Connecting to Hosted CTFd Challenges
Our infrastructure automatically encrypts all communication to a challenge service and uses well known ports (23, 80, and 443).
Because typical tools like netcat provide no forms of encryption, you will need to use a seperate tool to connect to TCP based challenges on our infrastructure. However, if the underlying application is a web server, you can simply open the URL in a browser and it will work seamlessly (e.g.
If you wish to use netcat, you can also “Request a TCP Port” for your Hosted CTFd challenge by following the instructions here.
How to Connect
Below is a summary of the various ways that we recommend connecting.
We recommend using our snicat (sc) tool. Installation instructions are provided at the aforementioned link and snicat can be downloaded for Mac, Linux, and Windows.
snicat is designed to be very similar to netcat whilst providing vanity urls and encrypted connections.
❯ sc demo-challenge.chals.io (connected to demo-challenge.chals.io:443 and reading from stdin) ...
You do not have to provide any information besides the domain name.
For netcat you can do something like:
❯ nc server.cloud.chals.io 45678 ...
For PuTTY, you can configure PuTTY to use “Raw” mode under “Connection Type” and then provide the hostname and port. For example:
- Hostname: server.cloud.chals.io
- Port: 45678
from pwn import * remote("demo-challenge.chals.io", 443, ssl=True, sni="demo-challenge.chals.io")
snicat also has the ability to act as a reverse proxy to the underlying SNI server. For example:
❯ sc -bind 0.0.0.0:12345 demo-challenge.chals.io [listening] demo-challenge.chals.io:443 <= 0.0.0.0:12345
At this point the local port 12345 is now listening and forwarding connections to
demo-challenge.chals.io. Users can then connect to the 12345 port with netcat:
nc localhost 12345 [connect] localhost:57087 => demo-challenge.chals.io:443
Instead of providing a direct connection to a challenge, we’ve created a fallback proxy service that allows netcat to connect to challenge service without having to request a TCP port. If you must use netcat, connect to cloud.chals.io on port 23 and then enter in the target hostname.
❯ nc cloud.chals.io 23 Host: demo-challenge.chals.io ...
You can also use openssl to connect to an SNI service as described in the snicat README. It is a little wordy but it’ll work in a pinch.
openssl s_client -connect demo-challenge.chals.io:443 -servername demo-challenge.chals.io -quiet
We’re also providing a simple Python port of snicat. It’s designed to have no external dependencies and be simple to audit and read. It’s a single file that’s less than 50 lines!
python3 snicat.py demo-challenge.chals.io 443 ...