Language: English | Русский
CulhwchFarm is a flexible and convenient Attack/Defense CTF farm. Inspired by DestructiveFarm and S4DFarm.
- Change the password in compose.yml. (SERVER_PASSWORD)
- Execute
docker compose up --build -dormake start - After the build, the farm will be available at http://localhost:8893
The farm's capabilities can be customized and expanded using scripts: protocols and validators.
If additional parameters need to be added to a script, the first line should contain a comment with them, for example, # params: SYSTEM_HOST, SYSTEM_PORT. These parameters can be configured through the web interface, and the script can retrieve them from the configuration, for example, host = config.get('SYSTEM_HOST').
Culhwch automatically detects script changes and processes them when the settings are opened in the web interface.
Protocols are used for the farm to work with the scoring system (flag submission). The protocol should implement the function submit_flags(flags: list[Flag], config: dict) that returns a generator.
Validators are used to filter and modify flags entering the farm. The validator should implement an asynchronous function async def validate_flags(flags: Iterator[Flag], app, config: dict) that returns an asynchronous generator.
The Flags page provides statistics on exploits and the ability to manually submit a flag.
The Teams page allows managing teams:
- Deleting teams
- Adding teams
- Generating teams
The Settings page allows managing farm settings:
- Configuring default variables
- Selecting and configuring protocols
- Enabling/disabling validators and configuring their parameters
The farm API allows automating certain tasks, such as managing settings and the team list (e.g., team_parsers).
Exploits are written to attack enemy teams, steal flags, and submit them to the farm.
To launch an exploit, use start_sploit.py, for example:
python3 start_sploit.py sploit.py