CTF Platform Rundown

This has come up twice today, so I figured I would throw some info down and my recommendations, based on my very limited experience. Running a Capture the Flag (CTF) competition is an easy way to build some camaraderie and bring some fellow hackers together to learn some new things. These platforms make it easy for anyone to host their own competition and make it look good.

First up is Root The Box. This is a highly customizable platform that is built for the developers to have a story behind the competition. Scoring is based on Corporations, Boxes, and Flags. According to @moloch, “Files, documents, or applications used by the players within the game can be placed in the Game Materials folder (/files/game_materials).” Root The Box has been around for a while and is a great project, I recommend using it if you plan on building in some OSINT and a story into your competition.

Check it out at https://github.com/moloch–/RootTheBox

Second is CTFd. This is built by @coldheat and is probably the most widely used platform right now. It is also highly customizable and is very easy to upload files that may be needed for the competition. One great option that I have found is that you are able to use regex for the flag syntax, which makes the competitors happy… (or rather, could make them happy if you put in the work before-hand). This is highly recommended for anyone that wants to host a competition but has no need for story line or anything other than challenges and answers.

Another great thing about CTFd is that it has a really cool scoreboard that you can display in front of all the competitors so they know where they stand in the competition.

Check CTFd out at https://github.com/CTFd/CTFd

Lastly I will talk about Facebook CTF. This is a cool looking project that I have spent a little time messing with. The main GUI is a map of the world and you, as an administrator, can define challenges based on geographical locations. It is also heavily built on a financial reward system, which also drives the hint system. Built into this platform is also the ability to decrease rewards based on the place that the competitor solved the challenge, so for instance, the first competitor to solve a challenge would receive more points than the second and so on. This is a really cool looking platform, but needs to be more purpose built, and could really shine with a gnarley back story.

Check FBCTF out at https://github.com/facebook/fbctf

So these are the three platforms that I have experience with and they are all very well built. I recommend all of them and each of them have a different scenario that they shine in. Thanks to @moloch, @coldheat, and @facebook for spending time to get these platforms so polished and to allow us hackers something to practice on that will not get us locked up!

Leave a Reply

Your email address will not be published. Required fields are marked *