A/D Exploit Infrastructure

OpenAttackDefenseTools/ataka

Ataka is an exploit runner and flag submitter which allows running containerized exploits from a single instance as well as accepting and deduplicating flags from exploits running locally on participants' laptops.

In both cases, exploits are queued by the ataka service instance according to the round time and user-defined constraints (useful e.g when the flag submission has rate limits). This way:

• Being able to run exploit from laptops offloads computation from the central exploiter instance
• Being able to run exploits from a central instance prevents downtime due to laptops running out of battery or bad throughput from a slower connection to the game network

DestructiveVoice/DestructiveFarm

DestructiveFarm is a tool for managing and running exploits. It consists of three main components: exploits, farm clients and a farm server.

The exploits are each given a victim host and use this to extract flags stdout.

The farm client periodically runs exploits on an arbitrary machine and checks the output.

The farm server collects flags from the farm clients and submits them to the game infrastructure.

This architecture enables running exploits independently from the central instance where the farm server is hosted and flags are submitted.

Docker Swarm

Docker Swarm is a feature for managing a cluster of docker instances. This is in itself not an exploiter, but a feature of docker which may be leveraged to build an exploiter.

This effectively turns the participant laptops into docker container runners on which a central exploit server can deploy exploits for each round of a CTF. This is a nice trade-off between a central exploiter which might not have the resources to run every single exploit and decentralized exploiting, where exploits are cumbersome to share and a laptop becoming unresponsive can greatly impact the ctf performance, since you lose both the points from attacking and the exploit script.