Skip to content

Latest commit

 

History

History
218 lines (162 loc) · 4.25 KB

slides.md

File metadata and controls

218 lines (162 loc) · 4.25 KB
theme background class highlighter info
default
/img/photo-1523821741446-edb2b68bb7a0.jpeg
text-center
shiki
## Как мы делали сезон

Как мы делали сезон

Стата

  • 12 сходок
  • 6 месяцев
  • 146 тасков

layout: fact

Как мы подымаем таски? 🤔

Turing complete board

Turing complete board

class pwn3_ints extends BaseTask {
    public $desc = 'ints', $cat = 'ret2libc', $cost = 10;
    public $answer = 'spbctf{123213213131}';
    public $caseInsensitive = true;
    public $author = "George Zaytsev (<a href='tg://resolve?domain=groke'>groke</a>)";
    public $fullDesc = "<p>Server: </p><p><code><b>nc -nv 109.233.56.90 11635</b></code></p><p>Binary: <a href='/files/aslr/ints/task_simple'><b>task</b></a></p><p>libc:<a href='/files/aslr/ints/libc-2.31.so'>libc</a></p><p><a href='/files/aslr/ints/ld-2.31.so'>ld</a></p>";
    public function Validate($answer) {}
}

layout: center

GitOoops

layout: center

layout: center

Новый деплой

  • GitHub репа
  • deploy.sh
  • deploy.yaml
  • deploy_board.py
  • Деплой вебхук на TypeScript 🤡
├── 11-heap4
│   ├── mc1
│   │   ├── deploy
│   │   │   ├── docker-compose.yml
│   │   │   ├── Dockerfile
│   │   │   ├── flag.txt
│   │   │   ├── main.c
│   │   │   ├── Makefile
│   │   │   └── mc1.elf
│   │   ├── solve1.py
│   │   └── task.yaml
│    ...
├── deploy.sh
└── deploy.yaml

layout: center

sequenceDiagram
  🧑‍🏫->>GitHub: Запушил таску
  Note over GitHub: GitHub Action
  Note over GitHub,Board: deploy_board.py
  GitHub->>GitHub: Сгенерировать tasks.inc.php
  GitHub->>Board: Залить tasks.inc.php
  GitHub->>Board: Залить файлы
  GitHub->>Dockers: Webhook
  Dockers->>Dockers: Pull
  Dockers->>Dockers: deploy.sh
Loading

QA Team

$ diff give_to_ctfers/write_me_not1 deploy/write_me_not
Binary files give_to_ctfers/write_me_not1 and deploy/write_me_not differ

layout: center

layout: center

layout: center

Brrrrrrrrrrr

void play() {
    puts("We can leak canary with a C string!!");
    char buf[16];
    while (1) {
        printf("What is your name?\n");
        fflush(stdout);
        int res = read(0, buf, 128);
        if (res == -1) break;

        if (buf[0] == 'q') break;

        printf("Hello %s !\n", buf);
    }
}

layout: center

Misc optimisations

/etc/docker/daemon.json

{
  "log-driver": "local",
  "log-opts": {
    "max-size": "100m",
    "max-file": "3"
  },
  "userland-proxy": false,
  "iptables": true,
  "live-restore": true
}

Misc optimisations

main.c

__attribute__((constructor))
static void bufinit() {
    setvbuf(stdout, 0, _IONBF, 0);
    setvbuf(stdin, 0, _IONBF, 0);
    setvbuf(stderr, 0, _IONBF, 0);
}