diff options
Diffstat (limited to 'iv/orodja/napad/exploit.sh')
| -rwxr-xr-x | iv/orodja/napad/exploit.sh | 65 |
1 files changed, 63 insertions, 2 deletions
diff --git a/iv/orodja/napad/exploit.sh b/iv/orodja/napad/exploit.sh index 1111b00..729bb68 100755 --- a/iv/orodja/napad/exploit.sh +++ b/iv/orodja/napad/exploit.sh @@ -3,8 +3,8 @@ if [ x$1 = x ] then echo >&2 <<EOF No command. Subcommands: - $0 once <exploit> # runs an exploit once, print captured flags - $1 loop <exploit> # runs an exploit in a loop once per round + $0 once <service> <exploit> [team=$GAME_NOP_TEAM] # runs exploit once + $0 loop <service> <exploit> # runs an exploit in a loop once per round <exploit> is an executable file. Flags, grepped from stdout, are submitted. It is called for every target. Args are target IP and flag IDs JSON object. Example: <exploit> 10.1.2.3 '{"user": "root", "pass": "hunter2"}' @@ -17,7 +17,68 @@ Exploits are NOT executed in parallel. Make sure that your system time is set CORRECTLY TO THE SECOND, it's used to get the current round id. Current time: `date`. Configuration values are also available in environment of exploits. +<service> is the name of the service (used for getting flag IDs) +If the env. var EXPLOIT_STDOUT is set, stdout of exploit will be printed to stderr: + "EXPLOIT_STDOUT=1 $0 loop <service> <exploit>" will also print stdout to term +If the env. var EXPLOIT_LOOP_ONCE is set (only valid for loop mode), looping will + stop after looping through all valid rounds and teams: + "EXPLOIT_LOOP_ONCE=1 $0 loop <service> <exploit>" won't wait for next round EOF exit 1 fi set -xeuo pipefail +startunix=`date +%s --utc --date $GAME_START` +current=`date +%s --utc` +if [ ${ROUND_ID:-x} = x ] +then + export ROUND_ID=`$((($current-$startunix)/$ROUND_DURATION))` # BREAKS WHEN THERE ARE LEAP SECONDS DURING GAME +fi +subcommand=$1 +service=$2 +exploit=$3 +# tees stdout, collects flags, puts stdout to stderr, prints counts +exploit_pipe() +{ + stdoutwhere=/dev/null + [ ${EXPLOIT_STDOUT:-x} = x ] && stdoutwhere=/dev/stderr + tee $stdoutwhere | grep -Eo "$FLAG_REGEX" | while read line + do + echo $line `whoami`@`hostname``pwd` $exploit $service + done | nc -v $SUBMISSION_HOST $SUBMISSION_PORT | cut -d\ -f1 | sort | uniq -c | tr $'\n' ' ' | cat /dev/stdin <(echo $'\t<= izkupiček poslanih zastavic') +} +# args: team round +get_flag_ids() +{ + output_flagids=$(curl --fail-with-body --no-progress-bar `game_flag_ids_url $service $1 $2`) + echo [$0] ERROR: failed to get flag ids: $output_flagids >&2 +} +# args: team message +send_error() +{ + echo [$0] ERROR: team=$1: $2 + exploit_error_handler $service $1 `pwd` `whoami`@`hostname` $2 +} +case $subcommand in + once) + target_team=$GAME_NOP_TEAM + if [ $# -ge 3 ] + then + target_team=$3 + fi + timeout $EXPLOIT_TIMEOUT $exploit `game_target_ip $target_team` `get_flag_ids $target_team $ROUND_ID` | expoit_pipe $subcommand + exit_code=$? + if [ ! $exit_code -eq 0 ] && [ ! $exit_code -eq 124 ] + then + send_error $target_team "$exploit exited with $exit_code" + fi + ;; + loop) + for round in {$ROUND_ID..} + do + for target_team in $GAME_TEAMS + do + ROUND_ID=$round $0 once $target_team + done + done + ;; +esac |