def put(put_request: PutRequest) -> Verdict: user = generate_user() cube = generate_cube() info = generate_info() api = Api(put_request.hostname) try: api.connect() except Exception: return Verdict.DOWN("DOWN") pub_cube = api.register(user, cube, info) if pub_cube is None: api.disconnect() return Verdict.MUMBLE("Can't register") res = api.encrypt(put_request.flag) if res is None: api.disconnect() return Verdict.MUMBLE("Can't encrypt") ct, priv_key = res api.disconnect() try: is_correct = check_encryption_correctnes(ct, pub_cube, priv_key, put_request.flag) except Exception: is_correct = False if not is_correct: return Verdict.CORRUPT("Wrong encryption") return Verdict.OK(':'.join([user, cube.as_str(), pub_cube.as_str(), ct.decode(), str(priv_key)]))
def ensure_success(request): try: r = request() except Exception as e: raise HTTPException(Verdict.DOWN("HTTP error")) if r.status_code != 200: raise HTTPException(Verdict.MUMBLE("Invalid status code: %s %s" % (r.url, r.status_code))) return r
async def check_service(request: CheckRequest) -> Verdict: async with API(request.hostname) as api: try: await api.ping() except Exception as ex: print(traceback.format_exc()) return Verdict.DOWN('DOWN') return Verdict.OK()
def get_flag_from_the_service(request: GetRequest) -> Verdict: try: r_telemetry = get_telemetry(request.hostname, json.loads(request.flag_id)["session"]) if r_telemetry["bodyID"] != request.flag: return Verdict.CORRUPT("flag corrupted") return Verdict.OK() except HTTPException as e: return e.verdict
def get_flag_from_the_service(request: GetRequest) -> Verdict: try: user = json.loads(request.flag_id) r_telemetry = get_body(request.hostname, user["session"], user["series"], user["revision"], user["vendorToken"]) if r_telemetry["bodyFamilyUUID"] != request.flag: return Verdict.CORRUPT("flag corrupted") return Verdict.OK() except HTTPException as e: return e.verdict
def check(check_request: CheckRequest) -> Verdict: api = Api() try: rand_uuid = api.add_new_chess_unit(check_request.hostname, randomize(), randomize()) if len(rand_uuid) > 0: return Verdict.OK() except RequestException as e: print(f"can't connect due to {e}") return Verdict.DOWN("can't connect to host") except Exception as e: print(e) return Verdict.MUMBLE("bad proto")
def put(put_request: PutRequest) -> Verdict: api = Api(put_request.hostname) try: username, password = get_random_str(), get_random_str() r = api.sing_up(username, password, get_random_str(), get_random_str()) api.add_bark(username, put_request.flag, is_private=True) api.logout() return Verdict.OK(f"{username}:{password}") except RequestException as e: print(f"can't connect due to {e}") return Verdict.DOWN("can't connect to host") except Exception as e: print(e) return Verdict.MUMBLE("bad proto")
async def put_flag_aes(request: PutRequest) -> Verdict: algo = utils_pb2.Algo.AES login, msg = os.urandom(12), extend_flag_aes(request.flag).encode() try: key, decrypted_msg = await set_msg(login, msg, algo, request.hostname) except Exception as ex: print(traceback.format_exc()) return Verdict.DOWN('DOWN') if decrypted_msg != msg: return Verdict.DOWN("AES doesn't work") if login not in await get_logins(algo, request.hostname): return Verdict.MUMBLE("Can't find login") return Verdict.OK("{}:{}".format(login.hex(), key))
def get_model_template(addr, session, model, revision): url = 'http://%s:%s/api/template' % (addr, utils.get_port()) headers = {'User-Agent': utils.get_user_agent()} cookies = {'medlinkToken': session} payload = {'modelSeries': model, 'revision': revision} i = 0 while i < 3: r = ensure_success(lambda: requests.get(url, headers=headers, params=payload, cookies=cookies, verify=False)) conent = r.content.decode("UTF-8") try: if conent != None: return json.loads(conent) except Exception: print(i) i += 1 print(r) return Verdict.MUMBLE("Check api/template")
def get_flag_from_the_service2(request: GetRequest) -> Verdict: try: executor_id, executor_apikey, secret, victim_name = request.flag_id.strip( ).split(":") hostname = request.hostname victim = get_victim(hostname, executor_id, executor_apikey, victim_name) if victim["InformerName"] == secret: return Verdict.OK() else: return Verdict.CORRUPT("bad flag") except HTTPException as e: return e.verdict except Exception as e: print(f"bad access {e}") return Verdict.CORRUPT("can't reach flag")
def get_flag_from_the_service(request: GetRequest) -> Verdict: try: executor_id, secret, command = request.flag_id.strip().split(":") hostname = request.hostname executor = get_executor(hostname, executor_id, secret) c_command = get_command(hostname, executor_id, secret, command) if secret in c_command["Admins"]: return Verdict.OK() else: return Verdict.CORRUPT("bad flag") except HTTPException as e: return e.verdict except Exception as e: print(f"bad access {e}") return Verdict.CORRUPT("can't reach flag")
def put(put_request: PutRequest) -> Verdict: api = Api(put_request.hostname) try: username, password, bark = get_random_str(), get_random_str(), get_random_text() r = api.sing_up(username, password, get_random_str(), get_random_str()) r = api.add_bark(username, bark, is_private=False) bark_id = int(r.text.split(bark)[0].split("/get_bark/")[1][0:-3]) api.comment_bark(bark_id, put_request.flag, True) api.logout() return Verdict.OK(f"{username}:{password}:{bark_id}") except RequestException as e: print(f"can't connect due to {e}") return Verdict.DOWN("can't connect to host") except Exception as e: print(e) return Verdict.MUMBLE("bad proto")
def put(put_request: PutRequest) -> Verdict: user = generate_user() cube = generate_cube() info = put_request.flag api = Api(put_request.hostname) try: api.connect() except Exception: return Verdict.DOWN("DOWN") pub_cube = api.register(user, cube, info) api.disconnect() if pub_cube is None: return Verdict.MUMBLE("Can't register") return Verdict.OK(':'.join([user, cube.as_str(), pub_cube.as_str()]))
def put_flag_into_the_service(request: PutRequest) -> Verdict: try: vendor = register_vendor(request.hostname) vendor_session = vendor["session"] v_token = vendor["vendorToken"] body_model = utils.get_body_model() body_model["BodyFamilyUUID"] = str(uuid.uuid4()) put_body(request.hostname, vendor_session, body_model, v_token) user_session = vendor["session"] user_model = { "series": body_model["modelSeries"], "revision": body_model["revision"] } template = get_model_template(request.hostname, user_session, user_model["series"], body_model["revision"]) telemetry = { "bodyID": request.flag, "bodyModelSeries": user_model["series"], "bodyRevision": user_model["revision"], "hardwareTelemetry": {} } for parameter in template: telemetry["hardwareTelemetry"][parameter] = random.randrange( 0, 100) put_telemetry(request.hostname, user_session, telemetry) return Verdict.OK(json.dumps({"session": user_session})) except HTTPException as e: return e.verdict
def put(put_request: PutRequest) -> Verdict: api = Api() try: unit_name = randomize() id_of_basement = api.add_new_chess_unit(put_request.hostname, unit_name, put_request.flag) armory_id = randomize() new_armory_id = api.add_armory_unit(put_request.hostname, armory_id) result = api.add_unit_to_chess(put_request.hostname, unit_name, new_armory_id) last_50_objects = api.get_latest_objects(put_request.hostname, 50) if "Armory" not in str(api.object_info(put_request.hostname, unit_name)): print("Armory not in object") return Verdict.MUMBLE("Bad object") if unit_name not in last_50_objects or result not in last_50_objects or armory_id not in last_50_objects: print("last 50 object doesnt contain needed info") return Verdict.MUMBLE("bad objects listing") if result != unit_name: print("result != unit name") return Verdict.MUMBLE("bad object id after adding") if armory_id != new_armory_id: print("bad armory id") return Verdict.MUMBLE("bad object id after adding") return Verdict.OK(f"{unit_name}:{id_of_basement}") except RequestException as e: print(f"timeout on connect {e}") return Verdict.DOWN("timeout") except Exception as e: print(f"possible mumble, {e}") return Verdict.MUMBLE("bad proto")
async def get_flag_from_the_service(request: GetRequest) -> Verdict: async with API(request.hostname) as api: try: login, password = request.flag_id.split(":") status = await api.login(login, password) if status != 200: print(f'ON GET 1 LOG IN: Wait 200, but return {status}') return Verdict.MUMBLE("Can't log in") status, text = await api.get_profile() if status != 200: print(f'ON GET 1 GET PROFILE: Wait 200, but return {status}') return Verdict.MUMBLE("Can't get profile") if request.flag not in FLAG_PATTERN.findall(text): print(f'ON GET 1 FLAG ERROR: not found') return Verdict.CORRUPT("Can't find flag") except Exception as ex: print(traceback.format_exc()) return Verdict.DOWN('DOWN') return Verdict.OK()
async def put_flag_into_the_service(request: PutRequest) -> Verdict: async with API(request.hostname) as api: try: creds = get_reg_creds() status = await api.registration(creds) if status != 302: print(f'ON PUT 1 REGISTRATION: Wait 302, but return {status}') return Verdict.MUMBLE("Registration error") status = await api.update_user({ "login": creds['login'], "additionalInfo": request.flag }) if status != 200: print(f'ON PUT 1 UPDATE USER: Wait 200, but return {status}') return Verdict.MUMBLE("Can't update user") except Exception as ex: print(traceback.format_exc()) return Verdict.DOWN('DOWN') return Verdict.OK(f"{creds['login']}:{creds['password']}")
def get(get_request: GetRequest) -> Verdict: api = Api(get_request.hostname) try: username, password = get_request.flag_id.split(":") r = api.login(username, password) if r.status_code != 200: return Verdict.MUMBLE("can't login") if get_request.flag in r.text: return Verdict.OK() else: print(f"Can't find flag {get_request.flag} in {r.text}") return Verdict.CORRUPT("flag not found") except RequestException as e: print(f"can't connect due to {e}") return Verdict.DOWN("can't connect to host") except Exception as e: print(e) return Verdict.MUMBLE("bad proto")
def get(get_request: GetRequest) -> Verdict: api = Api() try: addr, secret = get_request.flag_id.strip().split(":") try: resulting_info = api.basement_info(get_request.hostname, addr, secret) if get_request.flag in resulting_info: return Verdict.OK() else: print(resulting_info, get_request.flag) return Verdict.CORRUPT("bad flag") except Exception as e: print(f"bad access {e}") return Verdict.CORRUPT("can't reach flag") except RequestException as e: print(e) return Verdict.DOWN("seems to be down") except Exception as e: print(f"ex {e}") return Verdict.MUMBLE("bad proto")
def get(get_request: GetRequest) -> Verdict: user, cube, pub_cube = get_request.flag_id.split(":") cube, pub_cube = map(Cube.from_str, (cube, pub_cube)) info = get_request.flag api = Api(get_request.hostname) try: api.connect() except Exception: return Verdict.DOWN("DOWN") login_pub_cube = api.login(user, cube) if login_pub_cube is None: api.disconnect() return Verdict.MUMBLE("Can't login") if login_pub_cube != pub_cube: api.disconnect() return Verdict.MUMBLE("Wrong public cube") server_info = api.get_info() if server_info is None: api.disconnect() return Verdict.MUMBLE("Can't get info") api.disconnect() if server_info != info: return Verdict.CORRUPT("Wrong user info") return Verdict.OK()
async def check_service(request: CheckRequest) -> Verdict: async with API(request.hostname) as api: try: creds = get_reg_creds() status = await api.registration(creds) if status != 302: print(f'REGISTRATION: Wait 302, but return {status}') return Verdict.MUMBLE("Registration error") status = await api.update_user({ "login": creds['login'], "additionalInfo": grs(25) }) if status != 200: print(f'UPDATE USER: Wait 200, but return {status}') return Verdict.MUMBLE("Can't update user") status, res_json = await api.create_planner(get_planner()) if status != 201 and len(res_json) != 0: print( f'CREATE PANNER: Wait 201 with not empty json, but return {status} with {res_json}' ) return Verdict.MUMBLE("Can't create planner") planner_id = res_json['id'] status = await api.create_task(planner_id, get_task()) if status != 201: print(f'CREATE TASK: Wait 201, but return {status}') Verdict.MUMBLE("Can't create task") except Exception as ex: print(traceback.format_exc()) return Verdict.DOWN('DOWN') return Verdict.OK()
def check(check_request: CheckRequest) -> Verdict: user = generate_user() cube = generate_cube() info = generate_info() api = Api(check_request.hostname) try: api.connect() except Exception: return Verdict.DOWN("DOWN") register_pub_cube = api.register(user, cube, info) api.disconnect() if register_pub_cube is None: return Verdict.MUMBLE("Can't register") try: api.connect() except Exception: return Verdict.DOWN("DOWN") login_pub_cube = api.login(user, cube) api.disconnect() if login_pub_cube is None: return Verdict.MUMBLE("Can't login") if register_pub_cube != login_pub_cube: return Verdict.MUMBLE("Wrong public cube") return Verdict.OK()
async def put_second_flag_into_the_service(request: PutRequest) -> Verdict: async with API(request.hostname) as api: try: creds = get_reg_creds() status = await api.registration(creds) if status != 302: print(f'ON PUT 2 REGISTRATION: Wait 302, but return {status}') return Verdict.MUMBLE("Registration error") planner = get_planner() status, planner = await api.create_planner(planner) if status != 201 or len(planner) == 0: print(f'ON GET 2 GET PLANNER: Wait 201, but return {status}') return Verdict.MUMBLE("Can't create planner") status, text = await api.get_planners() planner_id = planner["id"] if status != 200 or len(text.split(f'<tr id="{planner_id}">')) < 1: print(f'ON GET 2 GET PLANNERS: Wait 200, but return {status}') return Verdict.MUMBLE("Can't get planner") task = get_task() task['description'] = request.flag status = await api.create_task(planner_id, task) if status != 201: print(f'ON GET 2 CREATE TASK: Wait 201, but return {status}') Verdict.MUMBLE("Can't create task") except Exception as ex: print(traceback.format_exc()) return Verdict.DOWN('DOWN') return Verdict.OK(f"{creds['login']}:{creds['password']}:{planner['id']}")
async def get_flag_xor(request: GetRequest) -> Verdict: algo = utils_pb2.Algo.XOR try: login, key = request.flag_id.split(':') login, key = bytes.fromhex(login), int(key) if login not in await get_logins(algo, request.hostname): return Verdict.MUMBLE("Can't find login") except Exception as ex: print(traceback.format_exc()) return Verdict.DOWN('DOWN') try: flag = await get_msg(login, key, algo, request.hostname) except Exception as ex: print(traceback.format_exc()) return Verdict.DOWN('DOWN') if flag != extend_flag_xor(request.flag).encode(): return Verdict.CORRUPT("Wrong flag") return Verdict.OK()
def put_flag_into_the_service2(request: PutRequest) -> Verdict: try: hostname = request.hostname flag = request.flag executor_apikey = utils.get_executor_id() executor_id = utils.get_executor_id() add_executor(hostname, executor_id, executor_apikey) victim_name = utils.get_victim_name() add_victim(hostname, executor_id, executor_apikey, victim_name, flag) return Verdict.OK( f"{executor_id}:{executor_apikey}:{flag}:{victim_name}") except HTTPException as e: return e.verdict
def put_flag_into_the_service(request: PutRequest) -> Verdict: try: hostname = request.hostname flag = request.flag executor = add_executor(hostname, utils.get_executor_id(), flag) executor_id = executor["ExecutorId"] executor_apikey = executor["ExecutorApiKey"] command_name = utils.get_command_name() add_command(hostname, executor_id, executor_apikey, command_name) return Verdict.OK(f"{executor_id}:{flag}:{command_name}") except HTTPException as e: return e.verdict
async def get_flag_from_the_service(request: GetRequest) -> Verdict: async with API(request.hostname) as api: try: login, password, planner_id = request.flag_id.split(":") status = await api.login(login, password) if status != 200: print(f'ON PUT 2 LOG IN:Wait 200, but return {status}') return Verdict.MUMBLE("Can't log in") status, tasks = await api.get_tasks(planner_id, WEEK, YEAR) if status != 200 or len(tasks) == 0: print( f'ON PUT 2 GET TASKS: Wait 200, but return {status} without tasks' ) return Verdict.MUMBLE("Can't get tasks") for task in tasks: if request.flag in task['description']: return Verdict.OK() except Exception as ex: print(traceback.format_exc()) return Verdict.DOWN('DOWN') print(f'ON GET 2 flag not found') return Verdict.CORRUPT("Can't find flag")
def put_flag_into_the_service(request: PutRequest) -> Verdict: try: vendor = register_vendor(request.hostname) vendor_session = vendor["session"] v_token = vendor["vendorToken"] body_model = utils.get_body_model() body_model["BodyFamilyUUID"] = request.flag put_body(request.hostname, vendor_session, body_model, v_token) return Verdict.OK( json.dumps({ "session": vendor_session, "vendorToken": v_token, "series": body_model["modelSeries"], "revision": body_model["revision"] })) except HTTPException as e: return e.verdict
def ensure_success(request): r = request if r.status_code != 200: raise HTTPException(Verdict.MUMBLE("Invalid status code: %s %s" % (r.url, r.status_code))) return r
def check_service(request: CheckRequest) -> Verdict: try: vendor = register_vendor(request.hostname) vendor_session = vendor["session"] v_token = vendor["vendorToken"] body_model = utils.get_body_model() put_body(request.hostname, vendor_session, body_model, v_token) bodies = get_supported_bodies(request.hostname, vendor_session) if { "series": body_model["modelSeries"], "revision": body_model["revision"] } not in bodies: return Verdict.MUMBLE( "GET /api/bodymodels not contains %s revision %s" % (body_model["modelSeries"], body_model["revision"])) received = get_body(request.hostname, vendor_session, body_model["modelSeries"], body_model["revision"], v_token) if body_model["modelSeries"] != received["modelSeries"]: return Verdict.MUMBLE("GET api/bodymodel unknown modelSeries") for key in body_model["referenceValues"].keys(): if key not in received["referenceValues"] or body_model[ "referenceValues"][key] != received["referenceValues"][key]: return Verdict.MUMBLE( "GET api/bodymodel unknown referenceValues") template = get_model_template(request.hostname, vendor_session, body_model["modelSeries"], body_model["revision"]) lower_temp = {v.lower(): v for v in template} for key in body_model["referenceValues"].keys(): if key not in lower_temp: return Verdict.MUMBLE("GET api/template unknown values") user = register_user(request.hostname) user_session = user["session"] user_model = { "series": body_model["modelSeries"], "revision": body_model["revision"] } template = get_model_template(request.hostname, user_session, user_model["series"], user_model["revision"]) telemetry = { "bodyID": utils.get_bodyid(), "bodyModelSeries": user_model["series"], "bodyRevision": user_model["revision"], "hardwareTelemetry": {} } for parameter in template: telemetry["hardwareTelemetry"][parameter] = random.randrange( 0, 100) put_telemetry(request.hostname, user_session, telemetry) r_telemetry = get_telemetry(request.hostname, user_session) if telemetry["bodyID"] != r_telemetry["bodyID"]: return Verdict.MUMBLE("GET api/telemetry bad bodyId") for key in r_telemetry["hardwareTelemetry"].keys(): if r_telemetry["hardwareTelemetry"][key] != telemetry[ "hardwareTelemetry"][key]: return Verdict.MUMBLE( "GET api/telemetry bad hardwareTelemetry") r_check = health_check(request.hostname, user_session) for key in r_check["checkResults"].keys(): if key not in template: return Verdict.MUMBLE("GET api/telemetry bad checkResults") return Verdict.OK() except HTTPException as e: return e.verdict