Skip to content
Permalink
Browse files

Initial commit

  • Loading branch information...
gehaxelt committed Feb 21, 2016
0 parents commit acac9382b4981ced945d2e9c67f46daa7fc1de77
Showing with 6,285 additions and 0 deletions.
  1. +22 −0 LICENSE
  2. +60 −0 README.md
  3. +49 −0 README.tinyctf.md
  4. +16 −0 config.json.sample
  5. +53 −0 lang.json
  6. +386 −0 server.py
  7. +9 −0 static/css/bootstrap.min.css
  8. +130 −0 static/css/ctf.css
  9. +1 −0 static/files/.gitignore
  10. BIN static/img/background.jpg
  11. BIN static/img/background.xcf
  12. +4 −0 static/js/jquery-1.11.0.min.js
  13. +34 −0 static/js/submit.js
  14. +7 −0 static/js/tasks.js
  15. +72 −0 task_import.py
  16. +287 −0 tasks.json
  17. +39 −0 tasks/checkservice.py
  18. +77 −0 tasks/code50/code/code50.py
  19. +5 −0 tasks/code50/solution/description.md
  20. +1 −0 tasks/code50/solution/flag.txt
  21. +83 −0 tasks/code60/code/code60.py
  22. +3 −0 tasks/code60/solution/description.md
  23. +1 −0 tasks/code60/solution/flag.txt
  24. +116 −0 tasks/code70/code/code70.py
  25. +4 −0 tasks/code70/solution/description.md
  26. +1 −0 tasks/code70/solution/flag.txt
  27. +17 −0 tasks/code70/task/README.txt
  28. +73 −0 tasks/code80/code/code80.py
  29. +4 −0 tasks/code80/solution/description.md
  30. +1 −0 tasks/code80/solution/flag.txt
  31. +84 −0 tasks/code90/code/code90.py
  32. +54 −0 tasks/code90/code/tree.py
  33. +3 −0 tasks/code90/solution/description.md
  34. +1 −0 tasks/code90/solution/flag.txt
  35. +21 −0 tasks/createzips.sh
  36. +13 −0 tasks/crypto50/code/flag.txt
  37. +3 −0 tasks/crypto50/solution/description.md
  38. +1 −0 tasks/crypto50/solution/flag.txt
  39. +1 −0 tasks/crypto50/task/README.txt
  40. +6 −0 tasks/crypto60/code/bob.key
  41. +4 −0 tasks/crypto60/code/bob.pub
  42. +6 −0 tasks/crypto60/code/bob2.key
  43. +4 −0 tasks/crypto60/code/bob2.pub
  44. +6 −0 tasks/crypto60/code/bob3.key
  45. +4 −0 tasks/crypto60/code/bob3.pub
  46. +5 −0 tasks/crypto60/code/secret.enc
  47. +1 −0 tasks/crypto60/code/secret.enc.1
  48. +2 −0 tasks/crypto60/code/secret.enc.2
  49. BIN tasks/crypto60/code/secret.enc.3
  50. +1 −0 tasks/crypto60/code/secret.txt.1
  51. +1 −0 tasks/crypto60/code/secret.txt.2
  52. +1 −0 tasks/crypto60/code/secret.txt.3
  53. +5 −0 tasks/crypto60/solution/description.md
  54. +1 −0 tasks/crypto60/solution/flag.txt
  55. +4 −0 tasks/crypto60/task/bob.pub
  56. +4 −0 tasks/crypto60/task/bob2.pub
  57. +4 −0 tasks/crypto60/task/bob3.pub
  58. +5 −0 tasks/crypto60/task/secret.enc
  59. +2 −0 tasks/crypto70/code/flag.py
  60. +154 −0 tasks/crypto70/code/myhash.py
  61. +17 −0 tasks/crypto70/code/pow.py
  62. +5 −0 tasks/crypto70/solution/description.md
  63. +1 −0 tasks/crypto70/solution/flag.txt
  64. +80 −0 tasks/crypto70/task/myhash.py
  65. BIN tasks/crypto80/code/beep_noise.ogg
  66. BIN tasks/crypto80/code/beep_noise.wav
  67. BIN tasks/crypto80/code/combined.webm
  68. BIN tasks/crypto80/code/video-30s.webm
  69. BIN tasks/crypto80/code/video.webm
  70. +5 −0 tasks/crypto80/code/website/assets/css/bootstrap.min.css
  71. +39 −0 tasks/crypto80/code/website/assets/css/style.css
  72. +7 −0 tasks/crypto80/code/website/assets/js/bootstrap.min.js
  73. +5 −0 tasks/crypto80/code/website/assets/js/jquery-1.11.3.min.js
  74. +42 −0 tasks/crypto80/code/website/index.html
  75. BIN tasks/crypto80/code/website/video.webm
  76. +5 −0 tasks/crypto80/solution/description.md
  77. +29 −0 tasks/crypto80/solution/flag.txt
  78. BIN tasks/crypto80/task/song.webm
  79. +195 −0 tasks/crypto90/code/bank.py
  80. +1 −0 tasks/crypto90/code/flag.py
  81. +5 −0 tasks/crypto90/solution/description.md
  82. +1 −0 tasks/crypto90/solution/flag.txt
  83. +12 −0 tasks/crypto90/solution/help.py
  84. +195 −0 tasks/crypto90/task/bank.py
  85. +33 −0 tasks/exp50/code/exp50.rb
  86. +2 −0 tasks/exp50/code/flag.rb
  87. +3 −0 tasks/exp50/solution/description.md
  88. +1 −0 tasks/exp50/solution/flag.txt
  89. BIN tasks/exp60/code/EquationSolver
  90. +40 −0 tasks/exp60/code/EquationSolver.c
  91. +1 −0 tasks/exp60/code/flag.h
  92. +3 −0 tasks/exp60/solution/description.md
  93. +1 −0 tasks/exp60/solution/flag.txt
  94. BIN tasks/exp70/code/FlagStore
  95. +105 −0 tasks/exp70/code/FlagStore.c
  96. +1 −0 tasks/exp70/code/flag.h
  97. +3 −0 tasks/exp70/solution/description.md
  98. +1 −0 tasks/exp70/solution/flag.txt
  99. +105 −0 tasks/exp70/task/FlagStore.c
  100. BIN tasks/exp80/code/RemotePrinter
  101. +68 −0 tasks/exp80/code/RemotePrinter.c
  102. +1 −0 tasks/exp80/code/flag.txt
  103. +3 −0 tasks/exp80/solution/description.md
  104. +1 −0 tasks/exp80/solution/flag.txt
  105. BIN tasks/exp80/task/RemotePrinter
  106. +1 −0 tasks/exp90/code/flag.txt
  107. +43 −0 tasks/exp90/code/task.js
  108. +3 −0 tasks/exp90/solution/description.md
  109. +1 −0 tasks/exp90/solution/flag.txt
  110. +1 −0 tasks/misc50/solution/cmd.txt
  111. +5 −0 tasks/misc50/solution/description.md
  112. +3 −0 tasks/misc50/solution/flag.txt
  113. +5 −0 tasks/misc50/task/README.txt
  114. +4 −0 tasks/misc60/solution/cmd.txt
  115. +5 −0 tasks/misc60/solution/description.txt
  116. +1 −0 tasks/misc60/solution/flag.txt
  117. +994 −0 tasks/misc60/task/README.txt
  118. BIN tasks/misc70/code/flag.zip
  119. +5 −0 tasks/misc70/solution/description.md
  120. +1 −0 tasks/misc70/solution/flag.txt
  121. +1 −0 tasks/misc70/solution/solution.txt
  122. +1 −0 tasks/misc70/task/README.txt
  123. BIN tasks/misc70/task/dump.pcapng.gz
  124. +5 −0 tasks/misc80/solution/description.md
  125. +1 −0 tasks/misc80/solution/flag.txt
  126. +11 −0 tasks/misc80/solution/text.hex
  127. +13 −0 tasks/misc80/solution/text.txt
  128. +1 −0 tasks/misc80/task/README.txt
  129. BIN tasks/misc80/task/flag.pcapng
  130. BIN tasks/misc90/code/backup/barcode1.gif
  131. BIN tasks/misc90/code/backup/barcode2.gif
  132. BIN tasks/misc90/code/backup/barcode3.gif
  133. BIN tasks/misc90/code/barcode1.gif
  134. BIN tasks/misc90/code/barcode2.gif
  135. BIN tasks/misc90/code/barcode3.gif
  136. BIN tasks/misc90/code/barcodes.jpg
  137. BIN tasks/misc90/code/barcodes.pdf
  138. +5 −0 tasks/misc90/solution/description.md
  139. +1 −0 tasks/misc90/solution/flag.txt
  140. +1 −0 tasks/misc90/task/README.txt
  141. BIN tasks/misc90/task/barcodes.jpg
  142. +12 −0 tasks/pkiller.py
  143. +32 −0 tasks/rev50/code/myxor.nocomment.s
  144. +32 −0 tasks/rev50/code/myxor.s
  145. +7 −0 tasks/rev50/solution/description.md
  146. +1 −0 tasks/rev50/solution/flag.txt
  147. +29 −0 tasks/rev50/task/README.txt
  148. +1 −0 tasks/rev60/code/.password
  149. BIN tasks/rev60/code/filechecker
  150. +66 −0 tasks/rev60/code/filechecker.c
  151. +6 −0 tasks/rev60/solution/description.md
  152. +1 −0 tasks/rev60/solution/flag.txt
  153. BIN tasks/rev60/task/filechecker
  154. BIN tasks/rev70/code/serverfarm
  155. +70 −0 tasks/rev70/code/serverfarm.c
  156. +5 −0 tasks/rev70/solution/description.md
  157. +1 −0 tasks/rev70/solution/flag.txt
  158. BIN tasks/rev70/task/serverfarm
  159. +93 −0 tasks/rev80/code/code.tb
  160. +39 −0 tasks/rev80/code/help.txt
  161. +5 −0 tasks/rev80/solution/description.md
  162. +20 −0 tasks/rev80/solution/flag.txt
  163. +1 −0 tasks/rev80/task/priner.tb
  164. +46 −0 tasks/rev90/code/moves.txt
  165. +5 −0 tasks/rev90/solution/description.md
  166. +1 −0 tasks/rev90/solution/flag.txt
  167. +46 −0 tasks/rev90/task/README.txt
  168. +152 −0 tasks/tasks.md
  169. +5 −0 tasks/web50/code/assets/css/bootstrap.min.css
  170. +39 −0 tasks/web50/code/assets/css/style.css
  171. +7 −0 tasks/web50/code/assets/js/bootstrap.min.js
  172. +5 −0 tasks/web50/code/assets/js/jquery-1.11.3.min.js
  173. +5 −0 tasks/web50/code/bf-protection.php
  174. +15 −0 tasks/web50/code/flag.php
  175. +87 −0 tasks/web50/code/index.php
  176. +4 −0 tasks/web50/solution/description.md
  177. +1 −0 tasks/web50/solution/flag.txt
  178. +10 −0 tasks/web50/solution/genhash.php
  179. +17 −0 tasks/web50/task/README.txt
  180. +12 −0 tasks/web60/code/ajax.php
  181. +5 −0 tasks/web60/code/assets/css/bootstrap.min.css
  182. +4 −0 tasks/web60/code/assets/css/style.css
  183. +23 −0 tasks/web60/code/assets/js/app.js
  184. +7 −0 tasks/web60/code/assets/js/bootstrap.min.js
  185. +5 −0 tasks/web60/code/assets/js/jquery-1.11.3.min.js
  186. +4 −0 tasks/web60/code/flag.php
  187. +57 −0 tasks/web60/code/index.php
  188. +4 −0 tasks/web60/solution/description.md
  189. +1 −0 tasks/web60/solution/flag.txt
  190. +1 −0 tasks/web70/code/.gitignore
  191. +5 −0 tasks/web70/code/assets/css/bootstrap.min.css
  192. +39 −0 tasks/web70/code/assets/css/style.css
  193. +7 −0 tasks/web70/code/assets/js/bootstrap.min.js
  194. +5 −0 tasks/web70/code/assets/js/jquery-1.11.3.min.js
  195. +14 −0 tasks/web70/code/config.php.sample
  196. +5 −0 tasks/web70/code/flag.php
  197. +89 −0 tasks/web70/code/index.php
  198. +49 −0 tasks/web70/code/logout.php
  199. +92 −0 tasks/web70/code/register.php
  200. +54 −0 tasks/web70/code/sql_import.sql
  201. +3 −0 tasks/web70/solution/description.md
  202. +1 −0 tasks/web70/solution/flag.txt
  203. BIN tasks/web80/code/git.zip
  204. +32 −0 tasks/web80/code/index.html
  205. +3 −0 tasks/web80/solution/description.md
  206. +1 −0 tasks/web80/solution/flag.txt
  207. +1 −0 tasks/web90/code/.gitignore
  208. +40 −0 tasks/web90/code/ajax.php
  209. +5 −0 tasks/web90/code/assets/css/bootstrap.min.css
  210. +39 −0 tasks/web90/code/assets/css/style.css
  211. +21 −0 tasks/web90/code/assets/js/app.js
  212. +7 −0 tasks/web90/code/assets/js/bootstrap.min.js
  213. +5 −0 tasks/web90/code/assets/js/jquery-1.11.3.min.js
  214. +7 −0 tasks/web90/code/cleanpdfdir.sh
  215. 0 tasks/web90/code/compile/.empty
  216. +9 −0 tasks/web90/code/config.php.sample
  217. +4 −0 tasks/web90/code/flag.php
  218. +62 −0 tasks/web90/code/index.php
  219. 0 tasks/web90/code/pdf/.empty
  220. +1 −0 tasks/web90/code/pdf/.gitignore
  221. +3 −0 tasks/web90/code/templates/assignment3/footer.tex
  222. +68 −0 tasks/web90/code/templates/assignment3/header.tex
  223. +1 −0 tasks/web90/code/templates/blank/footer.tex
  224. +7 −0 tasks/web90/code/templates/blank/header.tex
  225. +131 −0 tasks/web90/code/templates/essay/essay_2.tex
  226. +3 −0 tasks/web90/code/templates/essay/footer.tex
  227. +65 −0 tasks/web90/code/templates/essay/header.tex
  228. +28 −0 tasks/web90/solution/description.md
  229. +1 −0 tasks/web90/solution/flag.txt
  230. +3 −0 templates/error.html
  231. +86 −0 templates/frame.html
  232. +21 −0 templates/main.html
  233. +26 −0 templates/register.html
  234. +60 −0 templates/rules.html
  235. +20 −0 templates/scoreboard.html
  236. +49 −0 templates/task.html
  237. +40 −0 templates/tasks.html
22 LICENSE
@@ -0,0 +1,22 @@
The MIT License (MIT)

Copyright (c) 2014 Dániel Bali

Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

@@ -0,0 +1,60 @@
Internetwache CTF 2016
======================================

The Internetwache CTF 2016 repository. This repository contains all files, tools which were used during the CTF.

# CTF Details
- Date: 20 Feb, 12:00 CET — 22 Feb, 00:00 CET
- Ctfime.org: https://ctftime.org/event/290
- Url: https://ctf.internetwache.org
- Registered teams: ~1300 (~700 active) [@ 10 a.m, 22 Feb]
- Challenges written by: @gehaxelt
- Twitter: @internetwache
- IRC: #iwctf @ freenode.net

# Scoreboard
The scoreboard is based on the tinyctf-platform. Check the ```README.tinyctf.md``` for more information.

# Directory structure
The most interesting directory is ```tasks/```:

```
├── tasks // Directory with all tasks
│   ├── challengeXY // Directory for a challenge
│   │   ├── code // Directory for serverside code
│   │   │   ├── service.py // Service for this challenge
│   │   │   └── flag.py // File with flag
│   │   ├── solution // Directory for public information
│   │   │   ├── description.md // Name and description of challenge
│   │   │   └── flag.txt // Flag of challenge
│   │   └── task // Directory with files for download
│   │   └── README.txt // File with challenge hints/code
```

# Other files:
- checkservice.py: A small python script/plugin for the collectd monitoring system. Checks the availability of the services.
- createzips.sh: Bundles every ```tasks/<challenge>/task/``` directory into a ```static/files/<challenge>.zip```
- pkiller.py: Dirty workaround script to kill long-living apache-mpm-itk subprocesses (spawned by RCE challenges)
- tasks.md: An overview over all challenges' name, flag, url, ip, port.

# Hosting details:
- 4 VMs from Digitalocean.com
- 1x 1 Core, 512 mb, 20GB, 0.007$/h Box as monitor
- 1x 4 Core, 8 gb, 80gb, 0.119$/h Box as proxy (load balancer)
- nginx load balancer: HTTP to web1 / TCP to serv1
- 1x 4 Core, 8 gb, 80gb, 0.119$/h Box as web1 backend
- web50, web60, web70, web80, web90, crypto80 challenges
- 1x 4 Core, 8 gb, 80gb, 0.119$/h Box as serv1 backend
- crypto70, crypto90, code50, code60, code70, code80, code90, exp50, exp60, exp70, exp80, exp90 challenges
- 1x Floating IP pointing to proxy

- Setup:
- Monitor ==> Priv. Network to proxy / web1 / serv1
- Internet ==> proxy ==> Priv. Network to web1 / serv1
- Pro: Easy scalable by spawning new VMs
- Pro: Bad attackers easily stoppable on the proxy
- Contra: Single point of failure (Proxy)
- Used [Daemontools](http://cr.yp.to/daemontools.html) to easily control services
- Used [TCPServer](http://cr.yp.to/ucspi-tcp/tcpserver.html) to provide tcp connection for executable and scripts.
- Used [CGroups](https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Resource_Management_Guide/ch01.html) to limit service-users resources
- Used [Collectd](https://collectd.org/) with [CGP frontend](https://github.com/pommi/CGP) for monitoring the VMs
@@ -0,0 +1,49 @@
tinyctf-platform
================

`tinyctf-platform` is yet another open-source (jeopardy style) CTF platform. It is relatively easy to set up and modify. Hopefully it will become even better over time, with other people contributing.

![alt text](http://i.imgur.com/dqGeLNM.jpg "tinyctf-platform in action")

Deployment
----------

To deploy `tinyctf-platform` on an EC2 instance, execute the following commands:

Become root, upgrade

sudo su
yum upgrade -y

Install some prerequisites

yum install -y git
yum install -y gcc-c++
yum install -y python-devel

Install Flask and dataset

easy_install Flask
easy_install dataset
exit

Clone the repo

git clone https://github.com/balidani/tinyctf-platform.git
cd tinyctf-platform/

Import the tasks

python task_import.py

Start the server

python server.py

*Note*: Flask should run on top of a proper web server if you plan to have many players.

Caveats
-------

* CSRF is currently not addressed
* The platform does not support tasks with the same score and category right now
@@ -0,0 +1,16 @@
{
"secret_key": "sdjfhsjdfhkjsdf/&(&/(6sd7f67sdf8932KJSKJDHJDH",

"host": "0.0.0.0",
"port": 64092,

"db": "sqlite:///ctf.db",

"language_file": "lang.json",
"language": "english",

"start": 1455966000,
"stop": 1456095600,

"debug": false
}
@@ -0,0 +1,53 @@
{
"english": {
"frame": {
"title": "Internetwache CTF 2016",
"toggle": "Toggle navigation",
"login": "Sign in",
"register": "Register",
"logged_in": "Logged in as",
"logout": "log out"
},
"main": {
"title": "Internetwache CTF 2016",
"text": "Welcome to the first jeopardy CTF hosted by Internetwache"
},
"about": {
"title": "About",
"news": "News",
"news_text": "News go here",
"rules": "Rules",
"rules_text": "<ul><li>first</li></ul> go here"
},
"tasks": {
"title": "Tasks"
},
"task": {
"description": "Description",
"attachment": "Attachment",
"submit": "Submit",
"success": "Correct flag!",
"failure": "Incorrect flag",
"solution_format": "solved by %d",
"no_description": "(none)",
"placeholder": "IW{insert_flag_here}",
"service": "Service"
},
"scoreboard": {
"title": "Scoreboard",
"player": "Team",
"score": "Score"
},
"error": {
"title": "Error",
"unknown": "Unknown error",
"login_required": "You need to be logged in to see this page",
"invalid_credentials": "Invalid username or password",
"already_registered": "This user is already registered",
"empty_user": "Empty username is not allowed",
"task_not_found": "TBD",
"only_during_ctf": "This action is only possible during the CTF",
"ctf_over": "CTF is over. Sorry!"
}
}
}
Oops, something went wrong.

0 comments on commit acac938

Please sign in to comment.
You can’t perform that action at this time.