Contents

Quick Setup of CTFd for Capture the Flag Competitions

Setting Up a CTFd Instance on a Virtual Machine

Setting up a Capture The Flag (CTF) competition can be a rewarding experience for both organisers and participants. In this quick setup guide, we’ll guide you through installing a CTFd instance on a virtual machine using a simple shell script. This script automates the installation process, making it straightforward and efficient.

Prerequisites

Before you begin, ensure you have the following:

  1. A virtual machine running Ubuntu (tested on Ubuntu 24.04 (LTS) x64).
  2. A domain name (recommended) or the public IP address of your server.
  3. Basic knowledge of terminal commands.

Installation Script

Below is the shell script you will use to set up the CTFd instance. Save it as install_ctfd.sh.


#!/bin/bash

# Prompt the user for necessary information
echo "This key is used to encrypt session data and should be kept secret."
read -p "Enter a secret key for Flask sessions (SECRET_KEY): " SECRET_KEY

echo "This password is used to access the MySQL database."
read -p "Enter a password for the database (DB_PASSWORD): " DB_PASSWORD

echo "This email is used for the initial admin user account."
read -p "Enter the admin email address (ADMIN_EMAIL): " ADMIN_EMAIL

echo "This password is used for the initial admin user account."
read -sp "Enter the admin password (ADMIN_PASSWORD): " ADMIN_PASSWORD
echo
echo

HOST_IP=$(curl -s http://checkip.amazonaws.com)

echo "We highly recommend using a domain name through cloudflare with proxy to handle SSL."
echo "Please ensure that the domain name is pointed to the server's public IP address before continuing."
echo "If you do not have a domain name, you can leave this empty to use the server's public IP address."
echo "Current server's public IP address: $HOST_IP"
echo
read -p "Enter your domain name (leave empty to use server/host's IP): " DOMAIN_NAME

# Determine the server's public IP address if no domain name is provided
if [ -z "$DOMAIN_NAME" ]; then
    DOMAIN_NAME=$HOST_IP
    echo "No domain name provided, using IP address: $DOMAIN_NAME"
else
    echo "Using domain name: $DOMAIN_NAME"
fi

echo
echo "Installing CTFd on the server..."
sleep 2

# Update and upgrade the system
sudo apt update && sudo apt upgrade -y

# Install Docker
sudo apt install -y apt-transport-https ca-certificates curl software-properties-common
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
sudo apt update
sudo apt install -y docker-ce

# Install Docker Compose
sudo curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose

# Clone the CTFd repository
git clone https://github.com/CTFd/CTFd.git
cd CTFd

# Create environment file
cat <<EOF > .env
SECRET_KEY=$SECRET_KEY
DATABASE_URL=mysql+pymysql://ctfd:$DB_PASSWORD@db/ctfd
EOF

# Build and run the containers
sudo docker-compose up -d

# Initialize the database
sudo docker-compose exec ctfd ./manage.py db upgrade
sudo docker-compose exec ctfd ./manage.py create_ctfd_user $ADMIN_EMAIL --password $ADMIN_PASSWORD --type admin

# Print completion message
echo "CTFd setup is complete. Access your instance at https://$DOMAIN_NAME"

Running the Script

  1. Download the Script: Download the above script with curl -O https://lnwatson.co.uk/files/install_ctfd.sh on your VM.
  2. Make the Script Executable: Run the command chmod +x install_ctfd.sh to make the script executable.
  3. Execute the Script: Run the script with sudo ./install_ctfd.sh and follow the prompts to enter the necessary information.

Or all in one go: curl -O https://lnwatson.co.uk/files/install_ctfd.sh && chmod +x install_ctfd.sh && sudo ./install_ctfd.sh

You may also need to edit your VMs firewall settings to 1) Allow HTTP/HTTPS through and 2) Prevent access to any other systems on the VM. Alternatively you could use a service such as cloudflare’s zero trust.

Accessing Your CTFd Instance

Once the script completes, you can access your CTFd instance by navigating to http://your_domain_or_ip in your web browser. If you’ve used a domain name, ensure that your DNS records are correctly pointed to your server’s public IP address. If you are using cloudflare proxy as recommended use https://your_domain_or_ip.

Conclusion

Setting up a CTFd instance can be easy and efficient with the right script. This script automates the installation process, allowing you to focus on creating and managing your CTF challenges. Enjoy your new CTFd platform and happy hacking!

If you have any issues or comments feel free to reach out on socials or alternatively, for support visit ENUSEC’s Discord.