of users from the ctf group
    • Used Collectd with CGP frontend to monitor all VMs
    • Used Let's encrypt for SSL certificates