This page describes how to get the CTF network and Vulnbox running in a basic setup. There is a multitude of things which could be done differently. So if you already know how to connect to the VPN and host the Vulnbox, feel free to do it differently. In any case, also have a look at the general Setup docs.
We are going to use the VPN on Vulnbox option as described in our Setup docs. Individual team members will connect to the competition network using player VPN connections from their own machines. Our setup will work for both on-site and remote teams.
Requirements
For Vulnbox hosting, you are going to need a PC with an x86-64 CPU (once per team). We recommend a CPU with at least 4 cores, VT-x support and 8 GB of RAM.
Since we're going to use the VirtualBox GUI, physical access to the hosting machine with monitor, keyboard and mouse is required.
In the rest of this guide, we're going to assume a standard Debian 10 ("Buster") Desktop install on the PC. Other Debian versions or Ubuntu should work similarly and the general setup should also be applicable to other distributions or even operating systems.
Installation
Download and install VirtualBox from its website.
Also, install this required package (as root):
apt install socat
Connecting to the Vulnbox
Finally, we are going to launch the Vulnbox (or the test image): Download it from us in OVA format and decrypt it using gpg -o <filename> -d <filename>.gpg
.
Afterwards, click "File" – "Import Appliance". Select the decrypted OVA image and finish the wizard without any changes. Open the settings for the imported VM. In the "Network" section, make sure that "Attached to: NAT" is selected.
Now comes a bit of a tricky part: The Vulnbox will already work if you start it now and you'll also be able to log in through the VirtualBox GUI. However, it would be kind of hard to get an SSH key onto it, since copy/paste doesn't work. To work around that, we'll attach a Serial Console before starting the Vulnbox: Select "Serial Ports" in the VM's settings, enable Port 1, set "Port Mode: Host Pipe" and "Port/File Path" for example to "/tmp/vulnbox.serial".
You may now start the Vulnbox VM and connect to the serial port as described in the archived Illumos docs:
socat unix-connect:/tmp/vulnbox.serial stdio,raw,echo=0,icanon=0,escape=0x11
This attaches you to a serial console, where you can log into the Vulnbox as root without password (if you don't see anything, just Press Enter to see the login prompt). You should be greeted by our initial accountsetup
tool.
Configuring the Vulnbox
In the accountsetup
tool, you first have to enter your team number. You should have received it via email with the VPN configs.
Next, paste one or more SSH keys for future logins.
When accountsetup
asks for the network mode, select vpn
. In the next step, paste the the Vulnbox VPN config, "vuln-faustctf.conf", from the email you received.
The Vulnbox will reboot, you can disconnect socat
by pressing Ctrl+Q
or Ctrl+C
.
Joining Player VPN
Connect your personal machine (the one you wanna work with during the CTF) to the player VPN using "player-faustctf.conf". How do this exactly will depend on your operating system, but you should be able to find plenty of OpenVPN guides.
You should be able to log into the Vulnbox via SSH as root at fd66:666:<team-number>::2
(or fd66:666:<team-number>::3
for the testing Vulnbox) and ping submission.faustctf.net
from your local machine as well as the Vulnbox.
This last step can (and should) be done by all individual team members.
Happy Hacking!