A Dockerfile template for preparing a Git-based CTF service.
You are free to modify the Dockerfile, but remember to not touch
the base image, and to COPY the flag file into the /var/ctf directory. When
you run ./setup.sh [service name] [port number], the script will automatically
build a Docker image, and run your service in a container. The flag file can
be filled with a random string. This file is used to prove the exploitability of
an attack against your service.
Below is an example that shows how you can run a simple echo server inside a Docker container.
-
Modify the Dockerfile as follows.
FROM debian:latest # =========Install your package========= RUN apt-get update && apt-get install -y \ make \ gcc \ xinetd # ====================================== RUN mkdir -p /var/ctf COPY flag /var/ctf/ # ======Build and run your service====== ADD /service /src COPY echo_service /etc/xinetd.d/ RUN cd /src; make WORKDIR /src RUN echo "echo_service 4000/tcp" >> /etc/services RUN service xinetd restart ENTRYPOINT [ "xinetd", "-dontfork" ]
-
Create a xinetd configuration file as follows. We assume that the name of the config file is
echo_service.service echo_service { flags = REUSE socket_type = stream wait = no user = root server = /src/echo disable = no port = 4000 } -
Write a simple echo server in C. We assume that you create a directory called
serviceand put your program in the directory./* service/echo.c */ #include<stdio.h> #include<stdlib.h> #include<string.h> //strlen #include<unistd.h> //write int main() { char buf[256]; while (1) { scanf("%s", buf); printf("%s\n", buf); fflush(stdout); } return 0; }
# service/Makefile CC = gcc TARGET = echo all: echo echo: $(CC) $(TARGET).c -o $(TARGET) clean: rm $(TARGET)
-
Finally, you run
./setup.sh team1 4000in order to run your echo service in a Docker container. The service will listen on port 4000.