Blackb6a Intensive Study - How to build the challenge? (By a1668k)

## How to build the challenge? (By a1668k) Quite a lot of people asked how to build up those challenges locally after receiving the attachment during CTF. Here are some guides on how to build up the challenges if you want to try out those challenge locally. There are three types of challenge attachment: 1) **<ins>Author only provided the `Dockerfile` and some other files</ins>** Let's take [idoriot](https://github.com/blackb6a/intensive-study/tree/main/week0-web/sets/easy/idoriot) as an example: In this case, you will need to build the docker image first. Change your current directory into the folder that contains the `Dockerfile`, then build the docker image (you can specify the name of the docker image with the argument `-t`). ```bash $ cd idoriot/dist $ sudo docker build . -t idoriot ``` ![image](https://hackmd.io/_uploads/SJ5Kx-uAyl.png) ![image](https://hackmd.io/_uploads/HJVsg-dCkx.png) After building the docker image, you will need to look at what port the challenge exposed. You can look for the word `EXPOSE xxx` to see which port does that challenge opened. Some challenges, especially for Pwn challenges, will use another port number instead of some standard port numbers. In the `idoriot` case, the website is exposed in port 80. ![image](https://hackmd.io/_uploads/SJ3cybuRyg.png) Then you will need to run the docker container. Map a local port into the exposed port that you found before with the argument `-p`, e.g. `-p 1337:80`, which means I am now mapping my computer's port `1337` into the docker container port `80`. ```bash $ sudo docker run -p 1337:80 idoriot ``` You can also add an argument `-d` to detach the docker terminal. Then the docker container will run in the background instead. ```bash $ sudo docker run -p 1337:80 idoriot ``` After that, you can access the challenge via the mapped local port. In this case, I can access the challenge via http://localhost:1337. ![image](https://hackmd.io/_uploads/r1jzMb_Aye.png) :::info **Note**: If you are using Macbook with M-chips like me, sometime you may need to add an extra argument `--platform linux/amd64` to make sure the challenge containers perform like the real challenge server (as most of the CTF will host their challenges with `x64` or `amd64` machines). More will be explained later in Pwn week UwU (as I am the weird guy who use Macbook Pro to play Pwn challenges). ::: 2) **<ins>Author provided the `docker-compose.yaml` / `compose.yml` and some other files</ins>** Let's take [jsonwebtoken](https://github.com/blackb6a/intensive-study/tree/main/week0-web/sets/easy/jsonwebtoken) as an example: The logic is similar to Type 1. But it is much easier to build the docker container(s) using with the `docker-compose.yaml`/`compose.yaml` as all the things have been prepared by the author. You just need to change your current directory into the folder that contains the `docker-compose.yaml` file, then run `docker-compose up` to build up all the containers needed. ```bash $ cd jsonwebtoken/dist $ sudo docker-compose up ``` ![image](https://hackmd.io/_uploads/Hyv2Qb_Cyg.png) Similarly, you can also add an argument `-d` to detach the docker terminal. Then the docker container will run in the background instead. ```bash $ sudo docker-compose up -d ``` After that, you can access the challenge via the mapped local port. You will have to find the mapped local port from the `docker-compose.yaml`/`compose.yaml`. In this case, you can access the challenge via http://localhost:5000. ![image](https://hackmd.io/_uploads/BJO-EbdCJx.png) :::info **Note**: In MacOS (at least on my computer), port `5000` by default occupied by the `Control Center` (控制中心). ![image](https://hackmd.io/_uploads/SySdH-_AJe.png) So you may need to map it with another port by changing the value inside the `docker-compose.yaml`/`compose.yaml`, e.g. `1337:5000` - then you can access the challenge via the newly mapped port, http://localhost:1337/ ![image](https://hackmd.io/_uploads/HkaHIbdRyg.png) ::: 3) **<ins>Author didn't provide any `Dockerfile` nor `docker-compose.yaml`</ins>** In this case, you will need to find a way to host your challenge locally... There are different ways to build a web server locally, which you may need to Google for the solution lu UwU In some cases, you may use some docker images to finish the job. Just copy some previous CTF challenges and follow those formats to build one. In our Blackb6a Intensive Study (aka Co-leaning project), sometime we may forgot to include the `Dockerfile` from the original challenge. Then you may need to head back to the original challenge repo to grab the environment files.