551 . You have ` cmgr ` installed and configured.
66 - Refer to the [ setup page] ( /setup-cmgr ) if this is not the case for you.
77
8- 2 . You have done the [ Sanity Problem Creation
9- Walkthrough] ( /example-problems/sanity-static-flag/README.md ) . You do not have
10- to do every walkthrough that is listed as easier than this one, but you must
11- at least do the Sanity Problem Creation Walkthrough. This walkthrough is
12- presented as a set of changes from the sanity problem. The sanity problem
13- walkthrough is the core of cmgr challenges, and this problem presents what
14- must be added on top of that for a more complicated challenge.
8+ 2 . You have done the [ Web CSS Problem Creation
9+ Walkthrough] ( /example-problems/web-css ) .
1510
1611## Overview
1712
1813This problem uses a container as a service host and presents this service
19- through a port.
14+ through a port. This problem is adapted from the live picoGym problem, [ Picker-I ] ( https://play.picoctf.org/practice/challenge/400 ) .
2015
21- There is 1 main change in this problem that makes it more complicated and
22- potentially more interesting:
16+ This problem can be used as a template for any challenge that needs to host a
17+ service that players connect to with netcat.
2318
24- 1 . The use of a Dockerfile instead of a Makefile which vastly opens up the
25- possibilities for problem development.
26-
27- Being able to specify a Dockerfile lets us bring the power and repeatability
28- of containers to our problem development and deployment. We're going to create
29- a container that runs a Python program through a given port using socat. To use
30- a custom Dockerfile, we must specify the type of the problem as ` custom ` in the
31- ` problem.md ` .
32-
33- This problem is adapted from the live picoGym problem, ` Picker-I ` .
19+ The following walkthrough will touch on new problem files and then look at how
20+ to debug a Dockerfile by running it with Docker instead of cmgr.
3421
3522## Walkthrough
3623
3724### File Listing
3825
39- 1 . Besides problem details, the most important change in
40- [ problem.md] ( /example-problems/reversing-python/problem.md ) is changing Type
41- to "custom".
42-
43261 . [ picker-I.py] ( /example-problems/reversing-python/picker-I.py ) this is the
4427 vulnerable script that we will be hosting as a service on this container.
4528
46- 1 . [ start.sh] ( /example-problems/reversing-python/start.sh ) starts a listener that
47- receives connections. This script is ran as the last step in the
29+ 1 . [ start.sh] ( /example-problems/reversing-python/start.sh ) starts a listener
30+ that receives connections. This script is ran as the last step in the
4831 Dockerfile. For this problem, we use socat to connect the output of our
4932 vulnerable script to a port, allowing users to interact with our script
5033 through the network.
@@ -61,6 +44,14 @@ This problem is adapted from the live picoGym problem, `Picker-I`.
6144 We add ` artifacts.tar.gz ` to this directory as well, which contains a copy
6245 of the source for the service being run on the container.
6346
47+ NOTE: If you were hosting a vulnerable service that allowed arbitrary remote
48+ code execution, you would want to consider separating the challenge building
49+ container from the container hosting the service. If players landed a shell on
50+ this machine, they would be able to read challenge management data, which
51+ usually is not a problem, but is not the greatest look for a CTF competition.
52+ See this [ problem] ( /example-problems/general-ssh ) for how to create multiple
53+ containers for one challenge.
54+
6455### Debugging your Dockerfile
6556
6657For typical problem playtest deployment and testing strategy, see
@@ -106,14 +97,13 @@ process goes a long way in being able to determine what is going wrong.
10697
10798## Conclusion
10899
109- With this walkthrough, we created an advanced problem that used a custom
110- Dockerfile to create a container that presented a service to be interacted with
111- in the shell.
100+ With this walkthrough, we created an advanced problem that used a Dockerfile to
101+ create a container that presented a service to be interacted with in the shell.
102+
103+ This walkthrough also demonstrated how to gain more debugging insight into cmgr
104+ problems by building the container manually with docker which provides a lot
105+ more information about build failures.
112106
113- Using the custom problem type in cmgr opens the doors to creativity but also
114- needs more powerful debugging. This walkthrough also demonstrated how to
115- gain more debugging insight into custom cmgr problems by building the
116- container manually with docker which provides a lot more information about
117- build failures.
107+ [Next problem](/example-problems/general-ssh)
118108
119109[Return to the index](/example-problems#example-problems)
0 commit comments