This is a template for your docker image that will be used to host your CTF challenge.


# all files to run your service
/docker/Dockerfile   : Dockerfile
       /target       : target bin
       /flag         : flag: tkctf{please submit this flag!}
       /service.conf : xinetd

# all files to be released to participants
/release/README      : guideline
       /target       : bin if you want to release

# source/exploit for your team and organizer
/source/      : build docker, run, run and print out flag
       /   : exploit
       /writeup.txt  : solution
       /src/         : source code
  1. Change the NAME file to your challenge name: teamname:challenge (e.g., staff:fmtstr)
  2. Change the docker/flag file as you wish, but wrap it inside tkctf{...} (e.g., tkctf{please submit this flag!})

The source code of the challenge locates in source/src/, which contains its source (fmtstr.c) and makefile (Makefile). The makefile includes various defense options you can enable (e.g., CFLAGS += -fstack-protector). Please carefully enable them as you’d like for your challenge.


$ wget
$ unzip

$ cd ctf-template
$ make help
dist  : build the target and distribute to docker/release
build : build the docker image
run   : run the docker container
test  : test the exploit
submit: zip for submission

Be imaginative but keep in mind that, the best challenge should be fun and educational. Please don’t design the challenge that requires any random/pure guessing (but well-designed bruteforcing is fine).

You can replicate real security vulnerabilities, like mini-sudo or mini-heartbleed. There are a few sources that you can refer:


  1. Attack (per challenge): 20pt x N challenges
  20 | ...
     |    ..
     |      ..
  10 |         ..........
   0 +--------------------->
Team 0 1 2 .. N/2      N
- 10pt for the first blood
-  5pt for the second blood
-  3pt for the third blood
  1. Defense: 20pt (per team, about your challenge)
    • 0 solved: 0 pt (too difficult)
    • 1..N solved: 20 pt (okay!)
    • N solved: 10 pt (too easy)

But the details of the scoring are subject to change! Your competition site (for registration/scoreboard) is

Checklist for submission

  1. /NAME: Team/challenge name
  2. /release/README: Description about the challenge
  3. /docker/flag: Flag!
  4. /source/writeup.txt: Your description on the challenge and solution
  5. /source/ Your working exploit
  6. Triple check make test reliably executes!

Please make submit and submit your file file (e.g., to here by Nov 14. We will test, evaluate and provide some feedbacks before the ctf event.