Skip to content

MarkusBauer/saarctf-gameserver

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

21 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

saarCTF Gameserver Framework

This repository contains the gameserver we used to organize our first attack-defense CTF - saarCTF 2020. If you want to build your own CTF with this framework: contact us for additional explanations.

This CTF infrastructure was build in a two-years-effort by @MarkusBauer, with additional contributions by Jonas Bushart and Patrick Schmelzeisen.

Structure

  • Central databases: PostgresSQL, Redis, RabbitMQ
  • Central gameserver (folder controlserver): Round timer, dispatches checker scripts, calculate ranking and create scoreboard
  • Checker script workers (folder checker_runner): Run the checker scripts
  • Submission Server: Accept flags from the participants
  • VPN Server: OpenVPN-Servers for each team with additional monitoring / IPTables controller / tcpdump.

Setup

  • Setup a PostgreSQL database, a redis database and a RabbitMQ server (see below).
  • make deps
  • npm install && npm run build
  • Write config.json
  • alembic upgrade head

Run gameserver

export FLASK_APP=controlserver/app.py is required for most commands.

  • Main server: flask run --host=0.0.0.0
  • Celery control panel: celery -A checker_runner.celery_cmd flower --port=5555
  • Celery worker: celery -A checker_runner.celery_cmd worker -Ofair -E -Q celery,broadcast --concurrency=16 --hostname=ident@%h

Setup RabbitMQ

# Warning: Binds to all interfaces by default!
apt install rabbitmq-server
rabbitmqctl add_vhost saarctf
rabbitmqctl add_user saarctf 123456789
rabbitmqctl set_permissions -p saarctf saarctf '.*' '.*' '.*'
rabbitmqctl set_user_tags saarctf administrator
rabbitmq-plugins enable rabbitmq_management
systemctl restart rabbitmq-server

Flags

Current format: SAAR\{[A-Za-z0-9-_]{32}\}. Example: SAAR{8VHsWgEACAD-_wAAfQScbWZat3KXyYe9}

Folders

  • controlserver: The main components (timer, scoreboard, scoring, dispatcher, ...)
  • checker_runner: The celery worker code running the checker scripts
  • gamelib

Configuration

To test, copy config.sample.json to config.json and adjust if needed. JSON keys starting with __ are stripped.

To deploy, you can use environment variables:

  • SAARCTF_CONFIG path to config.json file
  • SAARCTF_CONFIG_DIR folder where config.json is located, and additional files will be stored (VPN config, VPN secrets etc). Default: root of this repository.
  • Set SAARCTF_NO_RLIMIT if you have to run checkers without limit (e.g. Chromium)

Scoring

The formulas to compute offensive/defensive/SLA scores are on the webpage, including a description of the details. On the gameserver side, there are several factors you can use to adjust scores (all in config.json "scoring":{...}):

  • nop_team_id: you cannot submit flags from this team
  • flags_rounds_valid (default 10) more ticks means a bigger initial peak for new exploits, less ticks mean more time pressure
  • off_factor scale offensive points up/down by this factor
  • def_factor scale defensive points up/down by this factor
  • sla_factor scale SLA points up/down by this factor Note that the defensive score formula contains a reference to SLA points, thus, the sla_factor also influences defensive scores.

Suggestions for saarCTF are default settings (1/10/1.0/1.0/1.0). Suggestions for our small workshop are (0/20/2.5/1.5/1.0).

About

saarCTF infrastructure | Attack-defense CTF gameserver developed by saarsec

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published