eBPF
Summit 2021
eBPF Summit, a virtual event, targeted at DevOps, SecOps, platform architects, and developers is open for registration.
Capture The Flag
Welcome to the first-ever eBPF-themed Capture the Flag (CTF) event. The CTF is open to everyone, please see below how to participate. The CTF will feature 3 stages which can be solved separately, each stage will be unlocked and open to solving 24h before the respective live solving session hosted at the eBPF Summit & the eCHO live-stream.
How to Participate
- 1Register for the eBPF Summit 2021.
- 2Visit this site 24h before the live solving sessions for information on how to access each individual stage.
- 3Join the eBPF Summit and eCHO live-stream to attend the entertaining CTF live solving sessions moderated and commentated by Tabitha Sable.
Live Solving Sessions
Stage 1
Aug 18, 10:50am PT, 19:50 CET – eBPF Capture the Flag (CTF) #1Stage 2
Aug 19, 10:55am PT, 19:55 CET – eBPF Capture the Flag (CTF) #2Stage 3
Aug 20, 7am PT, 15:00 CET – eCHO Live StreamInstructions
Stage 1
The Story So Far
You have a bad feeling about this.
You, Jephen’Tsa, have always kept away from politics, and you live a quiet life on the planet Berpaffyl, in the Kloudna system. You’re a beekeeper, and extracting honey from the giant bees living on the planet does not leave you much time to think about conflicts raging at the other end of the quadrant.
But politics caught up with you. The Empire has taken an interest in the planet, imposed a blockade, and seized various assets, including your hives. Your dear, cherished hives and bees, now aboard a Star Destroyer! They said you’d get them back. Of course, they would. But the bureaucrats from the Empire are not renowned for keeping their word, and you don’t believe them. There must be something you can do?
From a friend of a friend, a Mon Calamari going under the name Blue Hex that you met on a speedbike ride, you have heard that a moon in a neighbor system might be hosting more friends—the Rebel Alliance. After a few days of reflection you contact her again to ask if she knows how to pass the blockade to reach them. There is a way, she says, to bypass the jamming signals and eavesdrop the passphrase required for passing the checkpoint. You board the Yellow Stripe, your small aircraft, you take off and you head towards the imperial cruisers…
Prerequisites
This challenge requires Docker and a recent Linux kernel with eBPF and WireGuard support enabled (5.6+, although Ubuntu 20.04 with kernel 5.4 and backported Wireguard support is known to work).
We recommend running it with Fedora CoreOS on an
always free e2-micro
instance on Google Cloud:
VM_NAME=ebpf-summit-ctf1 # Create VM gcloud compute instances create $VM_NAME \ --machine-type=e2-micro \ --zone=us-central1-a \ --image-project=fedora-coreos-cloud \ --image-family=fedora-coreos-stable # Fix docker permissions gcloud compute ssh --zone=us-central1-a core@$VM_NAME -- sudo setfacl --modify user:core:rw /var/run/docker.sock # Log in gcloud compute ssh --zone=us-central1-a core@$VM_NAME # Delete VM (when done) gcloud compute instances delete --zone=us-central1-a $VM_NAME
Task
Your objective is to receive a secret from a UDP server. The server is running
in the berpaffyl
network namespace and is accessible via a
WireGuard tunnel with the 100.202.1.1
IP address.
To send a request to that IP, you can use
echo | netcat -u 100.202.1.1 1138
.
Unfortunately, a jamming signal was installed. You can see it with
iptables-save -c
. You are not allowed to remove it but you are
allowed to bypass it.
Your ally mentioned the existence of a /bpf
directory, which you
might find useful.
The CTF challenge itself needs to run as a privileged container. Start the challenge as follows:
sudo docker run --privileged --name ctf-1 --rm --tty --interactive "quay.io/isovalent/ebpf-summit-2021-ctf-challenge-1"
To create a new terminal:
sudo docker exec -ti ctf-1 /bin/bash
Rules
- Do not add or remove any iptables rules. The goal of the challenge is to solve it using eBPF only.
Good luck!
Hints
A mysterious entity has reached out on your Holocomm while you were flying towards the imperial ships. There are three hints available to help you evade the blockade if you feel stuck, they said. But beware! Each clue you read may bring you a little bit closer to the Dark Side! (The hints are ordered, start with number 1.)
Stage 2
The Story So Far
It was a trap!
After the Empire invaded your home planet and stole your hives, you, Jephen’Tsa, joined the Rebel Alliance and helped them retrieve secret information about the Death Star… Or so you thought. Blue Hex, your former ally, has turned coat! She never went to the Death Star. While she had you believe you hacked into the Death Star controls, she just stole data from a smaller ship for her own account, and secretly implanted a tracer for your communications. Now the Empire has found your base, and made you a prisoner!
Some Rebels managed to flee, but you have been taken aboard the Grim Hornet, a Star Destroyer, the Empire’s flagship now controlling the whole solar system. On the way to your cell, you soon manage to escape from your escort of stormtroopers. Ha! That’s what happens when they take you on the same ship as your bees and don’t bother confiscating your remote control for the hives’ hatches. After a few epic moments involving laser shots, multiple stings, various explosions, and even a lightsaber duel—the Force is strong with you—you reach the control room of the ship.
You now have a unique chance to reverse the situation. You are logged in into the system, and you know that there is a passphrase to temporarily deactivate the whole fleet. The remaining Rebels are outside, only waiting for a chance to neutralize the imperial ships. But will you manage to lift the measures protecting that secret? The destiny of your planet is in your hands. May the Force be with you!
Prerequisites
This challenge requires Docker and a recent Linux kernel with BTF support. We
recommend running it with ContainerOS M93 on an
always free e2-micro
instance on Google Cloud:
VM_NAME=ebpf-summit-ctf3 # Create VM gcloud compute instances create $VM_NAME \ --machine-type=e2-micro \ --zone=us-central1-a \ --image-project=cos-cloud \ --image-family=cos-dev # Log in gcloud compute ssh --zone=us-central1-a $VM_NAME # Delete VM (when done) gcloud compute instances delete --zone=us-central1-a $VM_NAME
Task
The CTF challenge itself needs to run as a privileged container. Start the challenge as follows:
sudo docker run --privileged --name ctf-3 --rm --tty --interactive "quay.io/isovalent/ebpf-summit-2021-ctf-challenge-3"
Your objective is to receive a secret from a TCP server. The server must be
accessed via the loopback device (i.e. localhost
) and is
listening on port 1977. Try to access it (from inside the CTF container) as
follows:
curl localhost:1977
As you will notice, there are some security measures in place which will
prevent you from accessing this server. Your task is to disable these security
measures so that the above curl
command can succeed.
Good luck!
Stage 3
The Story So Far
You are Jephen’Tsa, former beekeeper, and active member of the Rebel Alliance now that the Empire has invaded your home planet. You only joined recently, but the Alliance is, well, pretty much understaffed, and given your recent achievements to escape a blockade, you already got a top-priority assignment. Blue Hex, a fellow member, has stolen a terminal from a stormtrooper. She’s confident that, with the help of a new imperial tool, it could give you access to the management systems of the Death Star, no less!
While you study the stolen terminal in the base, Blue Hex takes her X-wing and flies towards the gigantic station somewhere in the Inner Rim, relying on you to lift the restrictions so she can infiltrate the system. Do your best!
Task
Your friend x-wing
needs to connect to the Death Star's
management system (death-star
), but communications seem to be
blocked. There may be some sort of eBPF-based firewall in place. Luckily you
were able to get access to a stormtrooper's unmonitored terminal
(stormtrooper
) and will hopefully be able to open a breach in the
firewall to allow communications to flow.
Prerequisites
Mandatory Preparation Steps
minikube start --network-plugin=cni cilium install cilium hubble enable
minikube kubectl -- create ns inner-rim minikube kubectl -- apply -n inner-rim -f https://isogo.to/ctf2-yaml
Rules
-
Everything that you are able to do within the pod
stormtrooper-XXXXXX-yyyyy
is allowed. The instructions on how to enter this pod are provided below, in the Start section. -
You can open editor.cilium.io, a
brand new technology deployed by the Empire, and interact with it freely and
copy/paste from there into the
stormtrooper-XXXXXX-yyyyy
pod. - Everything else is forbidden.
Start
When you are ready to start, run
minikube kubectl -- exec -n inner-rim -ti deployment/stormtrooper -- bash
Good luck!