Release BQ 2019 readme and readme-2

2019/beginners/sandbox-readme-2/metadata.json

@@ -0,0 +1,14 @@
+{
+  "challenge": {
+    "name": "Work Computer (ORME)",
+    "description": "With the confidence of conviction and decision making skills that made you a contender for Xenon's Universal takeover council, now disbanded, you forge ahead to the work computer.   This machine announces itself to you, surprisingly with a detailed description of all its hardware and peripherals. Your first thought is \"Why does the display stand need to announce its price? And exactly how much does 999 dollars convert to in Xenonivian Bucklets?\" You always were one for the trivialities of things.\n\nAlso presented is an image of a fascinating round and bumpy creature, labeled \"Cauliflower for cWo\" - are \"Cauliflowers\" earthlings?  Your 40 hearts skip a beat - these are not the strange unrelatable bipeds you imagined earthings to be.. this looks like your neighbors back home. Such curdley lobes. Will it be at the party?\n\nSarahH, who appears to be  a programmer with several clients, has left open a terminal.  Oops.  Sorry clients!  Aliens will be poking around attempting to access your networks.. looking for Cauliflower.   That is, *if* they can learn to navigate such things.",
+    "points": 200,
+    "identifier": "readme-2",
+    "category": "sandbox",
+    "tags": [
+      "sandbox"
+    ],
+    "flag": "CTF{Th3r3_1s_4lw4y5_4N07h3r_W4y}",
+    "released": true
+  }
+}

2019/beginners/sandbox-readme/.gitignore

@@ -0,0 +1,3 @@
+lsh/
+shell.c
+shell

2019/beginners/sandbox-readme/Dockerfile

@@ -0,0 +1,50 @@
+# Copyright 2019 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+FROM alpine:latest
+LABEL maintainer="Francisco Ribeiro <[email protected]>"
+RUN apk --update add --no-cache ca-certificates
+
+#FROM scratch
+#ENV PATH=/bin
+#COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
+RUN /sbin/apk add readline-dev busybox upx
+
+RUN mkdir /srv/challenge_setup
+RUN mkdir /challenge
+COPY README.flag /srv/challenge_setup
+COPY ORME.flag /srv/challenge_setup
+COPY setup_disclaimer /srv/challenge_setup/this_directory_is_not_part_of_the_challenge
+COPY group /etc/
+COPY passwd /etc/passwd
+
+RUN /bin/chown -R 1337:1337 /srv/challenge_setup
+RUN /bin/chmod 500 /srv/challenge_setup
+RUN /bin/chmod 400 /srv/challenge_setup/README.flag /srv/challenge_setup/ORME.flag /srv/challenge_setup/this_directory_is_not_part_of_the_challenge
+
+COPY shell /bin/shell
+ENV USER login
+RUN /bin/chown 1338:1338 /bin/shell
+RUN /bin/chmod 04555 /bin/shell
+WORKDIR /bin
+RUN rm -f chmod cp mv link ln linux32 linux64 base64 cat dd ed egrep grep fgrep gunzip gzip more sed zcat rev su fatattr kbd_mode  bbconfig touch
+WORKDIR /usr/bin
+RUN rm -f hd tac uudecode uuencode less cmp head awk bunzip2 comm uniq sort traceroute nc hexdump xxd od xargs strings tr tee tail diff wget vi bzcat bzip2 cut find dumpleases xzcat ssl_client pscan nl whois traceroute6 unzip paste expand unexpand
+WORKDIR /usr/sbin
+RUN rm -f add-shell arping ether-wake sendmail remove-shell
+
+RUN rm -f /bin/sh /bin/ash
+WORKDIR /challenge
+
+#RUN chmod 000 /challenge/ORME.flag
+#ENTRYPOINT [ "/srv/challenge_setup/sh" ]

2019/beginners/sandbox-readme/Makefile

@@ -0,0 +1,27 @@
+# Copyright 2019 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+default: shell
+
+lsh/src/main.c:
+	git clone https://github.com/brenns10/lsh.git
+
+shell.c: main.c.patch lsh/src/main.c
+	cp lsh/src/main.c shell.c
+	patch shell.c main.c.patch
+
+shell: shell.c
+	gcc -o shell shell.c
+
+.PHONY: default

2019/beginners/sandbox-readme/ORME.flag

@@ -0,0 +1 @@
+CTF{Th3r3_1s_4lw4y5_4N07h3r_W4y}

2019/beginners/sandbox-readme/README

@@ -0,0 +1,11 @@
+README if you can!
+
+A challenge to read a file without most common tools used for such purpose. Player starts with access to a custom shell running in a container and should seek a way to obtain the content of one or two flags (/README.flag and /ORME.flag).
+
+To build:
+===========
+./build.sh
+
+To run:
+===========
+./run.sh

2019/beginners/sandbox-readme/README.flag

@@ -0,0 +1 @@
+CTF{4ll_D474_5h4ll_B3_Fr33}

2019/beginners/sandbox-readme/build.sh

@@ -0,0 +1,14 @@
+# Copyright 2019 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+docker build -t readme-ctf .

2019/beginners/sandbox-readme/group

@@ -0,0 +1,49 @@
+root:x:0:root
+bin:x:1:root,bin,daemon
+daemon:x:2:root,bin,daemon
+sys:x:3:root,bin,adm
+adm:x:4:root,adm,daemon
+tty:x:5:
+disk:x:6:root,adm
+lp:x:7:lp
+mem:x:8:
+kmem:x:9:
+wheel:x:10:root
+floppy:x:11:root
+mail:x:12:mail
+news:x:13:news
+uucp:x:14:uucp
+man:x:15:man
+cron:x:16:cron
+console:x:17:
+audio:x:18:
+cdrom:x:19:
+dialout:x:20:root
+ftp:x:21:
+sshd:x:22:
+input:x:23:
+at:x:25:at
+tape:x:26:root
+video:x:27:root
+netdev:x:28:
+readproc:x:30:
+squid:x:31:squid
+xfs:x:33:xfs
+kvm:x:34:kvm
+games:x:35:
+shadow:x:42:
+postgres:x:70:
+cdrw:x:80:
+usb:x:85:
+vpopmail:x:89:
+users:x:100:games
+ntp:x:123:
+nofiles:x:200:
+smmsp:x:209:smmsp
+locate:x:245:
+abuild:x:300:
+utmp:x:406:
+ping:x:999:
+nogroup:x:65533:
+nobody:x:65534:
+challenger:x:1337:challenger

2019/beginners/sandbox-readme/healthcheck/Dockerfile

@@ -0,0 +1,33 @@
+# Copyright 2019 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+FROM python:3.6-alpine
+
+RUN set -e -x ;\
+        apk add --no-cache gcc python3-dev musl-dev ;\
+        pip install nameko
+
+RUN set -e -x ;\
+        mkdir /app ;\
+        adduser -S app
+
+ADD config.yaml /app/
+ADD healthcheck.py /app/
+
+RUN set -e -x ;\
+        chown -R app /app
+
+USER app
+WORKDIR /app
+EXPOSE 5000
+CMD nameko run --config config.yaml healthcheck

2019/beginners/sandbox-readme/healthcheck/config.yaml

@@ -0,0 +1,14 @@
+# Copyright 2019 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+WEB_SERVER_ADDRESS: '0.0.0.0:5000'

2019/beginners/sandbox-readme/healthcheck/healthcheck.py

@@ -0,0 +1,90 @@
+# Copyright 2019 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+import logging
+import os
+
+import nameko
+from nameko.web.handlers import HttpRequestHandler
+from nameko.timer import timer
+import socket
+
+logger = logging.getLogger('healthcheck')
+
+http = HttpRequestHandler.decorator
+
+state = {
+    'healthy': None
+}
+
+class HealthcheckService:
+  name = 'healthcheck'
+
+
+  @http('GET', '/')
+  def healthcheck_handler(self, request):
+    if state['healthy']:
+      return 200, 'healthy\n'
+    else:
+      return 503, 'unhealthy\n'
+
+  @timer(interval=30)
+  def healtcheck(self):
+    address = os.environ.get('ADDRESS', '127.0.0.01')
+    port = int(os.environ.get('PORT', '1337'))
+
+    retries = 5
+    while retries > 0:
+      health = False
+      try:
+        health = healthcheck_challenge(address, port)
+      except Exception as e:
+        logger.warning('Healthcheck exception: {}'.format(e))
+      if health:
+        break
+      logger.info('Retrying...')
+      retries -= 1
+
+    if health != state['healthy']:
+      if health:
+        logger.info('Challenge became healthy.')
+      else:
+        logger.info('Challenge became unhealthy.')
+    state['healthy'] = health
+
+def read_byte(sock):
+  buf = sock.recv(1)
+  if not buf:
+    raise EOFError
+  return buf
+
+def read_until(sock, sentinel="\n"):
+  s = ""
+  while not s.endswith(sentinel):
+    try:
+      s += read_byte(sock).decode("utf-8")
+    except EOFError:
+      raise
+  return s
+
+# Implement your healthchecking here.
+# Beware, this framework uses eventlet - third party I/O libraries might not
+# work. Also, this is Python3.
+
+def healthcheck_challenge(address, port):
+  s = socket.create_connection((address, port))
+  s.settimeout(10)
+  read_until(s, '>')
+  s.send(b'ls\n')
+  read_until(s, 'README.flag')
+  return True

2019/beginners/sandbox-readme/healthcheck/run.sh

@@ -0,0 +1,26 @@
+#!/bin/bash
+# Copyright 2019 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+docker build -t healthcheck .
+
+echo "Starting healthcheck container at port 5000"
+ENV=""
+if [ -n "$ADDRESS" ]; then
+  ENV="$ENV -e ADDRESS=$ADDRESS"
+fi
+if [ -n "$PORT" ]; then
+  ENV="$ENV -e PORT=$PORT"
+fi
+exec docker run --rm -it -p 5000:5000 $ENV healthcheck