WIP cscg24

This commit is contained in:
2024-03-02 02:46:14 +01:00
parent 4993c1ff1d
commit cd68823bf5
41 changed files with 22825 additions and 0 deletions

BIN
cscg24/.DS_Store vendored Normal file

Binary file not shown.

BIN
cscg24/misc/.DS_Store vendored Normal file

Binary file not shown.

Binary file not shown.

View File

@@ -0,0 +1,33 @@
FROM php:7.3-apache
ADD --chmod=0755 \
https://raw.githubusercontent.com/reproducible-containers/repro-sources-list.sh/v0.1.0/repro-sources-list.sh \
/usr/local/bin/repro-sources-list.sh
#RUN bash /usr/local/bin/repro-sources-list.sh && apt-get update && apt-get -y install python2 curl tar
RUN apt-get update && apt-get -y install python2 curl tar
# Expose apache.
EXPOSE 1024
ADD src/ /var/www/site/
RUN chmod -R 755 /var/www/
RUN chown -R www-data:www-data /var/www
COPY flag /flag
RUN chmod 777 /flag
RUN mkdir -p /var/www/site/uploads
RUN chmod -R 777 /var/www/site/uploads
# Update the default apache site with the config we created.
ADD apache-config.conf /etc/apache2/sites-enabled/000-default.conf
RUN sed -i 's/Listen 80/Listen 1024/' /etc/apache2/ports.conf
# Install ply and lolcode1337
WORKDIR /opt/
RUN curl https://www.dabeaz.com/ply/ply-2.2.tar.gz -k -o ply-2.2.tar.gz && curl http://dalkescientific.com/writings/diary/lolpython.py -k -o lolcode.py && \
tar -xvf ply-2.2.tar.gz && cd ply-2.2 && python2 setup.py install

View File

@@ -0,0 +1,15 @@
<VirtualHost *:1024>
ServerAdmin me@mydomain.com
DocumentRoot /var/www/site
<Directory /var/www/site/>
Options -Indexes +FollowSymLinks +MultiViews
AllowOverride All
Order deny,allow
Allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

View File

@@ -0,0 +1 @@
CSCG{TESTFLAG}

View File

@@ -0,0 +1,767 @@
#!/usr/bin/env python
# Implementation of the LOLPython language.
# Converts from LOLPython to Python then optionally runs the Python.
# This package depends on PLY -- http://www.dabeaz.com/ply/
# Written by Andrew Dalke <dalke@dalkescientific.com>
# Dalke Scientific Software, LLC
# 1 June 2007, Gothenburg, Sweden
#
# This software is in the public domain. For details see:
# http://creativecommons.org/licenses/publicdomain/
import sys
import keyword
import os
import types
from cStringIO import StringIO
from ply import *
__NAME__ = "lolpython"
__VERSION__ = "1.0"
# Translating LOLPython tokens to Python tokens
# This could be cleaned up. For example, some of
# these tokens could be merged into one.
tokens = (
"NAME", # variable names
"RESERVED", # Used for Python reserved names
"NUMBER", # Integers and floats
"STRING",
"OP", # Like the Python OP
"CLOSE", # Don't really need this..
"COMMENT",
"AUTOCALL", # write t.value then add '('
"INLINE", # write t.value directly
"FUTURE", # for the "I FUTURE CAT WITH" statement
"PRINT", # VISIBLE -> stdout or COMPLAIN -> stderr
"ENDMARKER",
"COLON",
"WS",
"NEWLINE",
)
# Helper functions for making given token types
def OP(t, value):
t.type = "OP"
t.value = value
return t
def RESERVED(t, value):
t.type = "RESERVED"
t.value = value
return t
def AUTOCALL(t, value):
t.type = "AUTOCALL"
t.value = "tuple"
t.lexer.paren_stack.append(")")
return t
def INLINE(t, value):
t.type = "INLINE"
t.value = value
return t
#####
# ply uses a large regex for token detection, and sre is limited to
# 100 groups. This grammar pushes the limit. I use (?:non-grouping)
# parens to keep the count down.
def t_ASSIGN(t): # cannot be a simple pattern because it must
r'CAN[ ]+HA[SZ]\b' # come before the t_NAME definition
return OP(t, "=")
def t_SINGLE_QUOTE_STRING(t):
r"'([^\\']+|\\'|\\\\)*'" # I think this is right ...
t.type = "STRING"
t.value = t.value[1:-1].decode("string-escape")
return t
def t_DOUBLE_QUOTE_STRING(t):
r'"([^\\"]+|\\"|\\\\)*"'
t.type = "STRING"
t.value = t.value[1:-1].decode("string-escape")
return t
# and LOL quoted strings! They end with /LOL
# No way to have "/LOL" in the string.
def t_LOL_STRING(t):
r"LOL[ ]*((?!/LOL).|\n)*[ ]*/LOL"
t.type = "STRING"
t.value = t.value[3:-4].strip(" ")
return t
# Aliases for the same thing - for extra cuteness
def t_LSQUARE(t):
r"(?:SOME|LOOK[ ]AT|LET[ ]+THE)\b"
t.lexer.paren_stack.append(']')
return OP(t, "[")
def t_LPAREN(t):
r"(?:WIT|THEZ)\b"
t.lexer.paren_stack.append(')')
return OP(t, "(")
def t_LBRACE(t):
r"BUCKET\b"
t.lexer.paren_stack.append("}")
return OP(t, "{")
def t_CLOSE(t):
r"(?:OK(!+|\b)|!+)"
stack = t.lexer.paren_stack
if t.value.startswith("OK"):
num_closes = len(t.value)-1 # OK -> 1, OK! -> 2, OK!!->3
else:
num_closes = len(t.value) # ! -> 1, !! -> 2
# Which close is this? I use "OK" to match (, [ and {
if len(stack) < num_closes:
raise AssertionError("not enough opens on the stack: line %d"
% (t.lineno,))
t.value = "".join(stack[-num_closes:][::-1])
del stack[-num_closes:]
return t
def t_EQ(t):
r"KINDA[ ]+LIKE\b"
return OP(t, "==")
def t_NE(t):
r"(?:KINDA[ ]+)?NOT[ ]+LIKE\b"
return OP(t, "!=")
def t_is(t):
r"KINDA[ ]+IS\b"
return RESERVED(t, "is")
def t_GT(t):
r"ATE[ ]+MORE[ ]+CHEEZBURGERS?[ ]+THAN\b"
return OP(t, ">")
def t_LT(t):
r"ATE[ ]+FEWER[ ]+CHEEZBURGERS?[ ]+THAN\b"
return OP(t, "<")
def t_GTE(t):
r"BIG[ ]+LIKE\b"
return OP(t, ">=")
def t_LTE(t):
r"SMALL[ ]+LIKE\b"
return OP(t, "<=")
def t_RETURN(t):
r"U[ ]+TAKE\b"
return RESERVED(t, "return")
def t_yield(t):
r"U[ ]+BORROW\b"
return RESERVED(t, "yield")
def t_ELIF(t):
r"OR[ ]+IZ\b"
return RESERVED(t, "elif")
def t_ELSE(t):
r"(?:(?:I[ ]+GIVE[ ]+UP|IZ[ ]+KEWL|ALL[ ]+DONE)|NOPE)\b"
return RESERVED(t, "else")
def t_COLON(t):
r"\?"
t.value = ":"
return t
def t_FROM(t):
r"IN[ ]+MAI\b"
return RESERVED(t, "from")
def t_EXCEPT(t):
r"O[ ]+NOES\b"
return RESERVED(t, "except")
def t_PLUS(t):
r"ALONG[ ]+WITH\b"
return OP(t, "+")
def t_MINUS(t):
r"TAKE[ ]+AWAY\b"
return OP(t, "-")
def t_PLUS_EQUAL(t):
r"GETZ[ ]+ANOTHR\b"
return OP(t, "+=")
def t_MINUS_EQUAL(t):
r"THROW[SZ]?[ ]+AWAY\b"
return OP(t, "-=")
def t_DIV(t):
r"SMASHES[ ]+INTO\b"
return OP(t, "/")
def t_DIV_EQUAL(t):
r"SMASHES[ ]+INTO[ ]+HAS\b"
return OP(t, "/=")
def t_TRUEDIV(t):
r"SMASHES[ ]+NICELY[ ]+INTO\b"
return OP(t, "//")
def t_MUL(t):
r"OF[ ]THOSE\b"
return OP(t, "*")
def t_MUL_EQUAL(t):
r"COPIES[ ]+(?:HIM|HER|IT)SELF[ ]+BY\b"
return OP(t, "*=")
def t_POW(t):
r"BY[ ]+GRAYSKULL[ ]+POWER"
return OP(t, "**")
def t_IN(t):
r"IN[ ]+(?:UR|THE|THIS)\b"
return OP(t, "in")
def t_del(t):
r"DO[ ]+NOT[ ]+WANT\b"
return RESERVED(t, "del")
def t_and(t):
r"\&"
return RESERVED(t, "and")
def t_or(t):
r"OR[ ]+MABEE\b"
return RESERVED(t, "or")
def t_pass(t):
r"I[ ]+IZ[ ]+CUTE\b"
return RESERVED(t, "pass")
def t_forever(t):
r"WHILE[ ]+I[ ]+CUTE\b"
return INLINE(t, "while 1")
def t_def(t):
r"SO[ ]+IM[ ]+LIKE\b"
return RESERVED(t, "def")
def t_class(t):
r"ME[ ]+MAKE[ ]\b"
return RESERVED(t, "class")
def t_future(t):
r"I[ ]+FUTURE[ ]+CAT[ ]+WITH\b"
t.type = "FUTURE"
return t
def t_assert(t):
r"SO[ ]+GOOD\b"
return RESERVED(t, "assert")
def t_assert_not(t):
r"AINT[ ]+GOOD\b"
return INLINE(t, "assert not ")
def t_for(t):
r"GIMME[ ]+EACH\b"
return RESERVED(t, "for")
def t_list(t):
r"ALL[ ]+OF\b"
return AUTOCALL(t, "tuple")
RESERVED_VALUES = {
"EASTERBUNNY": ("NUMBER", "0"),
"CHEEZBURGER": ("NUMBER", "1"),
"CHOKOLET": ("NUMBER", "-1"),
"TWIN": ("NUMBER", "2"),
"TWINZ": ("NUMBER", "2"),
"TWINS": ("NUMBER", "2"),
"EVILTWIN": ("NUMBER", "-2"),
"EVILTWINZ": ("NUMBER", "-2"),
"EVILTWINS": ("NUMBER", "-2"),
"ALLFINGERZ": ("NUMBER", "10"),
"TOEZ": ("NUMBER", "-10"),
"ONE": ("NUMBER", "1"),
"ONCE": ("NUMBER", "1"),
"TWO": ("NUMBER", "2"),
"TWICE": ("NUMBER", "2"),
"THR33": ("NUMBER", "3"),
"FOUR": ("NUMBER", "4"),
"FIV": ("NUMBER", "5"),
"SIKS": ("NUMBER", "6"),
"SEVN": ("NUMBER", "7"),
"ATE": ("NUMBER", "8"),
"NINE": ("NUMBER", "9"),
"MEH": ("NAME", "False"),
"YEAH": ("NAME", "True"),
"VISIBLE": ("PRINT", "stdout"),
"COMPLAIN": ("PRINT", "stderr"),
"AND": ("OP", ","),
"BLACKHOLE": ("RESERVED", "ZeroDivisionError"),
"DONOTLIKE": ("AUTOCALL", "AssertionError"),
"ANTI": ("OP", "-"),
"IZ": ("RESERVED", "if"),
"GIMME": ("RESERVED", "import"),
"LIKE": ("RESERVED", "as"),
"OWN": ("OP", "."),
"PLZ": ("RESERVED", "try"),
"HALP": ("RESERVED", "raise"),
"WHATEVER": ("RESERVED", "finally"),
"KTHX": ("RESERVED", "continue"),
"KTHXBYE": ("RESERVED", "break"),
"OVER": ("OP", "/"),
"AINT": ("RESERVED", "not"),
"ME": ("RESERVED", "self"),
"STRING": ("AUTOCALL", "str"),
"NUMBR": ("AUTOCALL", "int"),
"BIGNESS": ("AUTOCALL", "len"),
"NUMBRZ": ("AUTOCALL", "range"),
"ADDED": ("AUTOCALL", ".append"),
"ARGZ": ("INLINE", "_lol_sys.argv"),
"THINGZ": ("INLINE", "()"), # invisible tuple didn't sound right
"THING": ("INLINE", "()"), # sometimes it's better in singular form
"MY": ("INLINE", "self."),
"MYSELF": ("INLINE", "(self)"),
"EVEN": ("INLINE", "% 2 == 0"),
"ODD": ("INLINE", "% 2 == 1"),
"WIF": ("RESERVED", "with"),
}
def t_FLOAT(t):
r"""(?:\d+(?:\.\d*)?|\.\d+)(?:[eE][-+]? \d+)?"""
t.value = t.value
t.type = "NUMBER"
return t
def t_INT(t):
r"\d+"
t.type = "NUMBER"
return t
def t_INVISIBLE(t):
r"INVISIBLE([ ]+(LIST|STRING|BUCKET))?\b"
if "LIST" in t.value:
t.type = "INLINE"
t.value = "[]"
elif "STRING" in t.value:
t.type = "INLINE"
t.value = '""'
elif "BUCKET" in t.value:
t.type = "INLINE"
t.value = "{}"
else:
RESERVED(t, "None")
return t
# Not consuming the newline. Needed for "IZ EASTERBUNNY? BTW comment"
def t_COMMENT(t):
r"[ ]*(?:BTW|WTF)[^\n]*"
return t
def t_NAME(t):
r'[a-zA-Z_][a-zA-Z0-9_]*'
if t.value in RESERVED_VALUES:
type, value = RESERVED_VALUES[t.value]
t.type = type
t.value = value
if t.type == "AUTOCALL":
t.lexer.paren_stack.append(")")
return t
def t_WS(t):
r' [ ]+ '
if t.lexer.at_line_start and not t.lexer.paren_stack:
return t
# Don't generate newline tokens when inside of parens
def t_newline(t):
r'\n+'
t.lexer.lineno += len(t.value)
t.type = "NEWLINE"
if not t.lexer.paren_stack:
return t
def t_error(t):
raise SyntaxError("Unknown symbol %r" % (t.value[0],))
print "Skipping", repr(t.value[0])
t.lexer.skip(1)
## I implemented INDENT / DEDENT generation as a post-processing filter
# The original lex token stream contains WS and NEWLINE characters.
# WS will only occur before any other tokens on a line.
# I have three filters. One tags tokens by adding two attributes.
# "must_indent" is True if the token must be indented from the
# previous code. The other is "at_line_start" which is True for WS
# and the first non-WS/non-NEWLINE on a line. It flags the check so
# see if the new line has changed indication level.
# Python's syntax has three INDENT states
# 0) no colon hence no need to indent
# 1) "if 1: go()" - simple statements have a COLON but no need for an indent
# 2) "if 1:\n go()" - complex statements have a COLON NEWLINE and must indent
NO_INDENT = 0
MAY_INDENT = 1
MUST_INDENT = 2
# only care about whitespace at the start of a line
def track_tokens_filter(lexer, tokens):
lexer.at_line_start = at_line_start = True
indent = NO_INDENT
for token in tokens:
token.at_line_start = at_line_start
if token.type == "COLON":
at_line_start = False
indent = MAY_INDENT
token.must_indent = False
elif token.type == "NEWLINE":
at_line_start = True
if indent == MAY_INDENT:
indent = MUST_INDENT
token.must_indent = False
elif token.type == "WS":
assert token.at_line_start == True
at_line_start = True
token.must_indent = False
elif token.type == "COMMENT":
pass
else:
# A real token; only indent after COLON NEWLINE
if indent == MUST_INDENT:
token.must_indent = True
else:
token.must_indent = False
at_line_start = False
indent = NO_INDENT
yield token
lexer.at_line_start = at_line_start
def _new_token(type, lineno):
tok = lex.LexToken()
tok.type = type
tok.value = None
tok.lineno = lineno
tok.lexpos = -1
return tok
# Synthesize a DEDENT tag
def DEDENT(lineno):
return _new_token("DEDENT", lineno)
# Synthesize an INDENT tag
def INDENT(lineno):
return _new_token("INDENT", lineno)
# Track the indentation level and emit the right INDENT / DEDENT events.
def indentation_filter(tokens):
# A stack of indentation levels; will never pop item 0
levels = [0]
token = None
depth = 0
prev_was_ws = False
for token in tokens:
## if 1:
## print "Process", token,
## if token.at_line_start:
## print "at_line_start",
## if token.must_indent:
## print "must_indent",
## print
# WS only occurs at the start of the line
# There may be WS followed by NEWLINE so
# only track the depth here. Don't indent/dedent
# until there's something real.
if token.type == "WS":
assert depth == 0
depth = len(token.value)
prev_was_ws = True
# Don't forward WS to the parser
continue
if token.type == "NEWLINE":
depth = 0
if prev_was_ws or token.at_line_start:
# ignore blank lines
continue
# pass the other cases on through
yield token
continue
if token.type == "COMMENT":
yield token
continue
# then it must be a real token (not WS, not NEWLINE)
# which can affect the indentation level
prev_was_ws = False
if token.must_indent:
# The current depth must be larger than the previous level
if not (depth > levels[-1]):
raise IndentationError("expected an indented block")
levels.append(depth)
yield INDENT(token.lineno)
elif token.at_line_start:
# Must be on the same level or one of the previous levels
if depth == levels[-1]:
# At the same level
pass
elif depth > levels[-1]:
raise IndentationError("indentation increase but not in new block")
else:
# Back up; but only if it matches a previous level
try:
i = levels.index(depth)
except ValueError:
raise IndentationError("inconsistent indentation")
for _ in range(i+1, len(levels)):
yield DEDENT(token.lineno)
levels.pop()
yield token
### Finished processing ###
# Must dedent any remaining levels
if len(levels) > 1:
assert token is not None
for _ in range(1, len(levels)):
yield DEDENT(token.lineno)
# The top-level filter adds an ENDMARKER, if requested.
# Python's grammar uses it.
def token_filter(lexer, add_endmarker = True):
token = None
tokens = iter(lexer.token, None)
tokens = track_tokens_filter(lexer, tokens)
for token in indentation_filter(tokens):
yield token
if add_endmarker:
lineno = 1
if token is not None:
lineno = token.lineno
yield _new_token("ENDMARKER", lineno)
class LOLLexer(object):
def __init__(self, debug=0, optimize=0, lextab='lextab', reflags=0):
self.lexer = lex.lex(debug=debug, optimize=optimize,
lextab=lextab, reflags=reflags)
self.token_stream = None
def input(self, s, add_endmarker=True):
self.lexer.paren_stack = []
self.lexer.input(s)
self.token_stream = token_filter(self.lexer, add_endmarker)
def token(self):
try:
return self.token_stream.next()
except StopIteration:
return None
# Helper class to generate logically correct indented Python code
class IndentWriter(object):
def __init__(self, outfile):
self.outfile = outfile
self.at_first_column = True
self.indent = 0
def write(self, text):
if self.at_first_column:
self.outfile.write(" "*self.indent)
self.at_first_column = False
self.outfile.write(text)
# Split things up because the from __future__ statements must
# go before any other code.
HEADER = """# LOLPython to Python converter version 1.0
# Written by Andrew Dalke, who should have been working on better things.
"""
BODY = """
# sys is used for COMPLAIN and ARGZ
import sys as _lol_sys
"""
def to_python(s):
L = LOLLexer()
L.input(s)
header = StringIO()
header.write(HEADER)
header_output = IndentWriter(header)
body = StringIO()
body.write(BODY)
body_output = IndentWriter(body)
write = body_output.write
output = body_output
for t in iter(L.token_stream):
if t.type == "NAME":
# Need to escape names which are Python variables Do that
# by appending an "_". But then I also need to make sure
# that "yield_" does not collide with "yield". And you
# thought you were being clever trying to use a Python
# variable. :)
name = t.value.rstrip("_")
if name in keyword.kwlist:
write(t.value + "_ ")
else:
write(t.value + " ")
elif t.type in ("RESERVED", "OP", "NUMBER", "CLOSE"):
# While not pretty, I'll put a space after each
# term because it's the simplest solution. Otherwise
# I'll need to track the amount of whitespace between
# the tokens in the original text.
write(t.value+" ")
# XXX escape names which are special in Python!
elif t.type == "STRING":
write(repr(t.value) + " ")
elif t.type == "COMMENT":
# Not enough information to keep comments on the correct
# indentation level. This is good enough. Ugly though.
# Maybe I need to fix the tokenizer.
write("#"+ t.value[3:]+"\n")
output.at_first_column = True
elif t.type == "COLON":
write(":")
elif t.type == "INDENT":
output.indent += 1
pass
elif t.type == "DEDENT":
output.indent -= 1
pass
elif t.type == "NEWLINE":
write(t.value)
output.at_first_column = True
output = body_output
write = output.write
elif t.type == "PRINT":
if t.value == "stdout":
write("print ")
elif t.value == "stderr":
write("print >>_lol_sys.stderr, ")
else:
raise AssertionError(t.value)
elif t.type == "AUTOCALL":
write(t.value + "(")
elif t.type == "INLINE":
write(t.value)
elif t.type == "ENDMARKER":
write("\n# The end.\n")
elif t.type == "WS":
output.leading_ws = t.value
elif t.type == "FUTURE":
# Write to the header. This is a hack. Err, a hairball.
output = header_output
write = output.write
write("from __future__ import ")
else:
raise AssertionError(t.type)
return header.getvalue() + body.getvalue()
# API code for doing the translation and exec'ing the result
def execfile(infile, module_name="__lolmain__"):
"file, module_name -- exec the lolpython file in a newly created module"
if not hasattr(infile, "read"):
s = open(infile).read()
else:
s = infile.read()
return execstring(s, module_name)
def execstring(s, module_name="__lolmain__"):
"s, module_name -- exec the lolpython string in a newly created module"
python_s = to_python(s)
# Doing this bit of trickiness so I can have LOLPython code act
# like __main__. This fix is enough to fool unittest.
m = types.ModuleType(module_name)
sys.modules[module_name] = m
exec python_s in m.__dict__
return m
def convert_file(infile, outfile):
"read LOLPython code from infile, write converted Python code to outfile"
if not hasattr(outfile, "write"):
outfile = open(outfile, "w")
outfile.write(to_python(infile.read()))
def convert(filenames):
"convert LOLPython filenames into corresponding Python '.py' files"
if not filenames:
convert_file(sys.stdin, sys.stdout)
else:
for filename in filenames:
base, ext = os.path.splitext(filename)
convert_file(open(filename), open(base+".py", "w"))
def help():
print """convert and run a lolpython program
Commands are:
lolpython Read a lolpython program from stdin and execute it
lolpython --convert Convert a lolpython program from stdin
and generate python to stdout
lolpython --convert filename1 [filename....]
Convert a list of lolpython files into Python files
lolpython filename [arg1 [arg2 ...]]
Run a lolpython program using optional arguments
"""
def main(argv):
if len(argv) >= 2:
if argv[1] == "--convert":
convert(argv[2:])
return
if argv[1] == "--help":
help()
return
if argv[1] == "--version":
print __NAME__ + " " + __VERSION__
return
# otherwise, run the lolpython program
sys.argv = sys.argv[1:]
filename = sys.argv[0]
execfile(filename, "__main__")
else:
# commands from stdin
execfile(sys.stdin)
if __name__ == "__main__":
main(sys.argv)

Binary file not shown.

File diff suppressed because it is too large Load Diff

File diff suppressed because one or more lines are too long

View File

@@ -0,0 +1,330 @@
/*!
* Bootstrap Reboot v4.0.0 (https://getbootstrap.com)
* Copyright 2011-2018 The Bootstrap Authors
* Copyright 2011-2018 Twitter, Inc.
* Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE)
* Forked from Normalize.css, licensed MIT (https://github.com/necolas/normalize.css/blob/master/LICENSE.md)
*/
*,
*::before,
*::after {
box-sizing: border-box;
}
html {
font-family: sans-serif;
line-height: 1.15;
-webkit-text-size-adjust: 100%;
-ms-text-size-adjust: 100%;
-ms-overflow-style: scrollbar;
-webkit-tap-highlight-color: transparent;
}
@-ms-viewport {
width: device-width;
}
article, aside, dialog, figcaption, figure, footer, header, hgroup, main, nav, section {
display: block;
}
body {
margin: 0;
font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "Helvetica Neue", Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol";
font-size: 1rem;
font-weight: 400;
line-height: 1.5;
color: #212529;
text-align: left;
background-color: #fff;
}
[tabindex="-1"]:focus {
outline: 0 !important;
}
hr {
box-sizing: content-box;
height: 0;
overflow: visible;
}
h1, h2, h3, h4, h5, h6 {
margin-top: 0;
margin-bottom: 0.5rem;
}
p {
margin-top: 0;
margin-bottom: 1rem;
}
abbr[title],
abbr[data-original-title] {
text-decoration: underline;
-webkit-text-decoration: underline dotted;
text-decoration: underline dotted;
cursor: help;
border-bottom: 0;
}
address {
margin-bottom: 1rem;
font-style: normal;
line-height: inherit;
}
ol,
ul,
dl {
margin-top: 0;
margin-bottom: 1rem;
}
ol ol,
ul ul,
ol ul,
ul ol {
margin-bottom: 0;
}
dt {
font-weight: 700;
}
dd {
margin-bottom: .5rem;
margin-left: 0;
}
blockquote {
margin: 0 0 1rem;
}
dfn {
font-style: italic;
}
b,
strong {
font-weight: bolder;
}
small {
font-size: 80%;
}
sub,
sup {
position: relative;
font-size: 75%;
line-height: 0;
vertical-align: baseline;
}
sub {
bottom: -.25em;
}
sup {
top: -.5em;
}
a {
color: #007bff;
text-decoration: none;
background-color: transparent;
-webkit-text-decoration-skip: objects;
}
a:hover {
color: #0056b3;
text-decoration: underline;
}
a:not([href]):not([tabindex]) {
color: inherit;
text-decoration: none;
}
a:not([href]):not([tabindex]):hover, a:not([href]):not([tabindex]):focus {
color: inherit;
text-decoration: none;
}
a:not([href]):not([tabindex]):focus {
outline: 0;
}
pre,
code,
kbd,
samp {
font-family: monospace, monospace;
font-size: 1em;
}
pre {
margin-top: 0;
margin-bottom: 1rem;
overflow: auto;
-ms-overflow-style: scrollbar;
}
figure {
margin: 0 0 1rem;
}
img {
vertical-align: middle;
border-style: none;
}
svg:not(:root) {
overflow: hidden;
}
table {
border-collapse: collapse;
}
caption {
padding-top: 0.75rem;
padding-bottom: 0.75rem;
color: #6c757d;
text-align: left;
caption-side: bottom;
}
th {
text-align: inherit;
}
label {
display: inline-block;
margin-bottom: .5rem;
}
button {
border-radius: 0;
}
button:focus {
outline: 1px dotted;
outline: 5px auto -webkit-focus-ring-color;
}
input,
button,
select,
optgroup,
textarea {
margin: 0;
font-family: inherit;
font-size: inherit;
line-height: inherit;
}
button,
input {
overflow: visible;
}
button,
select {
text-transform: none;
}
button,
html [type="button"],
[type="reset"],
[type="submit"] {
-webkit-appearance: button;
}
button::-moz-focus-inner,
[type="button"]::-moz-focus-inner,
[type="reset"]::-moz-focus-inner,
[type="submit"]::-moz-focus-inner {
padding: 0;
border-style: none;
}
input[type="radio"],
input[type="checkbox"] {
box-sizing: border-box;
padding: 0;
}
input[type="date"],
input[type="time"],
input[type="datetime-local"],
input[type="month"] {
-webkit-appearance: listbox;
}
textarea {
overflow: auto;
resize: vertical;
}
fieldset {
min-width: 0;
padding: 0;
margin: 0;
border: 0;
}
legend {
display: block;
width: 100%;
max-width: 100%;
padding: 0;
margin-bottom: .5rem;
font-size: 1.5rem;
line-height: inherit;
color: inherit;
white-space: normal;
}
progress {
vertical-align: baseline;
}
[type="number"]::-webkit-inner-spin-button,
[type="number"]::-webkit-outer-spin-button {
height: auto;
}
[type="search"] {
outline-offset: -2px;
-webkit-appearance: none;
}
[type="search"]::-webkit-search-cancel-button,
[type="search"]::-webkit-search-decoration {
-webkit-appearance: none;
}
::-webkit-file-upload-button {
font: inherit;
-webkit-appearance: button;
}
output {
display: inline-block;
}
summary {
display: list-item;
cursor: pointer;
}
template {
display: none;
}
[hidden] {
display: none !important;
}
/*# sourceMappingURL=bootstrap-reboot.css.map */

View File

@@ -0,0 +1,8 @@
/*!
* Bootstrap Reboot v4.0.0 (https://getbootstrap.com)
* Copyright 2011-2018 The Bootstrap Authors
* Copyright 2011-2018 Twitter, Inc.
* Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE)
* Forked from Normalize.css, licensed MIT (https://github.com/necolas/normalize.css/blob/master/LICENSE.md)
*/*,::after,::before{box-sizing:border-box}html{font-family:sans-serif;line-height:1.15;-webkit-text-size-adjust:100%;-ms-text-size-adjust:100%;-ms-overflow-style:scrollbar;-webkit-tap-highlight-color:transparent}@-ms-viewport{width:device-width}article,aside,dialog,figcaption,figure,footer,header,hgroup,main,nav,section{display:block}body{margin:0;font-family:-apple-system,BlinkMacSystemFont,"Segoe UI",Roboto,"Helvetica Neue",Arial,sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol";font-size:1rem;font-weight:400;line-height:1.5;color:#212529;text-align:left;background-color:#fff}[tabindex="-1"]:focus{outline:0!important}hr{box-sizing:content-box;height:0;overflow:visible}h1,h2,h3,h4,h5,h6{margin-top:0;margin-bottom:.5rem}p{margin-top:0;margin-bottom:1rem}abbr[data-original-title],abbr[title]{text-decoration:underline;-webkit-text-decoration:underline dotted;text-decoration:underline dotted;cursor:help;border-bottom:0}address{margin-bottom:1rem;font-style:normal;line-height:inherit}dl,ol,ul{margin-top:0;margin-bottom:1rem}ol ol,ol ul,ul ol,ul ul{margin-bottom:0}dt{font-weight:700}dd{margin-bottom:.5rem;margin-left:0}blockquote{margin:0 0 1rem}dfn{font-style:italic}b,strong{font-weight:bolder}small{font-size:80%}sub,sup{position:relative;font-size:75%;line-height:0;vertical-align:baseline}sub{bottom:-.25em}sup{top:-.5em}a{color:#007bff;text-decoration:none;background-color:transparent;-webkit-text-decoration-skip:objects}a:hover{color:#0056b3;text-decoration:underline}a:not([href]):not([tabindex]){color:inherit;text-decoration:none}a:not([href]):not([tabindex]):focus,a:not([href]):not([tabindex]):hover{color:inherit;text-decoration:none}a:not([href]):not([tabindex]):focus{outline:0}code,kbd,pre,samp{font-family:monospace,monospace;font-size:1em}pre{margin-top:0;margin-bottom:1rem;overflow:auto;-ms-overflow-style:scrollbar}figure{margin:0 0 1rem}img{vertical-align:middle;border-style:none}svg:not(:root){overflow:hidden}table{border-collapse:collapse}caption{padding-top:.75rem;padding-bottom:.75rem;color:#6c757d;text-align:left;caption-side:bottom}th{text-align:inherit}label{display:inline-block;margin-bottom:.5rem}button{border-radius:0}button:focus{outline:1px dotted;outline:5px auto -webkit-focus-ring-color}button,input,optgroup,select,textarea{margin:0;font-family:inherit;font-size:inherit;line-height:inherit}button,input{overflow:visible}button,select{text-transform:none}[type=reset],[type=submit],button,html [type=button]{-webkit-appearance:button}[type=button]::-moz-focus-inner,[type=reset]::-moz-focus-inner,[type=submit]::-moz-focus-inner,button::-moz-focus-inner{padding:0;border-style:none}input[type=checkbox],input[type=radio]{box-sizing:border-box;padding:0}input[type=date],input[type=datetime-local],input[type=month],input[type=time]{-webkit-appearance:listbox}textarea{overflow:auto;resize:vertical}fieldset{min-width:0;padding:0;margin:0;border:0}legend{display:block;width:100%;max-width:100%;padding:0;margin-bottom:.5rem;font-size:1.5rem;line-height:inherit;color:inherit;white-space:normal}progress{vertical-align:baseline}[type=number]::-webkit-inner-spin-button,[type=number]::-webkit-outer-spin-button{height:auto}[type=search]{outline-offset:-2px;-webkit-appearance:none}[type=search]::-webkit-search-cancel-button,[type=search]::-webkit-search-decoration{-webkit-appearance:none}::-webkit-file-upload-button{font:inherit;-webkit-appearance:button}output{display:inline-block}summary{display:list-item;cursor:pointer}template{display:none}[hidden]{display:none!important}
/*# sourceMappingURL=bootstrap-reboot.min.css.map */

File diff suppressed because it is too large Load Diff

File diff suppressed because one or more lines are too long

View File

@@ -0,0 +1,66 @@
.container.custom-container {
padding: 0 50px;
}
.jumbotron {
font-family: Arial;
background-color: #000;
color: #fff;
}
.container {
font-family: Arial;
background-color: #000;
color: #fff;
}
body {
font-family: Arial;
background-color: #000;
color: #fff;
}
main {
font-family: "Source Sans Pro", Verdana, Geneva, Tahoma, sans-serif;
font-weight: 300;
max-width: 720px;
margin: 10px auto;
background-color: #111;
box-sizing: border-box;
padding: 10px 32px;
}
textarea {
width: 100%;
height: 200px;
font-family: Consolas, "Courier New", Courier, monospace;
line-height: 1.2em;
padding: 8px;
box-sizing: border-box;
font-size: 0.9em;
border: 1px solid #fff;
background-color: #000;
color: #fff;
}
p {
display: block;
margin-block-start: 1em;
margin-block-end: 1em;
margin-inline-start: 0px;
margin-inline-end: 0px;
}
input[type="button"] {
background-color: #600;
color: #fff;
font-weight: bold;
border: 3px solid #000;
font-size: 140%;
border-radius: 8px;
margin: 8px auto;
}

View File

@@ -0,0 +1,24 @@
<div class="jumbotron">
<div class="container custom-container">
<h1>LOLPython</h1>
<p>You finally landed on the mainframe and are soooo close to hack the world! But what is this? A <a href="http://www.dalkescientific.com/writings/diary/archive/2007/06/01/lolpython.html">LOLPython</a> interpreter in production?
Googling quickly reveals: Thats <a href="https://esolangs.org/wiki/Language_list">one of many esolangs</a> with hacker and l33t speak. Sounds cool, right?</p>
<p>Though, to solve this challenge, you have to take it to the next level: Not only code a program in this weird language, but escape the interpreter and execute the final payload. Go exploit it!</p>
</div>
</div>
<div class="container">
<main role="main">
<form>
<p>Type your LOLPython code here. We'll execute your file and you'll get the result</p>
<textarea placeholder="VISIBLE 'HAI WORLD!'" id="in">
</textarea>
<input type="button" value="Transpile and Run!" id="rock-button" onclick="transpile();">
<br>
<p>Output:</p>
<textarea id="output"></textarea>
</form>
</main>
</div>
<br><br>

View File

@@ -0,0 +1,58 @@
<?php
session_start();
function generateRandomString($length = 24)
{
$characters = '0123456789abcdefghijklmnopqrstuvwxyz';
$charactersLength = strlen($characters);
$randomString = '';
for ($i = 0; $i < $length; $i++) {
$randomString .= $characters[rand(0, $charactersLength - 1)];
}
return $randomString;
}
if (!isset($_SESSION['userid'])) {
$_SESSION['userid'] = generateRandomString();
}
?>
<!doctype html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
<meta name="description" content="">
<meta name="author" content="">
<link rel="icon" href="favicon.ico">
<title>LOLPython Transpiler Service</title>
<!-- Bootstrap core CSS -->
<link href="css/bootstrap.min.css" rel="stylesheet">
<link href="css/custom.css" rel="stylesheet">
</head>
<body>
<!-- Main jumbotron for a primary marketing message or call to action -->
<?php include("form.php") ?>
<footer class="container">
<p>&copy; LOLPython Transpiler Service 2024</p>
</footer>
<!-- Bootstrap core JavaScript
================================================== -->
<!-- Placed at the end of the document so the pages load faster -->
<script
src="https://code.jquery.com/jquery-3.5.1.min.js"
integrity="sha256-9/aliU8dGd2tb6OSsuzixeV4y/faTqgFtohetphbbj0="
crossorigin="anonymous"></script>
<script src="js/vendor/popper.min.js"></script>
<script src="js/bootstrap.min.js"></script>
<script src="js/rockstar.js"></script>
</body>
</html>

File diff suppressed because it is too large Load Diff

File diff suppressed because one or more lines are too long

File diff suppressed because it is too large Load Diff

File diff suppressed because one or more lines are too long

View File

@@ -0,0 +1,13 @@
function transpile() {
var data = {"code": document.getElementById("in").value};
console.log(data);
$.post({
url: "transpile.php",
data: JSON.stringify(data)
}).done(function( data ) {
var json_data = JSON.parse(data)
document.getElementById("output").value = json_data["result"];
});
}

View File

@@ -0,0 +1,18 @@
<?php
$input = json_decode(file_get_contents('php://input'), true);
if (!isset($input["code"])) {
echo json_encode(array("error" => "no input data"));
die();
}
$tmpfname = tempnam("/tmp", "lolpython_prog_");
$handle = fopen($tmpfname, "w");
fwrite($handle, $input["code"]);
fclose($handle);
$stdout = shell_exec("python2 /opt/lolcode.py $tmpfname");
echo(json_encode(array("result" => $stdout)));
?>

BIN
cscg24/rev/.DS_Store vendored Normal file

Binary file not shown.

View File

@@ -0,0 +1,17 @@
# run via docker compose :)
FROM ubuntu:22.04
RUN apt-get update
RUN apt-get -y install socat
RUN useradd -d /home/ctf/ -m -p ctf -s /bin/bash ctf
RUN echo "ctf:ctf" | chpasswd
WORKDIR /home/ctf
COPY rev1 .
COPY flag.txt .
USER ctf
CMD socat -ddd TCP4-LISTEN:1024,fork,reuseaddr exec:./rev1,pty,echo=0,raw,iexten=0

Binary file not shown.

Binary file not shown.

View File

@@ -0,0 +1 @@
CSCG{testflag}

Binary file not shown.

BIN
cscg24/rev/intro_rev_1/rev1 Executable file

Binary file not shown.

View File

@@ -0,0 +1,18 @@
# run via docker compose :)
FROM ubuntu:22.04
RUN apt-get update
RUN apt-get -y install socat
RUN useradd -d /home/ctf/ -m -p ctf -s /bin/bash ctf
RUN echo "ctf:ctf" | chpasswd
WORKDIR /home/ctf
COPY rev2 .
COPY flag.txt .
USER ctf
CMD socat -ddd TCP4-LISTEN:1024,fork,reuseaddr exec:./rev2,pty,echo=0,raw,iexten=0

View File

@@ -0,0 +1,9 @@
encoded_passwd = b"\x02\xea\x02\xe8\xfc\xfd\xbd\xfd\xf2\xec\xe8\xfd\xfb\xea\xf7\xfc\xef\xb9\xfb\xf6\xea\xfd\xf2\xf8\xf7\x00"
def decode(char: int):
return char + 0x77
for char in encoded_passwd:
print(chr(decode(char)), end="")

View File

@@ -0,0 +1 @@
CSCG{testflag}

BIN
cscg24/rev/intro_rev_2/rev2 Executable file

Binary file not shown.

View File

@@ -0,0 +1,6 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<session>
<sessionId>1709342352801</sessionId>
<sessionName>Untitled Session</sessionName>
<sessionDesc/>
</session>

Binary file not shown.

Binary file not shown.

View File

@@ -0,0 +1,5 @@
#HSQL Database Engine 2.7.2
#Sat Mar 02 02:25:05 CET 2024
tx_timestamp=1712
modified=no
version=2.7.2

View File

@@ -0,0 +1,118 @@
SET DATABASE UNIQUE NAME HSQLDB379AF3DEBD
SET DATABASE DEFAULT RESULT MEMORY ROWS 0
SET DATABASE EVENT LOG LEVEL 0
SET DATABASE TRANSACTION CONTROL LOCKS
SET DATABASE DEFAULT ISOLATION LEVEL READ COMMITTED
SET DATABASE TRANSACTION ROLLBACK ON CONFLICT TRUE
SET DATABASE TEXT TABLE DEFAULTS ''
SET DATABASE SQL NAMES FALSE
SET DATABASE SQL RESTRICT EXEC FALSE
SET DATABASE SQL REFERENCES FALSE
SET DATABASE SQL SIZE TRUE
SET DATABASE SQL TYPES FALSE
SET DATABASE SQL TDC DELETE TRUE
SET DATABASE SQL TDC UPDATE TRUE
SET DATABASE SQL SYS INDEX NAMES FALSE
SET DATABASE SQL CONCAT NULLS TRUE
SET DATABASE SQL UNIQUE NULLS TRUE
SET DATABASE SQL CONVERT TRUNCATE TRUE
SET DATABASE SQL AVG SCALE 0
SET DATABASE SQL DOUBLE NAN TRUE
SET FILES WRITE DELAY 20 MILLIS
SET FILES BACKUP INCREMENT TRUE
SET FILES CACHE SIZE 32000
SET FILES CACHE ROWS 50000
SET FILES SCALE 64
SET FILES LOB SCALE 32
SET FILES DEFRAG 0
SET FILES NIO TRUE
SET FILES NIO SIZE 256
SET FILES LOG TRUE
SET FILES LOG SIZE 50
SET FILES CHECK 1712
SET DATABASE COLLATION "SQL_TEXT" PAD SPACE
CREATE USER SA PASSWORD DIGEST 'd41d8cd98f00b204e9800998ecf8427e'
ALTER USER SA SET LOCAL TRUE
CREATE SCHEMA PUBLIC AUTHORIZATION DBA
CREATE CACHED TABLE PUBLIC.HISTORY(HISTORYID INTEGER GENERATED BY DEFAULT AS IDENTITY(START WITH 1) NOT NULL PRIMARY KEY,SESSIONID BIGINT NOT NULL,HISTTYPE INTEGER DEFAULT 1,STATUSCODE INTEGER DEFAULT 0,TIMESENTMILLIS BIGINT DEFAULT 0,TIMEELAPSEDMILLIS INTEGER DEFAULT 0,METHOD VARCHAR(1024) DEFAULT '',URI VARCHAR(1048576) DEFAULT '',REQHEADER VARCHAR(4194304) DEFAULT '',REQBODY VARBINARY(16777216) DEFAULT X'',RESHEADER VARCHAR(4194304) DEFAULT '',RESBODY VARBINARY(16777216) DEFAULT X'',TAG VARCHAR(32768) DEFAULT '',NOTE VARCHAR(1048576) DEFAULT '',RESPONSEFROMTARGETHOST BOOLEAN DEFAULT FALSE)
ALTER TABLE PUBLIC.HISTORY ALTER COLUMN HISTORYID RESTART WITH 3
CREATE INDEX HISTORY_INDEX ON PUBLIC.HISTORY(URI,METHOD,REQBODY,SESSIONID,HISTTYPE,HISTORYID,STATUSCODE)
CREATE INDEX INDEX_HISTORY_HISTTYPE ON PUBLIC.HISTORY(HISTTYPE)
CREATE INDEX INDEX_HISTORY_SESSIONID ON PUBLIC.HISTORY(SESSIONID)
CREATE CACHED TABLE PUBLIC.SESSION(SESSIONID BIGINT NOT NULL PRIMARY KEY,SESSIONNAME VARCHAR(32768) DEFAULT '',LASTACCESS TIMESTAMP DEFAULT LOCALTIMESTAMP NOT NULL)
CREATE CACHED TABLE PUBLIC.ALERT(ALERTID INTEGER GENERATED BY DEFAULT AS IDENTITY(START WITH 0) NOT NULL PRIMARY KEY,SCANID INTEGER NOT NULL,PLUGINID INTEGER DEFAULT 0,ALERT VARCHAR(16777216) DEFAULT '',RISK INTEGER DEFAULT 0,RELIABILITY INTEGER DEFAULT 1,DESCRIPTION VARCHAR(16777216) DEFAULT '',URI VARCHAR(1048576) DEFAULT '',PARAM VARCHAR(32768) DEFAULT '',OTHERINFO VARCHAR(16777216) DEFAULT '',SOLUTION VARCHAR(16777216) DEFAULT '',REFERENCE VARCHAR(16777216) DEFAULT '',HISTORYID INTEGER,SOURCEHISTORYID INTEGER DEFAULT 0,ATTACK VARCHAR(32768) DEFAULT '',EVIDENCE VARCHAR(16777216) DEFAULT '',CWEID INTEGER DEFAULT -1,WASCID INTEGER DEFAULT -1,SOURCEID INTEGER DEFAULT 0,INPUT_VECTOR VARCHAR(256) DEFAULT '',ALERTREF VARCHAR(256) DEFAULT '')
ALTER TABLE PUBLIC.ALERT ALTER COLUMN ALERTID RESTART WITH 7
CREATE INDEX ALERT_INDEX ON PUBLIC.ALERT(SOURCEHISTORYID)
CREATE INDEX INDEX_ALERT_SOURCEID ON PUBLIC.ALERT(SOURCEID)
CREATE CACHED TABLE PUBLIC.SCAN(SCANID INTEGER GENERATED BY DEFAULT AS IDENTITY(START WITH 0) NOT NULL PRIMARY KEY,SESSIONID BIGINT NOT NULL,SCANNAME VARCHAR(32768) DEFAULT '',SCANTIME TIMESTAMP DEFAULT LOCALTIMESTAMP NOT NULL)
ALTER TABLE PUBLIC.SCAN ALTER COLUMN SCANID RESTART WITH 0
CREATE CACHED TABLE PUBLIC.CONTEXT_DATA(DATAID BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 1) NOT NULL,CONTEXTID INTEGER NOT NULL,TYPE INTEGER NOT NULL,DATA VARCHAR(1048576) DEFAULT '')
ALTER TABLE PUBLIC.CONTEXT_DATA ALTER COLUMN DATAID RESTART WITH 52
CREATE INDEX INDEX_CONTEXT_DATA_CONTEXTID ON PUBLIC.CONTEXT_DATA(CONTEXTID)
CREATE INDEX INDEX_CONTEXT_DATA_TYPE ON PUBLIC.CONTEXT_DATA(TYPE)
CREATE CACHED TABLE PUBLIC.PARAM(PARAMID BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 1) NOT NULL,SITE VARCHAR(32768) NOT NULL,TYPE VARCHAR(32768) NOT NULL,NAME VARCHAR(32768) NOT NULL,USED INTEGER NOT NULL,FLAGS VARCHAR(32768) NOT NULL,VALS VARCHAR(8388608) NOT NULL)
ALTER TABLE PUBLIC.PARAM ALTER COLUMN PARAMID RESTART WITH 11
CREATE CACHED TABLE PUBLIC.SESSION_URL(URLID BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 1) NOT NULL,TYPE INTEGER NOT NULL,URL VARCHAR(8192) DEFAULT '')
ALTER TABLE PUBLIC.SESSION_URL ALTER COLUMN URLID RESTART WITH 1
CREATE INDEX INDEX_SESSION_URL_TYPE_AND_URL ON PUBLIC.SESSION_URL(TYPE,URL)
CREATE CACHED TABLE PUBLIC.TAG(TAGID BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 1) NOT NULL,HISTORYID BIGINT NOT NULL,TAG VARCHAR(1024) DEFAULT '')
ALTER TABLE PUBLIC.TAG ALTER COLUMN TAGID RESTART WITH 3
CREATE INDEX INDEX_TAG_HISTORYID_TAG ON PUBLIC.TAG(HISTORYID,TAG)
CREATE CACHED TABLE PUBLIC.ALERT_TAG(TAG_ID BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 1) NOT NULL PRIMARY KEY,ALERT_ID BIGINT NOT NULL,KEY VARCHAR(1024) DEFAULT '' NOT NULL,VALUE VARCHAR(4000) DEFAULT '' NOT NULL)
ALTER TABLE PUBLIC.ALERT_TAG ALTER COLUMN TAG_ID RESTART WITH 17
CREATE INDEX ALERT_ID_INDEX ON PUBLIC.ALERT_TAG(ALERT_ID)
CREATE CACHED TABLE PUBLIC.STRUCTURE(STRUCTUREID BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 1) NOT NULL,SESSIONID BIGINT NOT NULL,PARENTID BIGINT NOT NULL,HISTORYID INTEGER,NAME VARCHAR(8192) NOT NULL,NAMEHASH BIGINT NOT NULL,URL VARCHAR(8192) NOT NULL,METHOD VARCHAR(10) NOT NULL)
ALTER TABLE PUBLIC.STRUCTURE ALTER COLUMN STRUCTUREID RESTART WITH 1
CREATE CACHED TABLE PUBLIC.WEBSOCKET_CHANNEL(CHANNEL_ID BIGINT PRIMARY KEY,HOST VARCHAR(255) NOT NULL,PORT INTEGER NOT NULL,URL VARCHAR(1048576) NOT NULL,START_TIMESTAMP TIMESTAMP NOT NULL,END_TIMESTAMP TIMESTAMP,HISTORY_ID INTEGER,FOREIGN KEY(HISTORY_ID) REFERENCES PUBLIC.HISTORY(HISTORYID) ON DELETE SET NULL ON UPDATE SET NULL)
CREATE CACHED TABLE PUBLIC.WEBSOCKET_MESSAGE(MESSAGE_ID BIGINT NOT NULL,CHANNEL_ID BIGINT NOT NULL,TIMESTAMP TIMESTAMP NOT NULL,OPCODE TINYINT NOT NULL,PAYLOAD_UTF8 CLOB(16M),PAYLOAD_BYTES BLOB(16M),PAYLOAD_LENGTH BIGINT NOT NULL,IS_OUTGOING BOOLEAN NOT NULL,PRIMARY KEY(MESSAGE_ID,CHANNEL_ID),FOREIGN KEY(CHANNEL_ID) REFERENCES PUBLIC.WEBSOCKET_CHANNEL(CHANNEL_ID),CONSTRAINT WEBSOCKET_MESSAGE_PAYLOAD CHECK((PUBLIC.WEBSOCKET_MESSAGE.PAYLOAD_UTF8 IS NOT NULL) OR (PUBLIC.WEBSOCKET_MESSAGE.PAYLOAD_BYTES IS NOT NULL)))
CREATE CACHED TABLE PUBLIC.WEBSOCKET_MESSAGE_FUZZ(FUZZ_ID BIGINT NOT NULL,MESSAGE_ID BIGINT NOT NULL,CHANNEL_ID BIGINT NOT NULL,STATE VARCHAR(50) NOT NULL,FUZZ VARCHAR(16777216) NOT NULL,PRIMARY KEY(FUZZ_ID,MESSAGE_ID,CHANNEL_ID),FOREIGN KEY(MESSAGE_ID,CHANNEL_ID) REFERENCES PUBLIC.WEBSOCKET_MESSAGE(MESSAGE_ID,CHANNEL_ID) ON DELETE CASCADE)
CREATE CACHED TABLE PUBLIC.SOAP_WSDL(WSDL_ID INTEGER NOT NULL,SOAP_ACTION VARCHAR(4000) NOT NULL,PRIMARY KEY(WSDL_ID,SOAP_ACTION))
CREATE CACHED TABLE PUBLIC.OPENAPI_SPECS(ID INTEGER GENERATED BY DEFAULT AS IDENTITY(START WITH 0) NOT NULL PRIMARY KEY,DEFINITION CLOB(64M) NOT NULL,TARGET VARCHAR(2048),SESSION_ID BIGINT NOT NULL,CONTEXT_ID INTEGER NOT NULL)
ALTER TABLE PUBLIC.OPENAPI_SPECS ALTER COLUMN ID RESTART WITH 0
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 15
SET DATABASE DEFAULT INITIAL SCHEMA PUBLIC
SET TABLE PUBLIC.HISTORY INDEX '105 105 105 105 0 0 0 0 1'
SET TABLE PUBLIC.SESSION INDEX '104 0 1'
SET TABLE PUBLIC.ALERT INDEX '369 369 369 0 0 0 7'
SET TABLE PUBLIC.CONTEXT_DATA INDEX '63 63 63 0 0 0 51'
SET TABLE PUBLIC.PARAM INDEX '483 0 10'
SET TABLE PUBLIC.TAG INDEX '475 475 0 0 2'
SET TABLE PUBLIC.ALERT_TAG INDEX '386 386 0 0 16'
SET TABLE PUBLIC.WEBSOCKET_CHANNEL INDEX '536 536 0 0 1'
SET TABLE PUBLIC.WEBSOCKET_MESSAGE INDEX '522 522 0 0 14'
GRANT USAGE ON DOMAIN INFORMATION_SCHEMA.CARDINAL_NUMBER TO PUBLIC
GRANT USAGE ON DOMAIN INFORMATION_SCHEMA.YES_OR_NO TO PUBLIC
GRANT USAGE ON DOMAIN INFORMATION_SCHEMA.CHARACTER_DATA TO PUBLIC
GRANT USAGE ON DOMAIN INFORMATION_SCHEMA.SQL_IDENTIFIER TO PUBLIC
GRANT USAGE ON DOMAIN INFORMATION_SCHEMA.TIME_STAMP TO PUBLIC
GRANT DBA TO SA
SET SCHEMA SYSTEM_LOBS
INSERT INTO BLOCKS VALUES(14,2147483633,0)
INSERT INTO LOBS VALUES(0,1,0,1)
INSERT INTO LOBS VALUES(1,1,0,2)
INSERT INTO LOBS VALUES(2,1,0,3)
INSERT INTO LOBS VALUES(3,1,0,4)
INSERT INTO LOBS VALUES(4,1,0,5)
INSERT INTO LOBS VALUES(5,1,0,6)
INSERT INTO LOBS VALUES(6,1,0,7)
INSERT INTO LOBS VALUES(7,1,0,8)
INSERT INTO LOBS VALUES(8,1,0,9)
INSERT INTO LOBS VALUES(9,1,0,10)
INSERT INTO LOBS VALUES(10,1,0,11)
INSERT INTO LOBS VALUES(11,1,0,12)
INSERT INTO LOBS VALUES(12,1,0,13)
INSERT INTO LOBS VALUES(13,1,0,14)
INSERT INTO LOB_IDS VALUES(1,64,1,40)
INSERT INTO LOB_IDS VALUES(2,64,1,40)
INSERT INTO LOB_IDS VALUES(3,64,1,40)
INSERT INTO LOB_IDS VALUES(4,64,1,40)
INSERT INTO LOB_IDS VALUES(5,64,1,40)
INSERT INTO LOB_IDS VALUES(6,64,1,40)
INSERT INTO LOB_IDS VALUES(7,64,1,40)
INSERT INTO LOB_IDS VALUES(8,64,1,40)
INSERT INTO LOB_IDS VALUES(9,64,1,40)
INSERT INTO LOB_IDS VALUES(10,64,1,40)
INSERT INTO LOB_IDS VALUES(11,64,1,40)
INSERT INTO LOB_IDS VALUES(12,64,1,40)
INSERT INTO LOB_IDS VALUES(13,64,1,40)
INSERT INTO LOB_IDS VALUES(14,64,1,40)

View File

@@ -0,0 +1,13 @@
### 1. Part
After doing Inspect Element on the grayed out text I found a part of the flag: CSCG{ImgAvH8w5
### 2. Part
Inspecting the timer funtion and running it yields the second Part of the flag 1a7364a71
### 3. Part
With the help of ZAP we get the third part of the flag from the response header VdGb98br}
Full flag: CSCG{ImgAvH8w51a7364a71VdGb98br}

View File

@@ -0,0 +1,29 @@
-----BEGIN CERTIFICATE-----
MIIE6DCCA9CgAwIBAgIEOe+YWDANBgkqhkiG9w0BAQsFADB1MSEwHwYDVQQDDBha
ZWQgQXR0YWNrIFByb3h5IFJvb3QgQ0ExFzAVBgNVBAcMDjJlN2I1OTVlN2M3MDhm
MRQwEgYDVQQKDAtaQVAgUm9vdCBDQTEUMBIGA1UECwwLWkFQIFJvb3QgQ0ExCzAJ
BgNVBAYTAnh4MB4XDTI0MDMwMjAxMTg1N1oXDTI1MDMwMjAxMTg1N1owdTEhMB8G
A1UEAwwYWmVkIEF0dGFjayBQcm94eSBSb290IENBMRcwFQYDVQQHDA4yZTdiNTk1
ZTdjNzA4ZjEUMBIGA1UECgwLWkFQIFJvb3QgQ0ExFDASBgNVBAsMC1pBUCBSb290
IENBMQswCQYDVQQGEwJ4eDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
AJtWBExIk7Xi2fqEaC0seiBqwk2HP3WIBflifDL4ESHkLYHCcFzMyGvAZi5hM0xW
U4I6Ap0CxxbtQ/8XhomPlOMGUAIVVnv2ecdFzjbPTgRRj8cwGEaO1Ipj+NHC+4Ix
BdBlN2rA5KjPJWh9PxZevYEsmqGJvdMH0wvkiWEKwgwjTkc01WiVylEKrbIIZuxa
oRetca+19M+3rzgv+4wzAiGIDWw/pLQRXWdCUJiUMlQPhsDD4iD7a6NUhPZnqwbz
qTRyOiP3wvermpXuY591H3h+8V4a9tZu4PBNu6anzgSYz3kO3G9hen2hRUFXz3tp
6HPiRd8oRLAN6dKS9LbpqnMCAwEAAaOCAX4wggF6MIIBMwYDVR0OBIIBKgSCASYw
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCbVgRMSJO14tn6hGgtLHog
asJNhz91iAX5Ynwy+BEh5C2BwnBczMhrwGYuYTNMVlOCOgKdAscW7UP/F4aJj5Tj
BlACFVZ79nnHRc42z04EUY/HMBhGjtSKY/jRwvuCMQXQZTdqwOSozyVofT8WXr2B
LJqhib3TB9ML5IlhCsIMI05HNNVolcpRCq2yCGbsWqEXrXGvtfTPt684L/uMMwIh
iA1sP6S0EV1nQlCYlDJUD4bAw+Ig+2ujVIT2Z6sG86k0cjoj98L3q5qV7mOfdR94
fvFeGvbWbuDwTbump84EmM95DtxvYXp9oUVBV897aehz4kXfKESwDenSkvS26apz
AgMBAAEwDwYDVR0TAQH/BAUwAwEB/zALBgNVHQ8EBAMCAbYwIwYDVR0lBBwwGgYI
KwYBBQUHAwEGCCsGAQUFBwMCBgRVHSUAMA0GCSqGSIb3DQEBCwUAA4IBAQCIi/KG
HKQmpguOx+Lyf0AYSx1P6+eW2O5TjnLULLuws47Cz6m9WSTYTXu+UW4Qvo3CKfA2
nOK/Cp7cayKvZMzda+agoE2sal4lPMvQaLNZyYDanHGbIiuZT67bI6FpgrxzUmLc
wH8gu0El1GZlk+bM4ISH2C+gUABUVhOAvy/7QjsSFzgD0OUG7YsrSU7JrAwf8qzs
QtFpUycagIIFAsVt8d6j8rVxmcUHX/XJqWGDg9zeJSLNhNyRnogDOfkxVON2t/Gh
usTh5l604OG39R5Xkyk3DxPe7Te6LdFVKJqrWlFoiiEN2ZxrM3tcr+6zRDR76n7z
w/t/wLHtAyYo/ND3
-----END CERTIFICATE-----