From ba1a9f9666eda87f6da129d5b810a3e8aa21a797 Mon Sep 17 00:00:00 2001 From: Gwyneth Pena-Siguenza Date: Mon, 9 Feb 2026 13:02:37 -0500 Subject: [PATCH 1/2] clarify validation messge --- README.md | 2 +- ctf_setup.sh | 12 +++++++++--- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index f04a38f..e7f3a78 100644 --- a/README.md +++ b/README.md @@ -53,7 +53,7 @@ verify export > [!IMPORTANT] > Enter your GitHub username **exactly** as it appears on GitHub—no `@` symbol, no extra spaces, no special characters. For example: `verify export octocat` not `verify export @octocat`. The verification system will reject tokens with incorrect usernames. -This generates a cryptographically signed token you can use to verify your completion at [learntocloud.guide/phase2](https://learntocloud.guide/phase2). +Save the token it generates — you'll need it to verify your progress at [learntocloud.guide](https://learntocloud.guide). ## Tips diff --git a/ctf_setup.sh b/ctf_setup.sh index a1c4961..122e190 100644 --- a/ctf_setup.sh +++ b/ctf_setup.sh @@ -319,7 +319,7 @@ export_certificate() { echo "Example: verify export octocat" echo "" echo "⚠️ Use your GitHub username! This will be verified when you" - echo " submit your token at https://learntocloud.guide/phase2" + echo " submit your token at https://learntocloud.guide" return 1 fi local github_username="$1" @@ -424,8 +424,10 @@ TOKENEOF echo " 🎫 VERIFICATION TOKEN " | lolcat echo "============================================================" | lolcat echo "" - echo "To verify your completion:" - echo " 1. Go to https://learntocloud.guide/phase2" + echo "⚠️ Save this token! You'll need it to verify your progress" + echo " at https://learntocloud.guide" + echo "" + echo " 1. Go to https://learntocloud.guide" echo " 2. Sign in with GitHub (as: $github_username)" echo " 3. Paste the token below" echo "" @@ -508,6 +510,10 @@ Usage: To capture first flag, run: verify 0 CTF{example} +When you complete all challenges, run: verify export +Save the token it generates — you'll need it to verify your +progress at https://learntocloud.guide + Good luck! Team L2C From 9104b90a47105104b73f72ccc48fc759fb426874 Mon Sep 17 00:00:00 2001 From: Gwyneth Pena-Siguenza Date: Thu, 12 Feb 2026 07:35:48 -0500 Subject: [PATCH 2/2] Refactor challenge progress tracking to use shared directory and improve permissions --- .../skills/ctf-testing/test_ctf_challenges.sh | 4 +-- README.md | 2 +- ctf_setup.sh | 32 ++++++++++++------- 3 files changed, 24 insertions(+), 14 deletions(-) diff --git a/.github/skills/ctf-testing/test_ctf_challenges.sh b/.github/skills/ctf-testing/test_ctf_challenges.sh index 00e2c0f..1b0b183 100644 --- a/.github/skills/ctf-testing/test_ctf_challenges.sh +++ b/.github/skills/ctf-testing/test_ctf_challenges.sh @@ -87,7 +87,7 @@ if [ -f "$REBOOT_MARKER" ]; then if [ -f "$PROGRESS_SNAPSHOT" ]; then EXPECTED=$(cat "$PROGRESS_SNAPSHOT") - ACTUAL=$(sort -u ~/.completed_challenges 2>/dev/null | wc -l) + ACTUAL=$(sort -u /var/ctf/completed_challenges 2>/dev/null | wc -l) if [ "$ACTUAL" -ge "$EXPECTED" ]; then pass "Progress persisted after reboot ($ACTUAL challenges)" else @@ -652,7 +652,7 @@ echo "Flags captured: ${#FLAGS[@]}" echo "" if [ "$WITH_REBOOT" = true ] && [ $FAILED -eq 0 ]; then - sort -u ~/.completed_challenges 2>/dev/null | wc -l > "$PROGRESS_SNAPSHOT" + sort -u /var/ctf/completed_challenges 2>/dev/null | wc -l > "$PROGRESS_SNAPSHOT" touch "$REBOOT_MARKER" echo "Reboot marker created. Re-run after reboot to verify services." exit 100 diff --git a/README.md b/README.md index 33ad2d9..458d1b3 100644 --- a/README.md +++ b/README.md @@ -53,7 +53,7 @@ verify export > [!IMPORTANT] > Enter your GitHub username **exactly** as it appears on GitHub—no `@` symbol, no extra spaces, no special characters. For example: `verify export octocat` not `verify export @octocat`. -Save the token it generates — you'll need it to verify your progress at [learntocloud.guide](https://learntocloud.guide). +Save the token it generates — you'll need it to verify your progress at [learntocloud.guide/phase1](https://learntocloud.guide/phase1). ## Tips diff --git a/ctf_setup.sh b/ctf_setup.sh index 9bec4e4..2515679 100644 --- a/ctf_setup.sh +++ b/ctf_setup.sh @@ -97,6 +97,7 @@ cd /home/ctf_user/ctf_challenges || { echo "Failed to change directory"; exit 1; # ============================================================================= sudo mkdir -p /etc/ctf +sudo chmod 711 /etc/ctf cat > /tmp/ctf_hashes << HASHEOF $(for i in {0..18}; do echo "${FLAG_HASHES[$i]}"; done) HASHEOF @@ -105,7 +106,12 @@ sudo chmod 644 /etc/ctf/flag_hashes echo "$INSTANCE_ID" | sudo tee /etc/ctf/instance_id > /dev/null echo "$VERIFICATION_SECRET" | sudo tee /etc/ctf/verification_secret > /dev/null -sudo chmod 644 /etc/ctf/instance_id /etc/ctf/verification_secret +sudo chmod 644 /etc/ctf/instance_id +sudo chmod 600 /etc/ctf/verification_secret + +# Shared progress directory (so root and non-root users share the same progress) +sudo mkdir -p /var/ctf +sudo chmod 777 /var/ctf sudo tee /usr/local/bin/verify > /dev/null << 'EOFVERIFY' #!/bin/bash @@ -119,7 +125,7 @@ fi mapfile -t ANSWER_HASHES < "$HASH_FILE" INSTANCE_ID=$(cat /etc/ctf/instance_id 2>/dev/null || echo "") -VERIFICATION_SECRET=$(cat /etc/ctf/verification_secret 2>/dev/null || echo "") +VERIFICATION_SECRET=$(sudo cat /etc/ctf/verification_secret 2>/dev/null || echo "") CHALLENGE_NAMES=( "Example Challenge" @@ -165,7 +171,8 @@ CHALLENGE_HINTS=( "A disk image file exists on the system. Try mounting it with 'sudo mount -o loop ' to explore its contents." ) -START_TIME_FILE=~/.ctf_start_time +PROGRESS_FILE=/var/ctf/completed_challenges +START_TIME_FILE=/var/ctf/ctf_start_time check_flag() { local challenge_num=$1 @@ -185,9 +192,9 @@ check_flag() { else echo "✓ Correct flag for Challenge $challenge_num!" fi - echo "$challenge_num" >> ~/.completed_challenges - sort -u ~/.completed_challenges > ~/.completed_challenges.tmp - mv ~/.completed_challenges.tmp ~/.completed_challenges + echo "$challenge_num" >> "$PROGRESS_FILE" + sort -u "$PROGRESS_FILE" > "${PROGRESS_FILE}.tmp" + mv "${PROGRESS_FILE}.tmp" "$PROGRESS_FILE" else echo "✗ Incorrect flag. Try again!" fi @@ -196,8 +203,8 @@ check_flag() { show_progress() { local completed=0 - if [ -f ~/.completed_challenges ]; then - completed=$(sort -u ~/.completed_challenges | wc -l) + if [ -f "$PROGRESS_FILE" ]; then + completed=$(sort -u "$PROGRESS_FILE" | wc -l) completed=$((completed-1)) # Subtract example challenge fi echo "Flags Found: $completed/18" @@ -232,7 +239,7 @@ show_list() { echo "======================================" for i in {0..18}; do local status="[ ]" - if [ -f ~/.completed_challenges ] && grep -q "^${i}$" ~/.completed_challenges; then + if [ -f "$PROGRESS_FILE" ] && grep -q "^${i}$" "$PROGRESS_FILE"; then status="[✓]" fi if [ $i -eq 0 ]; then @@ -260,8 +267,8 @@ show_hint() { export_certificate() { local completed=0 - if [ -f ~/.completed_challenges ]; then - completed=$(sort -u ~/.completed_challenges | wc -l) + if [ -f "$PROGRESS_FILE" ]; then + completed=$(sort -u "$PROGRESS_FILE" | wc -l) completed=$((completed-1)) fi @@ -492,6 +499,7 @@ sudo chmod 777 /opt/systems/config/system.conf # Challenge 6: Service discovery echo "${FLAGS[6]}" | sudo tee /etc/ctf/flag_6 > /dev/null +sudo chmod 600 /etc/ctf/flag_6 cat > /usr/local/bin/secret_service.sh << 'EOF' #!/bin/bash FLAG=$(cat /etc/ctf/flag_6) @@ -536,6 +544,7 @@ sudo sed -i "/^nameserver/s/$/${FLAGS[9]}/" /etc/resolv.conf # Challenge 10: Remote upload echo "${FLAGS[10]}" | sudo tee /etc/ctf/flag_10 > /dev/null +sudo chmod 600 /etc/ctf/flag_10 cat > /usr/local/bin/monitor_directory.sh << 'EOF' #!/bin/bash DIRECTORY="/home/ctf_user/ctf_challenges" @@ -627,6 +636,7 @@ sudo chmod 644 /etc/cron.d/ctf_secret_task # Challenge 14: Process Environment echo "${FLAGS[14]}" | sudo tee /etc/ctf/flag_14 > /dev/null +sudo chmod 600 /etc/ctf/flag_14 cat > /usr/local/bin/ctf_secret_process.sh << 'EOF' #!/bin/bash export CTF_SECRET_FLAG=$(cat /etc/ctf/flag_14)