From e165ddeb94cc3e44361963044a57593b4dc4fdc5 Mon Sep 17 00:00:00 2001 From: root Date: Mon, 8 May 2017 23:32:47 +0200 Subject: [PATCH] post-ictf --- bots/get_targets_ictf.py | 84 ++++++++++ bots/submit_ictf.py | 110 +++++++++++++ bots/submit_ictf_batch.py | 112 ++++++++++++++ submitbot_tcp.py => bots/submit_ructfe.py | 0 flagbot.py | 180 ---------------------- get_targets.php | 2 +- index.php | 10 +- index_flag_ids.php | 7 +- index_serviceflags.php | 8 +- 9 files changed, 325 insertions(+), 188 deletions(-) create mode 100755 bots/get_targets_ictf.py create mode 100755 bots/submit_ictf.py create mode 100755 bots/submit_ictf_batch.py rename submitbot_tcp.py => bots/submit_ructfe.py (100%) mode change 100644 => 100755 delete mode 100644 flagbot.py diff --git a/bots/get_targets_ictf.py b/bots/get_targets_ictf.py new file mode 100755 index 0000000..f215e17 --- /dev/null +++ b/bots/get_targets_ictf.py @@ -0,0 +1,84 @@ +#!/usr/bin/env python3 +# +# Copyright 2015-2017 by Jan Vales (Someone ) +# send me your changes. credit author(s). do not publish. share alike. +# to be done: find a suitable licence text. +# + +import psycopg2 +import psycopg2.extras +import sys +import time +import signal +import socket +import threading +import pprint +import traceback + +import ictf + +team = None +dbconnstring = "host=127.0.0.1 port=5432 dbname=flagbot user=flagbot password=flagbotpw" + +def login(force = False): + global team + if force == True or team is None: + team = ictf.iCTF().login('ctf@w0y.at','ZmtphWHFUDwRWk6m') + print("login(): logged in.") + +def getTargets(): + print("getTargets() starting...") + try: + login(True) + global team + + service_list = team.get_service_list() + #dbconn = psycopg2.connect(dbconnstring) + #cur = dbconn.cursor() + #cur.execute("DELETE FROM flag_ids") + #dbconn.commit() + + for service in service_list: + try: + print("getTargets() getting for:"+str(service['service_name'])) + targets = team.get_targets(service['service_id']) + print("getTargets() got "+str(len(targets['targets']))+" targets.") + for target in targets['targets']: + try: + dbconn = psycopg2.connect(dbconnstring) + cur = dbconn.cursor() + cur.execute("INSERT INTO flag_ids (service, team, host, port, flag_id) VALUES (%s, %s, %s, %s, %s)", + (service['service_name'], target['team_name'], target['hostname'], target['port'], target['flag_id'])) + dbconn.commit() + except psycopg2.IntegrityError as e: + pass + + except psycopg2.DatabaseError as e: + print('getTargets() Error %s' % e) + traceback.print_exc(file=sys.stdout) + + except Exception as e: + print('getTargets() Error %s' % e) + traceback.print_exc(file=sys.stdout) + + except Exception as e: + print('getTargets() Error %s' % e) + traceback.print_exc(file=sys.stdout) + + + time.sleep(10.0) + gettargetth = threading.Timer(0.5, getTargets) + gettargetth.start() + print("getTargets(): ended") + +def main(): + print("*** starting ...") + getTargets() + +if __name__ == "__main__": + def signal_handler(signal, frame): + print('SIG received. exitting!') + sys.exit(0) + signal.signal(signal.SIGINT, signal_handler) + main() + diff --git a/bots/submit_ictf.py b/bots/submit_ictf.py new file mode 100755 index 0000000..c7b39ce --- /dev/null +++ b/bots/submit_ictf.py @@ -0,0 +1,110 @@ +#!/usr/bin/env python2 +# +# Copyright 2015-2017 by Jan Vales (Someone ) +# send me your changes. credit author(s). do not publish. share alike. +# to be done: find a suitable licence text. +# + +import psycopg2 +import psycopg2.extras +import sys +import time +import signal +import socket +import threading +import traceback + +import ictf + +team = None +dbconnstring = "host=127.0.0.1 port=5432 dbname=flagbot user=flagbot password=flagbotpw" + +def login(force = False): + global team + if force == True or team is None: + team = ictf.iCTF().login('ctf@w0y.at','ZmtphWHFUDwRWk6m') + print("login(): logged in.") + + +def submit(flag): + global team + + try: + result = team.submit_flag([flag]) + result = result[0] + + if "notactive" in result: + return (2, result) + elif "incorrect" in result: + return (3, result) + elif "correct" in result: + return (1, result) + else: + return (4, result) + + except Exception as e: + print('Error %s' % e) + traceback.print_exc(file=sys.stdout) + + +def main(): + sleeptime = 1 + dbconn = None + while True: + try: + print("*** sleeping "+str(sleeptime)+" sec...") + time.sleep(sleeptime) + dbconn = psycopg2.connect("host=s.i port=5432 dbname=flagbot user=flagbot password=flagbotpw") + print("Connected to DB") + + cur = None + login(True) + global team + + while True: + try: + cur = dbconn.cursor(cursor_factory=psycopg2.extras.DictCursor) + cur.execute("SELECT * from flags where status = 0 or status = 4 order by random() limit 1") + if cur.rowcount == 0: + print("*** sleeping another "+str(sleeptime)+" sec...") + time.sleep(sleeptime) + continue + for row in cur.fetchall(): + if row['flag'] is None or row['flag'].strip() == '': + continue + (status, resp) = submit(row['flag']) + print("submitted: "+row['flag']+" - response: ("+str(status)+") "+resp) + if status != 0: + cur.execute("UPDATE flags SET submitted = date_trunc('second', NOW()), status = %s, srvresponse = %s WHERE fid = %s and status = 0 or status = 4", + (status, resp, row['fid'])) + dbconn.commit() + except psycopg2.DatabaseError as e: + print('Error %s' % e) + try: + cur.close() + dbconn.rollback() + except psycopg2.DatabaseError as e: + print('Error %s' % e) + cur = None + dbconn.rollback() + sock.shutdown(socket.SHUT_WR) + sock.close() + + except psycopg2.DatabaseError as e: + print('Error %s' % e) + try: + dbconn.close() + except psycopg2.DatabaseError as e: + print('Error %s' % e) + dbconn = None + + print("should never be reached") + + +if __name__ == "__main__": + def signal_handler(signal, frame): + print('SIG received. exitting!') + sys.exit(0) + signal.signal(signal.SIGINT, signal_handler) + main() + diff --git a/bots/submit_ictf_batch.py b/bots/submit_ictf_batch.py new file mode 100755 index 0000000..3c8ab7f --- /dev/null +++ b/bots/submit_ictf_batch.py @@ -0,0 +1,112 @@ +#!/usr/bin/env python2 +# +# Copyright 2015-2017 by Jan Vales (Someone ) +# send me your changes. credit author(s). do not publish. share alike. +# to be done: find a suitable licence text. +# + +import psycopg2 +import psycopg2.extras +import sys +import time +import signal +import socket +import threading +import traceback + +import ictf + +team = None +dbconnstring = "host=127.0.0.1 port=5432 dbname=flagbot user=flagbot password=flagbotpw" + +def login(force = False): + global team + if force == True or team is None: + team = ictf.iCTF().login('ctf@w0y.at','ZmtphWHFUDwRWk6m') + print("login(): logged in.") + + +def submitFlags(): + print("submitFlag(): starting...") + dbconn = None + + try: + login() + global team + + dbconn = psycopg2.connect(dbconnstring) + cur = dbconn.cursor(cursor_factory=psycopg2.extras.DictCursor) + cur.execute("SELECT * from flags where status = 0 or status = 4 order by random() limit 400") + print("submitFlag(): submitting " + str(cur.rowcount) + " flags...") + flist = [x['flag'] for x in cur.fetchall()] + result = team.submit_flag(flist) + resultlist = list(zip(flist,result)) + + for res in resultlist: + try: + result = res[1] + + if "notactive" in result: + cur.execute("UPDATE flags SET submitted = date_trunc('second', NOW()), " + "status = %s, srvresponse = %s WHERE flag = %s", + (2, result, res[0])) + + elif "incorrect" in result: + cur.execute("UPDATE flags SET submitted = date_trunc('second', NOW()), " + "status = %s, srvresponse = %s WHERE flag = %s", + (2, result, res[0])) + + elif "correct" in result: + cur.execute("UPDATE flags SET submitted = date_trunc('second', NOW()), " + "status = %s, srvresponse = %s WHERE flag = %s", + (1, result, res[0])) + + elif "already" in result: + cur.execute("UPDATE flags SET submitted = date_trunc('second', NOW()), " + "status = %s, srvresponse = %s WHERE flag = %s", + (3, result, res[0])) + + + else: + import pprint + pprint.pprint(result) + cur.execute("UPDATE flags SET submitted = date_trunc('second', NOW()), " + "status = %s, srvresponse = %s WHERE flag = %s", + (4, result, res[0])) + + dbconn.commit() + except psycopg2.DatabaseError as e: + print('Error %s' % e) + traceback.print_exc(file=sys.stdout) + + except Exception as e: + print('Error %s' % e) + traceback.print_exc(file=sys.stdout) + + try: + dbconn.close() + except AttributeError as e: + pass +# print('Error %s' % e) +# traceback.print_exc(file=sys.stdout) + + except psycopg2.DatabaseError as e: + print('Error %s' % e) + traceback.print_exc(file=sys.stdout) + + print("submitFlag(): ended.") + time.sleep(5.0) + + +def main(): + print("*** starting ...") + while True: + submitFlags() + +if __name__ == "__main__": + def signal_handler(signal, frame): + print('SIG received. exitting!') + sys.exit(0) + signal.signal(signal.SIGINT, signal_handler) + main() + diff --git a/submitbot_tcp.py b/bots/submit_ructfe.py old mode 100644 new mode 100755 similarity index 100% rename from submitbot_tcp.py rename to bots/submit_ructfe.py diff --git a/flagbot.py b/flagbot.py deleted file mode 100644 index b336549..0000000 --- a/flagbot.py +++ /dev/null @@ -1,180 +0,0 @@ -#!/usr/bin/env python -# -# Copyright 2015 by Jan Vales (Someone ) -# send me your changes. credit author(s). do not publish. share alike. -# to be done: find a suitable licence text. -# - -import psycopg2 -import psycopg2.extras -import sys -import time -import signal -import socket -import threading - -import ictf - -team = None -dbconnstring = "host=127.0.0.1 port=5432 dbname=flagbot user=flagbot password=flagbotpw" - -def login(force = False): - global team - if force == True or team is None: - team = ictf.iCTF().login('georg@iseclab.org','8u6kNdUcsxE6sEkT') - print("login(): logged in.") - -def getTargets(): - print("getTargets() starting...") - login(True) - global team - - service_list = team.get_service_list() - service_names = [s['service_name'].encode("ascii") for s in service_list] - import pprint - pprint.pprint(service_names) - try: - for service in service_names: - try: -# print("getTargets() getting for:"+service) - targets = team.get_targets(service) - for target in targets['targets']: - try: - dbconn = psycopg2.connect(dbconnstring) - cur = dbconn.cursor() - cur.execute("INSERT INTO flag_ids (service, team, host, port, flag_id) VALUES (%s, %s, %s, %s, %s)", - (service, target['team_name'], target['ip_address'], target['port'], target['flag_id'])) - dbconn.commit() - except psycopg2.DatabaseError as e: - pass -# print 'getTargets()Error %s' % e -# print "getTargets() Unexpected error:", sys.exc_info()[0] - try: - dbconn.close() - except psycopg2.DatabaseError as e: - print 'getTargets()Error %s' % e - dbconn = None - - except Exception as e: - print 'getTargets()Error %s' % e - print "getTargets() Unexpected error:", sys.exc_info()[0] - - except Exception as e: - print 'getTargets() Error %s' % e - print "Unexpected error:", sys.exc_info()[0] - - - time.sleep(5.0) - gettargetth = threading.Timer(0.5, getTargets) - gettargetth.start() - print("getTargets(): ended") - -def submitFlags(): - print("submitFlag(): starting...") - login() - global team - - try: - dbconn = psycopg2.connect(dbconnstring) - cur = dbconn.cursor(cursor_factory=psycopg2.extras.DictCursor) - cur.execute("SELECT * from flags where status = 0 or status = 3 order by random() limit 50") - print "submitFlag() submitting " + str(cur.rowcount) + " flags" - for row in cur.fetchall(): - try: - result = team.submit_flag([row['flag']]) - - if "correct" in result: - cur.execute("UPDATE flags SET submitted = date_trunc('second', NOW()), " - "status = %s, srvresponse = %s WHERE fid = %s", - (1, result, row['fid'])) - - elif "already" in result: - cur.execute("UPDATE flags SET submitted = date_trunc('second', NOW()), " - "status = %s, srvresponse = %s WHERE fid = %s", - (2, result, row['fid'])) - - elif "notactive" in result: - cur.execute("UPDATE flags SET submitted = date_trunc('second', NOW()), " - "status = %s, srvresponse = %s WHERE fid = %s", - (2, result, row['fid'])) - - elif "incorrect" in result: - cur.execute("UPDATE flags SET submitted = date_trunc('second', NOW()), " - "status = %s, srvresponse = %s WHERE fid = %s", - (2, result, row['fid'])) - - else: - import pprint - pprint.pprint(result) - cur.execute("UPDATE flags SET submitted = date_trunc('second', NOW()), " - "status = %s, srvresponse = %s WHERE fid = %s", - (3, result, row['fid'])) - - dbconn.commit() - except psycopg2.DatabaseError as e: - print 'Error %s' % e - - except Exception as e: - print 'Error %s' % e - print "Unexpected error:", sys.exc_info()[0] - - try: - dbconn.close() - except psycopg2.DatabaseError as e: - print 'Error %s' % e - dbconn = None - - time.sleep(5.0) - submitth = threading.Timer(0.5, submitFlags) - submitth.setDaemon(True) - submitth.start() - print("submitFlag(): ended") - -def main(): - print "*** starting ..." - dbconn = psycopg2.connect("host=127.0.0.1 port=5432 dbname=flagbot user=flagbot password=flagbotpw") - cur = dbconn.cursor() - cur.execute("CREATE TABLE IF NOT EXISTS flag_ids (" - "service character varying(64) NOT NULL," - "team character varying(64) NOT NULL," - "host character varying(10) NOT NULL," - "port character varying(10) NOT NULL," - "flag_id character varying(128) NOT NULL," - "received timestamp without time zone NOT NULL DEFAULT date_trunc('second'::text, now())," - "handed_out timestamp without time zone," - "status integer NOT NULL DEFAULT 0," - "CONSTRAINT flag_ids_pkey PRIMARY KEY (service, flag_id)" - ")") - cur.execute("CREATE TABLE IF NOT EXISTS flags (" - "fid serial NOT NULL," - "flag character varying(32) NOT NULL," - "service character varying(32)," - "flag_id character varying(128)," - "submitter character varying(32)," - "received timestamp without time zone NOT NULL DEFAULT date_trunc('second'::text, now())," - "submitted timestamp without time zone," - "status integer NOT NULL DEFAULT 0, " - "srvresponse character varying(128)," - "CONSTRAINT flags_pkey PRIMARY KEY (fid)," - "CONSTRAINT flags_flag_key UNIQUE (flag)" - ")") - dbconn.commit() - cur.close() - cur = None - dbconn = None - print "Connected to DB + tables created" - - # start one other thread - submitth = threading.Timer(1.0, submitFlags) - submitth.setDaemon(True) - submitth.start() - - getTargets() - -if __name__ == "__main__": - def signal_handler(signal, frame): - print 'SIG received. exitting!' - sys.exit(0) - signal.signal(signal.SIGINT, signal_handler) - main() - diff --git a/get_targets.php b/get_targets.php index 32650b3..f87499b 100644 --- a/get_targets.php +++ b/get_targets.php @@ -31,7 +31,7 @@ function handleRequest() { function getTargets($service) { try { - $stmt = $GLOBALS['db']->prepare("SELECT * FROM flag_ids WHERE (received + INTERVAL '30 minute') > now() and service = ? and status = 0 ORDER BY received DESC"); + $stmt = $GLOBALS['db']->prepare("SELECT * FROM flag_ids WHERE (received + INTERVAL '15 minute') > now() and service = ? and status = 0 ORDER BY received DESC"); $stmt->execute(array($service)); $targets = $stmt->fetchAll(PDO::FETCH_ASSOC); echo json_encode($targets); diff --git a/index.php b/index.php index 1b4e951..e023021 100644 --- a/index.php +++ b/index.php @@ -18,12 +18,16 @@ $query = "SELECT * FROM flags WHERE (received + INTERVAL '30 minute') > now() OR +

Submission Board - Flags

-

Service + Exploit flags Alltime Service + Exploit flags Flaglist go to flag_ids

-

Shows all submissions of the last 30 min
- NUM ROWS: query($query)->fetchAll()); ?>

+

Flags +Service + Exploit flags Alltime Service + Exploit flags +Flag_IDs

+ try: +

Shows all submissions of the last 30 min. Current Time:
+ NUM ROWS: query($query)->fetchAll());?>

diff --git a/index_flag_ids.php b/index_flag_ids.php index b79883c..71a379d 100644 --- a/index_flag_ids.php +++ b/index_flag_ids.php @@ -18,11 +18,14 @@ $query = "SELECT * FROM flag_ids WHERE (received + INTERVAL '30 minute') > now() +

Submission Board - flag_ids

-

go to flags

-

Shows all submissions of the last 30 min
+

Flags +Service + Exploit flags Alltime Service + Exploit flags +Flag_IDs

+

Shows all submissions of the last 30 min. Current Time:
NUM ROWS: query($query)->fetchAll()); ?>

diff --git a/index_serviceflags.php b/index_serviceflags.php index 6f21360..13d2dfc 100644 --- a/index_serviceflags.php +++ b/index_serviceflags.php @@ -21,12 +21,16 @@ if (isset($_REQUEST['all'])) $query = "SELECT count(*) as count , submitter, ser +

Submission Board - Services/Exploits and their Flags

-

Service + Exploit flags Alltime Service + Exploit flags Flaglist go to flag_ids

- Shows all submissions of the last 30 min
'; ?> +

Flags +Service + Exploit flags Alltime Service + Exploit flags +Flag_IDs

+

+ Current Time:
NUM ROWS: query($query)->fetchAll()); ?>

-- 2.43.0