Feature/dynamic flags #53
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- Generate unique 8-char hex suffix for flags at setup time
- Store flag hashes in /etc/ctf/flag_hashes (read by verify script)
- Update verify script to load hashes from file instead of hardcoded
- Update test script to capture flags dynamically and verify them
- Services now read flags from /etc/ctf/flag_X files
- Example flag (CTF{example}) remains static for documentation
Benefits:
- Students cannot share answers between VM instances
- Looking at GitHub repo reveals no flag values
- Each deployment has unique flags
Flag format: CTF{descriptive_text_XXXXXXXX}
- Change verify check from UTF-8 ✓ to ASCII 'Correct|verified' for reliable matching - Add grep -a flag to handle binary log files (challenge 3)
- Use grep -ao for binary file handling in flag capture - Capture verify output before grepping (more reliable) - Use ASCII pattern matching (Correct|verified) instead of UTF-8 checkmark - All 69 tests now pass on Azure
…re trigger file creation in challenge tests
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This pull request introduces a dynamic flag generation system for the CTF setup, ensuring that each VM instance receives unique flag values for every challenge. This prevents answer sharing between users and enhances the integrity of the CTF environment. The system generates random flag suffixes at setup time, stores hashes for verification, and updates both the setup script and the documentation accordingly.
Dynamic flag generation and verification:
ctf_setup.shto generate unique flags for each challenge per VM instance, using random hex suffixes, and to store their SHA256 hashes for later verification.Verification script improvements:
verifyscript to load flag hashes from a root-owned file (/etc/ctf/flag_hashes) generated at setup time, removing hardcoded hash values and ensuring correct validation for dynamic flags.Documentation updates:
tests/CHALLENGE_REFERENCE.mdto describe the new dynamic flag system, removing static flag values and explaining the new flag format and validation process. Challenge references now specify the flag pattern instead of actual flag values.These changes make the CTF more secure and robust by eliminating static answers and documenting the new process for both maintainers and automated testing.