mirror of https://github.com/dirtbags/moth.git
I think everything's working...
* Octopus changes * Change how things start a little (hopefully cleaner) * Fix bubblebabble bug * other junk, I don't know
This commit is contained in:
parent
e002f16618
commit
2532fe5e43
|
@ -15,6 +15,9 @@ set -C
|
||||||
base=${CTF_BASE:-/var/lib/ctf}
|
base=${CTF_BASE:-/var/lib/ctf}
|
||||||
www=${CTF_BASE:-/var/www}
|
www=${CTF_BASE:-/var/www}
|
||||||
|
|
||||||
|
mkdir -p $base/teams/names
|
||||||
|
mkdir -p $base/teams/colors
|
||||||
|
|
||||||
# Assign a color. I spent two days selecting this color pallette for
|
# Assign a color. I spent two days selecting this color pallette for
|
||||||
# people with protanopia. Please don't change these colors.
|
# people with protanopia. Please don't change these colors.
|
||||||
nteams=$(ls $base/teams/names/ | wc -l)
|
nteams=$(ls $base/teams/names/ | wc -l)
|
||||||
|
|
|
@ -4,8 +4,6 @@ MCP_PACKAGE = mcp.pkg
|
||||||
mcp-install: mcp-build
|
mcp-install: mcp-build
|
||||||
mkdir -p $(MCP_PKGDIR)
|
mkdir -p $(MCP_PKGDIR)
|
||||||
|
|
||||||
cp mcp/setup $(MCP_PKGDIR)
|
|
||||||
|
|
||||||
$(call COPYTREE, mcp/bin, $(MCP_PKGDIR)/bin)
|
$(call COPYTREE, mcp/bin, $(MCP_PKGDIR)/bin)
|
||||||
cp mcp/src/in.tokend $(MCP_PKGDIR)/bin/
|
cp mcp/src/in.tokend $(MCP_PKGDIR)/bin/
|
||||||
cp mcp/src/tokencli $(MCP_PKGDIR)/bin/
|
cp mcp/src/tokencli $(MCP_PKGDIR)/bin/
|
||||||
|
@ -14,6 +12,8 @@ mcp-install: mcp-build
|
||||||
|
|
||||||
$(call COPYTREE, mcp/service, $(MCP_PKGDIR)/service)
|
$(call COPYTREE, mcp/service, $(MCP_PKGDIR)/service)
|
||||||
|
|
||||||
|
$(call COPYTREE, mcp/tokend.keys, $(MCP_PKGDIR)/tokend.keys)
|
||||||
|
|
||||||
$(call COPYTREE, mcp/www, $(MCP_PKGDIR)/www)
|
$(call COPYTREE, mcp/www, $(MCP_PKGDIR)/www)
|
||||||
cp mcp/src/puzzler.cgi $(MCP_PKGDIR)/www/
|
cp mcp/src/puzzler.cgi $(MCP_PKGDIR)/www/
|
||||||
cp mcp/src/claim.cgi $(MCP_PKGDIR)/www/
|
cp mcp/src/claim.cgi $(MCP_PKGDIR)/www/
|
||||||
|
@ -24,7 +24,7 @@ mcp-test: mcp-build
|
||||||
mcp/test.sh
|
mcp/test.sh
|
||||||
|
|
||||||
mcp-clean:
|
mcp-clean:
|
||||||
rm -rf $(MCP_PKGDIR) $(MCP_PACKAGE)
|
rm -rf $(MCP_PKGDIR) $(MCP_PACKAGE) mcp-install
|
||||||
$(MAKE) -C mcp/src clean
|
$(MAKE) -C mcp/src clean
|
||||||
|
|
||||||
mcp-build:
|
mcp-build:
|
||||||
|
|
|
@ -1,5 +1,7 @@
|
||||||
#! /bin/sh -e
|
#! /bin/sh -e
|
||||||
|
|
||||||
|
hostname mcp
|
||||||
|
|
||||||
ifconfig eth0 10.0.0.1 netmask 255.0.0.0
|
ifconfig eth0 10.0.0.1 netmask 255.0.0.0
|
||||||
|
|
||||||
exec inotifyd true $(pwd):x
|
exec inotifyd true $(pwd):x
|
||||||
|
|
|
@ -0,0 +1,21 @@
|
||||||
|
#! /bin/sh
|
||||||
|
|
||||||
|
mkdir -p /var/www
|
||||||
|
cd /var/www
|
||||||
|
|
||||||
|
# Link in puzzles and web pages
|
||||||
|
for d in /opt/*; do
|
||||||
|
if [ -d $d/puzzles ]; then
|
||||||
|
ln -s $d/puzzles $(basename $d)
|
||||||
|
fi
|
||||||
|
if [ -d $d/www ]; then
|
||||||
|
ln -s $d/www/* .
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
|
||||||
|
exec thttpd -D \
|
||||||
|
-nos \
|
||||||
|
-u ctf \
|
||||||
|
-c "**.cgi" \
|
||||||
|
-T "utf-8"
|
||||||
|
|
|
@ -1,3 +0,0 @@
|
||||||
#! /bin/sh
|
|
||||||
|
|
||||||
exec mathopd -n -f ./mathopd.conf >> /var/log/mathopd.log 2>> /var/log/mathopd.error.log
|
|
|
@ -1,4 +1,8 @@
|
||||||
#! /bin/sh
|
#! /bin/sh
|
||||||
|
|
||||||
exec 2>&1
|
exec 2>&1
|
||||||
|
|
||||||
|
install -o root -m 0644 /dev/null /var/lib/ctf/points.log
|
||||||
|
install -o ctf -m 0755 -d /var/lib/ctf/points.new
|
||||||
|
install -o ctf -m 0755 -d /var/lib/ctf/points.tmp
|
||||||
exec ./pointsd
|
exec ./pointsd
|
||||||
|
|
|
@ -2,8 +2,7 @@
|
||||||
|
|
||||||
exec 2>&1
|
exec 2>&1
|
||||||
|
|
||||||
# Give everybody a chance to mount
|
install -o ctf -m 0644 /dev/null /var/lib/ctf/puzzles.db
|
||||||
sleep 5
|
|
||||||
|
|
||||||
# Make an initial listing
|
# Make an initial listing
|
||||||
./puzzled
|
./puzzled
|
||||||
|
|
|
@ -1,4 +1,6 @@
|
||||||
#! /bin/sh
|
#! /bin/sh
|
||||||
|
|
||||||
exec 2>&1
|
exec 2>&1
|
||||||
|
install -o ctf -m 0644 /dev/null /var/lib/ctf/tokens.db
|
||||||
|
install -o ctf -m 0644 /dev/null /var/lib/ctf/claim.db
|
||||||
exec tcpsvd -u ctf 0 1 /opt/mcp/bin/in.tokend
|
exec tcpsvd -u ctf 0 1 /opt/mcp/bin/in.tokend
|
||||||
|
|
21
mcp/setup
21
mcp/setup
|
@ -1,21 +0,0 @@
|
||||||
#! /bin/sh
|
|
||||||
|
|
||||||
## Set up the MCP (Master Control Program) server
|
|
||||||
|
|
||||||
hostname mcp
|
|
||||||
|
|
||||||
|
|
||||||
cp -r service/* /var/service/
|
|
||||||
cp -r www /var/
|
|
||||||
|
|
||||||
install -o ctf -m 0644 /dev/null /var/lib/ctf/tokens.db
|
|
||||||
install -o ctf -m 0644 /dev/null /var/lib/ctf/claim.db
|
|
||||||
install -o ctf -m 0644 /dev/null /var/lib/ctf/puzzles.db
|
|
||||||
install -o root -m 0644 /dev/null /var/lib/ctf/points.log
|
|
||||||
|
|
||||||
install -o ctf -d /var/lib/ctf/points.new
|
|
||||||
install -o ctf -d /var/lib/ctf/points.tmp
|
|
||||||
install -o root -d /var/lib/ctf/teams/names
|
|
||||||
install -o root -d /var/lib/ctf/teams/colors
|
|
||||||
install -o root -d /var/lib/ctf/token.keys
|
|
||||||
|
|
|
@ -282,27 +282,32 @@ fgrepx(char const *needle, char const *filename)
|
||||||
return found;
|
return found;
|
||||||
}
|
}
|
||||||
|
|
||||||
int32_t
|
void
|
||||||
my_random()
|
urandom(char *buf, size_t buflen)
|
||||||
{
|
{
|
||||||
static int urandom = -2;
|
static int fd = -2;
|
||||||
int len;
|
|
||||||
int32_t ret;
|
|
||||||
|
|
||||||
if (-2 == urandom) {
|
if (-2 == fd) {
|
||||||
urandom = open("/dev/urandom", O_RDONLY);
|
|
||||||
srandom(time(NULL) * getpid());
|
srandom(time(NULL) * getpid());
|
||||||
|
fd = open("/dev/urandom", O_RDONLY);
|
||||||
}
|
}
|
||||||
if (-1 == urandom) {
|
if (-1 != fd) {
|
||||||
return (int32_t)random();
|
int len;
|
||||||
|
|
||||||
|
len = read(fd, buf, buflen);
|
||||||
|
if (len == buflen) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
len = read(urandom, &ret, sizeof(ret));
|
/* Fall back to libc's crappy thing */
|
||||||
if (len != sizeof(ret)) {
|
{
|
||||||
return (int32_t)random();
|
int i;
|
||||||
}
|
|
||||||
|
|
||||||
return ret;
|
for (i = 0; i < buflen; i += 1) {
|
||||||
|
buf[i] = (char)random();
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
int
|
int
|
||||||
|
|
|
@ -6,7 +6,7 @@
|
||||||
|
|
||||||
#define TEAM_MAX 40
|
#define TEAM_MAX 40
|
||||||
#define CAT_MAX 40
|
#define CAT_MAX 40
|
||||||
#define TOKEN_MAX 40
|
#define TOKEN_MAX 80
|
||||||
|
|
||||||
|
|
||||||
int cgi_init(char *global_argv[]);
|
int cgi_init(char *global_argv[]);
|
||||||
|
@ -18,7 +18,7 @@ void cgi_error(char *fmt, ...);
|
||||||
|
|
||||||
|
|
||||||
int fgrepx(char const *needle, char const *filename);
|
int fgrepx(char const *needle, char const *filename);
|
||||||
int32_t my_random();
|
void urandom(char *buf, size_t buflen);
|
||||||
int my_snprintf(char *buf, size_t buflen, char *fmt, ...);
|
int my_snprintf(char *buf, size_t buflen, char *fmt, ...);
|
||||||
char *state_path(char const *fmt, ...);
|
char *state_path(char const *fmt, ...);
|
||||||
char *package_path(char const *fmt, ...);
|
char *package_path(char const *fmt, ...);
|
||||||
|
|
|
@ -13,7 +13,7 @@
|
||||||
#include "common.h"
|
#include "common.h"
|
||||||
#include "arc4.h"
|
#include "arc4.h"
|
||||||
|
|
||||||
#define itokenlen 3
|
#define itokenlen 5
|
||||||
|
|
||||||
char const consonants[] = "bcdfghklmnprstvz";
|
char const consonants[] = "bcdfghklmnprstvz";
|
||||||
char const vowels[] = "aeiouy";
|
char const vowels[] = "aeiouy";
|
||||||
|
@ -31,7 +31,9 @@ char const vowels[] = "aeiouy";
|
||||||
* `Pineapple' `xigak-nyryk-humil-bosek-sonax'
|
* `Pineapple' `xigak-nyryk-humil-bosek-sonax'
|
||||||
*/
|
*/
|
||||||
void
|
void
|
||||||
bubblebabble(char *out, char const *in, const size_t inlen)
|
bubblebabble(unsigned char *out,
|
||||||
|
unsigned char const *in,
|
||||||
|
const size_t inlen)
|
||||||
{
|
{
|
||||||
size_t pos = 0;
|
size_t pos = 0;
|
||||||
int seed = 1;
|
int seed = 1;
|
||||||
|
@ -70,38 +72,40 @@ bubblebabble(char *out, char const *in, const size_t inlen)
|
||||||
int
|
int
|
||||||
main(int argc, char *argv[])
|
main(int argc, char *argv[])
|
||||||
{
|
{
|
||||||
char service[50];
|
char category[CAT_MAX];
|
||||||
size_t servicelen;
|
size_t categorylen;
|
||||||
char token[80];
|
char token[TOKEN_MAX];
|
||||||
size_t tokenlen;
|
size_t tokenlen;
|
||||||
uint8_t key[256];
|
uint8_t key[256];
|
||||||
size_t keylen;
|
size_t keylen;
|
||||||
|
|
||||||
/* Read service name. */
|
/* Read category name. */
|
||||||
{
|
{
|
||||||
ssize_t len;
|
ssize_t len;
|
||||||
|
|
||||||
len = read(0, service, sizeof(service));
|
len = read(0, category, sizeof(category));
|
||||||
if (0 >= len) return 0;
|
if (0 >= len) return 0;
|
||||||
for (servicelen = 0;
|
for (categorylen = 0;
|
||||||
(servicelen < len) && isalnum(service[servicelen]);
|
(categorylen < len) && isalnum(category[categorylen]);
|
||||||
servicelen += 1);
|
categorylen += 1);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Read in that service's key. */
|
/* Read in that category's key. */
|
||||||
{
|
{
|
||||||
int fd;
|
int fd;
|
||||||
int ret;
|
int ret;
|
||||||
|
|
||||||
fd = open(package_path("mcp/tokend.keys/%.*s", (int)servicelen, service), O_RDONLY);
|
fd = open(package_path("mcp/tokend.keys/%.*s", (int)categorylen, category), O_RDONLY);
|
||||||
if (-1 == fd) {
|
if (-1 == fd) {
|
||||||
perror("Open key");
|
fprintf(stderr, "Open key %.*s: %s\n",
|
||||||
|
(int)categorylen, category, strerror(errno));
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
ret = read(fd, &key, sizeof(key));
|
ret = read(fd, &key, sizeof(key));
|
||||||
if (-1 == ret) {
|
if (-1 == ret) {
|
||||||
perror("Read key");
|
fprintf(stderr, "Read key %.*s: %s\n",
|
||||||
|
(int)categorylen, category, strerror(errno));
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
keylen = (size_t)ret;
|
keylen = (size_t)ret;
|
||||||
|
@ -111,9 +115,10 @@ main(int argc, char *argv[])
|
||||||
|
|
||||||
/* Send a nonce, expect it back encrypted */
|
/* Send a nonce, expect it back encrypted */
|
||||||
{
|
{
|
||||||
int32_t nonce = my_random();
|
int32_t nonce;
|
||||||
int32_t enonce = 0;
|
int32_t enonce = 0;
|
||||||
|
|
||||||
|
urandom((char *)&nonce, sizeof(nonce));
|
||||||
write(1, &nonce, sizeof(nonce));
|
write(1, &nonce, sizeof(nonce));
|
||||||
arc4_crypt_buffer(key, keylen, (uint8_t *)&nonce, sizeof(nonce));
|
arc4_crypt_buffer(key, keylen, (uint8_t *)&nonce, sizeof(nonce));
|
||||||
read(0, &enonce, sizeof(enonce));
|
read(0, &enonce, sizeof(enonce));
|
||||||
|
@ -125,16 +130,18 @@ main(int argc, char *argv[])
|
||||||
|
|
||||||
/* Create the token. */
|
/* Create the token. */
|
||||||
{
|
{
|
||||||
int32_t crap = my_random();
|
unsigned char crap[itokenlen];
|
||||||
char digest[bubblebabble_len(itokenlen)];
|
unsigned char digest[bubblebabble_len(itokenlen)];
|
||||||
|
|
||||||
|
urandom((char *)crap, sizeof(crap));
|
||||||
|
|
||||||
/* Digest some random junk. */
|
/* Digest some random junk. */
|
||||||
bubblebabble(digest, (char *)&crap, itokenlen);
|
bubblebabble(digest, (unsigned char *)&crap, itokenlen);
|
||||||
|
|
||||||
/* Append digest to service name. */
|
/* Append digest to category name. */
|
||||||
tokenlen = (size_t)snprintf(token, sizeof(token),
|
tokenlen = (size_t)snprintf(token, sizeof(token),
|
||||||
"%.*s:%s",
|
"%.*s:%s",
|
||||||
(int)servicelen, service, digest);
|
(int)categorylen, category, digest);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Write that token out now. */
|
/* Write that token out now. */
|
||||||
|
|
|
@ -1 +1 @@
|
||||||
../../tokencli/src/tokencli.c
|
../../tokens/src/tokencli.c
|
|
@ -6,6 +6,8 @@ octopus-install: octopus-build
|
||||||
|
|
||||||
$(call COPYTREE, octopus/service, $(OCTOPUS_PKGDIR)/service)
|
$(call COPYTREE, octopus/service, $(OCTOPUS_PKGDIR)/service)
|
||||||
|
|
||||||
|
$(call COPYTREE, octopus/tokens, $(OCTOPUS_PKGDIR)/tokens)
|
||||||
|
|
||||||
cp octopus/src/octopus $(OCTOPUS_PKGDIR)/bin/
|
cp octopus/src/octopus $(OCTOPUS_PKGDIR)/bin/
|
||||||
|
|
||||||
octopus-clean:
|
octopus-clean:
|
||||||
|
|
|
@ -20,10 +20,10 @@
|
||||||
#define max(a,b) (((a)>(b))?(a):(b))
|
#define max(a,b) (((a)>(b))?(a):(b))
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
uint8_t const key[] = {0x7d, 0x47, 0x84, 0x28,
|
uint8_t const key[] = {0x99, 0x5f, 0xcb, 0xde,
|
||||||
0x09, 0x87, 0xb5, 0xd2,
|
0xf9, 0x6d, 0x02, 0xf3,
|
||||||
0xd8, 0xab, 0x1c, 0xf3,
|
0x47, 0x60, 0x0a, 0xe0,
|
||||||
0xf2, 0x96, 0xd6, 0x68};
|
0x0a, 0x25, 0x4d, 0x16};
|
||||||
|
|
||||||
char const octopus[] =
|
char const octopus[] =
|
||||||
(" ___\n"
|
(" ___\n"
|
||||||
|
@ -48,7 +48,7 @@ char const octopus[] =
|
||||||
|
|
||||||
const char *friends[8] = {
|
const char *friends[8] = {
|
||||||
("Help Olive Octopus visit all 8 of her friends to receive a prize!\n"
|
("Help Olive Octopus visit all 8 of her friends to receive a prize!\n"
|
||||||
"Hurry though, things change quickly!\n"
|
"Hurry though, things change quickly in the ocean!\n"
|
||||||
"Next friend: %08o\n"
|
"Next friend: %08o\n"
|
||||||
"%s"
|
"%s"
|
||||||
),
|
),
|
||||||
|
|
|
@ -0,0 +1 @@
|
||||||
|
octopus
|
|
@ -0,0 +1,2 @@
|
||||||
|
|
||||||
|
Àñõ®¶'çå6Œ™²¤Y=
|
|
@ -0,0 +1,3 @@
|
||||||
|
™_ËÞùmóG`
|
||||||
|
à
|
||||||
|
%M
|
|
@ -99,11 +99,3 @@ done
|
||||||
|
|
||||||
sort -n $uanswers > $outdir/answers.txt
|
sort -n $uanswers > $outdir/answers.txt
|
||||||
rm $uanswers
|
rm $uanswers
|
||||||
|
|
||||||
cat <<EOF > $outdir/setup
|
|
||||||
#! /bin/sh
|
|
||||||
|
|
||||||
mkdir -p /var/www
|
|
||||||
ln -s /opt/$cat/puzzles /var/www/$cat
|
|
||||||
EOF
|
|
||||||
chmod +x $outdir/setup
|
|
||||||
|
|
|
@ -4,12 +4,10 @@ PWNABLES_PACKAGE = pwnables.pkg
|
||||||
pwnables-install: pwnables-build
|
pwnables-install: pwnables-build
|
||||||
mkdir -p $(PWNABLES_PKGDIR)
|
mkdir -p $(PWNABLES_PKGDIR)
|
||||||
|
|
||||||
cp pwnables/setup $(PWNABLES_PKGDIR)
|
|
||||||
|
|
||||||
mkdir -p $(PWNABLES_PKGDIR)/bin/
|
mkdir -p $(PWNABLES_PKGDIR)/bin/
|
||||||
$(MAKE) -C pwnables/src install DESTDIR=$(CURDIR)/$(PWNABLES_PKGDIR)
|
$(MAKE) -C pwnables/src install DESTDIR=$(CURDIR)/$(PWNABLES_PKGDIR)
|
||||||
|
|
||||||
$(call COPYTREE, pwnables/tokencli, $(PWNABLES_PKGDIR)/tokencli)
|
$(call COPYTREE, pwnables/tokens, $(PWNABLES_PKGDIR)/tokens)
|
||||||
|
|
||||||
$(call COPYTREE, pwnables/service, $(PWNABLES_PKGDIR)/service)
|
$(call COPYTREE, pwnables/service, $(PWNABLES_PKGDIR)/service)
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,8 @@
|
||||||
|
#! /bin/sh
|
||||||
|
|
||||||
|
if ! [ -d /opt/mcp ]; then
|
||||||
|
hostname pwnables
|
||||||
|
ifconfig eth0 10.1.1.2 netmask 255.0.0.0
|
||||||
|
fi
|
||||||
|
|
||||||
|
exec inotifyd true $(pwd):x
|
|
@ -1,3 +1,38 @@
|
||||||
#! /bin/sh -e
|
#! /bin/sh -e
|
||||||
|
|
||||||
|
# Set up chroot environment
|
||||||
|
# We never umount any of this since it's all just in RAM
|
||||||
|
mkdir -p /mnt/pwnables-root
|
||||||
|
grep -q pwnables-root /proc/mounts || mount -o bind / /mnt/pwnables-root
|
||||||
|
grep -q pwnables-var /proc/mounts || mount -t tmpfs -o size=5m,mode=0755 pwnables-var /mnt/pwnables-root/var
|
||||||
|
grep -q pwnables-tmp /proc/mounts || mount -t tmpfs -o size=15k pwnables-tmp /mnt/pwnables-root/tmp
|
||||||
|
grep -q pwnables-home /proc/mounts || mount -t tmpfs -o size=5m pwnables-home /mnt/pwnables-root/home
|
||||||
|
|
||||||
|
# Make some skeleton junk
|
||||||
|
install -o root -m 0755 -d /mnt/pwnables-root/var/lib
|
||||||
|
install -o root -m 0755 -d /mnt/pwnables-root/var/lib/ctf
|
||||||
|
install -o root -m 0755 -d /mnt/pwnables-root/var/lib/ctf/tokens
|
||||||
|
install -o root -m 0755 -d /mnt/pwnables-root/var/log
|
||||||
|
install -o root -m 0755 -d /mnt/pwnables-root/var/spool
|
||||||
|
install -o root -m 0755 -d /mnt/pwnables-root/var/cache
|
||||||
|
install -o root -m 0777 -d /mnt/pwnables-root/var/run
|
||||||
|
install -o root -m 0777 -d /mnt/pwnables-root/var/cache
|
||||||
|
|
||||||
|
# Install the pwnables
|
||||||
|
install -o root -d /mnt/pwnables-root/home/alice/
|
||||||
|
install -o bob -m 0111 /opt/pwnables/bin/gimmie /mnt/pwnables-root/home/alice/
|
||||||
|
|
||||||
|
# ltrace needs to read the binary
|
||||||
|
install -o bob -m 0555 /opt/pwnables/bin/ltraceme /mnt/pwnables-root/home/alice/
|
||||||
|
|
||||||
|
# straceme and killme need to be suid, to prevent LD_PRELOAD
|
||||||
|
install -o bob -m 04111 /opt/pwnables/bin/straceme /mnt/pwnables-root/home/alice/
|
||||||
|
install -o bob -m 04111 /opt/pwnables/bin/killme /mnt/pwnables-root/home/alice/
|
||||||
|
|
||||||
|
# Set up links for tokens
|
||||||
|
mkdir -p /var/lib/ctf/tokens
|
||||||
|
for puzzle in gimmie ltraceme straceme killme; do
|
||||||
|
ln -sf /mnt/pwnables-root/var/lib/ctf/tokens/$puzzle /var/lib/ctf/tokens/$puzzle
|
||||||
|
done
|
||||||
|
|
||||||
exec tcpsvd -C 5:"Let's not be greedy" 0 23 /sbin/telnetd -l ./pwnie
|
exec tcpsvd -C 5:"Let's not be greedy" 0 23 /sbin/telnetd -l ./pwnie
|
||||||
|
|
|
@ -1,38 +0,0 @@
|
||||||
#! /bin/sh
|
|
||||||
|
|
||||||
if [ ! -d /opt/mcp ]; then
|
|
||||||
hostname pwnables
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Set up a chroot environment by duplicating the base
|
|
||||||
# image
|
|
||||||
if [ ! -x /mnt/pwnables-root/bin/busybox ]; then
|
|
||||||
mkdir -p /mnt/pwnables-root
|
|
||||||
mount -o bind / /mnt/pwnables-root
|
|
||||||
mount -t tmpfs -o size=5m,mode=0755 pwnables-var /mnt/pwnables-root/var
|
|
||||||
mount -t tmpfs -o size=15k pwnables-tmp /mnt/pwnables-root/tmp
|
|
||||||
mount -t tmpfs -o size=5m pwnables-home /mnt/pwnables-root/home
|
|
||||||
|
|
||||||
# Make some skeleton junk
|
|
||||||
install -o root -m 0755 -d /mnt/pwnables-root/var/lib
|
|
||||||
install -o root -m 0755 -d /mnt/pwnables-root/var/lib/ctf
|
|
||||||
install -o root -m 0755 -d /mnt/pwnables-root/var/lib/ctf/tokens
|
|
||||||
install -o root -m 0755 -d /mnt/pwnables-root/var/log
|
|
||||||
install -o root -m 0755 -d /mnt/pwnables-root/var/spool
|
|
||||||
install -o root -m 0755 -d /mnt/pwnables-root/var/cache
|
|
||||||
install -o root -m 0777 -d /mnt/pwnables-root/var/run
|
|
||||||
install -o root -m 0777 -d /mnt/pwnables-root/var/cache
|
|
||||||
|
|
||||||
# Install the pwnables
|
|
||||||
install -o root -d /mnt/pwnables-root/home/alice/
|
|
||||||
install -o bob -m 0111 bin/gimmie /mnt/pwnables-root/home/alice/
|
|
||||||
|
|
||||||
# ltrace needs to read the binary
|
|
||||||
install -o bob -m 0555 bin/ltraceme /mnt/pwnables-root/home/alice/
|
|
||||||
|
|
||||||
# straceme and killme need to be suid, to prevent LD_PRELOAD
|
|
||||||
install -o bob -m 04111 bin/straceme /mnt/pwnables-root/home/alice/
|
|
||||||
install -o bob -m 04111 bin/killme /mnt/pwnables-root/home/alice/
|
|
||||||
fi
|
|
||||||
|
|
||||||
cp -r service/* /var/service/
|
|
|
@ -16,7 +16,7 @@ main(int argc, char *argv[])
|
||||||
key, sizeof(key),
|
key, sizeof(key),
|
||||||
token, sizeof(token) - 1);
|
token, sizeof(token) - 1);
|
||||||
if (-1 == tokenlen) {
|
if (-1 == tokenlen) {
|
||||||
write(1, "Something's broken: I can't read my token.\n", 43);
|
write(1, "Something is broken\nI can't read my token.\n", 43);
|
||||||
return 69;
|
return 69;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -71,6 +71,13 @@ main(int argc, char *argv[])
|
||||||
tokenlen = read_token("killme",
|
tokenlen = read_token("killme",
|
||||||
key, sizeof(key),
|
key, sizeof(key),
|
||||||
token, sizeof(token) - 1);
|
token, sizeof(token) - 1);
|
||||||
|
if (-1 == tokenlen) {
|
||||||
|
write(1, "Something is broken\nI can't read my token.\n", 43);
|
||||||
|
return 69;
|
||||||
|
}
|
||||||
|
token[tokenlen++] = '\n';
|
||||||
|
|
||||||
|
write(1, token, tokenlen);
|
||||||
}
|
}
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
|
|
|
@ -42,7 +42,7 @@ main(int argc, char *argv[])
|
||||||
key, sizeof(key),
|
key, sizeof(key),
|
||||||
token, sizeof(token) - 1);
|
token, sizeof(token) - 1);
|
||||||
if (-1 == tokenlen) {
|
if (-1 == tokenlen) {
|
||||||
printf("Unable to read token.\n");
|
write(1, "Something is broken\nI can't read my token.\n", 43);
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
token[tokenlen++] = '\0';
|
token[tokenlen++] = '\0';
|
||||||
|
|
|
@ -80,10 +80,12 @@ main(int argc, char *argv[])
|
||||||
|
|
||||||
tokenlen = read_token(cat,
|
tokenlen = read_token(cat,
|
||||||
key, sizeof(key),
|
key, sizeof(key),
|
||||||
token, sizeof(token));
|
token, sizeof(token) - 1);
|
||||||
if (-1 == tokenlen) {
|
if (-1 == tokenlen) {
|
||||||
return EX_NOINPUT;
|
write(1, "Something is broken\nI can't read my token.\n", 43);
|
||||||
|
return 69;
|
||||||
}
|
}
|
||||||
|
token[tokenlen++] = '\n';
|
||||||
|
|
||||||
write(1, token, tokenlen);
|
write(1, token, tokenlen);
|
||||||
}
|
}
|
||||||
|
|
|
@ -0,0 +1 @@
|
||||||
|
pwnables
|
|
@ -0,0 +1 @@
|
||||||
|
<EFBFBD><EFBFBD>t322<EFBFBD>/<2F>0<EFBFBD>g<EFBFBD><67>ji
|
|
@ -0,0 +1 @@
|
||||||
|
Q<EFBFBD>m<EFBFBD>!ј<>И <09>ІЈА F
|
|
@ -0,0 +1 @@
|
||||||
|
pwnables
|
|
@ -0,0 +1 @@
|
||||||
|
<EFBFBD><EFBFBD>t322<EFBFBD>/<2F>0<EFBFBD>g<EFBFBD><67>ji
|
Binary file not shown.
|
@ -0,0 +1 @@
|
||||||
|
pwnables
|
|
@ -0,0 +1 @@
|
||||||
|
<EFBFBD><EFBFBD>t322<EFBFBD>/<2F>0<EFBFBD>g<EFBFBD><67>ji
|
Binary file not shown.
|
@ -1,4 +0,0 @@
|
||||||
#! /bin/sh
|
|
||||||
|
|
||||||
exec 2>&1
|
|
||||||
exec ./tokengetd
|
|
|
@ -1,18 +0,0 @@
|
||||||
#! /bin/sh
|
|
||||||
|
|
||||||
chat=/tmp/tokencli.chatter
|
|
||||||
token=/tmp/tokencli.token
|
|
||||||
trap "rm -f $chat $token" 0
|
|
||||||
|
|
||||||
mkfifo -m 0500 $chat $token
|
|
||||||
|
|
||||||
while true; do
|
|
||||||
for dn in /opt/*/tokencli/*; do
|
|
||||||
[ -d $dn ] || continue
|
|
||||||
puzzle=$(basename $dn)
|
|
||||||
category=$(cat $dn/category)
|
|
||||||
nc 10.0.0.1 1 < $fifo | tokencli $category $dn/category.key > $fifo 3> $token
|
|
||||||
arc4 $dn/enc.key < $token > /var/lib/ctf/tokens/$category
|
|
||||||
done
|
|
||||||
sleep 60
|
|
||||||
done
|
|
|
@ -1,3 +0,0 @@
|
||||||
#! /bin/sh
|
|
||||||
|
|
||||||
cp -r service/* /var/service
|
|
|
@ -1,21 +0,0 @@
|
||||||
TOKENCLI_PKGDIR = build/tokencli
|
|
||||||
TOKENCLI_PACKAGE = tokencli.pkg
|
|
||||||
|
|
||||||
tokencli-install: tokencli-build
|
|
||||||
mkdir -p $(TOKENCLI_PKGDIR)/bin/
|
|
||||||
|
|
||||||
$(call COPYTREE, tokencli/service, $(TOKENCLI_PKGDIR)/service)
|
|
||||||
|
|
||||||
cp tokencli/setup $(TOKENCLI_PKGDIR)/
|
|
||||||
|
|
||||||
cp tokencli/src/tokencli $(TOKENCLI_PKGDIR)/bin/
|
|
||||||
cp tokencli/src/arc4 $(TOKENCLI_PKGDIR)/bin/
|
|
||||||
|
|
||||||
tokencli-clean:
|
|
||||||
rm -rf $(TOKENCLI_PKGDIR) $(TOKENCLI_PACKAGE)
|
|
||||||
$(MAKE) -C tokencli/src clean
|
|
||||||
|
|
||||||
tokencli-build:
|
|
||||||
$(MAKE) -C tokencli/src build
|
|
||||||
|
|
||||||
PACKAGES += tokencli
|
|
|
@ -0,0 +1,5 @@
|
||||||
|
#! /bin/sh
|
||||||
|
|
||||||
|
exec 2>&1
|
||||||
|
install -o root -m 0755 -d /var/lib/ctf/tokens
|
||||||
|
exec ./tokens
|
|
@ -0,0 +1,13 @@
|
||||||
|
#! /bin/sh
|
||||||
|
|
||||||
|
while true; do
|
||||||
|
for dn in /opt/*/tokens/*; do
|
||||||
|
[ -d $dn ] || continue
|
||||||
|
puzzle=$(basename $dn)
|
||||||
|
category=$(cat $dn/category)
|
||||||
|
busybox nc 10.0.0.1 1 \
|
||||||
|
-e /opt/tokens/bin/tokencli $category $dn/category.key 3>&1 | \
|
||||||
|
/opt/tokens/bin/arc4 $dn/enc.key > /var/lib/ctf/tokens/$puzzle
|
||||||
|
done
|
||||||
|
sleep 60
|
||||||
|
done
|
|
@ -1,3 +1,4 @@
|
||||||
#! /bin/sh
|
#! /bin/sh
|
||||||
|
|
||||||
|
cp -r service/* /var/service
|
||||||
mkdir -p /var/lib/ctf/tokens
|
mkdir -p /var/lib/ctf/tokens
|
|
@ -5,4 +5,4 @@ arc4: arc4.o arc4-main.o
|
||||||
tokencli: tokencli.o arc4.o
|
tokencli: tokencli.o arc4.o
|
||||||
|
|
||||||
clean:
|
clean:
|
||||||
rm *.o tokencli
|
rm -f *.o tokencli arc4
|
|
@ -0,0 +1,21 @@
|
||||||
|
TOKENS_PKGDIR = build/tokens
|
||||||
|
TOKENS_PACKAGE = tokens.pkg
|
||||||
|
|
||||||
|
tokens-install: tokens-build
|
||||||
|
mkdir -p $(TOKENS_PKGDIR)/bin/
|
||||||
|
|
||||||
|
$(call COPYTREE, tokens/service, $(TOKENS_PKGDIR)/service)
|
||||||
|
|
||||||
|
cp tokens/setup $(TOKENS_PKGDIR)/
|
||||||
|
|
||||||
|
cp tokens/src/tokencli $(TOKENS_PKGDIR)/bin/
|
||||||
|
cp tokens/src/arc4 $(TOKENS_PKGDIR)/bin/
|
||||||
|
|
||||||
|
tokens-clean:
|
||||||
|
rm -rf $(TOKENS_PKGDIR) $(TOKENS_PACKAGE)
|
||||||
|
$(MAKE) -C tokens/src clean
|
||||||
|
|
||||||
|
tokens-build:
|
||||||
|
$(MAKE) -C tokens/src build
|
||||||
|
|
||||||
|
PACKAGES += tokens
|
Loading…
Reference in New Issue