Getting Started

Create a challenge that deploys a Docker image and understand basic configuration.

  4 minute read  

Goal

In this tutorial, we will create a dynamic_iac challenge, a new challenge type introduced by the plugin. We will create a challenge where each player gets their own instance. We want an instance without mana cost, must be destroyed after 10 minutes without a maximum due date.

Prerequisites

This tutorial requires the installation of Docker, Docker Compose, Golang, and ORAS.

Create the CTF Platform

Start all services with the registry:

cd hack
docker compose -f docker-compose-minimal.yml --profile registry up -d

Perform your CTFd setup at http://localhost:8000/setup.

Create the Challenge

Create the Scenario and Push It to the Registry

For this example, your challenge will consist of 2 elements:

  • The Docker image of your challenge (SSH server, web server, …) that exposes 1 port.
  • The scenario that indicates to Chall-Manager how to deploy your challenge (the Docker image).

The scenario used is generic, which allows you to use this scenario and have any Docker image that exposes 1 port.

To build the scenario and push it to the local registry:

cd hack/docker-scenario
bash build.sh

Create the Challenge on CTFd

We will follow the configuration presented in the goal, which includes the following classic CTFd settings:

KeyValue
Nameexample
Categoryexample
Messageexample
Initial Value500
Decay FunctionLogarithmic
Decay10
Minimum Value10

Since we want each player to have their own instance, disable the sharing option.

Next, disable the Destroy on Flag:

Next, set the mana cost. You can leave it empty or configure an explicit 0.

As mentioned, we want instances to be destroyed after 10 minutes of usage (600 seconds), without any due date:

Leave the Until value empty and configure the Timeout value at 600.

At the previous step, we pushed the scenario to the registry localhost:5000. In Chall-Manager scope, you need to refer to the scenario by this name inside the Docker network.

Finally, click Create to set up the challenge.

Play the Challenge

Once the challenge has been created in CTFd and Chall-Manager, you can deploy on-demand instances of the scenario. To do this, go to the challenges page at http://localhost:8000/challenges.

To deploy the container, simply click on “Launch the challenge”. A URL will be returned by the plugin, and the challenge will be accessible. You can verify that the image is correctly deployed on your computer:

docker ps | grep challenge
7b22cfa739ac 870ac2311d4b "/opt/CTFd/docker-en…" 22 seconds ago Up 21 seconds 0.0.0.0:32771->8000/tcp challenge-f953808a2ddbcace

As Admin, you can monitor all instances directly from CTFd, go to the instance monitoring page at http://localhost:8000/plugins/ctfd-chall-manager/admin/instances.

As Player, you can monitor your instance directly from CTFd, go to the instance monitoring page at http://localhost:8000/plugins/ctfd-chall-manager/instances.

Conclusion

In this guide, you have successfully set up a dynamic_iac challenge using the CTFd-chall-manager plugin. You learned how to create a CTF platform, build and push a scenario to a local registry, and configure a challenge on CTFd. You also explored how to deploy and manage instances of the challenge on demand.

By following these steps, you now have a functional challenge that allows each player to have their own instance, with specific mana costs and timeout settings. This setup leverages the capabilities of Chall-Manager to provide a dynamic environment for CTF challenges."

What’s Next

For further customization and advanced configurations, refer to the design documentation, maintenance guides, and ChallMaker documentation. These resources will help you deepen your understanding and optimize your challenge setup.