This page describes how to get the CTF network and Vulnbox running in a basic setup. There is a multitude of things which could be done differently. So if you already know how to connect to the VPN and host the Vulnbox, feel free to do it differently. In any case, also have a look at the general Setup docs.

We are going to use the VPN on Vulnbox option as described in our Setup docs. Individual team members will connect to the competition network using player VPN connections from their own machines. Our setup will work for both on-site and remote teams.

Requirements

For Vulnbox hosting, you are going to need a PC with an x86-64 CPU (once per team). We recommend a CPU with at least 4 cores, VT-x support and 8 GB of RAM.

Since we're going to use the VirtualBox GUI, physical access to the hosting machine with monitor, keyboard and mouse is required.

In the rest of this guide, we're going to assume a standard Debian 10 ("Buster") Desktop install on the PC. Other Debian versions or Ubuntu should work similarly and the general setup should also be applicable to other distributions or even operating systems.

Installation

Download and install VirtualBox from its website.

Connecting to the Vulnbox

Finally, we are going to launch the Vulnbox (or the test image): Download it from us in OVA format and decrypt it using gpg -o <filename> -d <filename>.gpg.

Afterwards, click "File" – "Import Appliance". Select the decrypted OVA image and finish the wizard without any changes. Open the settings for the imported VM. In the "Network" section, make sure that "Attached to: NAT" is selected.

Now comes a bit of a tricky part: The Vulnbox will already work if you start it now and you'll also be able to log in through the VirtualBox GUI. However, it would be kind of hard to get a VPN config onto it, since copy/paste doesn't work. To work around that, you can connect via SSH with the root password that is printed on tty1 and the serial consoles. To reach the VM, configure a port forwarding:

  • Go to "Devices -> Network -> Network Settings".
  • In the tab "Adapter 1", make sure it is "Attatched to: NAT",
  • Click the Button ">Advanced -> [Port Forwarding]"
  • In the Port Forwarding window, click "+" in the top right corner.
  • Fill in Protocol TCP, Host Port 2222, and Guest Port 22. Leave the fields for IP blank. (You can use any other port instead of 2222)

On the host, you can use ssh -p 2222 root@localhost to connect to the Vulnbox. You should be greeted by our initial accountsetup tool.

Configuring the Vulnbox

In the accountsetup tool, you first have to enter your team number. You should have received it via email with the VPN configs.

Next, you can paste one or more SSH keys for future logins.

When accountsetup asks for the network mode, select vpn. In the next step, paste the the Vulnbox VPN config, "vuln-faustctf.conf", from the email you received.

The Vulnbox will reboot, you can disconnect socat by pressing Ctrl+Q or Ctrl+C.

Joining Player VPN

Connect your personal machine (the one you wanna work with during the CTF) to the player VPN using "player-faustctf.conf". How do this exactly will depend on your operating system, but you should be able to find plenty of OpenVPN guides.

You should be able to log into the Vulnbox via SSH as root at fd66:666:<team-number>::2 (or fd66:666:<team-number>::3 for the testing Vulnbox) and ping submission.faustctf.net from your local machine as well as the Vulnbox.

This last step can (and should) be done by all individual team members.

Happy Hacking!