ZPD-training-service

Service for A/D CTF training on golang.

fortuneteller

Service for fortune-telling by books.

Vulnerabilities

Path traversal on golang by using unsafe method filepath.Join(). Sploit.
AES in insecure ECB mode. Sploit.
Usage low public exponent in RSA. Sploit.
Insertion of Sensitive Information into Log File.

More details here

Deploy

Service

cd ./services/fortuneteller
docker-compose up -d

Checker

The checker interface matches the description for ructf: https://github.com/HackerDom/ructf-2017/wiki/Интерфейс-«проверяющая-система-чекеры»

cd ./checkers/fortuneteller
python3 checker.py

To use it with ructf jury, you need to change the output format of the checker info function:

comment this row https://github.com/seemenkina/fortuneteller/blob/master/checkers/fortuneteller/checker.py#L457
delete comment from this row https://github.com/seemenkina/fortuneteller/blob/master/checkers/fortuneteller/checker.py#L458

Contributors

@seemenkina

Name		Name	Last commit message	Last commit date
Latest commit History 86 Commits
checkers		checkers
services/fortuneteller		services/fortuneteller
sploits/fortuneteller		sploits/fortuneteller
.gitignore		.gitignore
.travis.yml		.travis.yml
LICENSE.txt		LICENSE.txt
README.md		README.md
check.py		check.py
requirements.txt		requirements.txt

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

ZPD-training-service

fortuneteller

Tags

Vulnerabilities

Deploy

Service

Checker

Contributors

About

Releases

Packages

Languages

License

seemenkina/fortuneteller

Folders and files

Latest commit

History

Repository files navigation

ZPD-training-service

fortuneteller

Tags

Vulnerabilities

Deploy

Service

Checker

Contributors

About

Topics

Resources

License

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages