diff --git a/misc/avatar/README.md b/misc/avatar/README.md new file mode 100644 index 0000000..722ae50 --- /dev/null +++ b/misc/avatar/README.md @@ -0,0 +1,6 @@ +The avatar is imprisoned in an ice jail. Can you help him awaken his powers? + +author: hweissi +``` +nc chall.glacierctf.com 13384 +``` \ No newline at end of file diff --git a/misc/avatar/chall.py b/misc/avatar/chall.py new file mode 100644 index 0000000..1a2436a --- /dev/null +++ b/misc/avatar/chall.py @@ -0,0 +1,9 @@ +print("You get one chance to awaken from the ice prison.") +code = input("input: ").strip() +whitelist = """gctf{"*+*(=>:/)*+*"}""" # not the flag +if any([x not in whitelist for x in code]) or len(code) > 40000: + + print("Denied!") + exit(0) + +eval(eval(code, {'globals': {}, '__builtins__': {}}, {}), {'globals': {}, '__builtins__': {}}, {}) diff --git a/misc/glacier-military-daemon/README.md b/misc/glacier-military-daemon/README.md new file mode 100644 index 0000000..005713a --- /dev/null +++ b/misc/glacier-military-daemon/README.md @@ -0,0 +1,16 @@ +Deep in the glaciers, secret scientific laboratories of a secretive PMC are located. These laboratories are isolated from the rest of the humanity due to the nature of the experiments that are performed there. For infrastructure reasons, they developed a connectivity health check daemon which run in each basement of their complex. + +You've heard that the health check was developed by a scientist which disappeared short after the deployment of the daemons. The PMC assigned him the task of upgrading the daemons so they are able to recover from errors and corruptions. The scientist allegedly developed the 'glacier resilience' plug and play technology for the daemons. + +Years ago, you heard stories from other workers mentioning that the original developer was not aligned with the authoritative PMC actions and values. They suggested that it could be the reason why he 'disappeared'. Yesterday, one of the daemons went down due to a chain of errors. + +Now it's your turn to continue his job. + +PMC Soldier> "Scientist 0x814A, here is the connection to the server which hosts the daemon of our base. Here is also the access token, tied personally to you. You have readonly disk access as we don't trust you yet. The daemon is currently down, get familiar with the codebase and put it back online. Don't commit the same errors as the last one." + +author: ecomaikgolf +``` +telnet chall.glacierctf.com 13386 +``` + +**Token:** `eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MzMsIm5vbmNlIjoiMzA5NjA3MGVlNDcxZTc1MmJhMDU1NjkzNzA4YTUyZTE3ZTBhN2RhYjIyYzgzYmRhMTZhMzVjMDM0Y2FlYTNlZCIsImhhc2giOiI5MzE3YjJlNDYxY2UzMjM4NjJmYjc5ODMyYTY5M2Q1NTg3MjM4ZjkyMjFmZmY5ZWE2OTlhZGZmMThkYTE2NzI0IiwiY2hhbGxlbmdlIjoiNmFhYzFmZWZlNDkwMzg0M2MyMTlkODM1OTlkM2ZiYjMzYWQzZDM5YzQzNTE5NzA3ODdmNDA4ZDdkOGFmZGVmMiIsInRpbWVmcmFtZSI6MzYwfQ.XeQk2zNNpvdEGAHyRwh71rCHIduTOP8JiOD9oJpevTtpQJ4F_xwR7b434NzYU1i6teLtgxV19iMNyQ-vlcNezNrcMX1PaGXJPYKEVFpBECSSXKCYHBUG4wT7nHNtwK2ROGb0wHeNfAWbHP2CDu4Gjao7n7rldnphMyR4ISqxmd7zcrfMMLPTfNedn7LSS_Ri9cRbUdtGTmJoREcvmwMzdUj2fUF5YkWjhLk9zKcmw1-dsCUpzUDrnMmA3z2jIYAzXStzAqVNujoJBVjmvclZ9UdV0XtyjQh5E-PfDlPkXvpj-Vz6nTpnhnp0SJ9Ezwu6LZdASNvJS6_0boyPkYnybqfGEzYZ2j-_QV08oO7-S1OeBwpyUXyPDECi1IjXSZPjYMAMD4Yqu2QuJZmtN7OVVlImFJGGbYimXdEp9Cjcbsx63JdY5xMZcyjuIMLtJbTgDFb0aUEclqHBt2BETA5tahi0qkF7oPt2hwSwOU0_Q-zpOmufIW1tgTk4ePAapCwmqtq0F4AJnV2VLeLdynwEQgCyCSPZRhGrhcjClesN-n2LFL56Kuf37Q0f_-DZYU4vPFQzT8-bMub0kzp8d0-sKn5u6qNcn6qng0fT3UFq4RDlYHT9NXyvFHs_ZIEhvKnV3uaJDxqwIuFreMavseIYL0kLl1R0qplFfGp1V0TuVOU` \ No newline at end of file diff --git a/misc/glacier-military-daemon/chall.zip b/misc/glacier-military-daemon/chall.zip new file mode 100644 index 0000000..2ac2301 Binary files /dev/null and b/misc/glacier-military-daemon/chall.zip differ diff --git a/misc/glacier-military-daemon/glacier-military-daemon/Dockerfile b/misc/glacier-military-daemon/glacier-military-daemon/Dockerfile new file mode 100644 index 0000000..4ffcf88 --- /dev/null +++ b/misc/glacier-military-daemon/glacier-military-daemon/Dockerfile @@ -0,0 +1,27 @@ +FROM debian:stable-slim + +RUN DEBIAN_FRONTEND=noninteractive; \ + apt-get -y update; \ + apt-get -y install zsh file; \ + rm -rf /var/lib/apt/lists/*; + +RUN adduser --home /home/sci33098 --shell /bin/zsh sci33098 +RUN usermod --shell /sbin/nologin root + +COPY grhealth /sbin/ +RUN chown root:root /sbin/grhealth +RUN chmod +s /sbin/grhealth +RUN chmod +x /sbin/grhealth + +WORKDIR /home/sci33098 + +COPY glacier-military-daemon-flag /flag.txt +RUN chown root:root /flag.txt +RUN chmod 700 /flag.txt + +COPY zshrc .zshrc +COPY Makefile . +COPY main.c . +COPY glacier_resilience.h . + +CMD ["zsh"] diff --git a/misc/glacier-military-daemon/glacier-military-daemon/Makefile b/misc/glacier-military-daemon/glacier-military-daemon/Makefile new file mode 100644 index 0000000..66a0178 --- /dev/null +++ b/misc/glacier-military-daemon/glacier-military-daemon/Makefile @@ -0,0 +1,31 @@ +.PHONY: default run clean +default: compile + +BIN := grhealth +SRC := main.c +HDR := glacier_resilience.h +PMR := 0 10 + +# Compile flags, pass PMC standards +CFLAGS += -O2 -Werror -Wall -Wextra -Wformat=2 -Wno-unused-parameter \ +-Wformat-overflow=2 -Wformat-truncation=2 -Wformat-security -Wnull-dereference \ +-Wstack-protector -Wtrampolines -Walloca -Wvla -Warray-bounds=2 \ +-Wimplicit-fallthrough=3 -Wshift-overflow=2 -Wcast-qual -Wstringop-overflow=4 \ +-Wconversion -Warith-conversion -Wlogical-op -Wduplicated-cond \ +-Wduplicated-branches -Wformat-signedness -Wshadow -Wstrict-overflow=4 -Wundef \ +-Wstrict-prototypes -Wswitch-default -Wswitch-enum -Wstack-usage=1000000 \ +-Wcast-align=strict -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=3 \ +-fstack-protector-strong -fstack-clash-protection -fPIE -fsanitize=bounds \ +-fsanitize-undefined-trap-on-error -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack \ +-Wl,-z,separate-code # src: https://github.com/airbus-seclab/c-compiler-security + +compile: $(BIN) +$(BIN): $(SRC) $(HDR) + $(CC) $(CFLAGS) $(SRC) -o $(BIN) + strip $(BIN) + +run: $(BIN) + ./$< $(PMR) + +clean: + rm -f $(BIN) diff --git a/misc/glacier-military-daemon/glacier-military-daemon/glacier-military-daemon-flag b/misc/glacier-military-daemon/glacier-military-daemon/glacier-military-daemon-flag new file mode 100644 index 0000000..ffad320 --- /dev/null +++ b/misc/glacier-military-daemon/glacier-military-daemon/glacier-military-daemon-flag @@ -0,0 +1 @@ +gctf{TESTFLAG} diff --git a/misc/glacier-military-daemon/glacier-military-daemon/glacier_resilience.h b/misc/glacier-military-daemon/glacier-military-daemon/glacier_resilience.h new file mode 100644 index 0000000..b411010 --- /dev/null +++ b/misc/glacier-military-daemon/glacier-military-daemon/glacier_resilience.h @@ -0,0 +1,41 @@ +#pragma once + +#define RES_SLEEP 3 +#define handle_error() \ + do { \ + sleep(RES_SLEEP); \ + fprintf(stderr,"[!] Restarting due to error in %s:%d %s\n", \ + __FILE__, __LINE__, __FUNCTION__); \ + execv(argv[0], argv); \ + exit(1); \ + } while(0); + +// ./argv[0] +// For example ./argv[0] 0 10 -> Retry 10 times in case of error +if(argc != 3) { + fprintf(stderr, "[!] Initialize the daemon properly: %s 0 MAX\n", argv[0]); + return 1; +} + +// Read maximum reboots our daemon should try before giving up +long int max = strtol(argv[2], NULL, 10); +if(max < 0) + max = 0; + +// Read current restart counter +long int counter = strtol(argv[1], NULL, 10); +if(counter < 0) + counter = 0; +counter++; + +// Check if we reached the limit of restarts +if(counter > max) { + fprintf(stderr, "[!] Maximum number of errors (%li) reached\n", max); + return 1; +} + +// Update argv[1] with updated counter in case we have to restart +char newargv1[20]; // 20 == ceil(log10(2^64)) +memset(newargv1, 0x0, sizeof(newargv1)); +snprintf(newargv1, sizeof(newargv1), "%li", counter); +argv[1] = newargv1; diff --git a/misc/glacier-military-daemon/glacier-military-daemon/grhealth b/misc/glacier-military-daemon/glacier-military-daemon/grhealth new file mode 100755 index 0000000..4480866 Binary files /dev/null and b/misc/glacier-military-daemon/glacier-military-daemon/grhealth differ diff --git a/misc/glacier-military-daemon/glacier-military-daemon/main.c b/misc/glacier-military-daemon/glacier-military-daemon/main.c new file mode 100644 index 0000000..180ce04 --- /dev/null +++ b/misc/glacier-military-daemon/glacier-military-daemon/main.c @@ -0,0 +1,91 @@ +/* Copyr1ght (Ç) 2Ò4O Secret Glacier PMC - All Rights Preserved You may use, + * distribute and modify this code under the terms of the /dev/null license, + * which unfortunately won't be listed here. + * + * You should have received a copy of the /dev/null license with this file. If + * not, please write to: nobody:nogroup. + */ + +#include +#include +#include +#include +#include +#include +#include + +#define PORT 80 // Listening PORT. Privileged so setuid +#define PEND_CONN 5 // listen() `backlog` +#define BUFLIM 64 // Max per-client conn read + +int main(int argc, char **argv) { + setvbuf(stdout, NULL, _IONBF, 0); + setvbuf(stderr, NULL, _IONBF, 0); + + //660bcae7 main.c (Scientist 0x7AB3 2042-02-08 10:55:20 +0000) + // Scientist 0x7AB3: Novel Plug and Make mechanism in C32 + #if __has_include("glacier_resilience.h") + #include "glacier_resilience.h" + #else + #define handle_error() \ + do { \ + fprintf(stderr, "[!] Something went wrong\n"); \ + exit(1); \ + } while(0); + #endif + + printf("[*] Launching %s service\n", argv[0]); + + struct sockaddr_in listen_ad; + memset(&listen_ad, 0x00, sizeof(listen_ad)); + listen_ad.sin_family = AF_INET; + listen_ad.sin_addr.s_addr = htonl(INADDR_ANY); + listen_ad.sin_port = htons(PORT); + + int listen_fd = socket(AF_INET, SOCK_STREAM, 0); + if(listen_fd < 0) + handle_error(); + + // Bind to port PORT + if(bind(listen_fd, (struct sockaddr*)&listen_ad, sizeof(listen_ad)) < 0) + handle_error(); + + printf("[*] Listening on port %d\n", PORT); + + if(listen(listen_fd, PEND_CONN) < 0) + handle_error(); + + while(1) { + printf("[*] Waiting for client connections\n"); + + int client = accept(listen_fd, (struct sockaddr*)NULL, NULL); + if(client < 0) + handle_error(); + + printf("[*] Received client connection\n"); + + char conbuf[BUFLIM]; + memset(conbuf,0x00,BUFLIM); + + ssize_t ret = read(client, conbuf, BUFLIM); + if(ret < 0) + handle_error(); + + printf("[*] Received client echo\n"); + + if(write(client, conbuf, (size_t)ret) < 0) + handle_error(); + + printf("[*] Replied to client echo\n"); + + if(shutdown(client, SHUT_RDWR) < 0) + handle_error(); + + if(close(client) < 0) + handle_error(); + + printf("[*] Closed client connection\n"); + } + + return 0; +} diff --git a/misc/glacier-military-daemon/glacier-military-daemon/run-challenge-local.sh b/misc/glacier-military-daemon/glacier-military-daemon/run-challenge-local.sh new file mode 100755 index 0000000..bf9b0c4 --- /dev/null +++ b/misc/glacier-military-daemon/glacier-military-daemon/run-challenge-local.sh @@ -0,0 +1,28 @@ +#!/bin/sh + +ENGINE=podman +if ! [ -x "$(command -v podman)" ]; then + ENGINE=docker + if ! [ -x "$(command -v docker)" ]; then + echo "[!] Please install a container engine such as podman or docker." + exit 1 + fi +fi + +$ENGINE build -t glacier-military-daemon . +$ENGINE run -it \ + --log-driver=none \ + --env PWD=/home/sci33098 \ + --read-only-tmpfs=true \ + --restart no \ + --uts=private \ + --pull never \ + --read-only \ + --no-hosts \ + --network none \ + --memory 5m \ + --user sci33098 \ + --hostname pmclab006 \ + --rm localhost/glacier-military-daemon:latest \ + /bin/zsh + #--timeout=300 diff --git a/misc/glacier-military-daemon/glacier-military-daemon/zshrc b/misc/glacier-military-daemon/glacier-military-daemon/zshrc new file mode 100644 index 0000000..2ba8e03 --- /dev/null +++ b/misc/glacier-military-daemon/glacier-military-daemon/zshrc @@ -0,0 +1,17 @@ +export TERM='xterm-256color' +PROMPT="%F{209}[%F{green}%n@%M %F{116}%(3~|../%2~|%~)%F{209}]$%f " + +clear + +echo "" +echo ".--------------------------------------------------------------------." +echo "| [ Welcome to pwn/glacier-military-daemon from GlacierCTF2023 ] |" +echo "| |" +echo "| - Don't try to take infra down. Don't be Eve |" +echo "| - You have zsh as shell & this is Debian 12 slim |" +echo "| - There is a flag in /flag.txt and a binary in /sbin/grhealth |" +echo "| - This instance is unique and has a timeout of 5 minutes |" +echo "| - chall.zip has a local version without PoW, JWT or timeouts |" +echo "| |" +echo "·--------------------------------------------------------------------·" +echo "" diff --git a/misc/icy-riffs/README.md b/misc/icy-riffs/README.md new file mode 100644 index 0000000..c5aa3be --- /dev/null +++ b/misc/icy-riffs/README.md @@ -0,0 +1 @@ +At the last halloween party we played some guitar hero, which was a whole lot of fun and helped me to get over my fear of ghosts. Eventually we played through all the songs the game had to offer, so I decided to create one of my own. I also added a Warmup Map called Invincible, so that you can easily shred through the other one. I hope you enjoy it! \ No newline at end of file diff --git a/misc/icy-riffs/icyriffs.zip b/misc/icy-riffs/icyriffs.zip new file mode 100644 index 0000000..6f371d9 Binary files /dev/null and b/misc/icy-riffs/icyriffs.zip differ diff --git a/misc/icy-riffs/icyriffs/Invincible/notes.chart b/misc/icy-riffs/icyriffs/Invincible/notes.chart new file mode 100644 index 0000000..681ca1d --- /dev/null +++ b/misc/icy-riffs/icyriffs/Invincible/notes.chart @@ -0,0 +1,205 @@ +[Song] +{ + Name = "Invincible" + Artist = "DEAF KEV" + Charter = "LetsFailNoob" + Album = "NoCopyRightSounds" + Year = ", 2015" + Offset = 0 + Resolution = 192 + Player2 = bass + Difficulty = 0 + PreviewStart = 0 + PreviewEnd = 0 + Genre = "Glitch Hop" + MediaType = "YouTube" + MusicStream = "song.ogg" +} +[SyncTrack] +{ + 0 = TS 4 + 0 = B 100000 +} +[Events] +{ + 288 = E "phrase_start" + 384 = E "lyric a" + 480 = E "phrase_end" + 490 = E "phrase_start" + 576 = E "lyric b" + 624 = E "phrase_end" + 672 = E "phrase_start" + 768 = E "lyric c" + 864 = E "phrase_end" + 883 = E "phrase_start" + 960 = E "lyric d" + 1056 = E "phrase_end" + 1075 = E "phrase_start" + 1152 = E "lyric e" + 1248 = E "phrase_end" + 1267 = E "phrase_start" + 1344 = E "lyric f" + 1440 = E "phrase_end" + 1459 = E "phrase_start" + 1536 = E "lyric g" + 1632 = E "phrase_end" + 1651 = E "phrase_start" + 1728 = E "lyric h" + 1824 = E "phrase_end" + 1843 = E "phrase_start" + 1920 = E "lyric i" + 2016 = E "phrase_end" + 2035 = E "phrase_start" + 2112 = E "lyric j" + 2208 = E "phrase_end" + 2227 = E "phrase_start" + 2304 = E "lyric k" + 2400 = E "phrase_end" + 2419 = E "phrase_start" + 2496 = E "lyric l" + 2592 = E "phrase_end" + 2611 = E "phrase_start" + 2688 = E "lyric m" + 2784 = E "phrase_end" + 2803 = E "phrase_start" + 2880 = E "lyric n" + 2976 = E "phrase_end" + 2995 = E "phrase_start" + 3072 = E "lyric o" + 3168 = E "phrase_end" + 3187 = E "phrase_start" + 3264 = E "lyric p" + 3360 = E "phrase_end" + 3379 = E "phrase_start" + 3456 = E "lyric q" + 3552 = E "phrase_end" + 3571 = E "phrase_start" + 3648 = E "lyric r" + 3744 = E "phrase_end" + 3763 = E "phrase_start" + 3840 = E "lyric s" + 3936 = E "phrase_end" + 3955 = E "phrase_start" + 4032 = E "lyric t" + 4128 = E "phrase_end" + 4147 = E "phrase_start" + 4224 = E "lyric u" + 4320 = E "phrase_end" + 4339 = E "phrase_start" + 4416 = E "lyric v" + 4512 = E "phrase_end" + 4531 = E "phrase_start" + 4608 = E "lyric w" + 4704 = E "phrase_end" + 4723 = E "phrase_start" + 4800 = E "lyric x" + 4896 = E "phrase_end" + 4915 = E "phrase_start" + 4992 = E "lyric y" + 5088 = E "phrase_end" + 5107 = E "phrase_start" + 5184 = E "lyric z" + 5280 = E "phrase_end" + 5299 = E "phrase_start" + 5376 = E "lyric {" + 5472 = E "phrase_end" + 5491 = E "phrase_start" + 5568 = E "lyric }" + 5664 = E "phrase_end" + 5683 = E "phrase_start" + 5760 = E "lyric !" + 5856 = E "phrase_end" + 5875 = E "phrase_start" + 5952 = E "lyric _" + 6048 = E "phrase_end" + 6067 = E "phrase_start" + 6144 = E "lyric 3" + 6240 = E "phrase_end" + 6259 = E "phrase_start" + 6336 = E "lyric 4" + 6432 = E "phrase_end" +} +[ExpertSingle] +{ + 384 = N 7 0 + 576 = N 0 0 + 768 = N 1 0 + 960 = N 2 0 + 1152 = N 3 0 + 1344 = N 4 0 + 1536 = N 0 0 + 1536 = N 1 0 + 1728 = N 0 0 + 1728 = N 2 0 + 1920 = N 0 0 + 1920 = N 3 0 + 2112 = N 0 0 + 2112 = N 4 0 + 2304 = N 1 0 + 2304 = N 2 0 + 2496 = N 1 0 + 2496 = N 3 0 + 2688 = N 1 0 + 2688 = N 4 0 + 2880 = N 2 0 + 2880 = N 3 0 + 3072 = N 2 0 + 3072 = N 4 0 + 3264 = N 3 0 + 3264 = N 4 0 + 3456 = N 0 0 + 3456 = N 1 0 + 3456 = N 2 0 + 3648 = N 0 0 + 3648 = N 1 0 + 3648 = N 3 0 + 3840 = N 0 0 + 3840 = N 1 0 + 3840 = N 4 0 + 4032 = N 0 0 + 4032 = N 2 0 + 4032 = N 3 0 + 4224 = N 0 0 + 4224 = N 2 0 + 4224 = N 4 0 + 4416 = N 0 0 + 4416 = N 3 0 + 4416 = N 4 0 + 4608 = N 1 0 + 4608 = N 2 0 + 4608 = N 3 0 + 4800 = N 1 0 + 4800 = N 2 0 + 4800 = N 4 0 + 4992 = N 1 0 + 4992 = N 3 0 + 4992 = N 4 0 + 5184 = N 2 0 + 5184 = N 3 0 + 5184 = N 4 0 + 5376 = N 0 0 + 5376 = N 1 0 + 5376 = N 2 0 + 5376 = N 3 0 + 5568 = N 0 0 + 5568 = N 1 0 + 5568 = N 2 0 + 5568 = N 4 0 + 5760 = N 0 0 + 5760 = N 1 0 + 5760 = N 3 0 + 5760 = N 4 0 + 5952 = N 0 0 + 5952 = N 2 0 + 5952 = N 3 0 + 5952 = N 4 0 + 6144 = N 1 0 + 6144 = N 2 0 + 6144 = N 3 0 + 6144 = N 4 0 + 6336 = N 0 0 + 6336 = N 1 0 + 6336 = N 2 0 + 6336 = N 3 0 + 6336 = N 4 0 +} diff --git a/misc/icy-riffs/icyriffs/Invincible/song.ini b/misc/icy-riffs/icyriffs/Invincible/song.ini new file mode 100644 index 0000000..59f6f87 --- /dev/null +++ b/misc/icy-riffs/icyriffs/Invincible/song.ini @@ -0,0 +1,24 @@ +[Song] +name = Invincible +artist = DEAF KEV +album = NoCopyRightSounds +genre = Glitch Hop +year = 2015 +song_length = 20024 +charter = LetsFailNoob +diff_band = 0 +diff_guitar = 0 +diff_rhythm = 0 +diff_bass = 0 +diff_drums = 0 +diff_keys = 0 +diff_guitarghl = 0 +diff_bassghl = 0 +diff_rhythmghl = 0 +preview_start_time = 0 +icon = 0 +playlist_track = +track = +album_track = +delay = 0 +loading_phrase = diff --git a/misc/icy-riffs/icyriffs/Invincible/song.ogg b/misc/icy-riffs/icyriffs/Invincible/song.ogg new file mode 100644 index 0000000..2253c69 Binary files /dev/null and b/misc/icy-riffs/icyriffs/Invincible/song.ogg differ diff --git a/misc/icy-riffs/icyriffs/Randy Newman - Monsters, Inc. (JoeyD)/album.png b/misc/icy-riffs/icyriffs/Randy Newman - Monsters, Inc. (JoeyD)/album.png new file mode 100644 index 0000000..3ec1d0e Binary files /dev/null and b/misc/icy-riffs/icyriffs/Randy Newman - Monsters, Inc. (JoeyD)/album.png differ diff --git a/misc/icy-riffs/icyriffs/Randy Newman - Monsters, Inc. (JoeyD)/background.jpg b/misc/icy-riffs/icyriffs/Randy Newman - Monsters, Inc. (JoeyD)/background.jpg new file mode 100644 index 0000000..afbaebe Binary files /dev/null and b/misc/icy-riffs/icyriffs/Randy Newman - Monsters, Inc. (JoeyD)/background.jpg differ diff --git a/misc/icy-riffs/icyriffs/Randy Newman - Monsters, Inc. (JoeyD)/notes.chart b/misc/icy-riffs/icyriffs/Randy Newman - Monsters, Inc. (JoeyD)/notes.chart new file mode 100644 index 0000000..db58afb --- /dev/null +++ b/misc/icy-riffs/icyriffs/Randy Newman - Monsters, Inc. (JoeyD)/notes.chart @@ -0,0 +1,638 @@ +[Song] +{ + Name = "Monsters, Inc." + Artist = "Randy Newman" + Charter = "JoeyD" + Album = "Monsters, Inc (Original Motion Picture Soundtrack)" + Year = ", 2001" + Offset = 0 + Resolution = 192 + Player2 = bass + Difficulty = 0 + PreviewStart = 0 + PreviewEnd = 0 + Genre = "Jazz" + MediaType = "cd" + MusicStream = "C:\Users\zippy\Documents\glacier\Randy Newman - Monsters, Inc. (JoeyD)\song.ogg" +} +[SyncTrack] +{ + 0 = TS 5 + 0 = B 115000 + 768 = B 220000 + 960 = TS 4 + 80832 = B 219000 + 82368 = B 150000 +} +[Events] +{ + 768 = E "section Intro" + 4032 = E "section Chorus 1A" + 16320 = E "section Chorus 1B" + 28608 = E "section Verse" + 34752 = E "section Chorus 2" + 42432 = E "section Clarinet Solo" + 56256 = E "section Trombone Solo" + 68544 = E "section Piano Solo" + 74688 = E "section Chorus 3" + 82368 = E "section Outro" +} +[ExpertSingle] +{ + 768 = N 0 0 + 768 = N 1 0 + 768 = N 6 0 + 896 = N 2 0 + 960 = N 3 0 + 1088 = N 4 0 + 1152 = N 3 0 + 1280 = N 2 0 + 1344 = N 1 0 + 1344 = N 6 0 + 1536 = N 0 0 + 1600 = N 1 0 + 1664 = N 2 0 + 1728 = N 3 0 + 1856 = N 4 0 + 2112 = N 0 0 + 2112 = N 2 0 + 2112 = N 3 0 + 2112 = N 6 0 + 2304 = N 0 0 + 2400 = N 1 0 + 2448 = N 2 0 + 2496 = N 3 0 + 2624 = N 2 0 + 2816 = N 3 0 + 2880 = N 4 0 + 2880 = N 6 0 + 3024 = N 0 0 + 3024 = N 1 0 + 3024 = N 2 0 + 3024 = N 3 0 + 3024 = N 6 0 + 3392 = N 1 0 + 3456 = N 2 0 + 3584 = N 0 0 + 4352 = N 2 0 + 4416 = N 2 0 + 4544 = N 3 0 + 4608 = N 4 0 + 4736 = N 1 0 + 4928 = N 1 336 + 5312 = N 4 528 + 5888 = N 2 0 + 5952 = N 2 0 + 6080 = N 3 0 + 6144 = N 4 0 + 6288 = N 0 0 + 6288 = N 2 0 + 6288 = N 3 0 + 6288 = N 6 0 + 6720 = N 4 0 + 6848 = N 2 0 + 6912 = N 3 0 + 7040 = N 2 288 + 7488 = N 1 0 + 7616 = N 2 0 + 7680 = N 3 0 + 7808 = N 4 0 + 8016 = N 0 0 + 8016 = N 2 0 + 8016 = N 6 0 + 8768 = N 2 0 + 8832 = N 2 0 + 8960 = N 2 0 + 9152 = N 4 0 + 9408 = N 0 0 + 9408 = N 1 0 + 9408 = N 3 0 + 9408 = N 6 0 + 10368 = N 2 0 + 10496 = N 0 0 + 10752 = N 2 0 + 10752 = N 4 0 + 10752 = N 6 0 + 10880 = N 1 0 + 11072 = N 1 208 + 11328 = N 4 0 + 11456 = N 3 0 + 11520 = N 2 0 + 11648 = N 3 0 + 11904 = N 2 0 + 12096 = N 2 0 + 12224 = N 3 0 + 12432 = N 0 0 + 12432 = N 2 0 + 12432 = N 4 0 + 12432 = N 6 0 + 13056 = N 3 0 + 13184 = N 2 208 + 13584 = N 0 0 + 13584 = N 1 0 + 13584 = N 6 0 + 13776 = N 0 0 + 13776 = N 2 0 + 13776 = N 6 0 + 14016 = N 3 0 + 14064 = N 4 0 + 14112 = N 3 0 + 14160 = N 2 0 + 14208 = N 1 0 + 14336 = N 0 0 + 14400 = N 1 0 + 14528 = N 2 208 + 14784 = N 0 0 + 14784 = N 2 0 + 14784 = N 3 0 + 14784 = N 4 0 + 14784 = N 6 0 + 16064 = N 0 0 + 16128 = N 1 0 + 16192 = N 2 0 + 16256 = N 3 0 + 16320 = N 4 0 + 16640 = N 2 0 + 16704 = N 2 0 + 16832 = N 3 0 + 16896 = N 4 0 + 17024 = N 1 0 + 17216 = N 1 288 + 17664 = N 3 0 + 17696 = N 4 0 + 17792 = N 3 336 + 18176 = N 2 0 + 18240 = N 2 0 + 18368 = N 3 0 + 18432 = N 4 0 + 18624 = N 0 0 + 18624 = N 2 0 + 18624 = N 3 0 + 18624 = N 6 0 + 19584 = N 1 0 + 19712 = N 1 0 + 19904 = N 2 0 + 19968 = N 3 0 + 20096 = N 4 0 + 20288 = N 1 544 + 21120 = N 1 0 + 21248 = N 1 0 + 21440 = N 4 0 + 21504 = N 0 0 + 21632 = N 3 864 + 22656 = N 0 0 + 22656 = N 2 0 + 22656 = N 6 0 + 22784 = N 2 0 + 22848 = N 2 0 + 22976 = N 3 0 + 23040 = N 4 0 + 23168 = N 1 0 + 23360 = N 1 640 + 24192 = N 2 0 + 24320 = N 2 0 + 24512 = N 3 0 + 24576 = N 4 0 + 24704 = N 0 640 + 25728 = N 1 0 + 25728 = N 2 0 + 25728 = N 3 0 + 25728 = N 4 0 + 25728 = N 6 0 + 26304 = N 3 0 + 26432 = N 2 0 + 26496 = N 1 0 + 26624 = N 0 0 + 26688 = N 1 0 + 26816 = N 2 208 + 27072 = N 0 0 + 27264 = N 1 0 + 27328 = N 2 0 + 27392 = N 3 0 + 27456 = N 4 0 + 27584 = N 3 0 + 27776 = N 0 0 + 27840 = N 1 0 + 27968 = N 0 0 + 28032 = N 1 0 + 28160 = N 2 0 + 28224 = N 3 0 + 28352 = N 4 0 + 28800 = N 3 0 + 28928 = N 2 0 + 28992 = N 3 0 + 29184 = N 3 0 + 29312 = N 2 0 + 29376 = N 3 0 + 29504 = N 4 400 + 29952 = N 3 0 + 30016 = N 4 0 + 30080 = N 1 0 + 30144 = N 2 0 + 30336 = N 2 0 + 30464 = N 1 0 + 30528 = N 2 0 + 30656 = N 3 0 + 30720 = N 1 0 + 30848 = N 2 832 + 31808 = N 1 0 + 32000 = N 0 0 + 32064 = N 1 272 + 32384 = N 0 0 + 32448 = N 1 0 + 32576 = N 2 512 + 33152 = N 3 0 + 33216 = N 4 0 + 33344 = N 3 0 + 33408 = N 2 0 + 33536 = N 1 0 + 33920 = N 2 0 + 33984 = N 3 0 + 34112 = N 2 0 + 34176 = N 1 0 + 34320 = N 0 0 + 34320 = N 2 0 + 34320 = N 3 0 + 34320 = N 4 0 + 34320 = N 6 0 + 35072 = N 2 0 + 35136 = N 2 0 + 35264 = N 3 0 + 35472 = N 1 0 + 35472 = N 4 0 + 35472 = N 6 0 + 35648 = N 1 784 + 36480 = N 2 0 + 36672 = N 2 0 + 36672 = N 4 0 + 36672 = N 6 0 + 36992 = N 0 832 + 38016 = N 1 0 + 38208 = N 0 0 + 38208 = N 2 0 + 38208 = N 4 0 + 38208 = N 6 0 + 38592 = N 2 0 + 38592 = N 3 0 + 38592 = N 6 0 + 38736 = N 2 0 + 38784 = N 1 0 + 38912 = N 0 0 + 38976 = N 1 0 + 39104 = N 2 256 + 39552 = N 1 0 + 39744 = N 2 0 + 39872 = N 4 208 + 40128 = N 0 0 + 40128 = N 1 0 + 40128 = N 2 0 + 40128 = N 3 0 + 40128 = N 4 0 + 40128 = N 6 0 + 40512 = N 1 0 + 40640 = N 2 256 + 41088 = N 1 0 + 41280 = N 2 0 + 41408 = N 4 208 + 41664 = N 3 0 + 41712 = N 4 0 + 41760 = N 3 0 + 41808 = N 2 0 + 41856 = N 1 0 + 41984 = N 0 0 + 42048 = N 1 0 + 42176 = N 2 208 + 42432 = N 1 0 + 42560 = N 4 208 + 42816 = N 3 0 + 42944 = N 1 0 + 43008 = N 2 144 + 43200 = N 4 0 + 43328 = N 2 0 + 43392 = N 3 144 + 43584 = N 2 0 + 43712 = N 0 0 + 43776 = N 1 144 + 43968 = N 2 0 + 44160 = N 2 0 + 44288 = N 3 0 + 44352 = N 4 0 + 44496 = N 0 0 + 44496 = N 1 0 + 44496 = N 3 0 + 44496 = N 4 0 + 44496 = N 6 0 + 44736 = N 2 0 + 44736 = N 3 0 + 44736 = N 6 0 + 44928 = N 3 0 + 45120 = N 3 0 + 45312 = N 3 0 + 45504 = N 3 224 + 46080 = N 3 0 + 46144 = N 4 656 + 46848 = N 4 0 + 46976 = N 3 0 + 47040 = N 2 0 + 47136 = N 4 0 + 47184 = N 3 0 + 47232 = N 2 0 + 47360 = N 1 0 + 47424 = N 0 0 + 47552 = N 2 0 + 47616 = N 3 0 + 47808 = N 1 0 + 48000 = N 3 0 + 48192 = N 0 272 + 48576 = N 0 0 + 48576 = N 1 0 + 48576 = N 4 0 + 48576 = N 6 0 + 48896 = N 4 0 + 48960 = N 3 0 + 49024 = N 4 0 + 49088 = N 3 0 + 49152 = N 2 0 + 49280 = N 1 0 + 49344 = N 0 0 + 49472 = N 1 0 + 49536 = N 2 0 + 49600 = N 1 0 + 49664 = N 2 0 + 49728 = N 3 0 + 49856 = N 4 208 + 50112 = N 3 0 + 50304 = N 3 224 + 50624 = N 0 0 + 50688 = N 1 0 + 50752 = N 2 0 + 50816 = N 3 0 + 51008 = N 4 736 + 51840 = N 3 0 + 52032 = N 2 0 + 52160 = N 0 0 + 52224 = N 1 0 + 52352 = N 3 208 + 52608 = N 2 0 + 52736 = N 1 0 + 52800 = N 0 0 + 52928 = N 2 0 + 52992 = N 1 0 + 53120 = N 0 0 + 53184 = N 1 0 + 53312 = N 3 0 + 53568 = N 0 0 + 53568 = N 2 0 + 53568 = N 3 0 + 53568 = N 4 0 + 53568 = N 6 0 + 54144 = N 3 0 + 54192 = N 4 0 + 54336 = N 3 0 + 54464 = N 2 0 + 54528 = N 1 0 + 54656 = N 2 0 + 54720 = N 0 0 + 54784 = N 1 0 + 54848 = N 2 0 + 54912 = N 3 0 + 55040 = N 2 0 + 55104 = N 3 0 + 55232 = N 4 0 + 55424 = N 2 0 + 55488 = N 3 0 + 55584 = N 4 0 + 55632 = N 3 0 + 55680 = N 2 0 + 55808 = N 3 0 + 55872 = N 2 0 + 56000 = N 0 0 + 56064 = N 1 144 + 56256 = N 0 0 + 56384 = N 4 0 + 56448 = N 4 0 + 56544 = N 3 0 + 56640 = N 4 0 + 56736 = N 3 0 + 56832 = N 4 0 + 56928 = N 2 0 + 57024 = N 3 0 + 57120 = N 1 0 + 57216 = N 3 0 + 57312 = N 2 0 + 57408 = N 3 0 + 57504 = N 2 0 + 57600 = N 3 0 + 57696 = N 0 0 + 57744 = N 1 0 + 57792 = N 2 0 + 57888 = N 1 0 + 57984 = N 2 0 + 58080 = N 1 0 + 58176 = N 2 0 + 58272 = N 1 0 + 58368 = N 2 0 + 58560 = N 1 0 + 58688 = N 0 0 + 58752 = N 1 0 + 58880 = N 2 0 + 58944 = N 3 0 + 59136 = N 2 0 + 59264 = N 1 0 + 59328 = N 0 0 + 59456 = N 0 0 + 59520 = N 1 0 + 59648 = N 2 0 + 59712 = N 3 0 + 59840 = N 4 480 + 60416 = N 3 0 + 60608 = N 4 0 + 60672 = N 3 0 + 60800 = N 1 0 + 60864 = N 2 0 + 60992 = N 0 0 + 61056 = N 1 0 + 61184 = N 3 0 + 61248 = N 2 0 + 61376 = N 3 0 + 61440 = N 1 0 + 61568 = N 0 0 + 61632 = N 4 0 + 61760 = N 3 0 + 61824 = N 2 0 + 61952 = N 1 0 + 62016 = N 0 144 + 62208 = N 1 0 + 62336 = N 2 240 + 62624 = N 3 0 + 62784 = N 4 0 + 63104 = N 2 208 + 63360 = N 3 0 + 63488 = N 4 0 + 63744 = N 1 336 + 64128 = N 3 0 + 64320 = N 4 0 + 64512 = N 3 0 + 64640 = N 2 0 + 64768 = N 4 0 + 64896 = N 3 0 + 65024 = N 2 256 + 65600 = N 1 160 + 65856 = N 3 0 + 66048 = N 1 0 + 66240 = N 2 144 + 66432 = N 1 0 + 66624 = N 2 0 + 66752 = N 0 0 + 66816 = N 1 0 + 66944 = N 2 144 + 67136 = N 1 0 + 67328 = N 0 0 + 67488 = N 3 0 + 67584 = N 4 0 + 67680 = N 3 0 + 67776 = N 2 0 + 67872 = N 1 0 + 67968 = N 0 0 + 68064 = N 4 0 + 68160 = N 3 0 + 68256 = N 2 0 + 68352 = N 1 0 + 68448 = N 2 0 + 68544 = N 0 0 + 68736 = N 0 0 + 68736 = N 1 0 + 68736 = N 2 0 + 68736 = N 3 0 + 68736 = N 4 0 + 68736 = N 6 0 + 69248 = N 2 0 + 69248 = N 3 0 + 69248 = N 6 0 + 69312 = N 2 0 + 69440 = N 1 0 + 69504 = N 2 0 + 69632 = N 4 0 + 69824 = N 3 0 + 70016 = N 1 0 + 70080 = N 2 0 + 70080 = N 6 0 + 70208 = N 0 0 + 70272 = N 1 0 + 70400 = N 4 0 + 70464 = N 3 0 + 70592 = N 1 0 + 70656 = N 2 0 + 70784 = N 3 0 + 70848 = N 1 0 + 70976 = N 2 0 + 71040 = N 1 0 + 71168 = N 0 0 + 71232 = N 1 0 + 71360 = N 3 0 + 71616 = N 2 0 + 71808 = N 0 0 + 72000 = N 0 0 + 72000 = N 2 0 + 72000 = N 3 0 + 72000 = N 4 0 + 72000 = N 6 0 + 72128 = N 0 0 + 72192 = N 1 0 + 72320 = N 2 0 + 72384 = N 3 0 + 72512 = N 1 0 + 72576 = N 2 0 + 72704 = N 3 0 + 72768 = N 0 0 + 72896 = N 4 0 + 73088 = N 3 0 + 73152 = N 2 0 + 73280 = N 3 0 + 73344 = N 2 0 + 73472 = N 3 0 + 73472 = N 4 0 + 73664 = N 2 0 + 73664 = N 4 0 + 73856 = N 2 0 + 73920 = N 2 0 + 73920 = N 3 0 + 74048 = N 1 0 + 74112 = N 2 0 + 74240 = N 0 352 + 74240 = N 2 352 + 74240 = N 3 352 + 74688 = N 0 0 + 74688 = N 1 0 + 74688 = N 4 0 + 74688 = N 6 0 + 74880 = N 2 0 + 75072 = N 2 0 + 75216 = N 2 0 + 75216 = N 3 0 + 75216 = N 6 0 + 75392 = N 1 0 + 75584 = N 1 784 + 76416 = N 2 0 + 76608 = N 2 0 + 76608 = N 4 0 + 76608 = N 6 0 + 76928 = N 0 832 + 77952 = N 1 0 + 78144 = N 2 0 + 78272 = N 4 208 + 78528 = N 3 0 + 78576 = N 4 0 + 78624 = N 3 0 + 78672 = N 2 0 + 78720 = N 1 0 + 78848 = N 0 0 + 78912 = N 1 0 + 79040 = N 2 256 + 79488 = N 1 0 + 79680 = N 2 0 + 79808 = N 4 208 + 80064 = N 3 0 + 80112 = N 4 0 + 80160 = N 3 0 + 80208 = N 2 0 + 80256 = N 1 0 + 80384 = N 0 0 + 80448 = N 1 0 + 80576 = N 2 256 + 81024 = N 1 0 + 81216 = N 2 0 + 81344 = N 4 208 + 81600 = N 3 0 + 81648 = N 4 0 + 81696 = N 3 0 + 81744 = N 2 0 + 81792 = N 1 0 + 81920 = N 0 0 + 81984 = N 1 0 + 82112 = N 2 208 + 82368 = N 1 0 + 82368 = N 2 0 + 82368 = N 3 0 + 82368 = N 6 0 + 82944 = N 0 0 + 82992 = N 1 0 + 83040 = N 2 0 + 83040 = N 4 0 + 83184 = N 3 0 + 83328 = N 2 0 + 83456 = N 1 0 + 83584 = N 1 0 + 83584 = N 2 0 + 83744 = N 0 0 + 83904 = N 0 384 + 83952 = N 1 336 + 84000 = N 3 288 + 84384 = N 0 0 + 84384 = N 1 0 + 84384 = N 2 0 + 84384 = N 4 0 + 84384 = N 6 0 + 84608 = N 3 1792 + 84608 = N 4 1792 +} diff --git a/misc/icy-riffs/icyriffs/Randy Newman - Monsters, Inc. (JoeyD)/song.ini b/misc/icy-riffs/icyriffs/Randy Newman - Monsters, Inc. (JoeyD)/song.ini new file mode 100644 index 0000000..0fb02f6 --- /dev/null +++ b/misc/icy-riffs/icyriffs/Randy Newman - Monsters, Inc. (JoeyD)/song.ini @@ -0,0 +1,24 @@ +[song] +name=Monsters, Inc. +artist=Randy Newman +album=Monsters, Inc. (Original Motion Picture Soundtrack) +genre=Jazz +year=2001 +diff_band=-1 +diff_guitar=2 +diff_rhythm=-1 +diff_bass=-1 +diff_drums=-1 +diff_keys=-1 +diff_guitarghl=-1 +diff_bassghl=-1 +preview_start_time=54580 +icon=antihero2 +album_track=2 +playlist_track=1 +video_start_time=0 +charter=JoeyD +delay=0 +modchart=0 +song_length=127463 +loading_phrase=Before this soundtrack, Randy Newman held the dubious record of most Oscar nominations without a win (15). Monsters, Inc. broke the losing streak. diff --git a/misc/icy-riffs/icyriffs/Randy Newman - Monsters, Inc. (JoeyD)/song.ogg b/misc/icy-riffs/icyriffs/Randy Newman - Monsters, Inc. (JoeyD)/song.ogg new file mode 100644 index 0000000..6578759 Binary files /dev/null and b/misc/icy-riffs/icyriffs/Randy Newman - Monsters, Inc. (JoeyD)/song.ogg differ diff --git a/misc/silent-snake/Dockerfile b/misc/silent-snake/Dockerfile new file mode 100644 index 0000000..fc59219 --- /dev/null +++ b/misc/silent-snake/Dockerfile @@ -0,0 +1,22 @@ +FROM debian:bullseye-slim AS base + +EXPOSE 1337 + +RUN DEBIAN_FRONTEND=noninteractive; \ + apt-get -y update; \ + apt-get -y install python3; \ + apt-get -y install socat; \ + rm -rf /var/lib/apt/lists/*; \ + \ + useradd -u 4242 -md /app ctf; + +WORKDIR /app + +COPY --chmod=444 chall/flag.txt . +COPY --chmod=555 chall/silent_snake.py . +COPY --chmod=555 chall/repl.py . + +ENV DEBUG=0 + +CMD [ "socat", "TCP-LISTEN:1337,nodelay,reuseaddr,fork", "EXEC:\"timeout -s KILL 10m python3 -u /app/silent_snake.py\"" ] + diff --git a/misc/silent-snake/README.md b/misc/silent-snake/README.md new file mode 100644 index 0000000..e152a56 --- /dev/null +++ b/misc/silent-snake/README.md @@ -0,0 +1,10 @@ +Our favorite protagonist Sloppy Python, was able to sneak into the base of the baddies. Their internal system hosts containts a critical key that needs to be exfiltrated, but all their systems are locked down. + +Except for one: An ancient terminal with broken screen and enough ink for a single ls. + +Can you help Sloppy Python to steal the key? + +author: huksys +``` +nc chall.glacierctf.com 13391 +``` \ No newline at end of file diff --git a/misc/silent-snake/chall/flag.txt b/misc/silent-snake/chall/flag.txt new file mode 100644 index 0000000..cfd2948 --- /dev/null +++ b/misc/silent-snake/chall/flag.txt @@ -0,0 +1 @@ +gctf{this_is_not_the_flag_you_seek} diff --git a/misc/silent-snake/chall/repl.py b/misc/silent-snake/chall/repl.py new file mode 100755 index 0000000..37493b5 --- /dev/null +++ b/misc/silent-snake/chall/repl.py @@ -0,0 +1,44 @@ +#!/usr/bin/env python3 + +import os +import sys +import code + +DEBUG = os.environ.get("DEBUG", "0") == "1" + +cpipe = os.fdopen(int(sys.argv[1]), "w", buffering=1) +devnull = open("/dev/null", mode="w") + +print(""" +Welcome to silent-snake, the blind REPL! + +You've got a single ls that you can redeem using +`run_command('ls ')` + +To exit the jail, use `exit()` or `run_command('exit')` + +Have fun! +""") + +if not DEBUG: + sys.stdout.close() + sys.stderr.close() + os.close(1) + os.close(2) + sys.stdout = devnull + sys.stderr = devnull + +else: + print(50*"=") + print("WARNING: Debugging mode is *ON*. stdout and stderr are available here, but you won't be able to see the REPL's output during the challenge.") + print(50*"=") + + # Redirect stderr to stdout + os.dup2(1, 2, inheritable=True) + +def run_command(cmd: str): + cpipe.write(cmd + "\n") + +code.interact(local=locals()) + +run_command("exit") diff --git a/misc/silent-snake/chall/silent_snake.py b/misc/silent-snake/chall/silent_snake.py new file mode 100755 index 0000000..f5450a5 --- /dev/null +++ b/misc/silent-snake/chall/silent_snake.py @@ -0,0 +1,71 @@ +#!/usr/bin/env python3 + +import os +import random +import subprocess +import time + +DEBUG = os.environ.get("DEBUG", "0") == "1" + +def drop_to_unprivileged(uid: int, gid: int): + # Drop to a unprivileged user and group. + assert uid != 0 and gid != 0 + os.setresgid(uid, uid, uid) + os.setresuid(gid, gid, gid) + +def drop_to_ctf_uid_gid(): + drop_to_unprivileged(4242, 4242) + +(r, w) = os.pipe() +os.set_inheritable(w, True) + +repl = subprocess.Popen(["./repl.py", str(w)], close_fds=False, preexec_fn=drop_to_ctf_uid_gid) + +os.close(w) +ppipe = os.fdopen(r, "r", buffering=1) + +allowed = { + "ls": True, +} + + +try: + while repl.poll() == None: + cmd = ppipe.readline() + if cmd == "": + break + + cmd = cmd.strip().split(" ") + if DEBUG: + print("RECEIVED COMMAND:", cmd) + + if cmd[0] == "exit": + break + elif cmd[0] == "ls" and allowed["ls"] and len(cmd) == 2: + valid = True + resolved = [] + path = cmd[1] + + if not path.startswith("-") and os.path.isdir(path): + cmd = ["ls", "-l", path] + if DEBUG: + print(cmd) + + subprocess.run(cmd, stderr=(subprocess.STDOUT if DEBUG else subprocess.DEVNULL), preexec_fn=drop_to_ctf_uid_gid) + + allowed["ls"] = False +except Exception as ex: + if DEBUG: + import traceback + traceback.print_exc() + +if DEBUG: + print("Terminating REPL process...") + +repl.kill() +repl.wait() + +if DEBUG: + print("REPL terminated - waiting...") + +time.sleep(random.randrange(300, 600)) diff --git a/misc/silent-snake/docker-compose.yml b/misc/silent-snake/docker-compose.yml new file mode 100644 index 0000000..670713a --- /dev/null +++ b/misc/silent-snake/docker-compose.yml @@ -0,0 +1,10 @@ +version: "3" +services: + app: + build: . + ports: + - 1337:1337 + read_only: false + + pids_limit: 8 + mem_limit: 20971520 diff --git a/misc/silent-snake/silent_snake.tar.gz b/misc/silent-snake/silent_snake.tar.gz new file mode 100644 index 0000000..812c898 Binary files /dev/null and b/misc/silent-snake/silent_snake.tar.gz differ