This fork is to add support for automatically setting up a reverse proxy for web challenges. Currently, it is assumes you are using https://github.com/lucaslorentz/caddy-docker-proxy as your reverse proxy setup, but it can be extended to support others.
It will give you the option to select the network and domain that you want to use for your challenges, and will automatically create the subdomain and container labels when creating the container.
This is an initial release and there a few items marked as todo in the code, once they are completed a pull request will be made to merge the changes with the original repo.
This plugin for CTFd will allow your competing teams/users to start dockerized images for presented challenges. It adds a challenge type "docker" that can be assigned a specific docker image/tag. A few notable requirements:
- Docker Config must be set first. You can access this via
/admin/docker_config
. Currently supported config is pure http (no encryption/authentication) or full TLS with client certificate validation. Configuration information for TLS can be found here: https://docs.docker.com/engine/security/https/ - This plugin is written so that challenges are stored by tags. For example, StormCTF stores all docker challenges for InfoSeCon2019 in the
stormctf/infosecon2019
repository. A challenge example would bestormctf/infosecon2019:arbit
. This is how you would call the challenge when creating a new challenge.
- It is unknown if using the same tag twice will cause issues. This plugin was written to avoid this issue, but it has not been fully tested.
- As with all plugins, please security test your Scoreboard before launching the CTF. This plugin has been tested and vetted in the StormCTF environment, but yours may vary.
- In 2.3.3 a CTFd Configuration change is REQUIRED. Specifically, CTFd/CTFd#1370. You will need to replace the function
get_configurable_plugins
with the one in the solution. This allowsconfig.json
to be a list, which allows multiple Menu items per plugin for the Plugins dropdown. You may want to change any other plugins you install to accommodate this. It's as simple as enclosing the curly braces with square braces. Example below.
# Original config.json
{
"name": "Another Plugin",
"route": "/admin/plugin/route"
}
# Modified config.json
[{
"name": "Another Plugin",
"route": "/admin/plugin/route"
}]
NOTE: The above config.json modification only applies to OTHER plugins installed.
Requires flask_wtf
pip install flask_wtf
- Allows players to create their own docker container for docker challenges.
- 5 minute revert timer.
- 2 hour stale container nuke.
- Status panel for Admins to manage docker containers currently active.
- Support for client side validation TLS docker api connections (HIGHLY RECOMMENDED).
- Docker container kill on solve.
- (Mostly) Seamless integration with CTFd.
- Untested: Should be able to seamlessly integrate with other challenge types.
- Make the above required code change in CTFd 2.3.3 (
get_configurable_plugins
). - Drop the folder
docker_challenges
intoCTFd/CTFd/plugins
(Exactly this name). - Restart CTFd.
- Navigate to
/admin/docker_config
. Add your configuration information. Click Submit. - Add your required repositories for this CTF. You can select multiple by holding CTRL when clicking. Click Submit.
- Click Challenges, Select
docker
for challenge type. Create a challenge as normal, but select the correct docker tag for this challenge. - Double check the front end shows "Start Docker Instance" on the challenge.
- Confirm users are able to start/revert and access docker challenges.
- Host an awesome CTF!
Works with 3.2.1
- Updated the entire plugin to work with the new CTFd.
- https://github.com/offsecginger (Twitter: @offsec_ginger)
- Jaime Geiger (For Original Plugin assistance) (Twitter: @jgeigerm)