I think everything's working...

* Octopus changes
* Change how things start a little (hopefully cleaner)
* Fix bubblebabble bug
* other junk, I don't know
This commit is contained in:
Neale Pickett 2010-09-29 17:38:54 -06:00
parent e002f16618
commit 2532fe5e43
54 changed files with 203 additions and 171 deletions

View File

@ -15,6 +15,9 @@ set -C
base=${CTF_BASE:-/var/lib/ctf}
www=${CTF_BASE:-/var/www}
mkdir -p $base/teams/names
mkdir -p $base/teams/colors
# Assign a color. I spent two days selecting this color pallette for
# people with protanopia. Please don't change these colors.
nteams=$(ls $base/teams/names/ | wc -l)

View File

@ -4,8 +4,6 @@ MCP_PACKAGE = mcp.pkg
mcp-install: mcp-build
mkdir -p $(MCP_PKGDIR)
cp mcp/setup $(MCP_PKGDIR)
$(call COPYTREE, mcp/bin, $(MCP_PKGDIR)/bin)
cp mcp/src/in.tokend $(MCP_PKGDIR)/bin/
cp mcp/src/tokencli $(MCP_PKGDIR)/bin/
@ -14,6 +12,8 @@ mcp-install: mcp-build
$(call COPYTREE, mcp/service, $(MCP_PKGDIR)/service)
$(call COPYTREE, mcp/tokend.keys, $(MCP_PKGDIR)/tokend.keys)
$(call COPYTREE, mcp/www, $(MCP_PKGDIR)/www)
cp mcp/src/puzzler.cgi $(MCP_PKGDIR)/www/
cp mcp/src/claim.cgi $(MCP_PKGDIR)/www/
@ -24,7 +24,7 @@ mcp-test: mcp-build
mcp/test.sh
mcp-clean:
rm -rf $(MCP_PKGDIR) $(MCP_PACKAGE)
rm -rf $(MCP_PKGDIR) $(MCP_PACKAGE) mcp-install
$(MAKE) -C mcp/src clean
mcp-build:

View File

@ -1,5 +1,7 @@
#! /bin/sh -e
hostname mcp
ifconfig eth0 10.0.0.1 netmask 255.0.0.0
exec inotifyd true $(pwd):x

21
mcp/service/httpd/run Executable file
View File

@ -0,0 +1,21 @@
#! /bin/sh
mkdir -p /var/www
cd /var/www
# Link in puzzles and web pages
for d in /opt/*; do
if [ -d $d/puzzles ]; then
ln -s $d/puzzles $(basename $d)
fi
if [ -d $d/www ]; then
ln -s $d/www/* .
fi
done
exec thttpd -D \
-nos \
-u ctf \
-c "**.cgi" \
-T "utf-8"

View File

@ -1,3 +0,0 @@
#! /bin/sh
exec mathopd -n -f ./mathopd.conf >> /var/log/mathopd.log 2>> /var/log/mathopd.error.log

View File

@ -1,4 +1,8 @@
#! /bin/sh
exec 2>&1
install -o root -m 0644 /dev/null /var/lib/ctf/points.log
install -o ctf -m 0755 -d /var/lib/ctf/points.new
install -o ctf -m 0755 -d /var/lib/ctf/points.tmp
exec ./pointsd

View File

@ -2,8 +2,7 @@
exec 2>&1
# Give everybody a chance to mount
sleep 5
install -o ctf -m 0644 /dev/null /var/lib/ctf/puzzles.db
# Make an initial listing
./puzzled

View File

@ -1,4 +1,6 @@
#! /bin/sh
exec 2>&1
install -o ctf -m 0644 /dev/null /var/lib/ctf/tokens.db
install -o ctf -m 0644 /dev/null /var/lib/ctf/claim.db
exec tcpsvd -u ctf 0 1 /opt/mcp/bin/in.tokend

View File

@ -1,21 +0,0 @@
#! /bin/sh
## Set up the MCP (Master Control Program) server
hostname mcp
cp -r service/* /var/service/
cp -r www /var/
install -o ctf -m 0644 /dev/null /var/lib/ctf/tokens.db
install -o ctf -m 0644 /dev/null /var/lib/ctf/claim.db
install -o ctf -m 0644 /dev/null /var/lib/ctf/puzzles.db
install -o root -m 0644 /dev/null /var/lib/ctf/points.log
install -o ctf -d /var/lib/ctf/points.new
install -o ctf -d /var/lib/ctf/points.tmp
install -o root -d /var/lib/ctf/teams/names
install -o root -d /var/lib/ctf/teams/colors
install -o root -d /var/lib/ctf/token.keys

View File

@ -282,27 +282,32 @@ fgrepx(char const *needle, char const *filename)
return found;
}
int32_t
my_random()
void
urandom(char *buf, size_t buflen)
{
static int urandom = -2;
int len;
int32_t ret;
static int fd = -2;
if (-2 == urandom) {
urandom = open("/dev/urandom", O_RDONLY);
if (-2 == fd) {
srandom(time(NULL) * getpid());
fd = open("/dev/urandom", O_RDONLY);
}
if (-1 == urandom) {
return (int32_t)random();
if (-1 != fd) {
int len;
len = read(fd, buf, buflen);
if (len == buflen) {
return;
}
}
len = read(urandom, &ret, sizeof(ret));
if (len != sizeof(ret)) {
return (int32_t)random();
}
/* Fall back to libc's crappy thing */
{
int i;
return ret;
for (i = 0; i < buflen; i += 1) {
buf[i] = (char)random();
}
}
}
int

View File

@ -6,7 +6,7 @@
#define TEAM_MAX 40
#define CAT_MAX 40
#define TOKEN_MAX 40
#define TOKEN_MAX 80
int cgi_init(char *global_argv[]);
@ -18,7 +18,7 @@ void cgi_error(char *fmt, ...);
int fgrepx(char const *needle, char const *filename);
int32_t my_random();
void urandom(char *buf, size_t buflen);
int my_snprintf(char *buf, size_t buflen, char *fmt, ...);
char *state_path(char const *fmt, ...);
char *package_path(char const *fmt, ...);

View File

@ -13,7 +13,7 @@
#include "common.h"
#include "arc4.h"
#define itokenlen 3
#define itokenlen 5
char const consonants[] = "bcdfghklmnprstvz";
char const vowels[] = "aeiouy";
@ -31,7 +31,9 @@ char const vowels[] = "aeiouy";
* `Pineapple' `xigak-nyryk-humil-bosek-sonax'
*/
void
bubblebabble(char *out, char const *in, const size_t inlen)
bubblebabble(unsigned char *out,
unsigned char const *in,
const size_t inlen)
{
size_t pos = 0;
int seed = 1;
@ -70,38 +72,40 @@ bubblebabble(char *out, char const *in, const size_t inlen)
int
main(int argc, char *argv[])
{
char service[50];
size_t servicelen;
char token[80];
char category[CAT_MAX];
size_t categorylen;
char token[TOKEN_MAX];
size_t tokenlen;
uint8_t key[256];
size_t keylen;
/* Read service name. */
/* Read category name. */
{
ssize_t len;
len = read(0, service, sizeof(service));
len = read(0, category, sizeof(category));
if (0 >= len) return 0;
for (servicelen = 0;
(servicelen < len) && isalnum(service[servicelen]);
servicelen += 1);
for (categorylen = 0;
(categorylen < len) && isalnum(category[categorylen]);
categorylen += 1);
}
/* Read in that service's key. */
/* Read in that category's key. */
{
int fd;
int ret;
fd = open(package_path("mcp/tokend.keys/%.*s", (int)servicelen, service), O_RDONLY);
fd = open(package_path("mcp/tokend.keys/%.*s", (int)categorylen, category), O_RDONLY);
if (-1 == fd) {
perror("Open key");
fprintf(stderr, "Open key %.*s: %s\n",
(int)categorylen, category, strerror(errno));
return 0;
}
ret = read(fd, &key, sizeof(key));
if (-1 == ret) {
perror("Read key");
fprintf(stderr, "Read key %.*s: %s\n",
(int)categorylen, category, strerror(errno));
return 0;
}
keylen = (size_t)ret;
@ -111,9 +115,10 @@ main(int argc, char *argv[])
/* Send a nonce, expect it back encrypted */
{
int32_t nonce = my_random();
int32_t nonce;
int32_t enonce = 0;
urandom((char *)&nonce, sizeof(nonce));
write(1, &nonce, sizeof(nonce));
arc4_crypt_buffer(key, keylen, (uint8_t *)&nonce, sizeof(nonce));
read(0, &enonce, sizeof(enonce));
@ -125,16 +130,18 @@ main(int argc, char *argv[])
/* Create the token. */
{
int32_t crap = my_random();
char digest[bubblebabble_len(itokenlen)];
unsigned char crap[itokenlen];
unsigned char digest[bubblebabble_len(itokenlen)];
urandom((char *)crap, sizeof(crap));
/* Digest some random junk. */
bubblebabble(digest, (char *)&crap, itokenlen);
bubblebabble(digest, (unsigned char *)&crap, itokenlen);
/* Append digest to service name. */
/* Append digest to category name. */
tokenlen = (size_t)snprintf(token, sizeof(token),
"%.*s:%s",
(int)servicelen, service, digest);
(int)categorylen, category, digest);
}
/* Write that token out now. */

View File

@ -1 +1 @@
../../tokencli/src/tokencli.c
../../tokens/src/tokencli.c

View File

@ -6,6 +6,8 @@ octopus-install: octopus-build
$(call COPYTREE, octopus/service, $(OCTOPUS_PKGDIR)/service)
$(call COPYTREE, octopus/tokens, $(OCTOPUS_PKGDIR)/tokens)
cp octopus/src/octopus $(OCTOPUS_PKGDIR)/bin/
octopus-clean:

View File

@ -20,10 +20,10 @@
#define max(a,b) (((a)>(b))?(a):(b))
#endif
uint8_t const key[] = {0x7d, 0x47, 0x84, 0x28,
0x09, 0x87, 0xb5, 0xd2,
0xd8, 0xab, 0x1c, 0xf3,
0xf2, 0x96, 0xd6, 0x68};
uint8_t const key[] = {0x99, 0x5f, 0xcb, 0xde,
0xf9, 0x6d, 0x02, 0xf3,
0x47, 0x60, 0x0a, 0xe0,
0x0a, 0x25, 0x4d, 0x16};
char const octopus[] =
(" ___\n"
@ -48,7 +48,7 @@ char const octopus[] =
const char *friends[8] = {
("Help Olive Octopus visit all 8 of her friends to receive a prize!\n"
"Hurry though, things change quickly!\n"
"Hurry though, things change quickly in the ocean!\n"
"Next friend: %08o\n"
"%s"
),

View File

@ -0,0 +1 @@
octopus

View File

@ -0,0 +1,2 @@
Àñõ®¶'çå6Œ™²¤Y=

View File

@ -0,0 +1,3 @@
™_ËÞùmóG`
à
%M

View File

@ -99,11 +99,3 @@ done
sort -n $uanswers > $outdir/answers.txt
rm $uanswers
cat <<EOF > $outdir/setup
#! /bin/sh
mkdir -p /var/www
ln -s /opt/$cat/puzzles /var/www/$cat
EOF
chmod +x $outdir/setup

View File

@ -4,12 +4,10 @@ PWNABLES_PACKAGE = pwnables.pkg
pwnables-install: pwnables-build
mkdir -p $(PWNABLES_PKGDIR)
cp pwnables/setup $(PWNABLES_PKGDIR)
mkdir -p $(PWNABLES_PKGDIR)/bin/
$(MAKE) -C pwnables/src install DESTDIR=$(CURDIR)/$(PWNABLES_PKGDIR)
$(call COPYTREE, pwnables/tokencli, $(PWNABLES_PKGDIR)/tokencli)
$(call COPYTREE, pwnables/tokens, $(PWNABLES_PKGDIR)/tokens)
$(call COPYTREE, pwnables/service, $(PWNABLES_PKGDIR)/service)

8
pwnables/service/eth0.pwn/run Executable file
View File

@ -0,0 +1,8 @@
#! /bin/sh
if ! [ -d /opt/mcp ]; then
hostname pwnables
ifconfig eth0 10.1.1.2 netmask 255.0.0.0
fi
exec inotifyd true $(pwd):x

View File

@ -1,3 +1,38 @@
#! /bin/sh -e
# Set up chroot environment
# We never umount any of this since it's all just in RAM
mkdir -p /mnt/pwnables-root
grep -q pwnables-root /proc/mounts || mount -o bind / /mnt/pwnables-root
grep -q pwnables-var /proc/mounts || mount -t tmpfs -o size=5m,mode=0755 pwnables-var /mnt/pwnables-root/var
grep -q pwnables-tmp /proc/mounts || mount -t tmpfs -o size=15k pwnables-tmp /mnt/pwnables-root/tmp
grep -q pwnables-home /proc/mounts || mount -t tmpfs -o size=5m pwnables-home /mnt/pwnables-root/home
# Make some skeleton junk
install -o root -m 0755 -d /mnt/pwnables-root/var/lib
install -o root -m 0755 -d /mnt/pwnables-root/var/lib/ctf
install -o root -m 0755 -d /mnt/pwnables-root/var/lib/ctf/tokens
install -o root -m 0755 -d /mnt/pwnables-root/var/log
install -o root -m 0755 -d /mnt/pwnables-root/var/spool
install -o root -m 0755 -d /mnt/pwnables-root/var/cache
install -o root -m 0777 -d /mnt/pwnables-root/var/run
install -o root -m 0777 -d /mnt/pwnables-root/var/cache
# Install the pwnables
install -o root -d /mnt/pwnables-root/home/alice/
install -o bob -m 0111 /opt/pwnables/bin/gimmie /mnt/pwnables-root/home/alice/
# ltrace needs to read the binary
install -o bob -m 0555 /opt/pwnables/bin/ltraceme /mnt/pwnables-root/home/alice/
# straceme and killme need to be suid, to prevent LD_PRELOAD
install -o bob -m 04111 /opt/pwnables/bin/straceme /mnt/pwnables-root/home/alice/
install -o bob -m 04111 /opt/pwnables/bin/killme /mnt/pwnables-root/home/alice/
# Set up links for tokens
mkdir -p /var/lib/ctf/tokens
for puzzle in gimmie ltraceme straceme killme; do
ln -sf /mnt/pwnables-root/var/lib/ctf/tokens/$puzzle /var/lib/ctf/tokens/$puzzle
done
exec tcpsvd -C 5:"Let's not be greedy" 0 23 /sbin/telnetd -l ./pwnie

View File

@ -1,38 +0,0 @@
#! /bin/sh
if [ ! -d /opt/mcp ]; then
hostname pwnables
fi
# Set up a chroot environment by duplicating the base
# image
if [ ! -x /mnt/pwnables-root/bin/busybox ]; then
mkdir -p /mnt/pwnables-root
mount -o bind / /mnt/pwnables-root
mount -t tmpfs -o size=5m,mode=0755 pwnables-var /mnt/pwnables-root/var
mount -t tmpfs -o size=15k pwnables-tmp /mnt/pwnables-root/tmp
mount -t tmpfs -o size=5m pwnables-home /mnt/pwnables-root/home
# Make some skeleton junk
install -o root -m 0755 -d /mnt/pwnables-root/var/lib
install -o root -m 0755 -d /mnt/pwnables-root/var/lib/ctf
install -o root -m 0755 -d /mnt/pwnables-root/var/lib/ctf/tokens
install -o root -m 0755 -d /mnt/pwnables-root/var/log
install -o root -m 0755 -d /mnt/pwnables-root/var/spool
install -o root -m 0755 -d /mnt/pwnables-root/var/cache
install -o root -m 0777 -d /mnt/pwnables-root/var/run
install -o root -m 0777 -d /mnt/pwnables-root/var/cache
# Install the pwnables
install -o root -d /mnt/pwnables-root/home/alice/
install -o bob -m 0111 bin/gimmie /mnt/pwnables-root/home/alice/
# ltrace needs to read the binary
install -o bob -m 0555 bin/ltraceme /mnt/pwnables-root/home/alice/
# straceme and killme need to be suid, to prevent LD_PRELOAD
install -o bob -m 04111 bin/straceme /mnt/pwnables-root/home/alice/
install -o bob -m 04111 bin/killme /mnt/pwnables-root/home/alice/
fi
cp -r service/* /var/service/

View File

@ -16,7 +16,7 @@ main(int argc, char *argv[])
key, sizeof(key),
token, sizeof(token) - 1);
if (-1 == tokenlen) {
write(1, "Something's broken: I can't read my token.\n", 43);
write(1, "Something is broken\nI can't read my token.\n", 43);
return 69;
}

View File

@ -71,6 +71,13 @@ main(int argc, char *argv[])
tokenlen = read_token("killme",
key, sizeof(key),
token, sizeof(token) - 1);
if (-1 == tokenlen) {
write(1, "Something is broken\nI can't read my token.\n", 43);
return 69;
}
token[tokenlen++] = '\n';
write(1, token, tokenlen);
}
return 0;

View File

@ -42,7 +42,7 @@ main(int argc, char *argv[])
key, sizeof(key),
token, sizeof(token) - 1);
if (-1 == tokenlen) {
printf("Unable to read token.\n");
write(1, "Something is broken\nI can't read my token.\n", 43);
return 1;
}
token[tokenlen++] = '\0';

View File

@ -80,10 +80,12 @@ main(int argc, char *argv[])
tokenlen = read_token(cat,
key, sizeof(key),
token, sizeof(token));
token, sizeof(token) - 1);
if (-1 == tokenlen) {
return EX_NOINPUT;
write(1, "Something is broken\nI can't read my token.\n", 43);
return 69;
}
token[tokenlen++] = '\n';
write(1, token, tokenlen);
}

View File

@ -0,0 +1 @@
pwnables

View File

@ -0,0 +1 @@
<EFBFBD><EFBFBD>t322<EFBFBD>/<2F>0<EFBFBD>g<EFBFBD><67>ji

View File

@ -0,0 +1 @@
Q<EFBFBD>m<EFBFBD>!ј<>И <09>ІЈА F

View File

@ -0,0 +1 @@
pwnables

View File

@ -0,0 +1 @@
<EFBFBD><EFBFBD>t322<EFBFBD>/<2F>0<EFBFBD>g<EFBFBD><67>ji

Binary file not shown.

View File

@ -0,0 +1 @@
pwnables

View File

@ -0,0 +1 @@
<EFBFBD><EFBFBD>t322<EFBFBD>/<2F>0<EFBFBD>g<EFBFBD><67>ji

Binary file not shown.

View File

@ -1,4 +0,0 @@
#! /bin/sh
exec 2>&1
exec ./tokengetd

View File

@ -1,18 +0,0 @@
#! /bin/sh
chat=/tmp/tokencli.chatter
token=/tmp/tokencli.token
trap "rm -f $chat $token" 0
mkfifo -m 0500 $chat $token
while true; do
for dn in /opt/*/tokencli/*; do
[ -d $dn ] || continue
puzzle=$(basename $dn)
category=$(cat $dn/category)
nc 10.0.0.1 1 < $fifo | tokencli $category $dn/category.key > $fifo 3> $token
arc4 $dn/enc.key < $token > /var/lib/ctf/tokens/$category
done
sleep 60
done

View File

@ -1,3 +0,0 @@
#! /bin/sh
cp -r service/* /var/service

View File

@ -1,21 +0,0 @@
TOKENCLI_PKGDIR = build/tokencli
TOKENCLI_PACKAGE = tokencli.pkg
tokencli-install: tokencli-build
mkdir -p $(TOKENCLI_PKGDIR)/bin/
$(call COPYTREE, tokencli/service, $(TOKENCLI_PKGDIR)/service)
cp tokencli/setup $(TOKENCLI_PKGDIR)/
cp tokencli/src/tokencli $(TOKENCLI_PKGDIR)/bin/
cp tokencli/src/arc4 $(TOKENCLI_PKGDIR)/bin/
tokencli-clean:
rm -rf $(TOKENCLI_PKGDIR) $(TOKENCLI_PACKAGE)
$(MAKE) -C tokencli/src clean
tokencli-build:
$(MAKE) -C tokencli/src build
PACKAGES += tokencli

5
tokens/service/tokens/run Executable file
View File

@ -0,0 +1,5 @@
#! /bin/sh
exec 2>&1
install -o root -m 0755 -d /var/lib/ctf/tokens
exec ./tokens

13
tokens/service/tokens/tokens Executable file
View File

@ -0,0 +1,13 @@
#! /bin/sh
while true; do
for dn in /opt/*/tokens/*; do
[ -d $dn ] || continue
puzzle=$(basename $dn)
category=$(cat $dn/category)
busybox nc 10.0.0.1 1 \
-e /opt/tokens/bin/tokencli $category $dn/category.key 3>&1 | \
/opt/tokens/bin/arc4 $dn/enc.key > /var/lib/ctf/tokens/$puzzle
done
sleep 60
done

View File

@ -1,3 +1,4 @@
#! /bin/sh
cp -r service/* /var/service
mkdir -p /var/lib/ctf/tokens

View File

@ -5,4 +5,4 @@ arc4: arc4.o arc4-main.o
tokencli: tokencli.o arc4.o
clean:
rm *.o tokencli
rm -f *.o tokencli arc4

21
tokens/tokens.mk Normal file
View File

@ -0,0 +1,21 @@
TOKENS_PKGDIR = build/tokens
TOKENS_PACKAGE = tokens.pkg
tokens-install: tokens-build
mkdir -p $(TOKENS_PKGDIR)/bin/
$(call COPYTREE, tokens/service, $(TOKENS_PKGDIR)/service)
cp tokens/setup $(TOKENS_PKGDIR)/
cp tokens/src/tokencli $(TOKENS_PKGDIR)/bin/
cp tokens/src/arc4 $(TOKENS_PKGDIR)/bin/
tokens-clean:
rm -rf $(TOKENS_PKGDIR) $(TOKENS_PACKAGE)
$(MAKE) -C tokens/src clean
tokens-build:
$(MAKE) -C tokens/src build
PACKAGES += tokens