Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/slayingripper/minibox
A Cheap miniture pentest trainer for Beginners
https://github.com/slayingripper/minibox
arduino ctf cybersecurity esp8266 hardware
Last synced: 2 months ago
JSON representation
A Cheap miniture pentest trainer for Beginners
- Host: GitHub
- URL: https://github.com/slayingripper/minibox
- Owner: Slayingripper
- License: apache-2.0
- Created: 2024-07-05T18:28:20.000Z (6 months ago)
- Default Branch: main
- Last Pushed: 2024-10-03T22:15:06.000Z (3 months ago)
- Last Synced: 2024-10-12T23:05:52.809Z (2 months ago)
- Topics: arduino, ctf, cybersecurity, esp8266, hardware
- Language: C++
- Homepage: https://hackaday.io/project/197563-building-the-minibox-ctf-trainer-on-the-esp8266
- Size: 161 KB
- Stars: 2
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# MiniBox CTF Trainer
![Images/minibox.jpg](Images/minibox.jpg)This project is a Capture the Flag (CTF) training platform designed to run on an ESP8266 microcontroller. It offers a variety of challenges, including web-based puzzles, cryptographic tasks, and wireless network-related challenges. The purpose of this project is to provide an interactive way to practice CTF skills in a small, embedded environment.
## Features
- **LED Control**: Turn the onboard LED on or off via web API.
- **Client Management**: Display the number of clients connected to the ESP8266 access point.
- **Wireless Scanning**: Scan for available wireless networks.
- **Buzzer Control**: Play a melody on a connected buzzer.
- **Caesar Cipher Challenge**: Respond with a Caesar ciphered flag when accessing a specific endpoint.
- **HTTP Authentication**: Optionally secure API endpoints with basic HTTP authentication.
- **Dynamic Challenge Levels**: Switch between easy and hard difficulty levels.## Hardware Requirements
- ESP8266 (e.g., NodeMCU or Wemos D1 Mini)
- Buzzer (optional, for the sound challenge)
- LEDs (optional, for the LED control challenge)## Software Requirements
- Arduino IDE
- ESP8266 Board Package for Arduino IDE
- Libraries:
- `ESP8266WiFi.h`
- `ESP8266WebServer.h`## Installation
1. **Clone the Repository**:
```sh
git clone https://github.com/yourusername/MiniBox-CTF-Trainer.git
cd MiniBox-CTF-Trainer
```2. Open the Project:
3. Open the CTF.ino file in the Arduino IDE.4. Install Required Libraries:
Make sure the ESP8266 board package and necessary libraries are installed in your Arduino IDE.Upload the Code:
Connect your ESP8266 to your computer and upload the code.5. Connect to the ESP8266:
After uploading, the ESP8266 will create a Wi-Fi access point named MiniBox-CTF.
Connect to the access point using the password yourpassword.Access the CTF Platform:
Open a web browser and navigate to http://192.168.4.1 to access the CTF interface.
## API Endpoints
/Description: Displays the main CTF page with hints and ASCII art.
Method: GET## /api/led/on
Description: Turns on the onboard LED.
Method: GET## /api/led/off
Description: Turns off the onboard LED.
Method: GET## /api/clients
Description: Shows the number of connected clients and their MAC addresses.
Method: GET## /api/scan
Description: Scans for available Wi-Fi networks.
Method: GET## /api/buzzer/play
Description: Plays a melody on the buzzer.
Method: GET## /submitFlag
Description: Submits a CTF flag for validation.
Method: POST
Request: The flag should be sent in the request body as {"flag": "FLAG_VALUE"}.## /TimeNewRoman
Description: Responds with a Caesar cipher of a flag.
Method: GET## Challenge Levels
Easy Mode: All API endpoints are accessible without authentication.
Hard Mode: Randomized HTTP Basic Authentication is required to access the API endpoints.## Usage Example
Turn on the LED:
Make a GET request to /api/led/on.Submit a Flag:
Make a POST request to /submitFlag with a JSON body:json
{
"flag": "FLAG_123"
}Caesar Cipher Challenge:
Access the /TimeNewRoman endpoint to receive a Caesar ciphered flag.Hints
LED Challenge: Control the LED to solve the challenge.
Client Count: Check how many clients are connected. Hidden clues might be embedded in the response.
Buzzer Challenge: Listen closely to the melody played by the buzzer. There might be a clue!
Caesar Cipher: Try to decode the Caesar cipher to reveal the hidden flag.Contributing
Contributions are welcome! Please fork the repository and submit a pull request with your changes.
### TODO
- [x] Add README.md
- [ ] Add more challenges
- [ ] Improve the web interface
- [ ] Add a scoring system
- [ ] refactor the code
- [ ] inlude Schematic