class Problem(Remote): program_name = "ecb.py" files = [ProtectedFile("flag"), ProtectedFile("key")] def initialize(self): # generate random 32 hexadecimal characters self.enc_key = "".join( self.random.choice(string.digits + "abcdef") for _ in range(32)) self.welcome_message = "Welcome to Secure Encryption Service version 1.{}".format( self.random.randint(0, 10))
class Problem(Remote): program_name = "repeated_message.py" files = [File("repeated_message.py"), ProtectedFile("flag.txt")] def generate_flag(self, random): hexdigits = hex(random.randrange(16**8))[2:] return "gunnHacks{sm0l_e_strikes_again_" + hexdigits + '}'
class Problem(Remote, Compiled): program_name = "mybinary" makefile = "Makefile" files = [File("mybinary.c"), ProtectedFile("flag.txt")] secret = "test" def __init__(self): self.lucky = self.random.randint(0, 1000)
class Problem(PHPApp): files = files_from_directory(WEB_ROOT) + [ProtectedFile(DB_FILE), ProtectedFile(PLAINTEXT_DB)] php_root = WEB_ROOT def generate_flag(self, _): return "three_rolodexes_in_a_trenchcoat" def setup(self): conn = sqlite3.connect(DB_FILE) c = conn.cursor() c.execute("CREATE TABLE users (id INTEGER, name TEXT, password TEXT);") for line in fileinput.input(PLAINTEXT_DB): id_num, user, passwd = line.strip().split(',') c.execute("INSERT INTO users VALUES (?, ?, ?)", (id_num, user, passwd)) conn.commit() conn.close()
class Problem(Compiled, Remote): def generate_flag(self, random): hexdigits = hex(random.randrange(16**8))[2:] return "gunnHacks{t0xic_r0p_t@mes_th3_lem0n_cr0p_" + hexdigits + '}' makefile = "Makefile" program_name = "citrusunion" aslr = False remote = True files = [ProtectedFile("flag.txt")]
class Problem(Remote): program_name = "ecb.py" files = [ProtectedFile("flag"), ProtectedFile("key")] def initialize(self): # generate random 32 hexadecimal characters self.enc_key = "".join( self.random.choice(string.digits + "abcdef") for _ in range(32)) self.welcome_message = "Welcome to Secure Encryption Service version 1.{}".format( self.random.randint(0, 10)) # flag length must be a multiple of 16 def generate_flag(self, random): flag = (flag_fmt() % secrets.token_hex(32))[:32] if "{" in flag: flag = flag[:31] + "}" assert len(flag) % 16 == 0 return flag
class Problem(Compiled, Remote): def generate_flag(self, random): hexdigits = hex(random.randrange(16**8))[2:] return "gunnHacks{m0p_ch0p_plop_y0ur_w@y_t0_th3_bergam0t_" + hexdigits + '}' makefile = "Makefile" program_name = "lemongallery" aslr = False remote = True files = [ProtectedFile("flag.txt")]
class Problem(PHPApp): files = files_from_directory("webroot/") + [ProtectedFile("users.db")] php_root = "webroot/" def setup(self): conn = sqlite3.connect('users.db') c = conn.cursor() c.execute('CREATE TABLE users (name text, password_hash text, admin integer);') c.execute('''INSERT INTO users VALUES ('admin', 'a8j-2&}r', 1)''') conn.commit() conn.close() self.flag = "someone_has_to_control_the_internal_state_why_not_the_user"
def __init__(self): self.makefile = makefile self.compiler = compiler self.compiler_sources = sources self.compiler_flags = compiler_flags if not os.path.isfile(flag_file): with open(flag_file, "w") as f: f.write("{{flag}}\n") if static_flag is not None: self.generate_flag = lambda random: static_flag self.files.append(ProtectedFile(flag_file))
class Problem(PHPApp): files = files_from_directory("webroot/") + [ProtectedFile("users.db")] php_root = "webroot/" def generate_flag(self, _): return "refined_hacking" def setup(self): conn = sqlite3.connect('users.db') c = conn.cursor() c.execute( 'CREATE TABLE users (name text, password text, admin integer);') c.execute( '''INSERT INTO users VALUES ('admin', 'pbkdf2:sha1:1000$bTY1abU0$5503ae46ff1a45b14ff19d5a2ae08acf1d2aacde', 1)''' ) conn.commit() conn.close()
class Problem(PHPApp): files = files_from_directory("webroot/") + [ProtectedFile("users.db")] php_root = "webroot/" num_workers = 5 def setup(self): conn = sqlite3.connect("users.db") c = conn.cursor() c.execute( "CREATE TABLE users (name text, password text, admin integer);") # This is static. However, there is no reason it couldn't be autogenerated! c.execute( """INSERT INTO users VALUES ('admin', 'pbkdf2:sha1:1000$bTY1abU0$5503ae46ff1a45b14ff19d5a2ae08acf1d2aacde', 1)""" ) conn.commit() conn.close()
class Problem(PHPApp): files = files_from_directory("webroot/") + [ProtectedFile("users.db")] php_root = "webroot/" def setup(self): conn = sqlite3.connect('users.db') c = conn.cursor() c.execute( 'CREATE TABLE users (name text, password text, admin integer);') #This is static. However, there is no reason it couldn't be autogenerated! c.execute( '''INSERT INTO users VALUES ('admin', 'thisisanadminpasswordsosecureright', 1)''' ) conn.commit() conn.close() self.flag = "cl1ent_sid3_b3st_s1de"
class Problem(Remote): program_name = "mybinary" files = [ProtectedFile("flag.txt")]
class Problem(Remote): program_name = "caesar.py" files = [ProtectedFile("words.txt")] def initialize(self): self.flag = "shif73d-3n0ugh-ar3-we"
class Problem(Compiled): program_name = "simple_sources_binary" compiler_sources = ["mybinary.c"] files = [ProtectedFile("flag.txt")]
class Problem(Remote): program_name = "rop_fun" files = [ProtectedFile("flag.txt")] def initialize(self): self.flag = "s0_much_r0p_4hhhhhh"
class Problem(PHPApp): def generate_flag(self, random): hexdigits = hex(random.randrange(16 ** 8))[2:] return "gunnHacks{sti1l_b3tter_than_n0de_" + hexdigits + '}' files = files_from_directory("webroot/") + [ProtectedFile("flag.txt")] php_root = "webroot/"
class Problem(Remote): program_name = "overflow" files = [ProtectedFile("flag.txt")] def initialize(self): self.flag = "sir_richard_bufferheart"
class Problem(Remote): program_name = "bad-exec.py" files = [ProtectedFile("flag")]