Remaster Linux Live CD images for the purpose of creating ready to use security wargames with pre-installed vulnerabilities to exploit.
You will need the following in order to build the Live CD using the scripts in this project:
sudogitmake, gcc -- for building vulnerable programspwgen -- for generating random passwordsrsyncgenisoimage -- for mkisofsadvancecomp -- for advdefsquashfs-tools -- for unsquashfscurl -- for downloading packages and other filesThe base Live CD is 32-bit, and therefore the C programs
must be built 32-bit too. In order to do that you need
to install 32-bit development libraries. In Debian for
example the package is called libc6-dev-i386.
You have different options to build the CD:
Choose whichever method is most suitable for you.
To fetch all the necessary files including the 8MB TinyCore base base image, the hacking contest data and all the required TinyCore packages and remaster the CD:
./scripts/rebuild.sh
Note: some of the steps need to run sudo, so you will be prompted
for your password one or more times.
The idea of this build method is to create the basic CD data but stop before rebuilding the image so that you can customize it first.
./scripts/build.sh
Note: some of the steps need to run sudo, so you will be
prompted for your password one or more times.
Customize the contents in the extract directory. This step is
completely up to you, depending on what you want to customize.
You might want to install some custom packages, for example
keymaps for non US keyboards:
sudo ./scripts/install-tcz.sh kmaps
Create the final ISO:
sudo ./scripts/pack-iso.sh
The challenges are based on the original online contest organized by Stripe: https://stripe.com/blog/capture-the-flag
See http://janosgyerik.github.com/capture-the-flag/

The solutions are intentionally omitted from this project. You can find the solutions to the original Stripe challenges on the internet, but don't be surprised if they won't work on this Live CD out of the box. That's intentional too ;-)
Please keep your own solutions private.
If you want to get root access in the live system,
you can either do su - tc to become the admin user,
or boot the system with the mc superuser boot option.
This is no secret, and you won't learn anything this way.
Re-implement /levels/level02/level02.py without Flask (save 3MB)
Implement the second Capture The Flag contest of Stripe
maybe: Generalize the scripts to use with other than TinyCore
$ claude mcp add capture-the-flag \
-- python -m otcore.mcp_server <graph>