In this blog article I'll explain how to build your own Capture The Flag (CTF) challenge and host it online for up to two months for free using a digital ocean droplet.
Requirements:
- A Gmail account to register with digital ocean
- A valid credit card, sorry it's a necessary evil
- A referral link from digital ocean providing $100 credit for up to 2 months.
- Use mine if you like: https://m.do.co/c/45afc9316e43
- Lot's of patience - some of the setup is tricky - google is your friend
- Setup reminders... Monitor activity and remember to close out your account before the 2 months expires or $100 credit is used
Procedure:
- Use your Gmail account and credit card to register for a digital ocean account
- https://www.digitalocean.com
- Login to digital ocean and create a droplet.
3. In this example we will use an Ubuntu VM (choose version 18.04), Basic $5/mo plan
4. Scrolling down we will choose preferred datacenter, and root authentication method, tags and link the droplet to a project.
5. Create the droplet and go to the Droplets menu to access the settings and Recovery shell (alternately the droplet is accessible through SSH clients such as Putty)
4. Scrolling down we will choose preferred datacenter, and root authentication method, tags and link the droplet to a project.
5. Create the droplet and go to the Droplets menu to access the settings and Recovery shell (alternately the droplet is accessible through SSH clients such as Putty)
6. Configure Networking settings
a) Configure the firewall to at a minimum, allow inbound access to the droplet on TCP port 3000.
b) In the example below ICMP is also enabled for troubleshooting, but SSH and other ports can be added as required, just be sure to only allow access from IP's you want to allow access from rather than the default (All IPv4/IPv6)
c) If you have a domain available, and want to use it, setup DNS records and link to the IP
d) No domain - no problem, you're users will just need to be given the IP address to connect
7. Install docker
7. Install docker
a) I just followed the instructions at this link:
https://www.digitalocean.com/community/tutorials/how-to-install-and-use-docker-on-ubuntu-18-04
8. Setup and start Juice Shop
a) Run docker pull bkimminich/juice-shop
9. Run docker run --rm -p 3000:3000 bkimminich/juice-shop
a) Browse to http://<your IP or domain>:3000
2. Have fun and learn!
9. Run docker run --rm -p 3000:3000 bkimminich/juice-shop
Connect and Hack
1. Connect to the new CTF page and begin hacking!a) Browse to http://<your IP or domain>:3000
2. Have fun and learn!
a) You can always use the companion guide to help you through the tough spots
b) https://bkimminich.gitbooks.io/pwning-owasp-juice-shop/content/
