Updates from saarCTF 2022

Author: Markus Bauer

.gitlab-ci.yml

@@ -1,4 +1,4 @@
-image: debian:buster
+image: debian:bullseye
 
 variables:
   # Initialize submodules
@@ -33,9 +33,9 @@ cache:
     - .cache
 
 services:
-  - name: postgres:11
-  - name: redis:5.0-alpine
-  - name: rabbitmq:3.7-management-alpine
+  - name: postgres:13
+  - name: redis:6.0-alpine
+  - name: rabbitmq:3.8-management-alpine
 
 flag-submission:
   before_script:

.idea/codeStyles/Project.xml

@@ -45,6 +45,7 @@ def execute_checker(package: str, script: str, service_id: int, team_id: int, ro
 	:return: (db-status, message) The (db) status of this execution, and an error message (if applicable)
 	"""
 	import pwnlib
+	import pwnlib.exception
 
 	team = gamelib.Team(team_id, '#' + str(team_id), team_id_to_vulnbox_ip(team_id))
 	try:
@@ -72,7 +73,7 @@ def execute_checker(package: str, script: str, service_id: int, team_id: int, ro
 				gamelogger.GameLogger.log(f'----- retrieve_flags({round - 1}) -----')
 				checker.retrieve_flags(team, round - 1)
 				if result: result.retrieved = True
-			elif round == -1:
+			elif round <= -1:
 				# Test run - retrieve the flag we just have set
 				gamelogger.GameLogger.log(f'----- retrieve_flags({round}) -----')
 				checker.retrieve_flags(team, round)
@@ -99,6 +100,9 @@ def execute_checker(package: str, script: str, service_id: int, team_id: int, ro
 	except requests.ConnectionError as e:
 		traceback.print_exc()
 		return 'OFFLINE', 'Connection timeout'
+	except requests.exceptions.Timeout as e:
+		traceback.print_exc()
+		return 'OFFLINE', 'Connection timeout'
 	except pwnlib.exception.PwnlibException as e:
 		if 'Could not connect to' in e.args[0]:
 			return 'OFFLINE', str(e.args[0])

.idea/misc.xml

@@ -65,6 +65,8 @@ def load_module_from_package(cls, package: str, filename: str) -> ModuleType:
 		# Import module
 		cls.ensure_package_exists(package)
 		spec = importlib.util.spec_from_file_location(modulename, CHECKER_PACKAGES_PATH + '/' + package + '/' + filename)
+		if spec is None:
+			raise Exception('Spec/Loader is not present')
 		module = importlib.util.module_from_spec(spec)
 		if spec.loader is None:
 			raise Exception('Loader is not present')

.idea/saarctf.iml

@@ -5,9 +5,9 @@ set -euxo pipefail
 apt-get update
 apt-get install -y \
     curl
-curl -sL https://deb.nodesource.com/setup_12.x | bash
+#curl -sL https://deb.nodesource.com/setup_12.x | bash
 apt-get -y install --no-install-recommends \
-    clang-7 \
+    clang-11 \
     cmake \
     g++ \
     git \
@@ -16,15 +16,23 @@ apt-get -y install --no-install-recommends \
     libpq-dev \
     libssl-dev \
     nodejs \
-    postgresql-client-11 \
+    postgresql-client-13 \
     postgresql-server-dev-all \
     psmisc \
     python2.7 \
+    python3 \
     python3-dev \
     python3-pip \
     python3-setuptools \
     python3-wheel \
-    python3-cryptography
+    python3-cryptography \
+    python3-redis python3-psycopg2 \
+    python3-flask python3-flask-api python3-flask-migrate python3-flask-restful \
+    python3-sqlalchemy \
+    python3-setproctitle python3-filelock python3-htmlmin python3-ujson \
+    nodejs npm
+
+ln -s /usr/bin/nodejs /usr/local/bin/node
 
 # Install pip dependencies
 python3 -m pip install -r requirements.txt

.idea/vcs.xml

@@ -109,6 +109,9 @@ def spawn_gamseserver_components() -> t.List[process]:
             "--hostname=ident@%h",
         ],
         stderr=stderr,
+        # stdout must be a pipe, not a pty. but stderr must also be captured. pwntools can't do this, so we work around:
+        stdout=subprocess.PIPE,
+        preexec_fn=lambda: os.dup2(1, 2)
     )
 
     # Ensure all processes are started

checker_runner/checker_execution.py

@@ -11,7 +11,7 @@ flask run --host=0.0.0.0 &
 # Build flag submission server
 mkdir flag-submission-server/build
 pushd flag-submission-server/build
-cmake -DCMAKE_BUILD_TYPE=Release ..
+cmake -DCMAKE_BUILD_TYPE=Release -DPostgreSQL_ADDITIONAL_VERSIONS=13 ..
 make
 popd
 

checker_runner/package_loader.py

@@ -26,6 +26,8 @@
     "scoreboard_path": "/dev/shm/scoreboard",
     "checker_packages_path": "/dev/shm/packages",
     "logo_input_path": "...",
+    "patches_path": "/dev/shm/patches",
+    "patches_public_path": "/dev/shm/patches-webroot",
     "flower_url": "http://localhost:5555/",
     "coder_url": "",
     "scoreboard_url": "",
@@ -45,6 +47,7 @@
         "team_range": [127, [200, 256, 0], [1, 200, 0], 0, 24],
         "vpn_host": "10.32.250.1",
         "vpn_peer_ips": [10, [200, 256, 48], [1, 200, 0], 1],
-        "gameserver_ip": "10.32.250.2"
+        "gameserver_ip": "10.32.250.2",
+        "gameserver_range": "10.32.250.0/24"
     }
 }

ci/install_dependencies.sh

@@ -47,6 +47,7 @@
 import controlserver.endpoints.flags
 import controlserver.endpoints.influx
 import controlserver.endpoints.services
+import controlserver.endpoints.patches
 from controlserver.models import init_models
 from controlserver.model_admin import register_admin
 
@@ -57,6 +58,7 @@
 app.register_blueprint(controlserver.endpoints.flags.app)
 app.register_blueprint(controlserver.endpoints.influx.app)
 app.register_blueprint(controlserver.endpoints.services.app)
+app.register_blueprint(controlserver.endpoints.patches.app)
 app.register_blueprint(controlserver.endpoints.api.app)
 init_models(app)
 register_admin(app)

ci/test-demo-checker.py

@@ -40,7 +40,7 @@ def __init__(self):
 	def dispatch_checker_scripts(self, roundnumber: int):
 		redis = get_redis_connection()
 		if CONFIG.get('dispatcher_check_vpn_status', False):
-			teams = Team.query.filter(Team.vpn_connected == True).all()
+			teams = Team.query.filter((Team.vpn_connected == True) | (Team.vpn2_connected == True)).all()
 		else:
 			teams = Team.query.all()
 		services = Service.query.order_by(Service.id).filter(Service.checker_enabled == True).all()
@@ -209,7 +209,7 @@ def create_flagid_json(self, teams: List[Team], services: List[Service], roundnu
 				'id': team.id,
 				'name': team.name,
 				'ip': team.vulnbox_ip,
-				'online': team.vpn_connected
+				'online': team.vpn_connected or team.vpn2_connected
 			} for team in teams]
 		}
 		for service in services:

ci/test-flag-submission.sh

@@ -16,6 +16,23 @@ def api_grafana_warning():
 		return 'Invalid', 500
 	if data['state'] != 'alerting':
 		return 'We only want alerts', 500
-	text = data['message'] + '\nRule: ' + data['ruleName'] + '\n' + data['ruleUrl']
-	log('Grafana', data['title'], text, LogMessage.WARNING)
+	if 'ruleName' in data:
+		text = data['message'] + '\nRule: ' + data['ruleName'] + '\n' + data['ruleUrl']
+		log('Grafana', data['title'], text, LogMessage.WARNING)
+	elif 'alerts' in data:
+		for alert in data['alerts']:
+			if alert['status'] != 'firing':
+				continue
+			title = '[Grafana] ' + alert['labels']['alertname']
+			if 'rulename' in alert['labels']:
+				title += ' / ' + alert['labels']['rulename']
+			text = []
+			if 'dashboardURL' in alert and alert['dashboardURL']:
+				text.append('Dashboard: ' + alert['dashboardURL'])
+			if 'panelURL' in alert and alert['panelURL']:
+				text.append('Panel: ' + alert['panelURL'])
+			log('Grafana', title, '\n'.join(text), LogMessage.WARNING)
+	else:
+		text = data['title'] + '\n' + data['message']
+		log('Grafana', data['title'], text, LogMessage.WARNING)
 	return 'OK'

config.sample.json

@@ -117,10 +117,11 @@ def overview_components():
 @app.route('/overview/vpn')
 def overview_vpn():
 	vpn = VPNControl()
-	teams = [{'id': team.id, 'name': team.name, 'network': team_id_to_network_range(team.id), 'tick': tick} for team, tick in vpn.get_banned_teams()]
-	teams_online = Team.query.filter(Team.vpn_connected == True).count()
-	teams_online_once = Team.query.filter(Team.vpn_connected == False, Team.vpn_last_connect != None).count()
-	teams_offline = Team.query.filter(Team.vpn_connected == False, Team.vpn_last_connect == None).count()
+	banned_teams = [{'id': team.id, 'name': team.name, 'network': team_id_to_network_range(team.id), 'tick': tick} for team, tick in vpn.get_banned_teams()]
+	open_teams = [{'id': team.id, 'name': team.name, 'network': team_id_to_network_range(team.id)} for team in vpn.get_open_teams()]
+	teams_online = Team.query.filter((Team.vpn_connected == True) | (Team.vpn2_connected == True)).count()
+	teams_online_once = Team.query.filter((Team.vpn_connected == False) & (Team.vpn2_connected == False), Team.vpn_last_connect != None).count()
+	teams_offline = Team.query.filter((Team.vpn_connected == False) & (Team.vpn2_connected == False), Team.vpn_last_connect == None).count()
 
 	# format: dt_bytes, dt_syns, dg_bytes, dg_syns, ut_bytes, ut_syns, ug_bytes, ug_syns
 	# list of last X time points, ascending
@@ -134,7 +135,7 @@ def overview_vpn():
 		trafficstats.append(list(map(int, line[1:])))
 
 	return jsonify({
-		'state': vpn.get_state().value, 'banned': teams,
+		'state': vpn.get_state().value, 'banned': banned_teams, 'permissions': open_teams,
 		'teams_online': teams_online, 'teams_online_once': teams_online_once, 'teams_offline': teams_offline,
 		'traffic_stats': trafficstats[::-1],
 		'traffic_stats_keys': trafficstats_keys[::-1]
@@ -150,6 +151,10 @@ def overview_set_vpn():
 		vpn.ban_team(request.json['ban']['team_id'], request.json['ban']['tick'])
 	if 'unban' in request.json:
 		vpn.unban_team(request.json['unban'])
+	if 'add_permission' in request.json:
+		vpn.add_permission_team(request.json['add_permission'])
+	if 'remove_permission' in request.json:
+		vpn.remove_permission_team(request.json['remove_permission'])
 	return 'OK'