class Problem(Remote):
program_name = "ecb.py"
files = [ProtectedFile("flag"), ProtectedFile("key")]
def initialize(self):
# generate random 32 hexadecimal characters
self.enc_key = "".join(
self.random.choice(string.digits + "abcdef") for _ in range(32))
self.welcome_message = "Welcome to Secure Encryption Service version 1.{}".format(
self.random.randint(0, 10))
class Problem(Remote):
program_name = "repeated_message.py"
files = [File("repeated_message.py"), ProtectedFile("flag.txt")]
def generate_flag(self, random):
hexdigits = hex(random.randrange(16**8))[2:]
return "gunnHacks{sm0l_e_strikes_again_" + hexdigits + '}'
class Problem(Remote, Compiled):
program_name = "mybinary"
makefile = "Makefile"
files = [File("mybinary.c"), ProtectedFile("flag.txt")]
secret = "test"
def __init__(self):
self.lucky = self.random.randint(0, 1000)
class Problem(PHPApp):
files = files_from_directory(WEB_ROOT) + [ProtectedFile(DB_FILE),
ProtectedFile(PLAINTEXT_DB)]
php_root = WEB_ROOT
def generate_flag(self, _):
return "three_rolodexes_in_a_trenchcoat"
def setup(self):
conn = sqlite3.connect(DB_FILE)
c = conn.cursor()
c.execute("CREATE TABLE users (id INTEGER, name TEXT, password TEXT);")
for line in fileinput.input(PLAINTEXT_DB):
id_num, user, passwd = line.strip().split(',')
c.execute("INSERT INTO users VALUES (?, ?, ?)", (id_num, user,
passwd))
conn.commit()
conn.close()
class Problem(Compiled, Remote):
def generate_flag(self, random):
hexdigits = hex(random.randrange(16**8))[2:]
return "gunnHacks{t0xic_r0p_t@mes_th3_lem0n_cr0p_" + hexdigits + '}'
makefile = "Makefile"
program_name = "citrusunion"
aslr = False
remote = True
files = [ProtectedFile("flag.txt")]
class Problem(Remote):
program_name = "ecb.py"
files = [ProtectedFile("flag"), ProtectedFile("key")]
def initialize(self):
# generate random 32 hexadecimal characters
self.enc_key = "".join(
self.random.choice(string.digits + "abcdef") for _ in range(32))
self.welcome_message = "Welcome to Secure Encryption Service version 1.{}".format(
self.random.randint(0, 10))
# flag length must be a multiple of 16
def generate_flag(self, random):
flag = (flag_fmt() % secrets.token_hex(32))[:32]
if "{" in flag:
flag = flag[:31] + "}"
assert len(flag) % 16 == 0
return flag
class Problem(Compiled, Remote):
def generate_flag(self, random):
hexdigits = hex(random.randrange(16**8))[2:]
return "gunnHacks{m0p_ch0p_plop_y0ur_w@y_t0_th3_bergam0t_" + hexdigits + '}'
makefile = "Makefile"
program_name = "lemongallery"
aslr = False
remote = True
files = [ProtectedFile("flag.txt")]
class Problem(PHPApp):
files = files_from_directory("webroot/") + [ProtectedFile("users.db")]
php_root = "webroot/"
def setup(self):
conn = sqlite3.connect('users.db')
c = conn.cursor()
c.execute('CREATE TABLE users (name text, password_hash text, admin integer);')
c.execute('''INSERT INTO users VALUES ('admin', 'a8j-2&}r', 1)''')
conn.commit()
conn.close()
self.flag = "someone_has_to_control_the_internal_state_why_not_the_user"
def __init__(self):
self.makefile = makefile
self.compiler = compiler
self.compiler_sources = sources
self.compiler_flags = compiler_flags
if not os.path.isfile(flag_file):
with open(flag_file, "w") as f:
f.write("{{flag}}\n")
if static_flag is not None:
self.generate_flag = lambda random: static_flag
self.files.append(ProtectedFile(flag_file))
class Problem(PHPApp):
files = files_from_directory("webroot/") + [ProtectedFile("users.db")]
php_root = "webroot/"
def generate_flag(self, _):
return "refined_hacking"
def setup(self):
conn = sqlite3.connect('users.db')
c = conn.cursor()
c.execute(
'CREATE TABLE users (name text, password text, admin integer);')
c.execute(
'''INSERT INTO users VALUES ('admin', 'pbkdf2:sha1:1000$bTY1abU0$5503ae46ff1a45b14ff19d5a2ae08acf1d2aacde', 1)'''
)
conn.commit()
conn.close()
class Problem(PHPApp):
files = files_from_directory("webroot/") + [ProtectedFile("users.db")]
php_root = "webroot/"
num_workers = 5
def setup(self):
conn = sqlite3.connect("users.db")
c = conn.cursor()
c.execute(
"CREATE TABLE users (name text, password text, admin integer);")
# This is static. However, there is no reason it couldn't be autogenerated!
c.execute(
"""INSERT INTO users VALUES ('admin', 'pbkdf2:sha1:1000$bTY1abU0$5503ae46ff1a45b14ff19d5a2ae08acf1d2aacde', 1)"""
)
conn.commit()
conn.close()
class Problem(PHPApp):
files = files_from_directory("webroot/") + [ProtectedFile("users.db")]
php_root = "webroot/"
def setup(self):
conn = sqlite3.connect('users.db')
c = conn.cursor()
c.execute(
'CREATE TABLE users (name text, password text, admin integer);')
#This is static. However, there is no reason it couldn't be autogenerated!
c.execute(
'''INSERT INTO users VALUES ('admin', 'thisisanadminpasswordsosecureright', 1)'''
)
conn.commit()
conn.close()
self.flag = "cl1ent_sid3_b3st_s1de"
class Problem(Remote):
program_name = "mybinary"
files = [ProtectedFile("flag.txt")]
class Problem(Remote):
program_name = "caesar.py"
files = [ProtectedFile("words.txt")]
def initialize(self):
self.flag = "shif73d-3n0ugh-ar3-we"
class Problem(Compiled):
program_name = "simple_sources_binary"
compiler_sources = ["mybinary.c"]
files = [ProtectedFile("flag.txt")]
class Problem(Remote):
program_name = "rop_fun"
files = [ProtectedFile("flag.txt")]
def initialize(self):
self.flag = "s0_much_r0p_4hhhhhh"
class Problem(PHPApp):
def generate_flag(self, random):
hexdigits = hex(random.randrange(16 ** 8))[2:]
return "gunnHacks{sti1l_b3tter_than_n0de_" + hexdigits + '}'
files = files_from_directory("webroot/") + [ProtectedFile("flag.txt")]
php_root = "webroot/"
class Problem(Remote):
program_name = "overflow"
files = [ProtectedFile("flag.txt")]
def initialize(self):
self.flag = "sir_richard_bufferheart"
class Problem(Remote):
program_name = "bad-exec.py"
files = [ProtectedFile("flag")]