Docker image to connect to the Offenburg University internal CTF platform and solve challenges.
It is based on the latest LTS (Long Term Support) release of Ubuntu, which is 20.04 Focal Fossa as of April 1st 2022.
Included are some helpful tools:
- CTFd.py - a useful script I wrote to track and download all challenges from any CTFd instance.
- Gdb - the infamously simplistic GNU debugger (I recommend extensions like PEDA).
- Python 3 - the superior Python 2 successor.
- Vim - text editor (you can get emacs if you really want... or, god forbid, nano)
- Curl - simple and configurable HTTP client.
- Netcat - for easy interaction with sockets on any port.
You may wish to download other programs on your hacking journey. Install them via:
ctf@hso:~$ sudo apt install YOUR_DESIRED_PACKAGEThis image is suitable for any CTF event; you can always modify it to your heart's content!
The quickest way to get started is to run the ready-made image from the registry:
$ docker run -d -it --cap-add NET_ADMIN --cap-add SYS_PTRACE --security-opt seccomp=unconfined -h hso --name hso-ctf-active ghcr.io/victorazzam/hso-ctf:latestRead further for an explanation of all the options.
To build this image from source, download this repository, `cd` into it and run:
$ DOCKER_BUILDKIT=1 docker build -t hso-ctf .DOCKER_BUILDKIT=1 tells Docker to use BuildKit for improved performance.
-t hso-ctf gives the image a recognisable tag of hso-ctf.
. tells Docker to use the current directory as the image source.
To create and start the container:
$ docker run -d -it --cap-add NET_ADMIN --cap-add SYS_PTRACE --security-opt seccomp=unconfined -h hso --name hso-ctf-active hso-ctf-d runs in detached mode.*
-it means interactive and allocate a pseudo-TTY.
--cap-add NET_ADMIN gives the container the necessary permissions for the VPN connection.
--cap-add SYS_PTRACE permits the container to use the ptrace syscall (needed to run debuggers).
--security-opt seccomp=unconfined runs the container without a Linux seccomp profile (needed for various reverse engineering tasks).
-h hso sets the hostname within the container to hso.
--name hso-ctf-active gives the container a recognisable name of hso-ctf-active.
hso-ctf references the image we built in the previous stage.
The recommended way to get going is to docker exec into the container:
$ docker exec -it hso-ctf-active bash
#...welcome message here...
ctf@hso:~$You may wish to host your container in the cloud and (after allowing the necessary port on your firewall) connect to it from anywhere.
If you go cloud, make sure to configure passwordless key-enabled SSH access to avoid a huge security risk!
$ ssh ctf@HOSTNAME -p 2222
The authenticity of host '[HOSTNAME]:2222 ([HOSTNAME]:2222)' can't be established.
ECDSA key fingerprint is SHA256:KmFUWH/lf/Vl4aJ/ctfdLH60V2KBbTOP2hbRZLMRgW4.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '[HOSTNAME]:2222' (ECDSA) to the list of known hosts.
ctf@localhost's password:
#...welcome message here...
ctf@hso:~$In any event, once you're in, change your password from ctf to something reasonably more secure:
ctf@hso:~$ passwd