Merge pull request #43 from teamssix/main

perf: optimize code and readme
HXSecurity · May 20, 2022 · 6391eb9 · 6391eb9
2 parents c9676c2 + 2c87a84
commit 6391eb9
Show file tree

Hide file tree

Showing 56 changed files with 106 additions and 282 deletions.
diff --git a/aliyun/oss/bucket_object_traversal/README.md b/aliyun/oss/bucket_object_traversal/README.md
@@ -25,19 +25,15 @@ If you confirm that there are no problems, Type “yes” to start the build
 
 Access to hx-cloud-security-ctf-xxx.oss-cn-beijing.aliyuncs.com
 
-## Get Flag
+## Steps
 
-![image-20220425122303981](../../../images/UzJuMarkDownImageimage-20220425122303981.png)
+access bucket
 
-Find File Location, in /index.png
-
-![image-20220425122323577](../../../images/UzJuMarkDownImageimage-20220425122323577.png)
-
-But it is not a picture.
-
-![image-20220425122347527](../../../images/UzJuMarkDownImageimage-20220425122347527.png)
+```shell
+hx-cloud-security-xxx.oss-cn-beijing.aliyuncs.com
+```
 
-What is this? Maybe you can check the latitude and longitude to determine where this is the location!
+![image-20220425122303981](../../../images/1653026731.png)
 
 ## Destruction Challenge
 

diff --git a/aliyun/oss/bucket_object_traversal/README_CN.md b/aliyun/oss/bucket_object_traversal/README_CN.md
@@ -29,19 +29,15 @@ terraform apply
 
 访问 hx-cloud-security-ctf-xxx.oss-cn-beijing.aliyuncs.com
 
-## Get Flag
+## 操作
 
-![image-20220425122303981](../../../images/UzJuMarkDownImageimage-20220425122303981.png)
+访问 bucket
 
-找到文件位置，在/index.png
-
-![image-20220425122323577](../../../images/UzJuMarkDownImageimage-20220425122323577.png)
-
-但是并不是一张图片
-
-![image-20220425122347527](../../../images/UzJuMarkDownImageimage-20220425122347527.png)
+```shell
+hx-cloud-security-xxx.oss-cn-beijing.aliyuncs.com
+```
 
-这是什么？也许可以去查询经纬度来判断这是位置是哪里！
+![image-20220425122303981](../../../images/1653026731.png)
 
 ## 销毁挑战
 

diff --git a/aliyun/oss/bucket_object_traversal/file/index.html b/aliyun/oss/bucket_object_traversal/file/index.html
diff --git a/aliyun/oss/bucket_object_traversal/flag b/aliyun/oss/bucket_object_traversal/flag
@@ -0,0 +1 @@
+{Congratulations on getting flag}
diff --git a/aliyun/oss/bucket_object_traversal/main.tf b/aliyun/oss/bucket_object_traversal/main.tf
@@ -1,28 +1,18 @@
-terraform {
-  required_providers {
-    alicloud = {
-      source  = "aliyun/alicloud"
-      version = "1.163.0"
-    }
-  }
-}
-
 provider "alicloud" {
   profile = "default"
-  region  = var.AliyunCloud_Oss_Region
+  region  = "cn-beijing"
 }
 
 resource "alicloud_oss_bucket_object" "UploadObject" {
-  bucket       = alicloud_oss_bucket.Create_Bucket.bucket
-  acl          = "public-read-write"
-  key          = "index.png"
-  source       = "./file/index.html"
-  content_type = "inline"
+  bucket = alicloud_oss_bucket.Create_Bucket.bucket
+  acl    = "public-read"
+  key    = "flag"
+  source = "./flag"
 }
 
 resource "alicloud_oss_bucket" "Create_Bucket" {
-  bucket        = "hx-cloud-security-ctf-${random_string.random_suffix.result}"
-  acl           = "public-read-write"
+  bucket        = "hx-cloud-security-${random_string.random_suffix.result}"
+  acl           = "public-read"
   force_destroy = true
   policy        = <<POLICY
 {
@@ -73,11 +63,9 @@ resource "alicloud_oss_bucket" "Create_Bucket" {
 		}
 	}]
 }
-            POLICY
+POLICY
 }
 
-
-# Randomly generate a 5-digit random number
 resource "random_string" "random_suffix" {
   length  = 5
   special = false

diff --git a/aliyun/oss/bucket_object_traversal/output.tf b/aliyun/oss/bucket_object_traversal/output.tf
@@ -1,4 +1,4 @@
-output "AliyunCloud_Oss_Info" {
+output "aliyuncloud_oss_info" {
   description = "Bucket URL"
-  value       = "${alicloud_oss_bucket.Create_Bucket.bucket}.oss-${var.AliyunCloud_Oss_Region}.aliyuncs.com"
+  value       = "${alicloud_oss_bucket.Create_Bucket.bucket}.oss-cn-beijing.aliyuncs.com"
 }
diff --git a/aliyun/oss/bucket_object_traversal/variables.tf b/aliyun/oss/bucket_object_traversal/variables.tf
diff --git a/aliyun/oss/bucket_object_traversal/version.tf b/aliyun/oss/bucket_object_traversal/version.tf
@@ -1,3 +1,8 @@
 terraform {
-  required_version = ">= 0.12.2"
-}
+  required_providers {
+    alicloud = {
+      source  = "aliyun/alicloud"
+      version = "1.163.0"
+    }
+  }
+}
diff --git a/aliyun/oss/object_acl_writable/dist/index.html b/aliyun/oss/object_acl_writable/dist/index.html
diff --git a/aliyun/oss/object_acl_writable/dist/flag.txt → aliyun/oss/object_acl_writable/flag.txt b/aliyun/oss/object_acl_writable/dist/flag.txt → aliyun/oss/object_acl_writable/flag.txt
diff --git a/aliyun/oss/object_acl_writable/main.tf b/aliyun/oss/object_acl_writable/main.tf
@@ -1,12 +1,3 @@
-terraform {
-  required_providers {
-    alicloud = {
-      source  = "aliyun/alicloud"
-      version = "1.163.0"
-    }
-  }
-}
-
 provider "alicloud" {
   profile = "default"
   region  = "cn-beijing"
@@ -15,17 +6,13 @@ provider "alicloud" {
 resource "alicloud_oss_bucket_object" "flag" {
   bucket = alicloud_oss_bucket.Put_bucket_acl.bucket
   key    = "flag.txt"
-  source = "./dist/flag.txt"
+  source = "./flag.txt"
 }
 
-# Storage bucket configuration
-# The reason why Action is written oss:* here is because it is difficult to list the policies that can only get buckets separately
-# Because the policy GetBucketPolicy depends on many other policies, so here it is simply oss:*, which is also true in the real world
 resource "alicloud_oss_bucket" "Put_bucket_acl" {
-  # Forced deletion on destruction
   acl           = "private"
   force_destroy = true
-  bucket        = "hx-cloud-security-ctf-${random_string.random_suffix.result}"
+  bucket        = "hx-cloud-security-${random_string.random_suffix.result}"
   policy        = <<POLICY
 {
 	"Version": "1",
@@ -43,10 +30,9 @@ resource "alicloud_oss_bucket" "Put_bucket_acl" {
 		]
 	}]
 }
-            POLICY
+POLICY
 }
 
-# Randomly generate a 5-digit random number
 resource "random_string" "random_suffix" {
   length  = 5
   special = false

diff --git a/aliyun/oss/object_acl_writable/output.tf b/aliyun/oss/object_acl_writable/output.tf
@@ -1,9 +1,4 @@
-output "AliyunOssName" {
-  description = "Oss Name"
-  value       = "${alicloud_oss_bucket.Put_bucket_acl.bucket}.oss-${var.AliyunCloud_Oss_Region}.aliyuncs.com"
-}
-
-output "AliyunOssRegion" {
-  description = "Oss Region"
-  value       = var.AliyunCloud_Oss_Region
+output "aliyun_oss_name" {
+  description = "OSS Name"
+  value       = "${alicloud_oss_bucket.Put_bucket_acl.bucket}.oss-cn-beijing.aliyuncs.com"
 }
diff --git a/aliyun/oss/object_acl_writable/variables.tf b/aliyun/oss/object_acl_writable/variables.tf
diff --git a/aliyun/oss/object_acl_writable/version.tf b/aliyun/oss/object_acl_writable/version.tf
@@ -1,3 +1,8 @@
 terraform {
-  required_version = ">= 0.12.2"
-}
+  required_providers {
+    alicloud = {
+      source  = "aliyun/alicloud"
+      version = "1.163.0"
+    }
+  }
+}
diff --git a/aliyun/oss/special_bucket_policy/README.md b/aliyun/oss/special_bucket_policy/README.md
@@ -50,10 +50,6 @@ Connection: close
 Upgrade-Insecure-Requests: 1
 ```
 
-When you see the file name, just visit that name **UkFrpYnoTbbQyhpx.html**
-
-![image-20220425182853118](../../../images/image-20220425182853118.png)
-
 ## Destruction Challenge
 
 ```bash

diff --git a/aliyun/oss/special_bucket_policy/README_CN.md b/aliyun/oss/special_bucket_policy/README_CN.md
@@ -47,10 +47,6 @@ Connection: close
 Upgrade-Insecure-Requests: 1
 ```
 
-看到了文件名，访问该名称即可**UkFrpYnoTbbQyhpx.html**
-
-![image-20220425182853118](../../../images/image-20220425182853118.png)
-
 ## 销毁挑战
 
 ```bash

diff --git a/aliyun/oss/special_bucket_policy/file/index.html b/aliyun/oss/special_bucket_policy/file/index.html
diff --git a/aliyun/oss/special_bucket_policy/main.tf b/aliyun/oss/special_bucket_policy/main.tf
@@ -1,27 +1,10 @@
-terraform {
-  required_providers {
-    alicloud = {
-      source  = "aliyun/alicloud"
-      version = "1.163.0"
-    }
-  }
-}
-
 provider "alicloud" {
   profile = "default"
-  region  = var.AliyunCloud_Oss_Region
-}
-
-resource "alicloud_oss_bucket_object" "UploadObject" {
-  bucket       = alicloud_oss_bucket.Create_Bucket.bucket
-  acl          = "public-read-write"
-  key          = "UkFrpYnoTbbQyhpx.html"
-  source       = "./file/index.html"
-  content_type = "inline"
+  region  = "cn-beijing"
 }
 
 resource "alicloud_oss_bucket" "Create_Bucket" {
-  bucket        = "hx-cloud-security-ctf-${random_string.random_suffix.result}"
+  bucket        = "hx-cloud-security-${random_string.random_suffix.result}"
   acl           = "public-read-write"
   force_destroy = true
   policy        = <<POLICY
@@ -74,10 +57,9 @@ resource "alicloud_oss_bucket" "Create_Bucket" {
 		}
 	}]
 }
-            POLICY
+POLICY
 }
 
-# Randomly generate a 5-digit random number
 resource "random_string" "random_suffix" {
   length  = 5
   special = false

diff --git a/aliyun/oss/special_bucket_policy/output.tf b/aliyun/oss/special_bucket_policy/output.tf
@@ -1,4 +1,4 @@
-output "AliyunCloud_Oss_Info" {
+output "aliyuncloud_oss_info" {
   description = "Bucket URL"
-  value       = "${alicloud_oss_bucket.Create_Bucket.bucket}.oss-${var.AliyunCloud_Oss_Region}.aliyuncs.com"
-}
+  value       = "${alicloud_oss_bucket.Create_Bucket.bucket}.oss-cn-beijing.aliyuncs.com"
+}
diff --git a/aliyun/oss/special_bucket_policy/variables.tf b/aliyun/oss/special_bucket_policy/variables.tf
diff --git a/aliyun/oss/special_bucket_policy/version.tf b/aliyun/oss/special_bucket_policy/version.tf
@@ -1,3 +1,8 @@
 terraform {
-  required_version = ">= 0.12.2"
-}
+  required_providers {
+    alicloud = {
+      source  = "aliyun/alicloud"
+      version = "1.163.0"
+    }
+  }
+}
diff --git a/aws/s3/bucket_object_traversal/file/flag.txt b/aws/s3/bucket_object_traversal/file/flag.txt
diff --git a/aws/s3/bucket_object_traversal/file/index.html b/aws/s3/bucket_object_traversal/file/index.html
diff --git a/aws/s3/bucket_object_traversal/flag.txt b/aws/s3/bucket_object_traversal/flag.txt
@@ -0,0 +1 @@
+Congratulations on getting the Bucket traversal Flag
diff --git a/aws/s3/bucket_object_traversal/main.tf b/aws/s3/bucket_object_traversal/main.tf
@@ -43,20 +43,11 @@ resource "aws_s3_bucket_policy" "CreateBucketPolicy" {
 EOF
 }
 
-resource "aws_s3_bucket_object" "PutObject" {
+resource "aws_s3_object" "PutObject_Flag" {
   bucket       = aws_s3_bucket.CreateBucket.id
-  key          = "index.html"
-  source       = "./file/index.html"
+  key          = "flag.txt"
+  source       = "./flag.txt"
   acl          = "public-read-write"
-  content_type = "text/html"
-}
-
-resource "aws_s3_bucket_object" "PutObject_Flag" {
-  bucket       = aws_s3_bucket.CreateBucket.id
-  key          = "weflag.txt"
-  source       = "./file/flag.txt"
-  acl          = "public-read-write"
-  content_type = "text/html"
 }