A nice CTF framework
The goal behind circus is to reduce the amount of “bad” CTFs. We define “bad” CTFs as CTFs containing spoilers or otherwise not indented behaviour created by users. As an example, finding a webshell from another user in the root of the target filesystem should not happen.
The solution CIRCUS uses to tackle this is to containerize everything and spawn a contariner for every user and a container for each challenge of every user.
The interaction inbetween the containers is displayed below:
The landingpage is the first interaction of the user with circus. This is used to route the user to the registration, the scoreboard or his companion container.
The registration can be used by a user to generate a new companion. The companion container can then be used to spawn challenges.
The scoreboard container scrapes all the companion containers bundling their
scores and exposing them on the
/metrics endpoint. This is done so that
scrape that data and
Grafana can then
display all of it.
Grafana parses the data provided by Prometheus drawing a scoreboard using it.
Promethes scrapes that data exposed by the containers exposing the Time Series for Grafana.
The companion container is used by the user to spawn challenge containers for the user.
The manager is used to handle persistency, such as storing the names of the users, how many points they have, what challenges they have allready stored and so on. This manager shoud store enough info to potentially be able to restore the complete state of the system. It also functions as some kind of “admin” interface displaing the state of the docker swarm and as an interface for creating, modifing and deleting challenges.
The static hoster hosts static files such as memory dumps for the users to download.
A challenge is simply a container exposing a challenge. The flag is inserted using an environment variable.
The VPN container makes it possible for the user to access the container spawned using the companion.