GZCTF靶场从零开始搭建教程(一)＞＞单机部署

本教程根据以下内容创作

GZCTF官方文档: https://docs.ctf.gzti.me/zh
https://blog.csdn.net/a00221aa/article/details/138073077

使用环境如下:

Ubantu22.04 lts
Docker 24.0.7
docker-compose 1.29.2
GZCTF 0.18

一. 安装Docker, Docker-compose

sudo apt update
sudo apt install docker.io docker-compose

执行命令后, 检查是否成功安装

docker -v
docker-compose -v

二. 部署GZCTF

1.创建GZCTF部署目录

cd /
mkdir GZCTF
cd GZCTF

2. 编辑GZCTF配置文件appsettings.json, docker-compose.yml并保存于 /GZCTF 目录下

appsettings.json:

<Your POSTGRES_PASSWORD>设置为数据库密码
<Your PUBLIC_ENTRY> 需改为外部访问地址
<Your XOR_KEY> 设置为用于加密比赛私钥的随机字符串(任意填写即可)

{
  "AllowedHosts": "*",
  "ConnectionStrings": {
    "Database": "Host=db:5432;Database=gzctf;Username=postgres;Password=<Your POSTGRES_PASSWORD>"
  },
  "EmailConfig": {
    "SendMailAddress": "a@a.com",
    "UserName": "",
    "Password": "",
    "Smtp": {
      "Host": "localhost",
      "Port": 587
    }
  },
  "XorKey": "<Your XOR_KEY>",
  "ContainerProvider": {
    "Type": "Docker", // or "Kubernetes"
    "PortMappingType": "Default", // or "PlatformProxy"
    "EnableTrafficCapture": false,
    "PublicEntry": "<Your PUBLIC_ENTRY>", // or "xxx.xxx.xxx.xxx"
    // optional
    "DockerConfig": {
      "SwarmMode": false,
      "Uri": "unix:///var/run/docker.sock"
    }
  },
  "RequestLogging": false,
  "DisableRateLimit": true,
  "RegistryConfig": {
    "UserName": "",
    "Password": "",
    "ServerAddress": ""
  },
  "CaptchaConfig": {
    "Provider": "None", // or "CloudflareTurnstile" or "GoogleRecaptcha"
    "SiteKey": "<Your SITE_KEY>",
    "SecretKey": "<Your SECRET_KEY>",
    // optional
    "GoogleRecaptcha": {
      "VerifyAPIAddress": "https://www.recaptcha.net/recaptcha/api/siteverify",
      "RecaptchaThreshold": "0.5"
    }
  },
  "ForwardedOptions": {
    "ForwardedHeaders": 5,
    "ForwardLimit": 1,
    "TrustedNetworks": ["192.168.12.0/8"]
  }
}

docker-compose.yml:

<Your POSTGRES_PASSWORD> 设置为数据库密码, 与上文json文件的一致即可
<Your GZCTF_ADMIN_PASSWORD> 设置为初始管理员密码, 部署成功后默认管理员账户为Admin, 密码为该处值(不知为何, 我部署好后没有Admin用户)

version: "3.0"
services:
  gzctf:
    image: registry.cn-shanghai.aliyuncs.com/gztime/gzctf:develop
    restart: always
    environment:
      - "GZCTF_ADMIN_PASSWORD=<Your GZCTF_ADMIN_PASSWORD>"
      # choose your backend language `en_US` / `zh_CN` / `ja_JP`
      - "LC_ALL=zh_CN.UTF-8"
    ports:
      - "80:8080"
    volumes:
      - "./data/files:/app/files"
      - "./appsettings.json:/app/appsettings.json:ro"
      # - "./kube-config.yaml:/app/kube-config.yaml:ro" # this is required for k8s deployment
      - "/var/run/docker.sock:/var/run/docker.sock" # this is required for docker deployment
    depends_on:
      - db

  db:
    image: postgres:alpine
    restart: always
    environment:
      - "POSTGRES_PASSWORD=<Your POSTGRES_PASSWORD>"
    volumes:
      - "./data/db:/var/lib/postgresql/data"

3. 启动GZCTF

docker compose up -d

作者这里遇到几个坑:

a. 国内服务器可能无法pull镜像, 需配置镜像源

b. 如果使用Ubantu24.04或者其他版本, 可能会遇到如下报错

Traceback (most recent call last):
    File "/usr/bin/docker-compose", line 33, in <module>
    sys.exit(load_entry_point('docker-compose==1.29.2', 'console_scripts', 'docker-compose')())
                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
    File "/usr/lib/python3/dist-packages/compose/cli/main.py", line 81, in main
    command_func()
    File "/usr/lib/python3/dist-packages/compose/cli/main.py", line 200, in perform_command
    project = project_from_options('.', options)
                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
    File "/usr/lib/python3/dist-packages/compose/cli/command.py", line 60, in project_from_options
    return get_project(
            ^^^^^^^^^^^^
    File "/usr/lib/python3/dist-packages/compose/cli/command.py", line 152, in get_project
    client = get_client(
                ^^^^^^^^^^^
    File "/usr/lib/python3/dist-packages/compose/cli/docker_client.py", line 41, in get_client
    client = docker_client(
                ^^^^^^^^^^^^^^
    File "/usr/lib/python3/dist-packages/compose/cli/docker_client.py", line 170, in docker_client
    client = APIClient(use_ssh_client=not use_paramiko_ssh, **kwargs)
                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
    File "/usr/lib/python3/dist-packages/docker/api/client.py", line 197, in __init__
    self._version = self._retrieve_server_version()
                    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
    File "/usr/lib/python3/dist-packages/docker/api/client.py", line 221, in _retrieve_server_version
    raise DockerException(
docker.errors.DockerException: Error while fetching server API version: HTTPConnection.request() got an unexpected keyword argument 'chunked'

请参考如下:

https://stackoverflow.com/questions/78436274/trying-to-setup-docker-for-home-server-getting-chunked

如果你幸运的避开了这些坑, 运行

docker ps

会看到如下两个容器：

三. 进入靶场, 注册管理员

按照官方的文档, 理论上会有一个Admin用户, 密码为上文设置的, 但是如果你跟我一样没有Admin用户, 那么只能先注册一个用户, 再把其改为管理员(可以有多个管理员)

1. 先在靶场页面上创建一个用户

2. 进入服务器执行如下命令

docker compose exec db psql -U postgres

进入如下界面

再执行该条语句

\c gzctf

执行数据库语句, 比如(your_admin_user_name改为上文创建用户的用户名)

UPDATE "AspNetUsers" SET "Role"=3 WHERE "UserName"='your_admin_user_name';

再次登入这个用户就可以进入管理页面了

四. 创建比赛, 编辑题目

篇幅有限, 下篇文章介绍

欢迎关注微信订阅号催更