HC's Capture the Flag site
Capture the Flag gameserver

Gameserver testscript layout

The gameserver communicates with your services through testscripts. For each service you will have in your CTF you have to write a testscript. Testscripts can be written in any programming lauguage that allows the result (your testscript) to be executed from a command line shell. (i.e., ANSI C, python, ruby, perl, ...)

Not recommended are languages like java, which have a huge performance gain when running long-term (like the scoring bot itself), but have a lousy performance when started up and quit multiple times a minute.

All testscripts must reside in the subdir scripts/ of the gameserver installation. They must have the executable flag set (i.e., chmod 0755 scripts/* will do the trick)

Execution of a testscript

A testscript is invoked like this:

scripts/TESTSCRIPT store|retrieve IP FLAGID FLAG

The first parameter specifies the action, store or retrieve. Store means the script has to store the specified flag on the service running on IP. Retrieve means the script has to try to receive the flag from the specified IP.

Scripts must return a value indicating success or failure.

Flags and Flag IDs

While a flag ID is generated for you, you may, at your discretion, generate your own. The flag ID passed to your script is generated by SHA1-hashing the flag and returning the first eight bytes of the hexadecimal value of the hash. But that may change.

If you need the flag ID to have a certain format -- for example, the studbot testscript required the flag ID to be an integer value -- you may choose to generate your own flag ID. Use any hash convenient to you, or simply use a truncated flag as flag ID. The one important thing is that your flag ID generation routine must be collision resistant for about 200-20000 flags, depending on flag service interval and duration of the CTF.

Example testscript

For real live examples, download the Da-op3n 2008 testscripts. To get started, use the python testscript template.


If you want to deploy the gameserver in your own CTF and have questions or suggestions, please contact me via email. You may encrypt the message at your discretion. Check the Impressum link at the bottom of this page for contact information.

$Id: testscripts.html 481 2008-12-04 20:30:21Z hc $ Impressum