lhy6305/attachment-server
1
0
Fork 0
Code Pull Requests Projects Activity

~~ssh~~ https auto update

Browse Source
This commit is contained in:
lhy6305 2024-09-21 19:53:30 +08:00
parent c4a3166f68
commit 2fc81d5a2b
16 changed files with 204 additions and 254 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
api.php
View File

@ -1,14 +1,16 @@
<?php <?php
set_time_limit(0); set_time_limit(0);
ob_implicit_flush(); ob_implicit_flush(true);
ignore_user_abort(true); ignore_user_abort(true);
@ini_set("expose_php", "off"); @ini_set("expose_php", "off");
header_remove(); header_remove();
date_default_timezone_set("Asia/Shanghai"); date_default_timezone_set("Asia/Shanghai");
header("Access-Control-Allow-Origin: *"); header("Access-Control-Allow-Origin: *");
header("Content-type: text/plain; charset=utf-8"); header("Content-type: text/plain; charset=utf-8");
header("Content-Encoding: none");
header("Cache-Control: no-store, max-age=0, must-revalidate"); header("Cache-Control: no-store, max-age=0, must-revalidate");
header("X-Accel-Buffering: no");
error_reporting(0); error_reporting(0);
error_reporting(E_ALL); error_reporting(E_ALL);

BIN
assets/YuFanZhenSu.otf Normal file
View File

Binary file not shown.

BIN
assets/background.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 1.9 MiB

129
assets/css/index.css Normal file
View File

@ -0,0 +1,129 @@
@font-face {
font-family: 'ContentFont';
src: url('../YuFanZhenSu.otf') format('otf');
font-weight: normal;
font-style: normal;
}
@font-face {
font-family: 'UbuntuMono';
src: url('../Ubuntu Mono derivative Powerline.ttf') format('ttf');
font-weight: normal;
font-style: normal;
}
body {
margin: 0;
display: grid;
justify-content: center;
align-items: center;
background-image: linear-gradient(rgba(0, 0, 0, 0.3), rgba(0, 0, 0, 0.3)),url("../background.jpg");
background-size: cover;
background-position: center;
background-repeat: no-repeat;
font-family: 'ContentFont', sans-serif;
min-height: 100vh;
}
.null-area{
height: 50px;
}
.big-title{
width: 100%;
padding: 24px 8px;
font-size: 40px;
text-align: center;
color: rgb(101, 212, 231);
}
.sub-title{
width: 100%;
font-size: 30px;
text-align: center;
color: rgb(101, 212, 231);
}
.content-area{
display: flex;
}
.content-null-area{
width: 2%;
}
.attach-rules{
width: 96%;
min-height: 72vh;
font-size: 20px;
text-align: center;
color: rgb(101, 212, 231);
background-color: rgba(32, 32, 32, 0.7);
font-weight: 100;
}
.warn-highlight{
color: rgb(216, 164, 205);
font-weight: 700;
display: inline;
}
.tips-highlight{
color: rgb(231, 229, 101);
font-weight: 500;
display: inline;
}
.normal-highlight{
color: rgb(101, 212, 231);
font-weight: 100;
display: inline;
}
#font-tips{
font-family:'UbuntuMono', sans-serif;
}
.divide-line{
height:5px;
margin: 0px;
background: repeating-linear-gradient(
0deg,
rgba(101, 212, 231, 0) 0px,
rgb(101, 212, 231) 2.5px,
rgba(101, 212, 231, 0) 5px
)
}
input{
border-bottom: 3px solid rgb(231, 229, 101);
background: none;
outline: none;
padding: 10px;
font-size: 16px;
color: rgb(231, 229, 101);
}
input::placeholder {
color: rgba(101, 212, 231, 0.5);
opacity: 1;
}
.button-style{
border: 3px solid rgb(231, 229, 101);
}
footer {
margin: 0;
display: grid;
justify-content: center;
}
.foot-info{
font-size: 15px;
color: rgb(101, 212, 231);
justify-content: center;
margin: 10px 0px 10px 0px;
}

33
assets/user_index_template.html
View File

@ -3,6 +3,7 @@
<meta charset="UTF-8"> <meta charset="UTF-8">
<meta content="width=device-width, initial-scale=1.0" name="viewport"> <meta content="width=device-width, initial-scale=1.0" name="viewport">
<meta name="referrer" content="no-referrer"> <meta name="referrer" content="no-referrer">
<link href="./assets/css/index.css" rel="stylesheet">
<link href="./assets/favicon.png" rel="icon" type="image/png"> <link href="./assets/favicon.png" rel="icon" type="image/png">
<link href="./assets/favicon.ico" rel="icon" type="image/x-icon"> <link href="./assets/favicon.ico" rel="icon" type="image/x-icon">
<title>用户页面 - 附件分发 - woodpecker2024</title> <title>用户页面 - 附件分发 - woodpecker2024</title>
@ -10,23 +11,37 @@
<style> <style>
a { a {
display: inline-block; display: inline-block;
color: rgb(101, 212, 231);
font-weight: 100;
margin: 3px 0 3px 0; margin: 3px 0 3px 0;
} }
a:hover { a:hover {
outline: 2px dashed #0000dd; color: rgb(231, 229, 101);
font-weight: 500;
} }
</style> </style>
</head>
</head><body> <body>
<div class="big-title">欢迎来到woodpecker2024::ctf</div>
<h2>欢迎来到woodpecker2024::ctf</h2> <div class="sub-title">您当前作为队伍 <div class="tips-highlight">[#REPLACE-ANCHOR-0#](id=#REPLACE-ANCHOR-1#)</div> 登录</div>
<h2>您当前作为队伍 [#REPLACE-ANCHOR-0#](id=#REPLACE-ANCHOR-1#) 登录</h2>
<br> <br>
<pre style="margin:0;font-size:1.2rem"> <div class="divide-line"></div>
<strong>由本服务提供的题目列表(点击下载附件或进行交互,在新窗口打开)</strong><hr> <div class="content-area">
<div class="content-null-area"></div>
<div class="attach-rules">
<div class="normal-highlight">
<br>
<div class="tips-highlight">由本服务提供的题目列表(点击下载附件或进行交互,在新窗口打开)</div>
<br><br>
#REPLACE-ANCHOR-2# #REPLACE-ANCHOR-2#
</pre> <br>
</div>
</div>
<div class="content-null-area"></div>
</div>
<div class="divide-line"></div>
<footer><hr><small>附件分发系统 for Woodpecker CTF 2024, created by ly65.</small></footer>
</body> </body>
<footer><div class="foot-info"> for Woodpecker CTF 2024, created by ly65.</div><br></footer>
</html> </html>

3
docker_container/container-start.sh
View File

@ -1,3 +0,0 @@
#!/bin/sh
docker run --memory 1GB --user root --volume /media/sf_woodpecker2024/attachment_server/:/root/www/:ro --volume /media/sf_woodpecker2024/attachment_server/log/:/root/log/:rw --workdir /root/ --expose 12345 --network host --interactive --tty --name ly65-attachment-server --hostname woodpecker2024 --rm --detach debian:11-slim sh /root/www/docker_container/inside-container_start.sh

BIN
docker_container/gor_linux_x64.orig.elf
View File

Binary file not shown.

BIN
docker_container/gor_linux_x64.upx.elf
View File

Binary file not shown.

25
docker_container/inside-container_start.sh
View File

@ -1,25 +0,0 @@
#!/bin/sh
cd /root/
apt update
apt install -y --no-install-recommends util-linux psmisc nginx-light php7.4-fpm php7.4-curl php7.4-mbstring php7.4-gd
killall -9 php-fpm7.4
killall -9 nginx
killall -9 gor_linux_x64.upx.elf
cp --force /root/www/docker_container/nginx.conf /etc/nginx/nginx.conf
cp --force /root/www/docker_container/nginx-0.conf /root/nginx-0.conf
cp --force /root/www/docker_container/php-fpm.conf /etc/php/7.4/fpm/php-fpm.conf
cp --force /root/www/docker_container/php-fpm.www.conf /root/php-fpm.www.conf
php-fpm7.4 --allow-to-run-as-root
nginx
#setsid --fork /root/www/docker_container/gor_linux_x64.upx.elf --copy-buffer-size 1048576 --input-tcp :12345 --input-raw-realip-header "X-GOR-Real-IP" --output-http "http://127.0.0.1:25000" --output-file /root/log/gor_traffic.log --output-file-append
#tail -f /dev/null
#sleep infinity
bash -i

39
docker_container/nginx-0.conf
View File

@ -1,39 +0,0 @@
#it's already in the http directive
server {
listen 25000;
#listen [::]:25000;
root /root/www;
add_header Access-Control-Allow-Origin * always;
charset utf-8;
location = / {
allow all;
index index.html;
}
location = /index.html {
allow all;
}
location = /api.php {
allow all;
include fastcgi_params;
fastcgi_pass unix:/root/php-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
location /assets/ {
allow all;
}
location / {
deny all;
}
error_page 405 =200 $uri;
}

92
docker_container/nginx.conf
View File

@ -1,92 +0,0 @@
user root;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 768;
# multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
types_hash_max_size 2048;
# server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
##
# Logging Settings
##
log_format custom_log '[$time_local], '
'remote=$remote_addr:$remote_port, '
'local=$server_addr:$server_port, '
'request=\n$request\n\n$request_body\n'
'status=$status, len=$body_bytes_sent, '
'request_time=$request_time\n\n';
access_log /root/log/access.log custom_log;
error_log /root/log/error.log debug;
##
# Gzip Settings
##
gzip on;
# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
#include /etc/nginx/sites-enabled/*;
include /root/nginx-*.conf;
}
#mail {
# # See sample authentication script at:
# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
#
# # auth_http localhost/auth.php;
# # pop3_capabilities "TOP" "USER";
# # imap_capabilities "IMAP4rev1" "UIDPLUS";
#
# server {
# listen localhost:110;
# protocol pop3;
# proxy on;
# }
#
# server {
# listen localhost:143;
# protocol imap;
# proxy on;
# }
#}

12
docker_container/php-fpm.conf
View File

@ -1,12 +0,0 @@
[global]
pid = /root/php-fpm.pid
error_log = /root/log/php7.4-fpm.log
log_level = notice
log_limit = 4096
log_buffering = no
daemonize = yes
include = /root/php-fpm.*.conf

13
docker_container/php-fpm.www.conf
View File

@ -1,13 +0,0 @@
[www]
listen = /root/php-fpm.sock
user = root
group = root
pm = ondemand
pm.max_children = 16
pm.start_servers = 4
pm.process_idle_timeout = 60s
pm.max_requests = 4

2
incl_user_panel.php
View File

@ -20,7 +20,7 @@ for($a=0; $a<count($cid_list); $a++) {
$li[2].="<a target=\"_blank\" href="; $li[2].="<a target=\"_blank\" href=";
$li[2].=json_encode("./api.php?action=attachment-dl,".rawurlencode($cid_list[$a]["cid"])."&game=".rawurlencode($game)."&ttoken=".rawurlencode($team_token)); $li[2].=json_encode("./api.php?action=attachment-dl,".rawurlencode($cid_list[$a]["cid"])."&game=".rawurlencode($game)."&ttoken=".rawurlencode($team_token));
$li[2].=">".htmlspecialchars($cid_list[$a]["name"])."</a>"; $li[2].=">".htmlspecialchars($cid_list[$a]["name"])."</a>";
$li[2].="\n"; $li[2].="<br>\n";
} }
unset($a); unset($a);

76
index.html
View File

@ -3,65 +3,53 @@
<meta charset="UTF-8"> <meta charset="UTF-8">
<meta content="width=device-width, initial-scale=1.0" name="viewport"> <meta content="width=device-width, initial-scale=1.0" name="viewport">
<meta name="referrer" content="no-referrer"> <meta name="referrer" content="no-referrer">
<link href="./assets/css/index.css" rel="stylesheet">
<link href="./assets/favicon.png" rel="icon" type="image/png"> <link href="./assets/favicon.png" rel="icon" type="image/png">
<link href="./assets/favicon.ico" rel="icon" type="image/x-icon"> <link href="./assets/favicon.ico" rel="icon" type="image/x-icon">
<title>ly65的附件分发站 - woodpecker2024</title> <title>ly65的附件分发站 - woodpecker2024</title>
</head><body> </head>
<body>
<h1>欢迎来到 woodpecker::ctf 2024 </h1> <div class="big-title">欢迎来到 woodpecker::ctf 2024 </div>
<div class="divide-line"></div>
<pre style="margin:0;font-size:1.2rem"> <div class="content-area">
这里是 ly65 的一个小站,用于分发本次比赛的部分附件,并提供一些共用容器服务 <div class="content-null-area"></div>
<div class="attach-rules">
在继续之前,请仔细阅读以下说明和约定 <br>
这里是 ly65 的一个小站,用于分发本次比赛的部分附件,并提供一些共用容器服务<br><br>
- 本服务使用 <strong>team_token</strong> 验证身份<strong><a target="_blank" href="./assets/team_token_tip.png">(在哪?)</a></strong><strong>请勿泄露</strong>给非本队成员。 在继续之前,请仔细阅读以下说明和约定<br><br>
本服务使用 <div class="tips-highlight">验证身份</div> <a target="_blank" href="./assets/team_token_tip.png" class="tips-highlight">(在哪?)</a><div class="warn-highlight">请勿泄露</div>给非本队成员。<br><br>
- 除非另有说明,否则本附件分发服务提供的附件对每个用户都是固定的,不会因时间或请求次数而改变。 除非另有说明,否则本附件分发服务提供的附件对每个用户都是固定的,不会因时间或请求次数而改变。<br><br>
为了确保辨识度,若 flag 需要从图形中读出,此类 flag 统一使用 <a target="_blank" href="./assets/Ubuntu%20Mono%20derivative%20Powerline.ttf" class="tips-highlight" id="font-tips">Ubuntu Mono derivative Powerline</a>字体绘制(<a target="_blank" href="./assets/ubuntu-font-licence-1.0.txt" class="tips-highlight">字体licence</a><br><br>
- 为了确保有足够的辨识度,若 flag 需要从图形中读出,此类 flag 统一使用 <strong><a target="_blank" href="./assets/Ubuntu%20Mono%20derivative%20Powerline.ttf">Ubuntu Mono derivative Powerline</a></strong> 字体绘制(<strong><a target="_blank" href="./assets/ubuntu-font-licence-1.0.txt">字体licence</a></strong> <div class="tips-highlight">本服务器并非靶机</div>,未进行安全防护,且可用资源有限。在比赛期间,它是一个<div class="tips-highlight">共用容器</div>,因此:<br><br>
所有交互题目都被设计能够在 30 次 HTTP 请求之内完成。请<div class="warn-highlight">避免频繁或重复请求</div>,以免过度占用服务器资源。<br><br>
- <strong>本服务器并非靶机</strong>,未进行安全防护,且可用资源有限。在比赛期间,它是一个<strong>共用容器</strong>,因此: <div class="warn-highlight">请勿进行渗透、注入、端口扫描等攻击</div>。但<div class="tips-highlight">允许</div>对本附件分发服务(<div class="tips-highlight">仅 /api.php</div>)发送任意 HTTP 请求,只要不频繁发送或携带大量数据。<br><br>
对于可能与其他队伍产生信息交流的特殊题目,<div class="warn-highlight">请勿泄露任何比赛相关内容,包括但不限于 flag、team_token、解题思路等</div><br><br>
- 所有交互题目都被设计能够在 30 次 HTTP 请求之内完成。请<strong>避免频繁或重复请求</strong>,以免过度占用服务器资源。 我们会记录比赛期间的服务器日志等信息,以检测违规行为,并视情况对违规者进行警告、禁赛等处罚。<br><br>
请共同维护公平、友好的比赛环境。<br><br>
- <strong>请勿</strong>进行<strong>渗透、注入、端口扫描等攻击</strong>。但<strong>允许</strong>对本附件分发服务(<strong>仅 /api.php</strong>)发送任意 HTTP 请求,只要不频繁发送或携带大量数据。 <div class="tips-highlight">继续操作即视为您同意遵守上述约定</div><br><br>
- 对于可能与其他队伍产生信息交流的特殊题目,<strong>请勿泄露任何比赛相关内容,包括但不限于 flag、team_token、解题思路等</strong>
我们会记录比赛期间的服务器日志等信息,以检测违规行为,并视情况对违规者进行警告、禁赛等处罚。
请共同维护公平、友好的比赛环境。
<strong>继续操作即视为您同意遵守上述约定</strong> <form method="get" action="./api.php">
</pre>
<form method="get" action="./api.php" style="display:inline">
<input type="text" name="action" value="user-panel" style="display:none" required> <input type="text" name="action" value="user-panel" style="display:none" required>
<span style="display:none">
<span style="display:block"> <div class="tips-highlight">比赛id</div>
比赛id
<select name="game" required> <select name="game" required>
<option value="test-1">localhost内测</option> <option value="test-1">localhost内测</option>
<option value="wood-1">woodpecker内测</option> <option value="wood-1">woodpecker内测</option>
<option value="wood-2" selected>woodpecker正式比赛</option> <option value="wood-2" selected>woodpecker正式比赛</option>
</select> </select>
</span> </span>
<div class="tips-highlight">请输入您的team_token</div>
请输入您的team_token
<input type="text" name="ttoken" pattern="[0-9]+:[0-9a-zA-Z\/\+]{86}={0,2}" style="width:50%" placeholder="example: 1:4RJpuP0QRAXNIGVwymjAK3+1FKB/VRZ+Ah5LfGLZXQrZLxxcQ4lt32bdQ1vv+r0C9OQXDDvXaq8cEGuDD9/8e8==" required> <input type="text" name="ttoken" pattern="[0-9]+:[0-9a-zA-Z\/\+]{86}={0,2}" style="width:50%" placeholder="example: 1:4RJpuP0QRAXNIGVwymjAK3+1FKB/VRZ+Ah5LfGLZXQrZLxxcQ4lt32bdQ1vv+r0C9OQXDDvXaq8cEGuDD9/8e8==" required>
<input class="button-style" type="submit" value="点击继续">
<input type="submit" value="点击这个按钮继续">
</form> </form>
<br><br>
<br> </div>
<br> <div class="content-null-area"></div>
<footer><hr><small>附件分发系统 for Woodpecker CTF 2024, created by ly65.</small></footer> </div>
<div class="divide-line"></div>
</body> </body>
<footer><div class="foot-info"> for Woodpecker CTF 2024, created by ly65.</div><br></footer>
</html> </html>

12
phplib/libvar_cid2tid.php
View File

@ -24,12 +24,12 @@ $cid2tid_l=[
], ],
"wood-2"=>[ "wood-2"=>[
"cid_1"=>"tid_1", "cid_85"=>"tid_1",
"cid_2"=>"tid_2", "cid_86"=>"tid_2",
"cid_3"=>"tid_3", "cid_89"=>"tid_3",
"cid_4"=>"tid_4", "cid_88"=>"tid_4",
"cid_5"=>"tid_5", "cid_90"=>"tid_5",
"cid_6"=>"tid_6", "cid_87"=>"tid_6",
], ],
]; ];