Last week I took part in a Code Day with a bunch of friends, where we pair-programmed Conway’s Game of Life from scratch multiple times over, with a different pair each time. Inspired by the Code Day, I wanted to share Stripe’s Capture The Flag (CTF) with the group, so I decided to run my own instance of it.
A Bit of Background
In case you’re unfamiliar, CTF is a war-game created by Stripe, the payments processing company. They’ve created 3 at this point, but the first ran in early 2012, and was based around server-side exploits. The other two centered around web programming and distributed systems.
In the game, you’re given a password and instructed to ssh as
level01 into whatever server is running the challenge. From there, you need to access the contents of
/home/level02/.password, so that you can ssh as level02 and progress through the game. You’re given access to a folder containing a number of programs and their source, as well as a scratch directory in
/tmp/. There are six levels in total, and they get progressively more difficult.
Creating The Machine
Fortunately, Stripe has made this extremely straightforward. They’ve created and shared downloadable CTF disk images, if you have your own server that you want to run it on. If you’re using AWS, however, it’s even easier.
Launch a new instance in the us-west-1 region (N. California), and in the first step, “Choose an Amazon Machine Image (AMI)”, search for “stripe ctf” in the “Community AMIs” section. There should be a 64-bit Ubuntu server. Select the AMI, and continue with the rest of the instance launch wizard (if you’re doing this for friends, as I was, a micro-sized instance will suffice).
Once you’ve launched the instance, use your key pair to ssh as
Initial Server Setup
You should now be ssh’ed in as
ctf, an account with passwordless sudo. You’ll need to run the following commands to finish setting up the server.
sudo ~/bin/update-passwords.sh --generate passwords.txt
sudo /etc/init.d/level05 start
The machine explains what each of these does, but it essentially mounts the chroot file systems, randomly generates passwords for each of the six levels, and starts the server/worker for level 5.
And that’s it! Check
passwords.txt for the password for level 1, and players can start the game.
If you want to use a custom domain, or want help troubleshooting, read on. Otherwise, hats off to Stripe for making such an entertaining, educational war-game.
Using A Custom Domain
If you want to use a custom domain, like I did, it’s also fairly straightforward. Assuming you’ve purchased the domain outside of AWS, you’ll want to create an elastic IP for the server and then create an A record.
Navigate to “Network & Security” > “Elastic IPs” on the left side of the EC2 console. From there, allocate a new IP address, and associate it with the instance you just created.
Once you’ve associated the address, edit the host records for your domain (via whatever service you used to purchase the domain). Create an A record with name “@“ and value of your elastic IP.
If you have problems accessing level 2 (PHP exploits), check the security groups on your instance. The default security group when using the instance wizard opens port 22 (SSH) to 0.0.0.0 (anywhere), but there aren’t any rules for port 80 (HTTP). To fix this, open the inbound rule editor for the instance. Create a new rule with type HTTP, port 80, and source anywhere.
CTF 2 and CTF 3
The first CTF was extremely easy to replicate, but from what I’ve seen the next two are somewhat harder. I plan to try creating standalone versions of them too, eventually.