-
We are about to start the next talk right
-
here. So, I am very happy to introduce
-
Hanemile. Who is going to talk a little
-
bit about the struggles you are facing
-
when trying to find the next capture the
-
flag (CTF) adventure and how he is
-
proposing to solve the problem.
-
Please join me in welcoming Emile.
-
Hi, I am going to talk about CTF in a box.
-
It is the story of what problems we
-
found when playing CTFs. How we plan
-
to solve the problems; we built a
-
prototype, tested it and the problems
-
that came after that. So, first who am I
-
I am Emile, @hanmile at post platforms.
-
Studying computer science at Düsseldorf.
-
Playing CTF with @flexerilla or sometimes
-
as a single player.
-
Lets start with the current solutions.
-
Playing CTF we currently have, like, 3
-
main platforms. The most used framework
-
used currently is CTFd.
-
CTFd is the first thing you'll find if you
-
google "hey I want to host a CTF, what
-
do I do?"
-
Second thing is hack the box
-
that is another case study, well case
-
study. More so a framework to host CTFs
-
but you can't use it, because it is
-
actually close sourced. Meaning that
-
you can only play with that. The last
-
solution is custom frameworks. So,
-
these are frameworks used by teams.
-
They build them themselves, like
-
at this years CTF.
-
So, CTFd looks like this. People may have
-
played CTF may have seen it since most
-
CTFs are hosted on CTFd. Overall
-
it is pretty basic, looks bit bootstrappy.
-
I´ll come back to what the problems are
-
later. Hack the box, the people who have
-
not seen it, it looks like this. This is
-
the machine view. Because hack the
-
box differentiate between machines
-
and challenges. Challenges are simply
-
files from where you need to find the
-
flag. Machines are a bit more, where
-
you an actual machine from where
-
you need to find the flag in the actual
-
services running on the machine.
-
So, it is a bit more.
-
And custom ones. This is an image of
-
a current CTF organised by HXV.
-
It is pretty much CTFd but, but built by
-
their own.
-
So, what are the problems with this?
-
Well, lets start with CTFd, where there
-
aren't actual problems, in my opinion.
-
It is mostly a static hoster, for files
-
you want people to use for the CTF and
-
some custom infrastructure for score
-
board, registration and stuff like that.
-
Hack the box is kind of close sourced,
-
why I say "kind of" because you can
-
actually use it, you can see how it is
-
built up, you could build it your self
-
and the problem we had when playing
-
with hack the box was that we had some
-
reverse shells at the root of the
-
challenges. As well as other problems like
-
multiple people writing in to some
-
challenges and that some files where
-
there, that should not have been. Which
-
was really annoying sometimes. Like we
-
started a challenges and saw that there
-
is a reverse shell for getting root in
-
root, you don't have to do anything.
-
There are shared challenge instances
-
the problem we saw that was you
-
have multiple hundre people playing the
-
same instance, where we could see what
-
other people where uploading to the
-
instance. Which kind of helped us and
-
found out that it could be kind of
-
optimised. The third problem, well
-
problem, but it is custom frameworks.
-
You might find errors in custom frameworks
-
allowing to get flags that aren't used
-
without solving the challenge. So, it is
-
now a ping pong between finding a problem
-
and finding a solution. The simplest
-
solution we tried to implement at our CTF
-
at a local hackrrspace was to generate
-
a single challenge instance for every
-
player/ team. This means that every
-
challenge we built was simply a docker
-
container somewhere and for everyone
-
who wanted to play it started a new docker
-
contianer. We first thought that this
-
would bring a lot of overhead, but it
-
didn't. We started multiple hundred
-
containers and it worked out fine. The
-
problem with this is that if you put
-
everything in a doker container docker
-
escapes and sandbox escapes get really
-
useful. It would be fatal if someone could
-
breakout of the container. We got
-
solutions for the possible problems.
-
You could place everything in a VM or
-
nsjail in order to isolate the process.
-
Stopping people from actually breaking
-
out. Another possible solution would be
-
to make it possible for people to break
-
out, which you don't actually want to
-
make possible. But you don't want people
-
to have anything in case; custom flags
-
for custom teams.
-
We did by implementing our docker
-
containers as - or we implemented the
-
challenges or the flags get put into the
-
docker via environment variables.
-
So when you are starting your docker
-
container you just set an environment
-
variable with you flag. And in the docker
-
container you have a little scrip that is
-
pushing your flag to the place you want
-
it to be. Then unsetting the environment
-
variable and deleting everything else.
-
Meaning no trace of the flag, where there
-
should not be. That worked out pretty
-
well. So, that is the CIRCUS prototype
-
that we used.
-
A little story for that - we had the
-
18th anniversary of our hackerspace
-
this year and we thought that we
-
need a CTF for that.
-
In a week before we realised that it is
-
in a week so we quickly started building
-
a prototype for it.
-
And called it CIRCUS.
-
Because it looks like a circus.
-
That is a graph showing how the
-
containers interact with each other.