First of all, thank you for willing to contribute in making this event a memorable one.
- Fork the repository
- Clone the forked repository
git clone https://github.com/${your_username}/BSides-Algiers-2k21-CTF-Quals - Make a separate branch
git checkout -b add-category-challenge-name - Make changes locally
- Add the affected files
git add category/challenge-name - Commit your changes
git commit -m "sample commit message - Push your changes
git push origin add-category-challenge-name - Make a Pull Request.
You can contribute in many different ways:
You got a nice idea of a challenge that you want to add to the repository? Great, but before you do so, please consider some rules and guidelines first:
-
Quality of the challenge: Do's & Don'ts:
- Don't plagiarize and submit challenges from past CTF contests, your challenge should be authentic. Instead, you can get some inspiration from them.
- Don't make a challenge that involves:
- Guessing
- Excessive brute forcing
- Use of publicly available exploits (CVEs)
- Don't make Steganography challenges unless the idea is amazing and perhaps teaches the player something new and useful.
- Don't use spaces in directory and filenames, use dashes (-) or (exclusive) underscores (_) instead.
- Do create a separate directory for your challenge with a coherent name, and put it inside the appropriate category folder.
- Do initialize each challenge with a
README.mdfile (where the write-up will reside) and achallenge.yamlfile. (to make its deployment easier with ctfcli) - Do write clean code for your challenge source code, this is highly appreciated.
- Do make a fun challenge that will teach or remind the player about an important concept.
- Do be creative in your challenge name, description and flag. The flag should be related to the challenge in some way.
-
Submitting your challenge: If your challenge respects the previous section, here's how to submit it:
- Make a separate branch with a coherent name. (e.g. add-{category_name}-{challenge_name})
- Commit and push the changes to the forked repository.
- Open up a PR so the challenge gets reviewed and tested before being merged to the master branch.
-
Optional: You can make work easier for us by:
- Dockerizing your challenge. (mainly if it is a pwn or web challenge)
- Testing your challenge and making sure it works as intended and there's no easy unintended solution.
- Making a write-up for the intended solution you had in mind while designing the challenge:
- It should be written in markdown.
- It should be included with the
README.mdfile of the challenge.
Here's a table describing the impact of the amount of work and inspiration on the quality of a challenge:
| Tasks that need ⬇️+➡️ are | little work | some work | a lot of work | too much work |
|---|---|---|---|---|
| little inspiration | Very easy | Relaxing/Disappointing | Uninteresting | Boring |
| some inspiration | Easy/Satisfying | Fun | Exhausting | Frustrating |
| a lot of inspiration | Surprising/Insightful | Challenging | Very hard | Very frustrating |
| too much inspiration | Guessy |
Frustrating |
Very frustrating |
Unreasonable |
Source: ctf-design page 10.
If you have a great challenge idea but don't have the chance to make it, it's fine! You can still suggest the idea so other contributors take it, enhance it and make a challenge out of it.
To do so, open up a new issue and set the title to: "challenge idea: brief description of the idea", in the description, describe your challenge idea in details.
In case there are challenges that need be run inside a container but didn't get dockerized yet, you can write a Dockerfile for them and submit your PR.
Review other contributors' challenges and suggest improvements for them, for example:
- Cleaning, refactoring and reformatting the source code.
- Fixing bugs in the challenge.
- Other enhancements you judge being helpful.
You can also contribute by testing challenges. To do so, you would have to deploy the challenge locally and solve it in black box, as if you were a CTF player who doesn't have access to the source code. After solving the challenge, submit a write-up for it in markdown syntax to be integrated in this repository.
Any other way of contributing that comes into your mind!
At the end, I want to say thank you again to everyone willing to contribute to this event, you're the best!