Congratulations! You have successfully created your Yii application.
6 |
7 | For more details on how to further develop this application, please read
14 | the documentation .
15 | Feel free to ask in the forum ,
16 | should you have any questions.
--------------------------------------------------------------------------------
/webui/manager/protected/tests/WebTestCase.php:
--------------------------------------------------------------------------------
1 | setBrowserUrl(TEST_BASE_URL);
24 | }
25 | }
26 |
--------------------------------------------------------------------------------
/webui/manager/protected/views/arpdat/view.php:
--------------------------------------------------------------------------------
1 | breadcrumbs=array(
3 | 'Arpdats'=>array('index'),
4 | $model->mac,
5 | );
6 |
7 | $this->menu=array(
8 | array('label'=>'List Arpdat', 'url'=>array('index')),
9 | array('label'=>'Create Arpdat', 'url'=>array('create')),
10 | array('label'=>'Update Arpdat', 'url'=>array('update', 'id'=>$model->mac)),
11 | array('label'=>'Delete Arpdat', 'url'=>'#', 'linkOptions'=>array('submit'=>array('delete','id'=>$model->mac),'confirm'=>'Are you sure you want to delete this item?')),
12 | array('label'=>'Manage Arpdat', 'url'=>array('admin')),
13 | );
14 | ?>
15 |
16 |
13 |
14 |
Your Reports
15 |
16 |
17 |
18 | ID
19 | Subject
20 | Attacker
21 | Server
22 | Reporter
23 | Comment
24 |
26 |
27 |
28 |
29 |
30 |
38 |
39 |
40 |
41 |
--------------------------------------------------------------------------------
/webui/tail-full.php:
--------------------------------------------------------------------------------
1 |
2 | "SET NAMES utf8"
8 | ));
9 | }
10 | catch (PDOException $exception)
11 | {
12 | printf("Failed to connect to the database, please notify the judges. Error: %s", $exception->getMessage());
13 | }
14 | $pdo->setAttribute(PDO :: ATTR_ERRMODE, PDO :: ERRMODE_EXCEPTION);
15 | $pdo->setAttribute(PDO :: ATTR_AUTOCOMMIT, false);
16 |
17 | ?>
18 |
19 |
20 |
21 |
AthCon CTF Scores
22 |
23 |
24 |
25 |
26 |
27 |
28 |
29 |
AthCon CTF History
30 |
31 |
32 |
35 |
36 |
37 |
38 |
--------------------------------------------------------------------------------
/webui/manager/protected/views/arphistory/admin.php:
--------------------------------------------------------------------------------
1 | breadcrumbs=array(
3 | 'Arphistories'=>array('index'),
4 | 'Manage',
5 | );
6 |
7 | $this->menu=array(
8 | array('label'=>'List Arphistory', 'url'=>array('index')),
9 | array('label'=>'Create Arphistory', 'url'=>array('create')),
10 | );
11 |
12 | Yii::app()->clientScript->registerScript('search', "
13 | $('.search-button').click(function(){
14 | $('.search-form').toggle();
15 | return false;
16 | });
17 | $('.search-form form').submit(function(){
18 | $.fn.yiiGridView.update('arphistory-grid', {
19 | data: $(this).serialize()
20 | });
21 | return false;
22 | });
23 | ");
24 | ?>
25 |
26 |
Manage Arphistories
27 |
28 |
29 | You may optionally enter a comparison operator (< , <= , > , >= , <>
30 | or = ) at the beginning of each of your search values to specify how the comparison should be done.
31 |
32 |
33 | 'search-button')); ?>
34 |
35 | renderPartial('_search',array(
36 | 'model'=>$model,
37 | )); ?>
38 |
39 |
40 | widget('zii.widgets.grid.CGridView', array(
41 | 'id'=>'arphistory-grid',
42 | 'dataProvider'=>$model->search(),
43 | 'filter'=>$model,
44 | 'columns'=>array(
45 | 'id',
46 | 'mac',
47 | 'ip',
48 | 'timestamp',
49 | array(
50 | 'class'=>'CButtonColumn',
51 | ),
52 | ),
53 | )); ?>
54 |
--------------------------------------------------------------------------------
/webui/manager/protected/views/vuln/admin.php:
--------------------------------------------------------------------------------
1 | breadcrumbs=array(
3 | 'Vulns'=>array('index'),
4 | 'Manage',
5 | );
6 |
7 | $this->menu=array(
8 | array('label'=>'List Vuln', 'url'=>array('index')),
9 | array('label'=>'Create Vuln', 'url'=>array('create')),
10 | );
11 |
12 | Yii::app()->clientScript->registerScript('search', "
13 | $('.search-button').click(function(){
14 | $('.search-form').toggle();
15 | return false;
16 | });
17 | $('.search-form form').submit(function(){
18 | $.fn.yiiGridView.update('vuln-grid', {
19 | data: $(this).serialize()
20 | });
21 | return false;
22 | });
23 | ");
24 | ?>
25 |
26 |
Manage Vulns
27 |
28 |
29 | You may optionally enter a comparison operator (< , <= , > , >= , <>
30 | or = ) at the beginning of each of your search values to specify how the comparison should be done.
31 |
32 |
33 | 'search-button')); ?>
34 |
35 | renderPartial('_search',array(
36 | 'model'=>$model,
37 | )); ?>
38 |
39 |
40 | widget('zii.widgets.grid.CGridView', array(
41 | 'id'=>'vuln-grid',
42 | 'dataProvider'=>$model->search(),
43 | 'filter'=>$model,
44 | 'columns'=>array(
45 | 'id',
46 | 'users_id',
47 | 'subject',
48 | 'server',
49 | 'message',
50 | 'status',
51 | 'ts',
52 | array(
53 | 'class'=>'CButtonColumn',
54 | ),
55 | ),
56 | )); ?>
57 |
--------------------------------------------------------------------------------
/webui/manager/protected/views/hint/_form.php:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/webui/rules.hacker.php:
--------------------------------------------------------------------------------
1 |
Feel free to register for hacker account. The scenario is simple. Your target is a large security house, AcmeSec LLC. . You have been approached by AcmeSec to try and hack their network. However, the admins of AcmeSec have not been notified. This means that although you have the paper work that proves you work on the clear, you will get blocked by the admins. Oh and something else, you are not on your own here, AcmeSec has approached other top researchers for this post also, this is not just a challenge, its a competition…
2 |
3 |
Prizes
4 |
The challenge is simple, hack the most systems while trying to stay as stealthy as possible. For your services you will receive... (note: These are actual prizes that you will get)
5 |
6 | 1st place: A Metasploit Pro license worth $15.0002nd place: A Netsparker Pro license worth $5.9503rd place: A Burpsuite Pro License worth $300
10 |
11 |
Keep in Mind
12 |
First and foremost, this is just for fun. The scope of this year's CTF is to allow both attackers and by-standers to take part. You will be able to see from the inside how an attack looks like. Please take the time to read the rules of the game.
13 |
--------------------------------------------------------------------------------
/webui/manager/protected/views/tcpdump/_search.php:
--------------------------------------------------------------------------------
1 |
2 |
3 | beginWidget('CActiveForm', array(
4 | 'action'=>Yii::app()->createUrl($this->route),
5 | 'method'=>'get',
6 | )); ?>
7 |
8 |
9 | label($model,'id'); ?>
10 | textField($model,'id',array('size'=>20,'maxlength'=>20)); ?>
11 |
12 |
13 |
14 | label($model,'srchw'); ?>
15 | textField($model,'srchw',array('size'=>17,'maxlength'=>17)); ?>
16 |
17 |
18 |
19 | label($model,'size'); ?>
20 | textField($model,'size'); ?>
21 |
22 |
23 |
24 | label($model,'proto'); ?>
25 | textField($model,'proto',array('size'=>4,'maxlength'=>4)); ?>
26 |
27 |
28 |
29 | label($model,'srcip'); ?>
30 | textField($model,'srcip',array('size'=>20,'maxlength'=>20)); ?>
31 |
32 |
33 |
34 | label($model,'dstip'); ?>
35 | textField($model,'dstip',array('size'=>20,'maxlength'=>20)); ?>
36 |
37 |
38 |
39 | label($model,'dstport'); ?>
40 | textField($model,'dstport'); ?>
41 |
42 |
43 |
44 |
45 |
46 |
47 | endWidget(); ?>
48 |
49 |
--------------------------------------------------------------------------------
/webui/manager/protected/views/tcpdump/admin.php:
--------------------------------------------------------------------------------
1 | breadcrumbs=array(
3 | 'Tcpdumps'=>array('index'),
4 | 'Manage',
5 | );
6 |
7 | $this->menu=array(
8 | array('label'=>'List Tcpdump', 'url'=>array('index')),
9 | array('label'=>'Create Tcpdump', 'url'=>array('create')),
10 | );
11 |
12 | Yii::app()->clientScript->registerScript('search', "
13 | $('.search-button').click(function(){
14 | $('.search-form').toggle();
15 | return false;
16 | });
17 | $('.search-form form').submit(function(){
18 | $.fn.yiiGridView.update('tcpdump-grid', {
19 | data: $(this).serialize()
20 | });
21 | return false;
22 | });
23 | ");
24 | ?>
25 |
26 |
Manage Tcpdumps
27 |
28 |
29 | You may optionally enter a comparison operator (< , <= , > , >= , <>
30 | or = ) at the beginning of each of your search values to specify how the comparison should be done.
31 |
32 |
33 | 'search-button')); ?>
34 |
35 | renderPartial('_search',array(
36 | 'model'=>$model,
37 | )); ?>
38 |
39 |
40 | widget('zii.widgets.grid.CGridView', array(
41 | 'id'=>'tcpdump-grid',
42 | 'dataProvider'=>$model->search(),
43 | 'filter'=>$model,
44 | 'columns'=>array(
45 | 'id',
46 | 'srchw',
47 | 'size',
48 | 'proto',
49 | 'srcip',
50 | 'dstip',
51 | /*
52 | 'dstport',
53 | */
54 | array(
55 | 'class'=>'CButtonColumn',
56 | ),
57 | ),
58 | )); ?>
59 |
--------------------------------------------------------------------------------
/webui/manager/protected/views/users/admin.php:
--------------------------------------------------------------------------------
1 | breadcrumbs=array(
3 | 'Users'=>array('index'),
4 | 'Manage',
5 | );
6 |
7 | $this->menu=array(
8 | array('label'=>'List Users', 'url'=>array('index')),
9 | array('label'=>'Create Users', 'url'=>array('create')),
10 | );
11 |
12 | Yii::app()->clientScript->registerScript('search', "
13 | $('.search-button').click(function(){
14 | $('.search-form').toggle();
15 | return false;
16 | });
17 | $('.search-form form').submit(function(){
18 | $.fn.yiiGridView.update('users-grid', {
19 | data: $(this).serialize()
20 | });
21 | return false;
22 | });
23 | ");
24 | ?>
25 |
26 |
Manage Users
27 |
28 |
29 | You may optionally enter a comparison operator (< , <= , > , >= , <>
30 | or = ) at the beginning of each of your search values to specify how the comparison should be done.
31 |
32 |
33 | 'search-button')); ?>
34 |
35 | renderPartial('_search',array(
36 | 'model'=>$model,
37 | )); ?>
38 |
39 |
40 | widget('zii.widgets.grid.CGridView', array(
41 | 'id'=>'users-grid',
42 | 'dataProvider'=>$model->search(),
43 | 'filter'=>$model,
44 | 'columns'=>array(
45 | 'id',
46 | 'nickname',
47 | 'team',
48 | 'category',
49 | 'passwd',
50 | 'mac',
51 | /*
52 | 'signature',
53 | 'TS',
54 | */
55 | array(
56 | 'class'=>'CButtonColumn',
57 | ),
58 | ),
59 | )); ?>
60 |
--------------------------------------------------------------------------------
/contrib/logspoofer/requests/lamp.acmesec.fake_pixie.log:
--------------------------------------------------------------------------------
1 | "GET /pixie_v1.04/ HTTP/1.1" 302 - "http://192.0.0.2/"
2 | "GET /pixie_v1.04/admin/install/ HTTP/1.1" 200 12981 "http://192.0.0.2/"
3 | "GET /pixie_v1.04/admin/install/install.js HTTP/1.1" 200 2715 "http://192.0.0.2/pixie_v1.04/admin/install/"
4 | "GET /pixie_v1.04/admin/install/banner.gif HTTP/1.1" 200 3365 "http://192.0.0.2/pixie_v1.04/admin/install/"
5 | "GET /pixie_v1.04/admin/favicon.ico HTTP/1.1" 200 3262 "-"
6 | "GET /pixie_v1.04/admin/install/install.css HTTP/1.1" 200 2814 "http://192.0.0.2/pixie_v1.04/admin/install/"
7 | "GET /pixie_v1.04/admin/admin/theme/style.php HTTP/1.1" 200 60 "http://192.0.0.2/pixie_v1.04/admin/install/"
8 | "GET /pixie_v1.04/admin/jscript/jquery.js HTTP/1.1" 200 72174 "http://192.0.0.2/pixie_v1.04/admin/install/"
9 | "GET /pixie_v1.04/admin/admin/theme/navigation.css HTTP/1.1" 200 2001 "http://192.0.0.2/pixie_v1.04/admin/admin/theme/style.php"
10 | "GET /pixie_v1.04/admin/admin/theme/style.css HTTP/1.1" 200 5936 "http://192.0.0.2/pixie_v1.04/admin/admin/theme/style.php"
11 | "GET /pixie_v1.04/admin/install/background.jpg HTTP/1.1" 200 32870 "http://192.0.0.2/pixie_v1.04/admin/install/install.css"
12 | "GET /pixie_v1.04/admin/admin/theme/images/bg_form.gif HTTP/1.1" 200 462 "http://192.0.0.2/pixie_v1.04/admin/admin/theme/style.css"
13 | "GET /pixie_v1.04/admin/admin/theme/images/formback.gif HTTP/1.1" 200 94 "http://192.0.0.2/pixie_v1.04/admin/admin/theme/style.css"
14 | "GET /pixie_v1.04/admin/install/button.png HTTP/1.1" 200 1865 "http://192.0.0.2/pixie_v1.04/admin/install/install.css"
--------------------------------------------------------------------------------
/webui/manager/protected/views/treasures/_view.php:
--------------------------------------------------------------------------------
1 |
2 |
3 | getAttributeLabel('id')); ?>:
4 | id), array('view', 'id'=>$data->id)); ?>
5 | getAttributeLabel('name')); ?>:
8 | name); ?>
9 | getAttributeLabel('pubname')); ?>:
12 | pubname); ?>
13 | getAttributeLabel('code')); ?>:
16 | code); ?>
17 | getAttributeLabel('description')); ?>:
20 | description); ?>
21 | getAttributeLabel('points')); ?>:
24 | points); ?>
25 | getAttributeLabel('category')); ?>:
28 | category); ?>
29 | getAttributeLabel('csum')); ?>:
32 | csum); ?>
33 | getAttributeLabel('appears')); ?>:
36 | appears); ?>
37 | getAttributeLabel('effects')); ?>:
40 | effects); ?>
41 |
--------------------------------------------------------------------------------
/webui/manager/protected/views/treasures/admin.php:
--------------------------------------------------------------------------------
1 | breadcrumbs=array(
3 | 'Treasures'=>array('index'),
4 | 'Manage',
5 | );
6 |
7 | $this->menu=array(
8 | array('label'=>'List Treasures', 'url'=>array('index')),
9 | array('label'=>'Create Treasures', 'url'=>array('create')),
10 | );
11 |
12 | Yii::app()->clientScript->registerScript('search', "
13 | $('.search-button').click(function(){
14 | $('.search-form').toggle();
15 | return false;
16 | });
17 | $('.search-form form').submit(function(){
18 | $.fn.yiiGridView.update('treasures-grid', {
19 | data: $(this).serialize()
20 | });
21 | return false;
22 | });
23 | ");
24 | ?>
25 |
26 |
Manage Treasures
27 |
28 |
29 | You may optionally enter a comparison operator (< , <= , > , >= , <>
30 | or = ) at the beginning of each of your search values to specify how the comparison should be done.
31 |
32 |
33 | 'search-button')); ?>
34 |
35 | renderPartial('_search',array(
36 | 'model'=>$model,
37 | )); ?>
38 |
39 |
40 | widget('zii.widgets.grid.CGridView', array(
41 | 'id'=>'treasures-grid',
42 | 'dataProvider'=>$model->search(),
43 | 'filter'=>$model,
44 | 'columns'=>array(
45 | 'id',
46 | 'name',
47 | 'pubname',
48 | 'description',
49 | 'points',
50 | 'category',
51 | 'csum',
52 | 'appears',
53 | 'effects',
54 | 'code',
55 | array(
56 | 'class'=>'CButtonColumn',
57 | ),
58 | ),
59 | )); ?>
60 |
--------------------------------------------------------------------------------
/webui/manager/protected/tests/functional/SiteTest.php:
--------------------------------------------------------------------------------
1 | open('');
8 | $this->assertTextPresent('Welcome');
9 | }
10 |
11 | public function testContact()
12 | {
13 | $this->open('?r=site/contact');
14 | $this->assertTextPresent('Contact Us');
15 | $this->assertElementPresent('name=ContactForm[name]');
16 |
17 | $this->type('name=ContactForm[name]','tester');
18 | $this->type('name=ContactForm[email]','tester@example.com');
19 | $this->type('name=ContactForm[subject]','test subject');
20 | $this->click("//input[@value='Submit']");
21 | $this->waitForTextPresent('Body cannot be blank.');
22 | }
23 |
24 | public function testLoginLogout()
25 | {
26 | $this->open('');
27 | // ensure the user is logged out
28 | if($this->isTextPresent('Logout'))
29 | $this->clickAndWait('link=Logout (demo)');
30 |
31 | // test login process, including validation
32 | $this->clickAndWait('link=Login');
33 | $this->assertElementPresent('name=LoginForm[username]');
34 | $this->type('name=LoginForm[username]','demo');
35 | $this->click("//input[@value='Login']");
36 | $this->waitForTextPresent('Password cannot be blank.');
37 | $this->type('name=LoginForm[password]','demo');
38 | $this->clickAndWait("//input[@value='Login']");
39 | $this->assertTextNotPresent('Password cannot be blank.');
40 | $this->assertTextPresent('Logout');
41 |
42 | // test logout process
43 | $this->assertTextNotPresent('Login');
44 | $this->clickAndWait('link=Logout (demo)');
45 | $this->assertTextPresent('Login');
46 | }
47 | }
48 |
--------------------------------------------------------------------------------
/webui/manager/protected/views/reports/admin.php:
--------------------------------------------------------------------------------
1 | breadcrumbs=array(
3 | 'Reports'=>array('index'),
4 | 'Manage',
5 | );
6 |
7 | $this->menu=array(
8 | array('label'=>'List Reports', 'url'=>array('index')),
9 | array('label'=>'Create Reports', 'url'=>array('create')),
10 | );
11 |
12 | Yii::app()->clientScript->registerScript('search', "
13 | $('.search-button').click(function(){
14 | $('.search-form').toggle();
15 | return false;
16 | });
17 | $('.search-form form').submit(function(){
18 | $.fn.yiiGridView.update('reports-grid', {
19 | data: $(this).serialize()
20 | });
21 | return false;
22 | });
23 | ");
24 | ?>
25 |
26 |
Manage Reports
27 |
28 |
29 | You may optionally enter a comparison operator (< , <= , > , >= , <>
30 | or = ) at the beginning of each of your search values to specify how the comparison should be done.
31 |
32 |
33 | 'search-button')); ?>
34 |
35 | renderPartial('_search',array(
36 | 'model'=>$model,
37 | )); ?>
38 |
39 |
40 | widget('zii.widgets.grid.CGridView', array(
41 | 'id'=>'reports-grid',
42 | 'dataProvider'=>$model->search(),
43 | 'filter'=>$model,
44 | 'columns'=>array(
45 | 'id',
46 | 'reporter',
47 | 'datentime',
48 | 'subject',
49 | 'attacker',
50 | 'server',
51 | 'abuse',
52 | 'message',
53 | 'logs',
54 | 'resolved',
55 | 'thru',
56 | 'comments',
57 | 'mac',
58 | array(
59 | 'class'=>'CButtonColumn',
60 | ),
61 | ),
62 | )); ?>
63 |
--------------------------------------------------------------------------------
/contrib/schema/athcon-federated.mysql:
--------------------------------------------------------------------------------
1 | -- phpMyAdmin SQL Dump
2 | -- version 3.3.9.1
3 | -- http://www.phpmyadmin.net
4 | --
5 | -- Host: localhost
6 | -- Generation Time: Apr 11, 2012 at 01:17 AM
7 | -- Server version: 5.1.54
8 | -- PHP Version: 5.2.17
9 |
10 | SET FOREIGN_KEY_CHECKS=0;
11 | SET SQL_MODE="NO_AUTO_VALUE_ON_ZERO";
12 |
13 |
14 | /*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
15 | /*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;
16 | /*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;
17 | /*!40101 SET NAMES utf8 */;
18 |
19 | --
20 | -- Database: `athcon`
21 | --
22 |
23 | DROP TABLE IF EXISTS `reports`;
24 | CREATE TABLE IF NOT EXISTS `reports`(
25 | id INT NOT NULL PRIMARY KEY AUTO_INCREMENT,
26 | reporter INT NOT NULL,
27 | datentime varchar(255) NOT NULL,
28 | subject VARCHAR(255) NOT NULL,
29 | attacker VARCHAR(32) NOT NULL,
30 | server VARCHAR(32) NOT NULL,
31 | abuse VARCHAR(32) NOT NULL,
32 | message text NOT NULL,
33 | logs text NOT NULL,
34 | resolved bool default false,
35 | thru varchar(255),
36 | comments text,
37 | mac char(17),
38 | FOREIGN KEY (reporter) REFERENCES users(id) ON DELETE CASCADE ON UPDATE CASCADE
39 | ) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;
40 |
41 |
42 |
43 | DROP TABLE IF EXISTS hint;
44 | CREATE TABLE hint (
45 | id INT UNSIGNED NOT NULL PRIMARY KEY AUTO_INCREMENT,
46 | title varchar(255),
47 | usertype enum('admin','hacker','both') default 'hacker',
48 | category enum('notice','note','warning','rule') default 'note',
49 | message text
50 | ) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;
51 |
52 | --
53 | -- VIEWS
54 | --
55 |
56 | SET FOREIGN_KEY_CHECKS=1;
57 |
--------------------------------------------------------------------------------
/webui/init.php:
--------------------------------------------------------------------------------
1 | "SET NAMES utf8"
27 | ));
28 | }
29 | catch (PDOException $exception)
30 | {
31 | printf("Failed to connect to the database, please notify the judges. Error: %s", $exception->getMessage());
32 | }
33 | $pdo->setAttribute(PDO :: ATTR_ERRMODE, PDO :: ERRMODE_EXCEPTION);
34 | $pdo->setAttribute(PDO :: ATTR_AUTOCOMMIT, false);
35 |
36 | try
37 | {
38 | $sql= "SELECT id,nickname,category,created FROM users WHERE mac=:mac LIMIT 1";
39 | $stmt= $pdo->prepare($sql);
40 | /* bind the parameter */
41 | $stmt->bindParam(':mac', $macAddr);
42 | $stmt->bindColumn('nickname', $nickname);
43 | $stmt->bindColumn('category', $userType);
44 | $stmt->bindColumn('created', $status);
45 | $stmt->bindColumn('id', $id);
46 | $stmt->execute();
47 | $stmt->fetch();
48 | }
49 | catch (PDOException $exception)
50 | {
51 | print "\nException: ".$exception->getMessage();
52 | }
53 |
54 | if ($userType=='admin')
55 | $css= 'screen.css';
56 | else
57 | $css= 'terminal.css';
58 |
--------------------------------------------------------------------------------
/webui/manager/protected/views/users/_search.php:
--------------------------------------------------------------------------------
1 |
2 |
3 | beginWidget('CActiveForm', array(
4 | 'action'=>Yii::app()->createUrl($this->route),
5 | 'method'=>'get',
6 | )); ?>
7 |
8 |
9 | label($model,'id'); ?>
10 | textField($model,'id'); ?>
11 |
12 |
13 |
14 | label($model,'nickname'); ?>
15 | textField($model,'nickname',array('size'=>60,'maxlength'=>255)); ?>
16 |
17 |
18 |
19 | label($model,'team'); ?>
20 | textField($model,'team',array('size'=>60,'maxlength'=>255)); ?>
21 |
22 |
23 |
24 | label($model,'category'); ?>
25 | textField($model,'category',array('size'=>10,'maxlength'=>10)); ?>
26 |
27 |
28 |
29 | label($model,'passwd'); ?>
30 | passwordField($model,'passwd',array('size'=>60,'maxlength'=>255)); ?>
31 |
32 |
33 |
34 | label($model,'mac'); ?>
35 | textField($model,'mac',array('size'=>18,'maxlength'=>18)); ?>
36 |
37 |
38 |
39 | label($model,'signature'); ?>
40 | textArea($model,'signature',array('rows'=>6, 'cols'=>50)); ?>
41 |
42 |
43 |
44 | label($model,'TS'); ?>
45 | textField($model,'TS'); ?>
46 |
47 |
48 |
49 |
50 |
51 |
52 | endWidget(); ?>
53 |
54 |
--------------------------------------------------------------------------------
/contrib/schema/athcon-users.sql:
--------------------------------------------------------------------------------
1 | -- phpMyAdmin SQL Dump
2 | -- version 3.4.3.2
3 | -- http://www.phpmyadmin.net
4 | --
5 | -- Host: localhost
6 | -- Generation Time: Apr 25, 2012 at 10:49 AM
7 | -- Server version: 5.1.54
8 | -- PHP Version: 5.2.17
9 |
10 | SET SQL_MODE="NO_AUTO_VALUE_ON_ZERO";
11 | SET time_zone = "+00:00";
12 |
13 |
14 | /*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
15 | /*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;
16 | /*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;
17 | /*!40101 SET NAMES utf8 */;
18 |
19 | --
20 | -- Database: `athcon`
21 | --
22 |
23 | --
24 | -- Dumping data for table `users`
25 | --
26 |
27 | INSERT INTO `users` (`id`, `nickname`, `team`, `category`, `passwd`, `mac`, `signature`, `total_packets`, `valid_packets`, `TS`) VALUES
28 | (1, 'hacker1', 'teamA', 'hacker', '', '00:0c:29:a6:ff:15', '', 294, 294, '2012-04-22 15:19:08'),
29 | (2, 'kokkinos-windows', 'kokkinos', 'hacker', 'kokkinos', 'e0:2a:82:fc:20:2d', 'mpetsos', 585356, 582038, '2012-04-24 15:52:23'),
30 | (3, 'pantelis', 'pantelis', 'admin', '', '00:1f:3c:17:7d:ea', 'dakskdkas', 0, 0, '2012-04-19 20:30:18'),
31 | (4, 'magas', 'kokkinos', 'hacker', '', '00:19:d2:1a:27:bf', '', 65593, 58942, '2012-04-22 19:24:44'),
32 | (5, 'databus', 'r00thell', 'hacker', 'skata', '00:22:43:05:67:a3', '', 1021715, 1004413, '2012-04-24 18:49:54'),
33 | (9, 'test-windows', 'test', 'hacker', 'test', '98:4b:e1:a6:80:80', '', 64877, 64877, '2012-04-24 16:03:41'),
34 | (10, 'test-bt', 'test', 'hacker', 'test', '00:0c:29:73:3a:fb', '', 0, 0, '2012-04-23 21:57:32');
35 |
36 | /*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */;
37 | /*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */;
38 | /*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;
39 |
--------------------------------------------------------------------------------
/contrib/schema/echofish-federated-archive.sql:
--------------------------------------------------------------------------------
1 | DROP TABLE IF EXISTS `archive`;
2 | CREATE TABLE IF NOT EXISTS `archive` (
3 | `id` bigint(20) NOT NULL AUTO_INCREMENT,
4 | `host` bigint(20) unsigned NOT NULL,
5 | `facility` bigint(20) DEFAULT NULL,
6 | `priority` bigint(20) DEFAULT NULL,
7 | `level` bigint(20) DEFAULT NULL,
8 | `program` varchar(255) COLLATE utf8_unicode_ci DEFAULT NULL,
9 | `pid` bigint(20) DEFAULT NULL,
10 | `tag` varchar(255) COLLATE utf8_unicode_ci DEFAULT NULL,
11 | `msg` text COLLATE utf8_unicode_ci,
12 | `received_ts` datetime DEFAULT NULL,
13 | `created_at` datetime NOT NULL,
14 | `updated_at` datetime NOT NULL,
15 | PRIMARY KEY (`id`),
16 | KEY `host_index_idx` (`host`),
17 | KEY `facility_index_idx` (`facility`),
18 | KEY `level_index_idx` (`level`),
19 | KEY `program_index_idx` (`program`),
20 | KEY `msg_index_idx` (`msg`(255))
21 | ) ENGINE=FEDERATED DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci CONNECTION='mysql://athcon:athcon@172.16.11.50/echofish/archive';
22 |
23 | DROP TABLE IF EXISTS `users`;
24 | CREATE TABLE IF NOT EXISTS `users` (
25 | `id` int(11) NOT NULL PRIMARY KEY AUTO_INCREMENT,
26 | `nickname` varchar(255) COLLATE utf8_unicode_ci NOT NULL UNIQUE,
27 | `team` varchar(255) COLLATE utf8_unicode_ci NOT NULL,
28 | `category` VARCHAR(10) NOT NULL DEFAULT 'admin',
29 | `passwd` VARCHAR(255) NOT NULL DEFAULT 'password',
30 | `mac` varchar(18) COLLATE utf8_unicode_ci NOT NULL UNIQUE,
31 | `signature` text NOT NULL,
32 | `created` int default 0,
33 | `total_packets` BIGINT NOT NULL DEFAULT 0,
34 | `valid_packets` BIGINT NOT NULL DEFAULT 0,
35 | `invalidated_packets` BIGINT NOT NULL DEFAULT 0,
36 | TS TIMESTAMP
37 | ) ENGINE=FEDERATED DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci CONNECTION='mysql://athcon:athcon@172.16.11.50/athcon/users';
--------------------------------------------------------------------------------
/webui/manager/protected/views/tcpdump/_form.php:
--------------------------------------------------------------------------------
1 |
2 |
3 | beginWidget('CActiveForm', array(
4 | 'id'=>'tcpdump-form',
5 | 'enableAjaxValidation'=>false,
6 | )); ?>
7 |
8 |
Fields with * are required.
9 |
10 | errorSummary($model); ?>
11 |
12 |
13 | labelEx($model,'srchw'); ?>
14 | textField($model,'srchw',array('size'=>17,'maxlength'=>17)); ?>
15 | error($model,'srchw'); ?>
16 |
17 |
18 |
19 | labelEx($model,'size'); ?>
20 | textField($model,'size'); ?>
21 | error($model,'size'); ?>
22 |
23 |
24 |
25 | labelEx($model,'proto'); ?>
26 | textField($model,'proto',array('size'=>4,'maxlength'=>4)); ?>
27 | error($model,'proto'); ?>
28 |
29 |
30 |
31 | labelEx($model,'srcip'); ?>
32 | textField($model,'srcip',array('size'=>20,'maxlength'=>20)); ?>
33 | error($model,'srcip'); ?>
34 |
35 |
36 |
37 | labelEx($model,'dstip'); ?>
38 | textField($model,'dstip',array('size'=>20,'maxlength'=>20)); ?>
39 | error($model,'dstip'); ?>
40 |
41 |
42 |
43 | labelEx($model,'dstport'); ?>
44 | textField($model,'dstport'); ?>
45 | error($model,'dstport'); ?>
46 |
47 |
48 |
49 | isNewRecord ? 'Create' : 'Save'); ?>
50 |
51 |
52 | endWidget(); ?>
53 |
54 |
--------------------------------------------------------------------------------
/webui/viewvuln.php:
--------------------------------------------------------------------------------
1 |
2 | "SET NAMES utf8"
8 | ));
9 | }
10 | catch (PDOException $exception)
11 | {
12 | printf("Failed to connect to the database, please notify the judges. Error: %s", $exception->getMessage());
13 | }
14 | $id=intval(@$_GET['id']);
15 | $pdo->setAttribute(PDO :: ATTR_ERRMODE, PDO :: ERRMODE_EXCEPTION);
16 | $pdo->setAttribute(PDO :: ATTR_AUTOCOMMIT, false);
17 | $res=false;
18 | try {
19 | $stmt=$pdo->prepare("SELECT * FROM vuln WHERE status!='PENDING' and id=:id");
20 | $stmt->bindValue(':id',$id);
21 | $stmt->execute();
22 | $stmt->setFetchMode(PDO :: FETCH_ASSOC);
23 | $res=$stmt->fetch();
24 | }
25 | catch (PDOException $exception)
26 | {
27 | echo "";
28 | }
29 | if ($res===false)
30 | {
31 | die('The vulnerability does not exist or is still pending administrative approval!');
32 | }
33 | ?>
34 |
35 |
36 |
Vulnerability [ID:<?=$id?>]
37 |
38 |
39 |
40 |
41 |
42 |
43 |
44 |
Subject:
45 |
Server:
46 | Timestamp:
47 |
48 |
49 |
50 |
51 |
52 |
53 |
--------------------------------------------------------------------------------
/webui/rules.admin.php:
--------------------------------------------------------------------------------
1 |
Feel free to register for an administrator account. The team scenario is simple: You work for a famous security house, AcmeSec LLC, as a member of an overworked but dedicated team of administrators that maintain and monitor the systems on a daily basis.
2 |
You regularly have access to a variety of systems ranging from corporate web, mail and telephony servers to intrusion detection systems and test servers at your disposal, however, there is a catch…
3 |
At this moment you are far away from your workplace accompanied by your colleagues (attending a security conference - perhaps AthCon ?!?!), when all hell breaks loose. A massive wave of skillful hackers attacks AcmeSec's corporate networks, while you are unable to deal directly with the attacks. Your best friend in this war is the abuse department of your IP provider (CTF Committee) in conjunction with emergency security tools that you have in place.
4 |
5 |
Prizes
6 |
Since you can't log in with your ssh keys, your boss - in order to motivate you - has offered the following prizes… (note: These are actual prizes that you will get)
7 |
8 |
9 | 1st place: A Metasploit Pro license worth $15.0002nd place: A Netsparker Pro license worth $5.9503rd place: A Burpsuite Pro License worth $300
13 |
14 |
Rules
15 |
First and foremost, this is just for fun. The scope of this year's CTF is to allow both attackers and by-standers to take part. You will be able to see from the inside how an attack looks like. Please take the time to read the rules of the game.
16 |
--------------------------------------------------------------------------------
/webui/index.php:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
AthCon CTF (TYPE: <?=$userType?>)
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
AthCon CTF Interface
14 |
15 |
Welcome, to the CTF of AthCon2012 . This year we wanted something special for our CTF. We wanted to be able and make it more relative, more fun, easier for by standers to see whats going on. This year we want to promote skill, innovation and knowledge.
16 |
While attackers display their skills, and compete against latest software, operating systems and each other, administrators track and report malicious activity in order to protect their networks. On the other side, we wanted to give a better view to Athcon participants of how the attacks look from the inside, along with how the attacks start and how they end up on the attacked networks.
17 |
18 |
Now that you have registered take a look at the rules and notes again. Updated information is only for registered eyes.
19 |
20 |
21 |
31 |
32 |
33 |
34 |
--------------------------------------------------------------------------------
/webui/vulntail.php:
--------------------------------------------------------------------------------
1 |
2 | "SET NAMES utf8"
8 | ));
9 | }
10 | catch (PDOException $exception)
11 | {
12 | printf("Failed to connect to the database, please notify the judges. Error: %s", $exception->getMessage());
13 | }
14 | $pdo->setAttribute(PDO :: ATTR_ERRMODE, PDO :: ERRMODE_EXCEPTION);
15 | $pdo->setAttribute(PDO :: ATTR_AUTOCOMMIT, false);
16 | $res=false;
17 | try {
18 | $stmt=$pdo->prepare("SELECT t1.*,if(t2.team='',t2.nickname,concat('team ',t2.team)) as nickname FROM vulns_FULL t1 LEFT JOIN users t2 on t2.id=t1.users_id");
19 | $stmt->execute();
20 | $stmt->setFetchMode(PDO :: FETCH_ASSOC);
21 | $results=$stmt->fetchAll();
22 | }
23 | catch (PDOException $exception)
24 | {
25 | echo "";
26 | }
27 | ?>
28 |
29 |
30 |
Vulnerabilities
31 |
32 |
33 |
34 |
35 |
36 |
37 |
38 |
39 |
Reporter:
40 |
Subject:
41 |
STATUS:
42 |
Server:
43 | Timestamp:
44 |
45 |
46 |
47 |
50 |
51 |
52 |
--------------------------------------------------------------------------------
/webui/manager/protected/views/vuln/_form.php:
--------------------------------------------------------------------------------
1 |
2 |
3 | beginWidget('CActiveForm', array(
4 | 'id'=>'vuln-form',
5 | 'enableAjaxValidation'=>false,
6 | )); ?>
7 |
8 |
Fields with * are required.
9 |
10 | errorSummary($model); ?>
11 |
12 |
13 | labelEx($model,'users_id'); ?>
14 | textField($model,'users_id'); ?>
15 | error($model,'users_id'); ?>
16 |
17 |
18 |
19 | labelEx($model,'subject'); ?>
20 | textField($model,'subject',array('size'=>60,'maxlength'=>255)); ?>
21 | error($model,'subject'); ?>
22 |
23 |
24 |
25 | labelEx($model,'server'); ?>
26 | textField($model,'server',array('size'=>60,'maxlength'=>255)); ?>
27 | error($model,'server'); ?>
28 |
29 |
30 |
31 | labelEx($model,'message'); ?>
32 | textArea($model,'message',array('rows'=>6, 'cols'=>50)); ?>
33 | error($model,'message'); ?>
34 |
35 |
36 |
37 | labelEx($model,'status'); ?>
38 | enumItem($model, 'status') ); ?>
39 | error($model,'status'); ?>
40 |
41 |
42 | labelEx($model,'treasure_id'); ?>
43 | treasureItem(),array('empty' => '(Select an Achievement)') ); ?>
44 | error($model,'treasure_id'); ?>
45 |
46 |
47 |
48 | isNewRecord ? 'Create' : 'Save'); ?>
49 |
50 |
51 | endWidget(); ?>
52 |
53 |
--------------------------------------------------------------------------------
/webui/manager/protected/views/reports/_view.php:
--------------------------------------------------------------------------------
1 |
2 |
3 | getAttributeLabel('id')); ?>:
4 | id), array('view', 'id'=>$data->id)); ?>
5 | getAttributeLabel('reporter')); ?>:
8 | reporter); ?>
9 | getAttributeLabel('datentime')); ?>:
12 | datentime); ?>
13 | getAttributeLabel('subject')); ?>:
16 | subject); ?>
17 | getAttributeLabel('attacker')); ?>:
20 | attacker); ?>
21 | getAttributeLabel('server')); ?>:
24 | server); ?>
25 | getAttributeLabel('abuse')); ?>:
28 | abuse); ?>
29 | getAttributeLabel('message')); ?>:
32 | message); ?>
33 | getAttributeLabel('logs')); ?>:
36 | logs); ?>
37 | getAttributeLabel('resolved')); ?>:
40 | resolved); ?>
41 | getAttributeLabel('thru')); ?>:
44 | thru); ?>
45 | getAttributeLabel('comments')); ?>:
48 | comments); ?>
49 | getAttributeLabel('mac')); ?>:
52 | mac); ?>
53 |
--------------------------------------------------------------------------------
/webui/manager/css/ie.css:
--------------------------------------------------------------------------------
1 | /* -----------------------------------------------------------------------
2 |
3 |
4 | Blueprint CSS Framework 1.0.1
5 | http://blueprintcss.org
6 |
7 | * Copyright (c) 2007-Present. See LICENSE for more info.
8 | * See README for instructions on how to use Blueprint.
9 | * For credits and origins, see AUTHORS.
10 | * This is a compressed file. See the sources in the 'src' directory.
11 |
12 | ----------------------------------------------------------------------- */
13 |
14 | /* ie.css */
15 | body {text-align:center;}
16 | .container {text-align:left;}
17 | * html .column, * html .span-1, * html .span-2, * html .span-3, * html .span-4, * html .span-5, * html .span-6, * html .span-7, * html .span-8, * html .span-9, * html .span-10, * html .span-11, * html .span-12, * html .span-13, * html .span-14, * html .span-15, * html .span-16, * html .span-17, * html .span-18, * html .span-19, * html .span-20, * html .span-21, * html .span-22, * html .span-23, * html .span-24 {display:inline;overflow-x:hidden;}
18 | * html legend {margin:0px -8px 16px 0;padding:0;}
19 | sup {vertical-align:text-top;}
20 | sub {vertical-align:text-bottom;}
21 | html>body p code {*white-space:normal;}
22 | hr {margin:-8px auto 11px;}
23 | img {-ms-interpolation-mode:bicubic;}
24 | .clearfix, .container {display:inline-block;}
25 | * html .clearfix, * html .container {height:1%;}
26 | fieldset {padding-top:0;}
27 | legend {margin-top:-0.2em;margin-bottom:1em;margin-left:-0.5em;}
28 | textarea {overflow:auto;}
29 | label {vertical-align:middle;position:relative;top:-0.25em;}
30 | input.text, input.title, textarea {background-color:#fff;border:1px solid #bbb;}
31 | input.text:focus, input.title:focus {border-color:#666;}
32 | input.text, input.title, textarea, select {margin:0.5em 0;}
33 | input.checkbox, input.radio {position:relative;top:.25em;}
34 | form.inline div, form.inline p {vertical-align:middle;}
35 | form.inline input.checkbox, form.inline input.radio, form.inline input.button, form.inline button {margin:0.5em 0;}
36 | button, input.button {position:relative;top:0.25em;}
--------------------------------------------------------------------------------
/webui/manager/protected/views/users/_form.php:
--------------------------------------------------------------------------------
1 |
2 |
3 | beginWidget('CActiveForm', array(
4 | 'id'=>'users-form',
5 | 'enableAjaxValidation'=>false,
6 | )); ?>
7 |
8 |
Fields with * are required.
9 |
10 | errorSummary($model); ?>
11 |
12 |
13 | labelEx($model,'nickname'); ?>
14 | textField($model,'nickname',array('size'=>60,'maxlength'=>255)); ?>
15 | error($model,'nickname'); ?>
16 |
17 |
18 |
19 | labelEx($model,'team'); ?>
20 | textField($model,'team',array('size'=>60,'maxlength'=>255)); ?>
21 | error($model,'team'); ?>
22 |
23 |
24 |
25 | labelEx($model,'category'); ?>
26 | textField($model,'category',array('size'=>10,'maxlength'=>10)); ?>
27 | error($model,'category'); ?>
28 |
29 |
30 |
31 | labelEx($model,'passwd'); ?>
32 | passwordField($model,'passwd',array('size'=>60,'maxlength'=>255)); ?>
33 | error($model,'passwd'); ?>
34 |
35 |
36 |
37 | labelEx($model,'mac'); ?>
38 | textField($model,'mac',array('size'=>18,'maxlength'=>18)); ?>
39 | error($model,'mac'); ?>
40 |
41 |
42 |
43 | labelEx($model,'signature'); ?>
44 | textArea($model,'signature',array('rows'=>6, 'cols'=>50)); ?>
45 | error($model,'signature'); ?>
46 |
47 |
48 |
49 | labelEx($model,'TS'); ?>
50 | textField($model,'TS'); ?>
51 | error($model,'TS'); ?>
52 |
53 |
54 |
55 | isNewRecord ? 'Create' : 'Save'); ?>
56 |
57 |
58 | endWidget(); ?>
59 |
60 |
--------------------------------------------------------------------------------
/webui/vuln.php:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
Vulnerability Report
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 | 0 && trim($nickname)!='' && $userType=="hacker") {
14 | if(!empty($_POST)) add_vuln();
15 | ?>
16 |
17 |
Report A Vulnerability / Reporter:
18 |
37 |
38 |
You need to register as a hacker in order to submit a vulnerability report
39 |
40 |
41 |
42 |
43 |
--------------------------------------------------------------------------------
/contrib/restore_bridge.php:
--------------------------------------------------------------------------------
1 | "SET NAMES utf8"
16 | ));
17 | }
18 | catch (PDOException $exception)
19 | {
20 | printf("Failed to connect to the database, please notify the judges. Error: %s", $exception->getMessage());
21 | }
22 | $local->setAttribute(PDO :: ATTR_ERRMODE, PDO :: ERRMODE_EXCEPTION);
23 | $local->setAttribute(PDO :: ATTR_AUTOCOMMIT, true);
24 |
25 | try
26 | {
27 | $sql= "SELECT * FROM users";
28 |
29 | $rs= $local->query($sql);
30 | $rs->setFetchMode(PDO :: FETCH_ASSOC);
31 | $users= $rs->fetchAll();
32 | }
33 | catch (PDOException $exception)
34 | {
35 | print "\nException: " . $exception->getMessage();
36 | }
37 | foreach($users as $user)
38 | {
39 | switch($user['category'])
40 | {
41 | case 'admin':
42 | $ADMINS[]=sprintf("pass on em5 src %s tag ADMIN",$user['mac']);
43 | $ADMINS[]=sprintf("pass on em5 dst %s tag ADMIN",$user['mac']);
44 | break;
45 | case 'hacker':
46 | default:
47 | $HACKERS[]=sprintf("pass on em4 src %s tag HACKER",$user['mac']);
48 | $HACKERS[]=sprintf("pass on em4 dst %s tag HACKER",$user['mac']);
49 | break;
50 | }
51 | }
52 | $ADMINS[]=$admin_last;
53 | $HACKERS[]=$hacker_last;
54 | $bridge0=implode("\n",$HACKERS);
55 | $bridge1=implode("\n",$ADMINS);
56 | file_put_contents("/data/bridge0/em4.rules",$bridge0);
57 | file_put_contents("/data/bridge1/em5.rules",$bridge1);
58 | printf("bridge0 rules\n");
59 | echo $bridge0."\n";
60 | printf("bridge1 rules\n");
61 | echo $bridge1."\n";
62 |
--------------------------------------------------------------------------------
/webui/manager/protected/models/LoginForm.php:
--------------------------------------------------------------------------------
1 | 'Remember me next time',
40 | );
41 | }
42 |
43 | /**
44 | * Authenticates the password.
45 | * This is the 'authenticate' validator as declared in rules().
46 | */
47 | public function authenticate($attribute,$params)
48 | {
49 | if(!$this->hasErrors())
50 | {
51 | $this->_identity=new UserIdentity($this->username,$this->password);
52 | if(!$this->_identity->authenticate())
53 | $this->addError('password','Incorrect username or password.');
54 | }
55 | }
56 |
57 | /**
58 | * Logs in the user using the given username and password in the model.
59 | * @return boolean whether login is successful
60 | */
61 | public function login()
62 | {
63 | if($this->_identity===null)
64 | {
65 | $this->_identity=new UserIdentity($this->username,$this->password);
66 | $this->_identity->authenticate();
67 | }
68 | if($this->_identity->errorCode===UserIdentity::ERROR_NONE)
69 | {
70 | $duration=$this->rememberMe ? 3600*24*30 : 0; // 30 days
71 | Yii::app()->user->login($this->_identity,$duration);
72 | return true;
73 | }
74 | else
75 | return false;
76 | }
77 | }
78 |
--------------------------------------------------------------------------------
/webui/claim.php:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
Claim an Achievement
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 | 0 && trim($nickname)!='' && $userType=="hacker") {
14 | if(!empty($_POST))
15 | {
16 | $ret=claim_achievement();
17 | switch($ret)
18 | {
19 | case false:
20 | echo "
You probly misstyped the code. Give it another go.
";
21 | break;
22 | case -1:
23 | echo '
You already have this achievement
';
24 | break;
25 | default:
26 | echo "
You have succefully claimed the following achievement ";
27 | echo "
\n";
28 | echo "Title: ",$ret['name'],"\n";
29 | echo "Points: ",$ret['points'],"\n";
30 | echo $ret['description'],"\n";
31 | echo " \n";
32 | }
33 | }
34 | ?>
35 |
36 |
Claim an achievement
37 |
48 |
49 |
You need to register as a hacker first in order to claim an achievement
50 |
51 |
52 |
53 |
54 |
--------------------------------------------------------------------------------
/webui/manager/protected/views/treasures/_search.php:
--------------------------------------------------------------------------------
1 |
2 |
3 | beginWidget('CActiveForm', array(
4 | 'action'=>Yii::app()->createUrl($this->route),
5 | 'method'=>'get',
6 | )); ?>
7 |
8 |
9 | label($model,'id'); ?>
10 | textField($model,'id'); ?>
11 |
12 |
13 |
14 | label($model,'name'); ?>
15 | textField($model,'name',array('size'=>60,'maxlength'=>255)); ?>
16 |
17 |
18 |
19 | label($model,'pubname'); ?>
20 | textField($model,'pubname',array('size'=>60,'maxlength'=>255)); ?>
21 |
22 |
23 |
24 | label($model,'code'); ?>
25 | textField($model,'code',array('size'=>60,'maxlength'=>255)); ?>
26 |
27 |
28 |
29 | label($model,'description'); ?>
30 | textArea($model,'description',array('rows'=>6, 'cols'=>50)); ?>
31 |
32 |
33 |
34 | label($model,'points'); ?>
35 | textField($model,'points',array('size'=>10,'maxlength'=>10)); ?>
36 |
37 |
38 |
39 | label($model,'category'); ?>
40 | textField($model,'category',array('size'=>6,'maxlength'=>6)); ?>
41 |
42 |
43 |
44 | label($model,'csum'); ?>
45 | textField($model,'csum',array('size'=>60,'maxlength'=>128)); ?>
46 |
47 |
48 |
49 | label($model,'appears'); ?>
50 | textField($model,'appears'); ?>
51 |
52 |
53 |
54 | label($model,'effects'); ?>
55 | textField($model,'effects',array('size'=>8,'maxlength'=>8)); ?>
56 |
57 |
58 |
59 |
60 |
61 |
62 | endWidget(); ?>
63 |
64 |
--------------------------------------------------------------------------------
/contrib/logspoofer/requests/www.acmesec.fake_webmail.log:
--------------------------------------------------------------------------------
1 | "GET /webmail/ HTTP/1.1" 200 1360 "-"
2 | "GET /webmail/skins/default/common.css?s=1329122379 HTTP/1.1" 200 3274 "http://172.0.0.4/webmail/"
3 | "GET /webmail/program/js/common.js?s=1330710265 HTTP/1.1" 200 4231 "http://172.0.0.4/webmail/"
4 | "GET /webmail/plugins/jqueryui/themes/default/jquery-ui-1.8.18.custom.css?s=1330706255 HTTP/1.1" 200 6224 "http://172.0.0.4/webmail/"
5 | "GET /webmail/program/js/app.js?s=1330710262 HTTP/1.1" 200 29378 "http://172.0.0.4/webmail/"
6 | "GET /webmail/program/js/jquery.min.js?s=1330705845 HTTP/1.1" 200 33140 "http://172.0.0.4/webmail/"
7 | "GET /webmail/plugins/jqueryui/js/jquery-ui-1.8.18.custom.min.js?s=1330706255 HTTP/1.1" 200 52172 "http://172.0.0.4/webmail/"
8 | "GET /webmail/skins/default/images/listheader.gif HTTP/1.1" 200 345 "http://172.0.0.4/webmail/"
9 | "GET /webmail/skins/default/images/buttons/bg.gif HTTP/1.1" 200 218 "http://172.0.0.4/webmail/"
10 | "GET /webmail/skins/default/images/roundcube_logo.png HTTP/1.1" 200 6817 "http://172.0.0.4/webmail/"
11 | "GET /webmail/skins/default/images/icons/folders.png HTTP/1.1" 200 4980 "http://172.0.0.4/webmail/"
12 | "GET /webmail/skins/default/images/mail_footer.png HTTP/1.1" 200 1050 "http://172.0.0.4/webmail/"
13 | "GET /webmail/skins/default/images/taskicons.gif HTTP/1.1" 200 1664 "http://172.0.0.4/webmail/"
14 | "GET /webmail/skins/default/images/display/loading.gif HTTP/1.1" 200 2176 "http://172.0.0.4/webmail/"
15 | "GET /webmail/skins/default/images/pagenav.gif HTTP/1.1" 200 380 "http://172.0.0.4/webmail/"
16 | "GET /webmail/skins/default/images/searchfield.gif HTTP/1.1" 200 359 "http://172.0.0.4/webmail/"
17 | "GET /webmail/skins/default/images/mail_toolbar.png HTTP/1.1" 200 37585 "http://172.0.0.4/webmail/"
18 | "GET /webmail/skins/default/images/messageicons.png HTTP/1.1" 200 4085 "http://172.0.0.4/webmail/"
19 | "GET /webmail/skins/default/images/abook_toolbar.png HTTP/1.1" 200 16418 "http://172.0.0.4/webmail/"
20 | "GET /webmail/skins/default/images/icons/groupactions.png HTTP/1.1" 200 451 "http://172.0.0.4/webmail/"
21 | "GET /webmail/skins/default/images/watermark.gif HTTP/1.1" 200 10221 "http://172.0.0.4/webmail/"
22 | "GET /webmail/skins/default/images/icons/reset.gif HTTP/1.1" 200 187 "http://172.0.0.4/webmail/"
23 | "GET /webmail/skins/default/images/favicon.ico HTTP/1.1" 200 725 "-"
--------------------------------------------------------------------------------
/contrib/mysqlfeed.php:
--------------------------------------------------------------------------------
1 | $val)
8 | {
9 | switch($key)
10 | {
11 | case 'p':
12 | if(is_array($val))
13 | die("Error only one pipe is allowed\n");
14 | if(!file_exists($val))
15 | die("Error pipe $val does not exist\n");
16 | $pipe=$val;
17 | break;
18 | case 'l':
19 | $localonly=true;
20 | break;
21 | case 'v':
22 | $verbose=true;
23 | break;
24 | }
25 | }
26 |
27 | define('PIPE',$pipe);
28 | // Open the PIPE and read MAC's
29 | $handle= fopen(PIPE, 'r+');
30 | file_put_contents("/var/run/arpsrv.$pid.pid",$pid);
31 | try
32 | {
33 | $local= new PDO('mysql:host=localhost;dbname=echofish', 'root', '', array (
34 | PDO :: MYSQL_ATTR_INIT_COMMAND => "SET NAMES utf8",
35 | ));
36 | if(!$localonly)
37 | $remote= new PDO('mysql:host=10.172.16.1;dbname=echofish', 'athcon', 'athcon', array (
38 | PDO :: MYSQL_ATTR_INIT_COMMAND => "SET NAMES utf8",
39 | PDO::ATTR_PERSISTENT => true,
40 | PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION
41 | ));
42 | }
43 | catch (PDOException $exception)
44 | {
45 | printf("Failed to connect to the database, please notify the judges. Error: %s", $exception->getMessage());
46 | }
47 | $local->setAttribute(PDO :: ATTR_ERRMODE, PDO :: ERRMODE_EXCEPTION);
48 | $local->setAttribute(PDO :: ATTR_AUTOCOMMIT, true);
49 | if(!$localonly)
50 | {
51 | $remote->setAttribute(PDO :: ATTR_ERRMODE, PDO :: ERRMODE_EXCEPTION);
52 | $remote->setAttribute(PDO :: ATTR_AUTOCOMMIT, true);
53 | }
54 | while (true)
55 | {
56 | if ($handle)
57 | {
58 | while (($buffer= fgets($handle)) !== false)
59 | {
60 | if (trim($buffer) != "")
61 | {
62 | if(!$localonly)
63 | $remote_retval=$remote->query($buffer);
64 | $local_retval=$local->query($buffer);
65 | if($verbose)
66 | var_dump(array('remote'=>$remote_retval,'local'=>$local_retval));
67 | }
68 | }
69 | if (!feof($handle))
70 | {
71 | echo "Error: unexpected fgets() fail\n";
72 | fclose($handle);
73 | }
74 |
75 | }
76 | else $handle= fopen(PIPE, 'r+');
77 | }
78 | unlink("/var/run/arpsrv.$pid.pid");
--------------------------------------------------------------------------------
/contrib/logspoofer/requests/www.acmesec.fake_feng.log:
--------------------------------------------------------------------------------
1 | "GET /feng/ HTTP/1.1" 302 - "-"
2 | "GET /feng/index.php?c=access&a=login HTTP/1.1" 200 4787 "-"
3 | "GET /feng/public/assets/themes/default/stylesheets/dialog.css HTTP/1.1" 200 3950 "http://172.0.0.4/feng/index.php?c=access&a=login"
4 | "GET /feng/public/assets/themes/default/stylesheets/login.css HTTP/1.1" 200 1820 "http://172.0.0.4/feng/index.php?c=access&a=login"
5 | "GET /feng/public/assets/themes/default/images/layout/login/background.png HTTP/1.1" 200 1826 "http://172.0.0.4/feng/index.php?c=access&a=login"
6 | "GET /feng/public/assets/themes/default/images/layout/login/top1.png HTTP/1.1" 200 3159 "http://172.0.0.4/feng/index.php?c=access&a=login"
7 | "GET /feng/public/assets/themes/default/images/layout/login/top2.png HTTP/1.1" 200 2788 "http://172.0.0.4/feng/index.php?c=access&a=login"
8 | "GET /feng/public/assets/themes/default/images/layout/login/top3.png HTTP/1.1" 200 251 "http://172.0.0.4/feng/index.php?c=access&a=login"
9 | "GET /feng/public/assets/themes/default/images/layout/login/top4.png HTTP/1.1" 200 425 "http://172.0.0.4/feng/index.php?c=access&a=login"
10 | "GET /feng/public/assets/themes/default/images/layout/login/top5.png HTTP/1.1" 200 568 "http://172.0.0.4/feng/index.php?c=access&a=login"
11 | "GET /feng/public/assets/themes/default/images/layout/login/mt1.png HTTP/1.1" 200 646 "http://172.0.0.4/feng/index.php?c=access&a=login"
12 | "GET /feng/public/assets/themes/default/images/layout/loading.gif HTTP/1.1" 200 4231 "http://172.0.0.4/feng/index.php?c=access&a=login"
13 | "GET /feng/public/assets/themes/default/images/layout/login/m5.png HTTP/1.1" 200 136 "http://172.0.0.4/feng/index.php?c=access&a=login"
14 | "GET /feng/public/assets/themes/default/images/layout/login/m1.png HTTP/1.1" 200 122 "http://172.0.0.4/feng/index.php?c=access&a=login"
15 | "GET /feng/public/assets/themes/default/images/layout/login/b1.png HTTP/1.1" 200 251 "http://172.0.0.4/feng/index.php?c=access&a=login"
16 | "GET /feng/public/assets/themes/default/images/layout/login/b2.png HTTP/1.1" 200 720 "http://172.0.0.4/feng/index.php?c=access&a=login"
17 | "GET /feng/public/assets/themes/default/images/layout/login/b3.png HTTP/1.1" 200 399 "http://172.0.0.4/feng/index.php?c=access&a=login"
18 | "GET /feng/public/assets/themes/default/images/layout/login/b5.png HTTP/1.1" 200 402 "http://172.0.0.4/feng/index.php?c=access&a=login"
19 | "GET /feng/public/assets/themes/default/images/layout/login/b4.png HTTP/1.1" 200 431 "http://172.0.0.4/feng/index.php?c=access&a=login"
20 | "GET /feng/favicon.ico HTTP/1.1" 200 1150 "-"
--------------------------------------------------------------------------------
/webui/manager/protected/config/main.php:
--------------------------------------------------------------------------------
1 | dirname(__FILE__).DIRECTORY_SEPARATOR.'..',
13 | 'name'=>'AthCon CTF Manager',
14 |
15 | // preloading 'log' component
16 | 'preload'=>array('log'),
17 |
18 | // autoloading model and component classes
19 | 'import'=>array(
20 | 'application.models.*',
21 | 'application.components.*',
22 | ),
23 |
24 | 'modules'=>array(
25 | // uncomment the following to enable the Gii tool
26 | 'gii'=>array(
27 | 'class'=>'system.gii.GiiModule',
28 | 'password'=>'empa',
29 | // If removed, Gii defaults to localhost only. Edit carefully to taste.
30 | 'ipFilters'=>array('127.0.0.1','::1','172.16.10.3'),
31 | ),
32 | ),
33 |
34 | // application components
35 | 'components'=>array(
36 | 'user'=>array(
37 | // enable cookie-based authentication
38 | 'allowAutoLogin'=>true,
39 | ),
40 | // uncomment the following to enable URLs in path-format
41 | 'urlManager'=>array(
42 | 'urlFormat'=>'path',
43 | // 'showScriptName'=> false,
44 | 'rules'=>array(
45 | '
/'=>'/view',
46 | '//'=>'/',
47 | '/'=>'/',
48 | ),
49 | ),
50 | 'db'=>array(
51 | 'connectionString' => 'mysql:host=localhost;dbname=athcon',
52 | 'emulatePrepare' => true,
53 | 'username' => 'root',
54 | 'password' => '',
55 | 'charset' => 'utf8',
56 | 'tablePrefix' => '',
57 | ),
58 | 'errorHandler'=>array(
59 | // use 'site/error' action to display errors
60 | 'errorAction'=>'site/error',
61 | ),
62 | 'log'=>array(
63 | 'class'=>'CLogRouter',
64 | 'routes'=>array(
65 | array(
66 | 'class'=>'CFileLogRoute',
67 | 'levels'=>'error, warning',
68 | ),
69 | // uncomment the following to show log messages on web pages
70 | /*
71 | array(
72 | 'class'=>'CWebLogRoute',
73 | ),
74 | */
75 | ),
76 | ),
77 | ),
78 |
79 | // application-level parameters that can be accessed
80 | // using Yii::app()->params['paramName']
81 | 'params'=>array(
82 | // this is used in contact page
83 | 'adminEmail'=>'ctf@athcon.org',
84 | ),
85 | );
--------------------------------------------------------------------------------
/contrib/logspoofer/requests/www.acmesec.fake_.log:
--------------------------------------------------------------------------------
1 | "GET / HTTP/1.1" 200 9603 "-"
2 | "GET /stats/piwik.php?action_name=Welcome%20to%20ACMESEC%20%7C%20ACMESEC&idsite=1&rec=1&r=575122&h=21&m=12&s=10&url=http%3A%2F%2F172.0.0.4%2F&_id=15625eaa5cb75832&_idts=1335377531&_idvc=1&_idn=1&_refts=0&_viewts=1335377531&pdf=1&qt=0&realp=0&wma=1&dir=0&fla=1&java=1&gears=0&ag=1&res=1920x1080&cookie=1 HTTP/1.1" 200 43 "http://172.0.0.4/"
3 | "GET /misc/favicon.ico HTTP/1.1" 200 1150 "-"
4 | "GET /modules/system/system.base.css?m31lig HTTP/1.1" 200 5242 "http://172.0.0.4/"
5 | "GET /modules/system/system.menus.css?m31lig HTTP/1.1" 200 2035 "http://172.0.0.4/"
6 | "GET /modules/system/system.messages.css?m31lig HTTP/1.1" 200 961 "http://172.0.0.4/"
7 | "GET /modules/system/system.theme.css?m31lig HTTP/1.1" 200 3711 "http://172.0.0.4/"
8 | "GET /modules/book/book.css?m31lig HTTP/1.1" 200 983 "http://172.0.0.4/"
9 | "GET /modules/comment/comment.css?m31lig HTTP/1.1" 200 184 "http://172.0.0.4/"
10 | "GET /modules/field/theme/field.css?m31lig HTTP/1.1" 200 550 "http://172.0.0.4/"
11 | "GET /modules/node/node.css?m31lig HTTP/1.1" 200 144 "http://172.0.0.4/"
12 | "GET /modules/search/search.css?m31lig HTTP/1.1" 200 564 "http://172.0.0.4/"
13 | "GET /modules/user/user.css?m31lig HTTP/1.1" 200 1827 "http://172.0.0.4/"
14 | "GET /modules/forum/forum.css?m31lig HTTP/1.1" 200 996 "http://172.0.0.4/"
15 | "GET /modules/poll/poll.css?m31lig HTTP/1.1" 200 809 "http://172.0.0.4/"
16 | "GET /modules/openid/openid.css?m31lig HTTP/1.1" 200 1040 "http://172.0.0.4/"
17 | "GET /themes/bartik/css/layout.css?m31lig HTTP/1.1" 200 1634 "http://172.0.0.4/"
18 | "GET /themes/bartik/css/style.css?m31lig HTTP/1.1" 200 32910 "http://172.0.0.4/"
19 | "GET /themes/bartik/css/colors.css?m31lig HTTP/1.1" 200 1312 "http://172.0.0.4/"
20 | "GET /themes/bartik/css/print.css?m31lig HTTP/1.1" 200 656 "http://172.0.0.4/"
21 | "GET /misc/jquery.once.js?v=1.2 HTTP/1.1" 200 2974 "http://172.0.0.4/"
22 | "GET /misc/drupal.js?m31lig HTTP/1.1" 200 13852 "http://172.0.0.4/"
23 | "GET /misc/jquery.js?v=1.4.4 HTTP/1.1" 200 78602 "http://172.0.0.4/"
24 | "GET /misc/jquery.cookie.js?v=1.0 HTTP/1.1" 200 961 "http://172.0.0.4/"
25 | "GET /modules/openid/openid.js?m31lig HTTP/1.1" 200 1829 "http://172.0.0.4/"
26 | "GET /themes/bartik/logo.png HTTP/1.1" 200 3479 "http://172.0.0.4/"
27 | "GET /misc/menu-collapsed.png HTTP/1.1" 200 105 "http://172.0.0.4/"
28 | "GET /modules/openid/login-bg.png HTTP/1.1" 200 205 "http://172.0.0.4/"
29 | "GET /themes/bartik/images/buttons.png HTTP/1.1" 200 831 "http://172.0.0.4/"
30 | "GET /stats/piwik.js HTTP/1.1" 200 19820 "http://172.0.0.4/"
--------------------------------------------------------------------------------
/webui/manager/protected/views/reports/_search.php:
--------------------------------------------------------------------------------
1 |
2 |
3 | beginWidget('CActiveForm', array(
4 | 'action'=>Yii::app()->createUrl($this->route),
5 | 'method'=>'get',
6 | )); ?>
7 |
8 |
9 | label($model,'id'); ?>
10 | textField($model,'id'); ?>
11 |
12 |
13 |
14 | label($model,'reporter'); ?>
15 | textField($model,'reporter'); ?>
16 |
17 |
18 |
19 | label($model,'datentime'); ?>
20 | textField($model,'datentime',array('size'=>60,'maxlength'=>255)); ?>
21 |
22 |
23 |
24 | label($model,'subject'); ?>
25 | textField($model,'subject',array('size'=>60,'maxlength'=>255)); ?>
26 |
27 |
28 |
29 | label($model,'attacker'); ?>
30 | textField($model,'attacker',array('size'=>32,'maxlength'=>32)); ?>
31 |
32 |
33 |
34 | label($model,'server'); ?>
35 | textField($model,'server',array('size'=>32,'maxlength'=>32)); ?>
36 |
37 |
38 |
39 | label($model,'abuse'); ?>
40 | textField($model,'abuse',array('size'=>32,'maxlength'=>32)); ?>
41 |
42 |
43 |
44 | label($model,'message'); ?>
45 | textArea($model,'message',array('rows'=>6, 'cols'=>50)); ?>
46 |
47 |
48 |
49 | label($model,'logs'); ?>
50 | textArea($model,'logs',array('rows'=>6, 'cols'=>50)); ?>
51 |
52 |
53 |
54 | label($model,'resolved'); ?>
55 | textField($model,'resolved'); ?>
56 |
57 |
58 |
59 | label($model,'thru'); ?>
60 | textField($model,'thru',array('size'=>60,'maxlength'=>255)); ?>
61 |
62 |
63 |
64 | label($model,'comments'); ?>
65 | textArea($model,'comments',array('rows'=>6, 'cols'=>50)); ?>
66 |
67 |
68 |
69 | label($model,'mac'); ?>
70 | textField($model,'mac',array('size'=>17,'maxlength'=>17)); ?>
71 |
72 |
73 |
74 |
75 |
76 |
77 | endWidget(); ?>
78 |
79 |
2 |
3 | beginWidget('CActiveForm', array(
4 | 'id'=>'treasures-form',
5 | 'enableAjaxValidation'=>false,
6 | )); ?>
7 |
8 |
Fields with * are required.
9 |
10 | errorSummary($model); ?>
11 |
12 |
13 | labelEx($model,'name'); ?>
14 | textField($model,'name',array('size'=>60,'maxlength'=>255)); ?>
15 | error($model,'name'); ?>
16 |
17 |
18 |
19 | labelEx($model,'pubname'); ?>
20 | textField($model,'pubname',array('size'=>60,'maxlength'=>255)); ?>
21 | error($model,'pubname'); ?>
22 |
23 |
24 |
25 | randHASH();?>
26 | labelEx($model,'code'); ?>
27 | textField($model,'code',array('size'=>60,'maxlength'=>250)); ?>
28 | error($model,'code'); ?>
29 |
30 |
31 |
32 | labelEx($model,'description'); ?>
33 | textArea($model,'description',array('rows'=>6, 'cols'=>50)); ?>
34 | error($model,'description'); ?>
35 |
36 |
37 |
38 | labelEx($model,'points'); ?>
39 | textField($model,'points',array('size'=>10,'maxlength'=>10)); ?>
40 | error($model,'points'); ?>
41 |
42 |
43 |
44 | labelEx($model,'category'); ?>
45 | enumItem($model, 'category') ); ?>
46 | error($model,'category'); ?>
47 |
48 |
49 |
50 | labelEx($model,'csum'); ?>
51 | textField($model,'csum',array('size'=>60,'maxlength'=>128)); ?>
52 | error($model,'csum'); ?>
53 |
54 |
55 |
56 | labelEx($model,'appears'); ?>
57 | textField($model,'appears'); ?>
58 | error($model,'appears'); ?>
59 |
60 |
61 |
62 | labelEx($model,'effects'); ?>
63 | enumItem($model, 'effects') ); ?>
64 | error($model,'effects'); ?>
65 |
66 |
67 |
68 | isNewRecord ? 'Create' : 'Save'); ?>
69 |
70 |
71 | endWidget(); ?>
72 |
73 |
Registration for station
2 |
43 |
44 | nickname: Enter a nick name that the system will identify you. This will be shown on the scoreboard so be polite and reasonable. Offensive or otherwise inapropriate nicknames will be deleted.password: Don't enter a sensitive password. This will be stored in plain text and it is used in order to create the required usernames on the security systems that you will monitor.mac address: This will be the mac address that we will monitor to provide you with points. If you plan on "changing" your mac replace the detected one.team: If you enter a team name, then your nickname will not be visible and the team will be shown instead. Points from individual members will be avereaged and displayed as team score.signature As a pure geek add a signature that will go along your nickname.
50 |
--------------------------------------------------------------------------------
/webui/css/terminal.css:
--------------------------------------------------------------------------------
1 | body{
2 | background: #000000 /*url('../images/athcon_hacker.png') no-repeat*/;
3 | background-position: left top;
4 | font:13px Trebuchet MS, Arial, Helvetica, Sans-Serif;
5 | color:#ffffff;
6 | line-height:160%;
7 | margin:0;
8 | padding:0;
9 | text-align:center;
10 | }
11 |
12 | h1{
13 | font-size:200%;
14 | font-weight:normal;
15 | }
16 | h2, h3, h4, h5, h6{
17 | font-weight:normal;
18 | margin:1em 0;
19 | }
20 | h2{
21 | font-size:160%;
22 | }
23 | h3{
24 | font-size:140%;
25 | }
26 | h4{
27 | font-size:120%;
28 | }
29 |
30 | a{
31 | text-decoration:none;
32 | color:#f30;
33 | }
34 | a:hover{
35 | color:#999;
36 | }
37 | table, input, textarea, select, li{
38 | font:100% Trebuchet MS, Arial, Helvetica, Sans-Serif;
39 | line-height:160%;
40 | color:#fff;
41 | }
42 | input, textarea, select, li{
43 | color:#000;
44 | }
45 |
46 | p, blockquote, ul, ol, form{
47 | margin:1em 0;
48 | }
49 | blockquote{
50 | }
51 | img{
52 | border:none;
53 | }
54 | hr{
55 | display:none;
56 | }
57 | table{
58 | margin:1em 0;
59 | width:100%;
60 | border-collapse:collapse;
61 | }
62 | th, td{
63 | padding:2px 5px;
64 | }
65 | th{
66 | text-align:left;
67 | }
68 | li{
69 | display:list-item;
70 | }
71 |
72 | #container{
73 | margin:0 auto;
74 | background:#000;
75 | width:600px;
76 | padding:20px 40px;
77 | text-align:left;
78 | }
79 |
80 |
81 | #form1{
82 | background-color: #000;
83 | margin:1em 0;
84 | padding-top:10px;
85 | }
86 | #form1 fieldset{
87 | margin:0;
88 | padding:0;
89 | border:none;
90 | float:left;
91 | display:inline;
92 | background: #000;
93 | width:260px;
94 | margin-left:25px;
95 | }
96 | #form1 legend{display:none;}
97 | #form1 p{margin:.5em 0;}
98 | #form1 label{display:block;}
99 | #form1 input, #form1 textarea{
100 | width:252px;
101 | border:1px solid #ddd;
102 | background:#fff url(../images/form1/form_input.gif) repeat-x;
103 | padding:3px;
104 | }
105 | #form1 textarea{
106 | height:125px;
107 | overflow:auto;
108 | }
109 | #form1 p.submit{
110 | clear:both;
111 | //background: #000 url(../images/form1/form_bottom.gif) no-repeat 0 100%;
112 | padding:0 25px 20px 25px;
113 | margin:0;
114 | text-align:right;
115 | }
116 | #form1 button{
117 | width:150px;
118 | height:37px;
119 | line-height:37px;
120 | border:none;
121 | background: #000 url(../images/form1/form_button-hck.jpg) no-repeat 0 0;
122 | color:#fff;
123 | cursor:pointer;
124 | text-align:center;
125 | }
126 | li {
127 | color: white;
128 | }
--------------------------------------------------------------------------------
/webui/manager/protected/views/layouts/main.php:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | <?php echo CHtml::encode($this->pageTitle); ?>
18 |
19 |
20 |
21 |
22 |
23 |
24 |
27 |
28 |
29 | widget('zii.widgets.CMenu',array(
30 | 'items'=>array(
31 | array('label'=>'Home', 'url'=>array('/site/index')),
32 | array('label'=>'Echofish', 'url'=>array('../echofish')),
33 | array('label'=>'Users', 'url'=>array('/users')),
34 | array('label'=>'Vulnerabilities', 'url'=>array('/vuln/admin')),
35 | array('label'=>'arpwatch', 'url'=>array('/arpdat')),
36 | array('label'=>'tcpdump', 'url'=>array('/tcpdump')),
37 | array('label'=>'Arp History', 'url'=>array('/arphistory')),
38 | array('label'=>'Hints', 'url'=>array('/hint')),
39 | array('label'=>'Reports', 'url'=>array('/reports/admin')),
40 | array('label'=>'Treasures', 'url'=>array('/treasures/admin')),
41 | array('label'=>'Login', 'url'=>array('/site/login'), 'visible'=>Yii::app()->user->isGuest),
42 | array('label'=>'Logout ('.Yii::app()->user->name.')', 'url'=>array('/site/logout'), 'visible'=>!Yii::app()->user->isGuest)
43 | ),
44 | )); ?>
45 |
46 | breadcrumbs)):?>
47 | widget('zii.widgets.CBreadcrumbs', array(
48 | 'links'=>$this->breadcrumbs,
49 | )); ?>
50 |
51 |
52 |
53 |
54 |
55 |
56 |
61 |
62 |
AthCon CTF Scores
36 |
43 |
AthCon CTF Scores
44 |
45 |
46 | HACKERS
48 | nick
49 | total pckts
50 | valid pckts
51 | treasure points
52 | reported
53 | score
54 |
55 |
56 |
57 |
58 |
59 |
66 |
67 |
68 |
69 |
70 |
71 | ADMINS
73 | nick
74 | reports
75 | valid
76 | bonus
77 | score
78 |
79 |
80 |
81 |
82 |
83 |
89 |
90 |
91 |
92 |
93 |
scoreboard ';
77 | header("Location: index.php");
78 | }
79 | else
80 | {
81 | print_r($pdo->errorInfo());
82 | }
83 | }
84 | catch (PDOException $exception)
85 | {
86 | if($stmtin->errorCode()==23000) echo "Choose another nickname".$exception->getMessage();
87 | else print "\nException: " . $exception->getMessage();
88 | $pdo->rollBack();
89 | }
--------------------------------------------------------------------------------
/webui/manager/protected/models/Users.php:
--------------------------------------------------------------------------------
1 | 255),
49 | array('category', 'length', 'max'=>10),
50 | array('mac', 'length', 'max'=>18),
51 | // The following rule is used by search().
52 | // Please remove those attributes that should not be searched.
53 | array('id, nickname, team, category, passwd, mac, signature, TS', 'safe', 'on'=>'search'),
54 | );
55 | }
56 |
57 | /**
58 | * @return array relational rules.
59 | */
60 | public function relations()
61 | {
62 | // NOTE: you may need to adjust the relation name and the related
63 | // class name for the relations automatically generated below.
64 | return array(
65 | 'usersTreasures' => array(self::HAS_MANY, 'UsersTreasures', 'users_id'),
66 | );
67 | }
68 |
69 | /**
70 | * @return array customized attribute labels (name=>label)
71 | */
72 | public function attributeLabels()
73 | {
74 | return array(
75 | 'id' => 'ID',
76 | 'nickname' => 'Nickname',
77 | 'team' => 'Team',
78 | 'category' => 'Category',
79 | 'passwd' => 'Passwd',
80 | 'mac' => 'Mac',
81 | 'signature' => 'Signature',
82 | 'TS' => 'Ts',
83 | );
84 | }
85 |
86 | /**
87 | * Retrieves a list of models based on the current search/filter conditions.
88 | * @return CActiveDataProvider the data provider that can return the models based on the search/filter conditions.
89 | */
90 | public function search()
91 | {
92 | // Warning: Please modify the following code to remove attributes that
93 | // should not be searched.
94 |
95 | $criteria=new CDbCriteria;
96 |
97 | $criteria->compare('id',$this->id);
98 | $criteria->compare('nickname',$this->nickname,true);
99 | $criteria->compare('team',$this->team,true);
100 | $criteria->compare('category',$this->category,true);
101 | $criteria->compare('passwd',$this->passwd,true);
102 | $criteria->compare('mac',$this->mac,true);
103 | $criteria->compare('signature',$this->signature,true);
104 | $criteria->compare('TS',$this->TS,true);
105 |
106 | return new CActiveDataProvider($this, array(
107 | 'criteria'=>$criteria,
108 | ));
109 | }
110 | }
--------------------------------------------------------------------------------
/webui/manager/css/form.css:
--------------------------------------------------------------------------------
1 | /**
2 | * CSS styles for forms generated by yiic.
3 | *
4 | * The styles can be applied to the following form structure:
5 | *
6 | *
23 | *
24 | * The above code will render the labels and input fields in separate lines.
25 | * In order to render them in the same line, please use the "wide" form as follows,
26 | *
27 | *
28 | * ......
29 | *
30 | *
31 | * @author Qiang Xue
32 | * @link http://www.yiiframework.com/
33 | * @copyright Copyright © 2008-2010 Yii Software LLC
34 | * @license http://www.yiiframework.com/license/
35 | */
36 |
37 | div.form
38 | {
39 | }
40 |
41 | div.form input,
42 | div.form textarea,
43 | div.form select
44 | {
45 | margin: 0.2em 0 0.5em 0;
46 | }
47 |
48 | div.form fieldset
49 | {
50 | border: 1px solid #DDD;
51 | padding: 10px;
52 | margin: 0 0 10px 0;
53 | -moz-border-radius:7px;
54 | }
55 |
56 | div.form label
57 | {
58 | font-weight: bold;
59 | font-size: 0.9em;
60 | display: block;
61 | }
62 |
63 | div.form .row
64 | {
65 | margin: 5px 0;
66 | }
67 |
68 | div.form .hint
69 | {
70 | margin: 0;
71 | padding: 0;
72 | color: #999;
73 | }
74 |
75 | div.form .note
76 | {
77 | font-style: italic;
78 | }
79 |
80 | div.form span.required
81 | {
82 | color: red;
83 | }
84 |
85 | div.form div.error label:first-child,
86 | div.form label.error,
87 | div.form span.error
88 | {
89 | color: #C00;
90 | }
91 |
92 | div.form div.error input,
93 | div.form div.error textarea,
94 | div.form div.error select,
95 | div.form input.error,
96 | div.form textarea.error,
97 | div.form select.error
98 | {
99 | background: #FEE;
100 | border-color: #C00;
101 | }
102 |
103 | div.form div.success input,
104 | div.form div.success textarea,
105 | div.form div.success select,
106 | div.form input.success,
107 | div.form textarea.success,
108 | div.form select.success
109 | {
110 | background: #E6EFC2;
111 | border-color: #C6D880;
112 | }
113 |
114 |
115 | div.form .errorSummary
116 | {
117 | border: 2px solid #C00;
118 | padding: 7px 7px 12px 7px;
119 | margin: 0 0 20px 0;
120 | background: #FEE;
121 | font-size: 0.9em;
122 | }
123 |
124 | div.form .errorMessage
125 | {
126 | color: red;
127 | font-size: 0.9em;
128 | }
129 |
130 | div.form .errorSummary p
131 | {
132 | margin: 0;
133 | padding: 5px;
134 | }
135 |
136 | div.form .errorSummary ul
137 | {
138 | margin: 0;
139 | padding: 0 0 0 20px;
140 | }
141 |
142 | div.wide.form label
143 | {
144 | float: left;
145 | margin-right: 10px;
146 | position: relative;
147 | text-align: right;
148 | width: 100px;
149 | }
150 |
151 | div.wide.form .row
152 | {
153 | clear: left;
154 | }
155 |
156 | div.wide.form .buttons, div.wide.form .hint, div.wide.form .errorMessage
157 | {
158 | clear: left;
159 | padding-left: 110px;
160 | }
161 |
--------------------------------------------------------------------------------
/contrib/schema/hints-data.sql:
--------------------------------------------------------------------------------
1 | -- phpMyAdmin SQL Dump
2 | -- version 3.3.9.1
3 | -- http://www.phpmyadmin.net
4 | --
5 | -- Host: localhost
6 | -- Generation Time: Apr 19, 2012 at 04:04 PM
7 | -- Server version: 5.1.54
8 | -- PHP Version: 5.2.17
9 |
10 | SET FOREIGN_KEY_CHECKS=0;
11 | SET SQL_MODE="NO_AUTO_VALUE_ON_ZERO";
12 |
13 |
14 | /*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
15 | /*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;
16 | /*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;
17 | /*!40101 SET NAMES utf8 */;
18 |
19 | --
20 | -- Database: `athcon`
21 | --
22 |
23 | --
24 | -- Dumping data for table `hint`
25 | --
26 |
27 | INSERT INTO `hint` (`id`, `title`, `usertype`, `category`, `message`) VALUES
28 | (1, 'Other participants are not part of the contest', 'both', 'rule', 'Dont abuse or attack administrators or hackers.'),
29 | (2, 'Don''t abuse the systems you will monitor.', 'admin', 'rule', 'Keep in mind that as an administrator you have certain responsibilities. If you are found to abuse your own systems by fellow admins you will be disqualified.'),
30 | (3, 'Play fare... its just for fun!', 'both', 'rule', 'Play fare,don''t try to cheat your way around the system, don''t mess with other participants (hackers/admins alike).'),
31 | (4, 'Reports are your main source for points', 'admin', 'rule', 'Use the report to file an abuse report and get score points. Note however that only one report per attacker counts, although the system will not stop you from sending more than one. Extra reports reduce your score.'),
32 | (5, 'You are not allowed to take part on the attacks', 'admin', 'rule', 'As an admin you are not supposed to attack the systems.'),
33 | (6, 'Systems not part of the contest', 'hacker', 'rule', 'The systems athcon.ctf host along with the gateway system (all IP''s ending with .254) are not part of the CTF. '),
34 | (7, 'No DoS attacks', 'hacker', 'rule', 'Don''t DoS the systems, if you need concurrency keep it into sane numbers.'),
35 | (8, 'All your packets count', 'hacker', 'rule', 'The packets reaching the systems of the contest, count on your score. However keep in mind that only valid packets provide you with upwards scoring. This means that you need to be very careful of your approach to the systems you are about to attack.'),
36 | (9, 'Admins have their tools', 'hacker', 'rule', 'Admins have their IDS and log monitoring tools but you have a wide range of IP spaces to play with. The following ranges will come handy when you get reported :)\r\n\r\n10.165.0.0/24\r\n10.166.0.0/24\r\n10.167.0.0/24\r\n10.168.0.0/24\r\n10.169.0.0/24\r\n10.170.0.0/24\r\n'),
37 | (10, 'Don''t switch mac''s', 'hacker', 'rule', 'Administrators can''t see your mac through their tools (no mac address ever reaches admins). The only reason we need you to keep a "steady" mac is so that we can accredit you with points.\r\n'),
38 | (11, 'Blacklisted IP''s stay this way', 'hacker', 'rule', 'Blacklisted IP''s will stay this way for the entire run of the CTF. It is left as exercise to you to "detect" this and switch.'),
39 | (12, 'AcmeSec Systems', 'admin', 'note', 'The systems that will help you get the bad guys are Echofish , BASE ,Snorby .\r\n\r\nFurthermore, your account will also work on the following AcmeSec systems www.acmesec.fake, pbx.acmesec.fake, mail.acmesec.fake, lamp.acmesec.fake, oamp.acmesec.fake, solaris11.acmesec.fake.');
40 | SET FOREIGN_KEY_CHECKS=1;
41 |
--------------------------------------------------------------------------------
/contrib/logspoofer/requests/lamp.acmesec.fake_joomla.log:
--------------------------------------------------------------------------------
1 | "GET /joomla-2.5.4/media/system/js/mootools-more.js HTTP/1.1" 200 238331 "http://192.0.0.2/joomla-2.5.4/"
2 | "GET /joomla-2.5.4/media/system/css/system.css HTTP/1.1" 200 1445 "http://192.0.0.2/joomla-2.5.4/templates/system/css/system.css"
3 | "GET /joomla-2.5.4/templates/beez_20/javascript/hide.js HTTP/1.1" 200 7735 "http://192.0.0.2/joomla-2.5.4/"
4 | "GET /joomla-2.5.4/images/joomla_black.gif HTTP/1.1" 200 2371 "http://192.0.0.2/joomla-2.5.4/"
5 | "GET /joomla-2.5.4/templates/beez_20/images/personal/bg2.png HTTP/1.1" 200 2629 "http://192.0.0.2/joomla-2.5.4/templates/beez_20/css/personal.css"
6 | "GET /joomla-2.5.4/templates/beez_20/images/personal/personal2.png HTTP/1.1" 200 19615 "http://192.0.0.2/joomla-2.5.4/templates/beez_20/css/personal.css"
7 | "GET /joomla-2.5.4/templates/beez_20/images/personal/ecke.gif HTTP/1.1" 200 826 "http://192.0.0.2/joomla-2.5.4/templates/beez_20/css/personal.css"
8 | "GET /joomla-2.5.4/templates/beez_20/images/personal/navi_active.png HTTP/1.1" 200 95 "http://192.0.0.2/joomla-2.5.4/templates/beez_20/css/personal.css"
9 | "GET /joomla-2.5.4/templates/beez_20/images/header-bg.gif HTTP/1.1" 200 881 "http://192.0.0.2/joomla-2.5.4/templates/beez_20/css/personal.css"
10 | "GET /joomla-2.5.4/templates/beez_20/images/content_bg.gif HTTP/1.1" 200 165 "http://192.0.0.2/joomla-2.5.4/templates/beez_20/css/personal.css"
11 | "GET /joomla-2.5.4/templates/beez_20/images/nature/karo.gif HTTP/1.1" 200 45 "http://192.0.0.2/joomla-2.5.4/templates/beez_20/css/personal.css"
12 | "GET /joomla-2.5.4/templates/beez_20/images/nature/arrow1.gif HTTP/1.1" 200 1700 "http://192.0.0.2/joomla-2.5.4/templates/beez_20/css/personal.css"
13 | "GET /joomla-2.5.4/templates/beez_20/images/personal/tabs_back.png HTTP/1.1" 200 4828 "http://192.0.0.2/joomla-2.5.4/templates/beez_20/css/personal.css"
14 | "GET /joomla-2.5.4/templates/beez_20/images/personal/footer.jpg HTTP/1.1" 200 547 "http://192.0.0.2/joomla-2.5.4/templates/beez_20/css/personal.css"
15 | "GET /joomla-2.5.4/templates/beez_20/fonts/TitilliumMaps29L002.otf HTTP/1.1" 200 47984 "http://192.0.0.2/joomla-2.5.4/templates/beez_20/css/personal.css"
16 | "GET /joomla-2.5.4/templates/system/css/system.css HTTP/1.1" 200 896 "http://192.0.0.2/joomla-2.5.4/"
17 | "GET /joomla-2.5.4/templates/beez_20/javascript/md_stylechanger.js HTTP/1.1" 200 2104 "http://192.0.0.2/joomla-2.5.4/"
18 | "GET /joomla-2.5.4/templates/beez_20/css/position.css HTTP/1.1" 200 5857 "http://192.0.0.2/joomla-2.5.4/"
19 | "GET /joomla-2.5.4/templates/beez_20/css/layout.css HTTP/1.1" 200 30158 "http://192.0.0.2/joomla-2.5.4/"
20 | "GET /joomla-2.5.4/templates/beez_20/css/print.css HTTP/1.1" 200 5174 "http://192.0.0.2/joomla-2.5.4/"
21 | "GET /joomla-2.5.4/templates/beez_20/css/general_mozilla.css HTTP/1.1" 200 200 "http://192.0.0.2/joomla-2.5.4/"
22 | "GET /joomla-2.5.4/templates/beez_20/css/personal.css HTTP/1.1" 200 21068 "http://192.0.0.2/joomla-2.5.4/"
23 | "GET /joomla-2.5.4/templates/beez_20/favicon.ico HTTP/1.1" 200 1150 "-"
24 | "GET /joomla-2.5.4/templates/beez_20/css/general.css HTTP/1.1" 200 4143 "http://192.0.0.2/joomla-2.5.4/"
25 | "GET /joomla-2.5.4/media/system/js/caption.js HTTP/1.1" 200 729 "http://192.0.0.2/joomla-2.5.4/"
26 | "GET /joomla-2.5.4/media/system/js/core.js HTTP/1.1" 200 4784 "http://192.0.0.2/joomla-2.5.4/"
27 | "GET /joomla-2.5.4/media/system/js/mootools-core.js HTTP/1.1" 200 96362 "http://192.0.0.2/joomla-2.5.4/"
28 | "GET /joomla-2.5.4/ HTTP/1.1" 200 16767 "http://192.0.0.2/"
29 | "GET /joomla-2.5.4/images/banners/white.png HTTP/1.1" 200 6416 "http://192.0.0.2/joomla-2.5.4/"
--------------------------------------------------------------------------------
/webui/report.php:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Abuse Report
6 |
13 | 0 && trim($nickname)!='' && $userType=="admin") {
14 | if(!empty($_POST)) add_report();
15 | ?>
16 |
17 |
Report A Hacker / Reporter:
18 |
57 |
58 |
You need to register as an admin in order to submit an abuse report
59 |
60 |
2 |
3 | beginWidget('CActiveForm', array(
4 | 'id'=>'reports-form',
5 | 'enableAjaxValidation'=>false,
6 | )); ?>
7 |
8 |
Fields with * are required.
9 |
10 | errorSummary($model); ?>
11 |
12 |
13 | labelEx($model,'reporter'); ?>
14 | textField($model,'reporter'); ?>
15 | error($model,'reporter'); ?>
16 |
17 |
18 |
19 | labelEx($model,'datentime'); ?>
20 | textField($model,'datentime',array('size'=>60,'maxlength'=>255)); ?>
21 | error($model,'datentime'); ?>
22 |
23 |
24 |
25 | labelEx($model,'subject'); ?>
26 | textField($model,'subject',array('size'=>60,'maxlength'=>255)); ?>
27 | error($model,'subject'); ?>
28 |
29 |
30 |
31 | labelEx($model,'attacker'); ?>
32 | textField($model,'attacker',array('size'=>32,'maxlength'=>32)); ?>
33 | error($model,'attacker'); ?>
34 |
35 |
36 |
37 | labelEx($model,'server'); ?>
38 | textField($model,'server',array('size'=>32,'maxlength'=>32)); ?>
39 | error($model,'server'); ?>
40 |
41 |
42 |
43 | labelEx($model,'abuse'); ?>
44 | textField($model,'abuse',array('size'=>32,'maxlength'=>32)); ?>
45 | error($model,'abuse'); ?>
46 |
47 |
48 |
49 | labelEx($model,'message'); ?>
50 | textArea($model,'message',array('rows'=>6, 'cols'=>50)); ?>
51 | error($model,'message'); ?>
52 |
53 |
54 |
55 | labelEx($model,'logs'); ?>
56 | textArea($model,'logs',array('rows'=>6, 'cols'=>50)); ?>
57 | error($model,'logs'); ?>
58 |
59 |
60 |
61 | labelEx($model,'resolved'); ?>
62 | textField($model,'resolved'); ?>
63 | error($model,'resolved'); ?>
64 |
65 |
66 |
67 | labelEx($model,'thru'); ?>
68 | textField($model,'thru',array('size'=>60,'maxlength'=>255)); ?>
69 | error($model,'thru'); ?>
70 |
71 |
72 |
73 | labelEx($model,'comments'); ?>
74 | textArea($model,'comments',array('rows'=>6, 'cols'=>50)); ?>
75 | error($model,'comments'); ?>
76 |
77 |
78 |
79 | labelEx($model,'treasure_id'); ?>
80 | treasureItem(),array('empty' => '(Select an Achievement)') ); ?>
81 | error($model,'treasure_id'); ?>
82 |
83 |
84 |
85 | labelEx($model,'mac'); ?>
86 | macItem(), 'mac', 'timestamp','IP'),array('empty' => '(Select an Entry)')); ?>
87 | error($model,'mac'); ?>
88 |
89 |
90 |
91 | isNewRecord ? 'Create' : 'Save'); ?>
92 |
93 |
94 | endWidget(); ?>
95 |
96 |