-
Notifications
You must be signed in to change notification settings - Fork 9
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
0 parents
commit 9e09d7d
Showing
2,585 changed files
with
314,558 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,98 @@ | ||
#!/usr/bin/env python | ||
|
||
import random | ||
import socketserver | ||
import pyseccomp as seccomp | ||
|
||
# Command handlers | ||
def handle_deal(arg): | ||
return 'I can read files, but I can\'t open them!\n' | ||
|
||
def handle_goodbye(arg): | ||
return 'Goodbye!\n' | ||
|
||
def handle_exec(arg, loc={}): | ||
exec(arg, {}, loc) | ||
return "Sure thing, boss" | ||
|
||
COMMANDS = { | ||
'What is your deal?': handle_deal, | ||
'exec' : handle_exec, | ||
} | ||
|
||
def banter(): | ||
return random.choice([ | ||
"I don't know, I wasn't really paying attention.", | ||
"I was just taking a quick nap, no big deal.", | ||
"Sorry, I was on my phone and didn't see anything.", | ||
"Well, it wasn't my break time yet, so I didn't bother.", | ||
"Who cares if I let them in? They looked fine to me.", | ||
"Honestly, I don't remember if I locked the gate or not.", | ||
"I forgot to check their ID, but they seemed trustworthy.", | ||
"I didn't report it because it seemed like too much paperwork.", | ||
"Why bother with the security cameras? They never show anything interesting.", | ||
"I can't be expected to keep an eye on everything all the time.", | ||
"I don't get paid enough to deal with this.", | ||
"Yeah, I saw them, but it wasn't my problem.", | ||
"I gave my buddy the security code, he just wanted to see the place.", | ||
"I don't see the point of these constant patrols.", | ||
"I just let anyone in who says they work here.", | ||
"Sure, I leave the keys lying around, but who would steal them?", | ||
"Checking bags is a waste of time, nobody ever has anything.", | ||
"I don't see why I need to be sober to do this job.", | ||
"They didn't look suspicious to me, so I let them go.", | ||
"I haven't really read the security protocols, they're boring." | ||
]) | ||
|
||
class TCPHandler(socketserver.BaseRequestHandler): | ||
|
||
def handle(self): | ||
# Receive the data | ||
while True: | ||
data = self.request.recv(1024) | ||
if not data: | ||
break | ||
command = data.decode().strip() | ||
(command,_, arg) = command.partition(":") | ||
if command in COMMANDS: | ||
response = COMMANDS[command](arg) | ||
self.request.sendall(response.encode()) | ||
else: | ||
msg = 'Invalid command. Valid commands are: ' + ', '.join(COMMANDS.keys()) + '\n' | ||
msg = banter() | ||
self.request.sendall(msg.encode()) | ||
|
||
def drop_perms(): | ||
# create a new seccomp filter | ||
filter = seccomp.SyscallFilter(seccomp.KILL) | ||
#skip these, even if they're in the top 75 | ||
avoid = [2, 40, 56, 59] | ||
# allow only the first 50 syscalls | ||
for i in range(0, 70): | ||
if i in avoid: | ||
continue | ||
filter.add_rule(seccomp.ALLOW, i) | ||
filter.add_rule(seccomp.ALLOW, 285) | ||
filter.add_rule(seccomp.ALLOW, 286) | ||
filter.add_rule(seccomp.ALLOW, 287) | ||
filter.add_rule(seccomp.ALLOW, 288) | ||
filter.add_rule(seccomp.ALLOW, 289) | ||
filter.add_rule(seccomp.ALLOW, 290) | ||
|
||
|
||
# load the filter into the current process | ||
filter.load() | ||
|
||
|
||
def start_server(host = 'localhost', port = 6900): | ||
server_address = (host, port) | ||
server = socketserver.TCPServer(server_address, TCPHandler) | ||
|
||
# Start the server | ||
drop_perms() | ||
server.serve_forever() | ||
|
||
|
||
if __name__ == "__main__": | ||
start_server() | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,94 @@ | ||
#!/usr/bin/env python | ||
|
||
import random | ||
import socketserver | ||
import pyseccomp as seccomp | ||
|
||
# Command handlers | ||
def handle_deal(arg): | ||
return 'I can open files, but I can\'t read them!\n' | ||
|
||
def handle_exec(arg, loc={}): | ||
exec(arg, {}, loc) | ||
return "Sure thing, boss" | ||
|
||
COMMANDS = { | ||
'What is your deal?': handle_deal, | ||
'exec' : handle_exec, | ||
} | ||
|
||
def banter(): | ||
return random.choice([ | ||
"I don't know, I wasn't really paying attention.", | ||
"I was just taking a quick nap, no big deal.", | ||
"Sorry, I was on my phone and didn't see anything.", | ||
"Well, it wasn't my break time yet, so I didn't bother.", | ||
"Who cares if I let them in? They looked fine to me.", | ||
"Honestly, I don't remember if I locked the gate or not.", | ||
"I forgot to check their ID, but they seemed trustworthy.", | ||
"I didn't report it because it seemed like too much paperwork.", | ||
"Why bother with the security cameras? They never show anything interesting.", | ||
"I can't be expected to keep an eye on everything all the time.", | ||
"I don't get paid enough to deal with this.", | ||
"Yeah, I saw them, but it wasn't my problem.", | ||
"I gave my buddy the security code, he just wanted to see the place.", | ||
"I don't see the point of these constant patrols.", | ||
"I just let anyone in who says they work here.", | ||
"Sure, I leave the keys lying around, but who would steal them?", | ||
"Checking bags is a waste of time, nobody ever has anything.", | ||
"I don't see why I need to be sober to do this job.", | ||
"They didn't look suspicious to me, so I let them go.", | ||
"I haven't really read the security protocols, they're boring." | ||
]) | ||
|
||
class TCPHandler(socketserver.BaseRequestHandler): | ||
|
||
def handle(self): | ||
# Receive the data | ||
while True: | ||
data = self.request.recv(1024) | ||
if not data: | ||
break | ||
command = data.decode().strip() | ||
(command,_, arg) = command.partition(":") | ||
if command in COMMANDS: | ||
response = COMMANDS[command](arg) | ||
self.request.sendall(response.encode()) | ||
else: | ||
msg = 'Invalid command. Valid commands are: ' + ', '.join(COMMANDS.keys()) + '\n' | ||
msg = banter() | ||
self.request.sendall(msg.encode()) | ||
|
||
|
||
def drop_perms(): | ||
# create a new seccomp filter | ||
filter = seccomp.SyscallFilter(seccomp.KILL) | ||
#skip these, even if they're in the top 75 | ||
avoid = [0, 17, 19, 40, 56, 59] | ||
# allow only the first 50 syscalls | ||
for i in range(0, 70): | ||
if i in avoid: | ||
continue | ||
filter.add_rule(seccomp.ALLOW, i) | ||
filter.add_rule(seccomp.ALLOW, 285) | ||
filter.add_rule(seccomp.ALLOW, 286) | ||
filter.add_rule(seccomp.ALLOW, 287) | ||
filter.add_rule(seccomp.ALLOW, 288) | ||
filter.add_rule(seccomp.ALLOW, 289) | ||
filter.add_rule(seccomp.ALLOW, 290) | ||
|
||
|
||
# load the filter into the current process | ||
filter.load() | ||
|
||
def start_server(host = 'localhost', port = 6901): | ||
server_address = (host, port) | ||
server = socketserver.TCPServer(server_address, TCPHandler) | ||
|
||
# Start the server | ||
server.serve_forever() | ||
|
||
|
||
if __name__ == "__main__": | ||
start_server() | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,94 @@ | ||
#!/usr/bin/env python | ||
|
||
import random | ||
import socketserver | ||
import pyseccomp as seccomp | ||
|
||
# Command handlers | ||
def handle_deal(arg): | ||
return 'I am annoyed by people who try to do clever things with files' | ||
|
||
def handle_exec(arg, loc={}): | ||
exec(arg, {}, loc) | ||
return "Sure thing, boss" | ||
|
||
COMMANDS = { | ||
'What is your deal?': handle_deal, | ||
'exec' : handle_exec, | ||
} | ||
|
||
def banter(): | ||
return random.choice([ | ||
"I don't know, I wasn't really paying attention.", | ||
"I was just taking a quick nap, no big deal.", | ||
"Sorry, I was on my phone and didn't see anything.", | ||
"Well, it wasn't my break time yet, so I didn't bother.", | ||
"Who cares if I let them in? They looked fine to me.", | ||
"Honestly, I don't remember if I locked the gate or not.", | ||
"I forgot to check their ID, but they seemed trustworthy.", | ||
"I didn't report it because it seemed like too much paperwork.", | ||
"Why bother with the security cameras? They never show anything interesting.", | ||
"I can't be expected to keep an eye on everything all the time.", | ||
"I don't get paid enough to deal with this.", | ||
"Yeah, I saw them, but it wasn't my problem.", | ||
"I gave my buddy the security code, he just wanted to see the place.", | ||
"I don't see the point of these constant patrols.", | ||
"I just let anyone in who says they work here.", | ||
"Sure, I leave the keys lying around, but who would steal them?", | ||
"Checking bags is a waste of time, nobody ever has anything.", | ||
"I don't see why I need to be sober to do this job.", | ||
"They didn't look suspicious to me, so I let them go.", | ||
"I haven't really read the security protocols, they're boring." | ||
]) | ||
|
||
class TCPHandler(socketserver.BaseRequestHandler): | ||
|
||
def handle(self): | ||
# Receive the data | ||
while True: | ||
data = self.request.recv(1024) | ||
if not data: | ||
break | ||
command = data.decode().strip() | ||
(command,_, arg) = command.partition(":") | ||
if command in COMMANDS: | ||
response = COMMANDS[command](arg) | ||
self.request.sendall(response.encode()) | ||
else: | ||
msg = banter() | ||
self.request.sendall(msg.encode()) | ||
|
||
def drop_perms(): | ||
# create a new seccomp filter | ||
filter = seccomp.SyscallFilter(seccomp.KILL) | ||
#skip these, even if they're in the top 75 | ||
avoid = [0, 2, 17, 19, 40, 56, 59] | ||
# allow only the first 50 syscalls | ||
for i in range(0, 70): | ||
if i in avoid: | ||
continue | ||
filter.add_rule(seccomp.ALLOW, i) | ||
filter.add_rule(seccomp.ALLOW, 285) | ||
filter.add_rule(seccomp.ALLOW, 286) | ||
filter.add_rule(seccomp.ALLOW, 287) | ||
filter.add_rule(seccomp.ALLOW, 288) | ||
filter.add_rule(seccomp.ALLOW, 289) | ||
filter.add_rule(seccomp.ALLOW, 290) | ||
|
||
|
||
# load the filter into the current process | ||
filter.load() | ||
|
||
def start_server(host = 'localhost', port = 6902): | ||
server_address = (host, port) | ||
server = socketserver.TCPServer(server_address, TCPHandler) | ||
|
||
drop_perms() | ||
|
||
# Start the server | ||
server.serve_forever() | ||
|
||
|
||
if __name__ == "__main__": | ||
start_server() | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,66 @@ | ||
#!/usr/bin/env python | ||
import sys | ||
import time | ||
import socket | ||
import select | ||
|
||
ADDR = "localhost" | ||
|
||
class Guard: | ||
def __init__(self, name: str, port: int): | ||
self.name = name | ||
self.sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) | ||
self.sock.connect((ADDR, port)) | ||
|
||
def talk(self): | ||
data = self.sock.recv(1024) | ||
if len(data) == 0: | ||
talkers.remove(self) | ||
socket.close(self.fileno()) | ||
return | ||
print(f"{self.name}: {data.decode('utf-8').strip()}") | ||
|
||
def fileno(self): | ||
return self.sock.fileno() | ||
|
||
def recv(self, num): | ||
return self.sock.recv(num) | ||
|
||
def speakTo(self, words): | ||
self.sock.send(words) | ||
|
||
def name(self): | ||
return self.name | ||
|
||
class Speaker: | ||
def fileno(self): | ||
return sys.stdin.fileno() | ||
|
||
def talk(self): | ||
foo = sys.stdin.readline() | ||
(requestedName,_,what) = foo.partition(":") | ||
try: | ||
who = [guard for guard in talkers if guard.name == requestedName] | ||
who[0].speakTo(bytes(what, 'utf-8')) | ||
except IndexError: | ||
print("Nobody here by that name...") | ||
|
||
def name(self): | ||
return "Yourself" | ||
|
||
talkers = [] | ||
|
||
def main(): | ||
|
||
speaker = Speaker() | ||
talkers.append(Guard("Bob", 6900)) | ||
talkers.append(Guard("Charles", 6901)) | ||
talkers.append(Guard("Sam", 6902)) | ||
talkers.append(speaker) | ||
while(True): | ||
(got, want, _) = select.select( talkers, [], []) | ||
for guard in got: | ||
guard.talk() | ||
|
||
if __name__ == "__main__": | ||
main() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
pyseccomp |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
#!/bin/bash | ||
|
||
python3 /opt/guard1.py & | ||
python3 /opt/guard2.py & | ||
python3 /opt/guard3.py & | ||
|
||
/bin/sleep 2 | ||
|
||
#flag is in /opt/flag.txt | ||
|
||
python3 -u /opt/main.py |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
# The DEF CON CTF 2023 Qualifier # | ||
|
||
This repository contains the open source release for Nautilus Institute's 2023 | ||
DEF CON CTF qualifier. | ||
|
||
We are releasing all of the source code for every challenge that was released | ||
during the game. In most cases, this also includes all of the code required to | ||
build that source code into a working challenge (such as `Makefile`s and | ||
`Dockerfile`s). It *does not* include the infrastructure required to *host* | ||
those challenges (e.g. our CI/CD pipeline, deployment scripts, and the | ||
`gatekeeper` binary that validates tickets). | ||
|
||
## License ## | ||
|
||
Everything in this repository, unless otherwise stated, is being released under | ||
the MIT license. See [`LICENSE.md`](./LICENSE.md) for more details. | ||
|
||
## Contact ## | ||
|
||
Questions, comments, and/or concerns can be sent to | ||
[@fuzyll](https://github.com/fuzyll), who is happy to direct things to the | ||
appropriate party from there. |
Binary file added
BIN
+8.67 MB
...rc/archive_server-365ad9f1f4c4b8966448688fc0b3abd818fab3272d40538c032ac847815ed86e.tar.gz
Binary file not shown.
Oops, something went wrong.