ctfbot.py usage

[mdulin2]

I am running a CTF in a little over a month and would love to get the attack/defense challenges working on the scoreboard because of the bots. I have been attempting to understand how the bots for checking flags actually work for about a week now. But, I have not been able to figure out where the scripts are actually written to, how to set which type of flag bot to use (advanced, check and dispatch) and a few other things with the bots.

Ideally, I would ask for some documentation be written about the bots. But, with the consideration of time, could some previous examples of the setup and scripts be put into an example folder? Or, describe how it works some here?

Thanks for the scoreboard, again! I really appreciate all of this; thanks for the help!

[wert310]

Hi! Ok, it's true that the bots part is a little undocumented. I'll try to explain it here.

Currently the bots are managed using the ctfbot.py script and the unix utility cron: you can see an example of crontab file in the root of the cyberchallenge-ad branch (https://github.com/secgroup/ctforge/blob/cyberchallenge-ad/ctforge.crontab).

Our standard setup, depicted in the following image

Requires setting up two organizers machines: a router/VM host and a gameserver (or manager). The manager machine is the one responsible for running both the web interface of ctforge (with the database) and the ctfbot.py script (using cron).

The ctfbot handles both the generation of new flags, the advance of the round, the dispatch phase and the checks: you can see from the two last line of the crontab file (the standard 2-minute round CTF)

# DiSPATCH: every 2 minutes
*/2 * * * * source /home/ctforge/.venvs/ctforge/bin/activate; ctfbot --advance --dispatch -t 30 -n 4 -v &>> /home/ctforge/.ctforge/logs/cron.log 
# CHECK: some seconds later
*/2 * * * * sleep 30; sleep $((RANDOM\%(5))); source /home/ctforge/.venvs/ctforge/bin/activate; ctfbot --check -t 30 -n 4 -v &>> /home/ctforge/.ctforge/logs/cron.log

that every two minutes the script is called with the advance and dispatch options to both advance the current round (current_round =+ 1) and dispatch the newly created flags using the dispatch scripts stored in the directory specified in the config (more on that later). The second line executes every two minutes and after a random delay issues the check command that checks the flags on the VMs services using the checker scripts and save the state in the DB.

The ctfbot needs to call the checker and dispatcher scripts and uses the return code as return value:

• checkers: defined in $(bot_script_path)/<service_name>/check return 0 means check ok, return >0 means check failed. Each checker receives on its argv the team ip, flag, current round, flag id (if the service supports it).
• dispatchers: defined in $(bot_script_path)/<service_name>/dispatch. As with the checkers, the dispatchers receive on argv the team ip, flag, current round and if the service supports flag ids is required to output on standard output (if check is successful) the flag id between flagid tags (matched by the regex <flagid>(.*?)</flagid>).

The CTF starts decommenting the corresponding lines on crontab: the ctfbot --advance --dispatch will be called and the first round starts.

Note that to pause/stop the CTF you can simply comment the crontab lines. There is no support for deactivating or adding services or users at runtime: once started the CTF can anly be paused(and resumed) or stopped.

[mdulin2]

Thank you so much for this description! I am going to leave the issue open simply so people can see it.
The CTF that I ran in Spokane went extremely well; I can honestly say a major reason for that was the ctforge project! So, thanks for the great project! :)