Challenges for the 2017 BSidesSF CTF https://ctftime.org/event/414
Built by @iagox86, @itsC0rg1, @bmenrigh, @matir, @CornflakeSavage
You can run all the challengs locally with docker.
docker-compose build && docker-compose up -d
Challenges will be available at http://localhost:PORT
HTTP-based challenges start at port 8000, tcp challenges start at port 9000
If you are not familiar with docker, two options for installing docker are described at the bottom of this document.
On-site challenges are marked with *
| Challenge Name | Category | Points |
|---|---|---|
| easyauth | Web | 30 |
| zumbo 1 | Web | 20 |
| zumbo 2 | Web | 100 |
| zumboa 3 | Web | 250 |
| Delphi Status | Crypto/Web | 250 |
| the-year-2000 | Web | 100 |
| Easy | Reversing | 10 |
| Skipper | Reversing | 75 |
| Skipper2 | Reversing | 200 |
| Disarming | Reversing | 400 |
| Flag Receiver | Mobile/Reversing | 200 |
| Pinlock | Mobile/Reversing | 150 |
| EasyArm | Reversing | 150 |
| Steel Mountain: Sensors | Pwn | 150 |
| SteelMountain: Setpoint | Pwn | 350 |
| bytme | Pwn | 200 |
| hashecute | Pwn | 100 |
| b-64-b-tuff | Pwn | 100 |
| Nibbler | Pwn/Programming | 666 |
| Easyshell | Pwn | 30 |
| Easyshell64 | Pwn | 30 |
| i-am-the-shortest | Pwn | 200 |
| beez-fight | Misc | 350 |
| NOP | Misc | 20 |
| *Locker | Misc | 150 |
| *On-sight | Misc | 1 |
| dnscap | Forensics | 500 |
| easypcap | Forensics | 40 |
| ximage | Forensics | 300 |
| hex-ray | Forensics | 250 |
| matroyshka | Forensics | 666 |
| shattered | Forensics | 200 |
| Latlong | Forensics | 150 |
| in-plain-sight | Crypto | 100 |
| []root | Crypto | 250 |
| vhash | Crypto | 450 |
| vhash-fixed | Crypto | 450 |
| *Shared Secrets | Crypto | 250 |
Challenges not included in this repository (mostly trivia questions)
| Challenge Name | Category | Points |
|---|---|---|
| Hackers | Misc | 1 |
| Ancient Hop Grain Juice | Misc | 1 |
| Way Before Nirvana | Misc | 10 |
| The Wrong Cipher | Misc | 1 |
| The Right Cipher | Misc | 1 |
| Let's play a game | Misc | 1 |
| Quote | Misc | 1 |
| Critical Infrastructure | Misc | 20 |
This repo has a VM that allows you to run the docker containers. To get started:
- Install Virtualbox and vagrant
- In your clone of this repo run
vagrant up. This will create the VM, and install docker in it. vagrant sshto ssh into the VM.cd /vagrant(all files from the local directory are mounted into the vm in /vagrant)- To start the containers
docker-compose build && docker-compose up -d - You can now view the containers at http://10.10.10.20:PORT_NUM
docker-compose killto stop the containers
- Install docker and docker-compose on your machine however you choose (for OSX and windows docker has a nice standalone package)
- In this repo
docker-compose build && docker-compose up -d - View the containers at http://localhost:PORT_NUM
- Stop with
docker-compose kill
Here be dragons! Most of the CTF infrastructure was run on kubernetes. While it certainly made deploying and maintaining our challenges simple, there are many reasons why docker and kubernetes might not be a good choice for CTF challenges.
We wrote a blog post about some potential security issues when using this platform, one of these issues is unfixed in this repository. Please take a look before reusing the infrastructure configs as-is. https://hackernoon.com/capturing-all-the-flags-in-bsidessf-ctf-by-pwning-our-infrastructure-3570b99b4dd0
Any questions? Feel free to open an issue or reach out on twitter.
