Migrated from github.com/shafiqalibhai/capture-the-flag http://janosgyerik.github.com/capture-the-flag/

Python 98.6%
Shell 0.4%
C 0.3%
JavaScript 0.3%
CSS 0.3%

Find a file

ssa e4fc88bac4 Add Dockerfile: Kali-style toolset for CTF challenges in this repo		2026-04-27 22:38:21 +00:00
ctf1	adjusted readme and tools.txt and added syntax.txt	2013-03-19 23:44:18 +01:00
images	added screenshots	2013-03-09 23:37:02 +01:00
scripts	added tools.txt with helpful info	2013-03-11 20:48:30 +01:00
.gitignore	ignore tmp	2013-12-08 13:31:59 +01:00
Dockerfile	Add Dockerfile: Kali-style toolset for CTF challenges in this repo	2026-04-27 22:38:21 +00:00
README.md	Update README with comprehensive project information	2026-04-27 20:36:49 +00:00

README.md

capture-the-flag

Overview

Capture The Flag! Remaster Linux Live CD images for the purpose of creating ready to use security wargames with pre-installed vulnerabilities to exploit.

Detected project type: Python.

This repository was migrated from upstream source github.com/shafiqalibhai/capture-the-flag and is preserved here for archival, reference, or continued local development.

At a glance

Default branch: master
Visibility: public
Size: 933 KB
Created: 2026-04-27
Last updated: 2026-04-27
Stars / Forks / Open issues: 0 / 0 / 0

Languages

Language	Bytes	Share
Python	2,089,617 bytes	98.6%
Shell	7,965 bytes	0.4%
C	7,613 bytes	0.4%
JavaScript	6,345 bytes	0.3%
CSS	6,111 bytes	0.3%
HTML	1,020 bytes	0.0%
Makefile	653 bytes	0.0%

Repository structure

ctf1/
images/
scripts/
.gitignore (9 B)
README.md (3,897 B)

Getting started

Clone the repository:

git clone https://forgejo.deployview.com/ssa/capture-the-flag.git
cd capture-the-flag

Installation

python3 -m venv .venv && source .venv/bin/activate
pip install -r requirements.txt

Usage

Invoke the main entry point:

python3 main.py    # or the appropriate module

Original README

The content below is preserved from the previous README. Headings have been demoted so they don't compete with the new top-level sections.

Capture The Flag!

Remaster Linux Live CD images for the purpose of creating ready to use security wargames with pre-installed vulnerabilities to exploit.

Requirements

You will need the following in order to build the Live CD using the scripts in this project:

Linux, with root access using sudo
git
make, gcc -- for building vulnerable programs
pwgen -- for generating random passwords
rsync
genisoimage -- for mkisofs
advancecomp -- for advdef
squashfs-tools -- for unsquashfs
curl -- for downloading packages and other files

Requirements when building in 64-bit systems

The base Live CD is 32-bit, and therefore the C programs must be built 32-bit too. In order to do that you need to install 32-bit development libraries. In Debian for example the package is called libc6-dev-i386.

Building the Live CD

You have different options to build the CD:

Basic build: using a single script to build everything
3-step build: 3 steps to give you a chance to customize
Expert build: if you want to understand everything

Choose whichever method is most suitable for you.

Basic build (for the impatient)

To fetch all the necessary files including the 8MB TinyCore base base image, the hacking contest data and all the required TinyCore packages and remaster the CD:

./scripts/rebuild.sh

Note: some of the steps need to run sudo, so you will be prompted for your password one or more times.

3-step build

The idea of this build method is to create the basic CD data but stop before rebuilding the image so that you can customize it first.

Build the basic CD data:
```
 ./scripts/build.sh
```
Note: some of the steps need to run sudo, so you will be prompted for your password one or more times.
Customize the contents in the extract directory. This step is completely up to you, depending on what you want to customize. You might want to install some custom packages, for example keymaps for non US keyboards:
```
 sudo ./scripts/install-tcz.sh kmaps
```
Create the final ISO:
```
 sudo ./scripts/pack-iso.sh
```

Disclaimer

The challenges are based on the original online contest organized by Stripe: https://stripe.com/blog/capture-the-flag

Using the Live CD

See http://janosgyerik.github.com/capture-the-flag/

Screenshots

Solutions

The solutions are intentionally omitted from this project. You can find the solutions to the original Stripe challenges on the internet, but don't be surprised if they won't work on this Live CD out of the box. That's intentional too ;-)

Please keep your own solutions private.

Abusing the CD

If you want to get root access in the live system, you can either do su - tc to become the admin user, or boot the system with the mc superuser boot option. This is no secret, and you won't learn anything this way.

Todo

Re-implement /levels/level02/level02.py without Flask (save 3MB)
Implement the second Capture The Flag contest of Stripe
maybe: Generalize the scripts to use with other than TinyCore

Contributing

Contributions are welcome. The typical workflow is:

Open an issue describing the change you'd like to make.
Fork the repository (or create a feature branch if you have write access).
Commit your changes with clear, descriptive messages.
Open a pull request against the master branch.

Please follow the existing code style and include tests or reproduction steps where relevant.

License

No LICENSE file is currently present in this repository. Treat the contents as all rights reserved by the author until an explicit license is added. If you intend to share or accept contributions, consider adding an OSI-approved license such as MIT, Apache-2.0, or GPL-3.0.

Repository

Browse: https://forgejo.deployview.com/ssa/capture-the-flag
Clone (HTTPS): https://forgejo.deployview.com/ssa/capture-the-flag.git
Clone (SSH): ssh://git@forgejo.deployview.com:30143/ssa/capture-the-flag.git
Upstream / origin: github.com/shafiqalibhai/capture-the-flag

This README was generated automatically based on repository metadata, contents, and any prior README content. Edit any section above to add project-specific detail.