- First a vulnerable program - like an unsafe C program making use of
gets
function call - is compiled. - This program is then hosted on a given port of the server using socat.
- Users can interact with this and find their unique flag, which they can then post onto the server by sending a simple post request to the API endpoint provided. They can view their rankings on it as well.
- Clone the repo
git clone https://github.com/sabyabhoi/boi-ctf
- Download the required GoLang libraries
go mod tidy
- Populate your
.env
file with the following variablesDB_USER=your_postgres_username DB_PASS=your_postgres_user_password FLAG=boiCTF{the-actual-flag}
- Launch the application using
go build && ./boi-ctf
The server currently has two major API endpoints on port 8080
:
/
for getting general help about the CTF, and posting your flags./leaderboard
for viewing the current rankings
The actual vulnerable program is hosted using socat
on port 8081
.
Connect to it using netcat
:
nc <IP> 8081
Distributed under the MIT License. See LICENSE.txt
for more information.
Sabyasachi Bhoi - sabyabhoi - sabyabhoi@gmail.com