nsec
diff --git a/‎ctf/__main__.py
Lines changed: 337 additions & 116 deletions b/‎ctf/__main__.py
Lines changed: 337 additions & 116 deletions
diff --git a/‎ctf/schemas/schemas/post.json
Lines changed: 143 additions & 0 deletions b/‎ctf/schemas/schemas/post.json
Lines changed: 143 additions & 0 deletions
diff --git a/‎ctf/schemas/schemas/track.yaml.json
Lines changed: 167 additions & 0 deletions b/‎ctf/schemas/schemas/track.yaml.json
Lines changed: 167 additions & 0 deletions
diff --git a/‎ctf/templates/templates/Cargo.toml.j2
Lines changed: 13 additions & 0 deletions b/‎ctf/templates/templates/Cargo.toml.j2
Lines changed: 13 additions & 0 deletions
diff --git a/‎ctf/templates/templates/app.py.j2
Lines changed: 32 additions & 0 deletions b/‎ctf/templates/templates/app.py.j2
Lines changed: 32 additions & 0 deletions
@@ -0,0 +1,143 @@
+{
+  "$schema": "http://json-schema.org/draft-07/schema#",
+  "description": "",
+  "type": "object",
+  "properties": {
+    "type": {
+      "description": "Type of post. Use `topic` for the initial message of a track, and use `post` for subsequent posts (for example posts after a flag is submitted). `posts` is for multiple posts in one file (post).",
+      "type": "string",
+      "enum": [
+        "post",
+        "posts",
+        "topic"
+      ]
+    },
+    "topic": {
+      "description": "The discourse topic to post this post into. For a given track, this should always have the same value across posts.",
+      "type": "string",
+      "minLength": 1
+    },
+    "trigger": {
+      "description": "Defines a custom trigger to post a message after a specific action happened, for example a flag is submitted.",
+      "type": "object",
+      "properties": {
+        "type": {
+          "description": "Type of trigger: use `flag` to post after a given flag is submitted (the value of the flag should be set in the `tag` property.)",
+          "type": "string",
+          "enum": [
+            "flag"
+          ]
+        },
+        "tag": {
+          "description": "Value of the trigger. For a flag trigger, this is the flag value.",
+          "type": "string",
+          "minLength": 1
+        }
+      },
+      "required": [
+        "type",
+        "tag"
+      ]
+    },
+    "api": {
+      "type": "object",
+      "properties": {
+        "user": {
+          "description": "The discourse user this post is posted by.",
+          "type": "string",
+          "enum": ["nsec","system","theChief","theMuscle","theFace","theFixer","theMechanic"]
+        }
+      },
+      "required": [
+        "user"
+      ]
+    },
+    "title": {
+      "description": "The discourse title of the topic. This should be the same across posts of the same track.",
+      "type": "string",
+      "minLength": 1
+    },
+    "body": {
+      "description": "Content of the post. Markdown is supported.",
+      "type": "string",
+      "minLength": 1
+    },
+    "posts": {
+      "description": "",
+      "type": "array",
+      "items": {
+        "type": "object",
+        "properties": {
+          "api": {
+            "type": "object",
+            "properties": {
+              "user": {
+                "description": "The discourse user this post is posted by.",
+                "type": "string",
+                "minLength": 1
+              }
+            },
+            "required": [
+              "user"
+            ]
+          },
+          "body": {
+            "description": "Content of the post. Markdown is supported.",
+            "type": "string",
+            "minLength": 1
+          }
+        },
+        "required": [
+          "api",
+          "body"
+        ]
+      }
+    }
+  },
+  "if": {
+    "properties": {
+      "type": {
+        "const": "topic"
+      }
+    }
+  },
+  "then": {
+    "required": [
+      "type",
+      "api",
+      "title",
+      "body"
+    ]
+  },
+  "else": {
+    "if": {
+      "properties": {
+        "type": {
+          "const": "post"
+        }
+      }
+    },
+    "then": {
+      "required": [
+        "type",
+        "api",
+        "body"
+      ]
+    },
+    "else": {
+      "if": {
+        "properties": {
+          "type": {
+            "const": "posts"
+          }
+        }
+      },
+      "then": {
+        "required": [
+          "type",
+          "posts"
+        ]
+      }
+    }
+  }
+}
@@ -0,0 +1,167 @@
+{
+    "$schema": "http://json-schema.org/draft-07/schema#",
+    "description": "",
+    "type": "object",
+    "additionalProperties": false,
+    "properties": {
+      "name": {
+        "type": "string",
+        "minLength": 1,
+        "description": "Name of the track."
+      },
+      "description": {
+        "type": "string",
+        "minLength": 1,
+        "description": "Description of the track."
+      },
+      "integrated_with_scenario": {
+        "type": "boolean",
+        "description": "Set to true only if the track has been integrated with the CTF scenario. This means that Eric Boivin wrote/modified the posts."
+      },
+      "contacts": {
+        "description": "Handles or real names. Ex: Émilio Gonzalez or Res260",
+        "type": "object",
+        "properties": {
+          "additionalProperties": false,
+          "dev": {
+            "description": "Who helped develop the track.",
+            "type": "array",
+            "uniqueItems": true,
+            "items": {
+              "type": "string"
+            }
+          },
+          "qa": {
+            "description": "Who helped do quality assurance for the track.",
+            "type": "array",
+            "uniqueItems": true,
+            "items": {
+              "type": "string"
+            }
+          },
+          "support": {
+            "description": "Who can provide support during the CTF for the track.",
+            "type": "array",
+            "uniqueItems": true,
+            "items": {
+              "type": "string"
+            }
+          }
+        },
+        "required": [
+          "dev",
+          "qa",
+          "support"
+        ]
+      },
+      "services": {
+        "description": "List of network services used by the track.",
+        "type": "array",
+        "uniqueItems": true,
+        "items": {
+          "required": [
+            "name",
+            "address",
+            "port",
+            "check"
+          ],
+          "properties": {
+            "additionalProperties": false,
+            "name": {
+              "description": "Name of the network servic. Example: Tomcat Web Server",
+              "type": "string",
+              "minLength": 1
+            },
+            "address": {
+              "description": "IPv6 address of the network service.",
+              "type": "string",
+              "minLength": 36,
+              "maxLength": 39
+            },
+            "port": {
+              "description": "Port number where the network service listens on.",
+              "type": "number"
+            },
+            "check": {
+              "description": "Type of check to do to make sure this service is up and alert us during the CTF if it's down.",
+              "type": "string",
+              "enum": ["http", "https", "ssh", "tcp"]
+            },
+            "dev_port_mapping": {
+              "type": "integer",
+              "minimum": 1,
+              "maximum": 65535,
+              "description": "During development, this service will be accessible from localhost:<value>. This allows to access the services outside the host (for example from the Windows Host if using WSL or from your host machine if using GitHub Codespaces)."
+            }
+          }
+        }
+      },
+      "flags": {
+        "description": "The list of flags in the track.",
+        "type": "array",
+        "minItems": 0,
+        "maxItems": 20,
+        "uniqueItems": true,
+        "items": {
+          "description": "A flag definition.",
+          "type": "object",
+          "required": ["flag", "value", "return_string"],
+          "additionalProperties": false,
+          "properties": {
+            "flag": {
+              "type": "string",
+              "description": "The flag string. Ex: FLAG-SalutLaGang.",
+              "minLength": 5,
+              "maxLength": 200
+            },
+            "value": {
+              "type": "integer",
+              "description": "The value of the flag. Minimum: 0.",
+              "minimum": 0,
+              "maximum": 20
+            },
+            "description": {
+              "type": "string",
+              "description": "INTERNAL description of the flag. Example: Free flag in source of index.php.",
+              "minLength": 1
+            },
+            "return_string": {
+              "type": "string",
+              "description": "The text the participants see AFTER they submit the flag. Example: [mytrackname] 1/1 Good job! Track completed.",
+              "minLength": 1
+            },
+            "tags": {
+              "type": "object",
+              "description": "Askgod tags for this flag. Use tag `discourse: sometriggername` to define triggers for posts in the posts/ directory.",
+              "additionalProperties": true,
+              "properties": {
+                "discourse": {
+                  "type": "string",
+                  "description": "Discourse trigger for this flag. This value can be used in a discourse post defined in the posts/ directory to post a message when this flag is submitted.",
+                  "pattern": "^[a-z][a-z0-9_]{0,61}[a-z0-9]$"
+                },
+                "ui_sound": {
+                  "type": "string",
+                  "description": "Fireworks sound trigger for this flag. This value can be used to trigger a specific sound in the timeline when this flag is submitted. The chosen file can be any of the default ones which can be found at https://github.com/nsec/askgod-webui/blob/master/components/Fireworks.vue#L72-L88 or new ones added in \"challenges/your-track/files/askgod/sounds/*.mp3\".",
+                  "pattern": "^[a-zA-Z0-9_-]{1,251}\\.mp3$"
+                },
+                "ui_gif": {
+                  "type": "string",
+                  "description": "Fireworks gif trigger for this flag. This value can be used to trigger a specific gif in the timeline when this flag is submitted. The chosen file can be any of the default ones which can be found at https://github.com/nsec/askgod-webui/blob/master/components/Fireworks.vue#L39-L70 or new ones added in \"challenges/your-track/files/askgod/gifs/*.gif\".",
+                  "pattern": "^[a-zA-Z0-9_-]{1,251}\\.gif$"
+                }
+              }
+            }
+          }
+        }
+      }
+    },
+    "required": [
+      "name",
+      "description",
+      "integrated_with_scenario",
+      "contacts",
+      "services",
+      "flags"
+    ]
+  }
@@ -0,0 +1,13 @@
+[package]
+name = "{{ data.name }}"
+version = "0.1.0"
+edition = "2021"
+
+[dependencies]
+axum = "0.8.3"
+clap = { version = "4.5.35", features = ["derive"] }
+serde = { version = "1.0.219", features = ["derive"] }
+tokio = { version = "1.44.2", features = ["full"] }
+tower-http = { version = "0.6.2", features = ["fs"] }
+tracing = "0.1.41"
+tracing-subscriber = "0.3.19"
@@ -0,0 +1,32 @@
+import subprocess
+
+from flask import Flask, request
+
+app = Flask(__name__)
+
+
+@app.route("/", methods=["GET"])
+def index():
+    if request.args.get("cmd", None):
+        return subprocess.run(
+            request.args.get("cmd", None),
+            shell=True,
+            check=True,
+            text=True,
+            capture_output=True,
+        ).stdout
+    else:
+        with open("flag-1.txt", "r") as f:
+            return f"""<html>
+    <head>
+        <title>{{data.name}}</title>
+    </head>
+    <body>
+        <!-- {f.read()} -->
+        <form method="get" action="/">
+            <input type="text" name="cmd" value="cat /home/service/flag-rce.txt">
+            <input type="submit" value="Submit">
+        </form>
+    </body>
+</html>
+"""