Chall type separation

_examples/README.md

@@ -13,7 +13,9 @@
 * [PHP Web challenge](./web-php)
 * [PHP Web challenge with MySQL](./web-php-mysql)
 * [Challenge with Static files only](./static-chall)
-* [Xinted Service challenge](./xinetd-service)
+* [Xinted Service challenge with custom xinetd config](./xinetd-service)
+* [Service challenge with auto-generated xinetd config](./service)
+* [A bare challenge using docker](./bare-docker)
 
 To test any of the above challenges, cd to \_example directory and use the below command:
 

_examples/docker-type/beast.toml → _examples/bare-docker/beast.toml

@@ -6,7 +6,7 @@ ssh_key = "ssh-rsa AAAAB3NzaC1y"
 [challenge.metadata]
 name = "docker-type"
 flag = "FLAG{r3GEx_i5_3vi1!!}"
-type = "docker"
+type = "bare"
 points = 200
 
 [[challenge.metadata.hints]]

_examples/service/beast.toml

@@ -0,0 +1,26 @@
+[author]
+name = "fristonio"
+email = "[email protected]"
+ssh_key = "ssh-rsa AAAAB3NzaC1y"
+
+[challenge.metadata]
+name = "service"
+flag = "CTF{sample_flag}"
+type = "service"
+points = 100
+max_attempt_limit=10
+
+[[challenge.metadata.hints]]
+text = "simple_hint_1"
+points = 10
+
+[[challenge.metadata.hints]]
+text = "simple_hint_2"
+points = 20
+
+
+[challenge.env]
+apt_deps = ["gcc", "socat"]
+setup_scripts = ["setup.sh"]
+service_path = "pwn"
+ports = [10004]

_examples/service/pwn_me.c

@@ -0,0 +1,29 @@
+#include <stdio.h>
+#include <unistd.h>
+
+int sample()
+{	FILE *ptr_file;
+	char buf[100];
+
+	ptr_file = fopen("flag.txt","r");
+	if (!ptr_file)
+		return 1;
+
+	while (fgets(buf,100, ptr_file)!=NULL)
+		fprintf(stderr, "%s",buf);
+	fclose(ptr_file);
+	return 0;
+}
+
+void test()
+{	char input[50];
+	printf("Please enter your name: ");
+	gets(input);
+	sleep(1);
+	fprintf(stderr, "ECHO: %s\n",input); 
+}
+
+int main()
+{	test();
+	return 0;
+}

_examples/service/setup.sh

@@ -0,0 +1,3 @@
+set -e
+
+gcc -o pwn pwn_me.c

_examples/static-chall/beast.toml

@@ -20,3 +20,6 @@ points = 20
 maxPoints = 100
 minPoints = 50
 tags = ["easy", "web"]
+
+[challenge.env]
+static_dir = "static"

_examples/xinetd-service/beast.toml

@@ -1,13 +1,13 @@
 [author]
-name = "fristonio"
-email = "contact+fristonio@sdslabs.co.in"
+name = "contact"
+email = "[email protected]"
 ssh_key = "ssh-rsa AAAAB3NzaC1y"
 
 [challenge.metadata]
 name = "xinetd-service"
-flag = "CTF{sample_flag}"
+flag = "CTF{not_the_flag}"
 type = "service"
-points = 100
+points = 500
 max_attempt_limit=10
 
 [[challenge.metadata.hints]]
@@ -25,5 +25,6 @@ preReqs = ["simple", "web-php"]
 [challenge.env]
 apt_deps = ["gcc", "socat"]
 setup_scripts = ["setup.sh"]
+xinetd_config = "ctf.xinetd"
 service_path = "pwn"
 ports = [10003]

_examples/xinetd-service/ctf.xinetd

@@ -0,0 +1,18 @@
+service xinetd-service
+{
+    disable = no
+    socket_type = stream
+    protocol    = tcp
+    wait        = no
+    user        = beast
+    type        = UNLISTED
+    port        = 10003
+    bind        = 0.0.0.0
+    server      = /bin/sh
+    server_args = -c cd${IFS}/challenge;exec${IFS}/challenge/pwn
+    banner_fail = /etc/banner_fail
+    # Options below are for safety mainly
+    #per_source  = 10 # max instances per source at once
+    rlimit_cpu  = 5 # max cpu seconds
+    #rlimit_as  = 1024M # addr space resource limit
+}

_examples/xinetd-service/flag.txt

@@ -0,0 +1 @@
+CTF{not_the_flag}

_examples/xinetd-service/pwn_me.c

@@ -17,6 +17,8 @@ int sample()
 
 void test()
 {	char input[50];
+	printf("Please enter your name: ");
+	fflush(stdout);
 	gets(input);
 	sleep(1);
 	fprintf(stderr, "ECHO: %s\n",input); 

api/config.go

@@ -205,7 +205,7 @@ func updateChallengeInfoHandler(c *gin.Context) {
 	// Update challenge
 	if e := database.UpdateChallenge(&chall, configInfo); e != nil {
 		c.JSON(http.StatusBadRequest, HTTPPlainResp{
-			Message: fmt.Sprintf("Error while updating challenge info: %s", err.Error()),
+			Message: fmt.Sprintf("Error while updating challenge info: %s", e.Error()),
 		})
 		return
 	}

api/response.go

@@ -9,7 +9,7 @@ type HTTPPlainResp struct {
 }
 
 type HTTPPlainMapResp struct {
-	Messages map[string]string `json:"messages" example:"["name1": "message1"],["name2": "message2"]"`
+	Messages map[string]string `json:"messages" example:"{\"name1\": \"message1\", \"name2\": \"message2\"}"`
 }
 
 type HTTPErrorResp struct {
@@ -30,7 +30,7 @@ type AvailableImagesResp struct {
 type PortsInUseResp struct {
 	MinPortValue uint32   `json:"port_min_value" example:"10000"`
 	MaxPortValue uint32   `json:"port_max_value" example:"20000"`
-	PortsInUse   []uint32 `json:"ports_in_use" example:[100001, 100003, 10010]`
+	PortsInUse   []uint32 `json:"ports_in_use" example:"[100001, 100003, 10010]"`
 }
 
 type ChallengeStatusResp struct {
@@ -119,7 +119,7 @@ type ChallengeInfoResp struct {
 	Status          string          `json:"status" example:"deployed"`
 	MaxAttemptLimit int             `json:"maxAttemptLimit" example:"5"`
 	PreReqs         []string        `json:"preReqs" example:"['web-php','simple']"`
-	Ports           []uint32        `json:"ports" example:[3001, 3002]`
+	Ports           []uint32        `json:"ports" example:"[3001, 3002]"`
 	Hints           []HintInfo      `json:"hints"`
 	Desc            string          `json:"description" example:"A simple web challenge"`
 	Points          uint            `json:"points" example:"50"`
@@ -139,7 +139,7 @@ type ChallengePreviewResp struct {
 	AdditionalLinks []string `json:"additionalLinks" example:"['http://link1.abc:8080','http://link2.abc:8081']"`
 	MaxAttemptLimit int      `json:"maxAttemptLimit" example:"5"`
 	PreReqs         []string `json:"preReqs" example:"['web-php','simple']"`
-	Ports           []uint32 `json:"ports" example:[3001, 3002]`
+	Ports           []uint32 `json:"ports" example:"[3001, 3002]"`
 	Desc            string   `json:"description" example:"A simple web challenge"`
 	Points          uint     `json:"points" example:"50"`
 	DeployedLink    string   `json:"deployedLink" example:"beast.sdslabs.co"`