1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
|
#!/bin/bash
set -xeuo pipefail
statusresp=`curl --fail-with-body --no-progress-meter https://ad.ecsc2024.it/api/status`
starttime=`jq --raw-output .start <<<"$statusresp"`
roundtime=`jq --raw-output .roundTime <<<"$statusresp"`
team_names=`jq --raw-output .teams.[].shortname <<<"$statusresp" | tr $'\n' ' '`
team_numbers=`jq --raw-output .teams.[].id <<<"$statusresp" | tr $'\n' ' '`
services=`jq --raw-output .services.[].shortname <<<"$statusresp" | tr $'\n' ' '`
cat <<EOF
# THIS CONFIG IS AUTOGENERATED BY genconfig.sh, edit config values there!
# Common config for exploit.sh, submission.py and nadzor.py
# It is to be sourced. It only sets environment variables.
# ==========================
# ========= COMMON =========
export SUBMISSION_PORT=21502
# ==========================
# ======= EXPLOIT.SH =======
# Additional help text
export EXPLOIT_ADDITIONAL_HELP_TEXT="Services: $services"
# This regex is used to grep -Eo flags from stdout of exploits before submitting them
export FLAG_REGEX_SEARCH="[A-Za-z0-9]{31}="
# Where can exploit.sh find submission.py. Port is a common setting.
export SUBMISSION_HOST=localhost
### export SUBMISSION_HOST=k.4a.si
# Must be precise, not less than round duration. Used to calculate round id.
export ROUND_DURATION=$roundtime
# When does the game start (in UTC). Used to calculate current round id.
export GAME_START=$starttime
# Team numbers to attack
export GAME_TEAMS="$team_numbers"
###export GAME_TEAMS={0..10}
EOF
cat <<'EOF'
# Flag IDs URL
game_flag_ids_url()
{
echo http://splet.4a.si/dir/flagids.txt
### echo "http://10.10.0.1:8081/flagIds?service=$1&team=$2&round=$3"
}
export -f game_flag_ids_url
# Target IP from ID
game_target_ip()
{
echo 10.69.69.$1
### echo 10.60.$1.1
}
export -f game_target_ip
# NOP TEAM ID
export GAME_NOP_TEAM=0
# For how many non-current rounds are flags valid at a time?
# It doesn't make sense for this to be less than 0.
# Setting to 0 means only the current round is valid.
export GAME_VALID_ROUNDS=4
# Function exploit.sh should call on errors.
# Args: service team pwd usr@pc message
# 1 2 3 4 5
exploit_error_handler()
{
notify-send --version > /dev/null && notify-send "exploit.sh ERROR" "$5" --urgency critical
}
export -f exploit_error_handler
# Max exploit execution time
export EXPLOIT_TIMEOUT=5
# ==========================
# ====== SUBMISSION.PY =====
# This regex is used to verify flags before storing them
# It can be .*, no problem, just make sure you're then not sending invalid flags
# to submission TCP -- you shouldn't anyways, as submission expects flags neatly
# line by line, it will not clean up random bullshit.
# Don't just send exploit stdout to submission, use exploit.sh!
export FLAG_REGEX_MATCH="^[A-Z0-9]{31}=$"
# Where to store flags -- sqlite3 db
export SUBMISSION_DB=flags.db
# How much flags to send in one request.
# With 2560, if it takes 37 bytes per flag, 2560*37=94720
# Ostane nam torej še dobrih 5280 za headerje,
# če je request limited na 100 kB
export SUBMISSION_MAX_FLAGS=2560
# PUT request, ECSC 2024 AD style
export SUBMISSION_URL=http://z.4a.si/dir/submit.php
### export SUBMISSION_URL=http://10.10.0.1:8080/flags
# How many seconds to delay after a successful submission.
# With 15, we send at most 4 requests per minute out of 15 allowed.
export SUBMISSION_DELAY=15
# This is sent in X-Team-Token in requests to SUBMISSION_URL
export SUBMISSION_TEAM_TOKEN=e5152d70a4d18093cae8844f4e959cf1
# Where to bind to. Use SUBMISSION_PORT in common settings for port.
export SUBMISSION_BIND=::
# ==========================
# ======== NADZOR.PY =======
EOF
|
