Challenge source code, official writeups, and infrastructure setup for UIUCTF 2023
Note
This is the repository for all UIUCTF 2023 challenges and infrastructure. This is an exact copy of our development repository, minus some deployment secrets and git history.
Flag format: uiuctf{...}
Do you need a container?
/challenges/<category>
kctf chal create --template <templatename> <chalname> --challenge-dir ./<chalname>
pwn
, web
, xss-bot
challenge.yaml
and the CTFd config is challenge.yml
. Confusing? Yes.mkdir /challenges/<category>/<chalname>
Your challenge folder MUST have a challenge.yml
file for CTFd, following the specification here
Your challenge must have a healthcheck script if it is deployable - attempt to make it solve the challenge
Your challenge should have a SOLUTION.md
writeup (it's ok if it's simple/concise or a TL;DR version)
umask a+x
sudo service procps restart
export DOCKER_SCAN_SUGGEST=false
- disables annoying Snyk messages from newer Docker versions which break kCTF parsingEvery time you open a new shell, you will need to do the following:
cd
to root of this repositorysource kctf/activate
kctf cluster load local-cluster
kctf cluster start
kctf chal start
kctf chal debug port-forward
kctf cluster stop
to shutdown local k8s cluster
deactivate
to exit ctfclikctf cluster load remote-cluster
kctf chal debug port-forward
deactivate
to exit ctfcliThese instructions only need to be done once before the CTF.
gcloud
: https://cloud.google.com/sdk/docs/install-sdk
gcloud auth login
Create cluster:
kctf cluster create --project dotted-forest-314903 --domain-name chal.uiuc.tf --start --email-address [email protected] --zone us-central1-a --registry us.gcr.io remote-cluster --disable-src-ranges
Note: --disable-src-ranges
disables Cloud Armor. To remove, you need the SECURITY_POLICIES quota.
Resize cluster (to reduce costs before CTF starts):
kctf cluster resize --min-nodes 1 --max-nodes 1 --num-nodes 1 --machine-type e2-standard-4 --pool-name default-pool --spot
cd
to a challenge folder with a deployment challenge.yaml
file and run the following:
kctf chal start
You may need to enable SQL and Redis services. Run the following commands. If you see a prompt like API [sqladmin.googleapis.com] not enabled on project [648434879266]. Would you like to enable and retry (this will take a few minutes)? (y/N)?
, press y
.
gcloud sql instances list
gcloud redis instances list --region us-central1
Run from the root directory:
./ctfd/chal setup
GitHub Actions needs some secrets to automatically sync with the CTFd instance. After creating a CTFd admin account, go to http://<ctfd-ip>/settings#tokens to obtain a token.
From the root of the repository, create the .ctf/config
file with the new IP and token. Note that you need git-crypt
to unlock and edit the file. These credentials will be automatically used by the GitHub Actions workflow to connect to CTFd and sync/install challenges.