Least Privilege CTF is an extension of Thunder CTF. Both were built based on Google Cloud Platform. Least Privilege levels have been desgined to help understand Google Cloud Platform's IAM roles and permissions. Related GCP documentaion can be found here. Least Privilege levels do not have "secret". Instead, at each level you should get a success message similar to below:
- First, create a new google cloud project and and enable billing for it. The deployment should ideally be done on a new to ensure that playing the levels won't affect your existing or future work on GCP. Players new to Google Cloud can get a free $300 credit here.
- Second, the CTF is played through Cloud Shell which is accessible in the GCP console by clicking on the Cloud Shell icon.
Open Cloud Shell and run the following commands to set up the CTF:
# Optional: Can skip if cloud shell is started from the project you want to use
gcloud config set project [PROJECT-ID]
virtualenv -v env-tctf
source env-tctf/bin/activate
#For reviewers, we suggest you to upload source codes to your own repo or make a copy in Google Cloud Console
git clone https://github.com/[YOUR REPO]/[YOUR-DIRECTORY].git
cd [YOUR-DIRECTORY]
pip3 install -r requirements.txt
python3 thunder.py activate_project $GOOGLE_CLOUD_PROJECT
A full list of commands can be found by running:
python3 thunder.py help
You are now ready to play. Create level with command below:
python3 thunder.py create leastprivilege/roles
If deployment is successful, a list of function entrypoints will be printed in Cloud Shell. You can also find them in start/roles.txt . Click each entrypoint link to see its associated level instruction. Note: If level requires creating custom role, you have to create the role with the exact ID specified in level instruction
Don't forget to destroy levels after you are done using the command below:
python3 thunder.py destroy