add chals
This commit is contained in:
parent
44ef66e779
commit
f533f777a8
BIN
HeroCTF_icon_500.png
Normal file
BIN
HeroCTF_icon_500.png
Normal file
Binary file not shown.
After Width: | Height: | Size: 68 KiB |
16
misc/free_shell.py
Normal file
16
misc/free_shell.py
Normal file
@ -0,0 +1,16 @@
|
|||||||
|
#!/usr/bin/env python3
|
||||||
|
import os
|
||||||
|
import subprocess
|
||||||
|
|
||||||
|
|
||||||
|
print("Welcome to the free shell service!")
|
||||||
|
print("Your goal is to obtain a shell.")
|
||||||
|
|
||||||
|
command = [
|
||||||
|
"/bin/sh",
|
||||||
|
input("Choose param: "),
|
||||||
|
os.urandom(32).hex(),
|
||||||
|
os.urandom(32).hex(),
|
||||||
|
os.urandom(32).hex()
|
||||||
|
]
|
||||||
|
subprocess.run(command)
|
BIN
web/complainio/complainio.tar.xz
Normal file
BIN
web/complainio/complainio.tar.xz
Normal file
Binary file not shown.
8
web/pryzes/.idea/.gitignore
vendored
Normal file
8
web/pryzes/.idea/.gitignore
vendored
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
# Default ignored files
|
||||||
|
/shelf/
|
||||||
|
/workspace.xml
|
||||||
|
# Editor-based HTTP Client requests
|
||||||
|
/httpRequests/
|
||||||
|
# Datasource local storage ignored files
|
||||||
|
/dataSources/
|
||||||
|
/dataSources.local.xml
|
@ -0,0 +1,6 @@
|
|||||||
|
<component name="InspectionProjectProfileManager">
|
||||||
|
<settings>
|
||||||
|
<option name="USE_PROJECT_PROFILE" value="false" />
|
||||||
|
<version value="1.0" />
|
||||||
|
</settings>
|
||||||
|
</component>
|
7
web/pryzes/.idea/misc.xml
Normal file
7
web/pryzes/.idea/misc.xml
Normal file
@ -0,0 +1,7 @@
|
|||||||
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
|
<project version="4">
|
||||||
|
<component name="Black">
|
||||||
|
<option name="sdkName" value="Python 3.10 (configurator)" />
|
||||||
|
</component>
|
||||||
|
<component name="ProjectRootManager" version="2" project-jdk-name="Python 3.10 (pryzes)" project-jdk-type="Python SDK" />
|
||||||
|
</project>
|
11
web/pryzes/.idea/pryzes.iml
Normal file
11
web/pryzes/.idea/pryzes.iml
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
|
<module version="4">
|
||||||
|
<component name="TemplatesService">
|
||||||
|
<option name="TEMPLATE_CONFIGURATION" value="Jinja2" />
|
||||||
|
<option name="TEMPLATE_FOLDERS">
|
||||||
|
<list>
|
||||||
|
<option value="$MODULE_DIR$/PrYzes/src/templates" />
|
||||||
|
</list>
|
||||||
|
</option>
|
||||||
|
</component>
|
||||||
|
</module>
|
BIN
web/pryzes/PrYzes.zip
Normal file
BIN
web/pryzes/PrYzes.zip
Normal file
Binary file not shown.
9
web/pryzes/PrYzes/Dockerfile
Normal file
9
web/pryzes/PrYzes/Dockerfile
Normal file
@ -0,0 +1,9 @@
|
|||||||
|
FROM python:3.12-bookworm
|
||||||
|
|
||||||
|
WORKDIR /app
|
||||||
|
|
||||||
|
COPY src/ /app/
|
||||||
|
|
||||||
|
RUN python3 -m pip install Flask
|
||||||
|
|
||||||
|
CMD ["python3", "/app/app.py"]
|
47
web/pryzes/PrYzes/src/app.py
Normal file
47
web/pryzes/PrYzes/src/app.py
Normal file
@ -0,0 +1,47 @@
|
|||||||
|
from flask import Flask, render_template, request, jsonify
|
||||||
|
|
||||||
|
import hashlib
|
||||||
|
import json
|
||||||
|
from os import getenv
|
||||||
|
from datetime import datetime
|
||||||
|
|
||||||
|
|
||||||
|
app = Flask(__name__)
|
||||||
|
FLAG = getenv("FLAG", "Hero{FAKE_FLAG}")
|
||||||
|
|
||||||
|
def compute_sha256(data):
|
||||||
|
sha256_hash = hashlib.sha256()
|
||||||
|
sha256_hash.update(data.encode("utf-8"))
|
||||||
|
return sha256_hash.hexdigest()
|
||||||
|
|
||||||
|
@app.route("/", methods=["GET"])
|
||||||
|
def index():
|
||||||
|
return render_template("index.html")
|
||||||
|
|
||||||
|
@app.route("/api/prizes", methods=["POST"])
|
||||||
|
def claim_prizes():
|
||||||
|
data = request.json
|
||||||
|
date_str = data.get("date")
|
||||||
|
received_signature = request.headers.get("X-Signature")
|
||||||
|
|
||||||
|
json_data = json.dumps(data)
|
||||||
|
expected_signature = compute_sha256(json_data)
|
||||||
|
|
||||||
|
if not received_signature == expected_signature:
|
||||||
|
return jsonify({"error": "Invalid signature"}), 400
|
||||||
|
|
||||||
|
if not date_str:
|
||||||
|
return jsonify({"error": "Date is missing"}), 400
|
||||||
|
|
||||||
|
try:
|
||||||
|
date_obj = datetime.strptime(date_str, "%d/%m/%Y")
|
||||||
|
if date_obj.year >= 2100:
|
||||||
|
return jsonify({"message": FLAG}), 200
|
||||||
|
|
||||||
|
return jsonify({"error": "Please come back later..."}), 400
|
||||||
|
except ValueError:
|
||||||
|
return jsonify({"error": "Invalid date format"}), 400
|
||||||
|
|
||||||
|
|
||||||
|
if __name__ == "__main__":
|
||||||
|
app.run(debug=False, host="0.0.0.0", port=5000)
|
1
web/pryzes/PrYzes/src/static/css/tailwind.min.css
vendored
Normal file
1
web/pryzes/PrYzes/src/static/css/tailwind.min.css
vendored
Normal file
File diff suppressed because one or more lines are too long
BIN
web/pryzes/PrYzes/src/static/img/prizes.jpg
Normal file
BIN
web/pryzes/PrYzes/src/static/img/prizes.jpg
Normal file
Binary file not shown.
After Width: | Height: | Size: 1013 KiB |
1
web/pryzes/PrYzes/src/static/js/brython.min.js
vendored
Normal file
1
web/pryzes/PrYzes/src/static/js/brython.min.js
vendored
Normal file
File diff suppressed because one or more lines are too long
1
web/pryzes/PrYzes/src/static/js/brython_stdlib.min.js
vendored
Normal file
1
web/pryzes/PrYzes/src/static/js/brython_stdlib.min.js
vendored
Normal file
File diff suppressed because one or more lines are too long
59
web/pryzes/PrYzes/src/templates/index.html
Normal file
59
web/pryzes/PrYzes/src/templates/index.html
Normal file
@ -0,0 +1,59 @@
|
|||||||
|
<!DOCTYPE html>
|
||||||
|
<html>
|
||||||
|
<head>
|
||||||
|
<script type="text/javascript" src="{{ url_for('static', filename='js/brython.min.js') }}"></script>
|
||||||
|
<script type="text/javascript" src="{{ url_for('static', filename='js/brython_stdlib.min.js') }}"></script>
|
||||||
|
<link href="{{ url_for('static', filename='css/tailwind.min.css') }}" rel="stylesheet">
|
||||||
|
</head>
|
||||||
|
<body onload="brython()" class="flex items-center justify-center min-h-screen" style="background-color: #fe0036;">
|
||||||
|
<div class="text-center">
|
||||||
|
<img src="{{ url_for('static', filename='img/prizes.jpg') }}" class="mx-auto w-1/3" alt="Prizes">
|
||||||
|
|
||||||
|
<button id="sendRequestButton" class="my-4 bg-yellow-300 hover:bg-yellow-500 text-zinc text-xl font-bold py-4 px-6 rounded">
|
||||||
|
Claim Prizes!
|
||||||
|
</button>
|
||||||
|
|
||||||
|
<br><small class="text-gray-700">Image Designed by Freepik</small>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
<script type="text/python">
|
||||||
|
from browser import document, ajax, alert
|
||||||
|
import hashlib
|
||||||
|
import json
|
||||||
|
from datetime import datetime
|
||||||
|
|
||||||
|
def on_complete(req):
|
||||||
|
json_data = json.loads(req.text)
|
||||||
|
if req.status == 200:
|
||||||
|
alert(json_data.get("message"))
|
||||||
|
else:
|
||||||
|
alert(f"Error: {json_data.get('error')}")
|
||||||
|
|
||||||
|
def compute_sha256(data):
|
||||||
|
sha256_hash = hashlib.sha256()
|
||||||
|
sha256_hash.update(data.encode('utf-8'))
|
||||||
|
return sha256_hash.hexdigest()
|
||||||
|
|
||||||
|
def get_current_date():
|
||||||
|
current_date = datetime.now().strftime("%d/%m/%Y")
|
||||||
|
return current_date
|
||||||
|
|
||||||
|
def send_request(event):
|
||||||
|
url = "/api/prizes"
|
||||||
|
data = {
|
||||||
|
"date": get_current_date()
|
||||||
|
}
|
||||||
|
json_data = json.dumps(data)
|
||||||
|
signature = compute_sha256(json_data)
|
||||||
|
|
||||||
|
req = ajax.ajax()
|
||||||
|
req.bind('complete', on_complete)
|
||||||
|
req.open('POST', url, True)
|
||||||
|
req.set_header('Content-Type', 'application/json')
|
||||||
|
req.set_header('X-Signature', signature)
|
||||||
|
req.send(json_data)
|
||||||
|
|
||||||
|
document["sendRequestButton"].bind("click", send_request)
|
||||||
|
</script>
|
||||||
|
</body>
|
||||||
|
</html>
|
22632
web/pryzes/replay_pid707914.log
Normal file
22632
web/pryzes/replay_pid707914.log
Normal file
File diff suppressed because it is too large
Load Diff
Loading…
Reference in New Issue
Block a user