/CTFd-Whale

A plugin for CTFd which allow your users to launch a standalone instance for challenges.

Primary LanguagePythonMIT LicenseMIT

CTFd-Whale

A plugin for CTFd which allow your users to launch a standalone instance for challenges.

https://www.zhaoj.in/wp-content/uploads/2019/08/1565947849bb2f3ed7912fb85afbbf3e6135cb89ca.png

https://www.zhaoj.in/wp-content/uploads/2019/08/15659478989e90e7a3437b1bdd5b9e617d7071a79f.png

https://www.zhaoj.in/wp-content/uploads/2019/08/15659479342f5f6d33e2eeaedb313facd77b2bbccb.png

https://www.zhaoj.in/wp-content/uploads/2019/08/1565923903609e6c236759a5663be8e0fb57904482.png

Features

  • Provide a new challenge type - dynamic_docker.
  • The player can launch an instance for these challenge on the challenge board by one click.
  • Every instance has a unique flag.
  • Admin can manage the instance at the admin panel.

Usage

  1. Copy this folder to your ctfd plugins folder.
  2. Deploy frp on your servers, and you should make sure CTFd can access frpc admin API directly.
  3. And also make sure docker API is accessible to CTFd, you should create a network in docker called 'ctfd_frp-containers' which allow frp redirect traffic to challenge instances.
  4. Configure this plugin on the admin panel.
  5. Now you may create a challenge, choose the challenge type - dynamic_docker and fill the form.
  6. Click the preview button, then you can launch an instance for this challenge.
  7. Enjoy it:)

Some configuration file

  1. docker-compose.yml for CTFd I used.
version: '2.2'

services:
  ctfd-nginx:
    build: ./nginx
    user: root
    restart: always
    ports:
      - "80:80"
      - "443:443"
    networks:
        default:
        internal:
    depends_on:
      - ctfd
    cpus: '2.50'
    mem_limit: 150M
  ctfd:
    build: .
    user: root
    restart: always
    environment:
      - UPLOAD_FOLDER=/var/uploads
      - DATABASE_URL=mysql+pymysql://root:ctfd@db/ctfd
      - REDIS_URL=redis://cache:6379
      - WORKERS=1
      - LOG_FOLDER=/var/log/CTFd
      - ACCESS_LOG=-
      - ERROR_LOG=-
      - REVERSE_PROXY=true
    volumes:
      - .data/CTFd/logs:/var/log/CTFd
      - .data/CTFd/uploads:/var/uploads
      - .:/opt/CTFd:ro
      - /var/run/docker.sock:/var/run/docker.sock
    depends_on:
      - db
    networks:
        default:
        internal:
        frp:
            ipv4_address: 172.1.0.2
    cpus: '2.50'
    mem_limit: 450M

  db:
    image: mariadb:10.4
    restart: always
    environment:
      - MYSQL_ROOT_PASSWORD=ctfd
      - MYSQL_USER=ctfd
      - MYSQL_PASSWORD=ctfd
    volumes:
      - .data/mysql:/var/lib/mysql
    networks:
        internal:
    # This command is required to set important mariadb defaults
    command: [mysqld, --character-set-server=utf8mb4, --collation-server=utf8mb4_unicode_ci, --wait_timeout=28800, --log-warnings=0]
    cpus: '2.50'
    mem_limit: 750M

  cache:
    image: redis:4
    restart: always
    volumes:
      - .data/redis:/data
    networks:
        internal:
    cpus: '2.50'
    mem_limit: 450M

  frpc:
    image: glzjin/frp:latest
    restart: always
    volumes:
      - ./frpc:/conf/
    entrypoint:
        - /usr/local/bin/frpc
        - -c
        - /conf/frpc.ini
    networks:
        frp:
            ipv4_address: 172.1.0.3
        frp-containers:
    cpus: '1.50'
    mem_limit: 250M

networks:
    default:
    internal:
        internal: true
    frp:
        driver: bridge
        ipam:
            config:
                - subnet: 172.1.0.0/16
    frp-containers:
        driver: bridge
        internal: true
        ipam:
            config:
                - subnet: 172.2.0.0/16

Internet --> frps1 --> frpc1 --> nginx --> ctfd

Internet --> frps2 --> frps2 --> chanllenge_instance

  1. frpc config tamplate
[common]
token = ***************
server_addr = *******
server_port = ****
pool_count = 200
tls_enable = true

# Make sure it's only exposed the port to the network that only has ctfd and frp, not the frp and challenge instance one.
admin_addr = 172.1.0.3
admin_port = 7400
  1. Some challenge image you can use.

https://github.com/CTFTraining/CTFTraining

  1. Challenge image requirement
  • Support set flag by setting docker environment "FLAG".
  1. The configuration I have set on the CTFd admin panel. https://www.zhaoj.in/wp-content/uploads/2019/08/1565931400faa3a335e9a8531e8e34cdb1e5ede899.png

Demo

BUUCTF