This repository contains all the files used to host Paradigm CTF. For help and support, join the Discord.
To run the CTF infrastructure locally, simply run the following commands:
cd paradigmctf.py
docker compose upTo run the CTF infrastructure in kCTF, you'll need to do the following:
# create the cluster if it doesn't exist
kctf cluster create --type kind local-cluster
# build the image
(cd paradigmctf.py; docker build gcr.io/paradigmxyz/infra/paradigmctf.py:latest)
# push the image to kind
kind load docker-image --name "${CLUSTER_NAME}" "gcr.io/paradigmxyz/infra/paradigmctf.py:latest"
# create all the resources
kubectl apply -f kubernetes/ctf-server.yaml
# port forward the anvil proxy for local access
kubectl port-forward service/anvil-proxy 8545:8545 &Now you'll be able to build and test challenges in kCTF:
# start the challenge
kctf chal start
# port forward the challenge
kctf chal debug port-forward --port 1337 --local-port 1337 &
# connect to the challenge
nc 127.0.0.1 1337Paradigm CTF is hosted using kCTF, a Kubernetes-based CTF platform. Follow the kCTF setup instructions to get a local cluster running on your computer.
The kctf-challenge image acts as a standard image on top of the kCTF base image. It's optional, not required, but provides the following features:
- Adds the
/bin/kctf_persist_envand/bin/kctf_restore_envscripts for use withkctf_drop_privs, which resets all environment variables (this might be removed if a better way of passing configuration variables is identified) - Adds a common
nsjail.cfgfor use with Anvil. The usefulness of running the Anvil server inside nsjail is debatable, as a lot of security features need to be disabled (timeouts, resource limits, etc). The file is also poorly-named, and may be changed in the future
The paradigmctf.py image acts as the base image for all challenges. It provides the following features:
- Installs the
ctf_launchers,ctf_solvers, andctf_serverlibraries. These can be used to orchestrate CTF challenge instances.
The forge-ctf library provides two Forge scripts which can be used to deploy and solve challenges. They are intended to be used with the eth_launchers package.
The CTFDeployment script can be overridden to implement the deploy(address system, address player) internal returns (address challenge) function. It defaults to using the test [...] test junk mnemonic, but will read from the MNEMONIC environment variable. It writes the address that the challenge was deployed at to /tmp/deploy.txt, or the value of OUTPUT_FILE.
The CTFSolver script can be overriden to implement the solve(address challenge, address player) function. The challenge address must be specified as the CHALLENGE environment variable. The player private key defaults to the first key generated from the test [...] junk mnemonic, but can be overridden with PLAYER.
Templates are provided for you to quickly get started with creating challenges of your own. To use them, copy the templates into kctf/challenge-templates. Then, you will be able to use kctf chal create --template eth-pwn.
Huff support is pretty bad, needs the following changes upstream:
- huff-language/foundry-huff#47
- Needs to support broadcasting from specific address
- Needs to stop using hexdump to generate some random bytes
Kubernetes support is not complete yet