Setup
First, create a new google cloud project and enable billing for it. The deployment should ideally be done on a new to ensure that playing the levels won't affect your existing or future work on GCP. Players new to Google Cloud can get a free $300 credit here.
Second, the CTF is played through Cloud Shell which is accessible in the GCP console by clicking on the Cloud Shell icon
. Open Cloud
Shell and run the following commands to set up the CTF:
# Optional: Can skip if cloud shell is started from the project you want to use gcloud config set project [PROJECT-ID]
virtualenv -v env-tctf source env-tctf/bin/activate git clone https://github.com/NicholasSpringer/thunder-ctf.git cd thunder-ctf pip3 install -r requirements.txt gcloud services enable cloudresourcemanager.googleapis.com python3 thunder.py activate_project $GOOGLE_CLOUD_PROJECT
A full list of commands can be found by running:
python3 thunder.py help
Deploy:
You are now ready to play. Create each level individually.
# PrimitiveRole-Project python3 thunder.py create leastprivilege/pr # PredefinedRole-Storage python3 thunder.py create leastprivilege/pd1 # PredefinedRole-Compute python3 thunder.py create leastprivilege/pd2 # PredefinedRole-Logging python3 thunder.py create leastprivilege/pd3 # PredefinedRole-Datastore python3 thunder.py create leastprivilege/pd4 # PredefinedRole-Vision python3 thunder.py create leastprivilege/pd5 # CustomRole-Project python3 thunder.py create leastprivilege/ct1 # CustomRole-Storage python3 thunder.py create leastprivilege/ct2 # CustomRole-Compute python3 thunder.py create leastprivilege/ct3 # CustomRole-Logging python3 thunder.py create leastprivilege/ct4
Level Access:
Once the deployment is successful, the Cloud Shell will display either a single function entrypoint or a list of function entrypoints. You can also locate this information in either start/LEVEL_ABBR.txt (e.g. pr.txt) or start/roles.txt. To access further guidance on each level, simply click on its respective link. It is important to note that if the level requires the creation of a custom role, you must create the role using the precise ID specified in the level instruction.
Destroy:
Don't forget to destroy levels after you are done using the command below:
python3 thunder.py destroy
Survey:
We will be really apprecialte if you could rate our Least Privilege CTF here.
Your feedback is very important to us, since it will help developers optimize user experiences and extend level designs.