neale/moth
neale
/
moth
mirror of https://github.com/dirtbags/moth.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

A couple fixes made during NSM

This commit is contained in:
Neale Pickett 2010-10-22 11:15:37 -06:00
parent 7fba5155b1
commit 4c4656ede0
8 changed files with 34 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
doc/ideas.txt
View File

@ -1,6 +1,5 @@
Ideas for puzzles Ideas for puzzles
================= =================
* Hide something in a .docx zip file
* Bootable image with FreeDOS, Linux, Inferno? HURD? * Bootable image with FreeDOS, Linux, Inferno? HURD?
* Bury puzzles in various weird locations within each OS * Bury puzzles in various weird locations within each OS
* Maybe put some in the boot loader, too * Maybe put some in the boot loader, too
@ -9,7 +8,16 @@ Ideas for puzzles
* DHCP option * DHCP option
* Single TCP RST with token in payload * Single TCP RST with token in payload
* Multiple TCP RST with different payloads * Multiple TCP RST with different payloads
* http://10.0.0.2/token
* PXE boot some sort of points-gathering client * PXE boot some sort of points-gathering client
* Init asks for a team hash, and starts awarding points * Init asks for a team hash, and starts awarding points
* Broken startup scripts, when fixed award more points * Broken startup scripts, when fixed award more points
* Lots of remote exploits * Lots of remote exploits
* "qemu -net socket" vpn thingy and then...
Capture the Packet
------------------
* Jim Meilander could teach a class about Bro
* Use qemu -net socket,connect=10.0.0.2:5399 for capture the packet

2
mcp/src/puzzler.cgi.c
View File

@ -49,7 +49,7 @@ main(int argc, char *argv[])
char *p; char *p;
for (p = category; *p; p += 1) { for (p = category; *p; p += 1) {
if (! isalnum(*p)) { if ((! isalnum(*p)) && ('-' != *p)) {
cgi_page("Invalid category", ""); cgi_page("Invalid category", "");
} }
} }

4
mcp/www/ctf.css
View File

@ -162,4 +162,6 @@ table.pollster thead {
font-weight: bold; font-weight: bold;
} }
table.scoreboard {
height: 400px;
}

5
octopus/solution.sh
View File

@ -1,14 +1,15 @@
#! /bin/sh #! /bin/sh
port=8888 port=8888
host=10.0.0.10
blooper=$(tempfile) blooper=$(tempfile)
trap "rm $blooper" 0 trap "rm $blooper" 0
echo foo | socat -t 0.01 STDIO UDP:127.0.0.1:8888 | tail -n +4 > $blooper echo foo | socat -t 0.01 STDIO UDP:$host:$port | tail -n +4 > $blooper
for i in $(seq 8); do for i in $(seq 8); do
result=$(socat -t 0.01 STDIO UDP:127.0.0.1:$port < $blooper | awk -F': ' '(NF > 1) {print $2; exit;}') result=$(socat -t 0.01 STDIO UDP:$host:$port < $blooper | awk -F': ' '(NF > 1) {print $2; exit;}')
port=$(echo "ibase=8; $result" | bc) port=$(echo "ibase=8; $result" | bc)
echo $port echo $port
done done

8
pwnables/service/eth0.pwn/run
View File

@ -1,8 +1,10 @@
#! /bin/sh #! /bin/sh
if ! [ -d /opt/mcp ]; then if [ -d /opt/mcp ]; then
hostname pwnables sv d .
ifconfig eth0 10.0.0.10 netmask 255.0.0.0 exit
fi fi
hostname pwnables
ifconfig eth0 10.0.0.10 netmask 255.0.0.0
exec inotifyd true $(pwd):x exec inotifyd true $(pwd):x

3
pwnables/service/sshd.pwn/log/run Executable file
View File

@ -0,0 +1,3 @@
#! /bin/sh
exec logger -t sshd

BIN
pwnables/service/sshd.pwn/rsa.key Normal file
View File

Binary file not shown.

10
pwnables/service/sshd.pwn/run Executable file
View File

@ -0,0 +1,10 @@
#! /bin/sh
exec 2>&1
if [ -d /opt/mcp ]; then
sv d .
exit
fi
exec dropbear -r ./rsa.key -E -F