This Capture The Flag (CTF) challenge is designed for the IT Security course at Adolfo Ibáñez University for the first semester of 2024. It involves a mix of SSH access, network sniffing, code execution, and firewall manipulation techniques. Participants will need to leverage their skills in these areas to solve the challenge and capture the flag.
This setup was made focused on an installation using Kali Linux. Some steps may vary for each other distribution or operating system.
- A machine with Docker installed. For installation instructions, refer to Docker's official documentation.
- Ensure that Docker is configured to allow non-root users to execute Docker commands. This can be achieved by adding the user to the
dockergroup:Log out and back in for this change to take effect.sudo usermod -aG docker $USER - The machines used by the participants should have a rule of
iptables-persistentblocking the IP of the Docker machine. This would prevent the connection using SSH, as well as being a hint to them to guess the IP they need to connect to:Be sure to replacesudo apt install iptables-persistent sudo systemctl enable iptables-persistent.service sudo iptables -A OUTPUT -p tcp --dport 22 -d <ip_address> -j REJECT sudo systemctl start iptables-persistent.service
<ip_address>with the right IPv4 of the Docker machine. You will need to save the rule as root (sudo will not work):sudo su iptables-save > /etc/iptables/rules.v4
To handle Docker and other required operations, you need to create a new user called ctfuser on the host machine:
sudo adduser ctfuser
sudo usermod -aG docker ctfuserThis setup allows ctfuser to manage Docker containers and perform necessary operations for the CTF challenge.
-
Clone the Repository: Clone the repository to get the Dockerfile and any other necessary files.
git clone https://github.com/Seva41/CTF_SSH cd CTF_SSH -
Build the Docker Image: Build the Docker image using the Dockerfile in the cloned repository. Be sure to replace
YOUR_SECURE_PASSWORDwith an appropiate password for therootandctfuserusers.docker build -t ubuntu-ssh .It is not needed to run the container, as a new one would be creates automatically with each SSH connection made. Be sure to build the image using the
ctfuseruser.
Participants can utilize the shell script launch_container_script.sh to automate the setup process with each SSH connection made to the host. The script will build and run the Docker container and handle any necessary preliminary setup.
This script should be saved as a .sh file in a suitable directory, such as:
/usr/local/bin/And be executable:
sudo chmod +x /usr/local/bin/launch_container_script.shThen the script should be called when a SSH connection is made. For this, modify the SSH configuration:
sudo nano /etc/ssh/sshd_configby adding at the end of the file:
Match User ctfuser
ForceCommand /usr/local/bin/launch_container_script.shThe main objective of this challenge is to capture the flag hidden within the environment. This may involve breaking through some layers of security, executing code, inspecting network capture files, and configuring or bypassing firewall settings. The participants should receive the captura executable to begin the challenge.
- Do not attack the Docker host or other infrastructure.
- Focus your efforts only on the intended challenge Docker container.
- Sharing solutions with other participants is strictly prohibited.
- The captura executable is compiled from the captura.py file using PyInstaller.
- The solution for the challenge is avaliable in SOLUTION.md.
For any issues, questions, or needed clarifications regarding the challenge, please contact me.