search

D0g3-Lab / H1ve

An Easy / Quick / Cheap Integrated Platform
Apache License 2.0
611 stars 129 forks source link

awd插件的问题 #15

Open Dar1in9s opened 4 years ago

Dar1in9s commented 4 years ago

问题:

按照readme所给的步骤做,但是在初始化的时候出错了。 image

我的配置:

题目: image

插件: image 这边是有那个镜像的,并且镜像可用 image

Version & Environment (系统/环境版本)

0akarma commented 4 years ago

管理员是不能有比赛环境的,猜测是你没有创建普通用户或者普通队伍,配置是没有问题的

Dar1in9s commented 4 years ago

但是我创建了普通用户之后还是出现了相同的错误

0akarma commented 4 years ago

如果是初始化比赛的时候出现这个报错,那就把比赛先删除了再初始化,应该就没问题了,还有就是记得配置比赛开始时间。

Dar1in9s commented 4 years ago

好的,感谢回答,我已经解决了这个问题

longzhs commented 4 years ago

别的功能都测试正常,用Glowworm插件做awd测试时开始出现同样的初始化报错,通过配置比赛开始时间解决了,但后面正常Run、StartCheck后发现提交flag值问题:普通用户challenge题目上提交错误的或自己队伍的flag值都有相应的出错提示,但提交别的组肯定正确flag值,单击submit后没有任何反应。。Scoreboard没有得分纪录。Centos7和Ubuntu18.04环境下同样的问题,请问可能的原因

0akarma commented 4 years ago

普通用户challenge题目上提交错误的或自己队伍的flag值都有相应的出错提示,但提交别的组肯定正确flag值,单击submit后没有任何反应

提交别的组的flag你是从哪里看到的,是后台,还是队伍容器里面? 没有任何反应,f12看看请求发出没有,以及是否有报错。 因为没有反应,所以scoreboard没有记录是正常的。

longzhs commented 4 years ago

感谢回复。flag值是攻击容器靶机获取的,管理后台里看到的是同样的值。f12和burpsuite抓包发现提交正确flag值后返回的是500服务器错误。。测试使用的是自带的web_yunnan_simple和web_pyblog两个例子,镜像build不成功,是直接docker pull下来的。 1 2 3 4

0akarma commented 4 years ago

看一下.data/CTFd/logs/error.log里的报错呢,这部分我没有做异常处理~ 要看一下报错才能确定是哪部份出了问题,因为之前我自己测试的时候是没有问题的(

longzhs commented 4 years ago

error.log文件中出错部分提示: [2020-01-23 21:57:03 +0000] [1] [INFO] Handling signal: winch [2020-01-23 22:14:34,867] ERROR in app: Exception on /api/v1/challenges/attempt [POST] Traceback (most recent call last): File "/usr/local/lib/python3.7/site-packages/flask/app.py", line 1813, in full_dispatch_request rv = self.dispatch_request() File "/usr/local/lib/python3.7/site-packages/flask/app.py", line 1799, in dispatch_request return self.view_functionsrule.endpoint File "/usr/local/lib/python3.7/site-packages/flask_restplus/api.py", line 325, in wrapper resp = resource(*args, kwargs) File "/usr/local/lib/python3.7/site-packages/flask/views.py", line 88, in view return self.dispatch_request(*args, *kwargs) File "/usr/local/lib/python3.7/site-packages/flask_restplus/resource.py", line 44, in dispatch_request resp = meth(args, kwargs) File "/home/bhs/H1ve/CTFd/utils/decorators/visibility.py", line 47, in _check_challenge_visibility return f(*args, kwargs) File "/home/bhs/H1ve/CTFd/utils/decorators/init.py", line 21, in during_ctf_time_only_wrapper return f(*args, *kwargs) File "/home/bhs/H1ve/CTFd/utils/decorators/init.py", line 70, in _require_verified_emails return f(args, kwargs) File "/home/bhs/H1ve/CTFd/api/v1/challenges.py", line 434, in post user=user, team=team, challenge=challenge, request=request File "/home/bhs/H1ve/CTFd/plugins/ctfd_glowworm/models.py", line 209, in solve team_id = victim_name.team_id AttributeError: 'Teams' object has no attribute 'team_id' [2020-01-23 22:50:52,544] ERROR in app: Exception on /api/v1/challenges/attempt [POST] Traceback (most recent call last): File "/usr/local/lib/python3.7/site-packages/flask/app.py", line 1813, in full_dispatch_request rv = self.dispatch_request() File "/usr/local/lib/python3.7/site-packages/flask/app.py", line 1799, in dispatch_request return self.view_functionsrule.endpoint File "/usr/local/lib/python3.7/site-packages/flask_restplus/api.py", line 325, in wrapper resp = resource(*args, kwargs) File "/usr/local/lib/python3.7/site-packages/flask/views.py", line 88, in view return self.dispatch_request(*args, *kwargs) File "/usr/local/lib/python3.7/site-packages/flask_restplus/resource.py", line 44, in dispatch_request resp = meth(args, kwargs) File "/home/bhs/H1ve/CTFd/utils/decorators/visibility.py", line 47, in _check_challenge_visibility return f(*args, kwargs) File "/home/bhs/H1ve/CTFd/utils/decorators/init.py", line 21, in during_ctf_time_only_wrapper return f(*args, *kwargs) File "/home/bhs/H1ve/CTFd/utils/decorators/init.py", line 70, in _require_verified_emails return f(args, kwargs) File "/home/bhs/H1ve/CTFd/api/v1/challenges.py", line 434, in post user=user, team=team, challenge=challenge, request=request File "/home/bhs/H1ve/CTFd/plugins/ctfd_glowworm/models.py", line 209, in solve team_id = victim_name.team_id AttributeError: 'Teams' object has no attribute 'team_id' [2020-01-23 23:08:32 +0000] [1] [INFO] Handling signal: winch [2020-01-23 23:08:32 +0000] [1] [INFO] Handling signal: winch 有空帮看看问题出在哪儿,辛苦了!

0akarma commented 4 years ago 
File "/home/bhs/H1ve/CTFd/plugins/ctfd_glowworm/models.py", line 209, in solve
team_id = victim_name.team_id
AttributeError: 'Teams' object has no attribute 'team_id'

你把models.py 209行改成team_id = victim_name.id试试看

longzhs commented 4 years ago

改了,还是出错: File "/home/bhs/H1ve/CTFd/plugins/ctfd_glowworm/models.py", line 209, in solve team_id = victim_name.id AttributeError: 'Teams' object has no attribute 'team_id'

longzhs commented 4 years ago

发现:只在team团队模式下出错。将网站reset改成user用户模式后,AWD评分正常了。

longzhs commented 4 years ago

另外,似乎以前每轮check检查正常的AWD题目,重新run启用后就都通不过检查了。提示: <GlowwormAttacks (transient 139684914484176)> <Submission None, 1, 127.0.0.1, Team6_web_yunnan_simple seems down.>

0akarma commented 4 years ago

改了,还是出错: File "/home/bhs/H1ve/CTFd/plugins/ctfd_glowworm/models.py", line 209, in solve team_id = victim_name.id AttributeError: 'Teams' object has no attribute 'team_id'

这个我改了是没有问题的,你改了之后要重启一下容器才可以

0akarma commented 4 years ago

另外,似乎以前每轮check检查正常的AWD题目,重新run启用后就都通不过检查了。提示: <GlowwormAttacks (transient 139684914484176)> <Submission None, 1, 127.0.0.1, Team6_web_yunnan_simple seems down.>

check的逻辑应该是没问题的,你直接访问一下,看下网站能不能访问就好了。 如果你卡在整点重新run的话,他启动需要时间,所以就会出现这种情况。

longzhs commented 4 years ago

好的,问题都解决了,非常感谢!

Yaoisss commented 4 years ago

containers key 是什么意思?是我环境的密码还是docker的?

0akarma commented 4 years ago

containers key 是什么意思?是我环境的密码还是docker的?

Containers Key 填写 docker 虚拟机内 root 用户的密码

Yaoisss commented 4 years ago

这个root密码我没有,是h1ve虚拟机的密码吗?

Yaoisss commented 4 years ago

h1ve-main这虚拟机吗?

Yaoisss commented 4 years ago

还有frp用的是80端口,我需要更改,才能让web_yunnan_simple 运行起来吗?