/HBCTF

HackBama CTF game

Primary LanguagePythonMIT LicenseMIT

HBCTF

https://travis-ci.org/osteth/HBCTF.svg?branch=master

A hybrid CTF game, combining a dev-ops service hack and patch, jeopardy style flags, and an explorable battfield were players go head to head to control strategic network nodes.

http://www.hackbama.com/wp-content/uploads/2017/03/Hackbama_Logo-enc-400x400.png

Quick start

To use HBCTF as the start of a new project, do the following, preferably in a virtual environment. Clone the repo.

git clone https://github.com/osteth/HBCTF
cd HBCTF

Then install in locally editable (-e) mode and run the tests.

sudo pip install -e .[test]
py.test

Then install couchDB (Developtment and testing is done on Ubuntu 16.04) .. code-block:: console

sudo apt-get install couchDB

Finally, give the command line game control program a try.

HBCTF --help

Services API explaination

Checkin --> Token Decryption --> ScoreTokentSubmit

Checkin

Player checks into the game server and submits to the server the ip address and port their service is running on. The server responds out to the player with key and an encrypted score token that the player can decrypt and submit to receive points.

  • Player Actions
    • Checkin with IP and port they are running their service on.
    • Accept tokens and decrypts them
    • Submit decrypted tokens back to the server decrypted.
  • Server Actions
    • Recieve checkin information and store it in DB.
    • Pass out tokens every 5 minutes.
    • Recieve decrypted tokens and register scores.

ScoreTokentSubmit

Player submits the decrypted token back to the server to gain their points.

CLI Commands

Usage: HBCTF [OPTIONS] COMMAND [ARGS]...

Options:

Flag Type Description
-p, --port -v, --verbose -l, --logging --help INTEGER INTEGER INTEGER Port number to serve the API on. Sets the verbosity of outputs Sets the detail level of logs Show this message and exit.

Commands:

Command Action
dropdb initdb restart start status stop Drop the database. Initialize the database. Restart the API. Start the API. Show the status of the API. Stop the API.

Dev Roadmap

  • Services API -> unit tests -> documentation.
  • Game Control CLI -> unit tests -> documentation.
  • Expad API for jeopardy stype flags -> unit tests -> documentation.
  • Jeopardy style scoreboard -> unit tests -> recustomization pipeline-> documentation.
  • Expand API for battleground features -> unit tests -> documentation.
  • Build battleground VM's -> Network VM's -> Seutup High Value Nodes and hook them to API -> Recustomization Pipeline -> documentation.

Dev Notes:

To help prevent uncustomized forks of HBCTF from being uploaded to PyPI, I've configured the setup's upload command to dry run. Make sure to remove this configuration from setup.cfg when you customize HBCTF.

  • logging
  • isatty
  • colrama
  • progressbar (progressbar2)