Last week I took part in a Code Day with a bunch of friends, where we pair-programmed Conway’s Game of Life from scratch multiple times over, with a different pair each time. Inspired by the Code Day, I wanted to share Stripe’s Capture The Flag (CTF) with the group, so I decided to run my own instance of it.

A Bit of Background

In case you’re unfamiliar, CTF is a war-game created by Stripe, the payments processing company. They’ve created 3 at this point, but the first ran in early 2012, and was based around server-side exploits. The other two centered around web programming and distributed systems.

In the game, you’re given a password and instructed to ssh as level01 into whatever server is running the challenge. From there, you need to access the contents of /home/level02/.password, so that you can ssh as level02 and progress through the game. You’re given access to a folder containing a number of programs and their source, as well as a scratch directory in /tmp/. There are six levels in total, and they get progressively more difficult.

Creating The Machine

Fortunately, Stripe has made this extremely straightforward. They’ve created and shared downloadable CTF disk images, if you have your own server that you want to run it on. If you’re using AWS, however, it’s even easier.

Launch a new instance in the us-west-1 region (N. California), and in the first step, “Choose an Amazon Machine Image (AMI)”, search for “stripe ctf” in the “Community AMIs” section. There should be a 64-bit Ubuntu server. Select the AMI, and continue with the rest of the instance launch wizard (if you’re doing this for friends, as I was, a micro-sized instance will suffice).

AWS EC2 Launch Wizard

Once you’ve launched the instance, use your key pair to ssh as ctf@ec2-xx-xx-xx-xxx.us-west-1.compute.amazonaws.com.

Initial Server Setup

You should now be ssh’ed in as ctf, an account with passwordless sudo. You’ll need to run the following commands to finish setting up the server.

sudo ~/bin/mount-chroot.sh

sudo ~/bin/update-passwords.sh --generate passwords.txt

sudo /etc/init.d/level05 start

The machine explains what each of these does, but it essentially mounts the chroot file systems, randomly generates passwords for each of the six levels, and starts the server/worker for level 5.

And that’s it! Check passwords.txt for the password for level 1, and players can start the game.

If you want to use a custom domain, or want help troubleshooting, read on. Otherwise, hats off to Stripe for making such an entertaining, educational war-game.

Using A Custom Domain

If you want to use a custom domain, like I did, it’s also fairly straightforward. Assuming you’ve purchased the domain outside of AWS, you’ll want to create an elastic IP for the server and then create an A record.

Navigate to “Network & Security” > “Elastic IPs” on the left side of the EC2 console. From there, allocate a new IP address, and associate it with the instance you just created.

EC2 Elastic IP Association

Once you’ve associated the address, edit the host records for your domain (via whatever service you used to purchase the domain). Create an A record with name “@“ and value of your elastic IP.

Troubleshooting

If you have problems accessing level 2 (PHP exploits), check the security groups on your instance. The default security group when using the instance wizard opens port 22 (SSH) to 0.0.0.0 (anywhere), but there aren’t any rules for port 80 (HTTP). To fix this, open the inbound rule editor for the instance. Create a new rule with type HTTP, port 80, and source anywhere.

EC2 Inbound Rule Editing

CTF 2 and CTF 3

The first CTF was extremely easy to replicate, but from what I’ve seen the next two are somewhat harder. I plan to try creating standalone versions of them too, eventually.