Hackbox is a networklab which contains 10 small web development challenges covering basic level web fundamentals and JavaScript.
- Always check the source code of the page to find how it is working or if there are any hints that can help you understand the flow.
- Think about how the page might be working normally. General clues can help with this. If you find it hard to follow, just remember that general programs always execute line by line.
- You can inspect a webpage to edit an HTML page and run whatever you want to get it displayed there. If there is a hidden field, consider how you might change its value.
- Browsers handle cookies and user agents. Try to understand what they mean.
- File extensions are just virtual indicators. They help to guess the application with which it should be work best with.
- There are different number systems, such as decimal, binary, and ASCII, and we can apply operations like arithmetic, conditional, or even logical operations on them. There are many online tools for this.
- There are different encoding systems such as ASCII, URL encode, and HTML encoding that can help to save the web from misinterpreting content.
- Hidden files like robots.txt or sitemap.xml can help search engines find other files or directories. A 404 error can sometimes help as well.
It is important to identify and report any bugs in the system. These challenges were created quickly for your entertainment!
- Challenge - 1994
- Challenge - Break Login Fault
- Challenge - Crash IT
- Challenge - Encoder Specialist
- Challenge - Explorer
- Challenge - Fake The Role
- Challenge - Master Manipulator
- Challenge - Torture
- Challenge - Tough Analyzer
- Challenge - What Happened
It is recommended to Ubuntu OS based instances for development and Deployment. Though, any contribution should take care of cross platform capability of te application. To deploy the Django application for production, follow these steps:
- Clone the repository into your directory. (Preferred:
/var/www/networklab/) - Create a virtualenv named
venvin the project directory.
virtualenv -p /usr/bin/python3.8 venv
- each time you enter into project Activate the virtual environment:
source venv/bin/activate
- Install Requirements from
requirements.txt:
pip install -r requirements.txt
- Run migrations:
python manage.py migrate
- Collect static files:
python manage.py collectstatic --noinput
- Test the application by running the development server:
python manage.py runserver 0.0.0.0:8000
If everything is working fine, proceed with the deployment on nginx using gunicorn and systemd.
- Install Gunicorn:
pip install gunicorn
- Create a systemd service file for Gunicorn. For that save this file as
hackbox.servicein the directory/etc/systemd/system/. You can use the command
sudo nano /etc/systemd/system/hackbox.service
- Copy and paste the below code into the
hackbox.serviceand press[ctrl] + [o]then[enter]to save the file and to quit press[CTRL] + [X]
[Unit]
Description=Gunicorn daemon for Hackbox
[Service]
User=ubuntu
Group=ubuntu
WorkingDirectory=/var/www/networklab/
ExecStart=/var/www/networklab/venv/bin/gunicorn --access-logfile - --workers 3 --bind unix:/tmp/networklabchallenge.sock hackbox.wsgi:application
[Install]
WantedBy=multi-user.target
- Create a systemd service file for Gunicorn. For that save this file as
hackbox.socketin the directory/etc/systemd/system/. You can use the command
sudo nano /etc/systemd/system/hackbox.socket
- Copy and paste the below code into the
hackbox.socketand press[ctrl] + [o]then[enter]to save the file and to quit press[CTRL] + [X]
# /etc/systemd/system/hackbox.socket
[Unit]
Description=Gunicorn socket for Hackbox
[Socket]
ListenStream=/tmp/networklabchallenge.sock
[Install]
WantedBy=sockets.target
- Start the Gunicorn socket:
sudo systemctl start hackbox.socket
- Enable the Gunicorn socket to start at boot time:
sudo systemctl enable hackbox.socket
- Start the Gunicorn service:
sudo systemctl start hackbox.service
- Enable the Gunicorn service to start at boot time:
sudo systemctl enable hackbox.service
- Configure Nginx to serve the application:
# /etc/nginx/sites-available/networklab.conf
server {
listen 80;
server_name networklab.yourdomain.com;
location /assets/ {
alias /var/www/networklab/public/assets/;
}
location / {
include proxy_params;
proxy_pass http://unix:/tmp/networklabchallenge.sock;
}
}
- Save this configuration file as
/etc/nginx/sites-available/networklab.confand create a symbolic link to it in the directory/etc/nginx/sites-enabled/.with the command
sudo ln -s /etc/nginx/sites-available/networklab.conf /etc/nginx/sites-enabled/networklab.conf
- Test the Nginx configuration:
sudo nginx -t
- Reload Nginx to apply the changes:
sudo systemctl reload nginx
That's it! Your Django application should now be up and running on your production server.
Please note that this environment has not been tested. I Would like to bring up your Pull requests against documentations and issues. for now to setup the project in docker. User the command
docker-compose up --build
This will build the Docker image and start the container. The application should now be accessible at http://localhost:8000.
to change the port number, change the "0.0.0.0:8000" to your wish ip:port in the last line of Dockerfile
CMD ["gunicorn", "--bind", "0.0.0.0:8000", "hackbox.wsgi:application"]
For Flag mode, you can use @fbctf, and for Simple Mode, you can use @CTFd.
To customize the #challenge_flags alter values the values in `hackbox/settings.py. Remember this is python file. take care of that if you are not comfortable with python.
ARENA = {
"LOCATION": "Project Network Lab", # Projecting Challenge name in page titles.
"USER_AGENT": "Pehia", # A solution to challenge #C009 depends on this word.
"ASSISTANT_EMAIL": "[email protected]", # A solution to challenge #C001 uses this as default email.
"CHALLENGE_NAME": "Pehia CTF", # Projecting Challenge name in meta descriptions
}
ARENA_FLAGS = {
'C001': "LABS&PEHIA123",
'C002': "CARDIAC1234",
'C003': "BINCRACKER",
'C004': "INDEXRANKING",
'C005': "HTMLENTITIES",
'C006': "PARIS", # You have to upload curresponding Morse code to public/static/challenges/morse.wav
'C007': "BUFFERZONE",
'C008': "ARENACRACKER",
'C009': "AGENTMODIFIER",
'C010': "SESSIONEXPERT",
}