ctfcli/ctfcli/spec/challenge-example.yml at c82746c7b3921d27aead6c69b04e7ee859a0ec7f · CTFd/ctfcli · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
# This file represents the base specification of your challenge. It is used by
# other tools to install and deploy your challenge.

# Required sections
name: "{{cookiecutter.name}}"
author: "author"
category: category
description: This is a sample description
attribution: Written by [author](https://ctfd.io)
value: 100
type: standard

# The extra field provides additional fields for data during the install/sync commands/
# Fields in extra can be used to supply additional information for other challenge types
# For example the follow extra field is for dynamic challenges. To use these following
# extra fields, set the type to "dynamic" and uncomment the "extra" section below
# extra:
#     initial: 500
#     decay: 100
#     minimum: 50

# Settings used for Dockerfile deployment
# If not used, remove or set to null
# If you have a Dockerfile set to .
# If you have an imaged hosted on Docker set to the image url (e.g. python/3.8:latest, registry.gitlab.com/python/3.8:latest)
# Follow Docker best practices and assign a tag
image: null

# Specify a protocol that should be used to connect to the running image
# For example if the image is a website you can specify http or https
# Otherwise you can specify tcp
protocol: null

# Specify a host to deploy the challenge onto.
# The currently supported URI schemes are ssh:// and registry://
# ssh is an ssh URI where the above image will be copied to and deployed (e.g. ssh://root@123.123.123.123)
# registry is a Docker registry tag (e.g registry://registry.example.com/test/image)
# host can also be specified during the deploy process: `ctf challenge deploy challenge --host=ssh://root@123.123.123.123`
host: null

# Optional settings

# connection_info is used to provide a link, hostname, or instructions on how to connect to a challenge
connection_info: nc hostname 12345

# healthcheck is a tool/script used to check a challenge
# If connection_info was provided to CTFd when the challenge was installed, it will be passed to the healthcheck script:
# ./writeup/exploit.sh --connection-info "nc hostname 12345"
healthcheck: writeup/exploit.sh

# solution is used to provide a path to the challenge solution document.
# The file path is relative to this challenge.yml file.
# If provided as a string path, ctfcli uploads it as a hidden CTFd solution during sync.
# You can also use an object:
# solution:
#   path: writeup/WRITEUP.md
#   state: solved  # hidden | visible | solved
solution: writeup/WRITEUP.md

# Can be removed if unused
attempts: 5

# Specifies flag processing behavior of challenge
# Accept any flag (default): any
# Require all flags to be provided: all
# Require all team members to submit any flag: team
logic: any

# Flags specify answers that your challenge use. You should generally provide at least one.
# Can be removed if unused
# Accepts strings or dictionaries of CTFd API data
flags:
    # A static case sensitive flag
    - flag{3xampl3}
    # A static case sensitive flag created with a dictionary
    - {
        type: "static",
        content: "flag{wat}",
        data: "case_sensitive",
    }
    # A static case insensitive flag
    - {
        type: "static",
        content: "flag{wat}",
        data: "case_insensitive",
    }
    # A regex case insensitive flag
    - {
        type: "regex",
        content: "(.*)STUFF(.*)",
        data: "case_insensitive",
    }

# Topics are used to help tell what techniques/information a challenge involves
# They are generally only visible to admins
# Accepts strings
topics:
    - information disclosure
    - buffer overflow
    - memory forensics

# Tags are used to provide additional public tagging to a challenge
# Can be removed if unused
# Accepts strings
tags:
    - web
    - sandbox
    - js

# Provide paths to files from the same directory that this file is in
# Accepts strings
files:
    - dist/source.py

# Hints are used to give players a way to buy or have suggestions. They are not
# required but can be nice.
# Can be removed if unused
# Accepts dictionaries or strings
hints:
    - {
        content: "This hint costs points",
        cost: 10
    }
    - This hint is free
    - title: Titled Hint
      content: This hint has a title and costs points
      cost: 10

# Requirements are used to make a challenge require another challenge to be
# solved before being available.
# Can be removed if unused
# Accepts challenge names as strings or challenge IDs as integers
requirements:
    - "Warmup"
    - "Are you alive"

# The following format for requirements can also be used. This format can also
# support the "anonymize" flag, which will display the challenge but with all
# the challenge information anonymized if it is not unlocked yet.
#requirements:
#    prerequisites:
#        - "Warmup"
#        - "Are you alive"
#    anonymize: true

# The next is used to display a next recommended challenge to a user when
# the user correctly answers the current challenge.
# Can be removed if unused
# Accepts a challenge name as a string, a challenge ID as an integer, or null
# if you want to remove or disable it.
next: null

# The state of the challenge.
# If the field is omitted, the challenge is visible by default.
# If provided, the field can take one of two values: hidden, visible.
state: hidden

# Specifies what version of the challenge specification was used.
# Subject to change until ctfcli v1.0.0
version: "0.1"