Simple Thoughts
All Posts Tags Categories About
Simple Thoughts

Contents

Hosting pwn challenges: a simple tutorial

152334H included in tech
   355 words   2 minutes 

In light of recent events, I’ve been convinced to share a basic tutorial on how You — the ordinary programmer with minimal Linux/Docker/Networking experience — can host binary exploitation challenges with minimal hassle and reasonable security.

Requirements

  • A stable linux server with the packages docker-ce and git installed.
  • One (or more) pwn challenge(s) you intend to host
  • Basic linux experience

That’s it.

Setting up a challenge folder

Let’s say you have a binary named chal, as well as a flag.

We’ll start by git cloning a template folder:

1

git clone https://github.com/152334H/ctf_xinetd

Move the challenge binary & flag into ctf_xinetd/bin:

1

mv chal flag ctf_xinetd/bin

If you plan on hosting multiple pwn challenges, you might want to rename the cloned folder:

1

mv ctf_xinetd my_uniq_chal_name

The final result should look something like this:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10

/path/to/my_uniq_chal_name$ tree
.
├ bin
│   ├ chal
│   └ flag
├ ctf.xinetd
├ Dockerfile
├ README.md
├ setup.sh
└ start.sh

Putting the challenge online

Spend a few minutes to come up with a snazzy port number ($PORT) for your challenge.

To get your challenge running, execute

1

/path/to/my_uniq_chal_name$ ./setup.sh $PORT chal my_uniq_chal_name

After that, you’re done! Using the example challenge linked:

1
2
3

$ nc localhost $PORT
Type something with 7fdde7ac8e10: hi
You put: hi

If you ever need to change the challenge file, you can update the running service by running ./rebuild.sh.

Benefits of using this

  • it’s really simple and you can’t mess it up (fingers crossed)
  • shell permissions are limited and you won’t have players messing with the shell or erasing flags halfway through a CTF
  • you run an .sh file controlled by me without ever reading its contents

Downsides of using this

  • might not scale very well
  • hard to justify getting paid by the hour for something this simple
  • some people just don’t like docker

Sieberrsec has been, and will be using this setup for Sieberrsec CTF events, so if you find any vulnerabilities in my fork of ctf_xinetd, be sure to save them until the next CTF dutifully inform us if you find anything of note.

Updated on September 14, 2022  608cec1
 pwndockermy setups
Back | Home