Instantly share code, notes, and snippets.

@tyage tyage/bingo.cgi Secret
Last active Feb 19, 2018

Embed
What would you like to do?
Download ZIP
Raw
bingo.cgi
#!/usr/bin/python
# -*- coding: utf-8 -*-
from BaseHTTPServer import BaseHTTPRequestHandler, HTTPServer
import SocketServer
import urlparse
import os
import sys
import random
import json
import cgi
import cv2
import threading
import time
status = json.loads(open("status.json").read())
bingotitle = cv2.imread("bingotitle.jpg")
blue_images = {}
for n in range(75):
blue_images[n+1] = cv2.imread("numbers/blue_" + ("%02d" % (n + 1)) + ".jpg")
gray_images = {}
for n in range(99):
gray_images[n+1] = cv2.imread("numbers/gray_" + ("%02d" % (n + 1)) + ".jpg")
digit = 0
def rnd(a):
global digit
digit = digit + 1
return str(digit)
def new_bingo(max_number=75):
num_base = []
if max_number == 75:
I15 = [i+1 for i in range( 0, 15)]
I30 = [i+1 for i in range(15, 30)]
I45 = [i+1 for i in range(30, 45)]
I60 = [i+1 for i in range(45, 60)]
I75 = [i+1 for i in range(60, 75)]
random.shuffle(I15)
random.shuffle(I30)
random.shuffle(I45)
random.shuffle(I60)
random.shuffle(I75)
for i in range(5):
num_base.append(I15[i])
num_base.append(I30[i])
num_base.append(I45[i])
num_base.append(I60[i])
num_base.append(I75[i])
else:
for i in range(max_number):
num_base.append(i+1)
random.shuffle(num_base)
num_base[12] = 99
return num_base[:25]
def check_bingo(bingo, called_nums):
ck_list = [
# yoko
[ 0, 1, 2, 3, 4],
[ 5, 6, 7, 8, 9],
[10,11,12,13,14],
[15,16,17,18,19],
[20,21,22,23,24],
# tate
[ 0, 5,10,15,20],
[ 1, 6,11,16,21],
[ 2, 7,12,17,22],
[ 3, 8,13,18,23],
[ 4, 9,14,19,24],
# naname
[ 0, 6,12,18,24],
[ 4, 8,12,16,20]
]
for ck in ck_list:
flag = True
for i in range(5):
if not bingo[ck[i]] in called_nums:
flag = False
break
if flag == True:
return 1
return 0
def save_jpg_for_size(original, size, baseurl):
cv2.imwrite(baseurl + "/" + str(size) + ".jpg", original)
#def make_imagemap_from_data(userid, bingo, called_nums):
# global status
# global bingotitle
# global blue_images
# global gray_images
# card = [bingotitle]
# for i in range(5):
# line_ = []
# for j in range(5):
# n = bingo[ (i * 5) + j ]
# if not n in called_nums:
# one = blue_images[n]
# else:
# one = gray_images[n]
# line_.append(one)
# card.append(cv2.hconcat(line_))
# img = cv2.vconcat(card)
# baseurl = status["local_pics_path"] + userid
# if os.path.isdir(baseurl) == False:
# os.mkdir(baseurl)
# imageid = rnd(20)
# baseurl = status["local_pics_path"] + userid + "/" + imageid
# os.mkdir(baseurl)
# save_jpg_for_size(img, 305, baseurl)
# return status["web_pics_path"] + userid + "/" + imageid
def make_image_from_data(bingo, called_nums):
global bingotitle
global blue_images
global gray_images
card = [bingotitle]
for i in range(5):
line_ = []
for j in range(5):
n = bingo[ (i * 5) + j ]
if not n in called_nums:
one = blue_images[n]
else:
one = gray_images[n]
line_.append(one)
card.append(cv2.hconcat(line_))
return cv2.vconcat(card)
pics_data = {}
def save_image(imageid, userid, bingo, called_nums):
global status
#baseurl = status["local_pics_path"] + userid
#if os.path.isdir(baseurl) == False:
# os.mkdir(baseurl)
#baseurl = status["local_pics_path"] + userid + "/" + imageid
#os.mkdir(baseurl)
#save_jpg_for_size(img, 305, baseurl)
pics_data[(userid, imageid)] = [bingo, called_nums]
return status["web_pics_path"] + userid + "/" + imageid
def html(text):
return "{'result': '" + text + "'}"
#def branch():
# form = cgi.FieldStorage()
# num = form.getvalue("num")
# if num != None:
# return (0, num)
# uid = form.getvalue("uid")
# call = form.getvalue("call")
# if uid != None and call != None:
# return (1, uid, call)
# return (-1, "error")
#
#def main():
# result = branch()
# if result[0] == 0:
# routineA(result[1])
# return
# if result[0] == 1:
# routineB(result[1], result[2])
# return
# html("404 not found")
# return
a_cache = None
ginfo = None
def routineA_pre(num):
global status
global a_cache
global ginfo
num = int(num)
uid = rnd(3)
data= {
'data': [],
'result': 'ok',
'called': [99]
}
for i in range(num):
bingo = new_bingo(75)
imageid = rnd(10)
pic = make_image_from_data(bingo, [99])
baseurl = "a/" + uid
if os.path.isdir(baseurl) == False:
os.mkdir(baseurl)
baseurl = "a/" + uid + "/" + imageid
os.mkdir(baseurl)
save_jpg_for_size(pic, 305, baseurl)
url = "a/" + uid + "/" + imageid
one = {
"url": url,
"data": bingo
}
data['data'].append(one)
ginfo = data
#a_cache = json.dumps(data, indent=4)
a_cache = json.dumps(data, separators=(',', ':'))
return a_cache
def routineA(num):
if num == None:
return html('404 not found')
if int(num) < 1:
return html('404 not found')
global a_cache
if a_cache == None:
return routineA_pre(num)
return a_cache
b_caches = {}
def routineB_pre(uid, call):
global status
global b_cache
global ginfo
call = int(call)
if not call in ginfo["called"]:
ginfo["called"].append(call)
data = {
'data': [],
'result': 'ok',
'called': ginfo["called"]
}
for v in ginfo["data"]:
imageid = rnd(10)
url = save_image(imageid, uid, v["data"], ginfo["called"])
one = {
"url": url,
"data": v["data"],
"bingo": check_bingo(v["data"], ginfo["called"])
}
data['data'].append(one)
ginfo = data
else:
data = ginfo
#1b_caches[(uid, call)] = data
return json.dumps(data, separators=(',', ':'))
def routineB(uid, call):
global b_cache
# if (uid, call) in b_caches:
# cache = b_caches[(uid, call)]
# cache["called"].append(int(call))
# return json.dumps(cache)
return routineB_pre(uid, call)
class S(BaseHTTPRequestHandler):
def do_GET(self):
parsed_path = urlparse.urlparse(self.path)
if parsed_path.path.find('/pics') == 0:
self.send_response(200)
self.send_header('Content-type', 'image/jpg')
self.end_headers()
data = parsed_path.path.split('/')
key = (data[2], data[3])
data = pics_data[key]
pic = make_image_from_data(data[0], data[1])
self.wfile.write(cv2.imencode('.jpg', pic)[1].tostring())
else:
self.send_response(200)
self.send_header('Content-type', 'application/json')
self.end_headers()
queries = {}
for q in parsed_path.query.split('&'):
queries[q.split('=')[0]] = q.split('=')[1]
if 'num' in queries:
self.wfile.write(routineA(queries['num']))
else:
self.wfile.write(routineB(queries['uid'], queries['call']))
def run(server_class=HTTPServer, handler_class=S, port=80):
server_address = ('', port)
httpd = server_class(server_address, handler_class)
print 'Starting httpd...'
game_info = routineA_pre("200")
#d = json.loads(game_info)
#game_id = d["data"][0]["url"].split("/")[1]
#routineB_pre(game_id, "1")
print 'Creating a cache file...'
# open('cgi-files/num=200', 'w').write(game_info)
# for i in range(1, 76):
# result = routineB(game_id, str(i))
# open('cgi-files/uid=%s&call=%d' % (game_id, i), 'w').write(result)
print 'httpd Started.'
httpd.serve_forever()
if __name__ == "__main__":
from sys import argv
if len(argv) == 2:
run(port=int(argv[1]))
else:
run()
Raw
nginx.conf
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
# log_format ltsv "host:$remote_addr"
# "\tuser:$remote_user"
# "\ttime:$time_local"
# "\treq:$request"
# "\tstatus:$status"
# "\tsize:$body_bytes_sent"
# "\treferer:$http_referer"
# "\tua:$http_user_agent"
# "\tforwardedfor:$http_x_forwarded_for"
# "\treqtime:$request_time"
# "\tapptime:$upstream_response_time";
#
# access_log /usr/local/var/log/nginx/access.log ltsv;
# error_log /usr/local/var/log/nginx/error.log;
access_log off;
sendfile on;
keepalive_timeout 65;
gzip on;
gzip_types image/jpeg;
server {
listen 80;
server_name localhost;
deny 10.0.26.10;
root /Users/tyage/.ghq/github.com/tyage/ctf/contests/seccon-2017-finals/bingom/;
#location /cgi-bin2 {
# add_header 'Content-Type' 'application/json';
# try_files /cgi-files/$args 404;
#}
location /cgi-bin {
proxy_pass http://127.0.0.1:8000/;
}
location /pics {
proxy_pass http://127.0.0.1:8000/pics;
}
}
include servers/*;
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment