-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
11 changed files
with
29 additions
and
17 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,16 +1,22 @@ | ||
# enowars8-service-piratesay | ||
# Piratesay | ||
|
||
### Testing out the service | ||
Piratesay is a play on “The Pirate Bay” and mimics a dark web internet forum where users can brag about scams they have completed. The service behaves like a CLI with a pirate-theme, where users can navigate through pirate-themed locations (directories). The service is written in C and players connect through a TCP connection. | ||
|
||
Piratesay was played as a binary service in Enowars 8 on the 20th of July 2024. | ||
|
||
## Get Running | ||
|
||
1. Clone the repo and run docker compose up for the both service and checker (use the local compose for the checker) | ||
2. Run service/src/generate_content.py to get a clean start | ||
3. Run the checker, put in a flag and check that it is "gettable". Maybe also check that the exploit works for good measure | ||
1. `enochecker_cli -A http://localhost:14444/ -a piratesay -f ENOFLAGENOFLAG=12345 putflag` | ||
2. `enochecker_cli -A http://localhost:14444/ -a piratesay -f ENOFLAGENOFLAG=12345 getflag` | ||
3. `enochecker_cli -A http://localhost:14444/ -a piratesay -f ENOFLAGENOFLAG=12345 --flag_regex ENOFLAGENOFLAG=.+ exploit` | ||
4. Connect to the service with `telnet localhost 4444` and start hunting for the exploits ;) | ||
5. For the solution and more detailed info about the application, look at the readme in the documentation folder | ||
|
||
### TODO | ||
**NOTE: The binary is compiled for x86-architecture. Should you be using something else (ARM), please navigate to the service_source folder instead and docker compose from there. This should trigger a recompilation in that folder.** | ||
|
||
- `cd service && docker compose up --build` | ||
- `cd checker && docker compose -f docker-compose-local.yaml up --build` | ||
|
||
2. Connect using the connector.py script for QoL features or alternatively directly using `nc localhost 4444` | ||
|
||
## Vulns, exploits and patches | ||
|
||
For an in-depth look at vulns, exploits and patches, please look at the README.md in the documentation folder. | ||
|
||
See project board on GitHub | ||
In this folder, you will also find bambixploits implementing the exploits in practice, as well as patched and unpatched stripped binaries. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
File renamed without changes.
File renamed without changes.
Binary file not shown.
Binary file not shown.
File renamed without changes.
File renamed without changes.
Binary file not shown.
Binary file not shown.