Skip to content

📢 🔒 Exploit manager for attack-defense CTF competitions

License

Notifications You must be signed in to change notification settings

Str4ngeb0yz/DestructiveFarm

 
 

Repository files navigation

Destructive Farm

Language: English | Русский

Exploit farm for attack-defense CTF competitions

Read the FAQ if you want to know what attack-defense CTFs are, why you need this exploit farm for them, and why it has the architecture described below.

Components

  1. An exploit is a script that steals flags from some service of other teams. It is written by a participant during the competition and should accept the victim's host (IP address or domain) as the first command-line argument, attack them and print flags to stdout.

    Example | More details

  2. A farm client is a tool that periodically runs exploits to attack other teams and looks after their work. It is being run by a participant on their laptop after they've written an exploit.

    The client is a one-file script start_sploit.py from this repository.

    More details

  3. A farm server is a tool that collects flags from farm clients, sends them to the checksystem, monitors the usage of quotas and shows the stats about the accepted and rejected flags. It is being configured and run by a team's admin at the start of the competition. After that, team members can use a web interface (see the screenshot above) to watch the exploits' results and stats.

    The server is a Flask web service from the server directory of this repository.

    More details



The arrows display the flow of the flags

Future Plans

See the list here.

Authors

Copyright © 2017–2018 Aleksandr Borzunov

Inspired by the Bay's farm.

About

📢 🔒 Exploit manager for attack-defense CTF competitions

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

 
 
 

Languages

  • Python 73.4%
  • HTML 14.9%
  • JavaScript 10.5%
  • Other 1.2%