Kibana CTF is an open source Kibana CTF challenge simulation using the open source product CTFd and the Elastic stack. This project is designed to modularize challenges so new challenges can be add in the future. To date, there are over 30 challenges. This project includes a script as you will see below that allows you to create a local CTFd instance and a local Elastic stack for trying out this CTF! In theory, the script can be used to import the challenges into your own CTFd instance or Elastic instance, but be warned that it could overwrite or cause undesired consequences to those instances if not careful. It is recommended that you use the script to spin up a unique localized instance using Docker and the steps below to perform this CTF. Please open any issues that you may find. Enjoy!
🎯 Goal: Have fun diving deep into Kibana!
🎶 Soundtrack: Spotify playlist - Get in the zone and use this playlist while doing the CTF!
Features:
- Discover challenges (10)
- ES|QL challenges (10)
- Dashboard challenges (12)
- Documented deploy/setup instructions
- Assisted setup with PowerShell 7 script
- Share with community!
- Documentation on creating new challenges!
- PowerShell 7.5+ (For Setup [Manual/Automated])
- Docker
- Elastic Stack (Kibana and Elasticsearch 8.17+/9.0+ - 9.1.3+ Recommended) -> Can be downloaded and set up using included script!
- CTFd (Latest) -> Can be downloaded and set up using included script!
./Invoke-Kibana-CTF-Setup.ps1
====================================================
Welcome to the Kibana CTF Setup Script! 🚀
====================================================
What would you like to do?
[1] 🏁 Deploy CTFd
[2] ⚙️ Deploy Elastic Stack
[3] 🚩 Import Flags (CTFd) + Challenges (Elastic Stack)
[4] 🗑️ Delete CTFd
[5] 🗑️ Delete Elastic Stack
[6] 🔍 Check for Requirements
[7] 🤖 Deploy everything from scratch (Recommended)
Q. Quit
Enter your choice:
git clone https://github.com/nicpenning/kibana-ctf.git
cd kibana-ctf
pwsh
./Invoke-Kibana-CTF-Setup.ps1
Note: Run Option 6. Check for Requirements, then proceed to the next step if your environment meets the requirements.
b. Go to settings, create the API Access Token and copy for later since you will not be able to see them after dismissing that pop up window. (No worries if you forget, you can create one later.)
Go to the Kibana CTF space and be ready to start the CTF using the provided credentials from the setup:
user: kibana-ctf
password: kibana-ctf--please-change-me
Now you need to create your CTFd user for completing the challenges. Open up CTFd and sign out of the admin account you created before and register your Kibana CTF user by going here: http://127.0.0.1:8000/register. Once that user is created and is logged into, you now have both the CTFd and Kibana users ready to fully participate in the CTF. Spin up 🎶 Spotify in an extra tab, hit play, then good luck and have fun! 🚀
Challenges are stored in the challenges directory and each challenge is part of a category and contains files necessary to build the challenge in CTFd and then populate the challenge in the Elastic stack. Don't look at these files if you wish to challenge yourself! These challenges are modular so more can be added later or tweaked as needed. Inside of the challenges directory, there are files as follows:
Discover/
├── 1/ # Challenge Number (first challenge in the Discover category)
│ ├── challenge_manifest.psd1 # Declares the files required for this challenge (Required)
│ ├── ctfd_challenge.json # Challenge metadata for CTFd (Required)
│ ├── ctfd_flag.json # Actual flag for CTFd (Required)
│ ├── ctfd_hint.json # Optional hint for CTFd (Optional)
│ ├── elastic_import_script.ps1 # PowerShell script to generate challenge data in Elastic (Optional)
│ └── elastic_saved_objects.ndjson# Saved objects for Elastic stack (Optional)
With this manifest model, each challenge folder must include a challenge_manifest.psd1 file. This manifest declares which files belong to the challenge, allowing the setup script to automatically discover and import them.
For more details on how challenges can be created, check out the documentation.
Thank you to all those who took the time to try this out, work out the bugs, and make it what it is today before the public release. You know who you are! Thank you!
Everyone else, feel free to give this CTF a go, submit issues as you find them and if you are bold enough, try your hand at creating your own challenge and share it with the community. Pull requests are most certainly welcome!
Note: You can grab the Ubuntu IP by running this from your Ubuntu WSL2 host: ip addr | grep eth0:
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
inet **172.25.93.23**/20 brd 172.25.95.255 scope global eth0
25: veth06010d4@if24: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-765cf15dc8a1 state UP group defaultThen from Powershell you can set up a port proxy to allow traffic to your system that is hosting the CTF and direct those to your internal setup by running this command (make sure to adjust to your IP addresses accordingly):
$local_IP = "192.168.86.90" # Replace this with your local IP address
$wsl2_IP = "172.25.93.23" # Replace this with your WSL2 IP address - See example above on how to obtain this
netsh interface portproxy add v4tov4 listenport=31337 listenaddress=$local_IP connectport=8000 connectaddress=$wsl2_IPDoing the step above then allows access to your computer from http://192.168.86.90:31337 since it will forward any traffic from other devices to the WSL2 IP of 172.25.93.24:8000 (which you can access locally).
If you have a Windows Firewall enabled, you will need to allow the port used above (ie TCP 31337).