ソースを参照

adapted for slashroot 2019

master
myitinos 4年前
コミット
689693df2b
10個のファイルの変更88行の追加95行の削除
  1. +0
    -10
      .drone.yml
  2. +2
    -0
      .start.sh
  3. +4
    -4
      Dockerfile
  4. +1
    -1
      Makefile
  5. +0
    -14
      build-image.sh
  6. +10
    -0
      docker-compose.yml
  7. +1
    -1
      flag.txt
  8. +2
    -2
      src/system/betatest.cpp
  9. +68
    -63
      src/system/memory.cpp
  10. バイナリ
      version002

+ 0
- 10
.drone.yml ファイルの表示

@ -1,10 +0,0 @@
pipeline:
build-docker:
image: docker:18.06.1-ce
volumes:
- /var/run/docker.sock:/var/run/docker.sock
commands:
- chmod +x ./build-image.sh
- ./build-image.sh
when:
event: [push]

+ 2
- 0
.start.sh ファイルの表示

@ -0,0 +1,2 @@
#!/bin/bash
(socat TCP-LISTEN:20202,reuseaddr,fork EXEC:/chall/version002,su=nobody)

+ 4
- 4
Dockerfile ファイルの表示

@ -1,5 +1,5 @@
# Use ubuntu 16.04
FROM ubuntu:16.04
# Use ubuntu 19.04
FROM ubuntu:latest
EXPOSE 20202
RUN apt-get update
@ -15,6 +15,7 @@ WORKDIR /chall
# Secure ENV
COPY flag.txt .
COPY version002 .
COPY .start.sh /var/tmp/
RUN echo 'alias kill="echo no kill please!"' >> ~/.bashrc
RUN chmod 700 /tmp /usr/bin/* /bin/* /dev/shm
@ -22,9 +23,8 @@ RUN chmod 700 /tmp /usr/bin/* /bin/* /dev/shm
RUN chown root:ksl /chall/version002
RUN chmod 775 /chall/version002
RUN chmod 775 /var/tmp/.start.sh
# Run Service
RUN echo '#!/bin/bash'"\n(socat TCP-LISTEN:20202,reuseaddr,fork EXEC:"/chall/version002,su=nobody")" > /var/tmp/.start.sh && chmod +x /var/tmp/.start.sh
CMD ["/var/tmp/.start.sh"]

+ 1
- 1
Makefile ファイルの表示

@ -1,7 +1,7 @@
COMPILER=g++
#FLAGS=-g -I. -pedantic -Wall -Wextra -Wcast-align -Wcast-qual -Wctor-dtor-privacy -Wdisabled-optimization -Wformat=2 -Winit-self -Wlogical-op -Wmissing-declarations -Wmissing-include-dirs -Wnoexcept -Wold-style-cast -Woverloaded-virtual -Wredundant-decls -Wshadow -Wsign-conversion -Wsign-promo -Wstrict-null-sentinel -Wstrict-overflow=5 -Wswitch-default -Wundef -Werror -Wno-unused
#FLAGS=-g -I.
FLAGS=-I.
FLAGS=-s -I.
O_DIR=obj
CLASS_DIR=src/class

+ 0
- 14
build-image.sh ファイルの表示

@ -1,14 +0,0 @@
#!/bin/sh
set -e
set -o xtrace
IMAGE_NAME=hack-the-game-v002
# clean old images
OLD_IMAGES=$(docker images $IMAGE_NAME -q --no-trunc)
if [ -n "${OLD_IMAGES}" ]; then
docker rmi -f ${OLD_IMAGES};
fi
#Build Images
docker build . -t $IMAGE_NAME

+ 10
- 0
docker-compose.yml ファイルの表示

@ -0,0 +1,10 @@
version: "2"
services:
main:
build: .
container_name: "htg2"
network_mode: "bridge"
restart: on-failure
ports:
- "30313:20202"

+ 1
- 1
flag.txt ファイルの表示

@ -1 +1 @@
GKSK{H0w_d1d_I_n0t_real1ze_such_4_s7up1d_m1sT4k3}
SlashRootCTF{Th47_15_d3f1Nit3ly_a_5tup1D_m1sT4kE}

+ 2
- 2
src/system/betatest.cpp ファイルの表示

@ -1,9 +1,9 @@
#include "src/system/betatest.hpp"
std::string BetaTest::betaFlag = "4re_Y0u_53ri0usly_checking_f0r_b3t4_t3sT?";
std::string BetaTest::betaFlag = "7h1s_i5_n0t_a_b3t4_tE5t_k3y";
bool BetaTest::check(std::string input)
{
return input.compare("GKSK{" + betaFlag + "}") == 0;
return input.compare("SlashRootCTF{" + betaFlag + "}") == 0;
}

+ 68
- 63
src/system/memory.cpp ファイルの表示

@ -4,32 +4,33 @@
#include <string>
#include <cstring>
static const std::string base64_chars =
"abcdefghijklmnopqrstuvwxyz"
"ABCDEFGHIJKLMNOPQRSTUVWXYZ"
"0123456789+/";
static const std::string base64_chars =
"s1XWgtaLvfyEeYUi42Mo36NR9DKrVjbTpPuwHc5lA8dC0OSxzknm7qGJBIZFQh+/";
static inline bool is_base64(unsigned char c) {
static inline bool is_base64(unsigned char c)
{
return (isalnum(c) || (c == '+') || (c == '/'));
}
std::string base64_encode(unsigned char const* bytes_to_encode, unsigned int in_len) {
std::string base64_encode(unsigned char const *bytes_to_encode, unsigned int in_len)
{
std::string ret;
int i = 0;
int j = 0;
unsigned char char_array_3[3];
unsigned char char_array_4[4];
while (in_len--) {
while (in_len--)
{
char_array_3[i++] = *(bytes_to_encode++);
if (i == 3) {
if (i == 3)
{
char_array_4[0] = (char_array_3[0] & 0xfc) >> 2;
char_array_4[1] = ((char_array_3[0] & 0x03) << 4) + ((char_array_3[1] & 0xf0) >> 4);
char_array_4[2] = ((char_array_3[1] & 0x0f) << 2) + ((char_array_3[2] & 0xc0) >> 6);
char_array_4[3] = char_array_3[2] & 0x3f;
for(i = 0; (i <4) ; i++)
for (i = 0; (i < 4); i++)
ret += base64_chars[char_array_4[i]];
i = 0;
}
@ -37,26 +38,25 @@ std::string base64_encode(unsigned char const* bytes_to_encode, unsigned int in_
if (i)
{
for(j = i; j < 3; j++)
for (j = i; j < 3; j++)
char_array_3[j] = '\0';
char_array_4[0] = ( char_array_3[0] & 0xfc) >> 2;
char_array_4[0] = (char_array_3[0] & 0xfc) >> 2;
char_array_4[1] = ((char_array_3[0] & 0x03) << 4) + ((char_array_3[1] & 0xf0) >> 4);
char_array_4[2] = ((char_array_3[1] & 0x0f) << 2) + ((char_array_3[2] & 0xc0) >> 6);
for (j = 0; (j < i + 1); j++)
ret += base64_chars[char_array_4[j]];
while((i++ < 3))
while ((i++ < 3))
ret += '=';
}
return ret;
}
std::string base64_decode(std::string const& encoded_string) {
std::string base64_decode(std::string const &encoded_string)
{
int in_len = encoded_string.size();
int i = 0;
int j = 0;
@ -64,15 +64,18 @@ std::string base64_decode(std::string const& encoded_string) {
unsigned char char_array_4[4], char_array_3[3];
std::string ret;
while (in_len-- && ( encoded_string[in_] != '=') && is_base64(encoded_string[in_])) {
char_array_4[i++] = encoded_string[in_]; in_++;
if (i ==4) {
for (i = 0; i <4; i++)
while (in_len-- && (encoded_string[in_] != '=') && is_base64(encoded_string[in_]))
{
char_array_4[i++] = encoded_string[in_];
in_++;
if (i == 4)
{
for (i = 0; i < 4; i++)
char_array_4[i] = base64_chars.find(char_array_4[i]);
char_array_3[0] = ( char_array_4[0] << 2 ) + ((char_array_4[1] & 0x30) >> 4);
char_array_3[0] = (char_array_4[0] << 2) + ((char_array_4[1] & 0x30) >> 4);
char_array_3[1] = ((char_array_4[1] & 0xf) << 4) + ((char_array_4[2] & 0x3c) >> 2);
char_array_3[2] = ((char_array_4[2] & 0x3) << 6) + char_array_4[3];
char_array_3[2] = ((char_array_4[2] & 0x3) << 6) + char_array_4[3];
for (i = 0; (i < 3); i++)
ret += char_array_3[i];
@ -80,14 +83,16 @@ std::string base64_decode(std::string const& encoded_string) {
}
}
if (i) {
if (i)
{
for (j = 0; j < i; j++)
char_array_4[j] = base64_chars.find(char_array_4[j]);
char_array_3[0] = (char_array_4[0] << 2) + ((char_array_4[1] & 0x30) >> 4);
char_array_3[1] = ((char_array_4[1] & 0xf) << 4) + ((char_array_4[2] & 0x3c) >> 2);
for (j = 0; (j < i - 1); j++) ret += char_array_3[j];
for (j = 0; (j < i - 1); j++)
ret += char_array_3[j];
}
return ret;
@ -95,47 +100,47 @@ std::string base64_decode(std::string const& encoded_string) {
Player *Memory::loadFromCode(std::string code)
{
code = base64_decode(code);
char playerName[16] = {0};
int playerHP = 0;
int playerAtk = 0;
int playerDef = 0;
int playerLevel = 0;
int playerExp = 0;
int result = sscanf(code.c_str(),
"PlayerLevel=%d;PlayerExp=%d;PlayerHP=%d;PlayerAtk=%d;PlayerDef=%d;PlayerName=%15s",
&playerLevel,
&playerExp,
&playerHP,
&playerAtk,
&playerDef,
playerName);
std::string playerTrueName = playerName;
if (result == 6)
{
return new Player(playerTrueName, playerHP, playerAtk, playerDef, playerLevel, playerExp);
}
else
{
return nullptr;
}
code = base64_decode(code);
char playerName[16] = {0};
int playerHP = 0;
int playerAtk = 0;
int playerDef = 0;
int playerLevel = 0;
int playerExp = 0;
int result = sscanf(code.c_str(),
"PlayerLevel=%d;PlayerExp=%d;PlayerHP=%d;PlayerAtk=%d;PlayerDef=%d;PlayerName=%15s",
&playerLevel,
&playerExp,
&playerHP,
&playerAtk,
&playerDef,
playerName);
std::string playerTrueName = playerName;
if (result == 6)
{
return new Player(playerTrueName, playerHP, playerAtk, playerDef, playerLevel, playerExp);
}
else
{
return nullptr;
}
}
std::string Memory::saveToCode(Player *player)
{
char code[256];
snprintf(code, sizeof(code),
"PlayerLevel=%d;PlayerExp=%d;PlayerHP=%d;PlayerAtk=%d;PlayerDef=%d;PlayerName=%s",
player->getLevel(),
player->getExp(),
player->getMaxHP(),
player->getAtk(),
player->getDef(),
player->getName().c_str());
return base64_encode(reinterpret_cast<unsigned char *>(code),
strlen(code));
char code[256];
snprintf(code, sizeof(code),
"PlayerLevel=%d;PlayerExp=%d;PlayerHP=%d;PlayerAtk=%d;PlayerDef=%d;PlayerName=%s",
player->getLevel(),
player->getExp(),
player->getMaxHP(),
player->getAtk(),
player->getDef(),
player->getName().c_str());
return base64_encode(reinterpret_cast<unsigned char *>(code),
strlen(code));
}

バイナリ
version002 ファイルの表示


読み込み中…
キャンセル
保存