Writing demo exploits is easy. There is no special requirement, except that it should be python3 and accept a target IP as first argument. Stolen flags should be printed, no formatting or cleanup is required (we use regexp to parse them from your output).
If flag IDs are configured, they are passed as additional arguments: sys.argv[2] contains the first flag IDs, comma-separated.
import sys
from typing import List
# Checker is configured with: flag_id_types = ['username', 'hex12']
def exploit(target: str, flag_ids_username: List[str], flag_ids_hex: List[str]):
for flag_id in flag_ids_username:
print(f'Attacking {flag_id}')
result = ...
print(result)
if __name__ == '__main__':
exploit(sys.argv[1], sys.argv[2].split(','), sys.argv[3].split(','))Our CI tests all exploits named exploit_<???>.py in ./exploits/. Use gamelib/run-exploits to check locally.
A working checkerscript is required to test exploits, otherwise there will not be any flags stored.
Please write one exploit per vulnerability.
If you need additional software to perform an exploit (python modules, system packages) you can install them in your service's dependencies.sh.
- Please check first if the package you need is already preinstalled.
- Then check if the package can be installed from Debian Buster's repository (using
apt). These packages are usually more stable and don't change that often. - If not, you can freely use
python3 -m pip install.
We have preinstalled (at least):
- Python3 with pip
- redis
- requests
- pwntools
- numpy
- pycryptodome
- beautifulsoup4
- pytz