Skip to content

Cyberlandslaget/kriger

Repository files navigation

kriger

An exploit farm for attack/defense (A/D) CTFs. This is the next-generation exploit farm based on the work done in angrepa. Kriger is a free software licensed under AGPL-3.0-only.

Warning

kriger was developed in the context of ECSC2024 and may not be actively maintained. There are various TODOs still present in the software which may affect the usage in a production environment. Some parts of the documentation and the ADRs are slightly outdated or inaccurate.

Contributions to the project are welcome.

Screenshot

An image showing the dashboard

Documentation

Development

A Linux or macOS environment is highly recommended. Windows users should consider using WSL.

Prerequisites

Running required services

Service Port
nats 4222 (NATS & JetStream)
k3s 6443 (Kubernetes API)
registry 5000 (Container registry)
jeager 4317 (OTLP)
jeager 16686 (Jeager UI)

Start services:

docker compose up -d --remove-orphans
export KUBECONFIG="$(pwd)/run/k3s/kubeconfig"

Stop services:

docker compose down

Running kriger

Run the server components:

cargo r server # This will run the NATS migration for the first time
docker compose start nats-init # This will seed the K/V store with test data

cargo r server --single data/config/dev.toml 

Run the competition mock:

cargo r --bin kriger_mock -- --autotick 5

The mock will be available at port :8080 by default.

Run the runner component:

RUST_LOG=debug cargo run runner --exploit test --service "Service 1 Checker 1" --flag-format "[A-Z0-9]{31}=" -- bash -c 'head -c 19 /dev/random | base32'

Note: This is not required if the example exploit is deployed.

Running the example exploit

Deploying the example exploit:

cd data/examples/python-test
cargo r deploy # or kriger deploy

Terminologies

Name Explanation
Exploit A script or a program that exploits a vulnerable service to retrieve flags.
Execution A single run of an exploit. An execution will be run against the desired target.
Team network ID A publicly-known persistent ID associated with a team. The identity of the team isn't necessarily known or tied to this ID.