shellphish / ictf-framework Goto Github PK
View Code? Open in Web Editor NEWThe iCTF Framework, presented by Shellphish!
License: Other
The iCTF Framework, presented by Shellphish!
License: Other
http://ictf.cs.ucsb.edu/framework is not being served correctly.
e.g. team "1" and "2"
(ask Jason for the sample)
Right now, everything is in the same network (samenet
branch). The router/
folder documents an alternative setup with VPNs and randomization, but this needs to be automated.
We need to:
create_vms.py
create_team()
and create_org()
in create_vms.py
as neededI could not download file from http://ictf.cs.ucsb.edu/base-vms/base-vms.tar.gz
Organization-base and iCTF-base, referenced in create-vms.py, are not released, so it is difficult to reproduce the create-vms.py functionality.
Perhaps we can have a better way of building these VMs, so that I could do it from scratch on a server (let's say in openstack)?
The basic idea is that I want to run a mock ictf framework on openstack infrastructure, so I'm setting up the VMs by hand. It's easy enough following create-vms.py, but the problem is in figuring out the installed software on the base images. So I had to create a game with bundles on the ictf website.
At the moment we are using libguestfs to mount base VMs and modify them. However there have been cases of race conditions when trying to umount those images.
An example is explained in the guestmount man page (or here: http://libguestfs.org/guestmount.1.html)
A user reported to have FS corruption when he was trying to mount-modify-umount vdi images through a VirtualBox shared directory.
Soon we'll decide on a better strategy: either using libguestfs directly or switching to a disk format that doesn't need it.
Currently there is no way to know if your services are accepting and giving back flags to the scorebot.
Does it go against the goals of this project to simply define an "interface" for services (which there might already be) but not provide any from within this repository (perhaps move them to ucsb-seclab/ictf-services
and then pull them in when bootstrapping -- if desired)?
When i get to putting in my github password, the key are not typing
If a team turns their services off, they are not penalized.
Hello boys, is the project dead or you plan to make new changes?
Hints:
Thanks
Einar
Reference: http://ictf.cs.ucsb.edu/framework
Fggg
The central API secret is currently not randomized, but the API is pretty well protected from the outside. However, it might be good to randomize this (and other passwords) just in case.
Hi,
we are currently using your framework and found a problem with the Service state on the dashboard. If a service is running the state shows "offline" and if the VM is not even online the state is either "online" or "online but disfunctional".
As state 2 is the starting state in the MySQL dbms the scorebot seems to enter wrong numbers into there.
Hey Jacopo,
I've set up caching and rate limiting on the website. To make it work, I need redis-server on the organization host.
Thanks!
Hi, I want to use from iCTF platform. But when I go forward with your document in "Forging the machines" step I don't have "ictf-framework/basehost/scripts" directory and shell scripts (export_env_aws_us-west-1.sh, export_env_aws_us-west-2.sh, etc) inside it. I think previous steps are done successfully but I don't know where is the problem. Can you help me?
I'm sure people would figure out a way to scrape flag-ids from the website, but it might be better if there was some API or something they could use to get the flag-id for a particular service.
We need to sync with Jason to get the services in here under the new format.
Refreshing constantly doesn't seem efficient. Some sort of status on the page or an email when it's done would be nice, but not required.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.