Merge branch 'master' of github.com:cybermouflons/CCSC-CTF-2024

README.md

@@ -80,9 +80,10 @@ Although some of the challenges may run as is, it is recommended that you have d
 
 | Name | Author |
 | ---- | ------ |
-| [Arcane Nebula](./web/arcane-nebula) | koks |
+| [Arcane Runes](./web/arcane-runes) | koks |
 | [Cross Checked Report](./web/cross-checked-report) | YetAnotherAlt123 |
 | [Microbuns](./web/microbuns) | koks |
+| [Portal](./web/portal) | YetAnotherAlt123 |
 | [ShodanQL](./web/shodanql) | sAINT_barber |
 | [Underground Watch - Part 1](./web/underground_watch_part_1) | sAINT_barber |
 | [Warriors Tech Shop](./web/warriors_tech_shop) | sAINT_barber |

reverse/drone-army/challenge.yml

@@ -0,0 +1,25 @@
+name: "Drone Army"
+author: "rok0s"
+category: reverse
+
+description: |
+  OrionTech's drones are controlled by a highly encrypted program that autonomously manages surveillance operations. Your goal is to reverse engineer this program to uncover its internal mechanisms and secrets, allowing you to hijack control of the drone fleet.
+
+value: 500
+type: dynamic
+extra:
+  initial: 500
+  minimum: 100
+  decay: 25
+
+flags:
+  - reverse/arm_bkp/poc.py
+
+tags:
+  - reverse
+
+files:
+  - "public/drone_army.s"
+
+state: visible
+version: "0.1"

reverse/drone-army/public/drone_army.s

@@ -0,0 +1,65 @@
+.section .data
+aa:  .space 32
+ac:  .byte  0x26, 0x65, 0x36, 0x75, 0xe, 0x3a, 0x48, 0x5, 0x7c, 0x23, 0x13, 0x75, 0x2a, 0x72, 0x42, 0x30, 0x43, 0x1c, 0x4e, 0x7d, 0xb, 0x38, 0x4a, 0x7f, 0x1a, 0x5e, 0x7f, 0x5e, 0x23
+
+sm: .asciz "Success!\n"
+fm: .asciz "Try again...\n"
+
+.section .text
+.global _start
+
+_start:
+    mov x0, 0
+    ldr x1, =aa
+    mov x2, 32 
+    mov x8, 63
+    svc 0
+    mov x3, x0
+    sub x3, x3, #1
+    mov x4, #29
+    cmp x3, x4
+    bne dd
+    ldr x1, =aa
+    mov x4, 0x65
+    mov x5, 0
+al:
+    cmp x5, x3
+    bge bd
+    ldrb w6, [x1, x5]
+    eor w6, w6, w4
+    strb w6, [x1, x5]
+    mov w4, w6
+    add x5, x5, 1
+    b al
+bd:
+    ldr x6, =ac
+    mov x7, 0
+    mov x8, 1
+cbl:
+    cmp x7, x3
+    bge bb
+    ldrb w9, [x1, x7]
+    ldrb w10, [x6, x7]
+    cmp w9, w10
+    bne cbf
+    add x7, x7, 1
+    b cbl
+cbf:
+    mov x8, 0
+    b bb
+bb:
+    cmp x8, 1
+    bne dd
+    ldr x1, =sm
+    mov x2, #10
+    b de
+dd:
+    ldr x1, =fm
+    mov x2, #13
+de:
+    mov x0, 1
+    mov x8, 64
+    svc 0
+    mov x0, 0
+    mov x8, 93
+    svc 0

reverse/drone-army/setup/drone_army.s

@@ -0,0 +1,65 @@
+.section .data
+aa:  .space 32
+ac:  .byte  0x26, 0x65, 0x36, 0x75, 0xe, 0x3a, 0x48, 0x5, 0x7c, 0x23, 0x13, 0x75, 0x2a, 0x72, 0x42, 0x30, 0x43, 0x1c, 0x4e, 0x7d, 0xb, 0x38, 0x4a, 0x7f, 0x1a, 0x5e, 0x7f, 0x5e, 0x23
+
+sm: .asciz "Success!\n"
+fm: .asciz "Try again...\n"
+
+.section .text
+.global _start
+
+_start:
+    mov x0, 0
+    ldr x1, =aa
+    mov x2, 32 
+    mov x8, 63
+    svc 0
+    mov x3, x0
+    sub x3, x3, #1
+    mov x4, #29
+    cmp x3, x4
+    bne dd
+    ldr x1, =aa
+    mov x4, 0x65
+    mov x5, 0
+al:
+    cmp x5, x3
+    bge bd
+    ldrb w6, [x1, x5]
+    eor w6, w6, w4
+    strb w6, [x1, x5]
+    mov w4, w6
+    add x5, x5, 1
+    b al
+bd:
+    ldr x6, =ac
+    mov x7, 0
+    mov x8, 1
+cbl:
+    cmp x7, x3
+    bge bb
+    ldrb w9, [x1, x7]
+    ldrb w10, [x6, x7]
+    cmp w9, w10
+    bne cbf
+    add x7, x7, 1
+    b cbl
+cbf:
+    mov x8, 0
+    b bb
+bb:
+    cmp x8, 1
+    bne dd
+    ldr x1, =sm
+    mov x2, #10
+    b de
+dd:
+    ldr x1, =fm
+    mov x2, #13
+de:
+    mov x0, 1
+    mov x8, 64
+    svc 0
+    mov x0, 0
+    mov x8, 93
+    svc 0

web/arcane-nebula/README.md → web/arcane-runes/README.md

@@ -1,6 +1,6 @@
-# Arcane Nebula
+# Arcane Runes
 
-[![Try in PWD](https://raw.githubusercontent.com/play-with-docker/stacks/master/assets/images/button.png)](https://labs.play-with-docker.com/?stack=https://raw.githubusercontent.com/cybermouflons/CCSC-CTF-2023/master/web/arcane-nebula/docker-compose.yml)
+[![Try in PWD](https://raw.githubusercontent.com/play-with-docker/stacks/master/assets/images/button.png)](https://labs.play-with-docker.com/?stack=https://raw.githubusercontent.com/cybermouflons/CCSC-CTF-2023/master/web/arcane-runes/docker-compose.yml)
 
 
 **Category**: web
@@ -19,10 +19,10 @@ Nevertheless, we have to persevere; retrieve the flag!
 
 Launch challenge:
 ```
-curl -sSL https://raw.githubusercontent.com/cybermouflons/CCSC-CTF-2023/master/web/arcane-nebula/docker-compose.yml | docker compose -f - up -d
+curl -sSL https://raw.githubusercontent.com/cybermouflons/CCSC-CTF-2023/master/web/arcane-runes/docker-compose.yml | docker compose -f - up -d
 ```
 
 Shutdown challenge:
 ```
-curl -sSL https://raw.githubusercontent.com/cybermouflons/CCSC-CTF-2023/master/web/arcane-nebula/docker-compose.yml | docker compose -f - down
+curl -sSL https://raw.githubusercontent.com/cybermouflons/CCSC-CTF-2023/master/web/arcane-runes/docker-compose.yml | docker compose -f - down
 ```

web/arcane-nebula/challenge.yml → web/arcane-runes/challenge.yml

@@ -1,4 +1,4 @@
-name: "Arcane Nebula"
+name: "Arcane Runes"
 author: "koks"
 category: web
 

web/arcane-nebula/docker-compose.yml → web/arcane-runes/docker-compose.yml

@@ -1,7 +1,7 @@
 version: '3'
 services:
-  arcane-nebula:
-    image: ghcr.io/cybermouflons/ccsc2024/arcane-nebula:latest
+  arcane-runes:
+    image: ghcr.io/cybermouflons/ccsc2024/arcane-runes:latest
     restart: always
     build: ./setup/
     ports:

web/arcane-nebula/setup/app/package.json → web/arcane-runes/setup/app/package.json

@@ -1,5 +1,5 @@
 {
-  "name": "arcane-nebula",
+  "name": "arcane-runes",
   "module": "index.ts",
   "type": "module",
   "devDependencies": {

web/arcane-nebula/solution/README.md → web/arcane-runes/solution/README.md

@@ -1,4 +1,4 @@
-# Arcane Nebula
+# Arcane Runes
 
 ## Solution
 

web/portal/README.md

@@ -0,0 +1,26 @@
+# Portal
+
+[![Try in PWD](https://raw.githubusercontent.com/play-with-docker/stacks/master/assets/images/button.png)](https://labs.play-with-docker.com/?stack=https://raw.githubusercontent.com/cybermouflons/CCSC-CTF-2023/master/web/portal/docker-compose.yml)
+
+
+**Category**: web
+
+**Author**: YetAnotherAlt123
+
+## Description
+
+We found an admin portal. Do we really need to say more?
+
+
+
+## Run locally
+
+Launch challenge:
+```
+curl -sSL https://raw.githubusercontent.com/cybermouflons/CCSC-CTF-2023/master/web/portal/docker-compose.yml | docker compose -f - up -d
+```
+
+Shutdown challenge:
+```
+curl -sSL https://raw.githubusercontent.com/cybermouflons/CCSC-CTF-2023/master/web/portal/docker-compose.yml | docker compose -f - down
+```

web/portal/challenge.yml

@@ -0,0 +1,25 @@
+name: "Portal"
+author: "YetAnotherAlt123"
+category: web
+
+description: |
+  We found an admin portal. Do we really need to say more?
+
+value: 500
+type: dynamic_docker
+extra:
+  initial: 500
+  minimum: 100
+  decay: 25
+  redirect_type: http
+  compose_stack: !filecontents docker-compose.yml
+
+flags:
+  - CCSC{s1d3_t0_s1d3_4ND_fr0n7_tO_b4ck}
+
+tags:
+  - web
+  - hard
+
+state: visible
+version: "0.1"

web/portal/docker-compose.yml

@@ -0,0 +1,11 @@
+version: "3.7"
+
+services:
+  challenge:
+    image: ghcr.io/cybermouflons/ccsc2024/portal:latest
+    restart: always
+    ports:
+      - 3000:3000
+    build:
+      context: ./setup
+      dockerfile: Dockerfile

web/portal/setup/Dockerfile

@@ -0,0 +1,21 @@
+# Start with the official Python image
+FROM python:3.9-slim
+
+ENV FLAG=CCSC{s1d3_t0_s1d3_4ND_fr0n7_tO_b4ck}
+
+# Install Python dependencies
+WORKDIR /app
+COPY requirements.txt /app/
+RUN pip install --no-cache-dir -r requirements.txt
+
+# Copy the app
+COPY flag.txt /app
+COPY app.py /app
+COPY app-dev-version-abccdef.py /app
+
+RUN echo '#app:x:999:999::/app:/bin/false' >> /etc/passwd
+
+EXPOSE 3000
+
+# Command to start services
+CMD python3 app-dev-version-abccdef.py & python3 app.py