mayx/pages
1
0
Fork 0
mirror of https://codeberg.org/mayx/pages synced 2026-02-15 16:34:50 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
89e46030e4a313f934f245793a167fd0ec32ee7a
pages/2020/11/24/createctf.html
Mayx 89e46030e4 update
2026-01-17 09:36:00 +00:00

311 lines
18 KiB
HTML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<!DOCTYPE html>
<html lang="zh-CN">
<head>
<meta charset="UTF-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<!-- Begin Jekyll SEO tag v2.8.0 -->
<title>记一次组织CTF的经历 | Mayx的博客</title>
<meta name="generator" content="Jekyll v3.9.5" />
<meta property="og:title" content="记一次组织CTF的经历" />
<meta name="author" content="mayx" />
<meta property="og:locale" content="zh_CN" />
<meta name="description" content="不会打我也能搞CTF(:-P)" />
<meta property="og:description" content="不会打我也能搞CTF(:-P)" />
<meta property="og:site_name" content="Mayx的博客" />
<meta property="og:type" content="article" />
<meta property="article:published_time" content="2020-11-24T00:00:00+08:00" />
<meta name="twitter:card" content="summary" />
<meta property="twitter:title" content="记一次组织CTF的经历" />
<meta name="google-site-verification" content="huTYdEesm8NaFymixMNqflyCp6Jfvd615j5Wq1i2PHc" />
<meta name="msvalidate.01" content="0ADFCE64B3557DC4DC5F2DC224C5FDDD" />
<meta name="yandex-verification" content="fc0e535abed800be" />
<script type="application/ld+json">
{"@context":"https://schema.org","@type":"BlogPosting","author":{"@type":"Person","name":"mayx"},"dateModified":"2020-11-24T00:00:00+08:00","datePublished":"2020-11-24T00:00:00+08:00","description":"不会打我也能搞CTF(:-P)","headline":"记一次组织CTF的经历","mainEntityOfPage":{"@type":"WebPage","@id":"/2020/11/24/createctf.html"},"publisher":{"@type":"Organization","logo":{"@type":"ImageObject","url":"https://avatars0.githubusercontent.com/u/17966333"},"name":"mayx"},"url":"/2020/11/24/createctf.html"}</script>
<!-- End Jekyll SEO tag -->
<link rel="canonical" href="https://mabbs.github.io/2020/11/24/createctf.html" />
<link type="application/atom+xml" rel="alternate" href="/atom.xml" title="Mayx的博客" />
<link rel="alternate" type="application/rss+xml" title="Mayx的博客(RSS)" href="/rss.xml" />
<link rel="alternate" type="application/json" title="Mayx的博客(JSON Feed)" href="/feed.json" />
<link rel="stylesheet" href="/assets/css/style.css?v=1768642553" />
<!--[if !IE]> -->
<link rel="stylesheet" href="/Live2dHistoire/live2d/css/live2d.css" />
<!-- <![endif]-->
<link rel="search" type="application/opensearchdescription+xml" href="/opensearch.xml" title="Mayx的博客" />
<link rel="webmention" href="https://webmention.io/mabbs.github.io/webmention" />
<link rel="pingback" href="https://webmention.io/mabbs.github.io/xmlrpc" />
<link rel="preconnect" href="https://summary.mayx.eu.org" crossorigin="anonymous" />
<link rel="prefetch" href="https://www.blogsclub.org/badge/mabbs.github.io" as="image" />
<link rel="blogroll" type="text/xml" href="/blogroll.opml" />
<link rel="me" href="https://github.com/Mabbs" />
<script src="/assets/js/jquery.min.js"></script>
<!--[if lt IE 9]>
<script src="//cdnjs.cloudflare.com/ajax/libs/html5shiv/3.7.3/html5shiv.min.js"></script>
<script src="//cdnjs.cloudflare.com/ajax/libs/jquery-ajaxtransport-xdomainrequest/1.0.3/jquery.xdomainrequest.min.js"></script>
<script src="//cdnjs.cloudflare.com/ajax/libs/respond.js/1.4.2/respond.min.js"></script>
<![endif]-->
<script>
var lastUpdated = new Date("Sat, 17 Jan 2026 17:35:53 +0800");
var BlogAPI = "https://summary.mayx.eu.org";
</script>
<script src="/assets/js/main.js"></script>
<!--[if !IE]> -->
<!-- Global site tag (gtag.js) - Google Analytics -->
<script async="async" src="https://www.googletagmanager.com/gtag/js?id=UA-137710294-1"></script>
<script>
window.dataLayer = window.dataLayer || [];
function gtag(){dataLayer.push(arguments);}
gtag('js', new Date());
gtag('config', 'UA-137710294-1');
</script>
<script src="/assets/js/instant.page.js" type="module"></script>
<!-- <![endif]-->
</head>
<body>
<!--[if !IE]> --><noscript><marquee style="top: -15px; position: relative;"><small>发现当前浏览器没有启用JavaScript这不影响你的浏览但可能会有一些功能无法使用……</small></marquee></noscript><!-- <![endif]-->
<!--[if IE]><marquee style="top: -15px; position: relative;"><small>发现当前浏览器为Internet Explorer这不影响你的浏览但可能会有一些功能无法使用……</small></marquee><![endif]-->
<div class="wrapper">
<header class="h-card">
<h1><a class="u-url u-uid p-name" rel="me" href="/">Mayx的博客</a></h1>
<img src="https://avatars0.githubusercontent.com/u/17966333" fetchpriority="high" class="u-photo" alt="Logo" style="width: 90%; max-width: 300px; max-height: 300px;" />
<p class="p-note">Mayx's Home Page</p>
<form action="/search.html">
<input type="text" name="keyword" id="search-input-all" placeholder="Search blog posts.." />&#160;<input type="submit" value="搜索" />
</form>
<br />
<p class="view"><a class="u-url" href="/Mabbs/">About me</a></p>
<ul class="downloads">
<li style="width: 270px; border-right: none;"><a href="/MayxBlog.tgz">Download <strong>TGZ File</strong></a></li>
</ul>
</header>
<section class="h-entry">
<small><time class="date dt-published" datetime="2020-11-24T00:00:00+08:00">24 November 2020</time> - 字数统计1243 - 阅读大约需要4分钟 - Hits: <span id="/2020/11/24/createctf.html" class="visitors">Loading...</span></small>
<h1 class="p-name">记一次组织CTF的经历</h1>
<p class="view">by <a class="p-author h-card" href="//github.com/Mabbs">mayx</a></p>
<div id="outdate" style="display:none;">
<hr /><p>
这是一篇创建于 <span id="outime"></span> 天前的文章,其中的信息可能已经有所发展或是发生改变。
</p>
</div>
<script>
daysold = Math.floor((new Date().getTime() - new Date("Tue, 24 Nov 2020 00:00:00 +0800").getTime()) / (24 * 60 * 60 * 1000));
if (daysold > 90) {
document.getElementById("outdate").style.display = "block";
document.getElementById("outime").innerHTML = daysold;
}
</script>
<hr />
<b>AI摘要</b>
<p id="ai-output">这篇文章讲述了作者作为协会部门部长参与组织一次CTF比赛的经历。虽然作者原本对CTF感兴趣并计划将其做成游戏但实际负责运维时发现所使用的FBCTF平台存在很多问题如已不维护、存在安全限制、部署复杂性需要hhvm环境以及国际化和数据库字符集设置上的问题。尽管过程中遇到了bug和新需求PHP老师还是在短期内完成了额外任务。作者表示比赛还在进行可能会有更多意想不到的事情发生。</p>
<hr />
<ul><li><a href="#起因">起因</a></li><li><a href="#感受">感受</a></li><li><a href="#经历">经历</a></li></ul>
<hr />
<main class="post-content e-content" role="main"><p>不会打我也能搞CTF(:-P)<!--more--></p>
<h1 id="起因">
<a href="#起因"><svg class='octicon' viewBox='0 0 16 16' version='1.1' width='16' height='32' aria-hidden='true'><path fill-rule='evenodd' d='M7.775 3.275a.75.75 0 001.06 1.06l1.25-1.25a2 2 0 112.83 2.83l-2.5 2.5a2 2 0 01-2.83 0 .75.75 0 00-1.06 1.06 3.5 3.5 0 004.95 0l2.5-2.5a3.5 3.5 0 00-4.95-4.95l-1.25 1.25zm-4.69 9.64a2 2 0 010-2.83l2.5-2.5a2 2 0 012.83 0 .75.75 0 001.06-1.06 3.5 3.5 0 00-4.95 0l-2.5 2.5a3.5 3.5 0 004.95 4.95l1.25-1.25a.75.75 0 00-1.06-1.06l-1.25 1.25a2 2 0 01-2.83 0z'></path></svg></a> 起因
</h1>
<p>在一年前,我<a href="/2019/12/16/ctf.html">体验了一次CTF</a>,感觉挺有意思的,而且为此我甚至计划做一个以此为基础的<a href="/2019/12/17/game.html">游戏</a>。可惜人不行了,除了会咕咕咕其他什么都不行。 </p><p>
想不到就在最近我不用参加CTF而是直接去给其他人玩CTF的机会。最近我所在的协会要承包一次CTF的比赛我作为协会部门的部长自然也要参与其中。我最擅长的就是运维所以在这次比赛我就成为负责维护这次CTF平台的运维了。</p>
<h1 id="感受">
<a href="#感受"><svg class='octicon' viewBox='0 0 16 16' version='1.1' width='16' height='32' aria-hidden='true'><path fill-rule='evenodd' d='M7.775 3.275a.75.75 0 001.06 1.06l1.25-1.25a2 2 0 112.83 2.83l-2.5 2.5a2 2 0 01-2.83 0 .75.75 0 00-1.06 1.06 3.5 3.5 0 004.95 0l2.5-2.5a3.5 3.5 0 00-4.95-4.95l-1.25 1.25zm-4.69 9.64a2 2 0 010-2.83l2.5-2.5a2 2 0 012.83 0 .75.75 0 001.06-1.06 3.5 3.5 0 00-4.95 0l-2.5 2.5a3.5 3.5 0 004.95 4.95l1.25-1.25a.75.75 0 00-1.06-1.06l-1.25 1.25a2 2 0 01-2.83 0z'></path></svg></a> 感受
</h1>
<p>成为了维护CTF系统的人之后我对CTF的了解更深了CTF系统的本质就是一个计分板加一台靶机然后题就那么几种像Web、PWN这种题需要靶机其他的Crypto、Reverse、Misc啥的就只需要把题目放到一个文件服务器里就行了。另外计分板也非常的简单就只需要一个判断结果是不是等于设定好的flag就完事了然后根据答题情况给分就行了。 </p><p>
一般正式的赛事中好像flag都是动态的每一个队伍的flag都不一样然后每个队伍打的靶机也全部都是用docker隔离开的像我们举行的这个CTF并不算专业只能算是比较业余的。</p>
<h1 id="经历">
<a href="#经历"><svg class='octicon' viewBox='0 0 16 16' version='1.1' width='16' height='32' aria-hidden='true'><path fill-rule='evenodd' d='M7.775 3.275a.75.75 0 001.06 1.06l1.25-1.25a2 2 0 112.83 2.83l-2.5 2.5a2 2 0 01-2.83 0 .75.75 0 00-1.06 1.06 3.5 3.5 0 004.95 0l2.5-2.5a3.5 3.5 0 00-4.95-4.95l-1.25 1.25zm-4.69 9.64a2 2 0 010-2.83l2.5-2.5a2 2 0 012.83 0 .75.75 0 001.06-1.06 3.5 3.5 0 00-4.95 0l-2.5 2.5a3.5 3.5 0 004.95 4.95l1.25-1.25a.75.75 0 00-1.06-1.06l-1.25 1.25a2 2 0 01-2.83 0z'></path></svg></a> 经历
</h1>
<p>在这次CTF中我本来是不想管平台的事情如果我来搭建这个平台我可能会选择<a href="https://github.com/CTFd/CTFd">CTFd</a>作为本次CTF的平台。不过这个CTF在我来之前举办过几次他们使用的是由Facebook开发的<a href="https://github.com/facebookarchive/fbctf">FBCTF</a>作为整个比赛的平台。我作为运维,肯定也不会去管程序上的事情,就干脆让他们去搞相关的事情了。 </p><p>
不过现实证明这是一个错误的决定这个平台已经不维护了虽然看起来确实挺好看但是BUG也多在这次比赛中给我们维护组带来了不少的压力。就比如说这个平台里的<a href="https://github.com/facebookarchive/fbctf/blob/4ec9b6be404fce1bed6d1066fccf10c4255767bb/database/countries.sql#L161">这一句话</a>,给我们带来了很多麻烦。就这样的短短一句话,搞的正在运行的平台直接被迫停止运行。为什么呢?很简单,因为我所在的学校是中国啊,不允许这样的事情发生…… </p><p>
另外这个FBCTF也很迷看代码不过就是普通的PHP而已但是部署的时候用的软件和方式都和平时不一样。正常来说这种东西一个LEMP或者LAMP就能解决问题而它非得要一个什么hhvm的环境不过环境不是我搭的它用啥我倒是不在乎。然而它的i18n有问题<a href="https://github.com/facebookarchive/fbctf/blob/4ec9b6be404fce1bed6d1066fccf10c4255767bb/src/controllers/IndexController.php#L598">这一行</a>没有加<code class="language-plaintext highlighter-rouge">tr</code>的那个函数然后注册的时候显示就会出问题。有问题倒是没关系大不了改了就行了可是这个破玩意改了之后居然没反应我搞了半天都没有搞好后来发现因为它用了hhvm这个东西会把php代码编译然后直接修改代码就啥反应都没有必须用<code class="language-plaintext highlighter-rouge">hhvm-repo-mode</code>才能更新代码😓…… </p><p>
其他的就是数据库,那个部署的人当时居然没改字符集,用的还是拉丁文的字符集,然后存储中文的时候就会各种乱码,怎么搞都搞不回来,不过程序里面好像没有受影响,所以也就算了。 </p><p>
还有就是领导的新需求这也算是提前体验公司生活了领导说要加一个功能我肯定不会想着去接这个大坑最后这个任务被派给了我们的PHP老师不过老师确实专业花了4个小时最终真的就搞成了水平确实了的。 </p><p>
目前这次的比赛还没有结束,不知道还会出什么新的莫名其妙的事情,敬请期待吧~</p></main>
<small style="display: block">tags: <a rel="category tag" class="p-category" href="/search.html?keyword=CTF"><em>CTF</em></a> - <a rel="category tag" class="p-category" href="/search.html?keyword=%E8%AE%B0%E5%BD%95"><em>记录</em></a> <span style="float: right;"><a href="https://gitlab.com/mayx/mayx.gitlab.io/tree/master/_posts/2020-11-24-createctf.md">查看原始文件</a></span></small>
<h4 style="border-bottom: 1px solid #e5e5e5;margin: 2em 0 5px;">推荐文章</h4>
<p id="suggest-container">Loading...</p>
<script>
var suggest = $("#suggest-container");
$.get(BlogAPI + "/suggest?id=/2020/11/24/createctf.html&update=" + lastUpdated.valueOf(), function (data) {
if (data.length) {
getSearchJSON(function (search) {
suggest.empty();
var searchMap = {};
for (var i = 0; i < search.length; i++) {
searchMap[search[i].url] = search[i];
}
var tooltip = $('<div class="content-tooltip"></div>').appendTo('body').hide();
for (var j = 0; j < data.length; j++) {
var item = searchMap[data[j].id];
if (item) {
var link = $('<a href="' + item.url + '">' + item.title + '</a>');
var contentPreview = item.content.substring(0, 100);
if (item.content.length > 100) {
contentPreview += "……";
}
link.hover(
function(e) {
tooltip.text($(this).data('content'))
.css({
top: e.pageY + 10,
left: e.pageX + 10
})
.show();
},
function() {
tooltip.hide();
}
).mousemove(function(e) {
tooltip.css({
top: e.pageY + 10,
left: e.pageX + 10
});
}).data('content', contentPreview);
suggest.append(link);
suggest.append(' - ' + item.date + '<br />');
}
}
});
} else {
suggest.html("暂无推荐文章……");
}
});
</script>
<br />
<div class="pagination">
<span class="prev">
<a href="/2020/10/24/try.html">
上一篇Mayx的产品测评
</a>
</span>
<br />
<span class="next">
<a href="/2020/12/07/picore.html">
下一篇在树莓派上体验piCore
</a>
</span>
</div>
<!--[if !IE]> -->
<link rel="stylesheet" href="/assets/css/gitalk.css">
<script src="/assets/js/gitalk.min.js"></script>
<div id="gitalk-container"></div>
<script>
var gitalk = new Gitalk({
clientID: '36557aec4c3cb04f7ac6',
clientSecret: 'ac32993299751cb5a9ba81cf2b171cca65879cdb',
repo: 'mabbs.github.io',
owner: 'Mabbs',
admin: ['Mabbs'],
id: '/2020/11/24/createctf', // Ensure uniqueness and length less than 50
distractionFreeMode: false, // Facebook-like distraction free mode
proxy: "https://cors-anywhere.mayx.eu.org/?https://github.com/login/oauth/access_token"
})
gitalk.render('gitalk-container')
</script>
<!-- <![endif]-->
</section>
<!--[if !IE]> -->
<div id="landlord" style="left:5px;bottom:0px;">
<div class="message" style="opacity:0"></div>
<canvas id="live2d" width="500" height="560" class="live2d"></canvas>
<div class="live_talk_input_body">
<form id="live_talk_input_form">
<div class="live_talk_input_name_body" >
<input type="checkbox" id="load_this" />
<input type="hidden" id="post_id" value="/2020/11/24/createctf.html" />
<label for="load_this">
<span style="font-size: 11px; color: #fff;">&#160;想问这篇文章</span>
</label>
</div>
<div class="live_talk_input_text_body">
<input name="talk" type="text" class="live_talk_talk white_input" id="AIuserText" autocomplete="off" placeholder="要和我聊什么呀?" />
<button type="submit" class="live_talk_send_btn" id="talk_send">发送</button>
</div>
</form>
</div>
<input name="live_talk" id="live_talk" value="1" type="hidden" />
<div class="live_ico_box" style="display:none;">
<div class="live_ico_item type_info" id="showInfoBtn"></div>
<div class="live_ico_item type_talk" id="showTalkBtn"></div>
<div class="live_ico_item type_music" id="musicButton"></div>
<div class="live_ico_item type_youdu" id="youduButton"></div>
<div class="live_ico_item type_quit" id="hideButton"></div>
<input name="live_statu_val" id="live_statu_val" value="0" type="hidden" />
<audio src="" style="display:none;" id="live2d_bgm" data-bgm="0" preload="none"></audio>
<input id="duType" value="douqilai" type="hidden" />
</div>
</div>
<div id="open_live2d">召唤伊斯特瓦尔</div>
<!-- <![endif]-->
<footer>
<p>
<small>Made with ❤ by Mayx<br />Last updated at 2026-01-17 17:35:53<br /> 总字数614622 - 文章数178 - <a href="/atom.xml" >Atom</a> - <a href="/README.html" >About</a></small>
</p>
</footer>
</div>
<script src="/assets/js/scale.fix.js"></script>
<!--[if !IE]> -->
<script src="/assets/js/main_new.js"></script>
<script src="/Live2dHistoire/live2d/js/live2d.js"></script>
<script src="/Live2dHistoire/live2d/js/message.js"></script>
<!-- <![endif]-->
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink