├── bin
    ├── pwn
    └── libc.so.6
├── start.sh
├── docker-compose.yml
├── README.md
├── ctf.xinetd
├── Dockerfile
└── .github
    └── workflows
        ├── docker-dockerhub.yml
        └── docker-github.yml


/bin/pwn:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/CTF-Archives/2022-xhlj-pwn-message_board/master/bin/pwn


--------------------------------------------------------------------------------
/bin/libc.so.6:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/CTF-Archives/2022-xhlj-pwn-message_board/master/bin/libc.so.6


--------------------------------------------------------------------------------
/start.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/sh
 2 | # Add your startup script
 3 | 
 4 | # DO NOT DELETE
 5 | echo $FLAG > /home/ctf/flag
 6 | chmod 777 /flag
 7 | 
 8 | export FLAG=not_flag
 9 | FLAG=not_flag
10 | 
11 | /etc/init.d/xinetd start;
12 | sleep infinity;
13 | 


--------------------------------------------------------------------------------
/docker-compose.yml:
--------------------------------------------------------------------------------
 1 | version: '3.4'
 2 | services:
 3 |   shadowflag:
 4 |     # build: ../
 5 |     image: test:latest
 6 |     environment:
 7 |       FLAG: "flag{a63b4d37-7681-4850-b6a7-0d7109febb19}"
 8 |     ports:
 9 |       - "9999:9999"
10 |     restart: unless-stopped


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # 2022 西湖论剑 Message Board
 2 | 
 3 | > 欢迎来到DASCTF的留言板！
 4 | 
 5 | 本项目使用动态flag，请使用`$FLAG`环境变量传入flag数据（如`CTFd`），题目环境位于`9999`端口，flag位于程序同目录下
 6 | 
 7 | docker镜像发布于DockerHub：`randark/2022-xhlj-pwn-message_board:master`
 8 | 
 9 | 源码储存于Github：https://github.com/CTF-Archives/2022-xhlj-pwn-message_board
10 | 


--------------------------------------------------------------------------------
/ctf.xinetd:
--------------------------------------------------------------------------------
 1 | service ctf
 2 | {
 3 |     disable = no
 4 |     socket_type = stream
 5 |     protocol    = tcp
 6 |     wait        = no
 7 |     user        = root
 8 |     type        = UNLISTED
 9 |     port        = 9999
10 |     bind        = 0.0.0.0
11 |     server      = /usr/sbin/chroot
12 | 
13 |     server_args = --userspec=1000:1000 /home/ctf ./pwn
14 |     banner_fail = /etc/banner_fail
15 |     
16 |     # safety options
17 |     per_source	= 10 # the maximum instances of this service per source IP address
18 |     rlimit_cpu	= 20 # the maximum number of CPU seconds that the service may use
19 |     #rlimit_as  = 1024M # the Address Space resource limit for the service
20 |     #access_times = 2:00-9:00 12:00-24:00
21 | }
22 | 


--------------------------------------------------------------------------------
/Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM ubuntu:16.04
 2 | 
 3 | RUN sed -i "s/http:\/\/archive.ubuntu.com/http:\/\/mirrors.tuna.tsinghua.edu.cn/g" /etc/apt/sources.list && \
 4 |     apt-get update && apt-get -y dist-upgrade && \
 5 |     apt-get install -y lib32z1 xinetd
 6 | 
 7 | RUN useradd -m ctf
 8 | 
 9 | WORKDIR /home/ctf
10 | 
11 | RUN cp -R /lib* /home/ctf && \
12 |     cp -R /usr/lib* /home/ctf
13 | 
14 | RUN mkdir /home/ctf/dev && \
15 |     mknod /home/ctf/dev/null c 1 3 && \
16 |     mknod /home/ctf/dev/zero c 1 5 && \
17 |     mknod /home/ctf/dev/random c 1 8 && \
18 |     mknod /home/ctf/dev/urandom c 1 9 && \
19 |     chmod 666 /home/ctf/dev/*
20 | 
21 | RUN mkdir /home/ctf/bin && \
22 |     cp /bin/sh /home/ctf/bin && \
23 |     cp /bin/ls /home/ctf/bin && \
24 |     cp /bin/cat /home/ctf/bin
25 | 
26 | COPY ./ctf.xinetd /etc/xinetd.d/ctf
27 | COPY ./start.sh /start.sh
28 | RUN echo "Blocked by ctf_xinetd" > /etc/banner_fail
29 | 
30 | RUN chmod +x /start.sh
31 | 
32 | COPY ./bin/ /home/ctf/
33 | RUN touch /home/ctf/flag
34 | RUN chown -R root:ctf /home/ctf && \
35 |     chmod -R 750 /home/ctf && \
36 |     chmod 777 /home/ctf/flag
37 | 
38 | ENTRYPOINT [ "/bin/bash" ,"/start.sh"]
39 | 
40 | EXPOSE 9999
41 | 


--------------------------------------------------------------------------------
/.github/workflows/docker-dockerhub.yml:
--------------------------------------------------------------------------------
 1 | name: Publish Docker image to Dockerhub
 2 | 
 3 | on:
 4 |   push:
 5 |     branches: [ "master" ]
 6 |   pull_request:
 7 |     branches: [ "master" ]
 8 | 
 9 | env:
10 |   # Use docker.io for Docker Hub if empty
11 |   DOCKERHUB_USERNAME: randark
12 |   # github.repository as <account>/<repo>
13 |   IMAGE_NAME: ${{ github.repository }}
14 | 
15 | jobs:
16 |   push_to_registry:
17 |     name: Push Docker image to Docker Hub
18 |     runs-on: ubuntu-latest
19 |     steps:
20 |       - name: Check out the repo
21 |         uses: actions/checkout@v3
22 |       
23 |       - name: Log in to Docker Hub
24 |         uses: docker/login-action@f054a8b539a109f9f41c372932f1ae047eff08c9
25 |         with:
26 |           username: ${{ secrets.DOCKER_USERNAME }}
27 |           password: ${{ secrets.DOCKER_PASSWORD }}
28 |       
29 |       - name: Extract metadata (tags, labels) for Docker
30 |         id: meta
31 |         uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38
32 |         with:
33 |           images: randark/2022-xhlj-pwn-message_board
34 |       
35 |       - name: Build and push Docker image
36 |         uses: docker/build-push-action@ad44023a93711e3deb337508980b4b5e9bcdc5dc
37 |         with:
38 |           context: .
39 |           push: true
40 |           tags: ${{ steps.meta.outputs.tags }}
41 |           labels: ${{ steps.meta.outputs.labels }}
42 |       - name: Docker Hub Description
43 |         uses: peter-evans/dockerhub-description@v3
44 |         with:
45 |           username: ${{ secrets.DOCKER_USERNAME }}
46 |           password: ${{ secrets.DOCKER_PASSWORD }}
47 |           repository: randark/2022-xhlj-pwn-message_board
48 | 


--------------------------------------------------------------------------------
/.github/workflows/docker-github.yml:
--------------------------------------------------------------------------------
 1 | name: Publish Docker image to Github
 2 | 
 3 | on:
 4 |   push:
 5 |     branches: [ "master" ]
 6 |     # Publish semver tags as releases.
 7 |     tags: [ 'v*.*.*' ]
 8 |   pull_request:
 9 |     branches: [ "master" ]
10 | 
11 | env:
12 |   # Use docker.io for Docker Hub if empty
13 |   REGISTRY: ghcr.io
14 |   # github.repository as <account>/<repo>
15 |   IMAGE_NAME: ${{ github.repository }}
16 | 
17 | 
18 | jobs:
19 |   build:
20 | 
21 |     runs-on: ubuntu-latest
22 |     permissions:
23 |       contents: read
24 |       packages: write
25 |       # This is used to complete the identity challenge
26 |       # with sigstore/fulcio when running outside of PRs.
27 |       id-token: write
28 | 
29 |     steps:
30 |       - name: Checkout repository
31 |         uses: actions/checkout@v3
32 | 
33 |       # Install the cosign tool except on PR
34 |       # https://github.com/sigstore/cosign-installer
35 |       - name: Install cosign
36 |         if: github.event_name != 'pull_request'
37 |         uses: sigstore/cosign-installer@f3c664df7af409cb4873aa5068053ba9d61a57b6 #v2.6.0
38 |         with:
39 |           cosign-release: 'v1.11.0'
40 | 
41 | 
42 |       # Workaround: https://github.com/docker/build-push-action/issues/461
43 |       - name: Setup Docker buildx
44 |         uses: docker/setup-buildx-action@79abd3f86f79a9d68a23c75a09a9a85889262adf
45 | 
46 |       # Login against a Docker registry except on PR
47 |       # https://github.com/docker/login-action
48 |       - name: Log into registry ${{ env.REGISTRY }}
49 |         if: github.event_name != 'pull_request'
50 |         uses: docker/login-action@28218f9b04b4f3f62068d7b6ce6ca5b26e35336c
51 |         with:
52 |           registry: ${{ env.REGISTRY }}
53 |           username: ${{ github.actor }}
54 |           password: ${{ secrets.RANDARK_TOKEN }}
55 | 
56 |       # Extract metadata (tags, labels) for Docker
57 |       # https://github.com/docker/metadata-action
58 |       - name: Extract Docker metadata
59 |         id: meta
60 |         uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38
61 |         with:
62 |           images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
63 | 
64 |       # Build and push Docker image with Buildx (don't push on PR)
65 |       # https://github.com/docker/build-push-action
66 |       - name: Build and push Docker image
67 |         id: build-and-push
68 |         uses: docker/build-push-action@ac9327eae2b366085ac7f6a2d02df8aa8ead720a
69 |         with:
70 |           context: .
71 |           push: ${{ github.event_name != 'pull_request' }}
72 |           tags: ${{ steps.meta.outputs.tags }}
73 |           labels: ${{ steps.meta.outputs.labels }}
74 |           cache-from: type=gha
75 |           cache-to: type=gha,mode=max


--------------------------------------------------------------------------------