diff --git a/Makefile b/Makefile
index a8d6ca0..96254d0 100644
--- a/Makefile
+++ b/Makefile
@@ -11,8 +11,7 @@ PYC = __init__.pyc
PYC += config.pyc points.pyc teams.pyc
PYC += register.pyc scoreboard.pyc puzzler.pyc
PYC += flagd.pyc pointsd.pyc pointscli.pyc
-PYC += histogram.pyc
-#PYC += roshambo.pyc game.pyc
+PYC += histogram.pyc irc.pyc
all: ctf.tce
diff --git a/ctf.css b/ctf.css
index 22d08d4..b9aa22b 100644
--- a/ctf.css
+++ b/ctf.css
@@ -64,6 +64,10 @@ th, td {
vertical-align: top;
}
+.scoreboard {
+ background: #222;
+}
+
.scoreboard td {
height: 400px;
}
diff --git a/ctf/irc.py b/ctf/irc.py
index dac79e0..0587d4a 100755
--- a/ctf/irc.py
+++ b/ctf/irc.py
@@ -7,6 +7,8 @@ import sys
import traceback
import time
+channel_prefixes = '+#&'
+
class IRCHandler(asynchat.async_chat):
"""IRC Server connection.
@@ -256,7 +258,7 @@ class User(Recipient):
return 'User(%s, %s, %s)' % (self.name(), self.user, self.host)
def recipient(interface, name):
- if name[0] in ['&', '#', '+']:
+ if name[0] in channel_prefixes:
return Channel(interface, name)
else:
return User(interface, name, None, None)
@@ -327,9 +329,8 @@ class SmartIRCHandler(IRCHandler):
# PRIVMSG ['neale!~user@127.0.0.1', 'PRIVMSG', '#hydra'] firebot, foo
# PRIVMSG ['neale!~user@127.0.0.1', 'PRIVMSG', 'firebot'] firebot, foo
try:
- if args[2][0] in '#&':
- forum = self.recipient(args[2])
- else:
+ forum = self.recipient(args[2])
+ if not forum.is_channel():
forum = sender
addl = (text,)
except IndexError:
diff --git a/ctf/points.py b/ctf/points.py
index 3879a02..5099550 100755
--- a/ctf/points.py
+++ b/ctf/points.py
@@ -90,7 +90,7 @@ def incdict(dict, key, amt=1):
dict[key] = dict.get(key, 0) + amt
class Storage:
- def __init__(self, fn=None):
+ def __init__(self, fn=None, fix=False):
if not fn:
fn = config.datafile('scores.dat')
self.teams = set()
@@ -100,6 +100,8 @@ class Storage:
self.f = io.BytesIO()
# Read stored scores
+ truncate = False
+ lastgood = 0
try:
f = open(fn, 'rb')
while True:
@@ -113,7 +115,13 @@ class Storage:
team = b[catlen:].decode('utf-8')
req = (when, cat, team, score)
self.add(req, False)
+ lastgood = f.tell()
f.close()
+ except struct.error:
+ if fix:
+ truncate = True
+ else:
+ raise
except IOError:
pass
@@ -122,6 +130,10 @@ class Storage:
except IOError:
self.f = None
+ if truncate:
+ self.f.seek(lastgood)
+ self.f.truncate()
+
def __len__(self):
return len(self.log)
diff --git a/ctf/pointsd.py b/ctf/pointsd.py
index 85328e7..f557ab5 100755
--- a/ctf/pointsd.py
+++ b/ctf/pointsd.py
@@ -14,7 +14,7 @@ class MyHandler(asyncore.dispatcher):
asyncore.dispatcher.__init__(self)
self.create_socket(socket.AF_INET, socket.SOCK_DGRAM)
self.bind(('', port))
- self.store = points.Storage()
+ self.store = points.Storage(fix=True)
self.acked = set()
self.outq = []
diff --git a/ctfd.py b/ctfd.py
index bced2d5..99071b5 100755
--- a/ctfd.py
+++ b/ctfd.py
@@ -1,13 +1,13 @@
#! /usr/bin/env python3
import asyncore
-import pointsd
-import game
-import flagd
-import histogram
-import config
import os
import sys
+import optparse
+from ctf import pointsd
+from ctf import flagd
+from ctf import histogram
+from ctf import config
do_reap = False
@@ -27,6 +27,14 @@ def sigchld(signum, frame):
do_reap = True
def main():
+ p = optparse.OptionParser()
+ p.add_option('-p', '--genpass', dest='cat', default=None,
+ help='Generate a flagger password for the given category')
+ opts, args = p.parse_args()
+ if opts.cat:
+ print('%s:::%s' % (opts.cat, flagd.hexdigest(opts.cat.encode('utf-8'))))
+ return
+
pointsrv = pointsd.start()
flagsrv = flagd.start()
diff --git a/kevin/Makefile b/kevin/Makefile
index 5ced261..1368a11 100644
--- a/kevin/Makefile
+++ b/kevin/Makefile
@@ -7,11 +7,10 @@ kevin.tce: target
$(FAKE) sh -c 'cd target && tar -czf - --exclude=placeholder --exclude=*~ .' > $@
-target: kevin.py irc.pyc run log.run
- $(INSTALL) -d target/usr/lib/ctf/kevin
- $(INSTALL) kevin.py irc.py target/usr/lib/ctf/kevin
+target: kevin.py run log.run
+ $(INSTALL) -D kevin.py target/usr/bin/kevin.py
- $(INSTALL) --owner=100 -d target/var/lib/ctf/kevin/tokens
+ $(INSTALL) --owner=100 -d target/var/lib/kevin/tokens
$(INSTALL) -d target/var/service/kevin
$(INSTALL) run target/var/service/kevin/run
diff --git a/kevin/kevin.py b/kevin/kevin.py
index d0ba26b..1f122cc 100755
--- a/kevin/kevin.py
+++ b/kevin/kevin.py
@@ -60,8 +60,8 @@ class Kevin(irc.Bot):
def cmd_PRIVMSG(self, sender, forum, addl):
text = addl[0]
if text.startswith('!'):
- parts = text[1:].lower().split(' ', 1)
- cmd = parts[0]
+ parts = text[1:].split(' ', 1)
+ cmd = parts[0].lower()
if len(parts) > 1:
args = parts[1]
else:
diff --git a/kevin/run b/kevin/run
index b596d3c..f66c966 100755
--- a/kevin/run
+++ b/kevin/run
@@ -2,4 +2,4 @@
[ -f /var/lib/ctf/disabled/kevin ] && exit 0
-exec envuidgid ctf /usr/lib/ctf/kevin/kevin.py --victims=/var/lib/ctf/kevin/victims.txt --tokens=/var/lib/ctf/kevin/tokens
+exec envuidgid ctf /usr/bin/kevin.py --victims=/var/lib/kevin/victims.txt --tokens=/var/lib/kevin/tokens
diff --git a/puzzles/posters/10/img.png b/puzzles/posters/10/img.png
new file mode 100644
index 0000000..2d4e686
Binary files /dev/null and b/puzzles/posters/10/img.png differ
diff --git a/puzzles/posters/10/index.html b/puzzles/posters/10/index.html
new file mode 100644
index 0000000..2c21f28
--- /dev/null
+++ b/puzzles/posters/10/index.html
@@ -0,0 +1 @@
+
diff --git a/puzzles/posters/10/key b/puzzles/posters/10/key
new file mode 100644
index 0000000..071491e
--- /dev/null
+++ b/puzzles/posters/10/key
@@ -0,0 +1 @@
+You're well on your way :)
diff --git a/puzzles/posters/125/index.html b/puzzles/posters/125/index.html
new file mode 100644
index 0000000..90ccc06
--- /dev/null
+++ b/puzzles/posters/125/index.html
@@ -0,0 +1 @@
+Puzzle: Braille
diff --git a/puzzles/posters/125/key b/puzzles/posters/125/key
new file mode 100644
index 0000000..66d5619
--- /dev/null
+++ b/puzzles/posters/125/key
@@ -0,0 +1 @@
+‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽‽
diff --git a/puzzles/posters/15/img.png b/puzzles/posters/15/img.png
new file mode 100644
index 0000000..ea2737b
Binary files /dev/null and b/puzzles/posters/15/img.png differ
diff --git a/puzzles/posters/15/index.html b/puzzles/posters/15/index.html
new file mode 100644
index 0000000..067714f
--- /dev/null
+++ b/puzzles/posters/15/index.html
@@ -0,0 +1 @@
+
diff --git a/puzzles/posters/15/key b/puzzles/posters/15/key
new file mode 100644
index 0000000..1941358
--- /dev/null
+++ b/puzzles/posters/15/key
@@ -0,0 +1 @@
+-462766
diff --git a/puzzles/posters/5/img.png b/puzzles/posters/5/img.png
new file mode 100644
index 0000000..ad0dbc9
Binary files /dev/null and b/puzzles/posters/5/img.png differ
diff --git a/puzzles/posters/5/index.html b/puzzles/posters/5/index.html
new file mode 100644
index 0000000..7e4e1e7
--- /dev/null
+++ b/puzzles/posters/5/index.html
@@ -0,0 +1 @@
+
diff --git a/puzzles/posters/5/key b/puzzles/posters/5/key
new file mode 100644
index 0000000..9b8d504
--- /dev/null
+++ b/puzzles/posters/5/key
@@ -0,0 +1 @@
+3acd767f2717b84076cdcd18e882f01d
diff --git a/puzzles/posters/50/index.html b/puzzles/posters/50/index.html
new file mode 100644
index 0000000..e052596
--- /dev/null
+++ b/puzzles/posters/50/index.html
@@ -0,0 +1,7 @@
+Little-known fact
+Is that the
+Best answer is
+Right here.
+And if you know what the key is, you'll know where to go next.
+Really, it's that simple.
+You need to speak the key at the front desk.
diff --git a/puzzles/posters/50/key b/puzzles/posters/50/key
new file mode 100644
index 0000000..396c1b9
--- /dev/null
+++ b/puzzles/posters/50/key
@@ -0,0 +1 @@
+LIBRARY
diff --git a/puzzles/posters/75/index.html b/puzzles/posters/75/index.html
new file mode 100644
index 0000000..9ff3ecf
--- /dev/null
+++ b/puzzles/posters/75/index.html
@@ -0,0 +1 @@
+⚑ _ _ _ _ ◢ _ _ _ _ ♥ _ _ _ _ ★ _ _ _ _ ◕ _ _ _ _
diff --git a/puzzles/posters/75/key b/puzzles/posters/75/key
new file mode 100644
index 0000000..576d8a7
--- /dev/null
+++ b/puzzles/posters/75/key
@@ -0,0 +1 @@
+⚑ ◢ ◕ ★ ♥ ◢ ♥ ⚑ ◕ ★ ♥ ◕ ★ ♥ ⚑ ★ ⚑ ◢ ♥ ◢ ◕ ◕ ◢ ★ ⚑
diff --git a/puzzles/sequence/450/index.html b/puzzles/sequence/450/index.html
new file mode 100644
index 0000000..b6774c4
--- /dev/null
+++ b/puzzles/sequence/450/index.html
@@ -0,0 +1,3 @@
+
+04 aa 12 7f 99 03 ed c1 22 __ dc be e1 45 94
+
diff --git a/puzzles/sequence/450/key b/puzzles/sequence/450/key
new file mode 100644
index 0000000..eeee65e
--- /dev/null
+++ b/puzzles/sequence/450/key
@@ -0,0 +1 @@
+05
diff --git a/pwnables/Makefile b/pwnables/Makefile
new file mode 100644
index 0000000..154b3a8
--- /dev/null
+++ b/pwnables/Makefile
@@ -0,0 +1,29 @@
+CGI = cat.cgi
+
+TARGET = $(CURDIR)/target
+
+FAKE = fakeroot -s $(CURDIR)/fake -i $(CURDIR)/fake
+INSTALL = $(FAKE) install
+
+all: 99-pwnables.tce
+
+99-pwnables.tce: target
+ $(FAKE) sh -c 'cd target && tar -czf - --exclude=placeholder --exclude=*~ .' > $@
+
+target:
+ $(INSTALL) -d $(TARGET)
+
+ (cd skel; tar cf - .) | (cd $(TARGET); tar xf -)
+
+ $(MAKE) -C daemons TARGET=$(TARGET) install
+
+ $(INSTALL) -d $(TARGET)/usr/lib/www
+ $(INSTALL) $(CGI) $(TARGET)/usr/lib/www
+
+ $(INSTALL) -D flag $(TARGET)/var/lib/tftp/flag
+ $(INSTALL) -D flag $(TARGET)/var/lib/notes/flag
+ $(INSTALL) -D flag $(TARGET)/home/flag/.plan
+
+
+clean:
+ rm -rf target
diff --git a/pwnables/cat.cgi b/pwnables/cat.cgi
new file mode 100755
index 0000000..de8c66f
--- /dev/null
+++ b/pwnables/cat.cgi
@@ -0,0 +1,6 @@
+#! /bin/sh
+
+echo 'Content-type: text/plain'
+echo
+cat .$PATH_INFO
+
diff --git a/pwnables/daemons/Makefile b/pwnables/daemons/Makefile
new file mode 100644
index 0000000..c0f972f
--- /dev/null
+++ b/pwnables/daemons/Makefile
@@ -0,0 +1,21 @@
+SBIN = in.fingerd in.noted
+BIN = notecli
+
+TARGET ?= $(CURDIR)/target
+FAKE = fakeroot -s $(CURDIR)/fake -i $(CURDIR)/fake
+INSTALL = $(FAKE) install
+
+all: $(SBIN) $(BIN)
+
+install: all
+ $(INSTALL) -d $(TARGET)/usr/sbin
+ $(INSTALL) -s $(SBIN) $(TARGET)/usr/sbin
+
+ $(INSTALL) -d $(TARGET)/usr/bin
+ $(INSTALL) -s $(BIN) $(TARGET)/usr/bin
+
+ $(INSTALL) -d $(TARGET)/var/service/fingerd
+ $(INSTALL) run.fingerd $(TARGET)/var/service/fingerd/run
+
+ $(INSTALL) -d $(TARGET)/var/service/noted
+ $(INSTALL) run.noted $(TARGET)/var/service/noted/run
diff --git a/pwnables/daemons/in.fingerd.c b/pwnables/daemons/in.fingerd.c
new file mode 100644
index 0000000..c51cc13
--- /dev/null
+++ b/pwnables/daemons/in.fingerd.c
@@ -0,0 +1,44 @@
+#include
+#include
+
+int
+main(int argc, char *argv)
+{
+ char user[256];
+ char path[512];
+ char *data;
+ FILE *f;
+ size_t count;
+ int i;
+ char *peer = getenv("REMOTEADDR");
+
+ openlog("in.fingerd", LOG_PID, LOG_USER);
+ if (NULL == gets(user)) {
+ return 0;
+ }
+ for (data = user; *data; data += 1) {
+ if ('\r' == *data) {
+ *data = 0;
+ }
+ }
+ if (peer) {
+ syslog(LOG_INFO, "%s requests %s", peer, user);
+ }
+ if (0 == user[0]) {
+ printf("Nobody's home.\n");
+ return 0;
+ }
+
+ sprintf(path, "/home/%s/.plan", user);
+ f = fopen(path, "r");
+ if (NULL == f) {
+ printf("No such user.\n");
+ return 0;
+ }
+
+ data = path;
+ while (count = fread(data, sizeof(*data), 1, f)) {
+ fwrite(data, count, 1, stdout);
+ }
+ return 0;
+}
diff --git a/pwnables/daemons/in.noted.c b/pwnables/daemons/in.noted.c
new file mode 100644
index 0000000..33b611f
--- /dev/null
+++ b/pwnables/daemons/in.noted.c
@@ -0,0 +1,55 @@
+#include
+#include
+
+void
+readntrim(char *s)
+{
+ gets(s);
+ for (; *s; s++) {
+ switch (*s) {
+ case '\n':
+ case '\r':
+ *s = 0;
+ }
+ }
+}
+
+int
+main(int argc, char *argv)
+{
+ int cmd;
+ char line[4096];
+ char note[512];
+ FILE *f = NULL;
+ char *peer = getenv("REMOTEADDR");
+
+ openlog("in.noted", LOG_PID, LOG_USER);
+ switch (getc(stdin)) {
+ case EOF:
+ return 0;
+ case 'r':
+ readntrim(note);
+ if (peer) {
+ syslog(LOG_INFO, "%s read %s", peer, note);
+ }
+ f = fopen(note, "r");
+ while (fgets(line, sizeof(line), f)) {
+ fputs(line, stdout);
+ }
+ fclose(f);
+ break;
+ case 'w':
+ readntrim(note);
+ if (peer) {
+ syslog(LOG_INFO, "%s write %s", peer, note);
+ }
+ f = fopen(note, "w");
+ while (gets(line)) {
+ fputs(line, f);
+ }
+ fclose(f);
+ break;
+ }
+
+ return 0;
+}
diff --git a/pwnables/daemons/notecli.c b/pwnables/daemons/notecli.c
new file mode 100644
index 0000000..752f3c0
--- /dev/null
+++ b/pwnables/daemons/notecli.c
@@ -0,0 +1,90 @@
+#include
+#include
+#include
+#include
+#include
+#include
+
+int
+open_connection(char *host, int port)
+{
+ struct sockaddr_in addr;
+ struct hostent *h;
+ int fd;
+
+ if (! inet_aton(host, &(addr.sin_addr))) {
+ if (!(h = gethostbyname(host))) {
+ return -1;
+ } else {
+ memcpy(&(addr.sin_addr), h->h_addr, h->h_length);
+ }
+ }
+ fd = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP);
+ if (fd == -1) {
+ return -1;
+ }
+ addr.sin_family = AF_INET;
+ addr.sin_port = htons(port);
+ if (connect(fd, (struct sockaddr *)&addr, sizeof(addr))) {
+ close(fd);
+ return -1;
+ }
+
+ return fd;
+}
+
+void
+clean(char *s)
+{
+ for (; *s; s++) {
+ switch (*s) {
+ case '/':
+ case '.':
+ *s = '_';
+ }
+ }
+}
+
+int
+main(int argc, char *argv[])
+{
+ int fd;
+ char s[4096];
+ ssize_t len;
+
+ if (4 != argc) {
+ printf("Usage: %s HOST NOTE COMMAND\n", argv[0]);
+ printf("\n");
+ printf(" COMMAND must be 'r' (read) or 'w' (write).\n");
+ printf(" For w, input is taken from stdin.\n");
+ return 1;
+ }
+
+ fd = open_connection(argv[1], 4000);
+ clean(argv[2]);
+ switch (argv[3][0]) {
+ case 'r':
+ write(fd, "r", 1);
+ write(fd, argv[2], strlen(argv[2]));
+ write(fd, "\n", 1);
+ do {
+ len = read(fd, s, sizeof(s));
+ write(1, s, len);
+ } while (len);
+ break;
+ case 'w':
+ write(fd, "w", 1);
+ write(fd, argv[2], strlen(argv[2]));
+ write(fd, "\n", 1);
+ do {
+ len = read(0, s, sizeof(s));
+ write(fd, s, len);
+ } while (len);
+ break;
+ default:
+ printf("I don't understand that command.\n");
+ break;
+ }
+
+ return 0;
+}
diff --git a/pwnables/daemons/run.fingerd b/pwnables/daemons/run.fingerd
new file mode 100755
index 0000000..4088271
--- /dev/null
+++ b/pwnables/daemons/run.fingerd
@@ -0,0 +1,3 @@
+#! /bin/sh
+
+exec tcpsvd 0 79 /usr/sbin/in.fingerd
diff --git a/pwnables/daemons/run.noted b/pwnables/daemons/run.noted
new file mode 100755
index 0000000..5dcb91f
--- /dev/null
+++ b/pwnables/daemons/run.noted
@@ -0,0 +1,4 @@
+#! /bin/sh
+
+cd /var/lib/notes
+exec tcpsvd 0 4000 /usr/sbin/in.noted
diff --git a/pwnables/init b/pwnables/init
new file mode 100755
index 0000000..39abecd
--- /dev/null
+++ b/pwnables/init
@@ -0,0 +1,25 @@
+#! /bin/sh
+
+## This is the init for the desktop services box.
+. /sbin/db-funcs.sh
+
+dbmsg
+dbmsg "-----------------------------------------------------------------------"
+dbmsg "Bringing up pwnables personality"
+dbmsg "-----------------------------------------------------------------------"
+dbmsg
+
+# /usr and /home live in RAM
+mount -t tmpfs usr /usr
+mount -t tmpfs home /home
+
+# Unpackage everything. Globs are sorted in busybox.
+cd /
+for i in /opt/tce/*.tce; do
+ dbmsg "Unpacking $i..."
+ tar xzf $i
+done
+
+# Pass control to /usr/sbin/init
+[ -x /usr/sbin/init ] && exec /usr/sbin/init
+exec busybox init
diff --git a/pwnables/skel/usr/etc/hostname b/pwnables/skel/usr/etc/hostname
new file mode 100644
index 0000000..0dcc91d
--- /dev/null
+++ b/pwnables/skel/usr/etc/hostname
@@ -0,0 +1 @@
+ctf
diff --git a/pwnables/skel/usr/etc/shadow b/pwnables/skel/usr/etc/shadow
new file mode 100644
index 0000000..6a17be6
--- /dev/null
+++ b/pwnables/skel/usr/etc/shadow
@@ -0,0 +1 @@
+root::::::::
diff --git a/pwnables/skel/var/service/networking/finish b/pwnables/skel/var/service/networking/finish
new file mode 100755
index 0000000..8882913
--- /dev/null
+++ b/pwnables/skel/var/service/networking/finish
@@ -0,0 +1,3 @@
+#! /bin/sh
+
+# Nothing to see here.
diff --git a/pwnables/skel/var/service/networking/run b/pwnables/skel/var/service/networking/run
new file mode 100755
index 0000000..6cc5a94
--- /dev/null
+++ b/pwnables/skel/var/service/networking/run
@@ -0,0 +1,14 @@
+#! /bin/sh -e
+
+# busybox's dc doesn't support i :<
+# Its awk does support 0xa0 as an int, but gawk doesn't. This only works on busybox.
+lastd=$(awk -F ':' '{for (i=1; i