def verify_exploit(exploit_dir,
service_dir,
branch,
timeout,
config,
encrypt=False,
log=None):
if not os.path.isdir(exploit_dir):
print("[*] Exploit directory '%s' does not exist" % exploit_dir)
return False, log
if not os.path.isdir(service_dir):
print("[*] Service directory '%s' does not exist" % service_dir)
return False, log
# Create random flag value
flag = random_string(10)
# Start the service
service_dirname = get_dirname(service_dir)
service_container_name = "%s-%s" % (service_dirname,
branch.replace('/', '_'))
result, log = start_service(service_dir, branch, service_container_name, \
flag, log=log)
if not result:
return False, log
time.sleep(2)
# Run the exploit
exploit_dirname = get_dirname(exploit_dir)
exploit_container_name = "exploit-%s" % branch.replace('/', '_')
exploit_result, log = run_exploit(exploit_dir, exploit_container_name, \
timeout, log=log)
# Clean up containers
docker_cleanup(service_container_name)
docker_cleanup(exploit_container_name)
log = print_and_log("[*] Exploit returned : %s" % exploit_result, log)
log = print_and_log("[*] Solution flag : %s" % flag, log)
if exploit_result == flag:
print("[*] Exploit worked successfully")
if encrypt:
print("[*] Encrypting the verified exploit")
# Set your own team as target team, and signer is not needed.
target_team = config["player_team"]
encrypted_file = encrypt_exploit(exploit_dir, target_team, config)
if encrypted_file is None:
print("[*] Failed to encrypt exploit")
else:
print("[*] Your exploit is encrypted in %s" % encrypted_file)
print("[*] Now you may commit and push this encrypted exploit "\
"to the corresponding branch of your service repository")
return True, log
else:
log = print_and_log("[*] Exploit returned a wrong flag string", log)
return False, log
def exec_exploit(name, exploit_dir, ip, port, timeout):
docker_cleanup(name)
script = os.path.join(base_dir(), "launch_exploit.sh")
_, err, e = run_command('%s "%s" %s %d %d' % \
(script, name, ip, port, \
timeout), exploit_dir)
if e != 0:
print(err)
print('[*] Failed to execute the service.')
else:
print('[*] Service is up.')
def exec_service(name, service_dir, host_port, service_port):
docker_cleanup(name)
script = os.path.join(base_dir(), "setup_service.sh")
host_port = int(host_port)
service_port = int(service_port)
_, err, e = run_command('%s "%s" %d %d' % \
(script, name, host_port, service_port), service_dir)
if e != 0:
print(err)
print('[*] Failed to execute the service.')
else:
print('[*] Service is up.')
def verify_service(team, branch, service_port, host_port, config_file):
config = load_config(config_file)
repo_owner = config['repo_owner']
repo_name = config['teams'][team]['repo_name']
container_name = "%s-%s" % (repo_name, branch)
clone(repo_owner, repo_name)
docker_cleanup(container_name)
checkout(repo_name, branch)
setup(repo_name, container_name, int(service_port), int(host_port))
check_liveness(container_name, int(host_port))
docker_cleanup(container_name)
rmdir(repo_name)
sys.exit()