JohnHammond
/
bearshop
mirror of https://github.com/JohnHammond/bearshop.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

First commit! Adding a README and some pieces to get rolling.

master
John Hammond 2016-08-17 08:55:35 -04:00
commit 4469e81c90
51 changed files with 2928 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
README.md Normal file
View File

@ -0,0 +1,33 @@
__BearShop__
=============
> John Hammond | August 17th, 2016
------------------------------
This repo is dedicated to housing all materials and code for an idea that I have titled "BearShop." My classmates have came to me with an idea to create a buy/trade/sell store for the USCGA, so this is all the work put in for my rendition of it.
I plan to do this project in [Python] with [Flask].
File & Directory Information
----------------
* [`skeleton/`](skeleton/)
This directory holds some code from a recent CTF platform I tried to build on my own. I am using elements from it, so I just snagged to code to be able to cherry-pick off of it and change what I need to get this project rolling.
* [`schema.sql`](schema.sql)
This is the [SQL] schema file that is used to create the database for the webpage. It should create and define tables for things like users, the products on sale, and anything else that may be deemed necessary.
* [`setup.sh`](setup.sh)
This is the [`bash`][bash] script that I planned on using to initially create the server. It sets up the database, creates private keys to be used, and modifies a "base" rendition of the server [Python] script to add all of the configuration variables that can be set _in the [`setup.sh`](setup,sh)_ script.
[Python]: https://www.python.org/
[Flask]: http://flask.pocoo.org/
[SQL]: https://en.wikipedia.org/wiki/SQL
[bash]: https://en.wikipedia.org/wiki/Bash_(Unix_shell)

7
schema.sql Normal file
View File

@ -0,0 +1,7 @@
drop table if exists users;
create table users (
id integer primary key autoincrement,
username text not null,
password text not null,
uuid text not null
);

21
skeleton/certificate.crt Normal file
View File

@ -0,0 +1,21 @@
-----BEGIN CERTIFICATE-----
MIIDXTCCAkWgAwIBAgIJAJD7t75jgxkMMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV
BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX
aWRnaXRzIFB0eSBMdGQwHhcNMTYwMjE0MjIwMjM0WhcNMTcwMjEzMjIwMjM0WjBF
MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50
ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEAoUeVnOJidItTApBwBLrGo0rKh77skVEQHObEVNAKSF2rHf66Ix/Um4J6
OGG440pEGzDiY+2lS8VP40JsZmNXV9920SpJLE6Pv0tb7Nth0B5lrorM9M3Mj6BC
D5E17opvoQFFOu/mjc7elLvHamap2AsqAbk1siyGIC8DecIiNoyMsZeB0d/HZhNi
My8gX8j7I+UMrrn01qriSu3GTh79a3mq4nMC0xtomZZc5jLXZ1C5+dXSGuLpHaqE
kqq80CxmCo0cvAuU6f+WJ+2EXGAJdawvBIGcRbOyYd5WC7GXWSD8EOosI+/7fcaf
kAXy6CYJfng4oDZgJxgNgZ8x5uujZwIDAQABo1AwTjAdBgNVHQ4EFgQU5FXGhyiD
kvpqEgmkVkW9lZgZEp8wHwYDVR0jBBgwFoAU5FXGhyiDkvpqEgmkVkW9lZgZEp8w
DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAnGBGn8Cj67RFMwc19cpw
YLBKu3J6p84Q5gqH5hbR2welyidGTkebbyviUmfoxBg1N3OkpNuq+l/M8yPSWTJB
Ij4DNvqHBAICI9eGy3oaaR9tPAvj0bRQXCR5rWHeC9jJrcQblqViKz87UcAX0SVC
WQLtiANgZCFTh0zNMeyn4GRoObwN244KpQdUxNt9ssh4p4/hY9hZ+1BBA4D2Rku3
ncweJ3bQhEkeQIdtl0MIZF5QM+3P++mcRBbim1JcyBdl2Ew4RQVtObdomTStrR+p
zq52cPJgDo83K1j+VOs/R2R/wFv2bfRwY+QrnsHBF8006l/GDtbUTjx0zdHKeIsT
Nw==
-----END CERTIFICATE-----

3
skeleton/clean.sh Executable file
View File

@ -0,0 +1,3 @@
#!/bin/bash
rm -f server.py certificate.crt privateKey.key

28
skeleton/privateKey.key Normal file
View File

@ -0,0 +1,28 @@
-----BEGIN PRIVATE KEY-----
MIIEwAIBADANBgkqhkiG9w0BAQEFAASCBKowggSmAgEAAoIBAQChR5Wc4mJ0i1MC
kHAEusajSsqHvuyRURAc5sRU0ApIXasd/rojH9Sbgno4YbjjSkQbMOJj7aVLxU/j
QmxmY1dX33bRKkksTo+/S1vs22HQHmWuisz0zcyPoEIPkTXuim+hAUU67+aNzt6U
u8dqZqnYCyoBuTWyLIYgLwN5wiI2jIyxl4HR38dmE2IzLyBfyPsj5QyuufTWquJK
7cZOHv1rearicwLTG2iZllzmMtdnULn51dIa4ukdqoSSqrzQLGYKjRy8C5Tp/5Yn
7YRcYAl1rC8EgZxFs7Jh3lYLsZdZIPwQ6iwj7/t9xp+QBfLoJgl+eDigNmAnGA2B
nzHm66NnAgMBAAECggEBAIzF4v2RTMbVZZtzX5OBRCj7+1QJfoxI6XuQogY1oQQR
Xm9MDETkX7ttZCkagztBc7kYLkNzBzjf/R8st1mXlIGK+DcSZdRarnYW3SIdS39R
SQfU95kmmUs0YvUblqukAlPSvA75n5Bf5UCFt0ZUXiPJet0OQKRI4Lnuz2XT4fEh
0lUJTKxU6kZwAM37mRtHlJnQ59/qEGPwCz5fe+wAfzwznRVoGB9VQU00k8TX0TT/
JZPPvP2rMcCoiCa6on4Z9gHEtSZN60g35aAcp22SgIk5hxL6bc1OjLN6jDUiVrHf
oYcTGwODzpbyMiSO5N+fGJc0f5VvsTZpwUX8oLAKEAECgYEAzvDbAkLpsU6nYjhs
SNqsToUhnLYKVtDgHdR4Rx6xnIqNp0Zl/o27lWn9ZT9XTwYtkUzm+Vv1iyYvMIY4
3U+0K1vf/Z3fXAptSjwqhRrAEwj6dGu4qsXKcPnabGfNjZqRhx3vAD+T65KQXMrY
OhGFC3wuFug1RhQzFUmPt2uYDgECgYEAx4OSHovko6LpuJBto07nuWCRs4aKofzW
9imdyAau3PbR34RTs0Wwu+LLY8Q8FKor1Eur+8Dp00WJgI2tLE+iVN9aupK/SdVx
ed9UDLnI20nCrf4LFV/HDk7nXLnlvUn2Ndq9lUxi/5AhAfTzibG3q/DwVB5vqdyk
PdYm+GSwAWcCgYEAv9aEELqbDWWOwfzwVTFyXnAIUtBnEUgdG0omHjgUCrxeyNz4
HFyjssVIxJ1NgNKHV5Vk4XEgVViWknM7L959dVx8bw31S8vWuOTBvhaoTH0cQOTD
knw9STI2DBzGbykFE67qKt7Fb7K05XCdtmcbYSRDTbUB/e8n0+oXsr+pfAECgYEA
i+aLmJXZ3pDHON81shULUicQJAXMwmfsSDLIa9Gb3l/IrOY6VvQgSK9wlWWuB4OI
NlZVo7QTgk05bQZrjy3ME52HHlr2fYyJBL+ATWgdGv+u3pjMJtHBYBweChxkp4Xs
erkGxWEJ7lCfhKLB/yS6OXw62ZF6FW8dUCsRqo3YCTMCgYEAr94W8AIlq7uiE7N+
jlRzfedml2JcrDzOLDqcixZh454Q5bMSfJJqoCeLxqHQacQhwngVjztn9EtBr+GC
IFNYCdCoeBtVnWkizKtKohlwAjmxNY9SENFRwCzF5waQErf1PTcPJvD7JG/4S9vL
t84Xs6f6CImQis+03rwtQ3XRc3w=
-----END PRIVATE KEY-----

10
skeleton/schema.sql Normal file
View File

@ -0,0 +1,10 @@
drop table if exists users;
create table users (
id integer primary key autoincrement,
username text not null,
password text not null,
solved_challenges text not null,
score integer not null,
last_submission integer not null,
uuid text not null
);

345
skeleton/server.py Executable file
View File

@ -0,0 +1,345 @@
#!/usr/bin/env python
from flask import Flask
from flask import render_template, request, session, g, url_for, flash, get_flashed_messages, redirect
import sqlite3
import json
import sys, os
from colorama import *
import sys
from threading import Thread
from time import sleep
from uuid import uuid4
import flag_server
from passlib.hash import sha256_crypt
from contextlib import closing
flag_rotation_seconds = 60
correct_answers = {}
debug = True
init( autoreset = True )
if (debug):
def success( string ):
print Fore.GREEN + Style.BRIGHT + "[+] " + string
def error( string ):
sys.stderr.write( Fore.RED + Style.BRIGHT + "[-] " + string + "\n" )
def warning( string ):
print Fore.YELLOW + "[!] " + string
else:
def success( string ): pass
def error( string ): pass
def warning( string ): pass
# ===========================================================================
DATABASE = '/tmp/attack.db'
CONFIG = 'services.json'
CERTIFICATE = 'certificate.crt'
PRIVATE_KEY = 'privateKey.key'
SECRET_KEY = 'this_key_needs_to_be_used_for_session_variables'
if DATABASE == '$DATABASE':
error("This server has not yet been configured with a database file!")
exit(-1)
if CONFIG == '$CONFIGURATION':
error("This server has not yet been configured with a configuration file!")
exit(-1)
if CERTIFICATE == '$CERTIFICATE_FILE':
error("This server has not yet been configured with a certificate!")
exit(-1)
if PRIVATE_KEY == '$PRIVATEKEY_FILE':
error("This server has not yet been configured with a private key!")
exit(-1)
app = Flask( __name__ )
app.config.from_object(__name__)
needed_configurations = [
"app_title", "app_about", "app_navigation_logged_out",
"app_navigation_logged_in", "services"
]
def flag_rotator( services ):
global correct_answers
round = 0
while 1:
print "FLAG ROUND", round, "="*50
correct_answers = {}
for service in services:
flag = flag_server.generate_flag()
flag_server.save_flag( flag, "services/" + service['folder_name'] )
correct_answers[ flag ] = service['points']
round += 1
sleep( flag_rotation_seconds )
if not ( os.path.exists(CONFIG) ):
error("This configuration file '" + CONFIG + "' does not seem to exist!")
exit(-1)
else:
success("The configuration file exists!")
handle = open( CONFIG )
configuration = json.loads(handle.read().replace("\n","").replace("\t",""))
try:
for needed_config in needed_configurations:
assert configuration[needed_config]
except Exception as e:
error("Configuration file '" + sys.argv[1] + "' does not have the following configuration tag:")
warning(e.message)
error("Please fix this and re-run the server.")
exit(-1)
handle.close()
success("The configuration looks good!")
success("Starting the flag rotator...")
flag_rotation = Thread( target = flag_rotator, args = ( configuration['services'],) )
flag_rotation.daemon = True
flag_rotation.start()
success("Spinning up the server...")
def init_db():
with closing(connect_db()) as db:
with app.open_resource('schema.sql', mode='r') as f:
db.cursor().executescript(f.read())
db.commit()
def connect_db():
return sqlite3.connect( app.config['DATABASE'] )
@app.before_request
def before_request():
g.db = connect_db()
@app.teardown_request
def teardown_request(exception):
db = getattr(g, 'db', None)
if db is not None:
db.close()
def render( template_name, **kwargs ):
return render_template( template_name,
app_title = configuration['app_title'],
app_navigation_logged_out = configuration['app_navigation_logged_out'],
app_navigation_logged_in = configuration['app_navigation_logged_in'],
**kwargs
)
@app.route("/login", methods=["GET", "POST"])
def login():
error = ""
if request.method == "POST":
cur = g.db.execute('select username, password from users')
# username, password_hash
users = dict(( row[0], row[1] ) for row in cur.fetchall())
if not request.form['username'] in users.iterkeys():
error = 'This username is not in the database!'
else:
if not ( sha256_crypt.verify( request.form['password'], users[request.form['username']] ) ):
error = "Incorrect password!"
else:
session_login( request.form['username'] )
return redirect( "challenges" )
return render( 'login.html', error = error )
@app.route("/register", methods=["GET", "POST"])
def register():
cur = g.db.execute('select username from users')
usernames = [row[0] for row in cur.fetchall() ]
error = ""
if request.method == "POST":
if unicode(request.form['username']) in usernames:
error = 'This username is already in use!'
elif (request.form['password'] == ""):
error = "You must supply a password!"
elif request.form['password'] != request.form['confirm']:
error = 'Your passwords do not match!'
else:
# I use this for command-line submission...
identifier = str(uuid4())
cur = g.db.execute('insert into users (username, password, solved_challenges, score, last_submission, uuid) values ( ?, ?, ?, ?, ?, ? )', [
request.form['username'],
sha256_crypt.encrypt( request.form['password']),
"", # No challenges completed
0, # no score.
0, # no last submission time,
identifier # and a completely unique idenitifier
] )
g.db.commit()
flash("Hello " + request.form['username'] + ", you have successfully registered!")
session_login( request.form['username'] )
return redirect( "challenges" )
return render( 'register.html', error = error )
@app.route("/scoreboard")
def scoreboard():
cur = g.db.execute('select username, score from users order by score desc, last_submission asc')
response = cur.fetchall()
users = [ { "username": row[0], "score": row[1] } for row in response]
return render("scoreboard.html", users = users )
@app.route("/logout")
def logout():
session_logout()
return redirect("about")
@app.route("/")
@app.route("/about")
def about(): return render("about.html", app_about=configuration['app_about'])
@app.route("/challenges")
def challenges_page():
if not ( session['logged_in'] ):
return render("login.html", error = "You must log in to be able to see the challenges!")
try:
cur = g.db.execute('select uuid from users where username =?',
[ session['username'],] )
uuid = cur.fetchone()[0]
except Exception as e:
print error(e.message)
uuid = ''
return render("challenges.html", challenges = configuration['services'], url=request.url_root, session_value = uuid )
@app.route("/check_answer", methods=["GET", "POST"])
def check_answer():
global correct_answers
if request.method == "POST":
if request.form['answer'] in session['solved_challenges']:
return json.dumps({'correct': -1});
if ( request.form['answer'] in correct_answers.keys() ):
flag = request.form['answer']
new_score = int(session['score']) + correct_answers[flag]
cur = g.db.execute("update users set score = (?), last_submission = (SELECT strftime('%s')) where username = (?)", [
new_score,
session['username']
] );
session['solved_challenges'].append( request.form['answer'] )
session['score'] = new_score
g.db.commit();
return json.dumps({'correct': 1, 'new_score': new_score});
else:
return json.dumps({'correct': 0});
@app.route("/submit", methods=[ "POST" ])
def submit():
global correct_answers
if request.method == "POST":
if ( request.form['flag'] in correct_answers.keys() ):
flag = request.form['flag']
cur = g.db.execute('select score, solved_challenges from users where uuid = (?)',
[ request.form['uuid'], ])
current_score, solved_challenges = cur.fetchone()
solved_challenges = solved_challenges.split()
if ( flag in solved_challenges ):
return 'You already submitted this flag!\n'
print solved_challenges
new_score = current_score + correct_answers[flag]
solved_challenges.append( flag + " " )
cur = g.db.execute("update users set score = (?), last_submission = (SELECT strftime('%s')), solved_challenges = (?) where uuid = (?)", [
new_score,
' '.join(solved_challenges),
request.form['uuid']
] );
# session['solved_challenges'].append( request.form['flag'] )
session['score'] = new_score
g.db.commit();
# return json.dumps({'correct': 1, 'new_score': new_score});
return 'Correct!\n';
else:
# return json.dumps({'correct': 0});
return 'Incorrect!\n';
def session_login( username ):
flash("You were successfully logged in!")
cur = g.db.execute('select solved_challenges, score from users where username = (?)',
[username])
solved_challenges, score = cur.fetchone()
session['logged_in'] = True
session['username'] = username
session['score'] = score
session['solved_challenges'] = []
def session_logout():
flash("You have been successfully logged out.")
session['logged_in'] = False
session.pop('username')
session.pop('score')
if ( __name__ == "__main__" ):
context = (CERTIFICATE, PRIVATE_KEY)
app.run( host="0.0.0.0", debug=False, ssl_context=context, port = 444 )

176
skeleton/services/balloon_saloon/balloon_saloon.py Executable file
View File

@ -0,0 +1,176 @@
#!/usr/bin/env python
# -*- coding: utf-8 -*-
# @Author: john
# @Date: 2016-02-08 08:44:14
# @Last Modified by: john
# @Last Modified time: 2016-02-14 17:03:36
import threading
import SocketServer
from colorama import *
from random import randint, choice, seed
from time import mktime, gmtime, sleep
from string import digits as nums
from json import loads
import sys
service_name = "Balloon Saloon"
debug = True
init( autoreset = True )
if (debug):
def success( string ):
print Fore.GREEN + Style.BRIGHT + "[+] " + string
def error( string ):
sys.stderr.write( Fore.RED + Style.BRIGHT + "[-] " + string + "\n" )
def warning( string ):
print Fore.YELLOW + "[!] " + string + "\n"
def info( string ):
print Fore.CYAN + "[.] " + string + "\n"
else:
def success( string ): pass
def error( string ): pass
def warning( string ): pass
def info( string ): pass
def get_port():
handle = open("../../services.json")
data = handle.read()
data = loads(data.replace("\n",'').replace('\t',''))
handle.close()
port = None
for service in data['services']:
if service_name == service['title']:
port = int(service['port'])
if port == None:
error("Port number not found in the configuration file!")
exit(-1)
else:
return port
# DECLARE ALL INITIAL CONSTANTS
host = '0.0.0.0'
port = get_port()
board = \
'''
| |
1 | 2 | 3
____|_____|_____
| |
4 | 5 | 6
____|_____|_____
| |
7 | 8 | 9
| |
'''
def get_flag():
h = open( 'flag' )
the_flag = h.read()
h.close()
return the_flag
class Service(SocketServer.BaseRequestHandler):
def send( self, string, newline = True ):
if newline: string = string + "\n"
self.request.sendall( string )
def receive( self ):
self.send( "> ", newline=False )
return self.request.recv( 4096 ).strip()
def handle(self):
'''
This handle() function is like the main function of the server;
it is what is ran after each connection.
'''
# Server-side: ...
info( "Received connection from " + str(self.client_address) + "!" )
# Client-side: ...
'''
try:
# run self.functions()...
pass
except:
log( Fore.YELLOW + self.client_address[0] + " dropped connection!" )
'''
self.send("There are 9 places the balloon can land, but it floats away at RANDOM!")
self.send( board )
self.send("Can you hit the balloon? I'm going to let the balloon go ... RIGHT NOW!")
random_seed = int( mktime(gmtime()) )
seed(random_seed)
position = None
entered = -1
while int(entered) - 1 != position:
self.send("What spot will you shoot?")
entered = self.receive()
position = randint(0, 8)
try:
if ( int(entered) - 1 == position ):
self.send("You shot the balloon! Here is your reward")
self.send(get_flag())
break
else:
self.send( "Aww, you missed! Here's where the balloon was:")
balloon = board.replace( str(position + 1), 'O' )
for i in nums:
balloon = balloon.replace( str(i), ' ' )
self.send( balloon )
self.send("Try again!")
continue
except ValueError:
continue
info( "Ended connection with " + str(self.client_address) + "." )
class ThreadedService(SocketServer.ThreadingMixIn, SocketServer.TCPServer):
pass
def main():
try:
get_flag()
except:
error( "Could not get flag file!")
exit(-1)
info("Starting server..." )
server = ThreadedService((host, port), Service)
server.allow_reuse_address = True
server_thread = threading.Thread(target=server.serve_forever)
server_thread.daemon = True
server_thread.start()
success( service_name + " started on " + str(server.server_address) + "!")
# Now let the main thread just wait...
while ( True ): sleep(10)
if __name__ == "__main__":
main()

128
skeleton/services/balloon_saloon/balloon_saloon2.py Normal file
View File

@ -0,0 +1,128 @@
#!/usr/bin/env python
# -*- coding: utf-8 -*-
# @Author: john
# @Date: 2016-02-08 08:44:14
# @Last Modified by: John Hammond
# @Last Modified time: 2016-02-10 17:16:36
import threading
import SocketServer
from colorama import *
from random import randint, choice, seed
from time import mktime, gmtime
from string import digits as nums
# DECLARE ALL INITIAL CONSTANTS
host, port = "0.0.0.0", 5029
logging = True
service_name = "Balloon Saloon"
board = \
'''
| |
1 | 2 | 3
____|_____|_____
| |
4 | 5 | 6
____|_____|_____
| |
7 | 8 | 9
| |
'''
def get_flag():
h = open( 'flag' )
the_flag = h.read()
h.close()
return the_flag
class Service(SocketServer.BaseRequestHandler):
def send( self, string, newline = True ):
if newline: string = string + "\n"
self.request.sendall( string )
def receive( self ):
self.send( "> ", newline=False )
return self.request.recv( 4096 ).strip()
def handle(self):
'''
This handle() function is like the main function of the server;
it is what is ran after each connection.
'''
# Server-side: ...
log( Fore.CYAN + "Received connection from " + \
str(self.client_address) + "!" )
# Client-side: ...
'''
try:
# run self.functions()...
pass
except:
log( Fore.YELLOW + self.client_address[0] + " dropped connection!" )
'''
self.send("There are now 100 places the balloon can land, but it floats away at RANDOM!")
self.send( board )
self.send("Can you hit the balloon? I'm going to let the balloon go ... RIGHT NOW!")
random_seed = int( mktime(gmtime()) )
position = None
entered = -1
while int(entered) - 1 != position:
self.send("What spot will you shoot?")
entered = self.receive()
position = randint(0, 8)
try:
if ( int(entered) - 1 == position ):
self.send("You shot the balloon! Here is your reward")
self.send(get_flag())
break
else:
self.send( "Aww, you missed! Here's where the balloon was:")
balloon = board.replace( str(position + 1), 'O' )
for i in nums:
balloon = balloon.replace( str(i), ' ' )
self.send( balloon )
self.send("Try again!")
continue
except ValueError:
continue
class ThreadedService(SocketServer.ThreadingMixIn, SocketServer.TCPServer):
pass
def log( string ):
if logging: print string
def main():
# Turn on colors...
init( autoreset=True )
log( Fore.CYAN + "Starting server..." )
server = ThreadedService((host, port), Service)
server.allow_reuse_address = True
log( Fore.MAGENTA + Style.BRIGHT + service_name + \
Fore.GREEN + " server started on " + str(server.server_address) + "!")
server_thread = threading.Thread(target=server.serve_forever)
server_thread.start()
if __name__ == "__main__":
main()

1
skeleton/services/balloon_saloon/flag Normal file
View File

@ -0,0 +1 @@
30e62931eae444ed95d47d40878b56ff8cafc464

123
skeleton/services/base_service/base_service.py Executable file
View File

@ -0,0 +1,123 @@
#!/usr/bin/env python
# -*- coding: utf-8 -*-
# @Author: john
# @Date: 2016-02-08 08:44:14
# @Last Modified by: john
# @Last Modified time: 2016-02-14 17:03:10
import threading
import SocketServer
from colorama import *
from random import randint, choice, seed
from time import mktime, gmtime, sleep
from string import digits as nums
from json import loads
import sys
service_name = "Service Name"
debug = True
init( autoreset = True )
if (debug):
def success( string ):
print Fore.GREEN + Style.BRIGHT + "[+] " + string
def error( string ):
sys.stderr.write( Fore.RED + Style.BRIGHT + "[-] " + string + "\n" )
def warning( string ):
print Fore.YELLOW + "[!] " + string + "\n"
def info( string ):
print Fore.CYAN + "[.] " + string + "\n"
else:
def success( string ): pass
def error( string ): pass
def warning( string ): pass
def info( string ): pass
def get_port():
handle = open("../../services.json")
data = handle.read()
data = loads(data.replace("\n",'').replace('\t',''))
handle.close()
port = None
for service in data['services']:
if service_name == service['title']:
port = int(service['port'])
if port == None:
error("Port number not found in the configuration file!")
exit(-1)
else:
return port
# DECLARE ALL INITIAL CONSTANTS
host = '0.0.0.0'
port = get_port()
def get_flag():
h = open( 'flag' )
the_flag = h.read()
h.close()
return the_flag
class Service(SocketServer.BaseRequestHandler):
def send( self, string, newline = True ):
if newline: string = string + "\n"
self.request.sendall( string )
def receive( self ):
self.send( "> ", newline=False )
return self.request.recv( 4096 ).strip()
def handle(self):
'''
This handle() function is like the main function of the server;
it is what is ran after each connection.
'''
# Server-side: ...
info( "Received connection from " + str(self.client_address) + "!" )
info( "Ended connection with " + str(self.client_address) + "!" )
class ThreadedService(SocketServer.ThreadingMixIn, SocketServer.TCPServer):
pass
def main():
try:
get_flag()
except:
error( "Could not get flag file!")
exit(-1)
info("Starting server..." )
server = ThreadedService((host, port), Service)
server.allow_reuse_address = True
server_thread = threading.Thread(target=server.serve_forever)
server_thread.daemon = True
server_thread.start()
success( service_name + " started on " + str(server.server_address) + "!")
# Now let the main thread just wait...
while ( True ): sleep(10)
if __name__ == "__main__":
main()

146
skeleton/services/bit_bot/bitbot.py Executable file
View File

@ -0,0 +1,146 @@
#!/usr/bin/env python
# -*- coding: utf-8 -*-
# @Author: john
# @Date: 2016-02-08 08:44:14
# @Last Modified by: john
# @Last Modified time: 2016-02-14 17:03:45
import threading
import SocketServer
from colorama import *
from random import randint, choice, seed
from time import mktime, gmtime, sleep
from string import digits as nums
from json import loads
import sys
service_name = "BitBot"
debug = True
init( autoreset = True )
if (debug):
def success( string ):
print Fore.GREEN + Style.BRIGHT + "[+] " + string
def error( string ):
sys.stderr.write( Fore.RED + Style.BRIGHT + "[-] " + string + "\n" )
def warning( string ):
print Fore.YELLOW + "[!] " + string + "\n"
def info( string ):
print Fore.CYAN + "[.] " + string + "\n"
else:
def success( string ): pass
def error( string ): pass
def warning( string ): pass
def info( string ): pass
def get_port():
handle = open("../../services.json")
data = handle.read()
data = loads(data.replace("\n",'').replace('\t',''))
handle.close()
port = None
for service in data['services']:
if service_name == service['title']:
port = int(service['port'])
if port == None:
error("Port number not found in the configuration file!")
exit(-1)
else:
return port
# DECLARE ALL INITIAL CONSTANTS
host = '0.0.0.0'
port = get_port()
def get_flag():
h = open( 'flag' )
the_flag = h.read()
h.close()
return the_flag
class Service(SocketServer.BaseRequestHandler):
def send( self, string, newline = True ):
if newline: string = string + "\n"
self.request.sendall( string )
def receive( self, prompt = "" ):
self.send( prompt, newline=False )
return self.request.recv( 4096 ).strip()
def handle(self):
'''
This handle() function is like the main function of the server;
it is what is ran after each connection.
'''
# Server-side: ...
info( "Received connection from " + str(self.client_address) + "!" )
# Client-side: ...
# try:
# run self.functions()...
flag = get_flag()
try:
for bit in flag:
sent = bin(ord(bit))[2:]
self.send( sent )
entered = self.receive()
if ( entered != sent ):
return
else:
continue
pass
except:
warning( "Dropped connection with " + str(self.client_address) + "." )
info( "Ended connection with " + str(self.client_address) + "." )
# except:
# log( Fore.YELLOW + self.client_address[0] + " dropped connection!" )
class ThreadedService(SocketServer.ThreadingMixIn, SocketServer.TCPServer):
pass
def main():
try:
get_flag()
except:
error( "Could not get flag file!")
exit(-1)
info("Starting server..." )
server = ThreadedService((host, port), Service)
server.allow_reuse_address = True
server_thread = threading.Thread(target=server.serve_forever)
server_thread.daemon = True
server_thread.start()
success( service_name + " started on " + str(server.server_address) + "!")
# Now let the main thread just wait...
while ( True ): sleep(10)
if __name__ == "__main__":
main()

1
skeleton/services/bit_bot/flag Normal file
View File

@ -0,0 +1 @@
3ca209fda0cb0fe0f2f13ed9e19c80cbf7703d1e

136
skeleton/services/bytebot/bytebot.py Executable file
View File

@ -0,0 +1,136 @@
#!/usr/bin/env python
# -*- coding: utf-8 -*-
# @Author: john
# @Date: 2016-02-08 08:44:14
# @Last Modified by: john
# @Last Modified time: 2016-02-14 17:03:55
import threading
import SocketServer
from colorama import *
from random import randint, choice, seed
from time import mktime, gmtime, sleep
from string import digits as nums
from json import loads
import sys
service_name = "ByteBot"
debug = True
init( autoreset = True )
if (debug):
def success( string ):
print Fore.GREEN + Style.BRIGHT + "[+] " + string
def error( string ):
sys.stderr.write( Fore.RED + Style.BRIGHT + "[-] " + string + "\n" )
def warning( string ):
print Fore.YELLOW + "[!] " + string + "\n"
def info( string ):
print Fore.CYAN + "[.] " + string + "\n"
else:
def success( string ): pass
def error( string ): pass
def warning( string ): pass
def info( string ): pass
def get_port():
handle = open("../../services.json")
data = handle.read()
data = loads(data.replace("\n",'').replace('\t',''))
handle.close()
port = None
for service in data['services']:
if service_name == service['title']:
port = int(service['port'])
if port == None:
error("Port number not found in the configuration file!")
exit(-1)
else:
return port
# DECLARE ALL INITIAL CONSTANTS
host = '0.0.0.0'
port = get_port()
def get_flag():
h = open( 'flag' )
the_flag = h.read()
h.close()
return the_flag
class Service(SocketServer.BaseRequestHandler):
def send( self, string, newline = True ):
if newline: string = string + "\n"
self.request.sendall( string )
def receive( self, prompt = "" ):
self.send( prompt, newline=False )
return self.request.recv( 4096 ).strip()
def handle(self):
'''
This handle() function is like the main function of the server;
it is what is ran after each connection.
'''
# Server-side: ...
info( "Received connection from " + str(self.client_address) + "!" )
flag = get_flag()
self.send("Hello! I'm the ByteBot! ", newline = False)
for bit in flag:
self.send( "Here is part of the flag: " + bit )
entered = self.receive()
if ( entered != bit ):
return
else:
continue
pass
info( "Ended connection with " + str(self.client_address) + "!" )
class ThreadedService(SocketServer.ThreadingMixIn, SocketServer.TCPServer):
pass
def main():
try:
get_flag()
except:
error( "Could not get flag file!")
exit(-1)
info("Starting server..." )
server = ThreadedService((host, port), Service)
server.allow_reuse_address = True
server_thread = threading.Thread(target=server.serve_forever)
server_thread.daemon = True
server_thread.start()
success( service_name + " started on " + str(server.server_address) + "!")
# Now let the main thread just wait...
while ( True ): sleep(10)
if __name__ == "__main__":
main()

1
skeleton/services/bytebot/flag Normal file
View File

@ -0,0 +1 @@
a5fb5cc517e81ed61f184fed3f76d65822053e8b

127
skeleton/services/d-code/d-code.py Executable file
View File

@ -0,0 +1,127 @@
#!/usr/bin/env python
# -*- coding: utf-8 -*-
# @Author: john
# @Date: 2016-02-08 08:44:14
# @Last Modified by: john
# @Last Modified time: 2016-02-14 17:04:06
import threading
import SocketServer
from colorama import *
from random import randint, choice, seed
from time import mktime, gmtime, sleep
from string import digits as nums
from json import loads
import sys
from base64 import b64encode
service_name = "D-CODE"
debug = True
init( autoreset = True )
if (debug):
def success( string ):
print Fore.GREEN + Style.BRIGHT + "[+] " + string
def error( string ):
sys.stderr.write( Fore.RED + Style.BRIGHT + "[-] " + string + "\n" )
def warning( string ):
print Fore.YELLOW + "[!] " + string + "\n"
def info( string ):
print Fore.CYAN + "[.] " + string + "\n"
else:
def success( string ): pass
def error( string ): pass
def warning( string ): pass
def info( string ): pass
def get_port():
handle = open("../../services.json")
data = handle.read()
data = loads(data.replace("\n",'').replace('\t',''))
handle.close()
port = None
for service in data['services']:
if service_name == service['title']:
port = int(service['port'])
if port == None:
error("Port number not found in the configuration file!")
exit(-1)
else:
return port
# DECLARE ALL INITIAL CONSTANTS
host = '0.0.0.0'
port = get_port()
def get_flag():
h = open( 'flag', 'r' )
the_flag = h.read()
h.close()
return the_flag
class Service(SocketServer.BaseRequestHandler):
def send( self, string, newline = True ):
if newline: string = string + "\n"
self.request.sendall( string )
def receive( self ):
self.send( "> ", newline=False )
return self.request.recv( 4096 ).strip()
def handle(self):
'''
This handle() function is like the main function of the server;
it is what is ran after each connection.
'''
# Server-side: ...
info( "Received connection from " + str(self.client_address) + "!" )
# Client-side: ...
self.send( b64encode(get_flag()) )
info( "Ended connection with " + str(self.client_address) + "!" )
class ThreadedService(SocketServer.ThreadingMixIn, SocketServer.TCPServer):
pass
def main():
try:
get_flag()
except:
error( "Could not get flag file!")
exit(-1)
info("Starting server..." )
server = ThreadedService((host, port), Service)
server.allow_reuse_address = True
server_thread = threading.Thread(target=server.serve_forever)
server_thread.daemon = True
server_thread.start()
success( service_name + " started on " + str(server.server_address) + "!")
# Now let the main thread just wait...
while ( True ): sleep(10)
if __name__ == "__main__":
main()

1
skeleton/services/d-code/flag Normal file
View File

@ -0,0 +1 @@
8041b71f6711756b2be286547b2024aef0fefadf

1
skeleton/services/flagger/flag Normal file
View File

@ -0,0 +1 @@
2617780d830597c701758eb6a0ceafc52b84d82b

129
skeleton/services/flagger/flagger.py Executable file
View File

@ -0,0 +1,129 @@
#!/usr/bin/env python
# -*- coding: utf-8 -*-
# @Author: john
# @Date: 2016-02-08 08:44:14
# @Last Modified by: john
# @Last Modified time: 2016-02-14 17:04:24
import threading
import SocketServer
from colorama import *
from random import randint, choice, seed
from time import mktime, gmtime, sleep
from string import digits as nums
from json import loads
import sys
service_name = "Flagger"
debug = True
init( autoreset = True )
if (debug):
def success( string ):
print Fore.GREEN + Style.BRIGHT + "[+] " + string
def error( string ):
sys.stderr.write( Fore.RED + Style.BRIGHT + "[-] " + string + "\n" )
def warning( string ):
print Fore.YELLOW + "[!] " + string + "\n"
def info( string ):
print Fore.CYAN + "[.] " + string + "\n"
else:
def success( string ): pass
def error( string ): pass
def warning( string ): pass
def info( string ): pass
def get_port():
handle = open("../../services.json")
data = handle.read()
data = loads(data.replace("\n",'').replace('\t',''))
handle.close()
port = None
for service in data['services']:
if service_name == service['title']:
port = int(service['port'])
if port == None:
error("Port number not found in the configuration file!")
exit(-1)
else:
return port
# DECLARE ALL INITIAL CONSTANTS
host = '0.0.0.0'
port = get_port()
def get_flag():
h = open( 'flag', 'r' )
the_flag = h.read()
h.close()
return the_flag
class Service(SocketServer.BaseRequestHandler):
def send( self, string, newline = True ):
if newline: string = string + "\n"
self.request.sendall( string )
def receive( self ):
self.send( "> ", newline=False )
return self.request.recv( 4096 ).strip()
def handle(self):
'''
This handle() function is like the main function of the server;
it is what is ran after each connection.
'''
# Server-side: ...
info( "Received connection from " + str(self.client_address) + "!" )
# Client-side: ...
try:
self.send( get_flag() )
pass
except:
warning( self.client_address[0] + " dropped connection!" )
info( "Ended connection with " + str(self.client_address) + "!" )
class ThreadedService(SocketServer.ThreadingMixIn, SocketServer.TCPServer):
pass
def main():
try:
get_flag()
except:
error( "Could not get flag file!")
exit(-1)
info("Starting server..." )
server = ThreadedService((host, port), Service)
server.allow_reuse_address = True
server_thread = threading.Thread(target=server.serve_forever)
server_thread.daemon = True
server_thread.start()
success( service_name + " started on " + str(server.server_address) + "!")
# Now let the main thread just wait...
while ( True ): sleep(10)
if __name__ == "__main__":
main()

37
skeleton/services/lampchamp0/exploit_lampchamp.py Executable file
View File

@ -0,0 +1,37 @@
#!/usr/bin/env python
# -*- coding: utf-8 -*-
# @Author: john
# @Date: 2016-02-08 10:40:14
# @Last Modified by: john
# @Last Modified time: 2016-02-08 18:41:39
from pwnlib import *
import socket
host = 'localhost'
port = 5060
s = tubes.remote.remote( host, port )
print s.recvuntil("> ")
s.sendline('y')
print s.recvuntil("> ")
while (True):
s.sendline('on')
try:
print s.recv()
except:
print some_error_variable.message
print "It dropped connection!"
s.close()

1
skeleton/services/lampchamp0/flag Normal file
View File

@ -0,0 +1 @@
3ccc616747dbfaffe78b6e80701a77afd189f25f

197
skeleton/services/lampchamp0/lampchamp.py Executable file
View File

@ -0,0 +1,197 @@
#!/usr/bin/env python
# -*- coding: utf-8 -*-
# @Author: john
# @Date: 2016-02-08 08:44:14
# @Last Modified by: john
# @Last Modified time: 2016-02-14 17:04:35
import threading
import SocketServer
from colorama import *
from random import randint, choice, seed
from time import mktime, gmtime, sleep
from string import digits as nums
from json import loads
import sys
service_name = "LampChamp 0"
debug = True
init( autoreset = True )
if (debug):
def success( string ):
print Fore.GREEN + Style.BRIGHT + "[+] " + string
def error( string ):
sys.stderr.write( Fore.RED + Style.BRIGHT + "[-] " + string + "\n" )
def warning( string ):
print Fore.YELLOW + "[!] " + string + "\n"
def info( string ):
print Fore.CYAN + "[.] " + string + "\n"
else:
def success( string ): pass
def error( string ): pass
def warning( string ): pass
def info( string ): pass
def get_port():
handle = open("../../services.json")
data = handle.read()
data = loads(data.replace("\n",'').replace('\t',''))
handle.close()
port = None
for service in data['services']:
if service_name == service['title']:
port = int(service['port'])
if port == None:
error("Port number not found in the configuration file!")
exit(-1)
else:
return port
# DECLARE ALL INITIAL CONSTANTS
host = '0.0.0.0'
port = get_port()
def get_flag():
h = open( 'flag' )
the_flag = h.read()
h.close()
return the_flag
def center_text( text, width ):
sides = width / 2 - len(text) / 2
return " " * sides + text + " " * sides
class Service(SocketServer.BaseRequestHandler):
def send( self, string, newline = True ):
if newline: string = string + "\n"
self.request.sendall( string )
def receive( self ):
self.send( "> ", newline=False )
return self.request.recv( 4096 ).strip()
def print_banner( self ):
self.send( "=" * max_width)
self.send( center_text( "Welcome to LampChamp!", max_width ) )
self.send( "=" * max_width )
self.send( "" )
def prompt( self ):
ready = False
self.send( "To become the LampChamp, you must turn on ALL the lights!" )
self.send( "How many will there be? Well, you'll never know!" )
self.send("")
self.send( "Are you ready for this challenge? (y/n)" )
while ( not ready ):
entered = self.receive()
if ( entered.startswith( "y" ) ):
ready = True
else:
self.send( "Awww, why not? Come on, think it over! Are you ready? (y/n)" )
ready = False
self.send( "Awesome! Good luck!" )
self.send( "Here is your first task: " )
self.send( "" )
def test_lamps( self ):
'''
This initialize() function takes the place of the object's
__init__() constructor because that is annoying to overwrite with
a threaded SocketServer object.
'''
number_of_lamps = randint(100,300)
for i in range( number_of_lamps ):
self.send( lamps[i % len(lamps)] )
self.send( "Turn ON this lamp!" )
lamp_state = self.receive( ).lower()
if ( lamp_state == "on" or lamp_state == "turn on"):
self.send( "Congrats! You've now turned on " + str(i+1) + " lamps! " +\
"You're almost the LampChamp!" )
else:
self.send("Boo! You weren't able to turn the lamp on!")
self.send("You can't handle this challenge. Better luck next time!")
return False
self.send("")
self.send("You did it! You got all the lamps!")
self.send("YOU ARE THE NEW LAMPCHAMP!!!")
self.send("Here is your reward:")
self.send( get_flag() )
def handle(self):
'''
This handle() function is like the main function of the server;
it is what is ran after each connection.
'''
# Server-side: ...
info( "Received connection from " + str(self.client_address) + "!" )
# Client-side: ...
try:
self.print_banner()
self.prompt()
self.test_lamps()
except:
warning( self.client_address[0] + " dropped connection!" )
info( "Ended connection with " + str(self.client_address) + "!" )
class ThreadedService(SocketServer.ThreadingMixIn, SocketServer.TCPServer):
pass
def main():
try:
get_flag()
except:
error( "Could not get flag file!")
exit(-1)
info("Starting server..." )
server = ThreadedService((host, port), Service)
server.allow_reuse_address = True
server_thread = threading.Thread(target=server.serve_forever)
server_thread.daemon = True
server_thread.start()
success( service_name + " started on " + str(server.server_address) + "!")
# Now let the main thread just wait...
while ( True ): sleep(10)
if __name__ == "__main__":
main()

257
skeleton/services/lampchamp0/lamps.py Normal file
View File

@ -0,0 +1,257 @@
# This file includes an array of strings that are used as the lamp images.
lamps = [
r'''
_____
/ \
/ \
/_________\
| |
| |
| |
| |
| |
| |
| |
| |
| |
_| |_
(_____)
''',
r'''
_____
/ \
/ \
/_________\
_|_|_
| |
| |
|_____|
''',
r'''
______
___________________.' // \\
/ \\\\| // \\
| `""` ||.-.||
| ||'-'||
\___________________ \\ //
'.___\\_//
''',
r'''
_...._
.' '.
/ \
| |
\ ~~ /
`\ || /`
|_||_|
{____}
{____}
()
''',
r'''
_.-"```"-._
.' '.
/ .-. \
; | | ;
| | | |
; \_/ ;
\ (_) /
'. .'
`;_______;`
|_..--"`)
(_..--'`|
|_..--'`)
(_..--'`|
`-...-`
''',
r'''
__
."` `".
/ \
| .-..-. |
\ \ / /
'.____.'
{_.="}
{_.="}
`-..-`
''',
r'''
.
. .
.
|
. ~ ~ ~ ~ ~ ~ .
` `$'`$'`$'`$'`S '
' '
' '
' '
' '
' '
' '
' '
' '
' '
' '
' '
. . '`$' `S''. .
`. `$' `$' `$` `$' `$' `$' .'
` , , , , , , , , , , '
( ) )
) * ( (
( * ) )
) * ( *
( * )
) * (
( * )
) * (
( * )
( * )
) * (
( * )
`@~@~@~@~@~@'
`@.@.@.@.@'
''',
r'''
_____
/ \
|_____|
/ _ \
/ ( ) \
/ ` \
/ _ \
/ ( ) \
\ )\ /
\ ( ) /
\ ,-'( /
\/-----\/
| |
/ \
/_________\--._
.-._)
(__
`-|E
''',
r'''
.88888888.
.8888888888.
.88 88.
.88 88.
.88 88.
.88 88.
.88 ::. 88.
.88 ':' 88.
.88 .::. 88.
.88 .:::: 88.
.88 ':::' 88.
.88 .:::. .:. .: 88.
.88 ::::: ':' ':' 88.
88 ':::' .::. 88
88 .::. .::::: .:. 88
88 '::' :::::' ':' 88
'88 .::::: .::. 88'
'88 .:::::' ::::: 88'
'88 ::::::. ':::' 88'
'88 ::::::::. 88'
'88 .:. ::::::::. 88'
'88 '::.::::::::::..88'
'88 .::::::::::::::88'
'88::::::::::::::88'
'88::::::::::::88'
88::::::::::::88
.888888888888888888.
.888%%%%%%%%%%%%%%888.
.888%%%%%%%%%%%%%%%%888.
.888%%%%%%%%%%%%%%%%%%888.
.888%%%%%%%%%%%%%%%%%%%%888.
888%%JGS%%%%%%%%%%%%%%%%%%%888
88888888888888888888888888888888
''',
r'''
.--._.--.--.__.--.--.__.--.--.__.--.--._.--.
_(_ _Y_ _Y_ _Y_ _Y_ _)_
[___] [___] [___] [___] [___] [___]
/:' \ /:' \ /:' \ /:' \ /:' \ /:' \
|:: | |:: | |:: | |:: | |:: | |:: |
\::. / \::. / \::. / \::. / \::. / \::. /
\::./ \::./ \::./ \::./ \::./ \::./
'=' '=' '=' '=' '=' '='
''',
r'''
_ _ _
'.` `.'
_ >_< _
_.-'`-.-=-.-`'-._
.;'.--./ \.--.';.
.' > \ / < '.
/.__./\__.';-=-;'.__/\.__.\
| \ / \/ \/ \ / |
; | | | | |
'._/\ /\ /\ /\_.'
`-` ;-.-;2 `-`
> <
.-'{___}'-.
'-.._____..-'
|||
|||
/'-'\
.-',_ _,'-.
/'-. .`. .-'\
.=' . `. .` . '=.
'-'`-./ \.-`'-'
'._.'
''',
r'''
(~)
(' `)
).(
(`_~_ _ _~_')
/` / | \ '\
/ --- /----|----\ --- \
/_____ /_____|_____\ _____\
` / | \ '
`------/-------|-------\------'
`- - - /- - - - | - - - -\ - - -'
` /.\ | /.\ | /.\ | /.\ '
` \~/ | \~/ | \~/ | \~/ '
`\ /`\ /`\ /`\ /`\ /`\ /`\ /`\ /'
` ` ` (_`___`_) ` | ` `
) ( |
) ( *
( )
( )
` '
` '
` '
` '
` '
` '
` '
` '
`. .'
) ` ` (
( ~ ` ~` ~ )
------------------` ~ ~ ~ ~ '--------------
''',
r'''
___
.-"` `"-.
.' '.
/ \
/ # \
| # |
| |
; .-~~~-. ;
; ) ( ;
\ ( ) /
\ \ / /
\ ) ( /
| | | |
|__|_|__|
{=======}
}======={
{=======}
}======={
{=======}
`""u""`
''',
]

BIN
skeleton/services/lampchamp0/lamps.pyc Normal file
View File

Binary file not shown.

86
skeleton/services/qr-uiz/qr-uiz.py Normal file
View File

@ -0,0 +1,86 @@
#!/usr/bin/env python
# -*- coding: utf-8 -*-
# @Author: john
# @Date: 2016-02-08 08:44:14
# @Last Modified by: john
# @Last Modified time: 2016-02-08 16:35:22
import threading
import SocketServer
from colorama import *
from random import randint, choice
# DECLARE ALL INITIAL CONSTANTS
host, port = "0.0.0.0", 5000
logging = True
service_name = "QR-uiz"
class Service(SocketServer.BaseRequestHandler):
def get_flag():
h = open( 'flag' )
the_flag = h.read()
h.close()
return the_flag
def send( self, string, newline = True ):
if newline: string = string + "\n"
self.request.sendall( string )
def receive( self ):
self.send( "> ", newline=False )
return self.request.recv( 4096 ).strip()
def handle(self):
'''
This handle() function is like the main function of the server;
it is what is ran after each connection.
'''
# Server-side: ...
log( Fore.CYAN + "Received connection from " + \
str(self.client_address) + "!" )
# Client-side: ...
try:
# run self.functions()...
pass
except:
log( Fore.YELLOW + self.client_address[0] + " dropped connection!" )
class ThreadedService(SocketServer.ThreadingMixIn, SocketServer.TCPServer):
pass
def log( string ):
if logging: print string
def main():
# Turn on colors...
init( autoreset=True )
try:
get_flag()
except:
log( Fore.RED + Style.BRIGHT + "Could not get flag file!")
exit(-1)
log( Fore.CYAN + "Starting server..." )
server = ThreadedService((host, port), Service)
server.allow_reuse_address = True
log( Fore.MAGENTA + Style.BRIGHT + service_name + \
Fore.GREEN + " server started on " + str(server.server_address) + "!")
server_thread = threading.Thread(target=server.serve_forever)
server_thread.start()
if __name__ == "__main__":
main()

161
skeleton/setup.sh Executable file
View File

@ -0,0 +1,161 @@
#!/usr/bin/env bash
# Author: John Hammond
# Date: 17AUG2016
# Description:
# This script should install all the necessary dependencies and generate a self-signing
# certificate to be used by the BearShop server that you can run on your own local machine.
#
# Optional variables: this should be modified by the commandline arguments
DATABASE=""
CONFIGURATION=""
# Internal variables; do not edit.
DEPENDENCIES="python-pip sqlite3 python-flask python-passlib"
SERVER_FILE="server_base.py"
NEW_SERVER_FILE="server.py"
SCHEMA_FILE="schema.sql"
PRIVATEKEY_FILE='privateKey.key'
CERTIFICATE_FILE='certificate.crt'
CURRENT_USER=`logname`
RED=`tput setaf 1` # code for red console text
GREEN=`tput setaf 2` # code for green text
NC=`tput sgr0` # Reset the text color
function display_help() {
cat <<EOF
usage:
$0 -d DATABASE
parameters:
-d
Specify the database file that will be created and used for this server.
Example: '/tmp/bearshop_database.db'
-h
Display help message
EOF
}
function install_dependencies(){
echo "$0: ${GREEN}installing dependenices...${NC}"
apt-get update || panic
apt-get -y install $DEPENDENCIES || panic
}
function create_certificate(){
echo "$0: ${GREEN}creating HTTPS certificates...${NC}"
openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout $PRIVATEKEY_FILE -out $CERTIFICATE_FILE || panic
sed "0,/\$CERTIFICATE_FILE/{s/\$CERTIFICATE_FILE/$CERTIFICATE_FILE/}" $SERVER_FILE > $NEW_SERVER_FILE || panic
sed -i "0,/\$PRIVATEKEY_FILE/{s/\$PRIVATEKEY_FILE/$PRIVATEKEY_FILE/}" $NEW_SERVER_FILE || panic
}
function create_database(){
echo "$0: ${GREEN}creating sqlite3 database...${NC}"
rm -f $DATABASE
sqlite3 $DATABASE < $SCHEMA_FILE || panic
chown $CURRENT_USER $DATABASE || panic
sed -i '0,/\$DATABASE/{s/\$DATABASE/'${DATABASE//\//\\/}'/}' $NEW_SERVER_FILE || panic
}
function create_new_server(){
cp $SERVER_FILE $NEW_SERVER_FILE
chown $CURRENT_USER $NEW_SERVER_FILE
chmod 744 $NEW_SERVER_FILE
}
function configure_firewall(){
# Allow incoming connections...
echo "$0: ${GREEN} Configuring firewall for HTTPS connections...${NC}"
ufw allow https
}
function main()
{
install_dependencies
create_new_server
create_certificate
create_database
configure_firewall
echo "$0: ${GREEN} The server successfully setup!${NC}"
echo "$0: ${GREEN} You should now be able to run the server with the command: ${NC}"
echo '`sudo python server.py`'
exit 0
}
# Print a fatal error message and exit
# Usage:
# some_command parameter || panic
#
# This will print the panic message and exit if `some_command` fails.
function panic
{
echo "$0: ${RED}fatal error${NC}"
exit -1
}
# Make sure the user is root (e.g. running as sudo)
if [ "$(id -u)" != "0" ]; then
echo "$0: ${RED}you must be root to setup this service.${NC}"
exit -1
fi
# Parse script options
while getopts d:c:h opt; do
case $opt in
d)
echo "$0: ${GREEN}using database file ${OPTARG}${NC}"
DATABASE=$OPTARG
;;
c)
echo "$0: ${GREEN}using configuration file ${OPTARG}${NC}"
CONFIGURATION=$OPTARG
;;
h)
display_help
exit 0
;;
\?)
exit -1
;;
esac
done
# Make sure we entered a database name
if [ "$DATABASE" == "" ]; then
echo "$0: ${RED}you must specify a database file!${NC}"
display_help
exit -1
fi
# Make sure we entered a configuration file
if [ "$CONFIGURATION" == "" ]; then
echo "$0: ${RED}you must specify a configuration file!${NC}"
display_help
exit -1
fi
# This makes it so every function has a "pre-declaration" of all the functions
main "$@"

115
skeleton/static/control.js Normal file
View File

@ -0,0 +1,115 @@
$(document).ready(function(){
$('input').first().focus();
show_messages('.error');
show_messages('.message');
show_messages('.success');
$('.challenge_title').click(function(){
$(this).next().slideToggle();
});
});
function check_answer( challenge_id ){
var given_answer = $('#'+challenge_id+' input[name="answer"]').val();
$.ajax(
{ url:"/check_answer",
method: "POST",
data: {
"challenge_id": challenge_id,
"answer": given_answer
},
dataType: "json",
success:(function(response){
if ( response['correct'] == 1){
var new_score = response['new_score'];
say_correct( new_score );
correct_challenge( challenge_id );
//$('#'+ challenge_id + ' #challenge_body').slideUp();
}
if ( response['correct'] == 0){
$.notify('Incorrect!', 'error');
// say_wrong();
}
if ( response['correct'] == -1){
$.notify('You have already submitted this flag!', 'warn');
//say_already();
}
})});
return false;
};
function say_correct( new_score ){
// $('.success').text("You are correct! Nice work!");
// show_message('success');
$.notify('You are correct! Nice work!', 'success');
$('#score').text( String(new_score) );
}
function correct_challenge(challenge_id){
// Flash green
$("#" + challenge_id + " h3").animate({
'background-color': '#eeFFee',
'color': '#348017',
'border': '1px solid #254117;'
}, 500, function(){
$("#" + challenge_id + " h3").animate({
'background-color': '#fbfbfb',
'color': '#585858',
'border': '1px solid #eaeaea;'
}, 3000, function(){}
)});
}
function say_wrong(){
$('.error').text("Incorrect!");
show_message('error');
}
function say_already(){
$('.message').text("You have already submitted this flag!");
show_message('message');
}
function show_message(name){
$('.' + name).slideDown();
window.setTimeout( hide_messages, 2000 );
}
function show_messages(name){
if ( $(name).text() != '' ){
show_message(name.slice(1));
}
}
function hide_messages( ){
$('.message').slideUp();
$('.error').slideUp();
$('.success').slideUp();
}

5
skeleton/static/downloads/downloadable_file.txt Normal file
View File

@ -0,0 +1,5 @@
Put any downloadable files in this directory!
<server_root>/static/downloads

5
skeleton/static/downloads/downloadable_file.txt~ Normal file
View File

@ -0,0 +1,5 @@
Put any downloadable files in this directory!
<server_root>/static/downloads

BIN
skeleton/static/downloads/first/bowser.tar.gz Normal file
View File

Binary file not shown.

BIN
skeleton/static/downloads/first/captured_packets.pcapng Normal file
View File

Binary file not shown.

46
skeleton/static/downloads/first/easier_than_you_think.c Normal file
View File

@ -0,0 +1,46 @@
#include <ctype.h>
#include <string.h>
#include <stdio.h>
char secret_code[] = "b!Lr}C%R}qSQFG";
void alter_digit(char *s)
{
for (int i = 0; i < strlen(s); ++i)
{
if (isdigit(s[i]))
{
int x = 10;
x += 4 * 3;
x -= 7;
s[i] = s[i] ^ x;
}
}
}
void rotate(char *s)
{
char aux;
int n = strlen(s);
for (int i = 0; i < n / 2; ++i)
{
aux = s[i];
s[i] = s[n - i - 1];
s[n - i - 1] = aux;
}
}
int main(int argc, char const *argv[])
{
rotate(secret_code);
for (int i = 0; i < strlen(secret_code); ++i)
{
if (i % 2 == 0)
secret_code[i] -= 2;
else
secret_code[i] += 2;
}
alter_digit(secret_code);
puts(secret_code);
return 0;
}

BIN
skeleton/static/downloads/first/i_will_drink_to_that.jpeg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 52 KiB

BIN
skeleton/static/downloads/first/lolteam.pcapng Normal file
View File

Binary file not shown.

BIN
skeleton/static/downloads/first/looks_can_be_deceiving.rar Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 19 KiB

BIN
skeleton/static/downloads/first/lots_of_stego.pdf Normal file
View File

Binary file not shown.

BIN
skeleton/static/downloads/first/nagoya_castle.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 356 KiB

BIN
skeleton/static/downloads/first/page_11.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 1.1 MiB

BIN
skeleton/static/downloads/first/super_secure.zip Normal file
View File

Binary file not shown.

13
skeleton/static/jquery-ui.min.js vendored Normal file
View File

File diff suppressed because one or more lines are too long

5
skeleton/static/jquery.js vendored Normal file
View File

File diff suppressed because one or more lines are too long

1
skeleton/static/notify.js Normal file
View File

File diff suppressed because one or more lines are too long

291
skeleton/static/stylesheet.css Normal file
View File

@ -0,0 +1,291 @@
html, body{
font-family: "Helvetica";
height: 99%;
background-color: #ededef;
color: #585858;
padding-bottom: 60px;
}
#page{
max-width: 900px;
min-height: 80%;
background-color: white;
margin-left: auto;
margin-right: auto;
border-radius: 10px;
box-shadow: 0px 0px 20px silver;
padding-bottom: 20px;
}
#content{
margin-top: 80px;
padding: 0px 80px;
padding-bottom: 20px;
}
#title{
padding-top: 20px;
padding-left: 20px;
margin: 30px;
font-size: 240%;
padding-bottom: 20px;
}
.navigation{
width: 95.7%;
list-style: none;
margin: -25px 20px;
margin-left: auto;
margin-right: auto;
height: 35px;
border-bottom: 1px solid silver;
vertical-align: middle;
/* Permalink - use to edit and share this gradient: http://colorzilla.com/gradient-editor/#feccb1+0,ea5507+79,f17432+92,fb955e+100 */
background: #feccb1; /* Old browsers */
background: -moz-linear-gradient(top, #feccb1 0%, #ea5507 79%, #f17432 92%, #fb955e 100%); /* FF3.6-15 */
background: -webkit-linear-gradient(top, #feccb1 0%,#ea5507 79%,#f17432 92%,#fb955e 100%); /* Chrome10-25,Safari5.1-6 */
background: linear-gradient(to bottom, #feccb1 0%,#ea5507 79%,#f17432 92%,#fb955e 100%); /* W3C, IE10+, FF16+, Chrome26+, Opera12+, Safari7+ */
filter: progid:DXImageTransform.Microsoft.gradient( startColorstr='#feccb1', endColorstr='#fb955e',GradientType=0 ); /* IE6-9 */
border-bottom: 2px solid #eaeaea;
}
.navigation li{
min-width: 100px;
display: inline-block;
text-align: center;
vertical-align: middle;
margin: 6px;
}
.navigation li:hover{
text-shadow: 0px 0px 10px black;
}
pre{
border: 1px solid #bebebe;
font-size: 83%;
margin-left: auto;
margin-right: auto;
text-indent: 0px;
text-align: left;
white-space: pre-line;
padding: 10px;
vertical-align: middle !important;
background-color: #fafafa;
/*overflow-x: scroll;*/
color: darkblue;
}
.navigation a{
color: white;
text-shadow: 0px 0px 5px black;
text-transform: uppercase;
font-weight: bold;
font-size: 20px;
text-decoration: none;
vertical-align: middle;
}
#challenges{
border: 1px solid #eaeafa;
border-radius: 5px;
padding: 20px;
width: 700px;
margin-left: auto;
margin-right: auto;
box-shadow: 0px 0px 30px #eaeaea;
}
#challenges input{
border: 1px solid #eaeafa;
border-radius: 5px;
box-shadow: 0px 0px 30px #eaeaea;
}
#scoreboard{
border: 1px solid #eaeafa;
border-radius: 5px;
padding: 20px;
width: 700px;
margin-left: auto;
margin-right: auto;
box-shadow: 0px 0px 30px #eaeaea;
}
input{
border: 1px solid silver;
border-radius: 3px;
/*font-size: 20px;*/
width: 95%;
padding: 3px;
margin: 10px;
}
#login_form{
margin-right: auto;
margin-left: auto;
border: 1px solid #eaeafa;
border-radius: 5px;
padding: 30px 150px;
width: 300px;
margin-left: auto;
margin-right: auto;
box-shadow: 0px 0px 30px #eaeaea;
}
#register_form{
margin-right: auto;
margin-left: auto;
border: 1px solid #eaeafa;
border-radius: 5px;
padding: 30px 150px;
width: 300px;
margin-left: auto;
margin-right: auto;
box-shadow: 0px 0px 30px #eaeaea;
}
.challenge{
border: 1px solid #eaeaea;
padding: 10px;
margin-bottom:10px;
}
.message{
padding: 8px;
position: absolute;
top:154px;
background-color: #FFF8DC;
border: 1px solid #EAC117;
color: #966F33;
width: 883px;
font-weight: bold;
text-align: center;
display: none;
}
.success{
padding: 8px;
position: absolute;
top:154px;
background-color: #eeFFee;
border: 1px solid #254117;
color: #348017;
width: 883px;
font-weight: bold;
text-align: center;
display: none;
}
.error{
padding: 8px;
position: absolute;
top:154px;
width: 883px;
background-color: #FFeeee;
border: 1px solid #9F000F;
color: #C11B17;
margin-left: auto;
margin-right: auto;
font-weight: bold;
text-align: center;
display: none;
}
.challenge_title{
border: 1px solid #eaeaea;
padding: 5px;
margin:-11px;
background-color: #fbfbfb;
cursor: pointer;
}
.challenge form{
margin-top: 30px;
}
.challenge li{
list-style: none;
float: left;
padding-bottom: 10px;
padding-left: 20px;
margin-top: -5px;
}
.challenge_title span{
float: right;
vertical-align: middle;
opacity:.5;
margin-right: 5px;
}
.status{
padding: 8px;
position: absolute;
top:154px;
width: 883px;
text-align: right;
opacity: .5;
z-index: 5;
font-size: smaller;
}
p {
text-indent: 20px;
line-height: 140%;
}
#content a{
color: #56A5EC;
}
#content a:visited{
color: #56A5EC;
}
th{
text-align: left;
text-decoration: underline;
}

4
skeleton/stop.sh Executable file
View File

@ -0,0 +1,4 @@
#!/bin/bash
ps aux|grep "server.py"|cut -d" " -f6| while read line; do sudo kill -9 $line; done
ps aux|grep "server.py"|cut -d" " -f7| while read line; do sudo kill -9 $line; done

10
skeleton/templates/about.html Normal file
View File

@ -0,0 +1,10 @@
{% extends "base_page.html" %}
{% block content %}
<h2> About </h2>
{% if app_about %}
{{ app_about | safe }}
{% endif %}
{% endblock %}

53
skeleton/templates/base_page.html Normal file
View File

@ -0,0 +1,53 @@
<!DOCTYPE html>
<html>
<head>
<title> {{ app_title }} </title>
<meta charset="utf-8">
<link rel="stylesheet" type="text/css" href="{{url_for('static', filename='stylesheet.css')}}">
<script src="{{ url_for('static', filename='jquery.js' ) }}"></script>
<script src="{{ url_for('static', filename='notify.js' ) }}"></script>
<script src="{{ url_for('static', filename='jquery-ui.min.js' ) }}"></script>
<script src="{{ url_for('static', filename='control.js' ) }}"></script>
</head>
<body>
<div id="page">
<h1 id="title"> {{ app_title }} </h1>
<ul class="navigation">
{% if session.logged_in %}
{% for name, url in app_navigation_logged_in.iteritems() %}
<a href="{{ url }}"> <li> {{ name }} </li> </a>
{% endfor %}
{% else %}
{% for name, url in app_navigation_logged_out.iteritems() %}
<a href="{{ url }}"> <li> {{ name }} </li> </a>
{% endfor %}
{% endif %}
</ul>
{% if session.logged_in %}
<div class="status">
{{ session.username }} <strong>|</strong> <span id="score">{{ session.score }} pts </span>
</div>
{% endif %}
<div class="success">{% if success %}{{ success }}{% endif %}</div>
<div class="error">{% if error %}{{ error }}{% endif %}</div>
<div class="message">{% if message %}{{ message }}{% endif %}</div>
{% for message in get_flashed_messages() %}
<div class="success"> {{ message }} </div>
{% endfor %}
<div id="content">
{% block content %}
{% endblock %}
</div>
</div>
</body>
</html>

39
skeleton/templates/challenges.html Normal file
View File

@ -0,0 +1,39 @@
{% extends "base_page.html" %}
{% block content %}
<h2> Services </h2>
<div id="challenges">
<div class="challenge" id="0">
<h3 class="challenge_title"> Submit a Flag</h3>
<form action="{{ url_for('challenges_page') }}" id="challenge_body" method="post">
{% if challenges %}
<h4> The running services are... </h4>
{% for challenge in challenges %}
<p style=' text-indent:0px; margin-left:30px;padding-bottom:10px;'>
<span style='font-weight: bold;'> {{ challenge.title }}</span> ( {{ challenge.points }} pts ):
{{ challenge.description | safe }}
<b>Connect on port {{ challenge.port }}. </b>
</p>
{% endfor %}
{% endif %}
<h4> Submit by the command-line via... </h4>
<pre>
curl -k "{{ url }}submit" --data "uuid={{session_value}}&flag=&lt;FLAG&gt;"
</pre>
<input type="hidden" name="challenge_id" value="0">
<input type="text" name="answer">
<input type="submit" value="Submit" onclick="return check_answer(0)">
</form>
</div>
</div>
{% endblock %}

20
skeleton/templates/login.html Normal file
View File

@ -0,0 +1,20 @@
{% extends "base_page.html" %}
{% block content %}
<h2> Login </h2>
<p>
Please log in with a registered username.
</p>
<p>
<strong> Note that the username field is case-sensitive.</strong>
</p>
<br>
<form id="login_form" action="{{ url_for('login') }}" method="post">
<strong>Username:</strong> <input type="text" name="username">
<strong>Password:</strong> <input type="password" name="password">
<input type="submit" value="Login">
</form>
{% endblock %}

21
skeleton/templates/register.html Normal file
View File

@ -0,0 +1,21 @@
{% extends "base_page.html" %}
{% block content %}
<h2> Register </h2>
<p>
Please register the username and password you would like to log in with.
</p>
<p>
<strong> Do not use a password you use for other webites.</strong> Your password is stored in the database as a <a href="https://en.wikipedia.org/wiki/SHA-2">SHA256 hash</a>, and it is still passed to the server over a secure <a href="https://en.wikipedia.org/wiki/HTTPS">HTTPS</a> connection, but the next line of defense is for you, the user, to never use synchronized passwords.
</p>
<br>
<form id="register_form" action="{{ url_for('register') }}" method="post">
<strong>Username:</strong> <input type="text" name="username">
<strong>Password:</strong> <input type="password" name="password">
<strong>Confirm Password:</strong> <input type="password" name="confirm">
<input type="submit" value="Register">
</form>
{% endblock %}

37
skeleton/templates/scoreboard.html Normal file
View File

@ -0,0 +1,37 @@
{% extends "base_page.html" %}
{% block content %}
<h2> The Scoreboard </h2>
<p>
How do you stack up against the other players?
</p>
<table id="scoreboard">
<tr>
<th> Place </th>
<th> Name </th>
<th> Score </th>
</tr>
<!-- {% for username in usernames %}
<tr>
<td> &nbsp; &nbsp;{{ loop.index }} </td>
<td> {{ username }} </td>
<td> &nbsp; &nbsp; {{ scores[ loop.index0 ] }} </td>
</tr>
{% endfor %} -->
{% for user in users %}
<tr>
<td> &nbsp; &nbsp;{{ loop.index }} </td>
<td> {{ user["username"] }} </td>
<td> &nbsp; &nbsp; {{ user[ "score" ] }} </td>
</tr>
{% endfor %}
</table>
{% endblock %}

107
skeleton/templates/stylesheet.css Normal file
View File

@ -0,0 +1,107 @@
html, body{
font-family: "Helvetica";
height: 100%;
background-color: #ededef;
color: #585858;
}
#page{
max-width: 900px;
min-height: 80%;
background-color: white;
margin-left: auto;
margin-right: auto;
border-radius: 10px;
box-shadow: 0px 0px 20px silver;
}
h1{
padding: 20px;
margin: 30px;
font-size: 240%;
}
.navigation{
width: 95.7%;
list-style: none;
margin: -25px 20px;
margin-left: auto;
margin-right: auto;
height: 35px;
border-bottom: 1px solid silver;
vertical-align: middle;
background: #1e5799;
background: -moz-linear-gradient(top, #1e5799 0%, #207cca 47%, #2989d8 84%, #7db9e8 100%);
background: -webkit-linear-gradient(top, #1e5799 0%,#207cca 47%,#2989d8 84%,#7db9e8 100%);
background: linear-gradient(to bottom, #1e5799 0%,#207cca 47%,#2989d8 84%,#7db9e8 100%);
filter: progid:DXImageTransform.Microsoft.gradient( startColorstr='#1e5799', endColorstr='#7db9e8',GradientType=0 );
border-bottom: 2px solid #eaeaea;
}
.navigation li{
min-width: 100px;
display: inline-block;
text-align: center;
vertical-align: middle;
margin: 6px;
}
.navigation li:hover{
text-shadow: 0px 0px 10px black;
}
.navigation a{
color: white;
text-shadow: 0px 0px 5px black;
text-transform: uppercase;
font-weight: bold;
font-size: 20px;
text-decoration: none;
vertical-align: middle;
}
#challenges{
border: 1px solid #eaeafa;
border-radius: 5px;
padding: 20px;
margin-top: 50px;
width: 700px;
margin-left: auto;
margin-right: auto;
box-shadow: 0px 0px 30px #eaeaea;
}
input{
border: 1px solid silver;
border-radius: 3px;
font-size: 20px;
width: 95%;
padding: 0px 0px;
margin: 10px;
}
.challenge{
border: 1px solid #eaeaea;
padding: 10px;
margin-bottom:10px;
}
.challenge h2{
border: 1px solid #eaeaea;
padding: 5px;
margin:-11px;
background-color: #fbfbfb;
margin-bottom: 30px
}