/DestructiveFarm

๐Ÿ“ข ๐Ÿ”’ Exploit manager for attack-defense CTF competitions

Primary LanguagePythonOtherNOASSERTION

Destructive Farm

Language: English | ะ ัƒััะบะธะน

Exploit farm for attack-defense CTF competitions

Read the FAQ if you want to know what attack-defense CTFs are, why you need this exploit farm for them, and why it has the architecture described below.

Components

  1. An exploit is a script that steals flags from some service of other teams. It is written by a participant during the competition and should accept the victim's host (IP address or domain) as the first command-line argument, attack them and print flags to stdout.

    Example | More details

  2. A farm client is a tool that periodically runs exploits to attack other teams and looks after their work. It is being run by a participant on their laptop after they've written an exploit.

    The client is a one-file script start_sploit.py from this repository.

    More details

  3. A farm server is a tool that collects flags from farm clients, sends them to the checksystem, monitors the usage of quotas and shows the stats about the accepted and rejected flags. It is being configured and run by a team's admin at the start of the competition. After that, team members can use a web interface (see the screenshot above) to watch the exploits' results and stats.

    The server is a Flask web service from the server directory of this repository.

    More details



The arrows display the flow of the flags

Future Plans

See the list here.

Authors

Copyright ยฉ 2017โ€“2018 Aleksandr Borzunov

Inspired by the Bay's farm.