This repository has been archived by the owner on Mar 13, 2021. It is now read-only.
/
entrypoint.sh
executable file
·77 lines (60 loc) · 2.32 KB
/
entrypoint.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
#!/bin/sh
set -x
# Kill myself
rm -rf Dockerfile entrypoint.sh
# Cron time
if [ -z "$RESTART" ]; then
RESTART=60
fi
# NODE_ENV
if [ -z "$NODE_ENV" ]; then
NODE_ENV=development
else
NODE_ENV=production
fi
# Test flag
if [ -z "$FLAG" ]; then
FLAG="d3ctf{Th1s_is_an_3xamp1e_fl114g}"
fi
# Put the flag into the root dir &
# Give the permission that only ROOT can read
echo ${FLAG} > /flag
chmod 0400 /flag
# Database environment configuration
## Starting mysql
mysqld_safe &
## Waiting for mysql
sleep 10
## Init database
if [ -z "$DBBASE" ]; then
DBBASE=ctf
fi
if [ -z "$DBUSER" ]; then
DBUSER=ctf
fi
if [ -z "$DBPASS" ]; then
DBPASS=$(cat /dev/urandom | head -n 10 | md5sum | head -c 32)
fi
mysql -e "CREATE DATABASE ${DBBASE};"
mysql -e "GRANT USAGE ON *.* TO '${DBUSER}'@'localhost' IDENTIFIED BY '${DBPASS}' WITH GRANT OPTION; GRANT SELECT,INSERT,UPDATE,DELETE,CREATE,DROP ON ${DBUSER}.* TO '${DBUSER}'@'localhost' IDENTIFIED BY '${DBPASS}'; GRANT EXECUTE ON ${DBBASE}.* TO '${DBUSER}'@'localhost' IDENTIFIED BY '${DBPASS}'; FLUSH PRIVILEGES;"
mysql -e "CREATE TABLE ${DBBASE}.Users (id int(11) NOT NULL PRIMARY KEY AUTO_INCREMENT, username varchar(255), password varchar(255), data longtext, createdAt datetime NOT NULL, updatedAt datetime NOT NULL);"
mysql -e "INSERT INTO ${DBBASE}.Users (id, username, password, data, createdAt, updatedAt) VALUES (1, 'admin', '$(cat /dev/urandom | head -n 10 | md5sum | head -c 16)', '{\"Hint\":\"Root is good, but also dangerous.\"}','2019-10-10 00:00:00', '2019-10-10 00:00:00');"
# Install deps
cd /app && yarn
chown -R www.www /app
# Modify for prototype pollution
sed -i '412a\ if (key !== "username" && key !== "id" && key !== "password" && key !== "data" && key !== "createdAt" && key !== "updatedAt") { continue; }' \
/app/node_modules/sequelize/lib/dialects/abstract/query-generator.js
# Install typescript
npm i typescript@3.5.3 -g
# Compile source code
su - www -c "cd /app && rm -rf dist && mkdir dist && cp -r ./src/views ./dist/views && tsc"
# Ready to start
while true; do
echo "Starting..."
su - node -c "DBUSER=${DBUSER} DBPASS=${DBPASS} DBBASE=${DBBASE} NODE_ENV=${NODE_ENV} LISTENADDR=0.0.0.0 node /app/dist/index.js" &
sleep ${RESTART}
echo "Restarting...."
killall node
mysql -e "UPDATE ${DBBASE}.Users SET data=NULL where id != 1;"
done;