MCPcopy Index your code
hub / github.com/ctf-o-matic/capture-the-flag

github.com/ctf-o-matic/capture-the-flag @v1.0

Chat with this repo
repository ↗ · DeepWiki ↗ · release v1.0 ↗ · + Follow
3,779 symbols 13,246 edges 178 files 1,272 documented · 34%
What it actually does AI analysis from the code graph — generated when you open this
loading…
README

Capture The Flag!

Remaster Linux Live CD images for the purpose of creating ready to use security wargames with pre-installed vulnerabilities to exploit.

Requirements

You will need the following in order to build the Live CD using the scripts in this project:

  • Linux, with root access using sudo
  • git
  • make, gcc -- for building vulnerable programs
  • pwgen -- for generating random passwords
  • rsync
  • genisoimage -- for mkisofs
  • advancecomp -- for advdef
  • squashfs-tools -- for unsquashfs
  • curl -- for downloading packages and other files

Requirements when building in 64-bit systems

The base Live CD is 32-bit, and therefore the C programs must be built 32-bit too. In order to do that you need to install 32-bit development libraries. In Debian for example the package is called libc6-dev-i386.

Building the Live CD

You have different options to build the CD:

  • Basic build: using a single script to build everything
  • 3-step build: 3 steps to give you a chance to customize
  • Expert build: if you want to understand everything

Choose whichever method is most suitable for you.

Basic build (for the impatient)

To fetch all the necessary files including the 8MB TinyCore base base image, the hacking contest data and all the required TinyCore packages and remaster the CD:

./scripts/rebuild.sh

Note: some of the steps need to run sudo, so you will be prompted for your password one or more times.

3-step build

The idea of this build method is to create the basic CD data but stop before rebuilding the image so that you can customize it first.

  1. Build the basic CD data:
    ./scripts/build.sh
    

Note: some of the steps need to run sudo, so you will be prompted for your password one or more times.

  1. Customize the contents in the extract directory. This step is completely up to you, depending on what you want to customize. You might want to install some custom packages, for example keymaps for non US keyboards:

    sudo ./scripts/install-tcz.sh kmaps
    
  2. Create the final ISO:

    sudo ./scripts/pack-iso.sh
    

Disclaimer

The challenges are based on the original online contest organized by Stripe: https://stripe.com/blog/capture-the-flag

Using the Live CD

See http://janosgyerik.github.com/capture-the-flag/

Screenshots

Start End

Solutions

The solutions are intentionally omitted from this project. You can find the solutions to the original Stripe challenges on the internet, but don't be surprised if they won't work on this Live CD out of the box. That's intentional too ;-)

Please keep your own solutions private.

Abusing the CD

If you want to get root access in the live system, you can either do su - tc to become the admin user, or boot the system with the mc superuser boot option. This is no secret, and you won't learn anything this way.

Links

Todo

  • Re-implement /levels/level02/level02.py without Flask (save 3MB)

  • Implement the second Capture The Flag contest of Stripe

  • maybe: Generalize the scripts to use with other than TinyCore

Core symbols most depended-on inside this repo

assert_equal
called by 359
ctf1/append/home/level02/flask/testsuite/__init__.py
append
called by 303
ctf1/append/home/level02/werkzeug/datastructures.py
render
called by 295
ctf1/append/home/level02/jinja2/environment.py
from_string
called by 265
ctf1/append/home/level02/jinja2/environment.py
join
called by 232
ctf1/append/home/level02/jinja2/_markupsafe/__init__.py
assert_equal
called by 148
ctf1/append/home/level02/werkzeug/testsuite/__init__.py
write
called by 139
ctf1/append/home/level02/jinja2/compiler.py
split
called by 121
ctf1/append/home/level02/jinja2/_markupsafe/__init__.py

Shape

Method 2,649
Class 542
Function 514
Route 74

Languages

Python98%
TypeScript1%
C1%

Modules by API surface

ctf1/append/home/level02/werkzeug/datastructures.py317 symbols
ctf1/append/home/level02/flask/testsuite/basic.py168 symbols
ctf1/append/home/level02/werkzeug/wrappers.py114 symbols
ctf1/append/home/level02/jinja2/compiler.py114 symbols
ctf1/append/home/level02/jinja2/nodes.py113 symbols
ctf1/append/home/level02/werkzeug/routing.py89 symbols
ctf1/append/home/level02/flask/testsuite/blueprints.py88 symbols
ctf1/append/home/level02/flask/app.py69 symbols
ctf1/append/home/level02/jinja2/environment.py65 symbols
ctf1/append/home/level02/jinja2/testsuite/filters.py61 symbols
ctf1/append/home/level02/werkzeug/contrib/cache.py60 symbols
ctf1/append/home/level02/flask/testsuite/helpers.py59 symbols

For agents

$ claude mcp add capture-the-flag \
  -- python -m otcore.mcp_server <graph>

⬇ download graph artifact

Ask about this repo answers extend the page