Skip to content
This repository has been archived by the owner on Apr 13, 2024. It is now read-only.

Latest commit

 

History

History
191 lines (157 loc) · 5.84 KB

README.md

File metadata and controls

191 lines (157 loc) · 5.84 KB

此分支已不再维护,如需继续使用请参考 https://github.com/frankli0324/ctfd-whale

此分支已不再维护,如需继续使用请参考 https://github.com/frankli0324/ctfd-whale

此分支已不再维护,如需继续使用请参考 https://github.com/frankli0324/ctfd-whale

:)

CTFd-Whale

A plugin for CTFd which allow your users to launch a standalone instance for challenges.

https://www.zhaoj.in/wp-content/uploads/2019/08/1565947849bb2f3ed7912fb85afbbf3e6135cb89ca.png

https://www.zhaoj.in/wp-content/uploads/2019/08/15659478989e90e7a3437b1bdd5b9e617d7071a79f.png

https://www.zhaoj.in/wp-content/uploads/2019/08/15659479342f5f6d33e2eeaedb313facd77b2bbccb.png

https://www.zhaoj.in/wp-content/uploads/2019/08/1565923903609e6c236759a5663be8e0fb57904482.png

Features

  • Provide a new challenge type - dynamic_docker.
  • The player can launch an instance for these challenge on the challenge board by one click.
  • Every instance has a unique flag.
  • Admin can manage the instance at the admin panel.

Usage

  1. You should init docker swarm, and add your node to it. And name them with following command:
docker node update --label-add name=windows-1 ****
docker node update --label-add name=linux-1 ****

Name of them should begin with windows- or linux-.

  1. Copy this folder to your ctfd plugins folder. Make sure the folder name is 'ctfd-whale'.
  2. Deploy frp on your servers, and you should make sure CTFd can access frpc admin API directly.
  3. And also make sure docker API is accessible to CTFd, you should create a network in docker called 'ctfd_frp-containers' which allow frp redirect traffic to challenge instances.
  4. Configure this plugin on the admin panel.
  5. Now you may create a challenge, choose the challenge type - dynamic_docker and fill the form.
  6. Click the preview button, then you can launch an instance for this challenge.
  7. Enjoy it:)

Some configuration file

  1. docker-compose.yml for CTFd I used.
version: '2.2'

services:
  ctfd-nginx:
    build: ./nginx
    user: root
    restart: always
    ports:
      - "80:80"
      - "443:443"
    networks:
        default:
        internal:
    depends_on:
      - ctfd
    cpus: '2.50'
    mem_limit: 150M
  ctfd:
    build: .
    user: root
    restart: always
    environment:
      - UPLOAD_FOLDER=/var/uploads
      - DATABASE_URL=mysql+pymysql://root:ctfd@db/ctfd
      - REDIS_URL=redis://cache:6379
      - WORKERS=1
      - LOG_FOLDER=/var/log/CTFd
      - ACCESS_LOG=-
      - ERROR_LOG=-
      - REVERSE_PROXY=true
    volumes:
      - .data/CTFd/logs:/var/log/CTFd
      - .data/CTFd/uploads:/var/uploads
      - .:/opt/CTFd:ro
      - /var/run/docker.sock:/var/run/docker.sock
    depends_on:
      - db
    networks:
        default:
        internal:
        frp:
            ipv4_address: 172.1.0.2
    cpus: '2.50'
    mem_limit: 450M

  db:
    image: mariadb:10.4
    restart: always
    environment:
      - MYSQL_ROOT_PASSWORD=ctfd
      - MYSQL_USER=ctfd
      - MYSQL_PASSWORD=ctfd
    volumes:
      - .data/mysql:/var/lib/mysql
    networks:
        internal:
    # This command is required to set important mariadb defaults
    command: [mysqld, --character-set-server=utf8mb4, --collation-server=utf8mb4_unicode_ci, --wait_timeout=28800, --log-warnings=0]
    cpus: '2.50'
    mem_limit: 750M

  cache:
    image: redis:4
    restart: always
    volumes:
      - .data/redis:/data
    networks:
        internal:
    cpus: '2.50'
    mem_limit: 450M

  frpc:
    image: glzjin/frp:latest
    restart: always
    volumes:
      - ./frpc:/conf/
    entrypoint:
        - /usr/local/bin/frpc
        - -c
        - /conf/frpc.ini
    networks:
        frp:
            ipv4_address: 172.1.0.3
        frp-containers:
    cpus: '1.50'
    mem_limit: 250M

networks:
    default:
    internal:
        internal: true
    frp:
        driver: bridge
        ipam:
            config:
                - subnet: 172.1.0.0/16
    frp-containers:
        driver: overlay
        internal: true
        ipam:
            config:
                - subnet: 172.2.0.0/16

Internet --> frps1 --> frpc1 --> nginx --> ctfd

Internet --> frps2 --> frps2 --> chanllenge_instance

  1. frpc config tamplate
[common]
token = ***************
server_addr = *******
server_port = ****
pool_count = 200
tls_enable = true

# Make sure it's only exposed the port to the network that only has ctfd and frp, not the frp and challenge instance one.
admin_addr = 172.1.0.3
admin_port = 7400
  1. Some challenge image you can use.

https://github.com/CTFTraining/CTFTraining

  1. Challenge image requirement
  • Support set flag by setting docker environment "FLAG".
  1. The configuration I have set on the CTFd admin panel. https://www.zhaoj.in/wp-content/uploads/2019/08/1565931400faa3a335e9a8531e8e34cdb1e5ede899.png

Demo

BUUCTF

Third-Party Introduction

Twins