Skip to content

Instantly share code, notes, and snippets.

@lezhangxyz
Created February 23, 2012 05:00
Show Gist options
  • Star 2 You must be signed in to star a gist
  • Fork 2 You must be signed in to fork a gist
  • Save lezhangxyz/1890401 to your computer and use it in GitHub Desktop.
Save lezhangxyz/1890401 to your computer and use it in GitHub Desktop.
ctfsh
#!/bin/sh
if [ ! -t 0 ]; then
echo >&2 'STDIN is not a terminal'
exit 1
fi
clear
cd "$(mktemp -d)"
# we want other users to be able to read our directory for convenience
chmod 755 .
cat <<EOF
__
(__)
||______________________________
|| |
|| _ _ |
|| ___| |_ _ __(_)_ __ ___ |
|| / __| __| '__| | '_ \ / _ \ |
|| \__ \ |_| | | | |_) | __/ |
|| |___/\__|_| |_| .__/ \___| |
|| |_| |
|| |
||~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
||
||
||
||
EOF
case "$USER" in
level01)
cat <<EOF
Welcome to the Stripe CTF challenge!
Stripe CTF is a wargame, inspired by SmashTheStack I/O[1].
In /home/level02/.password is the SSH password for the level02
user. Your mission, should you choose to accept it, is to read that
file. You may find the binary /levels/level01 and its source code
/levels/level01.c useful.
We've created a scratch directory for you in /tmp.
There are a total of 6 levels in this CTF; if you're stuck, feel free
to email ctf@stripe.com for guidance.
Happy hacking,
The Stripe team
[1] http://io.smashthestack.org:84/
EOF
;;
level02)
cat <<EOF
Congratulations on making it to level 2!
The password for the next level is in /home/level03/.password. This
one is a web-based vulnerability, so go ahead and point your browser
to http://ctf.stri.pe/level02.php. You'll need to provide the password
for level02 using HTTP digest authentication.
You can find the source code for level02.php in /var/www/.
There are 6 levels in this CTF; if you're stuck, feel free to email
ctf@stripe.com for guidance.
Best of luck!
EOF
;;
level03)
cat <<EOF
Congratulations on making it to level 3!
The password for the next level is in /home/level04/.password. As
before, you may find /levels/level03 and /levels/level03.c useful.
While the supplied binary mostly just does mundane tasks, we trust
you'll find a way of making it do something much more interesting.
There are 6 levels in this CTF; if you're stuck, feel free to email
ctf@stripe.com for guidance.
Best of luck!
EOF
;;
level04)
cat <<EOF
Congratulations on making it to level 4!
The password for the next level is in /home/level05/.password. As
before, you may find /levels/level04 and /levels/level04.c useful.
The vulnerabilities overfloweth!
There are 6 levels in this CTF; if you're stuck, feel free to email
ctf@stripe.com for guidance.
Best of luck!
EOF
;;
level05)
cat <<EOF
Congratulations on making it to level 5! You're almost done!
The password for the next (and final) level is in /home/level06/.password.
As it turns out, level06 is running a public uppercasing service. You
can POST data to it, and it'll uppercase the data for you:
curl localhost:9020 -d 'hello friend'
{
"processing_time": 5.0067901611328125e-06,
"queue_time": 0.41274619102478027,
"result": "HELLO FRIEND"
}
You can view the source for this service in /levels/level05. As you
can see, the service is structured as a queue server and a queue
worker.
Could it be that this seemingly innocuous service will be level06's
downfall?
EOF
;;
level06)
cat <<EOF
Congratulations on making it to level 6! This is the final level. The
flag is almost in your grasp.
The password for the flag is in /home/the-flag/.password.
As it turns out, the-flag is a pretty arrogant user. He created a
taunting utility and left it in /levels/level06 (source code in
/levels/level06.c). This utility will read the first line of a
specified file, compare it with your supplied guess, and taunt you
unless you guessed correctly.
You could try using the taunt utility to brute-force the password, but
that would take... well, I don't want to say forever, but
approximately that. I guess you'll have to find another way.
Best of luck!
EOF
;;
esac
handle="(undefined)"
echo
read -p "Please enter your preferred handle: " handle
echo "Welcome, $handle!"
mailer.py "Login from $handle to $USER" root@localhost <<EOF
At $(date), there was a login from $handle to $USER.
SSH_CONNECTION: $SSH_CONNECTION
SSH_TTY: $SSH_TTY
EOF
export HANDLE="$handle"
exec /bin/bash
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment