Created
February 23, 2012 05:00
-
-
Save lezhangxyz/1890401 to your computer and use it in GitHub Desktop.
ctfsh
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| if [ ! -t 0 ]; then | |
| echo >&2 'STDIN is not a terminal' | |
| exit 1 | |
| fi | |
| clear | |
| cd "$(mktemp -d)" | |
| # we want other users to be able to read our directory for convenience | |
| chmod 755 . | |
| cat <<EOF | |
| __ | |
| (__) | |
| ||______________________________ | |
| || | | |
| || _ _ | | |
| || ___| |_ _ __(_)_ __ ___ | | |
| || / __| __| '__| | '_ \ / _ \ | | |
| || \__ \ |_| | | | |_) | __/ | | |
| || |___/\__|_| |_| .__/ \___| | | |
| || |_| | | |
| || | | |
| ||~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | |
| || | |
| || | |
| || | |
| || | |
| EOF | |
| case "$USER" in | |
| level01) | |
| cat <<EOF | |
| Welcome to the Stripe CTF challenge! | |
| Stripe CTF is a wargame, inspired by SmashTheStack I/O[1]. | |
| In /home/level02/.password is the SSH password for the level02 | |
| user. Your mission, should you choose to accept it, is to read that | |
| file. You may find the binary /levels/level01 and its source code | |
| /levels/level01.c useful. | |
| We've created a scratch directory for you in /tmp. | |
| There are a total of 6 levels in this CTF; if you're stuck, feel free | |
| to email [email protected] for guidance. | |
| Happy hacking, | |
| The Stripe team | |
| [1] http://io.smashthestack.org:84/ | |
| EOF | |
| ;; | |
| level02) | |
| cat <<EOF | |
| Congratulations on making it to level 2! | |
| The password for the next level is in /home/level03/.password. This | |
| one is a web-based vulnerability, so go ahead and point your browser | |
| to http://ctf.stri.pe/level02.php. You'll need to provide the password | |
| for level02 using HTTP digest authentication. | |
| You can find the source code for level02.php in /var/www/. | |
| There are 6 levels in this CTF; if you're stuck, feel free to email | |
| [email protected] for guidance. | |
| Best of luck! | |
| EOF | |
| ;; | |
| level03) | |
| cat <<EOF | |
| Congratulations on making it to level 3! | |
| The password for the next level is in /home/level04/.password. As | |
| before, you may find /levels/level03 and /levels/level03.c useful. | |
| While the supplied binary mostly just does mundane tasks, we trust | |
| you'll find a way of making it do something much more interesting. | |
| There are 6 levels in this CTF; if you're stuck, feel free to email | |
| [email protected] for guidance. | |
| Best of luck! | |
| EOF | |
| ;; | |
| level04) | |
| cat <<EOF | |
| Congratulations on making it to level 4! | |
| The password for the next level is in /home/level05/.password. As | |
| before, you may find /levels/level04 and /levels/level04.c useful. | |
| The vulnerabilities overfloweth! | |
| There are 6 levels in this CTF; if you're stuck, feel free to email | |
| [email protected] for guidance. | |
| Best of luck! | |
| EOF | |
| ;; | |
| level05) | |
| cat <<EOF | |
| Congratulations on making it to level 5! You're almost done! | |
| The password for the next (and final) level is in /home/level06/.password. | |
| As it turns out, level06 is running a public uppercasing service. You | |
| can POST data to it, and it'll uppercase the data for you: | |
| curl localhost:9020 -d 'hello friend' | |
| { | |
| "processing_time": 5.0067901611328125e-06, | |
| "queue_time": 0.41274619102478027, | |
| "result": "HELLO FRIEND" | |
| } | |
| You can view the source for this service in /levels/level05. As you | |
| can see, the service is structured as a queue server and a queue | |
| worker. | |
| Could it be that this seemingly innocuous service will be level06's | |
| downfall? | |
| EOF | |
| ;; | |
| level06) | |
| cat <<EOF | |
| Congratulations on making it to level 6! This is the final level. The | |
| flag is almost in your grasp. | |
| The password for the flag is in /home/the-flag/.password. | |
| As it turns out, the-flag is a pretty arrogant user. He created a | |
| taunting utility and left it in /levels/level06 (source code in | |
| /levels/level06.c). This utility will read the first line of a | |
| specified file, compare it with your supplied guess, and taunt you | |
| unless you guessed correctly. | |
| You could try using the taunt utility to brute-force the password, but | |
| that would take... well, I don't want to say forever, but | |
| approximately that. I guess you'll have to find another way. | |
| Best of luck! | |
| EOF | |
| ;; | |
| esac | |
| handle="(undefined)" | |
| echo | |
| read -p "Please enter your preferred handle: " handle | |
| echo "Welcome, $handle!" | |
| mailer.py "Login from $handle to $USER" root@localhost <<EOF | |
| At $(date), there was a login from $handle to $USER. | |
| SSH_CONNECTION: $SSH_CONNECTION | |
| SSH_TTY: $SSH_TTY | |
| EOF | |
| export HANDLE="$handle" | |
| exec /bin/bash |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment