Motivation of building such a CTF platform

To promote and improve computer security education in the University of Hong Kong, HKU is planning to establish a customized Capture the Flag (CTF) platform used for CTF competition and exercise.

The project is aimed to seek a way for better combing the challenges with CTF platform so as to make it adaptable when holding a CTF competition.

In the first part, two CTF platforms, CTFd and FBctf are analyzed carefully based on their installation, functionality and performance, after which FBctf is chosen to be the target CTF platform in this project. In the second part, four selected challenges which are vulnerable web attacking problems without answers will be lined with FBctf and their source code will be modified to be more friendly to new learners. What’s more, some additional functionality, including timer on web page and recording of user input, will be implemented based on the web server.

The category of challenges that are of the concern of this project is web attacks. Illegal modification of cookies, source code and URL of the web server are included, and SQL injection vulnerabilities are also introduced. In future work, more kinds of web attacks, such as XSS and CSRF, will be analyzed and embedded with the platform.