I’ve been playing a lot of CTFs this summer. My goal was obviously to brush up on my offensive security skills, but also to practice doing security writeups. I wanted to post the writeups on my blog and publish them as PDFs. Writing the whole thing in a document editor is miserable, I hate using document editors. Then doing the whole thing again as a blog post just means even more work. So, here’s the workflow I developed this summer to do my writeups once using markdown, and easily publish in both formats.
Here is the github repo for the my HTB Writeup Template.
Installation on Ubuntu
Note: If you use Debian or Mint it may work but your mileage here might vary.
- Install Latex via
sudo apt-get install texlive.
- Install Pandoc via
sudo apt-get install pandoc.
- Install the Pandoc Latex Template
- Download the latest version of the Eisvogel template from the release page.
- Extract the
tar.gzarchive and open the folder.
- Create a pandoc templates folder if it doesn’t exist at
- Move the template
eisvogel.texto your pandoc templates folder and rename the file to
- Make sure you have PDFtk installed via
sudo apt-get install pdftk.
Initially I publish my writeups as a password protected pdf, the password set to the root flag for the box. After the box is retired, I post the writeup on my Jekyll site.
Here’s the directory structure for my writeup template.
HTB_Writeup-TEMPLATE │ HTB_Writeup-TEMPLATE-d0n601.md │ └───pdf │ │ HTB_Writeup-TEMPLATE-d0n601.pdf │ │ │ └───protected │ │ HTB_Writeup-TEMPLATE-d0n601.pdf │ └───images │ │ badge.png │ │ someotherimage.png │ │ ...
Markdown for pdf
In order to generate a pdf from markdown using pandoc we must format the header correctly. The header for my template is as follows.
--- title: "Hack The Box - BOX NAME HERE" author: Ryan Kozak date: "2019-08-11" subject: "CTF Writeup Template" keywords: [HTB, CTF, Hack The Box, Security] lang: "en" titlepage: true titlepage-text-color: "FFFFFF" titlepage-color: "0c0d0e" titlepage-rule-color: "8ac53e" logo: "./images/badge.png" logo-width: 350 ...
See my example markdown here.
Once the writeup is complete, or you’re just looking to build it to see how it’s looking as a pdf, issue the following command from your writeup directory.
pandoc --latex-engine=xelatex ./HTB_Writeup-TEMPLATE-d0n601.md -o ./pdf/HTB_Writeup-TEMPLATE-d0n601.pdf --from markdown --template eisvogel --listings
See the full pdf example here.
Password Protect pdf
Once the writeup is complete and ready to publish, it should be protected with the root flag so it doesn’t violate Hack The Box rules, allow people to cheat, and generally spoil the fun.
To password protect the pdf I use
pdftk. From the root folder of the writup directory issue the following command.
pdftk ./pdf/HTB_Writeup-TEMPLATE-d0n601.pdf output ./pdf/protected/HTB_Writeup-TEMPLATE-d0n601.pdf user_pw v5gw5zkh8rr3vmye7p4ka
Now a password protected pdf will appear in the
See the password protected pdf example here.
When the writeup is ready to be made public there are a few adjustments to be made to the markdown in order to make it a Jekyll post. The first thing that must change is the header. Remove the older header used by pandoc and replace it with something like the following.
--- title: "Hack The Box - Example Writeup" author: Ryan Kozak layout: post description: Here is an example post of a Hack The Box writeup. permalink: /hack-the-box-example-writeup/ categories: - Random tags: - pandoc - markdown - latex - ctf ---
The next change after that is placing the images into the blog’s image directory redoing the links to reference wherever they’re at on your Jekyll site. Lastly you need to modify the captions, because they’re specific to pandoc and don’t look pretty in markdown.
So this which was an image and caption on the pdf,
![My Website](./images/ryankozak.com.png) \ **Figure 1:** My Website
Becomes this on the Jekyll post.
![My Website](/wp-content/uploads/2019/08/template/images/ryankozak.com.png) **Figure 1:** My Website
Now we’re done. Here is the example writeup from the pdf you’ve seen converted to a blog post https://ryankozak.com/hack-the-box-example-writeup/
For more information on modifying the template, please see the Pandoc Latex Template’s Repo. Its usage section will tell you all about the custom template variables, as well as provide you with some examples.
The easier you can make doing a writeup, generally the more prone you’ll be to actually do them. I’ve found this workflow to be very efficient and enjoyable.