Skip to content

Commit

Permalink
init
Browse files Browse the repository at this point in the history
  • Loading branch information
@Randark-JMT
Randark-JMT committed Aug 17, 2024
0 parents commit 67f166c
Show file tree
Hide file tree
Showing 8 changed files with 393 additions and 0 deletions.
Binary file added Misc/default.a
Binary file not shown.
42 changes: 42 additions & 0 deletions Pwn/Dockerfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@
FROM ubuntu:20.04

RUN sed -i "s/http:\/\/archive.ubuntu.com/http:\/\/mirrors.tuna.tsinghua.edu.cn/g" /etc/apt/sources.list && \
sed -i "s/deb http:\/\/se/#/g" /etc/apt/sources.list && \
sed -i "s/deb-src http:\/\/se/#/g" /etc/apt/sources.list && \
apt-get update && apt-get -y dist-upgrade && \
apt-get install -y lib32z1 xinetd

RUN useradd -m ctf

WORKDIR /home/ctf

RUN cp -R /usr/lib* /home/ctf


RUN mkdir /home/ctf/dev && \
mknod /home/ctf/dev/null c 1 3 && \
mknod /home/ctf/dev/zero c 1 5 && \
mknod /home/ctf/dev/random c 1 8 && \
mknod /home/ctf/dev/urandom c 1 9 && \
chmod 666 /home/ctf/dev/*

RUN mkdir /home/ctf/bin && \
cp /bin/sh /home/ctf/bin && \
cp /bin/ls /home/ctf/bin && \
cp /bin/cat /home/ctf/bin

COPY ./ctf.xinetd /etc/xinetd.d/ctf
COPY ./start.sh /start.sh

RUN echo "Blocked by ctf_xinetd" > /etc/banner_fail

RUN chmod +x /start.sh && \
COPY ./bin/ /home/ctf/

RUN chown -R root:ctf /home/ctf && \
chmod -R 750 /home/ctf

CMD ["/start.sh"]

EXPOSE 9999

71 changes: 71 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,71 @@
# 2024 第七届 “巅峰极客” 网络安全技能挑战赛初赛

**[线上初赛参赛手册](./handbook.pdf)**

**[若无特殊说明,题目附件位于Github Release中]**

## Misc

### 简历

> 本题灵感来源于真实*产样本,flag为c2 ip的md5值。例如ip为127.0.0.1,flag则为flag{f528764d624db129b32c21fbca0cb8d6}
由于本题目存在有远程文件分发服务,故建立远程分发文件的存档 [文件存档](Misc/default.a)

## Crypto

### backdoorplus

> 密码学也有后门吗
## Reverse

### BabyRe

> None
## Pwn

### easy_blind

> easyblind
本题附加有一个Dockerfile文件,文件存档位于 [文件存档](Pwn/Dockerfile)

## Web

### EncirclingGame

> A simple game, enjoy it and get the flag when you complete it.
### easy_java

> just try rce
### GoldenHornKing

> 举一反三。
### oldapi

> 我们新式的controller api已经淘汰了老式的servlet api
### php_online

> can you break this sandbox?
### bio_share

> admin's bio is what u want, but admin will not share it to u.Login as test or test2, with the same password 123456a@b, Admin will visit this application using `www.test.com`
### admin_Test

> 某系统有一个后台管理系统,里面的系统可以帮助管理员更好的管理系统并且防护来自于黑客的攻击,但仍存在漏洞,请尝试读取到系统当中的flag文件。
### 伽玛实验场_tpcms01

> 本挑战分为2部分,此为第1部分,请先完成第1部分后再完成第2部分。请仔细阅读附件里的“README.md”。本部分获取的flag值仅供验证是否攻击成功,没法在平台上提交;本部分不计分。
### 伽玛实验场_tpcms02

> 本挑战分为2部分,此为第2部分,请先完成第1部分后再完成第2部分。本部分的分值为固定分值;本部分的提交次数为15次。
136 changes: 136 additions & 0 deletions Web/admin_Test/admin.html
Original file line number Diff line number Diff line change
@@ -0,0 +1,136 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>File Processor</title>
<style>
body {
font-family: 'Segoe UI', Tahoma, Geneva, Verdana, sans-serif;
background: linear-gradient(135deg, #ff4081 0%, #81d4fa 100%);
margin: 0;
padding: 0;
display: flex;
justify-content: center;
align-items: center;
height: 100vh;
}
.wrapper {
background: rgba(255, 255, 255, 0.8);
padding: 40px;
border-radius: 16px;
box-shadow: 0 10px 20px rgba(0, 0, 0, 0.2);
width: 90%;
max-width: 500px;
box-sizing: border-box;
display: grid;
grid-template-rows: auto auto 1fr auto;
gap: 20px;
animation: slideIn 1s ease-out;
}
@keyframes slideIn {
from {
transform: translateY(-100%);
opacity: 0;
}
to {
transform: translateY(0);
opacity: 1;
}
}
h1 {
margin: 0;
font-size: 1.8em;
color: #333;
text-align: center;
}
.file-upload, .command-input, .reset-section {
display: flex;
flex-direction: column;
gap: 10px;
}
.file-upload label, .command-input label {
font-weight: bold;
color: #555;
}
.file-input-container {
position: relative;
width: 100%;
}
.file-input {
position: absolute;
left: 0;
top: 0;
opacity: 0;
width: 100%;
height: 100%;
cursor: pointer;
box-sizing: border-box;
}
.file-label {
display: block;
width: 100%;
padding: 12px;
border: 1px solid #ccc;
border-radius: 6px;
background-color: #fff;
text-align: center;
cursor: pointer;
transition: background-color 0.3s ease;
box-sizing: border-box;
}
.file-label:hover {
background-color: #f1f1f1;
}
input[type="text"] {
width: 100%;
padding: 12px;
border: 1px solid #ccc;
border-radius: 6px;
box-sizing: border-box;
}
.actions {
display: flex;
flex-direction: column;
gap: 10px;
}
input[type="submit"] {
padding: 12px;
border: none;
border-radius: 6px;
background-color: #007bff;
color: white;
cursor: pointer;
transition: background-color 0.3s ease;
box-sizing: border-box;
}
input[type="submit"]:hover {
background-color: #0056b3;
}
</style>
</head>
<body>
<div class="wrapper">
<h1>XXX系统管理后台</h1>

<form class="file-upload" action="upload.php" method="post" enctype="multipart/form-data">
<label for="file">文件上传备份</label>
<div class="file-input-container">
<input type="file" name="file" id="file" class="file-input">
<label for="file" class="file-label">点击选择文件</label>
</div>
<label for="cmd">shell指令快速执行接口</label>
<input type="text" name="cmd" id="cmd" placeholder="请输入命令">
<div class="actions">
<input type="submit" value="上传文件并执行命令">
</div>
</form>

<form class="reset-section" action="upload.php" method="post">
<input type="hidden" name="reset" value="true">
<div class="actions">
<input type="submit" value="重置系统">
</div>
</form>
</div>
</body>
</html>
76 changes: 76 additions & 0 deletions Web/admin_Test/index.html
Original file line number Diff line number Diff line change
@@ -0,0 +1,76 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Login Page</title>
<style>
body {
font-family: 'Segoe UI', Tahoma, Geneva, Verdana, sans-serif;
background: linear-gradient(135deg, #ff4081 0%, #81d4fa 100%);
margin: 0;
padding: 0;
display: flex;
justify-content: center;
align-items: center;
height: 100vh;
}
.login-container {
background: rgba(255, 255, 255, 0.8);
padding: 40px;
border-radius: 16px;
box-shadow: 0 10px 20px rgba(0, 0, 0, 0.2);
width: 90%;
max-width: 400px;
box-sizing: border-box;
animation: fadeIn 1s ease-in-out;
}
@keyframes fadeIn {
from {
opacity: 0;
}
to {
opacity: 1;
}
}
.login-container h2 {
margin-bottom: 20px;
font-size: 1.8em;
color: #333;
text-align: center;
}
.login-container input {
width: 100%;
padding: 12px;
margin: 10px 0;
border: 1px solid #ccc;
border-radius: 6px;
box-sizing: border-box;
}
.login-container button {
width: 100%;
padding: 12px;
background-color: #007bff;
border: none;
border-radius: 6px;
color: #fff;
font-size: 16px;
cursor: pointer;
transition: background-color 0.3s ease;
box-sizing: border-box;
}
.login-container button:hover {
background-color: #0056b3;
}
</style>
</head>
<body>
<div class="login-container">
<h2>用户登录</h2>
<form action="login.php" method="post">
<input type="text" name="username" placeholder="用户名" required>
<input type="password" name="password" placeholder="密码" required>
<button type="submit">登录</button>
</form>
</div>
</body>
</html>
23 changes: 23 additions & 0 deletions Web/admin_Test/login.php
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
<?php
session_start();

if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$username = $_POST['username'];
$password = $_POST['password'];

$valid_username = 'admin';
$valid_password = 'qwe123!@#';

if ($username === $valid_username && $password === $valid_password) {
$_SESSION['loggedin'] = true;
$_SESSION['username'] = $username;
header('Location: admin.html');
exit;
} else {
echo '<script>alert("Invalid username or password.");window.location.href="index.html";</script>';
}
} else {
header('Location: index.html');
exit;
}
?>
Loading

0 comments on commit 67f166c

Please sign in to comment.