Introducing Our Linux based CTF Exam: A Hands-On Learning Experience
We are introduce our newly prepared Linux Capture the Flag (CTF) exam, designed to challenge and enhance students’ problem-solving skills in a real-world environment. Using OverTheWire-Bandit-based questions, we have crafted educational experience that pushes the boundaries of traditional learning.
Exam Structure
Our Linux CTF exam consists of 16 questions. For each student assigned two servers:
Server 1: Hosts the questions. We implemented here CTFd.
Server 2: Acts as the attack target where students need to find the password for the next level as a flag. We used Linux Ubuntu.
During the examination, students will receive instructions like the following:
Connect to Server A using the link provided on the screen (http://serverip) and complete the tasks.
Username: username
Password: password
Technical Specifications
Host Server Specifications: 2x Intel® Xeon® CPUs, 256GB of RAM (DDR3), and over 1TB of disk space. In one exam, we utilized an SSD, while in another, we used a 10k RPM HDD.
Disk Space Allocation: For each student allocated 20GB of disk space.
Student Capacity: In our tests exam accommodated a 20 students at a time.
Tested Students: We have successfully tested the exam with over 50 students, ensuring a smooth and effective learning experience.
Preparation and Implementation
To ensure a setup and administration of the exam for attack server, we have developed a small Bash script. This script handles:
- Assigning exam flags.
- Changing user passwords on the Linux system.
Additionally, we use a JSON file to manage and update flags on the questions server, making the process efficient and easily adaptable.
Results and Feedback
Each exam session is designed to one hour. Our students provided valuable results:
- The fastest student completed the exam in 22 minutes.
- On average, students answered 40% of the questions correctly.
- During exam time, the host server’s load ranged between 15% and 20%. This indicates that our server has the capacity to handle up to 100 online students (200 VMs) simultaneously, providing a robust and scalable solution for large groups.
These results highlight both the challenge and the educational value of the exam, providing a balanced and rewarding experience for participants.
Conclusion
Our Linux CTF exam is a powerful tool for educators looking to provide hands-on, practical learning opportunities for their students. By simulating real-world scenarios and fostering critical thinking, this exam prepares students for future challenges in the field of cybersecurity.
We have published these exam servers and scripts on our site VM Box — Online to empower education in the cybersecurity field. This initiative aims to help educators offer students a unique opportunity to enhance their skills in a hands-on, real-world environment. For learners, it’s an excellent chance to try new CTF challenges and sharpen their problem-solving abilities in cybersecurity.
