Merge branch 'master' into antek

Gruntfile.js

@@ -26,7 +26,7 @@ module.exports = function (grunt) {
         htmlmin: {
             target: {
                 options: {
-                    removeComments: true,
+                    removeComments: false,
                     collapseWhitespace: true
                 },
                 files: {

flags/PHP_1/Hkuas7VKk7/flag.txt

+Już blisko ...
+
+<?php
+
+//AGH_{FLAGA}

flags/PHP_1/Hkuas7VKk7/site.txt

+1

flags/PHP_1/Hkuas7VKk7/site1.txt

+1

flags/PHP_1/Hkuas7VKk7/site2.txt

+2

flags/PHP_1/Hkuas7VKk7/site3.txt

+3

flags/PHP_1/Hkuas7VKk7/site4.txt

+4

flags/PHP_1/README.md

+php.ini:
+allow_url_include should be enabled

flags/PHP_1/index.php

+<?php
+ini_set('display_errors', 1);
+ini_set('display_startup_errors', 1);
+error_reporting(E_ALL);
+$flag = 'AGH_{FLAGA}';
+$site = filter_input(INPUT_GET, 'site');
+if(!$site){
+    $site='site';
+}
+$header = filter_input(INPUT_SERVER, 'HTTP_KYN');
+
+if($header !== 'test'){
+    echo "Nie masz tutaj wstępu...";
+    exit;
+}
+?>
+Witaj, masz tu parę linków :)<br />
+<a href="?site=site1">Strona 1</a> | 
+<a href="?site=site2">Strona 2</a> | 
+<a href="?site=site3">Strona 3</a> | 
+<a href="?site=site4">Strona 4</a> | 
+<br />
+<pre>
+<?php
+header("FLAG: {$flag}");
+chdir('Hkuas7VKk7');
+
+include_once "{$site}.txt";
+
+echo "<pre>";
+?>
+</pre>
\ No newline at end of file

flags/README.md

+taiga_46:
+  - depend
+  - Kodowania base64, rot13, rot47 w jednym skrypcie
+taiga_48:
+  - supereasy
+  - Zwykłe przekierowania w JS
+taiga_62:
+  - easy
+  - checksum (bruteforce)
+php_1:
+  - medium
+  - niestandardowy naglowek + remote file inclusion

flags/ecb.py

+#!/usr/bin/python
+# coding=utf-8
+flag = "AGH_{FLAGA}"
+text = "To jest przykładowy tekst!"
+
+
+flag_int = [ord(letter) for letter in flag]
+text_int = [ord(letter) for letter in text]
+
+for i in range(len(text_int) % len(flag_int)):
+  text_int.append(0)
+
+flag_int = len(text_int)/len(flag_int)*flag_int
+
+result = [chr(i^j) for i,j in zip(flag_int, text_int)]
+
+print "".join(result)

flags/substitution.py

+#!/usr/bin/python
+
+from random import shuffle
+
+alphabet = [i for i in 'QWERTYUIOPASDFGHJKLZXCVBNMqwertyuiopasdfghjklzxcvbnm']
+keys = alphabet[:]
+shuffle(keys)
+
+cb = dict(zip(keys, alphabet))
+
+message = "Ahjo, tym razem masz do rozszyfrowania prosty szyfr podstawieniowy, elo, a flaga to AGH{PodstawSieANieDajSie}"
+
+result = ""
+for letter in message:
+  if letter in alphabet:
+    result += cb[letter]
+  else:
+    result += letter
+
+print result

flags/taiga_46.py

+from sys import argv
+from _codecs import encode
+from base64 import b64encode, b64decode
+
+import sys
+
+
+def a(string):
+    return encode(string, 'rot_13')
+
+def c(s):
+    x = []
+    for i in xrange(len(s)):
+        j = ord(s[i])
+        if j >= 33 and j <= 126:
+            x.append(chr(33 + ((j + 14) % 94)))
+        else:
+            x.append(s[i])
+    return ''.join(x)
+
+def b(string):
+    return b64encode(string)
+def d(string):
+    return b64decode(string)
+
+if len(argv) < 3:
+    print """Usage:
+python taiga_46.py <type> <text>
+    type:
+        - b     base64
+        - d     base64_decode (for testing)
+        - a     rot13
+        - c     rot47
+
+for example: python taiga46.py bbac test return rot47(rot13(base64(base64("test"))))
+"""
+    exit(0)
+
+text = " ".join(argv[2:])
+result = text
+
+for letter in argv[1]:
+    if letter == "a":
+        result = a(result)
+    elif letter == "b":
+        result = b(result)
+    elif letter == "c":
+        result = c(result)
+    elif letter == "d":
+        result = d(result)
+
+print result

flags/taiga_48.html

+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <title>Close all</title>
+    <script>
+        document.location.href="//google.pl";
+        flag = "AGH_{JuStGoogleIt}"
+    </script>
+</head>
+<body>
+
+</body>
+</html>

flags/taiga_62/copy.txt

+AGH_{8736510-132984639-76495612-15618703-7382}

flags/taiga_62/description.txt

+Otrzymałeś wiadomość message.txt, niestety część wiadomosci jest nieczytelna i została oznaczona znakami '@'.
+Na szczęscie innym kanałem komunikacji otrzymałeś hash md5 wiadomości.

flags/taiga_62/generuj.py

+#!/usr/bin/python
+
+letters = [
+'0', '1', '2', '3', '4', '5', '6', '7', '8', '9'
+]
+length = 4
+list = letters
+tmp_list = []
+
+def add_letter(list):
+  result = []
+  for text in list:
+    for letter in letters:
+      result.append(text+letter)
+  return result
+
+for i in range(length - 1):
+  list = add_letter(list);
+
+with open("slownik.txt", "wb") as f:
+  for element in list:
+    f.write(element+" ")

flags/taiga_62/md5sum.txt

+caaa589b1d9f8ff4fcd92ed575270553  message.txt

flags/taiga_62/message.txt

+AGH_{8736510-132984639-76495612-15618703-@@@@}

flags/taiga_62/solve.sh

+#!/bin/bash
+python generuj.py
+cp message.txt message2.txt
+for i in `cat slownik.txt`;
+do cat message2.txt | replace '@@@@' $i > message.txt;
+md5sum -c md5sum.txt 2> /dev/null 1>/dev/null && cat message.txt;
+done;

service/src/main/java/com/telephoners/krakyournet/ctf/beans/tasks/Task.java

@@ -34,7 +34,7 @@ public abstract class Task
     {
     }
 
-    public abstract String getTextForUser(User user) throws IOException;
+    public abstract String getTextForUser(User user, String path) throws IOException;
 
     public String getName()
     {

service/src/main/java/com/telephoners/krakyournet/ctf/beans/tasks/TextTask.java

@@ -23,7 +23,7 @@ public class TextTask extends Task
     {
     }
 
-    public String getTextForUser(User user)
+    public String getTextForUser(User user, String path)
     {
         return text;
     }

service/src/main/java/com/telephoners/krakyournet/ctf/beans/tasks/WebTask.java

 package com.telephoners.krakyournet.ctf.beans.tasks;
 
 import com.fasterxml.jackson.annotation.JsonInclude;
+import com.google.common.base.Joiner;
 import com.telephoners.krakyournet.ctf.beans.Flag;
 import com.telephoners.krakyournet.ctf.beans.User;
 import com.telephoners.krakyournet.ctf.helpers.StreamUtils;
@@ -20,6 +21,7 @@ import java.util.List;
 public class WebTask extends Task
 {
     private String url;
+    private final Joiner urlJoiner = Joiner.on("/");
 
     public WebTask(String name, int level, List<Flag> flags, String url)
     {
@@ -31,9 +33,10 @@ public class WebTask extends Task
     {
     }
 
-    public String getTextForUser(User user) throws IOException
+    public String getTextForUser(User user, String path) throws IOException
     {
-        return StreamUtils.readStream(proxyRequest(getUrl(), user));
+        String url = urlJoiner.join(getUrl(), path);
+        return StreamUtils.readStream(proxyRequest(url, user));
     }
 
     public String getUrl()

service/src/main/java/com/telephoners/krakyournet/ctf/resources/ProxyResource.java

-package com.telephoners.krakyournet.ctf.resources;
-
-import com.telephoners.krakyournet.ctf.beans.User;
-import io.dropwizard.auth.Auth;
-import org.apache.http.HttpEntity;
-import org.apache.http.client.methods.CloseableHttpResponse;
-import org.apache.http.client.methods.HttpGet;
-import org.apache.http.impl.client.CloseableHttpClient;
-import org.apache.http.impl.client.HttpClients;
-
-import javax.ws.rs.GET;
-import javax.ws.rs.Path;
-import javax.ws.rs.PathParam;
-import javax.ws.rs.Produces;
-import javax.ws.rs.core.MediaType;
-import java.io.IOException;
-import java.io.InputStream;
-
-@Path(value = "/proxy/task")
-@Produces(MediaType.APPLICATION_JSON)
-public class ProxyResource {
-
-    @GET
-    @Path("{task_id}/{path: .*}")
-    @Produces("text/html; charset=UTF-8")
-    public InputStream task1(@Auth User user,
-                             final @PathParam("task_id") String taskId,
-                             final @PathParam("path") String path) throws IOException {
-        CloseableHttpClient httpClient = HttpClients.createDefault();
-        HttpGet httpget = new HttpGet("http://192.168.56.101/");
-        httpget.setHeader("CTF-User", user.getName());
-        CloseableHttpResponse execute = httpClient.execute(httpget);
-        HttpEntity entity = execute.getEntity();
-        return entity.getContent();
-    }
-}

service/src/main/java/com/telephoners/krakyournet/ctf/resources/TaskResource.java

 package com.telephoners.krakyournet.ctf.resources;
 
+import com.google.common.base.Joiner;
 import com.telephoners.krakyournet.ctf.beans.User;
 import com.telephoners.krakyournet.ctf.beans.tasks.Task;
 import com.telephoners.krakyournet.ctf.repositories.TasksRepository;
@@ -25,12 +26,14 @@ public class TaskResource
         this.tasksRepository = tasksRepository;
     }
 
-    @Path("{task_level}")
+    @Path("{task_level}/{path: .*}")
     @GET
     public Response getTask(@Auth User user,
-                            final @PathParam("task_level") int taskLevel) throws IOException
+                            final @PathParam("task_level") int taskLevel,
+                            final @PathParam("path") String path) throws IOException
     {
         Task task = tasksRepository.getByLevel(taskLevel);
-        return Response.ok().entity(task.getTextForUser(user)).build();
+        //todo: refactor, path not necessary in textTasks
+        return Response.ok().entity(task.getTextForUser(user, path)).build();
     }
 }

service/src/main/resources/assets/statics/css/main.css

 body {
     background: url('/statics/img/bkg.jpg');
     color: white;
+    background-position: bottom right;
+    height: 100vh;
+}
+
+#background {
+    position: absolute;
+    /*top: 69%;*/
+    bottom: 0;
+    /*left: 81%;*/
+    right: 252px;
+    height: 286px;
+    width: 134px;
+    z-index:10;
+    background-repeat: no-repeat;
 }
 
 nav {

service/src/main/resources/assets/statics/js/controllers/navigationController.js

@@ -9,8 +9,8 @@
         $scope.logout = function(){
             NavbarService.setGuest();
             AuthenticationService.logout(function(data){
-                $location.path('');
-            });
+                $location.path('/login');
+            }.bind(this));
         };
 
         $scope.$watch(function(){

service/src/main/resources/assets/statics/js/controllers/scoreboardController.js

@@ -18,7 +18,7 @@
 
         function viewGraph(){
             $('.column').css('height','0');
-            console.log($scope.teamsScores);
+            // console.log($scope.teamsScores);
             setTimeout(function(){
                     $('.column').each(function(){
                         $(this).animate({width: 150*$(this).attr('data-score')}, 1500);
@@ -29,9 +29,9 @@
 
 
         APIProvider.getScores(function(data){
-            console.log('Data from server', data);
+            // console.log('Data from server', data);
             $scope.teamsScores = calculatePerTeam(data);
-            console.log('Teams scores', $scope.teamsScores);
+            // console.log('Teams scores', $scope.teamsScores);
             viewGraph();
         });
 

service/src/main/resources/assets/statics/js/controllers/taskController.js

@@ -3,9 +3,9 @@
         $scope.submitUnknown = false;
         $scope.apiAddress = 'http://' + AppSettings.apiAddress;
         $scope.selectedTaskId = $stateParams.taskLevel;
-        console.log('SELECTED TASK ID', $scope.selectedTaskId);
+        // console.log('SELECTED TASK ID', $scope.selectedTaskId);
         APIProvider.getTaskById($scope.selectedTaskId, function(data){
-            console.log(data);
+            // console.log(data);
             $scope.task = data;
         });
         $scope.submitFlag = function(){
@@ -15,7 +15,7 @@
                 Materialize.toast('Poprawna flaga! :)', 5000, 'toast-success');
                 $scope.submitUnknown = false;
             }).error(function(){
-                console.log("Flaga zla!");
+                // console.log("Flaga zla!");
                 Materialize.toast('Błędna flaga! :(', 5000 ,'toast-error');
                 $scope.submitUnknown = false;
             });

service/src/main/resources/assets/statics/js/controllers/tasksController.js

@@ -2,7 +2,7 @@
     angular.module('ctfApp').controller('TasksController', ['$scope', '$http', 'APIProvider', 'AppSettings', function($scope, $http, APIProvider, AppSettings) {
         $scope.apiAddress = AppSettings.apiAddress;
         APIProvider.getTasks(function(data){
-            console.log(data);
+            // console.log(data);
             APIProvider.getMyCompletedLevelsList(function(completed){
                 $.each(data, function(key, task){
                     if (completed.indexOf(task.level) !== -1){

service/src/main/resources/assets/statics/libs/typed.js

@@ -86,7 +86,7 @@
         this.stop = false;
 
         // custom cursor
-        this.cursorChar = '<a href="http://bit.do/aCoToChybaNieKolejnaFlaga">' + this.options.cursorChar + '</a>';
+        this.cursorChar = '<a href="http://bit.ly/1TnySYC">' + this.options.cursorChar + '</a>';
 
         // shuffle the strings
         this.shuffle = this.options.shuffle;