CTFD based capture the flag application, deployed on AKS with helm chart. This repository's challenges aim mostly to starters, but seasoned CTF players might also find some challenges very interesting and unconventional.
Ideas for some of these challenges were taken from other CTF events, or were inspired by them. We did alter the challeges a bit, so their flags won't be obvious in writeups of those challenges, but by any, we means do not take credit for them.
terraform installation documentation
kubectl installation documentation
git clone https://github.com/galbirk/haide-ctf.git
cd haide-ctf/terraform- create terraform.tfvars in ./terraform to customize your environment
- enter your azure subscription id in terraform/providers.tf file.
cd ./terraform
# in haide-ctf/terraform
terraform init
terraform plan
terraform apply# you can get it from terrafrom or from az cli
# terraform
terrafrom output kube_config
# az cli
az account set --subscription <subscription_id>
az aks get-credentials --resource-group <cluster_resource_group> --name <cluster_name>*secrets names mentioned in ./ctf-helm/values.yaml
# create db secret
kubectl create secret generic <db_secret_name_in_values.yaml> --from-literal=MYSQL_DATABASE=<db_name> --from-literal=MYSQL_PASSWORD=<db_password> --from-literal=MYSQL_ROOT_PASSWORD=<root_password> --from-literal=MYSQL_USER=<db_username> --dry-run=client -o yaml > ./ctf-helm/templates/db-secret.yaml
# create app secret
kubectl create secret generic <app_secret_name_in_values.yaml> --from-literal=dbURL=mysql+pymysql://<db_username>:<db_password>@<db_service_name>/ctfd --dry-run=client -o yaml > ./ctf-helm/templates/app-secret.yamlImportant vaules in ./ctf-helm/values.yaml
- numberOfTeams - number of teams participating in the ctf (we recommend to number the teams from 0 onwards).
- ctfd.secretName - the name of the app secret.
- mariadb.secretName - the name of the db secret.
cd ./ctf-helm
# change your settings in values.yaml
cd ..
helm install <release-name> ./ctf-helm
# get ctfd ip address
kubectl get svc ctf-svc -o jsonpath="{.status.loadBalancer.ingress[0].ip}"
# get ctfd url
echo -n http://$(kubectl get svc ctf-svc -o jsonpath="{.status.loadBalancer.ingress[0].ip}")
# get hodor challenge ip
kubectl get svc hodor-svc -o jsonpath="{.status.loadBalancer.ingress[0].ip}"
# get jailbreak challenge ip
kubectl get svc jail-svc -o jsonpath="{.status.loadBalancer.ingress[0].ip}"
# get path not taken challenge ip
kubectl get svc path-not-taken-svc -o jsonpath="{.status.loadBalancer.ingress[0].ip}"
# get 2048 challenge ip
kubectl get svc twentyfortyeight-svc -o jsonpath="{.status.loadBalancer.ingress[0].ip}"| Name | Category | Level | Competition/Authors |
|---|---|---|---|
| 2048 | WEB | ⭐⭐⭐⭐ | SniperOJ/Wang Yihang |
| The Path Not Taken | WEB | ⭐⭐⭐⭐ | Rubublik |
| IceBreaker | Network Forensics | ⭐⭐⭐⭐⭐ | Rubublik |
| Babushka | MISC | ⭐⭐ | GuySh1 |
| Crypto | MISC | ⭐ | Sochi Olympic CTF 2014 |
| Hodor | MISC | ⭐⭐⭐⭐ | Rubublik |
| JailBreak | MISC | ⭐⭐⭐⭐ | Ringzer0team |
| Story Teller | MISC | ⭐⭐⭐ | ? |
| What Am I | MISC | ⭐⭐ | ? |
| FatherAndSon | Memory Forensics | ⭐⭐⭐⭐⭐ | GuySh1 |
| C00pawns | Memory Forensics | ⭐⭐⭐⭐⭐ | Rubublik |
- jailbreak image repository
- hodor image repository
- 2048 image repository
- path not taken image repository
Gal Birkman, DevOps Engineer.
email: [email protected]
GitHub: https://github.com/galbirk
-------------------------------------------
Eli Rudin, Security Researcher.
email: [email protected]
GitHub: https://github.com/RuBublik
-------------------------------------------
Guy Shalev, Security Researcher.
email: [email protected]
GitHub: https://github.com/GuySh1