def put(put_request: PutRequest) -> Verdict:
user = generate_user()
cube = generate_cube()
info = generate_info()
api = Api(put_request.hostname)
try:
api.connect()
except Exception:
return Verdict.DOWN("DOWN")
pub_cube = api.register(user, cube, info)
if pub_cube is None:
api.disconnect()
return Verdict.MUMBLE("Can't register")
res = api.encrypt(put_request.flag)
if res is None:
api.disconnect()
return Verdict.MUMBLE("Can't encrypt")
ct, priv_key = res
api.disconnect()
try:
is_correct = check_encryption_correctnes(ct, pub_cube, priv_key, put_request.flag)
except Exception:
is_correct = False
if not is_correct:
return Verdict.CORRUPT("Wrong encryption")
return Verdict.OK(':'.join([user, cube.as_str(), pub_cube.as_str(), ct.decode(), str(priv_key)]))
def get_flag_from_the_service2(request: GetRequest) -> Verdict:
try:
executor_id, executor_apikey, secret, victim_name = request.flag_id.strip(
).split(":")
hostname = request.hostname
victim = get_victim(hostname, executor_id, executor_apikey,
victim_name)
if victim["InformerName"] == secret:
return Verdict.OK()
else:
return Verdict.CORRUPT("bad flag")
except HTTPException as e:
return e.verdict
except Exception as e:
print(f"bad access {e}")
return Verdict.CORRUPT("can't reach flag")
def get(get_request: GetRequest) -> Verdict:
user, cube, pub_cube = get_request.flag_id.split(":")
cube, pub_cube = map(Cube.from_str, (cube, pub_cube))
info = get_request.flag
api = Api(get_request.hostname)
try:
api.connect()
except Exception:
return Verdict.DOWN("DOWN")
login_pub_cube = api.login(user, cube)
if login_pub_cube is None:
api.disconnect()
return Verdict.MUMBLE("Can't login")
if login_pub_cube != pub_cube:
api.disconnect()
return Verdict.MUMBLE("Wrong public cube")
server_info = api.get_info()
if server_info is None:
api.disconnect()
return Verdict.MUMBLE("Can't get info")
api.disconnect()
if server_info != info:
return Verdict.CORRUPT("Wrong user info")
return Verdict.OK()
def get_flag_from_the_service(request: GetRequest) -> Verdict:
try:
executor_id, secret, command = request.flag_id.strip().split(":")
hostname = request.hostname
executor = get_executor(hostname, executor_id, secret)
c_command = get_command(hostname, executor_id, secret, command)
if secret in c_command["Admins"]:
return Verdict.OK()
else:
return Verdict.CORRUPT("bad flag")
except HTTPException as e:
return e.verdict
except Exception as e:
print(f"bad access {e}")
return Verdict.CORRUPT("can't reach flag")
def get_flag_from_the_service(request: GetRequest) -> Verdict:
try:
r_telemetry = get_telemetry(request.hostname,
json.loads(request.flag_id)["session"])
if r_telemetry["bodyID"] != request.flag:
return Verdict.CORRUPT("flag corrupted")
return Verdict.OK()
except HTTPException as e:
return e.verdict
def get(get_request: GetRequest) -> Verdict:
api = Api()
try:
addr, secret = get_request.flag_id.strip().split(":")
try:
resulting_info = api.basement_info(get_request.hostname, addr,
secret)
if get_request.flag in resulting_info:
return Verdict.OK()
else:
print(resulting_info, get_request.flag)
return Verdict.CORRUPT("bad flag")
except Exception as e:
print(f"bad access {e}")
return Verdict.CORRUPT("can't reach flag")
except RequestException as e:
print(e)
return Verdict.DOWN("seems to be down")
except Exception as e:
print(f"ex {e}")
return Verdict.MUMBLE("bad proto")
def get_flag_from_the_service(request: GetRequest) -> Verdict:
try:
user = json.loads(request.flag_id)
r_telemetry = get_body(request.hostname, user["session"],
user["series"], user["revision"],
user["vendorToken"])
if r_telemetry["bodyFamilyUUID"] != request.flag:
return Verdict.CORRUPT("flag corrupted")
return Verdict.OK()
except HTTPException as e:
return e.verdict
async def get_flag_from_the_service(request: GetRequest) -> Verdict:
async with API(request.hostname) as api:
try:
login, password = request.flag_id.split(":")
status = await api.login(login, password)
if status != 200:
print(f'ON GET 1 LOG IN: Wait 200, but return {status}')
return Verdict.MUMBLE("Can't log in")
status, text = await api.get_profile()
if status != 200:
print(f'ON GET 1 GET PROFILE: Wait 200, but return {status}')
return Verdict.MUMBLE("Can't get profile")
if request.flag not in FLAG_PATTERN.findall(text):
print(f'ON GET 1 FLAG ERROR: not found')
return Verdict.CORRUPT("Can't find flag")
except Exception as ex:
print(traceback.format_exc())
return Verdict.DOWN('DOWN')
return Verdict.OK()
def get(get_request: GetRequest) -> Verdict:
api = Api(get_request.hostname)
try:
username, password = get_request.flag_id.split(":")
r = api.login(username, password)
if r.status_code != 200:
return Verdict.MUMBLE("can't login")
if get_request.flag in r.text:
return Verdict.OK()
else:
print(f"Can't find flag {get_request.flag} in {r.text}")
return Verdict.CORRUPT("flag not found")
except RequestException as e:
print(f"can't connect due to {e}")
return Verdict.DOWN("can't connect to host")
except Exception as e:
print(e)
return Verdict.MUMBLE("bad proto")
async def get_flag_xor(request: GetRequest) -> Verdict:
algo = utils_pb2.Algo.XOR
try:
login, key = request.flag_id.split(':')
login, key = bytes.fromhex(login), int(key)
if login not in await get_logins(algo, request.hostname):
return Verdict.MUMBLE("Can't find login")
except Exception as ex:
print(traceback.format_exc())
return Verdict.DOWN('DOWN')
try:
flag = await get_msg(login, key, algo, request.hostname)
except Exception as ex:
print(traceback.format_exc())
return Verdict.DOWN('DOWN')
if flag != extend_flag_xor(request.flag).encode():
return Verdict.CORRUPT("Wrong flag")
return Verdict.OK()
async def get_flag_from_the_service(request: GetRequest) -> Verdict:
async with API(request.hostname) as api:
try:
login, password, planner_id = request.flag_id.split(":")
status = await api.login(login, password)
if status != 200:
print(f'ON PUT 2 LOG IN:Wait 200, but return {status}')
return Verdict.MUMBLE("Can't log in")
status, tasks = await api.get_tasks(planner_id, WEEK, YEAR)
if status != 200 or len(tasks) == 0:
print(
f'ON PUT 2 GET TASKS: Wait 200, but return {status} without tasks'
)
return Verdict.MUMBLE("Can't get tasks")
for task in tasks:
if request.flag in task['description']:
return Verdict.OK()
except Exception as ex:
print(traceback.format_exc())
return Verdict.DOWN('DOWN')
print(f'ON GET 2 flag not found')
return Verdict.CORRUPT("Can't find flag")
def get(get_request: GetRequest) -> Verdict:
user, cube, pub_cube, ct, priv_key = get_request.flag_id.split(":")
cube, pub_cube = map(Cube.from_str, (cube, pub_cube))
priv_key = int(priv_key)
ct = ct.encode()
api = Api(get_request.hostname)
user2 = generate_user()
cube2 = generate_cube()
info2 = generate_info()
try:
api.connect()
except Exception:
return Verdict.DOWN("DOWN")
if api.register(user2, cube2, info2) is None:
api.disconnect()
return Verdict.MUMBLE("Can't register")
users_list = api.list_users()
if not users_list:
api.disconnect()
return Verdict.MUMBLE("Can't get user's list")
if user not in users_list:
api.disconnect()
return Verdict.MUMBLE("Can't find user in user's list")
server_users_pub_cube = api.get_users_pub_cube(user)
if server_users_pub_cube is None:
api.disconnect()
return Verdict.MUMBLE("Can't get user's pub_cube")
if server_users_pub_cube != pub_cube:
api.disconnect()
return Verdict.MUMBLE("Wrong user's pub_cube")
server_users_ciphercubes = api.get_users_ciphercubes(user)
if server_users_ciphercubes is None:
api.disconnect()
return Verdict.MUMBLE("Can't get user's ciphercubes")
if server_users_ciphercubes != ct:
api.disconnect()
return Verdict.MUMBLE("Wrong user's ciphercubes")
api.disconnect()
try:
api.connect()
except Exception:
return Verdict.DOWN("DOWN")
login_pub_cube = api.login(user, cube)
if login_pub_cube is None:
api.disconnect()
return Verdict.MUMBLE("Can't login")
if login_pub_cube != pub_cube:
api.disconnect()
return Verdict.MUMBLE("Wrong public cube")
res = api.decrypt(priv_key)
if res is None:
api.disconnect()
return Verdict.MUMBLE("Can't decrypt")
if res != get_request.flag:
api.disconnect()
return Verdict.CORRUPT("Wrong decryption")
api.disconnect()
return Verdict.OK()
