mirror of https://github.com/dirtbags/moth.git
remove armadillo category
This commit is contained in:
parent
607034b2e3
commit
1d8de3651f
|
@ -1,20 +0,0 @@
|
|||
ARMADILLO_PKGDIR = $(TARGET)/armadillo
|
||||
|
||||
armadillo-install: armadillo-build
|
||||
mkdir -p $(ARMADILLO_PKGDIR)
|
||||
|
||||
mkdir -p $(ARMADILLO_PKGDIR)/bin/
|
||||
$(MAKE) -C packages/armadillo/src install DESTDIR=$(CURDIR)/$(ARMADILLO_PKGDIR)
|
||||
|
||||
$(call COPYTREE, packages/armadillo/tokens, $(ARMADILLO_PKGDIR)/tokens)
|
||||
|
||||
$(call COPYTREE, packages/armadillo/service, $(ARMADILLO_PKGDIR)/service)
|
||||
|
||||
armadillo-clean:
|
||||
rm -rf $(ARMADILLO_PKGDIR)
|
||||
$(MAKE) -C packages/armadillo/src clean
|
||||
|
||||
armadillo-build:
|
||||
$(MAKE) -C packages/armadillo/src build
|
||||
|
||||
PACKAGES += armadillo
|
|
@ -1,4 +0,0 @@
|
|||
#! /bin/sh
|
||||
|
||||
IP=$(cat ip.txt)
|
||||
ip addr del $IP dev eth0
|
|
@ -1 +0,0 @@
|
|||
10.0.0.3/24
|
|
@ -1,3 +0,0 @@
|
|||
#! /bin/sh
|
||||
|
||||
exec svlogd -tt $PWD
|
|
@ -1,4 +0,0 @@
|
|||
.::7777::-.
|
||||
/:'////' `::>/|/
|
||||
.', |||| `/( e\
|
||||
-==~-'`-Xm````-mr' `-_\
|
|
@ -1,4 +0,0 @@
|
|||
#! /bin/sh
|
||||
|
||||
[ -f motd ] && cat motd
|
||||
exec chroot /mnt/pwnables-root login -f alice
|
|
@ -1,40 +0,0 @@
|
|||
#! /bin/sh -e
|
||||
|
||||
# Configure IP address
|
||||
IP=$(cat ip.txt)
|
||||
ip addr add $IP label eth0:armadillo dev eth0
|
||||
|
||||
# Set up chroot environment
|
||||
# We never umount any of this since it's all just in RAM
|
||||
mkdir -p /mnt/armadillo-root
|
||||
grep -q armadillo-root /proc/mounts || mount -o bind / /mnt/armadillo-root
|
||||
grep -q armadillo-var /proc/mounts || mount -t tmpfs -o size=5m,mode=0755 armadillo-var /mnt/armadillo-root/var
|
||||
grep -q armadillo-tmp /proc/mounts || mount -t tmpfs -o size=15k armadillo-tmp /mnt/armadillo-root/tmp
|
||||
grep -q armadillo-home /proc/mounts || mount -t tmpfs -o size=5m,mode=0755 armadillo-home /mnt/armadillo-root/home
|
||||
|
||||
# Make some skeleton junk
|
||||
install -o root -m 0755 -d /mnt/armadillo-root/var/lib
|
||||
install -o root -m 0755 -d /mnt/armadillo-root/var/lib/ctf
|
||||
install -o root -m 0755 -d /mnt/armadillo-root/var/lib/ctf/tokens
|
||||
install -o root -m 0755 -d /mnt/armadillo-root/var/log
|
||||
install -o root -m 0755 -d /mnt/armadillo-root/var/spool
|
||||
install -o root -m 0755 -d /mnt/armadillo-root/var/cache
|
||||
install -o root -m 0777 -d /mnt/armadillo-root/var/run
|
||||
install -o root -m 0777 -d /mnt/armadillo-root/var/cache
|
||||
|
||||
# Install the binaries
|
||||
install -o root -d /mnt/armadillo-root/home/alice/
|
||||
install -o bob -m 0111 /opt/armadillo/bin/gimmie /mnt/armadillo-root/home/alice/
|
||||
install -o bob -m 0111 /opt/armadillo/bin/dillo /mnt/armadillo-root/home/alice/
|
||||
|
||||
# straceme and killme need to be suid, to prevent LD_PRELOAD
|
||||
install -o bob -m 04111 /opt/armadillo/bin/straceme /mnt/armadillo-root/home/alice/
|
||||
install -o bob -m 04111 /opt/armadillo/bin/killme /mnt/armadillo-root/home/alice/
|
||||
|
||||
# Set up links for tokens
|
||||
mkdir -p /var/lib/ctf/tokens
|
||||
for puzzle in gimmie straceme killme dillo; do
|
||||
ln -sf /mnt/armadillo-root/var/lib/ctf/tokens/$puzzle /var/lib/ctf/tokens/$puzzle
|
||||
done
|
||||
|
||||
exec tcpsvd -C 5:"Let's not be greedy" ${IP%/*} 23 /sbin/telnetd -l ./pwnie
|
|
@ -1,17 +0,0 @@
|
|||
CFLAGS = -Wall -Werror
|
||||
TARGETS = gimmie straceme killme dillo
|
||||
|
||||
all: build
|
||||
|
||||
build: $(TARGETS)
|
||||
|
||||
gimmie: gimmie.o token.o arc4.o
|
||||
straceme: straceme.o token.o arc4.o
|
||||
killme: killme.o token.o arc4.o
|
||||
dillo: dillo.o token.o arc4.o
|
||||
|
||||
install: $(TARGETS)
|
||||
install -m 0755 $(TARGETS) $(DESTDIR)/bin
|
||||
|
||||
clean:
|
||||
rm -f *.o $(TARGETS)
|
|
@ -1 +0,0 @@
|
|||
../../../src/arc4.c
|
|
@ -1 +0,0 @@
|
|||
../../../src/arc4.h
|
|
@ -1,22 +0,0 @@
|
|||
#! /usr/bin/python
|
||||
|
||||
import subprocess
|
||||
|
||||
# In the actual contest you'd want to run netcat or just
|
||||
# open your own TCP connection to port 23 and run commands.
|
||||
d = subprocess.Popen(['./dillo'],
|
||||
stdout=subprocess.PIPE,
|
||||
stdin=subprocess.PIPE)
|
||||
o = d.stdout
|
||||
i = d.stdin
|
||||
|
||||
c = o.read(1)
|
||||
v = chr(ord(c) ^ 0x20)
|
||||
i.write(v)
|
||||
|
||||
o.readline()
|
||||
o.readline()
|
||||
o.readline()
|
||||
o.readline()
|
||||
o.readline()
|
||||
d.poll()
|
|
@ -1,59 +0,0 @@
|
|||
#include <unistd.h>
|
||||
#include <time.h>
|
||||
#include <stdint.h>
|
||||
#include "arc4.h"
|
||||
#include "token.h"
|
||||
|
||||
const uint8_t key[] =
|
||||
{0xa5, 0xb1, 0x6f, 0xce,
|
||||
0x59, 0x2d, 0xb1, 0xe9,
|
||||
0x4b, 0x07, 0x91, 0x6d,
|
||||
0x9f, 0x3b, 0xc8, 0xc6};
|
||||
|
||||
const char dillo[] =
|
||||
(" .::7777::-.\n"
|
||||
" /:'////' `::>/|/\n"
|
||||
" .', |||| `/( e\\\n"
|
||||
" -==~-'`-Xm````-mr' `-_\\\n");
|
||||
|
||||
int
|
||||
main(int argc, char *argv[])
|
||||
{
|
||||
uint8_t v;
|
||||
int i;
|
||||
|
||||
/* Pick a random non-zero xor value */
|
||||
do {
|
||||
v = arc4_rand8();
|
||||
} while (! v);
|
||||
|
||||
|
||||
/* Print the dillo */
|
||||
for (i = 0; dillo[i]; i += 1) {
|
||||
struct timespec req = {0, 33333333};
|
||||
uint8_t c = dillo[i];
|
||||
|
||||
if ('\n' != c) {
|
||||
c ^= v;
|
||||
}
|
||||
write(1, &c, 1);
|
||||
nanosleep(&req, NULL);
|
||||
}
|
||||
|
||||
/* Read a single byte; strace will help with solution */
|
||||
{
|
||||
uint8_t c;
|
||||
|
||||
read(0, &c, 1);
|
||||
if (c != v) {
|
||||
return 1;
|
||||
}
|
||||
}
|
||||
|
||||
if (-1 == print_token("dillo", key, sizeof(key))) {
|
||||
write(2, "Something is broken; I can't read my token.\n", 44);
|
||||
return 69;
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
|
@ -1,19 +0,0 @@
|
|||
#include <stdio.h>
|
||||
#include <sysexits.h>
|
||||
#include "token.h"
|
||||
|
||||
uint8_t const key[] = {0x5f, 0x64, 0x13, 0x29,
|
||||
0x2e, 0x46, 0x76, 0xcd,
|
||||
0x65, 0xff, 0xe8, 0x03,
|
||||
0xa4, 0xa9, 0x4f, 0xd9};
|
||||
|
||||
int
|
||||
main(int argc, char *argv[])
|
||||
{
|
||||
if (-1 == print_token("gimmie", key, sizeof(key))) {
|
||||
fprintf(stderr, "Something is broken; I can't read my token.\n");
|
||||
return EX_UNAVAILABLE;
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
|
@ -1,59 +0,0 @@
|
|||
#include <signal.h>
|
||||
#include <unistd.h>
|
||||
#include <stdio.h>
|
||||
#include <sysexits.h>
|
||||
#include "arc4.h"
|
||||
#include "token.h"
|
||||
|
||||
#define ROUNDS 20
|
||||
|
||||
uint8_t const key[] = {0x51, 0x91, 0x6d, 0x81,
|
||||
0x14, 0x21, 0xf8, 0x95,
|
||||
0xb8, 0x09, 0x87, 0xa6,
|
||||
0xa8, 0xb0, 0xa0, 0x46};
|
||||
|
||||
int lastsig;
|
||||
|
||||
void
|
||||
handler(int signum)
|
||||
{
|
||||
lastsig = signum;
|
||||
}
|
||||
|
||||
int
|
||||
main(int argc, char *argv[])
|
||||
{
|
||||
int i;
|
||||
|
||||
for (i = 1; i < 8; i += 1) {
|
||||
signal(i, handler);
|
||||
}
|
||||
|
||||
for (i = 0; i < ROUNDS; i += 1) {
|
||||
int desired = (arc4_rand8() % 7) + 1;
|
||||
|
||||
lastsig = 0;
|
||||
printf("%d\n", desired);
|
||||
fflush(stdout);
|
||||
if (i == 0) {
|
||||
sleep(5);
|
||||
} else {
|
||||
sleep(1);
|
||||
}
|
||||
if (0 == lastsig) {
|
||||
printf("Too slow.\n");
|
||||
return 1;
|
||||
}
|
||||
if (lastsig != desired) {
|
||||
printf("Wrong one.\n");
|
||||
return 1;
|
||||
}
|
||||
}
|
||||
|
||||
if (-1 == print_token("killme", key, sizeof(key))) {
|
||||
fprintf(stderr, "Something is broken; I can't read my token.\n");
|
||||
return EX_UNAVAILABLE;
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
|
@ -1,85 +0,0 @@
|
|||
#include <sys/types.h>
|
||||
#include <sys/stat.h>
|
||||
#include <fcntl.h>
|
||||
#include <unistd.h>
|
||||
#include <stdint.h>
|
||||
#include <stdarg.h>
|
||||
#include <sysexits.h>
|
||||
#include <stdio.h>
|
||||
#include <ctype.h>
|
||||
#include "token.h"
|
||||
|
||||
uint8_t const key[] = {0x30, 0x00, 0x55, 0x0f,
|
||||
0xc2, 0xf6, 0x52, 0x2a,
|
||||
0x31, 0xfd, 0x00, 0x92,
|
||||
0x9d, 0x49, 0x24, 0xce};
|
||||
|
||||
int
|
||||
main(int argc, char *argv[])
|
||||
{
|
||||
/* Check argv[1].
|
||||
*
|
||||
* If no args, argv[1] will be NULL, which causes a segfault.
|
||||
* This is what we want.
|
||||
*
|
||||
* To pass this, run ./straceme $$.
|
||||
* But you have to do it from a shell script, because if you run
|
||||
* strace ./straceme $$
|
||||
* getppid() will return the PID of strace!
|
||||
*/
|
||||
if (getppid() != atoi(argv[1])) {
|
||||
write(2, "argv[1] incorrect\n", 18);
|
||||
return EX_USAGE;
|
||||
}
|
||||
|
||||
/* Read an rc file.
|
||||
*
|
||||
* To pass this, set $HOME to someplace you have access.
|
||||
*/
|
||||
{
|
||||
int fd;
|
||||
char fn[128];
|
||||
char bs[1000];
|
||||
int len;
|
||||
|
||||
len = snprintf(fn, sizeof(fn) - 1, "%s/.stracemerc", getenv("HOME"));
|
||||
if (len < 0) {
|
||||
len = 0;
|
||||
}
|
||||
fn[len] = '\0';
|
||||
|
||||
if (-1 == (fd = open(fn, O_RDONLY))) {
|
||||
fd = open("/etc/stracemerc", O_RDONLY);
|
||||
}
|
||||
if (-1 == fd) {
|
||||
return EX_NOINPUT;
|
||||
}
|
||||
|
||||
/* We don't actually care about contents */
|
||||
read(fd, bs, sizeof(bs));
|
||||
close(fd);
|
||||
}
|
||||
|
||||
/* Read in category name from fd 5
|
||||
*
|
||||
* echo -n straceme > foo.txt
|
||||
* ./straceme $$ 5< foo.txt
|
||||
*/
|
||||
{
|
||||
char cat[50];
|
||||
int catlen;
|
||||
int i;
|
||||
|
||||
catlen = read(5, cat, sizeof(cat) - 1);
|
||||
for (i = 0; i < catlen; i += 1) {
|
||||
if (! isalnum(cat[i])) break;
|
||||
}
|
||||
cat[i] = '\0';
|
||||
|
||||
if (-1 == print_token(cat, key, sizeof(key))) {
|
||||
write(2, "Something is broken; I can't read my token.\n", 44);
|
||||
return 69;
|
||||
}
|
||||
}
|
||||
return 0;
|
||||
}
|
|
@ -1 +0,0 @@
|
|||
../../../src/token.c
|
|
@ -1 +0,0 @@
|
|||
../../../src/token.h
|
|
@ -1 +0,0 @@
|
|||
pwnables
|
|
@ -1 +0,0 @@
|
|||
<EFBFBD><EFBFBD>t322<EFBFBD>/<2F>0<EFBFBD>g<EFBFBD><67>ji
|
|
@ -1 +0,0 @@
|
|||
_d).Fvヘe<EFBE8D><65>、ゥOル
|
|
@ -1 +0,0 @@
|
|||
pwnables
|
|
@ -1 +0,0 @@
|
|||
<EFBFBD><EFBFBD>t322<EFBFBD>/<2F>0<EFBFBD>g<EFBFBD><67>ji
|
|
@ -1 +0,0 @@
|
|||
Q<EFBFBD>m<EFBFBD>!ј<>И <09>ІЈА F
|
|
@ -1 +0,0 @@
|
|||
pwnables
|
|
@ -1 +0,0 @@
|
|||
<EFBFBD><EFBFBD>t322<EFBFBD>/<2F>0<EFBFBD>g<EFBFBD><67>ji
|
Binary file not shown.
|
@ -1 +0,0 @@
|
|||
pwnables
|
|
@ -1 +0,0 @@
|
|||
<EFBFBD><EFBFBD>t322<EFBFBD>/<2F>0<EFBFBD>g<EFBFBD><67>ji
|
Binary file not shown.
Loading…
Reference in New Issue