circus v1
A nice CTF framework
Function
The goal behind circus is to reduce the amount of “bad” CTFs. We define “bad” CTFs as CTFs containing spoilers or otherwise not indented behaviour created by users. As an example, finding a webshell from another user in the root of the target filesystem should not happen.
The solution CIRCUS uses to tackle this is to containerize everything and spawn a contariner for every user and a container for each challenge of every user.
Containers
The interaction inbetween the containers is displayed below:
Landingpage
The landingpage is the first interaction of the user with circus. This is used to route the user to the registration, the scoreboard or his companion container.
Registration
The registration can be used by a user to generate a new companion. The companion container can then be used to spawn challenges.
Scoreboard
The scoreboard container scrapes all the companion containers bundling their
scores and exposing them on the /metrics endpoint. This is done so that
Prometheus can
scrape that data and
Grafana can then
display all of it.
Grafana
Grafana parses the data provided by Prometheus drawing a scoreboard using it.
Prometheus
Promethes scrapes that data exposed by the containers exposing the Time Series for Grafana.
Companion
The companion container is used by the user to spawn challenge containers for the user.
Manager
The manager is used to handle persistency, such as storing the names of the users, how many points they have, what challenges they have allready stored and so on. This manager shoud store enough info to potentially be able to restore the complete state of the system. It also functions as some kind of “admin” interface displaing the state of the docker swarm and as an interface for creating, modifing and deleting challenges.
Static Hoster
The static hoster hosts static files such as memory dumps for the users to download.
Challenge
A challenge is simply a container exposing a challenge. The flag is inserted using an environment variable.
VPN
The VPN container makes it possible for the user to access the container spawned using the companion.