From 540815bc9422eaeb0350ec9a9ea08f294b03109d Mon Sep 17 00:00:00 2001 From: Someone Date: Thu, 3 Dec 2015 07:27:09 +0100 Subject: [PATCH] Prepared for ictf2015 --- flagbot.py | 154 +++++++++++++++++++++++++++++++ get_targets.php | 42 +++++++++ index.php | 20 ++-- index_flag_ids.php | 56 +++++++++++ submit.php | 28 +++--- submitbot.py => submitbot_tcp.py | 4 +- 6 files changed, 284 insertions(+), 20 deletions(-) create mode 100644 flagbot.py create mode 100644 get_targets.php create mode 100644 index_flag_ids.php rename submitbot.py => submitbot_tcp.py (97%) mode change 100755 => 100644 diff --git a/flagbot.py b/flagbot.py new file mode 100644 index 0000000..ce904b7 --- /dev/null +++ b/flagbot.py @@ -0,0 +1,154 @@ +#!/usr/bin/env python +# +# Copyright 2015 by Jan Vales (Someone ) +# send me your changes. credit author(s). do not publish. share alike. +# to be done: find a suitable licence text. +# + +import psycopg2 +import psycopg2.extras +import sys +import time +import signal +import socket +import threading + +import ictf + +team = None +dbconnstring = "host=127.0.0.1 port=5432 dbname=flagbot user=flagbot password=flagbotpw" + +def login(force = False): + global team + if force == True or team is None: + team = ictf.iCTF().login(# TODO: insert credentials here + print("login(): logged in.") + +def getTargets(): + print("getTargets(): starting...") + login(True) + global team + + service_list = team.get_service_list() + service_names = [s['service_name'] for s in service_list] + try: + dbconn = psycopg2.connect(dbconnstring) + cur = dbconn.cursor() + for service in service_names: + try: + targets = team.get_targets(service) + for target in targets: + try: +# TODO: wait for ictf folks to finish this one! + cur.execute("INSERT INTO flag_ids (service, host, flag_id) VALUES (%s, %s, %s)", (service, target['ip'], target['flag_id'])) + dbconn.commit() + except psycopg2.DatabaseError as e: + pass + except Exception as e: + print 'Error %s' % e + print "Unexpected error:", sys.exc_info()[0] + + except Exception as e: + print 'Error %s' % e + print "Unexpected error:", sys.exc_info()[0] + + try: + dbconn.close() + except psycopg2.DatabaseError as e: + print 'Error %s' % e + dbconn = None + + time.sleep(5.0) + gettargetth = threading.Timer(0.5, getTargets) + gettargetth.start() + print("getTargets(): ended") + +def submitFlags(): + print("submitFlags(): starting...") + login() + global team + + try: + dbconn = psycopg2.connect(dbconnstring) + cur = dbconn.cursor(cursor_factory=psycopg2.extras.DictCursor) + cur.execute("SELECT * from flags where status = 0 or status = 3 limit 500") + print "Fetched " + str(cur.rowcount) + " rows" + for row in cur.fetchall(): + try: +# TODO: wait for ictf folks to finish this one! + print("Would submit:"+row['flag']) + result = team.submit_flag([row['flag']]) + +# TODO: wait for ictf folks to finish this one! +# if "correct" in result: +# cur.execute("UPDATE flags SET submitted = date_trunc('second', NOW()), " +# "status = %s, srvresponse = %s WHERE fid = %s", +# (1, "correct", row['fid'])) +# TODO: wait for ictf folks to finish this one! + + dbconn.commit() + except psycopg2.DatabaseError as e: + print 'Error %s' % e + + except Exception as e: + print 'Error %s' % e + print "Unexpected error:", sys.exc_info()[0] + + try: + dbconn.close() + except psycopg2.DatabaseError as e: + print 'Error %s' % e + dbconn = None + + time.sleep(5.0) + submitth = threading.Timer(0.5, submitFlags) + submitth.setDaemon(True) + submitth.start() + print("submitFlags(): ended") + +def main(): + print "*** starting ..." + dbconn = psycopg2.connect("host=127.0.0.1 port=5432 dbname=flagbot user=flagbot password=flagbotpw") + cur = dbconn.cursor() + cur.execute("CREATE TABLE IF NOT EXISTS flag_ids (" + "service character varying(32) NOT NULL," + "host character varying(32) NOT NULL," + "flag_id character varying(128) NOT NULL," + "received timestamp without time zone NOT NULL DEFAULT date_trunc('second'::text, now())," + "handed_out timestamp without time zone," + "status integer NOT NULL DEFAULT 0," + "CONSTRAINT flag_ids_pkey PRIMARY KEY (service, flag_id)" + ")") + cur.execute("CREATE TABLE IF NOT EXISTS flags (" + "fid serial NOT NULL," + "flag character varying(32) NOT NULL," + "service character varying(32)," + "flag_id character varying(128)," + "submitter character varying(32)," + "received timestamp without time zone NOT NULL DEFAULT date_trunc('second'::text, now())," + "submitted timestamp without time zone," + "status integer NOT NULL DEFAULT 0, " + "srvresponse character varying(128)," + "CONSTRAINT flags_pkey PRIMARY KEY (fid)," + "CONSTRAINT flags_flag_key UNIQUE (flag)" + ")") + dbconn.commit() + cur.close() + cur = None + dbconn = None + print "Connected to DB + tables created" + + # start one other thread + submitth = threading.Timer(1.0, submitFlags) + submitth.setDaemon(True) + submitth.start() + + getTargets() + +if __name__ == "__main__": + def signal_handler(signal, frame): + print 'SIG received. exitting!' + sys.exit(0) + signal.signal(signal.SIGINT, signal_handler) + main() + diff --git a/get_targets.php b/get_targets.php new file mode 100644 index 0000000..a12d3f5 --- /dev/null +++ b/get_targets.php @@ -0,0 +1,42 @@ + +* do not publish! +*/ + +$GLOBALS['db'] = new PDO('pgsql:host=localhost;port=5432;dbname=flagbot;user=flagbot;password=flagbotpw'); +$GLOBALS['db']->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); + +if (strcmp($_SERVER['REQUEST_METHOD'],"GET") === 0 || strcmp($_SERVER['REQUEST_METHOD'],"POST") === 0 ) { + handleRequest(); +} else { + http_response_code(405); //Method not implemented + exit("

what? try GET or POST

"); +} + +function handleRequest() { + if (isset($_REQUEST['service'])) { + getTargets($_REQUEST['service']); + } else { + echo "

usage:
"; + echo "GET /get_targets.php?service=STRING
"; + echo "POST
service=STRING

"; + } +} + +function getTargets($service) { + try { + $stmt = $GLOBALS['db']->prepare("SELECT * FROM flag_ids WHERE (received + INTERVAL '300 minute') > now() and service = ? and status = 0 ORDER BY received DESC"); + $stmt->execute(array($service)); + $targets = $stmt->fetchAll(PDO::FETCH_ASSOC); + echo json_encode($targets); + }catch(PDOException $ex) { + echo "{}"; + } +} + diff --git a/index.php b/index.php index 3010eca..59aab90 100644 --- a/index.php +++ b/index.php @@ -1,17 +1,17 @@ +* 2014-15 by Jan "Someone" Vales * do not publish! */ -$GLOBALS['db'] = new PDO('pgsql:host=localhost;port=5432;dbname=postgres;user=postgres;password=dba'); -$GLOBALS['db']->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); -$query = "SELECT * FROM flags WHERE (received + INTERVAL '30 minute') > now() and char_length(flag) = 32 ORDER BY received DESC"; +$GLOBALS['db'] = new PDO('pgsql:host=localhost;port=5432;dbname=flagbot;user=flagbot;password=flagbotpw'); +$GLOBALS['db']->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); +$query = "SELECT * FROM flags WHERE (received + INTERVAL '30 minute') > now() ORDER BY received DESC"; ?> @@ -20,7 +20,8 @@ $query = "SELECT * FROM flags WHERE (received + INTERVAL '30 minute') > now() an -

Submission Board

+

Submission Board - Flags

+

go to flag_ids

Shows all submissions of the last 30 min
NUM ROWS: query($query)->fetchAll()); ?>

@@ -29,6 +30,8 @@ $query = "SELECT * FROM flags WHERE (received + INTERVAL '30 minute') > now() an + + @@ -44,6 +47,8 @@ $query = "SELECT * FROM flags WHERE (received + INTERVAL '30 minute') > now() an + + @@ -54,5 +59,6 @@ $query = "SELECT * FROM flags WHERE (received + INTERVAL '30 minute') > now() an ?>
fid flag serviceflag_idsubmitter received submitted status      
+

Status: 0=submission pending; 1=submitted:OK; 2=submitted:Fail

diff --git a/index_flag_ids.php b/index_flag_ids.php new file mode 100644 index 0000000..2b96aa6 --- /dev/null +++ b/index_flag_ids.php @@ -0,0 +1,56 @@ + +* do not publish! +*/ + +$GLOBALS['db'] = new PDO('pgsql:host=localhost;port=5432;dbname=flagbot;user=flagbot;password=flagbotpw'); +$GLOBALS['db']->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); +$query = "SELECT * FROM flag_ids WHERE (received + INTERVAL '30 minute') > now() ORDER BY received DESC"; + +?> + + + + + + +

Submission Board - flag_ids

+

go to flags

+

Shows all submissions of the last 30 min
+ NUM ROWS: query($query)->fetchAll()); ?>

+ + + + + + + + + + + + query($query); + while($row = $stmt->fetch(PDO::FETCH_ASSOC)) { + ?> + + + + + + + + + +
serviceflag_idhostreceivedstatus
   
+

Status: 0=new; 1=depleted

+ + diff --git a/submit.php b/submit.php index 3307d3f..41415aa 100644 --- a/submit.php +++ b/submit.php @@ -1,16 +1,16 @@ +* 2014-15 by Jan "Someone" Vales * do not publish! */ -$GLOBALS['db'] = new PDO('pgsql:host=localhost;port=5432;dbname=postgres;user=postgres;password=dba'); -$GLOBALS['db']->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); +$GLOBALS['db'] = new PDO('pgsql:host=localhost;port=5432;dbname=flagbot;user=flagbot;password=flagbotpw'); +$GLOBALS['db']->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); if (strcmp($_SERVER['REQUEST_METHOD'],"GET") === 0 || strcmp($_SERVER['REQUEST_METHOD'],"POST") === 0 ) { handleRequest(); @@ -20,24 +20,30 @@ if (strcmp($_SERVER['REQUEST_METHOD'],"GET") === 0 || strcmp($_SERVER['REQUEST_M } function handleRequest() { - if (isset($_REQUEST['flag']) && isset($_REQUEST['service']) && strlen($_REQUEST['flag']) == 32 ) { - insertData($_REQUEST['flag'],$_REQUEST['service']); + if (isset($_REQUEST['flag']) && isset($_REQUEST['service']) && isset($_REQUEST['flag_id']) && isset($_REQUEST['submitter'])) { + insertData($_REQUEST['flag'],$_REQUEST['service'], $_REQUEST['flag_id'], $_REQUEST['submitter']); } else { echo "

usage:
"; - echo "GET /submit.php?flag=STRING&service=STRING
"; - echo "POST
flag=STRING&service=STRING

"; + echo "GET /submit.php?flag=STRING&service=STRING&flag_id=STRING&submitter=STRING
"; + echo "POST
flag=STRING&service=STRING&flag_id=STRING&submitter=STRING

"; } } -function insertData($flag, $service) { +function insertData($flag, $service, $flagid, $submitter) { echo "

inserting data...

"; echo "flag=".htmlentities($flag)."
"; echo "service=".htmlentities($service)."

"; + echo "flagid=".htmlentities($flagid)."

"; + echo "submitter=".htmlentities($submitter)."

"; $success = 0; try { $GLOBALS['db']->beginTransaction(); - $stmt = $GLOBALS['db']->prepare("INSERT INTO flags (flag, service) VALUES(?, ?)"); - $stmt->execute(array($flag, $service)); + $stmt_fid = $GLOBALS['db']->prepare("UPDATE flag_ids set status = 1 where service = ? and flag_id = ?"); + $stmt_fid->execute(array($service, $flagid)); + $GLOBALS['db']->commit(); + $GLOBALS['db']->beginTransaction(); + $stmt = $GLOBALS['db']->prepare("INSERT INTO flags (flag, service, flag_id, submitter) VALUES(?, ?, ?, ?)"); + $stmt->execute(array($flag, $service, $flagid, $submitter)); $GLOBALS['db']->commit(); $success = 1; }catch(PDOException $ex) { diff --git a/submitbot.py b/submitbot_tcp.py old mode 100755 new mode 100644 similarity index 97% rename from submitbot.py rename to submitbot_tcp.py index b7895c3..fe0a1dd --- a/submitbot.py +++ b/submitbot_tcp.py @@ -74,7 +74,7 @@ def main(): try: print "*** sleeping "+str(sleeptime)+" sec..." time.sleep(sleeptime) - dbconn = psycopg2.connect("host=127.0.0.1 port=5433 dbname=postgres user=postgres password=dba") + dbconn = psycopg2.connect("host=127.0.0.1 port=5432 dbname=flagbot user=flagbot password=flagbotpw") cur = dbconn.cursor() cur.execute("CREATE TABLE IF NOT EXISTS flags (" "fid serial NOT NULL PRIMARY KEY," @@ -126,7 +126,7 @@ def main(): print 'Error %s' % e cur = None dbconn.rollback() - + except psycopg2.DatabaseError as e: print 'Error %s' % e try: -- 2.43.0