Skip to content

Commit

Permalink
Initial commit.
Browse files Browse the repository at this point in the history
  • Loading branch information
fuzyll committed May 28, 2023
0 parents commit 9e09d7d
Show file tree
Hide file tree
Showing 2,585 changed files with 314,558 additions and 0 deletions.
98 changes: 98 additions & 0 deletions 3guard/guard1.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,98 @@
#!/usr/bin/env python

import random
import socketserver
import pyseccomp as seccomp

# Command handlers
def handle_deal(arg):
return 'I can read files, but I can\'t open them!\n'

def handle_goodbye(arg):
return 'Goodbye!\n'

def handle_exec(arg, loc={}):
exec(arg, {}, loc)
return "Sure thing, boss"

COMMANDS = {
'What is your deal?': handle_deal,
'exec' : handle_exec,
}

def banter():
return random.choice([
"I don't know, I wasn't really paying attention.",
"I was just taking a quick nap, no big deal.",
"Sorry, I was on my phone and didn't see anything.",
"Well, it wasn't my break time yet, so I didn't bother.",
"Who cares if I let them in? They looked fine to me.",
"Honestly, I don't remember if I locked the gate or not.",
"I forgot to check their ID, but they seemed trustworthy.",
"I didn't report it because it seemed like too much paperwork.",
"Why bother with the security cameras? They never show anything interesting.",
"I can't be expected to keep an eye on everything all the time.",
"I don't get paid enough to deal with this.",
"Yeah, I saw them, but it wasn't my problem.",
"I gave my buddy the security code, he just wanted to see the place.",
"I don't see the point of these constant patrols.",
"I just let anyone in who says they work here.",
"Sure, I leave the keys lying around, but who would steal them?",
"Checking bags is a waste of time, nobody ever has anything.",
"I don't see why I need to be sober to do this job.",
"They didn't look suspicious to me, so I let them go.",
"I haven't really read the security protocols, they're boring."
])

class TCPHandler(socketserver.BaseRequestHandler):

def handle(self):
# Receive the data
while True:
data = self.request.recv(1024)
if not data:
break
command = data.decode().strip()
(command,_, arg) = command.partition(":")
if command in COMMANDS:
response = COMMANDS[command](arg)
self.request.sendall(response.encode())
else:
msg = 'Invalid command. Valid commands are: ' + ', '.join(COMMANDS.keys()) + '\n'
msg = banter()
self.request.sendall(msg.encode())

def drop_perms():
# create a new seccomp filter
filter = seccomp.SyscallFilter(seccomp.KILL)
#skip these, even if they're in the top 75
avoid = [2, 40, 56, 59]
# allow only the first 50 syscalls
for i in range(0, 70):
if i in avoid:
continue
filter.add_rule(seccomp.ALLOW, i)
filter.add_rule(seccomp.ALLOW, 285)
filter.add_rule(seccomp.ALLOW, 286)
filter.add_rule(seccomp.ALLOW, 287)
filter.add_rule(seccomp.ALLOW, 288)
filter.add_rule(seccomp.ALLOW, 289)
filter.add_rule(seccomp.ALLOW, 290)


# load the filter into the current process
filter.load()


def start_server(host = 'localhost', port = 6900):
server_address = (host, port)
server = socketserver.TCPServer(server_address, TCPHandler)

# Start the server
drop_perms()
server.serve_forever()


if __name__ == "__main__":
start_server()

94 changes: 94 additions & 0 deletions 3guard/guard2.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,94 @@
#!/usr/bin/env python

import random
import socketserver
import pyseccomp as seccomp

# Command handlers
def handle_deal(arg):
return 'I can open files, but I can\'t read them!\n'

def handle_exec(arg, loc={}):
exec(arg, {}, loc)
return "Sure thing, boss"

COMMANDS = {
'What is your deal?': handle_deal,
'exec' : handle_exec,
}

def banter():
return random.choice([
"I don't know, I wasn't really paying attention.",
"I was just taking a quick nap, no big deal.",
"Sorry, I was on my phone and didn't see anything.",
"Well, it wasn't my break time yet, so I didn't bother.",
"Who cares if I let them in? They looked fine to me.",
"Honestly, I don't remember if I locked the gate or not.",
"I forgot to check their ID, but they seemed trustworthy.",
"I didn't report it because it seemed like too much paperwork.",
"Why bother with the security cameras? They never show anything interesting.",
"I can't be expected to keep an eye on everything all the time.",
"I don't get paid enough to deal with this.",
"Yeah, I saw them, but it wasn't my problem.",
"I gave my buddy the security code, he just wanted to see the place.",
"I don't see the point of these constant patrols.",
"I just let anyone in who says they work here.",
"Sure, I leave the keys lying around, but who would steal them?",
"Checking bags is a waste of time, nobody ever has anything.",
"I don't see why I need to be sober to do this job.",
"They didn't look suspicious to me, so I let them go.",
"I haven't really read the security protocols, they're boring."
])

class TCPHandler(socketserver.BaseRequestHandler):

def handle(self):
# Receive the data
while True:
data = self.request.recv(1024)
if not data:
break
command = data.decode().strip()
(command,_, arg) = command.partition(":")
if command in COMMANDS:
response = COMMANDS[command](arg)
self.request.sendall(response.encode())
else:
msg = 'Invalid command. Valid commands are: ' + ', '.join(COMMANDS.keys()) + '\n'
msg = banter()
self.request.sendall(msg.encode())


def drop_perms():
# create a new seccomp filter
filter = seccomp.SyscallFilter(seccomp.KILL)
#skip these, even if they're in the top 75
avoid = [0, 17, 19, 40, 56, 59]
# allow only the first 50 syscalls
for i in range(0, 70):
if i in avoid:
continue
filter.add_rule(seccomp.ALLOW, i)
filter.add_rule(seccomp.ALLOW, 285)
filter.add_rule(seccomp.ALLOW, 286)
filter.add_rule(seccomp.ALLOW, 287)
filter.add_rule(seccomp.ALLOW, 288)
filter.add_rule(seccomp.ALLOW, 289)
filter.add_rule(seccomp.ALLOW, 290)


# load the filter into the current process
filter.load()

def start_server(host = 'localhost', port = 6901):
server_address = (host, port)
server = socketserver.TCPServer(server_address, TCPHandler)

# Start the server
server.serve_forever()


if __name__ == "__main__":
start_server()

94 changes: 94 additions & 0 deletions 3guard/guard3.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,94 @@
#!/usr/bin/env python

import random
import socketserver
import pyseccomp as seccomp

# Command handlers
def handle_deal(arg):
return 'I am annoyed by people who try to do clever things with files'

def handle_exec(arg, loc={}):
exec(arg, {}, loc)
return "Sure thing, boss"

COMMANDS = {
'What is your deal?': handle_deal,
'exec' : handle_exec,
}

def banter():
return random.choice([
"I don't know, I wasn't really paying attention.",
"I was just taking a quick nap, no big deal.",
"Sorry, I was on my phone and didn't see anything.",
"Well, it wasn't my break time yet, so I didn't bother.",
"Who cares if I let them in? They looked fine to me.",
"Honestly, I don't remember if I locked the gate or not.",
"I forgot to check their ID, but they seemed trustworthy.",
"I didn't report it because it seemed like too much paperwork.",
"Why bother with the security cameras? They never show anything interesting.",
"I can't be expected to keep an eye on everything all the time.",
"I don't get paid enough to deal with this.",
"Yeah, I saw them, but it wasn't my problem.",
"I gave my buddy the security code, he just wanted to see the place.",
"I don't see the point of these constant patrols.",
"I just let anyone in who says they work here.",
"Sure, I leave the keys lying around, but who would steal them?",
"Checking bags is a waste of time, nobody ever has anything.",
"I don't see why I need to be sober to do this job.",
"They didn't look suspicious to me, so I let them go.",
"I haven't really read the security protocols, they're boring."
])

class TCPHandler(socketserver.BaseRequestHandler):

def handle(self):
# Receive the data
while True:
data = self.request.recv(1024)
if not data:
break
command = data.decode().strip()
(command,_, arg) = command.partition(":")
if command in COMMANDS:
response = COMMANDS[command](arg)
self.request.sendall(response.encode())
else:
msg = banter()
self.request.sendall(msg.encode())

def drop_perms():
# create a new seccomp filter
filter = seccomp.SyscallFilter(seccomp.KILL)
#skip these, even if they're in the top 75
avoid = [0, 2, 17, 19, 40, 56, 59]
# allow only the first 50 syscalls
for i in range(0, 70):
if i in avoid:
continue
filter.add_rule(seccomp.ALLOW, i)
filter.add_rule(seccomp.ALLOW, 285)
filter.add_rule(seccomp.ALLOW, 286)
filter.add_rule(seccomp.ALLOW, 287)
filter.add_rule(seccomp.ALLOW, 288)
filter.add_rule(seccomp.ALLOW, 289)
filter.add_rule(seccomp.ALLOW, 290)


# load the filter into the current process
filter.load()

def start_server(host = 'localhost', port = 6902):
server_address = (host, port)
server = socketserver.TCPServer(server_address, TCPHandler)

drop_perms()

# Start the server
server.serve_forever()


if __name__ == "__main__":
start_server()

66 changes: 66 additions & 0 deletions 3guard/main.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,66 @@
#!/usr/bin/env python
import sys
import time
import socket
import select

ADDR = "localhost"

class Guard:
def __init__(self, name: str, port: int):
self.name = name
self.sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
self.sock.connect((ADDR, port))

def talk(self):
data = self.sock.recv(1024)
if len(data) == 0:
talkers.remove(self)
socket.close(self.fileno())
return
print(f"{self.name}: {data.decode('utf-8').strip()}")

def fileno(self):
return self.sock.fileno()

def recv(self, num):
return self.sock.recv(num)

def speakTo(self, words):
self.sock.send(words)

def name(self):
return self.name

class Speaker:
def fileno(self):
return sys.stdin.fileno()

def talk(self):
foo = sys.stdin.readline()
(requestedName,_,what) = foo.partition(":")
try:
who = [guard for guard in talkers if guard.name == requestedName]
who[0].speakTo(bytes(what, 'utf-8'))
except IndexError:
print("Nobody here by that name...")

def name(self):
return "Yourself"

talkers = []

def main():

speaker = Speaker()
talkers.append(Guard("Bob", 6900))
talkers.append(Guard("Charles", 6901))
talkers.append(Guard("Sam", 6902))
talkers.append(speaker)
while(True):
(got, want, _) = select.select( talkers, [], [])
for guard in got:
guard.talk()

if __name__ == "__main__":
main()
1 change: 1 addition & 0 deletions 3guard/requirements.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
pyseccomp
11 changes: 11 additions & 0 deletions 3guard/run_challenge.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
#!/bin/bash

python3 /opt/guard1.py &
python3 /opt/guard2.py &
python3 /opt/guard3.py &

/bin/sleep 2

#flag is in /opt/flag.txt

python3 -u /opt/main.py
22 changes: 22 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
# The DEF CON CTF 2023 Qualifier #

This repository contains the open source release for Nautilus Institute's 2023
DEF CON CTF qualifier.

We are releasing all of the source code for every challenge that was released
during the game. In most cases, this also includes all of the code required to
build that source code into a working challenge (such as `Makefile`s and
`Dockerfile`s). It *does not* include the infrastructure required to *host*
those challenges (e.g. our CI/CD pipeline, deployment scripts, and the
`gatekeeper` binary that validates tickets).

## License ##

Everything in this repository, unless otherwise stated, is being released under
the MIT license. See [`LICENSE.md`](./LICENSE.md) for more details.

## Contact ##

Questions, comments, and/or concerns can be sent to
[@fuzyll](https://github.com/fuzyll), who is happy to direct things to the
appropriate party from there.
Binary file not shown.
Loading

0 comments on commit 9e09d7d

Please sign in to comment.