예제 #1
0
def put(put_request: PutRequest) -> Verdict:
    user = generate_user()
    cube = generate_cube()
    info = generate_info()

    api = Api(put_request.hostname)

    try:
        api.connect()
    except Exception:
        return Verdict.DOWN("DOWN")
    pub_cube = api.register(user, cube, info)

    if pub_cube is None:
        api.disconnect()
        return Verdict.MUMBLE("Can't register")

    res = api.encrypt(put_request.flag)
    if res is None:
        api.disconnect()
        return Verdict.MUMBLE("Can't encrypt")
    ct, priv_key = res
    api.disconnect()

    try:
        is_correct = check_encryption_correctnes(ct, pub_cube, priv_key, put_request.flag)
    except Exception:
        is_correct = False
    if not is_correct:
        return Verdict.CORRUPT("Wrong encryption")

    return Verdict.OK(':'.join([user, cube.as_str(), pub_cube.as_str(), ct.decode(), str(priv_key)]))
예제 #2
0
def ensure_success(request):
    try:
        r = request()
    except Exception as e:
        raise HTTPException(Verdict.DOWN("HTTP error"))
    if r.status_code != 200:
        raise HTTPException(Verdict.MUMBLE("Invalid status code: %s %s" % (r.url, r.status_code)))
    return r
예제 #3
0
async def check_service(request: CheckRequest) -> Verdict:
    async with API(request.hostname) as api:
        try:
            await api.ping()
        except Exception as ex:
            print(traceback.format_exc())
            return Verdict.DOWN('DOWN')
    return Verdict.OK()
예제 #4
0
def get_flag_from_the_service(request: GetRequest) -> Verdict:
    try:
        r_telemetry = get_telemetry(request.hostname,
                                    json.loads(request.flag_id)["session"])

        if r_telemetry["bodyID"] != request.flag:
            return Verdict.CORRUPT("flag corrupted")

        return Verdict.OK()
    except HTTPException as e:
        return e.verdict
예제 #5
0
def get_flag_from_the_service(request: GetRequest) -> Verdict:
    try:
        user = json.loads(request.flag_id)
        r_telemetry = get_body(request.hostname, user["session"],
                               user["series"], user["revision"],
                               user["vendorToken"])

        if r_telemetry["bodyFamilyUUID"] != request.flag:
            return Verdict.CORRUPT("flag corrupted")

        return Verdict.OK()
    except HTTPException as e:
        return e.verdict
예제 #6
0
def check(check_request: CheckRequest) -> Verdict:
    api = Api()
    try:
        rand_uuid = api.add_new_chess_unit(check_request.hostname, randomize(),
                                           randomize())
        if len(rand_uuid) > 0:
            return Verdict.OK()
    except RequestException as e:
        print(f"can't connect due to {e}")
        return Verdict.DOWN("can't connect to host")
    except Exception as e:
        print(e)
        return Verdict.MUMBLE("bad proto")
예제 #7
0
def put(put_request: PutRequest) -> Verdict:
    api = Api(put_request.hostname)
    try:
        username, password = get_random_str(), get_random_str()
        r = api.sing_up(username, password, get_random_str(), get_random_str())
        api.add_bark(username, put_request.flag, is_private=True)
        api.logout()
        return Verdict.OK(f"{username}:{password}")
    except RequestException as e:
        print(f"can't connect due to {e}")
        return Verdict.DOWN("can't connect to host")
    except Exception as e:
        print(e)
        return Verdict.MUMBLE("bad proto")
예제 #8
0
async def put_flag_aes(request: PutRequest) -> Verdict:
    algo = utils_pb2.Algo.AES
    login, msg = os.urandom(12), extend_flag_aes(request.flag).encode()

    try:
        key, decrypted_msg = await set_msg(login, msg, algo, request.hostname)
    except Exception as ex:
        print(traceback.format_exc())
        return Verdict.DOWN('DOWN')

    if decrypted_msg != msg:
        return Verdict.DOWN("AES doesn't work")
    if login not in await get_logins(algo, request.hostname):
        return Verdict.MUMBLE("Can't find login")
    return Verdict.OK("{}:{}".format(login.hex(), key))
예제 #9
0
def get_model_template(addr, session, model, revision):
    url = 'http://%s:%s/api/template' % (addr, utils.get_port())
    headers = {'User-Agent': utils.get_user_agent()}
    cookies = {'medlinkToken': session}
    payload = {'modelSeries': model, 'revision': revision}

    i = 0

    while i < 3:
        r = ensure_success(lambda: requests.get(url,
                                                headers=headers,
                                                params=payload,
                                                cookies=cookies,
                                                verify=False))
        conent = r.content.decode("UTF-8")
        try:
            if conent != None:
                return json.loads(conent)
        except Exception:
            print(i)

        i += 1
        print(r)

        return Verdict.MUMBLE("Check api/template")
예제 #10
0
def get_flag_from_the_service2(request: GetRequest) -> Verdict:
    try:
        executor_id, executor_apikey, secret, victim_name = request.flag_id.strip(
        ).split(":")
        hostname = request.hostname
        victim = get_victim(hostname, executor_id, executor_apikey,
                            victim_name)
        if victim["InformerName"] == secret:
            return Verdict.OK()
        else:
            return Verdict.CORRUPT("bad flag")
    except HTTPException as e:
        return e.verdict
    except Exception as e:
        print(f"bad access {e}")
        return Verdict.CORRUPT("can't reach flag")
예제 #11
0
def get_flag_from_the_service(request: GetRequest) -> Verdict:
    try:
        executor_id, secret, command = request.flag_id.strip().split(":")
        hostname = request.hostname
        executor = get_executor(hostname, executor_id, secret)
        c_command = get_command(hostname, executor_id, secret, command)

        if secret in c_command["Admins"]:
            return Verdict.OK()
        else:
            return Verdict.CORRUPT("bad flag")
    except HTTPException as e:
        return e.verdict
    except Exception as e:
        print(f"bad access {e}")
        return Verdict.CORRUPT("can't reach flag")
예제 #12
0
def put(put_request: PutRequest) -> Verdict:
    api = Api(put_request.hostname)
    try:
        username, password, bark = get_random_str(), get_random_str(), get_random_text()
        r = api.sing_up(username, password, get_random_str(), get_random_str())
        r = api.add_bark(username, bark, is_private=False)
        bark_id = int(r.text.split(bark)[0].split("/get_bark/")[1][0:-3])
        api.comment_bark(bark_id, put_request.flag, True)
        api.logout()
        return Verdict.OK(f"{username}:{password}:{bark_id}")
    except RequestException as e:
        print(f"can't connect due to {e}")
        return Verdict.DOWN("can't connect to host")
    except Exception as e:
        print(e)
        return Verdict.MUMBLE("bad proto")
예제 #13
0
def put(put_request: PutRequest) -> Verdict:
    user = generate_user()
    cube = generate_cube()
    info = put_request.flag

    api = Api(put_request.hostname)

    try:
        api.connect()
    except Exception:
        return Verdict.DOWN("DOWN")
    pub_cube = api.register(user, cube, info)
    api.disconnect()
    if pub_cube is None:
        return Verdict.MUMBLE("Can't register")
    return Verdict.OK(':'.join([user, cube.as_str(), pub_cube.as_str()]))
예제 #14
0
def put_flag_into_the_service(request: PutRequest) -> Verdict:
    try:
        vendor = register_vendor(request.hostname)
        vendor_session = vendor["session"]
        v_token = vendor["vendorToken"]
        body_model = utils.get_body_model()
        body_model["BodyFamilyUUID"] = str(uuid.uuid4())
        put_body(request.hostname, vendor_session, body_model, v_token)

        user_session = vendor["session"]

        user_model = {
            "series": body_model["modelSeries"],
            "revision": body_model["revision"]
        }
        template = get_model_template(request.hostname, user_session,
                                      user_model["series"],
                                      body_model["revision"])

        telemetry = {
            "bodyID": request.flag,
            "bodyModelSeries": user_model["series"],
            "bodyRevision": user_model["revision"],
            "hardwareTelemetry": {}
        }

        for parameter in template:
            telemetry["hardwareTelemetry"][parameter] = random.randrange(
                0, 100)

        put_telemetry(request.hostname, user_session, telemetry)
        return Verdict.OK(json.dumps({"session": user_session}))
    except HTTPException as e:
        return e.verdict
예제 #15
0
def put(put_request: PutRequest) -> Verdict:
    api = Api()
    try:
        unit_name = randomize()
        id_of_basement = api.add_new_chess_unit(put_request.hostname,
                                                unit_name, put_request.flag)
        armory_id = randomize()
        new_armory_id = api.add_armory_unit(put_request.hostname, armory_id)
        result = api.add_unit_to_chess(put_request.hostname, unit_name,
                                       new_armory_id)
        last_50_objects = api.get_latest_objects(put_request.hostname, 50)
        if "Armory" not in str(api.object_info(put_request.hostname,
                                               unit_name)):
            print("Armory not in object")
            return Verdict.MUMBLE("Bad object")
        if unit_name not in last_50_objects or result not in last_50_objects or armory_id not in last_50_objects:
            print("last 50 object doesnt contain needed info")
            return Verdict.MUMBLE("bad objects listing")
        if result != unit_name:
            print("result != unit name")
            return Verdict.MUMBLE("bad object id after adding")
        if armory_id != new_armory_id:
            print("bad armory id")
            return Verdict.MUMBLE("bad object id after adding")
        return Verdict.OK(f"{unit_name}:{id_of_basement}")
    except RequestException as e:
        print(f"timeout on connect {e}")
        return Verdict.DOWN("timeout")
    except Exception as e:
        print(f"possible mumble, {e}")
        return Verdict.MUMBLE("bad proto")
예제 #16
0
async def get_flag_from_the_service(request: GetRequest) -> Verdict:
    async with API(request.hostname) as api:
        try:
            login, password = request.flag_id.split(":")
            status = await api.login(login, password)
            if status != 200:
                print(f'ON GET 1 LOG IN: Wait 200, but return {status}')
                return Verdict.MUMBLE("Can't log in")
            status, text = await api.get_profile()
            if status != 200:
                print(f'ON GET 1 GET PROFILE: Wait 200, but return {status}')
                return Verdict.MUMBLE("Can't get profile")
            if request.flag not in FLAG_PATTERN.findall(text):
                print(f'ON GET 1 FLAG ERROR: not found')
                return Verdict.CORRUPT("Can't find flag")
        except Exception as ex:
            print(traceback.format_exc())
            return Verdict.DOWN('DOWN')
    return Verdict.OK()
예제 #17
0
async def put_flag_into_the_service(request: PutRequest) -> Verdict:
    async with API(request.hostname) as api:
        try:
            creds = get_reg_creds()
            status = await api.registration(creds)
            if status != 302:
                print(f'ON PUT 1 REGISTRATION: Wait 302, but return {status}')
                return Verdict.MUMBLE("Registration error")

            status = await api.update_user({
                "login": creds['login'],
                "additionalInfo": request.flag
            })
            if status != 200:
                print(f'ON PUT 1 UPDATE USER: Wait 200, but return {status}')
                return Verdict.MUMBLE("Can't update user")
        except Exception as ex:
            print(traceback.format_exc())
            return Verdict.DOWN('DOWN')
    return Verdict.OK(f"{creds['login']}:{creds['password']}")
예제 #18
0
def get(get_request: GetRequest) -> Verdict:
    api = Api(get_request.hostname)
    try:
        username, password = get_request.flag_id.split(":")
        r = api.login(username, password)

        if r.status_code != 200:
            return Verdict.MUMBLE("can't login")

        if get_request.flag in r.text:
            return Verdict.OK()
        else:
            print(f"Can't find flag {get_request.flag} in {r.text}")
            return Verdict.CORRUPT("flag not found")

    except RequestException as e:
        print(f"can't connect due to {e}")
        return Verdict.DOWN("can't connect to host")
    except Exception as e:
        print(e)
        return Verdict.MUMBLE("bad proto")
예제 #19
0
def get(get_request: GetRequest) -> Verdict:
    api = Api()
    try:
        addr, secret = get_request.flag_id.strip().split(":")
        try:
            resulting_info = api.basement_info(get_request.hostname, addr,
                                               secret)
            if get_request.flag in resulting_info:
                return Verdict.OK()
            else:
                print(resulting_info, get_request.flag)
                return Verdict.CORRUPT("bad flag")
        except Exception as e:
            print(f"bad access {e}")
            return Verdict.CORRUPT("can't reach flag")
    except RequestException as e:
        print(e)
        return Verdict.DOWN("seems to be down")
    except Exception as e:
        print(f"ex {e}")
        return Verdict.MUMBLE("bad proto")
예제 #20
0
def get(get_request: GetRequest) -> Verdict:
    user, cube, pub_cube = get_request.flag_id.split(":")
    cube, pub_cube = map(Cube.from_str, (cube, pub_cube))
    info = get_request.flag

    api = Api(get_request.hostname)

    try:
        api.connect()
    except Exception:
        return Verdict.DOWN("DOWN")
    login_pub_cube = api.login(user, cube)
    if login_pub_cube is None:
        api.disconnect()
        return Verdict.MUMBLE("Can't login")
    if login_pub_cube != pub_cube:
        api.disconnect()
        return Verdict.MUMBLE("Wrong public cube")

    server_info = api.get_info()
    if server_info is None:
        api.disconnect()
        return Verdict.MUMBLE("Can't get info")

    api.disconnect()

    if server_info != info:
        return Verdict.CORRUPT("Wrong user info")

    return Verdict.OK()
예제 #21
0
async def check_service(request: CheckRequest) -> Verdict:
    async with API(request.hostname) as api:
        try:
            creds = get_reg_creds()
            status = await api.registration(creds)
            if status != 302:
                print(f'REGISTRATION: Wait 302, but return {status}')
                return Verdict.MUMBLE("Registration error")
            status = await api.update_user({
                "login": creds['login'],
                "additionalInfo": grs(25)
            })
            if status != 200:
                print(f'UPDATE USER: Wait 200, but return {status}')
                return Verdict.MUMBLE("Can't update user")
            status, res_json = await api.create_planner(get_planner())
            if status != 201 and len(res_json) != 0:
                print(
                    f'CREATE PANNER: Wait 201 with not empty json, but return {status} with {res_json}'
                )
                return Verdict.MUMBLE("Can't create planner")
            planner_id = res_json['id']
            status = await api.create_task(planner_id, get_task())
            if status != 201:
                print(f'CREATE TASK: Wait 201, but return {status}')
                Verdict.MUMBLE("Can't create task")
        except Exception as ex:
            print(traceback.format_exc())
            return Verdict.DOWN('DOWN')
    return Verdict.OK()
예제 #22
0
def check(check_request: CheckRequest) -> Verdict:
    user = generate_user()
    cube = generate_cube()
    info = generate_info()

    api = Api(check_request.hostname)

    try:
        api.connect()
    except Exception:
        return Verdict.DOWN("DOWN")
    register_pub_cube = api.register(user, cube, info)
    api.disconnect()
    if register_pub_cube is None:
        return Verdict.MUMBLE("Can't register")

    try:
        api.connect()
    except Exception:
        return Verdict.DOWN("DOWN")
    login_pub_cube = api.login(user, cube)
    api.disconnect()
    if login_pub_cube is None:
        return Verdict.MUMBLE("Can't login")

    if register_pub_cube != login_pub_cube:
        return Verdict.MUMBLE("Wrong public cube")

    return Verdict.OK()
예제 #23
0
async def put_second_flag_into_the_service(request: PutRequest) -> Verdict:
    async with API(request.hostname) as api:
        try:
            creds = get_reg_creds()
            status = await api.registration(creds)
            if status != 302:
                print(f'ON PUT 2 REGISTRATION: Wait 302, but return {status}')
                return Verdict.MUMBLE("Registration error")

            planner = get_planner()
            status, planner = await api.create_planner(planner)
            if status != 201 or len(planner) == 0:
                print(f'ON GET 2 GET PLANNER: Wait 201, but return {status}')
                return Verdict.MUMBLE("Can't create planner")

            status, text = await api.get_planners()
            planner_id = planner["id"]

            if status != 200 or len(text.split(f'<tr id="{planner_id}">')) < 1:
                print(f'ON GET 2 GET PLANNERS: Wait 200, but return {status}')
                return Verdict.MUMBLE("Can't get planner")

            task = get_task()
            task['description'] = request.flag
            status = await api.create_task(planner_id, task)
            if status != 201:
                print(f'ON GET 2 CREATE TASK: Wait 201, but return {status}')
                Verdict.MUMBLE("Can't create task")

        except Exception as ex:
            print(traceback.format_exc())
            return Verdict.DOWN('DOWN')
    return Verdict.OK(f"{creds['login']}:{creds['password']}:{planner['id']}")
예제 #24
0
async def get_flag_xor(request: GetRequest) -> Verdict:
    algo = utils_pb2.Algo.XOR

    try:
        login, key = request.flag_id.split(':')
        login, key = bytes.fromhex(login), int(key)

        if login not in await get_logins(algo, request.hostname):
            return Verdict.MUMBLE("Can't find login")
    except Exception as ex:
        print(traceback.format_exc())
        return Verdict.DOWN('DOWN')

    try:
        flag = await get_msg(login, key, algo, request.hostname)
    except Exception as ex:
        print(traceback.format_exc())
        return Verdict.DOWN('DOWN')

    if flag != extend_flag_xor(request.flag).encode():
        return Verdict.CORRUPT("Wrong flag")
    return Verdict.OK()
예제 #25
0
def put_flag_into_the_service2(request: PutRequest) -> Verdict:
    try:
        hostname = request.hostname
        flag = request.flag
        executor_apikey = utils.get_executor_id()
        executor_id = utils.get_executor_id()
        add_executor(hostname, executor_id, executor_apikey)
        victim_name = utils.get_victim_name()
        add_victim(hostname, executor_id, executor_apikey, victim_name, flag)

        return Verdict.OK(
            f"{executor_id}:{executor_apikey}:{flag}:{victim_name}")
    except HTTPException as e:
        return e.verdict
예제 #26
0
def put_flag_into_the_service(request: PutRequest) -> Verdict:
    try:
        hostname = request.hostname
        flag = request.flag
        executor = add_executor(hostname, utils.get_executor_id(), flag)
        executor_id = executor["ExecutorId"]
        executor_apikey = executor["ExecutorApiKey"]

        command_name = utils.get_command_name()
        add_command(hostname, executor_id, executor_apikey, command_name)

        return Verdict.OK(f"{executor_id}:{flag}:{command_name}")

    except HTTPException as e:
        return e.verdict
예제 #27
0
async def get_flag_from_the_service(request: GetRequest) -> Verdict:
    async with API(request.hostname) as api:
        try:
            login, password, planner_id = request.flag_id.split(":")
            status = await api.login(login, password)
            if status != 200:
                print(f'ON PUT 2 LOG IN:Wait 200, but return {status}')
                return Verdict.MUMBLE("Can't log in")

            status, tasks = await api.get_tasks(planner_id, WEEK, YEAR)
            if status != 200 or len(tasks) == 0:
                print(
                    f'ON PUT 2 GET TASKS: Wait 200, but return {status} without tasks'
                )
                return Verdict.MUMBLE("Can't get tasks")

            for task in tasks:
                if request.flag in task['description']:
                    return Verdict.OK()
        except Exception as ex:
            print(traceback.format_exc())
            return Verdict.DOWN('DOWN')
    print(f'ON GET 2 flag not found')
    return Verdict.CORRUPT("Can't find flag")
예제 #28
0
def put_flag_into_the_service(request: PutRequest) -> Verdict:
    try:
        vendor = register_vendor(request.hostname)
        vendor_session = vendor["session"]
        v_token = vendor["vendorToken"]
        body_model = utils.get_body_model()
        body_model["BodyFamilyUUID"] = request.flag
        put_body(request.hostname, vendor_session, body_model, v_token)

        return Verdict.OK(
            json.dumps({
                "session": vendor_session,
                "vendorToken": v_token,
                "series": body_model["modelSeries"],
                "revision": body_model["revision"]
            }))
    except HTTPException as e:
        return e.verdict
예제 #29
0
def ensure_success(request):
    r = request
    if r.status_code != 200:
        raise HTTPException(Verdict.MUMBLE("Invalid status code: %s %s" % (r.url, r.status_code)))
    return r
예제 #30
0
def check_service(request: CheckRequest) -> Verdict:
    try:
        vendor = register_vendor(request.hostname)

        vendor_session = vendor["session"]
        v_token = vendor["vendorToken"]
        body_model = utils.get_body_model()
        put_body(request.hostname, vendor_session, body_model, v_token)
        bodies = get_supported_bodies(request.hostname, vendor_session)

        if {
                "series": body_model["modelSeries"],
                "revision": body_model["revision"]
        } not in bodies:
            return Verdict.MUMBLE(
                "GET /api/bodymodels not contains %s revision %s" %
                (body_model["modelSeries"], body_model["revision"]))

        received = get_body(request.hostname, vendor_session,
                            body_model["modelSeries"], body_model["revision"],
                            v_token)

        if body_model["modelSeries"] != received["modelSeries"]:
            return Verdict.MUMBLE("GET api/bodymodel unknown modelSeries")

        for key in body_model["referenceValues"].keys():
            if key not in received["referenceValues"] or body_model[
                    "referenceValues"][key] != received["referenceValues"][key]:
                return Verdict.MUMBLE(
                    "GET api/bodymodel unknown referenceValues")

        template = get_model_template(request.hostname, vendor_session,
                                      body_model["modelSeries"],
                                      body_model["revision"])

        lower_temp = {v.lower(): v for v in template}

        for key in body_model["referenceValues"].keys():
            if key not in lower_temp:
                return Verdict.MUMBLE("GET api/template unknown values")

        user = register_user(request.hostname)
        user_session = user["session"]
        user_model = {
            "series": body_model["modelSeries"],
            "revision": body_model["revision"]
        }
        template = get_model_template(request.hostname, user_session,
                                      user_model["series"],
                                      user_model["revision"])

        telemetry = {
            "bodyID": utils.get_bodyid(),
            "bodyModelSeries": user_model["series"],
            "bodyRevision": user_model["revision"],
            "hardwareTelemetry": {}
        }

        for parameter in template:
            telemetry["hardwareTelemetry"][parameter] = random.randrange(
                0, 100)

        put_telemetry(request.hostname, user_session, telemetry)
        r_telemetry = get_telemetry(request.hostname, user_session)

        if telemetry["bodyID"] != r_telemetry["bodyID"]:
            return Verdict.MUMBLE("GET api/telemetry bad bodyId")

        for key in r_telemetry["hardwareTelemetry"].keys():
            if r_telemetry["hardwareTelemetry"][key] != telemetry[
                    "hardwareTelemetry"][key]:
                return Verdict.MUMBLE(
                    "GET api/telemetry bad hardwareTelemetry")

        r_check = health_check(request.hostname, user_session)

        for key in r_check["checkResults"].keys():
            if key not in template:
                return Verdict.MUMBLE("GET api/telemetry bad checkResults")

        return Verdict.OK()
    except HTTPException as e:
        return e.verdict