Language: English | Русский
Exploit farm for attack-defense CTF competitions
Read the FAQ if you want to know what attack-defense CTFs are, why you need this exploit farm for them, and why it has the architecture described below.
-
An exploit is a script that steals flags from some service of other teams. It is written by a participant during the competition and should accept the victim's host (IP address or domain) as the first command-line argument, attack them and print flags to stdout.
-
A farm client is a tool that periodically runs exploits to attack other teams and looks after their work. It is being run by a participant on their laptop after they've written an exploit.
The client is a one-file script start_sploit.py from this repository.
-
A farm server is a tool that collects flags from farm clients, sends them to the checksystem, monitors the usage of quotas and shows the stats about the accepted and rejected flags. It is being configured and run by a team's admin at the start of the competition. After that, team members can use a web interface (see the screenshot above) to watch the exploits' results and stats.
The server is a Flask web service from the server directory of this repository.
The arrows display the flow of the flags
See the list here.
Copyright © 2017–2018 Aleksandr Borzunov
Inspired by the Bay's farm.