===== TKCTF ===== This is a template for your docker image that will be used to host your CTF challenge. Structure --------- .. code:: sh # all files to run your service /docker/Dockerfile : Dockerfile /target : target bin /flag : flag: tkctf{please submit this flag!} /service.conf : xinetd # all files to be released to participants /release/README : guideline /target : bin if you want to release # source/exploit for your team and organizer /source/test.sh : build docker, run, run exploit.py and print out flag /exploit.py : exploit /writeup.txt : solution and hint (we will open the hint if no one solves it) /src/ : source code 1. Change the ``NAME`` file to your challenge name: ``teamname:challenge`` (e.g., ``staff:fmtstr``) 2. Change the ``docker/flag`` file as you wish, but wrap it inside ``tkctf{...}`` (e.g., ``tkctf{please submit this flag!}``) The source code of the challenge locates in ``source/src/``, which contains its source (``fmtstr.c``) and makefile (``Makefile``). The makefile includes various defense options you can enable (e.g., ``CFLAGS += -fstack-protector``). Please carefully enable them as you’d like for your challenge. Overview -------- .. code:: sh $ wget https://tc.gts3.org/cs6265/2021/_static/ctf-template.zip $ unzip ctf-template.zip $ cd ctf-template $ make help dist : build the target and distribute to docker/release build : build the docker image run : run the docker container test : test the exploit submit: zip for submission Be imaginative but keep in mind that, the best challenge should be fun and educational. Please don’t design the challenge that requires any random/pure guessing (but well-designed bruteforcing is fine). You can replicate real security vulnerabilities, like ``mini-sudo`` or ``mini-heartbleed``. There are a few sources that you can refer: - https://ctftime.org/ - https://www.cvedetails.com/ - https://www.exploit-db.com/ Scores ------ 1. Attack (per challenge): 20pt x N challenges :: ^ 20 | ... | .. | .. 10 | .......... | | 0 +---------------------> Team 0 1 2 .. N/2 N :: - 1pt for the first blood 2. Defense: 20pt (per team, about your challenge) - 0 solved: 0 pt (too difficult) - 1..N solved: 20 pt (okay!) - N solved: 10 pt (too easy) But the details of the scoring are subject to change! Your competition site (for registration/scoreboard) is https://ctf.gts3.org/ Checklist for submission ------------------------ 1) /NAME: Team/challenge name 2) /release/README: Description about the challenge 3) /release/some_files: Any file released to the user 4) /docker/flag: Flag! 5) /docker/Dockerfile: Dockerfile for building the container 6) /source/writeup.txt: Your description on the challenge and solution, and hint (we will release the hint if no one solves it) 7) /source/exploit.py: Your *working* exploit 8) Triple check ``make test`` reliably executes! If there is any error, you have to resubmit and we will give you penalty points Please ``make submit`` and submit your file (e.g., ``staff:fmtstr.zip``) to `here `__ by Nov 19. We will test, evaluate and provide some feedbacks before the ctf event. TKCTF 2021 result -----------------