Skip to content

Extend README #101

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
Hennich merged 1 commit into from
Jul 15, 2025
Merged

Extend README #101

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
22 changes: 19 additions & 3 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,8 +23,13 @@ Due to implementation details, currently you have to be aware of the following l
- ...

## Usage (Docker)
- [Optional] create a puppetmaster-VM on Hetzner, for shared working/debugging and run everything there
- Have at least one ssh key with the label `type=admin` in your project **(HETZNER's WEBSITE)**
- Set `HCLOUD_TOKEN` and `HETZNERDNS_TOKEN`
- Set `HCLOUD_TOKEN` and `HETZNERDNS_TOKEN` in `Dockerfile` by including the lines
```
ENV HETZNERDNS_TOKEN="..."
ENV HCLOUD_TOKEN="..."
```
- Create `./ansible/config_bambi.yml`
```yaml
vulnerable_services:
Expand All @@ -45,20 +50,24 @@ github_ssh_keys:
- Build configs
- `cd /bambictf/configgen`
- `poetry install` (once)
- `poetry run configgen --teams 4 --routers 2 --dns test.bambi.ovh`
- `poetry run configgen --teams 6 --routers 2 --checkers 3 --dns test.bambi.ovh`
- Ship everything to the EnoCTFPortal:
- `cp -r ./export/portal /services/EnoCTFPortal/data/teamdata` (or whereever it is)
- Builds VMs
- `cd /bambictf/packer`
- `packer build bambichecker.json`
- ...
- `packer build bambielk.json`
- `packer build bambiengine.json`
- `packer build bambirouter.json`
- `packer build bambivulnbox.json`
- Note down vulnbox snapshot id, pass to EnoCTFPortal (`curl -H "Authorization: Bearer $HCLOUD_TOKEN" 'https://api.hetzner.cloud/v1/images?type=snapshot'`)
- Create `./terraform/terraform.tfvars` (see `./terraform/terraform.tfvars.sample` for reference)
- `cd /bambictf/terraform`
- `terraform init`
- `terraform apply`

## Open game network
The time set in `./ansible/config_bambi.yml` should take care. Otherwise call
- `iptables -A FORWARD -o router -j ACCEPT` (on *every* gateway)

## Emergency Port Forwards
Expand All @@ -71,3 +80,10 @@ on every router

## Rsync stuff
- `while true; do rsync /services/data/*.json benni@bambi.enoflag.de:/services/EnoCTFPortal_bambi7/scoreboard; sleep 5; done` TODO ask Lucas about loops and stuff

## Running the actual CTF
* terraform easily takes 30-60 minutes
* build more configs than you actually expect, to have a safeguard
* to add a new team during the CTF
* increase teamcount in terraform and run `terraform apply`
* add new team on EnoEngine `ctf.json`, and reapply config (see there)