├── aws ├── images │ ├── ssh-screenshot.png │ └── terraform-apply.png ├── .gitignore ├── README.md ├── main.tf └── ctf_setup.sh ├── gcp ├── images │ ├── ssh-screenshot.png │ └── terraform-apply.png ├── .gitignore ├── README.md ├── main.tf └── ctf_setup.sh ├── azure ├── images │ ├── ssh-screenshot.png │ └── terraform-apply.png ├── .gitignore ├── README.md ├── main.tf └── ctf_setup.sh ├── LICENSE ├── .github └── workflows │ └── new-issue.yaml ├── CONTRIBUTOR_ONBOARDING_GUIDE.md └── README.md /aws/images/ssh-screenshot.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/learntocloud/linux-ctfs/HEAD/aws/images/ssh-screenshot.png -------------------------------------------------------------------------------- /gcp/images/ssh-screenshot.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/learntocloud/linux-ctfs/HEAD/gcp/images/ssh-screenshot.png -------------------------------------------------------------------------------- /aws/images/terraform-apply.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/learntocloud/linux-ctfs/HEAD/aws/images/terraform-apply.png -------------------------------------------------------------------------------- /azure/images/ssh-screenshot.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/learntocloud/linux-ctfs/HEAD/azure/images/ssh-screenshot.png -------------------------------------------------------------------------------- /azure/images/terraform-apply.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/learntocloud/linux-ctfs/HEAD/azure/images/terraform-apply.png -------------------------------------------------------------------------------- /gcp/images/terraform-apply.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/learntocloud/linux-ctfs/HEAD/gcp/images/terraform-apply.png -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2024 Rishab Kumar 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /aws/.gitignore: -------------------------------------------------------------------------------- 1 | # Local .terraform directories 2 | **/.terraform/* 3 | 4 | # .tfstate files 5 | *.tfstate 6 | *.tfstate.* 7 | 8 | # Crash log files 9 | crash.log 10 | crash.*.log 11 | 12 | # Exclude all .tfvars files, which are likely to contain sensitive data, such as 13 | # password, private keys, and other secrets. These should not be part of version 14 | # control as they are data points which are potentially sensitive and subject 15 | # to change depending on the environment. 16 | *.tfvars 17 | *.tfvars.json 18 | 19 | # Ignore override files as they are usually used to override resources locally and so 20 | # are not checked in 21 | override.tf 22 | override.tf.json 23 | *_override.tf 24 | *_override.tf.json 25 | 26 | # Ignore transient lock info files created by terraform apply 27 | .terraform.tfstate.lock.info 28 | 29 | # Include override files you do wish to add to version control using negated pattern 30 | # !example_override.tf 31 | 32 | # Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan 33 | # example: *tfplan* 34 | 35 | # Ignore CLI configuration files 36 | .terraformrc 37 | terraform.rc 38 | 39 | # Ignore terraform.lock.hcl file 40 | .terraform.lock.hcl -------------------------------------------------------------------------------- /azure/.gitignore: -------------------------------------------------------------------------------- 1 | # Local .terraform directories 2 | **/.terraform/* 3 | 4 | # .tfstate files 5 | *.tfstate 6 | *.tfstate.* 7 | 8 | # Crash log files 9 | crash.log 10 | crash.*.log 11 | 12 | # Exclude all .tfvars files, which are likely to contain sensitive data, such as 13 | # password, private keys, and other secrets. These should not be part of version 14 | # control as they are data points which are potentially sensitive and subject 15 | # to change depending on the environment. 16 | *.tfvars 17 | *.tfvars.json 18 | 19 | # Ignore override files as they are usually used to override resources locally and so 20 | # are not checked in 21 | override.tf 22 | override.tf.json 23 | *_override.tf 24 | *_override.tf.json 25 | 26 | # Ignore transient lock info files created by terraform apply 27 | .terraform.tfstate.lock.info 28 | 29 | # Include override files you do wish to add to version control using negated pattern 30 | # !example_override.tf 31 | 32 | # Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan 33 | # example: *tfplan* 34 | 35 | # Ignore CLI configuration files 36 | .terraformrc 37 | terraform.rc 38 | 39 | # Ignore terraform.lock.hcl file 40 | .terraform.lock.hcl -------------------------------------------------------------------------------- /gcp/.gitignore: -------------------------------------------------------------------------------- 1 | # Local .terraform directories 2 | **/.terraform/* 3 | 4 | # .tfstate files 5 | *.tfstate 6 | *.tfstate.* 7 | 8 | # Crash log files 9 | crash.log 10 | crash.*.log 11 | 12 | # Exclude all .tfvars files, which are likely to contain sensitive data, such as 13 | # password, private keys, and other secrets. These should not be part of version 14 | # control as they are data points which are potentially sensitive and subject 15 | # to change depending on the environment. 16 | *.tfvars 17 | *.tfvars.json 18 | 19 | # Ignore override files as they are usually used to override resources locally and so 20 | # are not checked in 21 | override.tf 22 | override.tf.json 23 | *_override.tf 24 | *_override.tf.json 25 | 26 | # Ignore transient lock info files created by terraform apply 27 | .terraform.tfstate.lock.info 28 | 29 | # Include override files you do wish to add to version control using negated pattern 30 | # !example_override.tf 31 | 32 | # Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan 33 | # example: *tfplan* 34 | 35 | # Ignore CLI configuration files 36 | .terraformrc 37 | terraform.rc 38 | 39 | # Ignore terraform.lock.hcl file 40 | .terraform.lock.hcl -------------------------------------------------------------------------------- /aws/README.md: -------------------------------------------------------------------------------- 1 | # Linux Command Line CTF Lab - AWS 2 | 3 | Welcome to the Linux Command Line Capture The Flag (CTF) lab! This project sets up a learning environment where you can practice your Linux command line skills by solving various challenges. 4 | 5 | ## Prerequisites 6 | 7 | Before you begin, ensure you have the following installed on your local machine: 8 | 9 | 1. [Terraform](https://www.terraform.io/downloads.html) (version 1.9.0 or later) 10 | 2. [AWS CLI](https://aws.amazon.com/cli/) (configured with your AWS credentials) 11 | 12 | ## Getting Started 13 | 14 | Follow these steps to set up and access your CTF lab environment: 15 | 16 | 1. Clone this repository to your local machine: 17 | 18 | ``` sh 19 | git clone https://github.com/learntocloud/ltc-linux-challenge 20 | cd ltc-linux-challenge/aws 21 | ``` 22 | 23 | 2. (Optional) Modify the AWS region: 24 | - Open `main.tf` and change the default value of the `aws_region` variable, or 25 | - Create a `terraform.tfvars` file and specify your preferred region: 26 | 27 | ``` sh 28 | aws_region = "us-east-1" 29 | ``` 30 | 31 | 3. Initialize Terraform: 32 | 33 | `terraform init` 34 | 35 | 4. Apply the Terraform configuration: 36 | 37 | `terraform apply` 38 | 39 | When prompted, type `yes` to confirm. 40 | 41 | 5. After the apply completes, note the `ctf_instance_public_ip` output. You'll use this to connect to your lab environment. 42 | ![Terraform Apply output](./images/terraform-apply.png) 43 | 44 | ## Accessing the Lab Environment 45 | 46 | To access your lab environment: 47 | 48 | 1. Use SSH to connect to the EC2 instance: 49 | 50 | ``` sh 51 | ssh ctf_user@ 52 | ``` 53 | 54 | 2. When prompted for a password, enter: `CTFpassword123!` 55 | 3. Once logged in, you'll see a welcome message with instructions for your first challenge. 56 | ![ssh into the instance](./images/ssh-screenshot.png) 57 | 58 | ## Cleaning Up 59 | 60 | When you're done with the lab, don't forget to destroy the AWS resources to avoid unnecessary charges: 61 | 62 | `terraform destroy` 63 | 64 | Type `yes` when prompted to confirm. 65 | 66 | ## Security Note 67 | 68 | This lab is designed for learning purposes and uses a password-based login for simplicity. In real-world scenarios, key-based authentication is recommended for better security. 69 | 70 | ## Troubleshooting 71 | 72 | If you encounter any issues: 73 | 74 | 1. Ensure your AWS CLI is correctly configured with your credentials. 75 | 2. Check that you're using a compatible Terraform version. 76 | 3. Verify that you have the necessary AWS permissions to create the required resources. 77 | 78 | If problems persist, please open an issue in this repository. 79 | 80 | Happy learning, and good luck with your CTF challenges! 81 | -------------------------------------------------------------------------------- /.github/workflows/new-issue.yaml: -------------------------------------------------------------------------------- 1 | name: Reply with FAQ and Conditional Labels 2 | 3 | on: 4 | issues: 5 | types: [opened] 6 | 7 | jobs: 8 | reply-and-label: 9 | runs-on: ubuntu-latest 10 | permissions: 11 | issues: write 12 | steps: 13 | - name: Process issue for FAQ comment and labels 14 | uses: actions/github-script@v7 15 | with: 16 | github-token: ${{ secrets.GITHUB_TOKEN }} 17 | script: | 18 | const issue = context.payload.issue; 19 | const issueBody = issue.body?.toLowerCase() || ''; 20 | const labels = []; 21 | 22 | // Define label mappings 23 | const labelMappings = { 24 | 'bug': 'bug', 25 | 'feature': 'enhancement', 26 | 'documentation': 'documentation', 27 | 'question': 'question', 28 | 'help wanted': 'help wanted' 29 | }; 30 | 31 | // Check issue body for keywords and add corresponding labels 32 | for (const [keyword, label] of Object.entries(labelMappings)) { 33 | if (issueBody.includes(keyword)) { 34 | labels.push(label); 35 | } 36 | } 37 | 38 | // Add labels if any were found 39 | if (labels.length > 0) { 40 | await github.rest.issues.addLabels({ 41 | owner: context.repo.owner, 42 | repo: context.repo.repo, 43 | issue_number: issue.number, 44 | labels: labels 45 | }); 46 | } 47 | 48 | // Assign issue 49 | try { 50 | await github.rest.issues.addAssignees({ 51 | owner: context.repo.owner, 52 | repo: context.repo.repo, 53 | issue_number: issue.number, 54 | assignees: ['rishabkumar7', 'madebygps'] 55 | }); 56 | console.log('Successfully assigned issue'); 57 | } catch (error) { 58 | console.error('Error assigning issue:', error); 59 | throw error; 60 | } 61 | 62 | // Check for bug-related keywords and add FAQ comment 63 | if (issueBody.includes('bug') || issueBody.includes('issue')) { 64 | const faqComment = ` 65 | Thanks for reporting this issue! 👋 66 | 67 | Before we proceed, please check our [FAQ page](https://github.com/learntocloud/linux-ctfs/wiki/FAQs). 68 | 69 | If your issue isn't addressed in the FAQ, please provide: 70 | - Steps to reproduce 71 | - Expected behavior 72 | - Actual behavior 73 | - Any relevant error messages 74 | - Screenshots, if applicable 75 | 76 | This will help us investigate and resolve your issue more quickly. 77 | `; 78 | 79 | await github.rest.issues.createComment({ 80 | owner: context.repo.owner, 81 | repo: context.repo.repo, 82 | issue_number: issue.number, 83 | body: faqComment 84 | }); 85 | } 86 | -------------------------------------------------------------------------------- /gcp/README.md: -------------------------------------------------------------------------------- 1 | # Linux Command Line CTF Lab - GCP 2 | 3 | Welcome to the Linux Command Line Capture The Flag (CTF) lab on Google Cloud! This project sets up a learning environment where you can practice your Linux command line skills by solving various challenges. 4 | 5 | ## Prerequisites 6 | 7 | Before you begin, ensure you have the following installed and configured on your local machine: 8 | 9 | 1. [Terraform](https://developer.hashicorp.com/terraform/install) (version 1.9.0 or later) 10 | 2. [gcloud CLI](https://cloud.google.com/sdk/docs/install) 11 | 3. A Google Cloud account with an active project and billing enabled 12 | 13 | ## How much it's going to cost 14 | 15 | If you leave this lab running, it's going to cost you approximately $6-7/month, as it is running an `e2-micro` instance in GCP. Use the `terraform destroy` command to clean up resources once you've completed the CTFs. 16 | 17 | ## Getting Started 18 | 19 | Follow these steps to set up and access your CTF lab environment: 20 | 21 | 1. Clone this repository to your local machine: 22 | 23 | ``` sh 24 | git clone https://github.com/learntocloud/ltc-linux-challenge 25 | cd ltc-linux-challenge/gcp 26 | ``` 27 | 28 | 2. Log in to Google Cloud using the gcloud CLI: 29 | 30 | ``` sh 31 | gcloud auth login 32 | gcloud auth application-default login 33 | ``` 34 | 35 | 3. Initialize Terraform: 36 | 37 | ``` sh 38 | terraform init 39 | ``` 40 | 41 | 4. Apply the Terraform configuration: 42 | 43 | ``` sh 44 | terraform apply \ 45 | -var gcp_project="YOUR_GCP_PROJECT_ID" \ 46 | -var gcp_region="YOUR_GCP_REGION" \ 47 | -var gcp_zone="YOUR_GCP_ZONE" 48 | ``` 49 | 50 | Replace `YOUR_GCP_REGION` with Google Cloud Region and `YOUR_GCP_PROJECT_ID` with Google Cloud project that you want to use, by default it uses us-central1 region and us-central1-a zone. 51 | 52 | When prompted, type `yes` to confirm. 53 | 54 | 5. After the apply completes, note the `public_ip_address` output. You'll use this to connect to your lab environment. 55 | ![Terraform Apply](./images/terraform-apply.png) 56 | 57 | ## Accessing the Lab Environment 58 | 59 | To access your lab environment: 60 | 61 | 1. Use SSH to connect to the GCP Instance as the CTF user: 62 | 63 | ``` sh 64 | ssh ctf_user@ 65 | ``` 66 | 67 | 2. When prompted for a password, enter: `CTFpassword123!` 68 | 3. Once logged in, you'll see a welcome message with instructions for your first challenge. 69 | ![SSH into the instance](./images/ssh-screenshot.png) 70 | 71 | ## Cleaning Up 72 | 73 | When you're done with the lab, don't forget to destroy the GCP resources to avoid unnecessary charges: 74 | 75 | `terraform destroy` 76 | 77 | Type `yes` when prompted to confirm. 78 | 79 | ## Security Note 80 | 81 | This lab is designed for learning purposes and uses a password-based login for simplicity. In real-world scenarios, key-based authentication is recommended for better security. 82 | 83 | ## Troubleshooting 84 | 85 | If you encounter any issues: 86 | 87 | 1. Ensure your gcloud CLI is correctly configured with your credentials. 88 | 2. Check that you're using a compatible Terraform version. 89 | 3. Verify that you have the necessary GCP permissions to create the required resources. 90 | 91 | If problems persist, please open an issue in this repository. 92 | 93 | Happy learning, and good luck with your CTF challenges! 94 | -------------------------------------------------------------------------------- /azure/README.md: -------------------------------------------------------------------------------- 1 | # Linux Command Line CTF Lab - Azure 2 | 3 | Welcome to the Linux Command Line Capture The Flag (CTF) lab on Microsoft Azure! This project sets up a learning environment where you can practice your Linux command line skills by solving various challenges. 4 | 5 | ## Prerequisites 6 | 7 | Before you begin, ensure you have the following installed and configured on your local machine: 8 | 9 | 1. [Terraform](https://developer.hashicorp.com/terraform/install) (version 1.9.0 or later) 10 | 2. [Azure CLI](https://learn.microsoft.com/en-us/cli/azure/install-azure-cli) 11 | 3. An Azure account with an active subscription 12 | 13 | ## How much it's going to cost 14 | 15 | If you leave this lab running, it's going to cost you $8/month, as it is running `Standard B1s` VM in Azure. Use the `terraform destroy` command to clean resources, once completed with CTFs. 16 | 17 | > [!NOTE] 18 | > You might encounter an error, if your Azure account is a Student account, please look at [this work aroud.](https://github.com/g-now-zero/l2c-guides/blob/main/posts/ctf-azure-spot-instances-guide.md) 19 | 20 | ## Getting Started 21 | 22 | Follow these steps to set up and access your CTF lab environment: 23 | 24 | 1. Clone this repository to your local machine: 25 | 26 | ``` sh 27 | git clone https://github.com/learntocloud/ltc-linux-challenge 28 | cd ltc-linux-challenge/azure 29 | ``` 30 | 31 | 2. Log in to Azure using the Azure CLI: 32 | 33 | ``` sh 34 | az login 35 | ``` 36 | 37 | 3. Initialize Terraform: 38 | 39 | ``` sh 40 | terraform init 41 | ``` 42 | 43 | 4. Apply the Terraform configuration: 44 | 45 | ``` sh 46 | terraform apply \ 47 | -var az_region="YOUR_AZURE_REGION" \ 48 | -var subscription_id="YOUR_AZURE_SUBSCRIPTION_ID" 49 | ``` 50 | 51 | Replace `YOUR_AZURE_REGION` with Azure Region and `YOUR_AZURE_SUBSCRIPTION_ID` with Azure Subscription that you want to use, by default it uses East US. 52 | 53 | When prompted, type `yes` to confirm. 54 | 55 | 5. After the apply completes, note the `public_ip_address` output. You'll use this to connect to your lab environment. 56 | ![Terraform Apply](./images/terraform-apply.png) 57 | 58 | ## Accessing the Lab Environment 59 | 60 | To access your lab environment: 61 | 62 | 1. Use SSH to connect to the Azure VM as the CTF user: 63 | 64 | ``` sh 65 | ssh ctf_user@ 66 | ``` 67 | 68 | 2. When prompted for a password, enter: `CTFpassword123!` 69 | 3. Once logged in, you'll see a welcome message with instructions for your first challenge. 70 | ![SSH into the instance](./images/ssh-screenshot.png) 71 | 72 | ## Cleaning Up 73 | 74 | When you're done with the lab, don't forget to destroy the Azure resources to avoid unnecessary charges: 75 | 76 | `terraform destroy` 77 | 78 | Type `yes` when prompted to confirm. 79 | 80 | ## Security Note 81 | 82 | This lab is designed for learning purposes and uses a password-based login for simplicity. In real-world scenarios, key-based authentication is recommended for better security. 83 | 84 | ## Troubleshooting 85 | 86 | If you encounter any issues: 87 | 88 | 1. Ensure your Azure CLI is correctly configured with your credentials. 89 | 2. Check that you're using a compatible Terraform version. 90 | 3. Verify that you have the necessary Azure permissions to create the required resources. 91 | 92 | If problems persist, please open an issue in this repository. 93 | 94 | Happy learning, and good luck with your CTF challenges! 95 | -------------------------------------------------------------------------------- /gcp/main.tf: -------------------------------------------------------------------------------- 1 | # Variables 2 | variable "gcp_project" { 3 | description = "The GCP project ID" 4 | type = string 5 | } 6 | 7 | variable "gcp_region" { 8 | description = "The GCP region to deploy the CTF lab" 9 | type = string 10 | default = "us-central1" 11 | } 12 | 13 | variable "gcp_zone" { 14 | description = "The GCP zone to deploy the CTF lab" 15 | type = string 16 | default = "us-central1-a" 17 | } 18 | 19 | # Configure the Google Cloud Provider 20 | provider "google" { 21 | project = var.gcp_project 22 | region = var.gcp_region 23 | zone = var.gcp_zone 24 | } 25 | 26 | # Create a VPC network 27 | resource "google_compute_network" "ctf_network" { 28 | name = "ctf-network" 29 | auto_create_subnetworks = false 30 | } 31 | 32 | # Create a subnet 33 | resource "google_compute_subnetwork" "ctf_subnet" { 34 | name = "ctf-subnet" 35 | ip_cidr_range = "10.0.1.0/24" 36 | region = var.gcp_region 37 | network = google_compute_network.ctf_network.id 38 | } 39 | 40 | # Create firewall rules for SSH and HTTP 41 | resource "google_compute_firewall" "ctf_firewall_ssh" { 42 | name = "ctf-allow-ssh" 43 | network = google_compute_network.ctf_network.name 44 | 45 | allow { 46 | protocol = "tcp" 47 | ports = ["22"] 48 | } 49 | 50 | source_ranges = ["0.0.0.0/0"] 51 | target_tags = ["ctf-instance"] 52 | } 53 | 54 | resource "google_compute_firewall" "ctf_firewall_http" { 55 | name = "ctf-allow-http" 56 | network = google_compute_network.ctf_network.name 57 | 58 | allow { 59 | protocol = "tcp" 60 | ports = ["80", "8080", "8083"] 61 | } 62 | 63 | source_ranges = ["0.0.0.0/0"] 64 | target_tags = ["ctf-instance"] 65 | } 66 | 67 | # Create a compute instance 68 | resource "google_compute_instance" "ctf_instance" { 69 | name = "ctf-instance" 70 | machine_type = "e2-micro" 71 | zone = var.gcp_zone 72 | 73 | tags = ["ctf-instance"] 74 | 75 | boot_disk { 76 | initialize_params { 77 | image = "ubuntu-os-cloud/ubuntu-2204-lts" 78 | size = 20 79 | type = "pd-standard" 80 | } 81 | } 82 | 83 | network_interface { 84 | network = google_compute_network.ctf_network.id 85 | subnetwork = google_compute_subnetwork.ctf_subnet.id 86 | 87 | access_config { 88 | # This gives the instance a public IP 89 | } 90 | } 91 | 92 | # Metadata for the instance 93 | metadata = { 94 | enable-oslogin = "FALSE" 95 | startup-script = file("${path.module}/ctf_setup.sh") 96 | } 97 | 98 | # Service account for the instance 99 | service_account { 100 | email = "default" 101 | scopes = ["cloud-platform"] 102 | } 103 | } 104 | 105 | # Wait for setup completion 106 | resource "null_resource" "wait_for_setup" { 107 | depends_on = [google_compute_instance.ctf_instance] 108 | 109 | provisioner "remote-exec" { 110 | connection { 111 | type = "ssh" 112 | host = google_compute_instance.ctf_instance.network_interface[0].access_config[0].nat_ip 113 | user = "ctf_user" 114 | password = "CTFpassword123!" 115 | timeout = "5m" 116 | } 117 | 118 | inline = [ 119 | "while [ ! -f /var/log/setup_complete ]; do sleep 10; done" 120 | ] 121 | } 122 | } 123 | 124 | # Output the public IP address 125 | output "ctf_instance_public_ip" { 126 | value = google_compute_instance.ctf_instance.network_interface[0].access_config[0].nat_ip 127 | depends_on = [null_resource.wait_for_setup] 128 | } -------------------------------------------------------------------------------- /aws/main.tf: -------------------------------------------------------------------------------- 1 | # Configure the AWS Provider 2 | # Define the region variable 3 | variable "aws_region" { 4 | description = "The AWS region to deploy the CTF lab" 5 | type = string 6 | default = "us-east-1" # Default region if not specified 7 | } 8 | 9 | # Configure the AWS Provider with the variable region 10 | provider "aws" { 11 | region = var.aws_region 12 | } 13 | 14 | # Fetch availability zones 15 | data "aws_availability_zones" "available" { 16 | state = "available" 17 | } 18 | 19 | # Create a VPC 20 | resource "aws_vpc" "ctf_vpc" { 21 | cidr_block = "10.0.0.0/16" 22 | 23 | tags = { 24 | Name = "CTF Lab VPC" 25 | } 26 | } 27 | 28 | # Create an Internet Gateway 29 | resource "aws_internet_gateway" "ctf_igw" { 30 | vpc_id = aws_vpc.ctf_vpc.id 31 | 32 | tags = { 33 | Name = "CTF Lab IGW" 34 | } 35 | } 36 | 37 | # Create a Subnet 38 | resource "aws_subnet" "ctf_subnet" { 39 | vpc_id = aws_vpc.ctf_vpc.id 40 | cidr_block = "10.0.1.0/24" 41 | availability_zone = data.aws_availability_zones.available.names[0] 42 | 43 | tags = { 44 | Name = "CTF Lab Subnet" 45 | } 46 | } 47 | 48 | # Create a Route Table 49 | resource "aws_route_table" "ctf_route_table" { 50 | vpc_id = aws_vpc.ctf_vpc.id 51 | 52 | route { 53 | cidr_block = "0.0.0.0/0" 54 | gateway_id = aws_internet_gateway.ctf_igw.id 55 | } 56 | 57 | tags = { 58 | Name = "CTF Lab Route Table" 59 | } 60 | } 61 | 62 | # Associate the Route Table with the Subnet 63 | resource "aws_route_table_association" "ctf_route_table_assoc" { 64 | subnet_id = aws_subnet.ctf_subnet.id 65 | route_table_id = aws_route_table.ctf_route_table.id 66 | } 67 | 68 | # Create a Security Group 69 | resource "aws_security_group" "ctf_sg" { 70 | name = "ctf_sg" 71 | description = "Security group for CTF lab" 72 | vpc_id = aws_vpc.ctf_vpc.id 73 | 74 | ingress { 75 | from_port = 22 76 | to_port = 22 77 | protocol = "tcp" 78 | cidr_blocks = ["0.0.0.0/0"] 79 | } 80 | 81 | ingress { 82 | from_port = 80 83 | to_port = 80 84 | protocol = "tcp" 85 | cidr_blocks = ["0.0.0.0/0"] 86 | } 87 | 88 | egress { 89 | from_port = 0 90 | to_port = 0 91 | protocol = "-1" 92 | cidr_blocks = ["0.0.0.0/0"] 93 | } 94 | 95 | tags = { 96 | Name = "CTF Lab Security Group" 97 | } 98 | } 99 | 100 | 101 | # Create an EC2 Instance 102 | data "aws_ami" "ubuntu" { 103 | most_recent = true 104 | 105 | filter { 106 | name = "name" 107 | values = ["ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-*"] 108 | } 109 | filter { 110 | name = "virtualization-type" 111 | values = ["hvm"] 112 | } 113 | 114 | owners = ["099720109477"] # Canonical 115 | } 116 | 117 | resource "aws_instance" "ctf_instance" { 118 | ami = data.aws_ami.ubuntu.id 119 | instance_type = "t3.micro" 120 | 121 | vpc_security_group_ids = [aws_security_group.ctf_sg.id] 122 | subnet_id = aws_subnet.ctf_subnet.id 123 | 124 | associate_public_ip_address = true 125 | 126 | user_data_base64 = base64encode(file("${path.module}/ctf_setup.sh")) 127 | 128 | tags = { 129 | Name = "CTF Lab Instance" 130 | } 131 | } 132 | 133 | resource "null_resource" "wait_for_setup" { 134 | depends_on = [aws_instance.ctf_instance] 135 | 136 | provisioner "remote-exec" { 137 | connection { 138 | type = "ssh" 139 | host = aws_instance.ctf_instance.public_ip 140 | user = "ctf_user" 141 | password = "CTFpassword123!" 142 | } 143 | 144 | inline = [ 145 | "while [ ! -f /var/log/setup_complete ]; do sleep 10; done" 146 | ] 147 | } 148 | } 149 | 150 | # Output the public IP of the instance 151 | output "ctf_instance_public_ip" { 152 | value = aws_instance.ctf_instance.public_ip 153 | } -------------------------------------------------------------------------------- /CONTRIBUTOR_ONBOARDING_GUIDE.md: -------------------------------------------------------------------------------- 1 | # Contributor Onboarding Guide for Linux CTF Project 2 | 3 | This guide provides a comprehensive list of questions that developers can use with AI assistants (Claude Code, GitHub Copilot Chat, etc.) to quickly familiarize themselves with this Linux Command Line CTF challenge project. 4 | 5 | ## Project Overview & Architecture 6 | 7 | - **What is the main purpose of this Linux CTF project and who is the target audience?** 8 | - **How is the project structured? What are the main directories and their purposes?** 9 | - **What cloud providers are supported for deploying this CTF environment?** 10 | - **What is the relationship between the main README.md and the provider-specific READMEs in aws/ and azure/ directories?** 11 | 12 | ## Technical Stack & Dependencies 13 | 14 | - **What technologies and tools are used in this project (e.g., Terraform, cloud services)?** 15 | - **What are the system requirements for running this CTF environment?** 16 | - **Are there any specific Linux distributions or versions required?** 17 | - **What network ports and services are utilized by the CTF challenges?** 18 | 19 | ## Setup & Deployment 20 | 21 | - **Walk me through the setup process for deploying this CTF on AWS** 22 | - **What are the differences between the AWS and Azure deployment processes?** 23 | - **What does the ctf_setup.sh script do? Can you explain its main functions?** 24 | - **What Terraform resources are created by main.tf in each cloud provider?** 25 | - **How is user authentication handled for the CTF VM?** 26 | 27 | ## Challenge Structure 28 | 29 | - **How many challenges are there in total and what skills do they test?** 30 | - **What is the flag format used throughout the challenges?** 31 | - **How does the verify command work for flag submission?** 32 | - **Which challenges depend on running services and can't survive a VM reboot?** 33 | - **What is the expected completion time for all challenges?** 34 | 35 | ## Code Analysis 36 | 37 | - **Show me the structure of the ctf_setup.sh script and explain the key sections** 38 | - **How are the CTF challenges deployed and configured on the target VM?** 39 | - **What security measures are implemented to prevent cheating or unauthorized access?** 40 | - **How are the flags generated and hidden throughout the system?** 41 | 42 | ## Development & Contribution 43 | 44 | - **What are the contribution guidelines for this project?** 45 | - **How should new challenges be added to the system?** 46 | - **What testing procedures should be followed before submitting changes?** 47 | - **Are there any coding standards or conventions specific to this project?** 48 | 49 | ## Troubleshooting & Maintenance 50 | 51 | - **What are common issues users might face during setup and how to resolve them?** 52 | - **How can I debug issues with the Terraform deployment?** 53 | - **What logs should I check if challenges aren't working properly?** 54 | - **How do I clean up resources after completing the CTF?** 55 | 56 | ## Integration & Extension 57 | 58 | - **How could this CTF be integrated into a learning management system?** 59 | - **What would be required to add support for a new cloud provider (e.g., GCP)?** 60 | - **How could the verification system be enhanced to provide hints or partial credit?** 61 | - **Could this project be containerized using Docker? What would be the benefits?** 62 | 63 | ## Security & Best Practices 64 | 65 | - **What security considerations were taken into account when designing these challenges?** 66 | - **How does the project ensure that CTF participants can't access other users' data?** 67 | - **What are the cost implications of running this CTF environment?** 68 | - **Are there any rate limiting or resource constraints implemented?** 69 | 70 | ## Learning Path 71 | 72 | - **What prerequisite knowledge should users have before attempting these challenges?** 73 | - **How do these challenges align with the Phase 1 Guide mentioned in the README?** 74 | - **What resources would you recommend for users who get stuck on specific challenges?** 75 | - **How could an instructor use this CTF in a classroom setting?** 76 | 77 | ## Tips for Using This Guide 78 | 79 | - Start with questions 1-4 to get a high-level understanding 80 | - Use questions 9-13 when you need to deploy the environment 81 | - Reference questions 14-18 to understand the challenge mechanics 82 | - Dive into questions 19-22 for code-level understanding 83 | - Consult questions 27-30 when troubleshooting issues 84 | 85 | Remember: The goal is to understand the project well enough to contribute effectively or adapt it for your own use cases. Don't hesitate to explore the code and documentation beyond these questions! 86 | -------------------------------------------------------------------------------- /azure/main.tf: -------------------------------------------------------------------------------- 1 | # main.tf 2 | 3 | # Variables 4 | variable "az_region" { 5 | description = "The region to deploy the CTF lab" 6 | type = string 7 | default = "East US" 8 | } 9 | 10 | variable "subscription_id" { 11 | description = "Your Azure Subscription ID" 12 | type = string 13 | } 14 | 15 | provider "azurerm" { 16 | features {} 17 | subscription_id = var.subscription_id 18 | } 19 | 20 | # Create a resource group 21 | resource "azurerm_resource_group" "ctf_rg" { 22 | name = "ctf-resources" 23 | location = var.az_region 24 | } 25 | 26 | # Create a virtual network 27 | resource "azurerm_virtual_network" "ctf_network" { 28 | name = "ctf-network" 29 | address_space = ["10.0.0.0/16"] 30 | location = azurerm_resource_group.ctf_rg.location 31 | resource_group_name = azurerm_resource_group.ctf_rg.name 32 | } 33 | 34 | # Create a subnet 35 | resource "azurerm_subnet" "ctf_subnet" { 36 | name = "ctf-subnet" 37 | resource_group_name = azurerm_resource_group.ctf_rg.name 38 | virtual_network_name = azurerm_virtual_network.ctf_network.name 39 | address_prefixes = ["10.0.1.0/24"] 40 | } 41 | 42 | # Create a public IP 43 | resource "azurerm_public_ip" "ctf_public_ip" { 44 | name = "ctf-public-ip" 45 | location = azurerm_resource_group.ctf_rg.location 46 | resource_group_name = azurerm_resource_group.ctf_rg.name 47 | allocation_method = "Static" 48 | sku = "Standard" 49 | } 50 | 51 | # Create a network security group 52 | resource "azurerm_network_security_group" "ctf_nsg" { 53 | name = "ctf-nsg" 54 | location = azurerm_resource_group.ctf_rg.location 55 | resource_group_name = azurerm_resource_group.ctf_rg.name 56 | 57 | security_rule { 58 | name = "SSH" 59 | priority = 1001 60 | direction = "Inbound" 61 | access = "Allow" 62 | protocol = "Tcp" 63 | source_port_range = "*" 64 | destination_port_range = "22" 65 | source_address_prefix = "*" 66 | destination_address_prefix = "*" 67 | } 68 | security_rule { 69 | name = "HTTP" 70 | priority = 1002 71 | direction = "Inbound" 72 | access = "Allow" 73 | protocol = "Tcp" 74 | source_port_range = "*" 75 | destination_port_range = "80" 76 | source_address_prefix = "*" 77 | destination_address_prefix = "*" 78 | } 79 | } 80 | 81 | # Create a network interface 82 | resource "azurerm_network_interface" "ctf_nic" { 83 | name = "ctf-nic" 84 | location = azurerm_resource_group.ctf_rg.location 85 | resource_group_name = azurerm_resource_group.ctf_rg.name 86 | 87 | ip_configuration { 88 | name = "internal" 89 | subnet_id = azurerm_subnet.ctf_subnet.id 90 | private_ip_address_allocation = "Dynamic" 91 | public_ip_address_id = azurerm_public_ip.ctf_public_ip.id 92 | } 93 | } 94 | 95 | # Connect the security group to the network interface 96 | resource "azurerm_network_interface_security_group_association" "ctf_nic_nsg_assoc" { 97 | network_interface_id = azurerm_network_interface.ctf_nic.id 98 | network_security_group_id = azurerm_network_security_group.ctf_nsg.id 99 | } 100 | 101 | # Create a Linux virtual machine for CTF 102 | resource "azurerm_linux_virtual_machine" "ctf_vm" { 103 | name = "ctf-vm" 104 | resource_group_name = azurerm_resource_group.ctf_rg.name 105 | location = azurerm_resource_group.ctf_rg.location 106 | size = "Standard_B1s" 107 | admin_username = "ctf_user" 108 | network_interface_ids = [ 109 | azurerm_network_interface.ctf_nic.id, 110 | ] 111 | 112 | admin_password = "CTFpassword123!" 113 | disable_password_authentication = false 114 | 115 | os_disk { 116 | caching = "ReadWrite" 117 | storage_account_type = "Standard_LRS" 118 | } 119 | 120 | source_image_reference { 121 | publisher = "Canonical" 122 | offer = "0001-com-ubuntu-server-jammy" 123 | sku = "22_04-lts-gen2" 124 | version = "latest" 125 | } 126 | 127 | custom_data = base64encode(file("${path.module}/ctf_setup.sh")) 128 | } 129 | 130 | resource "null_resource" "wait_for_setup" { 131 | depends_on = [azurerm_linux_virtual_machine.ctf_vm] 132 | 133 | provisioner "remote-exec" { 134 | connection { 135 | host = azurerm_linux_virtual_machine.ctf_vm.public_ip_address 136 | user = "ctf_user" 137 | password = "CTFpassword123!" 138 | } 139 | 140 | inline = [ 141 | "while [ ! -f /var/log/setup_complete ]; do sleep 10; done" 142 | ] 143 | } 144 | } 145 | 146 | # Output the public IP address 147 | output "public_ip_address" { 148 | value = azurerm_linux_virtual_machine.ctf_vm.public_ip_address 149 | depends_on = [null_resource.wait_for_setup] 150 | } -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Phase 1: Linux Command Line CTF Challenge 2 | 3 | This set of progressive Capture The Flag (CTF) challenges will test your Linux command line skills. Each challenge builds upon previous concepts while introducing new ones. All flags follow the format `CTF{some_text_here}`. This is meant to mimic an exam situation and test your skills. Once you launch the lab, you cannot shut it down without losing your progress. 4 | 5 | > [!IMPORTANT] 6 | > Please complete [Phase 1 Guide](https://learntocloud.guide/phase1/) before attempting these challenges. Do not share solutions publicly - focus on sharing your learning journey instead. 7 | 8 | ## Flag Submission 9 | 10 | Submit flags using the `verify` command: 11 | 12 | - Check progress: `verify progress` 13 | - Submit a flag: `verify [challenge_number] [flag]` 14 | 15 | Try the command and capture first flag: `verify 0 CTF{example}` 16 | 17 | ``` sh 18 | ctf_user@ctf-vm:~$ verify 0 CTF{example} 19 | ✓ Test flag verified! Now try finding real flags. 20 | ``` 21 | 22 | ## Environment Setup 23 | 24 | Follow the setup guide for your preferred cloud provider: 25 | 26 | - [AWS](./aws/README.md) 27 | - [Azure](./azure/README.md) 28 | - [GCP](./gcp/README.md) 29 | 30 | ## Challenges 31 | 32 | NOTE: You should be able to complete all challenges in about 2 to 3 hours. The lab is intentionally made to be done in one go. If you power off the VM and power it back on, certain challenges (specifically challenges 6, 10, 11, and 12) will not work properly as they depend on running services. 33 | 34 | ### Challenge 1: The Hidden File 35 | 36 | Find and read a hidden file in the `ctf_challenges` directory. 37 | 38 | - **Skills**: Basic file listing, hidden files concept 39 | - **Hint**: Hidden files in Linux begin with a special character. 40 | 41 | ### Challenge 2: The Secret File 42 | 43 | Locate a file containing "secret" in its name somewhere under your home directory. 44 | 45 | - **Skills**: File searching, directory navigation 46 | - **Hint**: Use tools that allow you to search through directory structures. 47 | 48 | ### Challenge 3: The Largest Log 49 | 50 | Find and read the contents of an unusually large file in `/var/log`. 51 | 52 | - **Skills**: File size analysis, sorting, log navigation 53 | - **Hint**: Identify a very large file by inspecting file details, and find a way to view it partially so as not to overwhelm your terminal. 54 | 55 | ### Challenge 4: The User Detective 56 | 57 | A user with UID 1002 has a flag in their login configuration. 58 | 59 | - **Skills**: User management, system files, permissions 60 | - **Hint**: Determine which user this UID corresponds to and check their configuration files. 61 | 62 | ### Challenge 5: The Permissive File 63 | 64 | Find a suspicious file with wide-open permissions under `/opt`. 65 | 66 | - **Skills**: Permission understanding, file searching 67 | - **Hint**: Look for files where the permission settings and ownership seem unusually permissive. 68 | 69 | ### Challenge 6: The Hidden Service 70 | 71 | Something is listening on port `8080`. Connect to it to retrieve the flag. 72 | 73 | - **Skills**: Process management, networking tools, service inspection 74 | - **Hint**: Consider what kind of service might be running on that port and how you’d interact with it. 75 | 76 | ### Challenge 7: The Encoded Secret 77 | 78 | Find and decode an encoded flag in the `ctf_challenges` directory. 79 | 80 | - **Skills**: Base64 encoding/decoding, command piping 81 | - **Hint**: Notice that the flag has been processed twice by an encoding algorithm; think about how to reverse this in sequence. 82 | 83 | ### Challenge 8: SSH Key Authentication 84 | 85 | Configure SSH key authentication and find a hidden flag. 86 | 87 | - **Skills**: SSH configuration, key management, security practices 88 | - **Hint**: Inspect the SSH directory structure and verify the file permissions to uncover hidden files. 89 | 90 | ### Challenge 9: DNS troubleshooting 91 | 92 | Someone modified a critical DNS configuration file. Fix it to reveal the flag. 93 | 94 | - **Skills**: DNS troubleshooting, file editing 95 | - **Hint**: Compare the current configuration with its backup to understand what has changed. 96 | 97 | ### Challenge 10: Remote upload 98 | 99 | Transfer any file to the `ctf_challenges` directory to trigger the flag. 100 | 101 | - **Skills**: Upload files to remote servers 102 | - **Hint**: Make use of standard file transfer methods available to you. 103 | 104 | ### Challenge 11: Web Configuration 105 | 106 | The web server is running on a non-standard port. Find and fix it. 107 | 108 | - **Skills**: Nginx configuration, service management 109 | - **Hint**: Review the web server's configuration files for unusual port assignments and remember to restart the service after making any changes. 110 | 111 | ### Challenge 12: Network Traffic Analysis 112 | 113 | Someone is sending secret messages via ping packets. 114 | 115 | - **Skills**: Network dumps, packet inspection, decoding 116 | - **Hint**: Utilize general network analysis techniques to inspect traffic and search for concealed information. Check all interfaces and protocols. 117 | 118 | ## Tips 119 | 120 | 1. Use `man` pages to understand command options. 121 | 2. Experiment with different approaches, combining commands and piping output. 122 | 123 | ## [License](LICENSE) 124 | 125 | ## Contributing 126 | 127 | Please only submit issues with the lab and not if you are having difficulties completing any challenge. That is the point, to learn. Please also open issues before PRs so we can discuss potential work beforehand. 128 | -------------------------------------------------------------------------------- /azure/ctf_setup.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # System setup 4 | sudo apt update 5 | sudo apt install -y net-tools nmap tree nginx inotify-tools 6 | 7 | # SSH configuration 8 | sudo sed -i 's/PasswordAuthentication no/PasswordAuthentication yes/' /etc/ssh/sshd_config 9 | sudo sed -i 's/ChallengeResponseAuthentication no/ChallengeResponseAuthentication yes/' /etc/ssh/sshd_config 10 | sudo systemctl restart ssh 11 | 12 | # Create challenge directory 13 | sudo -u ctf_user mkdir -p /home/ctf_user/ctf_challenges 14 | cd /home/ctf_user/ctf_challenges 15 | 16 | # Create verify script 17 | cat > /usr/local/bin/verify << 'EOFVERIFY' 18 | #!/bin/bash 19 | 20 | ANSWER_HASHES=( 21 | 22 | "de8f29432e21f56e003c52f71297e7364cea2b750cd2582d62688e311347ff06" 23 | "a48ca3386a76ea8703a6c4e5562832f95364a2dbdaf1c75faae730abd075a23e" 24 | "7e5e6218d604ac7532c7403b6ab4ef41abc45628606abcdb98d6a0c42e2477cb" 25 | "1bb2e87b37adb38fe53f6e71f721e3e9ff00b3f13ce582ce95d4177c3cf49be9" 26 | "0063b9de97d91b65f4abe21f3a426f266fb304b2badc4a93bb80e87dca0ed6b3" 27 | "938d9c97bfc6669e0623a1b6c2f32527fd5b0081c94adb1c65dacbc6cdb04f65" 28 | "04a1503e15934d9442122fd8adb2af6e35c99b41f93728fed691fafe155a1f90" 29 | "4e24fc31e1bd34fd49832226ce10ea6d29fbb49e14792c25a8fa32ddf5ad7df2" 30 | "1605dcdc7e89239383512803f1673cb938467c2916270807e81102894ef15e91" 31 | "a7c0e0dba746fb5b0068de9943cad29273c91426174b1fdf32a42dc2af253a3f" 32 | "98d7b6c1cfb09574f06893baccd19f86ebf805caf5a21bf2b518598384a2d3fa" 33 | "90b6819737a8f027df23a718d1a82210fea013d1ae3da081494e9c496e4284da" 34 | "a6bbbea83c12b335d890456ecca072c61bc063dee503ed67cfa750538ad4ed69" 35 | 36 | ) 37 | 38 | check_flag() { 39 | challenge_num=$1 40 | submitted_flag=$2 41 | 42 | submitted_hash=$(echo -n "$submitted_flag" | sha256sum | cut -d' ' -f1) 43 | 44 | if [ "$submitted_hash" = "${ANSWER_HASHES[$challenge_num]}" ]; then 45 | if [ "$challenge_num" -eq 0 ]; then 46 | echo "✓ Example flag verified! Now try finding real flags." 47 | else 48 | echo "✓ Correct flag for Challenge $challenge_num!" 49 | fi 50 | echo "$challenge_num" >> ~/.completed_challenges 51 | sort -u ~/.completed_challenges > ~/.completed_challenges.tmp 52 | mv ~/.completed_challenges.tmp ~/.completed_challenges 53 | else 54 | echo "✗ Incorrect flag. Try again!" 55 | fi 56 | show_progress 57 | } 58 | 59 | show_progress() { 60 | local completed=0 61 | if [ -f ~/.completed_challenges ]; then 62 | completed=$(sort -u ~/.completed_challenges | wc -l) 63 | completed=$((completed-1)) # Subtract example challenge 64 | fi 65 | echo "Flags Found: $completed/12" 66 | if [ "$completed" -eq 12 ]; then 67 | echo "Congratulations! You've completed all challenges!" 68 | fi 69 | } 70 | 71 | case "$1" in 72 | "progress") 73 | show_progress 74 | ;; 75 | [0-9]|1[0-2]) 76 | if [ -z "$2" ]; then 77 | echo "Usage: verify [challenge_number] [flag]" 78 | exit 1 79 | fi 80 | check_flag "$1" "$2" 81 | ;; 82 | *) 83 | echo "Usage:" 84 | echo " verify [challenge_number] [flag] - Check a flag" 85 | echo " verify progress - Show progress" 86 | echo 87 | echo "Example: verify 0 CTF{example}" 88 | ;; 89 | esac 90 | EOFVERIFY 91 | 92 | sudo chmod +x /usr/local/bin/verify 93 | 94 | # Create setup check script 95 | cat > /usr/local/bin/check_setup << 'EOF' 96 | #!/bin/bash 97 | if [ ! -f /var/log/setup_complete ]; then 98 | echo "System is still being configured. Please wait..." 99 | exit 1 100 | fi 101 | EOF 102 | 103 | chmod +x /usr/local/bin/check_setup 104 | 105 | # Add to bash profile 106 | echo "/usr/local/bin/check_setup" >> /home/ctf_user/.profile 107 | 108 | # Create MOTD 109 | cat > /etc/motd << 'EOFMOTD' 110 | +==============================================+ 111 | | Learn To Cloud - Linux Command Line CTF | 112 | +==============================================+ 113 | 114 | Welcome! Here are 12 Progressive Linux Challenges. 115 | Refer to the readme for information on each challenge. 116 | 117 | Once you find a flag, use our verify tool to check your answer 118 | and review your progress. 119 | 120 | Usage: 121 | verify [challenge number] [flag] - Submit flag for verification 122 | verify 0 CTF{example} - Example flag 123 | verify progress - Shows your progress 124 | 125 | To capture first flag, run: verify 0 CTF{example} 126 | 127 | Good luck! 128 | Team L2C 129 | 130 | +==============================================+ 131 | EOFMOTD 132 | 133 | # Beginner Challenges 134 | # Challenge 1: Simple hidden file 135 | echo "CTF{finding_hidden_treasures}" > /home/ctf_user/ctf_challenges/.hidden_flag 136 | 137 | # Challenge 2: Basic file search 138 | mkdir -p /home/ctf_user/documents/projects/backup 139 | echo "CTF{search_and_discover}" > /home/ctf_user/documents/projects/backup/secret_notes.txt 140 | 141 | # Intermediate Challenges 142 | # Challenge 3: Log analysis 143 | sudo dd if=/dev/urandom of=/var/log/large_log_file.log bs=1M count=500 144 | echo "CTF{size_matters_in_linux}" | sudo tee -a /var/log/large_log_file.log 145 | sudo chown ctf_user:ctf_user /var/log/large_log_file.log 146 | 147 | # Challenge 4: User investigation 148 | sudo useradd -u 1002 -m flag_user 149 | echo "CTF{user_enumeration_expert}" | sudo tee /home/flag_user/.profile 150 | sudo chown flag_user:flag_user /home/flag_user/.profile 151 | 152 | # Challenge 5: Permission analysis 153 | sudo mkdir -p /opt/systems/config 154 | echo "CTF{permission_sleuth}" | sudo tee /opt/systems/config/system.conf 155 | sudo chmod 777 /opt/systems/config/system.conf 156 | 157 | # Advanced Challenges 158 | # Challenge 6: Service discovery 159 | cat > /usr/local/bin/secret_service.sh << 'EOF' 160 | #!/bin/bash 161 | while true; do 162 | echo -e "HTTP/1.1 200 OK\n\nCTF{network_detective}" | nc -l -p 8080 163 | done 164 | EOF 165 | sudo chmod +x /usr/local/bin/secret_service.sh 166 | sudo nohup /usr/local/bin/secret_service.sh & 167 | 168 | # Challenge 7: Encoding challenge 169 | echo "CTF{decoding_master}" | base64 | base64 > /home/ctf_user/ctf_challenges/encoded_flag.txt 170 | 171 | # Challenge 8: Advanced SSH setup 172 | sudo mkdir -p /home/ctf_user/.ssh/secrets/backup 173 | echo "CTF{ssh_security_master}" | sudo tee /home/ctf_user/.ssh/secrets/backup/.authorized_keys 174 | sudo chown -R ctf_user:ctf_user /home/ctf_user/.ssh 175 | sudo chmod 700 /home/ctf_user/.ssh 176 | sudo chmod 600 /home/ctf_user/.ssh/secrets/backup/.authorized_keys 177 | 178 | # Challenge 9: DNS troubleshooting 179 | sudo cp /etc/resolv.conf /etc/resolv.conf.bak 180 | sudo sed -i '/^nameserver/s/$/CTF{dns_name}/' /etc/resolv.conf 181 | 182 | # Challenge 10: Remote upload 183 | cat > /usr/local/bin/monitor_directory.sh << 'EOF' 184 | #!/bin/bash 185 | DIRECTORY="/home/ctf_user/ctf_challenges" 186 | inotifywait -m -e create --format '%f' "$DIRECTORY" | while read FILE 187 | do 188 | echo "A new file named $FILE has been added to $DIRECTORY. Here is your flag: CTF{network_copy}" | wall 189 | done 190 | EOF 191 | 192 | sudo chmod +x /usr/local/bin/monitor_directory.sh 193 | sudo nohup /usr/local/bin/monitor_directory.sh > /var/log/monitor_directory.log 2>&1 & 194 | 195 | # Challenge 11: Web Configuration 196 | sudo mkdir -p /var/www/html 197 | echo '

Flag value: CTF{web_config}

' | sudo tee /var/www/html/index.html 198 | sudo sed -i 's/listen 80 default_server;/listen 8083 default_server;/' /etc/nginx/sites-available/default 199 | sudo sed -i 's/listen \[::\]:80 default_server;/listen \[::\]:8083 default_server;/' /etc/nginx/sites-available/default 200 | 201 | sudo systemctl restart nginx 202 | 203 | # Challenge 12: Network traffic analysis 204 | sudo cat > /usr/local/bin/ping_message.sh << 'EOF' 205 | #!/bin/bash 206 | while true; do 207 | ping -p 4354467b6e65745f636861747d -c 1 127.0.0.1 208 | sleep 1 209 | done 210 | EOF 211 | 212 | sudo chmod +x /usr/local/bin/ping_message.sh 213 | sudo nohup /usr/local/bin/ping_message.sh > /var/log/ping_message.log 2>&1 & 214 | 215 | # Set permissions 216 | sudo chown -R ctf_user:ctf_user /home/ctf_user/ctf_challenges 217 | 218 | # Enable MOTD display in PAM 219 | sudo sed -i 's/#session optional pam_motd.so/session optional pam_motd.so/' /etc/pam.d/login 220 | sudo sed -i 's/#session optional pam_motd.so/session optional pam_motd.so/' /etc/pam.d/sshd 221 | sudo systemctl restart ssh 222 | 223 | # Mark setup as complete 224 | touch /var/log/setup_complete 225 | 226 | echo "CTF environment setup complete!" -------------------------------------------------------------------------------- /aws/ctf_setup.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | 4 | sudo apt-get update 5 | sudo apt install -y net-tools nmap tree nginx inotify-tools 6 | 7 | # Create a new user for CTF 8 | sudo useradd -m -s /bin/bash ctf_user 9 | sudo echo 'ctf_user:CTFpassword123!' | sudo chpasswd 10 | 11 | # Enable password authentication 12 | sudo sed -i 's/PasswordAuthentication no/PasswordAuthentication yes/' /etc/ssh/sshd_config 13 | sudo sed -i 's/KbdInteractiveAuthentication no/KbdInteractiveAuthentication yes/' /etc/ssh/sshd_config 14 | 15 | # Restart SSH service to apply changes 16 | sudo systemctl restart ssh 17 | 18 | sudo usermod -aG sudo ctf_user 19 | 20 | # Create a directory for the CTF challenges 21 | mkdir -p /home/ctf_user/ctf_challenges 22 | cd /home/ctf_user/ctf_challenges 23 | 24 | # Create verify script 25 | cat > /usr/local/bin/verify << 'EOFVERIFY' 26 | #!/bin/bash 27 | 28 | ANSWER_HASHES=( 29 | 30 | "de8f29432e21f56e003c52f71297e7364cea2b750cd2582d62688e311347ff06" 31 | "a48ca3386a76ea8703a6c4e5562832f95364a2dbdaf1c75faae730abd075a23e" 32 | "7e5e6218d604ac7532c7403b6ab4ef41abc45628606abcdb98d6a0c42e2477cb" 33 | "1bb2e87b37adb38fe53f6e71f721e3e9ff00b3f13ce582ce95d4177c3cf49be9" 34 | "0063b9de97d91b65f4abe21f3a426f266fb304b2badc4a93bb80e87dca0ed6b3" 35 | "938d9c97bfc6669e0623a1b6c2f32527fd5b0081c94adb1c65dacbc6cdb04f65" 36 | "04a1503e15934d9442122fd8adb2af6e35c99b41f93728fed691fafe155a1f90" 37 | "4e24fc31e1bd34fd49832226ce10ea6d29fbb49e14792c25a8fa32ddf5ad7df2" 38 | "1605dcdc7e89239383512803f1673cb938467c2916270807e81102894ef15e91" 39 | "a7c0e0dba746fb5b0068de9943cad29273c91426174b1fdf32a42dc2af253a3f" 40 | "98d7b6c1cfb09574f06893baccd19f86ebf805caf5a21bf2b518598384a2d3fa" 41 | "90b6819737a8f027df23a718d1a82210fea013d1ae3da081494e9c496e4284da" 42 | "a6bbbea83c12b335d890456ecca072c61bc063dee503ed67cfa750538ad4ed69" 43 | ) 44 | 45 | check_flag() { 46 | challenge_num=$1 47 | submitted_flag=$2 48 | 49 | submitted_hash=$(echo -n "$submitted_flag" | sha256sum | cut -d' ' -f1) 50 | 51 | if [ "$submitted_hash" = "${ANSWER_HASHES[$challenge_num]}" ]; then 52 | if [ "$challenge_num" -eq 0 ]; then 53 | echo "✓ Example flag verified! Now try finding real flags." 54 | else 55 | echo "✓ Correct flag for Challenge $challenge_num!" 56 | fi 57 | echo "$challenge_num" >> ~/.completed_challenges 58 | sort -u ~/.completed_challenges > ~/.completed_challenges.tmp 59 | mv ~/.completed_challenges.tmp ~/.completed_challenges 60 | else 61 | echo "✗ Incorrect flag. Try again!" 62 | fi 63 | show_progress 64 | } 65 | 66 | show_progress() { 67 | local completed=0 68 | if [ -f ~/.completed_challenges ]; then 69 | completed=$(sort -u ~/.completed_challenges | wc -l) 70 | completed=$((completed-1)) # Subtract example challenge 71 | fi 72 | echo "Flags Found: $completed/12" 73 | if [ "$completed" -eq 12 ]; then 74 | echo "Congratulations! You've completed all challenges!" 75 | fi 76 | } 77 | 78 | case "$1" in 79 | "progress") 80 | show_progress 81 | ;; 82 | [0-9]|1[0-2]) 83 | if [ -z "$2" ]; then 84 | echo "Usage: verify [challenge_number] [flag]" 85 | exit 1 86 | fi 87 | check_flag "$1" "$2" 88 | ;; 89 | *) 90 | echo "Usage:" 91 | echo " verify [challenge_number] [flag] - Check a flag" 92 | echo " verify progress - Show progress" 93 | echo 94 | echo "Example: verify 0 CTF{example}" 95 | ;; 96 | esac 97 | EOFVERIFY 98 | 99 | sudo chmod +x /usr/local/bin/verify 100 | 101 | # Create setup check script 102 | cat > /usr/local/bin/check_setup << 'EOF' 103 | #!/bin/bash 104 | if [ ! -f /var/log/setup_complete ]; then 105 | echo "System is still being configured. Please wait..." 106 | exit 1 107 | fi 108 | EOF 109 | 110 | chmod +x /usr/local/bin/check_setup 111 | 112 | # Add to bash profile 113 | echo "/usr/local/bin/check_setup" >> /home/ctf_user/.profile 114 | 115 | # Create MOTD 116 | cat > /etc/motd << 'EOFMOTD' 117 | +==============================================+ 118 | | Learn To Cloud - Linux Command Line CTF | 119 | +==============================================+ 120 | 121 | Welcome! Here are 12 Progressive Linux Challenges. 122 | Refer to the readme for information on each challenge. 123 | 124 | Once you find a flag, use our verify tool to check your answer 125 | and review your progress. 126 | 127 | Usage: 128 | verify [challenge number] [flag] - Submit flag for verification 129 | verify 0 CTF{example} - Example flag 130 | verify progress - Shows your progress 131 | 132 | To capture first flag, run: verify 0 CTF{example} 133 | 134 | Good luck! 135 | Team L2C 136 | 137 | +==============================================+ 138 | EOFMOTD 139 | 140 | # Beginner Challenges 141 | # Challenge 1: Simple hidden file 142 | echo "CTF{finding_hidden_treasures}" > /home/ctf_user/ctf_challenges/.hidden_flag 143 | 144 | # Challenge 2: Basic file search 145 | mkdir -p /home/ctf_user/documents/projects/backup 146 | echo "CTF{search_and_discover}" > /home/ctf_user/documents/projects/backup/secret_notes.txt 147 | 148 | # Intermediate Challenges 149 | # Challenge 3: Log analysis 150 | sudo dd if=/dev/urandom of=/var/log/large_log_file.log bs=1M count=500 151 | echo "CTF{size_matters_in_linux}" | sudo tee -a /var/log/large_log_file.log 152 | sudo chown ctf_user:ctf_user /var/log/large_log_file.log 153 | 154 | # Challenge 4: User investigation 155 | sudo useradd -u 1002 -m flag_user 156 | echo "CTF{user_enumeration_expert}" | sudo tee /home/flag_user/.profile 157 | sudo chown flag_user:flag_user /home/flag_user/.profile 158 | 159 | # Challenge 5: Permission analysis 160 | sudo mkdir -p /opt/systems/config 161 | echo "CTF{permission_sleuth}" | sudo tee /opt/systems/config/system.conf 162 | sudo chmod 777 /opt/systems/config/system.conf 163 | 164 | # Advanced Challenges 165 | # Challenge 6: Service discovery 166 | cat > /usr/local/bin/secret_service.sh << 'EOF' 167 | #!/bin/bash 168 | while true; do 169 | echo -e "HTTP/1.1 200 OK\n\nCTF{network_detective}" | nc -l -p 8080 170 | done 171 | EOF 172 | sudo chmod +x /usr/local/bin/secret_service.sh 173 | sudo nohup /usr/local/bin/secret_service.sh & 174 | 175 | # Challenge 7: Encoding challenge 176 | echo "CTF{decoding_master}" | base64 | base64 > /home/ctf_user/ctf_challenges/encoded_flag.txt 177 | 178 | # Challenge 8: Advanced SSH setup 179 | sudo mkdir -p /home/ctf_user/.ssh/secrets/backup 180 | echo "CTF{ssh_security_master}" | sudo tee /home/ctf_user/.ssh/secrets/backup/.authorized_keys 181 | sudo chown -R ctf_user:ctf_user /home/ctf_user/.ssh 182 | sudo chmod 700 /home/ctf_user/.ssh 183 | sudo chmod 600 /home/ctf_user/.ssh/secrets/backup/.authorized_keys 184 | 185 | # Challenge 9: DNS troubleshooting 186 | sudo cp /etc/resolv.conf /etc/resolv.conf.bak 187 | sudo sed -i '/^nameserver/s/$/CTF{dns_name}/' /etc/resolv.conf 188 | 189 | # Challenge 10: Remote upload 190 | cat > /usr/local/bin/monitor_directory.sh << 'EOF' 191 | #!/bin/bash 192 | DIRECTORY="/home/ctf_user/ctf_challenges" 193 | inotifywait -m -e create --format '%f' "$DIRECTORY" | while read FILE 194 | do 195 | echo "A new file named $FILE has been added to $DIRECTORY. Here is your flag: CTF{network_copy}" | wall 196 | done 197 | EOF 198 | 199 | sudo chmod +x /usr/local/bin/monitor_directory.sh 200 | sudo nohup /usr/local/bin/monitor_directory.sh > /var/log/monitor_directory.log 2>&1 & 201 | 202 | # Challenge 11: Web Configuration 203 | sudo mkdir -p /var/www/html 204 | echo '

Flag value: CTF{web_config}

' | sudo tee /var/www/html/index.html 205 | sudo sed -i 's/listen 80 default_server;/listen 8083 default_server;/' /etc/nginx/sites-available/default 206 | sudo sed -i 's/listen \[::\]:80 default_server;/listen \[::\]:8083 default_server;/' /etc/nginx/sites-available/default 207 | 208 | sudo systemctl restart nginx 209 | 210 | # Challenge 12: Network traffic analysis 211 | sudo cat > /usr/local/bin/ping_message.sh << 'EOF' 212 | #!/bin/bash 213 | while true; do 214 | ping -p 4354467b6e65745f636861747d -c 1 127.0.0.1 215 | sleep 1 216 | done 217 | EOF 218 | 219 | sudo chmod +x /usr/local/bin/ping_message.sh 220 | sudo nohup /usr/local/bin/ping_message.sh > /var/log/ping_message.log 2>&1 & 221 | 222 | # Set permissions 223 | sudo chown -R ctf_user:ctf_user /home/ctf_user/ctf_challenges 224 | 225 | # Enable MOTD display in PAM 226 | sudo sed -i 's/#session optional pam_motd.so/session optional pam_motd.so/' /etc/pam.d/login 227 | sudo sed -i 's/#session optional pam_motd.so/session optional pam_motd.so/' /etc/pam.d/sshd 228 | sudo systemctl restart ssh 229 | 230 | # Mark setup as complete 231 | touch /var/log/setup_complete 232 | 233 | echo "CTF environment setup complete!" -------------------------------------------------------------------------------- /gcp/ctf_setup.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # System setup 4 | sudo apt update 5 | sudo apt install -y net-tools nmap tree nginx inotify-tools 6 | 7 | # Create CTF user 8 | sudo useradd -m -s /bin/bash ctf_user 9 | sudo echo 'ctf_user:CTFpassword123!' | sudo chpasswd 10 | sudo usermod -aG sudo ctf_user 11 | 12 | # SSH configuration 13 | sudo sed -i 's/PasswordAuthentication no/PasswordAuthentication yes/' /etc/ssh/sshd_config 14 | sudo sed -i 's/ChallengeResponseAuthentication no/ChallengeResponseAuthentication yes/' /etc/ssh/sshd_config 15 | sudo sed -i 's/KbdInteractiveAuthentication no/KbdInteractiveAuthentication yes/' /etc/ssh/sshd_config 16 | sudo systemctl restart ssh 17 | 18 | # Create challenge directory 19 | sudo -u ctf_user mkdir -p /home/ctf_user/ctf_challenges 20 | cd /home/ctf_user/ctf_challenges 21 | 22 | # Create verify script 23 | cat > /usr/local/bin/verify << 'EOFVERIFY' 24 | #!/bin/bash 25 | 26 | ANSWER_HASHES=( 27 | 28 | "de8f29432e21f56e003c52f71297e7364cea2b750cd2582d62688e311347ff06" 29 | "a48ca3386a76ea8703a6c4e5562832f95364a2dbdaf1c75faae730abd075a23e" 30 | "7e5e6218d604ac7532c7403b6ab4ef41abc45628606abcdb98d6a0c42e2477cb" 31 | "1bb2e87b37adb38fe53f6e71f721e3e9ff00b3f13ce582ce95d4177c3cf49be9" 32 | "0063b9de97d91b65f4abe21f3a426f266fb304b2badc4a93bb80e87dca0ed6b3" 33 | "938d9c97bfc6669e0623a1b6c2f32527fd5b0081c94adb1c65dacbc6cdb04f65" 34 | "04a1503e15934d9442122fd8adb2af6e35c99b41f93728fed691fafe155a1f90" 35 | "4e24fc31e1bd34fd49832226ce10ea6d29fbb49e14792c25a8fa32ddf5ad7df2" 36 | "1605dcdc7e89239383512803f1673cb938467c2916270807e81102894ef15e91" 37 | "a7c0e0dba746fb5b0068de9943cad29273c91426174b1fdf32a42dc2af253a3f" 38 | "98d7b6c1cfb09574f06893baccd19f86ebf805caf5a21bf2b518598384a2d3fa" 39 | "90b6819737a8f027df23a718d1a82210fea013d1ae3da081494e9c496e4284da" 40 | "a6bbbea83c12b335d890456ecca072c61bc063dee503ed67cfa750538ad4ed69" 41 | 42 | ) 43 | 44 | check_flag() { 45 | challenge_num=$1 46 | submitted_flag=$2 47 | 48 | submitted_hash=$(echo -n "$submitted_flag" | sha256sum | cut -d' ' -f1) 49 | 50 | if [ "$submitted_hash" = "${ANSWER_HASHES[$challenge_num]}" ]; then 51 | if [ "$challenge_num" -eq 0 ]; then 52 | echo "✓ Example flag verified! Now try finding real flags." 53 | else 54 | echo "✓ Correct flag for Challenge $challenge_num!" 55 | fi 56 | echo "$challenge_num" >> ~/.completed_challenges 57 | sort -u ~/.completed_challenges > ~/.completed_challenges.tmp 58 | mv ~/.completed_challenges.tmp ~/.completed_challenges 59 | else 60 | echo "✗ Incorrect flag. Try again!" 61 | fi 62 | show_progress 63 | } 64 | 65 | show_progress() { 66 | local completed=0 67 | if [ -f ~/.completed_challenges ]; then 68 | completed=$(sort -u ~/.completed_challenges | wc -l) 69 | completed=$((completed-1)) # Subtract example challenge 70 | fi 71 | echo "Flags Found: $completed/12" 72 | if [ "$completed" -eq 12 ]; then 73 | echo "Congratulations! You've completed all challenges!" 74 | fi 75 | } 76 | 77 | case "$1" in 78 | "progress") 79 | show_progress 80 | ;; 81 | [0-9]|1[0-2]) 82 | if [ -z "$2" ]; then 83 | echo "Usage: verify [challenge_number] [flag]" 84 | exit 1 85 | fi 86 | check_flag "$1" "$2" 87 | ;; 88 | *) 89 | echo "Usage:" 90 | echo " verify [challenge_number] [flag] - Check a flag" 91 | echo " verify progress - Show progress" 92 | echo 93 | echo "Example: verify 0 CTF{example}" 94 | ;; 95 | esac 96 | EOFVERIFY 97 | 98 | sudo chmod +x /usr/local/bin/verify 99 | 100 | # Create setup check script 101 | cat > /usr/local/bin/check_setup << 'EOF' 102 | #!/bin/bash 103 | if [ ! -f /var/log/setup_complete ]; then 104 | echo "System is still being configured. Please wait..." 105 | exit 1 106 | fi 107 | EOF 108 | 109 | chmod +x /usr/local/bin/check_setup 110 | 111 | # Add to bash profile 112 | echo "/usr/local/bin/check_setup" >> /home/ctf_user/.profile 113 | 114 | # Create MOTD 115 | cat > /etc/motd << 'EOFMOTD' 116 | +==============================================+ 117 | | Learn To Cloud - Linux Command Line CTF | 118 | +==============================================+ 119 | 120 | Welcome! Here are 12 Progressive Linux Challenges. 121 | Refer to the readme for information on each challenge. 122 | 123 | Once you find a flag, use our verify tool to check your answer 124 | and review your progress. 125 | 126 | Usage: 127 | verify [challenge number] [flag] - Submit flag for verification 128 | verify 0 CTF{example} - Example flag 129 | verify progress - Shows your progress 130 | 131 | To capture first flag, run: verify 0 CTF{example} 132 | 133 | Good luck! 134 | Team L2C 135 | 136 | +==============================================+ 137 | EOFMOTD 138 | 139 | # Beginner Challenges 140 | # Challenge 1: Simple hidden file 141 | echo "CTF{finding_hidden_treasures}" > /home/ctf_user/ctf_challenges/.hidden_flag 142 | 143 | # Challenge 2: Basic file search 144 | mkdir -p /home/ctf_user/documents/projects/backup 145 | echo "CTF{search_and_discover}" > /home/ctf_user/documents/projects/backup/secret_notes.txt 146 | 147 | # Intermediate Challenges 148 | # Challenge 3: Log analysis 149 | sudo dd if=/dev/urandom of=/var/log/large_log_file.log bs=1M count=500 150 | echo "CTF{size_matters_in_linux}" | sudo tee -a /var/log/large_log_file.log 151 | sudo chown ctf_user:ctf_user /var/log/large_log_file.log 152 | 153 | # Challenge 4: User investigation 154 | sudo useradd -u 1002 -m flag_user 155 | echo "CTF{user_enumeration_expert}" | sudo tee /home/flag_user/.profile 156 | sudo chown flag_user:flag_user /home/flag_user/.profile 157 | 158 | # Challenge 5: Permission analysis 159 | sudo mkdir -p /opt/systems/config 160 | echo "CTF{permission_sleuth}" | sudo tee /opt/systems/config/system.conf 161 | sudo chmod 777 /opt/systems/config/system.conf 162 | 163 | # Advanced Challenges 164 | # Challenge 6: Service discovery 165 | cat > /usr/local/bin/secret_service.sh << 'EOF' 166 | #!/bin/bash 167 | while true; do 168 | echo -e "HTTP/1.1 200 OK\n\nCTF{network_detective}" | nc -l -p 8080 169 | done 170 | EOF 171 | sudo chmod +x /usr/local/bin/secret_service.sh 172 | sudo nohup /usr/local/bin/secret_service.sh & 173 | 174 | # Challenge 7: Encoding challenge 175 | echo "CTF{decoding_master}" | base64 | base64 > /home/ctf_user/ctf_challenges/encoded_flag.txt 176 | 177 | # Challenge 8: Advanced SSH setup 178 | sudo mkdir -p /home/ctf_user/.ssh/secrets/backup 179 | echo "CTF{ssh_security_master}" | sudo tee /home/ctf_user/.ssh/secrets/backup/.authorized_keys 180 | sudo chown -R ctf_user:ctf_user /home/ctf_user/.ssh 181 | sudo chmod 700 /home/ctf_user/.ssh 182 | sudo chmod 600 /home/ctf_user/.ssh/secrets/backup/.authorized_keys 183 | 184 | # Challenge 9: DNS troubleshooting 185 | sudo cp /etc/resolv.conf /etc/resolv.conf.bak 186 | sudo sed -i '/^nameserver/s/$/CTF{dns_name}/' /etc/resolv.conf 187 | 188 | # Challenge 10: Remote upload 189 | cat > /usr/local/bin/monitor_directory.sh << 'EOF' 190 | #!/bin/bash 191 | DIRECTORY="/home/ctf_user/ctf_challenges" 192 | inotifywait -m -e create --format '%f' "$DIRECTORY" | while read FILE 193 | do 194 | echo "A new file named $FILE has been added to $DIRECTORY. Here is your flag: CTF{network_copy}" | wall 195 | done 196 | EOF 197 | 198 | sudo chmod +x /usr/local/bin/monitor_directory.sh 199 | sudo nohup /usr/local/bin/monitor_directory.sh > /var/log/monitor_directory.log 2>&1 & 200 | 201 | # Challenge 11: Web Configuration 202 | sudo mkdir -p /var/www/html 203 | echo '

Flag value: CTF{web_config}

' | sudo tee /var/www/html/index.html 204 | sudo sed -i 's/listen 80 default_server;/listen 8083 default_server;/' /etc/nginx/sites-available/default 205 | sudo sed -i 's/listen \[::\]:80 default_server;/listen \[::\]:8083 default_server;/' /etc/nginx/sites-available/default 206 | 207 | sudo systemctl restart nginx 208 | 209 | # Challenge 12: Network traffic analysis 210 | sudo cat > /usr/local/bin/ping_message.sh << 'EOF' 211 | #!/bin/bash 212 | while true; do 213 | ping -p 4354467b6e65745f636861747d -c 1 127.0.0.1 214 | sleep 1 215 | done 216 | EOF 217 | 218 | sudo chmod +x /usr/local/bin/ping_message.sh 219 | sudo nohup /usr/local/bin/ping_message.sh > /var/log/ping_message.log 2>&1 & 220 | 221 | # Set permissions 222 | sudo chown -R ctf_user:ctf_user /home/ctf_user/ctf_challenges 223 | 224 | # Enable MOTD display in PAM 225 | sudo sed -i 's/#session optional pam_motd.so/session optional pam_motd.so/' /etc/pam.d/login 226 | sudo sed -i 's/#session optional pam_motd.so/session optional pam_motd.so/' /etc/pam.d/sshd 227 | sudo systemctl restart ssh 228 | 229 | # Set proper ownership for CTF user (GCP-specific) 230 | sudo chown -R ctf_user:ctf_user /home/ctf_user 231 | 232 | # Mark setup as complete (required for Terraform null_resource) 233 | sudo touch /var/log/setup_complete 234 | 235 | echo "CTF environment setup complete!" --------------------------------------------------------------------------------