TFNS / CTFNote

CTFNote is a collaborative tool aiming to help CTF teams to organise their work.
GNU General Public License v3.0
522 stars 61 forks source link

Create HITCON CTF parser #286

Closed daanbreur closed 4 months ago

daanbreur commented 4 months ago

Feature A parser for the hitcon ctf api.

TODO

JJ-8 commented 4 months ago

For testing purposes, here is the JSON blob I used for testing the HITCON parser:

[{"id": 1, "name": "Personal Web Space 1", "description": "Your dream space to create your own website.  \r\n\r\n<http://www.pws.chal.hitconctf.com/>", "category": "misc, web", "score": 262, "author": "t510599", "solved_times": 27, "solved": true, "hint": null, "is_opened": true}, {"id": 2, "name": "Personal Web Space 2", "description": "Dear hacker,  \r\nI noticed that someone called flagholder has the flag, can you login to his account to find the secret for me?  \r\nFlag format: `hitcon{<unix password hash of flagholder>}`", "category": "misc", "score": 305, "author": "t510599", "solved_times": 15, "solved": true, "hint": null, "is_opened": true}, {"id": 3, "name": "wtfkeylogger", "description": "**Warning**: This binary is a real malware. Please run it in a safe environment.\r\n\r\nI found a suspicious keylogger on my PC.\r\nHelp me understand what it's doing.\r\n\r\n\r\n<https://storage.googleapis.com/hitcon-ctf-2024-qual-attachment/wtfkeylogger/wtfkeylogger-2d758db3bf0852ad8258d0d13f151c0fe50aa010.tar.gz>", "category": "rev, crypto", "score": 360, "author": "wxrdnx", "solved_times": 7, "solved": false, "hint": null, "is_opened": true}, {"id": 4, "name": "Seccomp Hell", "description": "Some challenges are userland pwns, others are kernel pwn, still others are sandbox escapes.\r\nIn Seccomp Hell, you can get all three for free <3\r\n\r\n**Note**: Try getting a ***full root shell*** for this challenge\r\n\r\n~~Instancer: `http://seccomphell.chal.hitconctf.com:30000/`~~\r\n\r\n~~***`nc seccomphell.chal.hitconctf.com 50000`***~~\r\n\r\nInstancer v2: `http://seccomphell.chal.hitconctf.com:30000/`\r\n\r\n<https://storage.googleapis.com/hitcon-ctf-2024-qual-attachment/seccomphell/seccomphell-fe8e817a92294a8810182a9c9737d83083554b61.tar.gz>", "category": "pwn", "score": 305, "author": "wxrdnx", "solved_times": 15, "solved": true, "hint": null, "is_opened": true}, {"id": 5, "name": "penguin and crab", "description": "\ud83d\udc27<https://www.youtube.com/watch?v=sCszdeWTzKs&t=0s>\r\n\ud83e\udd80<https://www.youtube.com/watch?v=qElvTW-8-W8&t=0s>.\r\n\r\n\r\n<https://storage.googleapis.com/hitcon-ctf-2024-qual-attachment/penguin-and-crab/penguin-and-crab-276719eb79c08d95ecaa6075e317b0641fb15d1f.tar.gz>", "category": "rev", "score": 268, "author": "wxrdnx", "solved_times": 25, "solved": true, "hint": null, "is_opened": true}, {"id": 6, "name": "waifutwox", "description": "**Note: submit the flag as `flag.replace('Q', '{').replace('Z', '}').lower()`**\r\n\r\nWeebs: 2D waifus are better than 3D girls because they are adorable and not annoying.\r\nThe 2D waifus: <https://storage.googleapis.com/hitcon-ctf-2024-qual-attachment/waifutwox/waifutwox-f2d7aa662f71515ed0edc5a7b299ce8c0fb80b71.tar.gz>", "category": "rev, misc", "score": 360, "author": "wxrdnx", "solved_times": 7, "solved": true, "hint": null, "is_opened": true}, {"id": 7, "name": "ECLCG", "description": "LCG is fun, ECDSA is fun too, so why not combine them together?\r\n\r\n[eclcg.tar.gz](https://storage.googleapis.com/hitcon-ctf-2024-qual-attachment/eclcg/eclcg-6337bccedd99545c3d8075968822700284d9512b.tar.gz)", "category": "crypto", "score": 421, "author": "maple3142", "solved_times": 3, "solved": false, "hint": null, "is_opened": true}, {"id": 8, "name": "Flag Reader", "description": "Update a tar with flag.txt (if you can), and I will read it for you.\r\n\r\n[flag_reader.tar.gz](https://storage.googleapis.com/hitcon-ctf-2024-qual-attachment/flag_reader/flag_reader-d2c3fa42e56f65b5c09b72a55be2e11cf3384d54.tar.gz)\r\n\r\n`nc flagreader.chal.hitconctf.com 22222`", "category": "misc", "score": 271, "author": "maple3142", "solved_times": 24, "solved": true, "hint": null, "is_opened": true}, {"id": 9, "name": "Hyper512", "description": "I don\u2019t know how to design a secure stream cipher, but a large key space should be sufficient to block most attacks right?\r\n\r\n[hyper512.tar.gz](https://storage.googleapis.com/hitcon-ctf-2024-qual-attachment/hyper512/hyper512-81fe54e5ee9a71b04abc04c7558e753270e67e22.tar.gz)", "category": "crypto", "score": 371, "author": "maple3142", "solved_times": 6, "solved": false, "hint": null, "is_opened": true}, {"id": 10, "name": "MatProd", "description": "A zero-day challenge for a crypto paper?!\r\n\r\n[matprod.tar.gz](https://storage.googleapis.com/hitcon-ctf-2024-qual-attachment/matprod/matprod-b05aa9e1f1271be947f2432e23de8071d47d71d5.tar.gz)", "category": "crypto", "score": 500, "author": "maple3142", "solved_times": 1, "solved": false, "hint": null, "is_opened": true}, {"id": 11, "name": "Private Browsing+", "description": "This is a proxy to your favorite websites that automatically strips unnecessary annoyances. It is a complete rewrite of [Private Browsing](https://github.com/maple3142/My-CTF-Challenges/tree/master/AIS3%20Pre-exam%202022/Private%20Browsing).\r\n\r\n[private_browsing_plus.tar.gz](https://storage.googleapis.com/hitcon-ctf-2024-qual-attachment/private_browsing_plus/private_browsing_plus-9c3736d0296c04c2571f8cefdc33142d1f7974b7.tar.gz)\r\n\r\nURL: [https://privatebrowsingplus.chal.hitconctf.com/](https://privatebrowsingplus.chal.hitconctf.com/)\r\nBot: [https://privatebrowsingplus.chal.hitconctf.com:8443/](https://privatebrowsingplus.chal.hitconctf.com:8443/)", "category": "web", "score": 450, "author": "maple3142", "solved_times": 2, "solved": false, "hint": null, "is_opened": true}, {"id": 12, "name": "RClonE", "description": "Rclone is a CLI that syncs your files to various cloud storage. But do you know it also have a built-in web UI?\r\n\r\n[rclone.tar.gz](https://storage.googleapis.com/hitcon-ctf-2024-qual-attachment/rclone/rclone-3dc8d6e88e14bc6f19aa6fbed2aea25153761a1d.tar.gz)\r\n\r\nInstancer: [https://rclone.chal.hitconctf.com/](https://rclone.chal.hitconctf.com/)\r\nNote: Please solve this challenge locally first then run your solver on the remote server.", "category": "web", "score": 262, "author": "maple3142", "solved_times": 27, "solved": true, "hint": null, "is_opened": true}, {"id": 13, "name": "Truth of NPM", "description": "Do you ever wonder how much weight does adding a NPM package to your project add?\r\n\r\n[truth_of_npm.tar.gz](https://storage.googleapis.com/hitcon-ctf-2024-qual-attachment/truth_of_npm/truth_of_npm-511dcf7b0f2f3b0b8446797bdec2972cf7f6c3b0.tar.gz)\r\n\r\nInstancer: [https://truthofnpm.chal.hitconctf.com/](https://truthofnpm.chal.hitconctf.com/)\r\nNote: Please solve this challenge locally first then run your solver on the remote server.", "category": "web", "score": 371, "author": "maple3142", "solved_times": 6, "solved": true, "hint": null, "is_opened": true}, {"id": 14, "name": "ZKPoF", "description": "I will use zero-knowledge proof to prove the knowledge for the factorization of n=p*q, so you wouldn\u2019t be able to learn anything from it.\r\n\r\n[zkpof.tar.gz](https://storage.googleapis.com/hitcon-ctf-2024-qual-attachment/zkpof/zkpof-71a2e2358509491ea905ef54a7736ea1db6ec0ff.tar.gz)\r\n\r\n`nc zkpof.chal.hitconctf.com 11111`", "category": "crypto", "score": 321, "author": "maple3142", "solved_times": 12, "solved": false, "hint": null, "is_opened": true}, {"id": 15, "name": "BrokenShare", "description": "I implemented another secret sharing this year, but it doesn\u2019t recover the flag correctly. Can you help me fix it and recover the flag?\r\n\r\n[brokenshare.tar.gz](https://storage.googleapis.com/hitcon-ctf-2024-qual-attachment/brokenshare/brokenshare-4af73c97cbac939d9eade6a32503050a7403ba47.tar.gz)", "category": "crypto", "score": 265, "author": "maple3142", "solved_times": 26, "solved": true, "hint": null, "is_opened": true}, {"id": 16, "name": "AntiVirus", "description": "It seems to be hard to reverse-engineer the anti-virus signature???\r\n\r\nAttachment: <https://storage.googleapis.com/hitcon-ctf-2024-qual-attachment/antivirus/antivirus-8acf90164f9aed0ce5e4018b3e9ea66a203022e5.tar.gz>", "category": "rev", "score": 246, "author": "hank_chen", "solved_times": 34, "solved": true, "hint": null, "is_opened": true}, {"id": 17, "name": "reEscape", "description": "Escape the virtual machine again!\r\n\r\n`nc reescape.chal.hitconctf.com 1337`\r\n\r\nNote: You can login as root.\r\n\r\n<https://storage.googleapis.com/hitcon-ctf-2024-qual-attachment/reescape/reescape-af42652389044232f9f5da75dee29a72ad840d33.tar.gz>", "category": "pwn", "score": 500, "author": "yingmuo", "solved_times": 1, "solved": false, "hint": null, "is_opened": true}, {"id": 18, "name": "Halloween", "description": "Try to find the gift in Halloween service \ud83c\udf83 !\r\n\r\nInstancer: `http://halloween.chal.hitconctf.com`\r\n\r\nNote: Please solve this challenge locally first then run your solver on the remote server, and each team needs to **wait 10 mins** to create a new instance.\r\n\r\n<https://storage.googleapis.com/hitcon-ctf-2024-qual-attachment/halloween/halloween-40d5819398d8af8d3d264f8da4e1a59bbb348371.tar.gz>", "category": "pwn", "score": 500, "author": "pumpkin", "solved_times": 1, "solved": false, "hint": [{"content": "The three hints below all refer to different vulnerabilities in my intended solution.\r\n\r\n1. Only admin can perform read / write operation, but the admin check in login operation looks weird\r\n2. Wait, my read / write operation got broken when I sent less data than expected\r\n3. It is unsafe to use the same grip in some situations", "public_time": 1720924453.0}], "is_opened": true}, {"id": 19, "name": "ImagikaTragicka", "description": "Execute `/readflag give me the flag` to get the flag.\r\n\r\n<https://storage.googleapis.com/hitcon-ctf-2024-qual-attachment/ImagikaTragicka/ImagikaTragicka-e83fc3ec73ccf441815a0de2bd50ab5a8f9c71d7.tar.gz>\r\n\r\nInstancer: <https://imagikatragicka.chal.hitconctf.com>\r\nNote: Please solve this challenge locally first then run your solver on the remote server.\r\n\u200b\r\nCredit: Some ideas of this challenge are from maple3142", "category": "web, misc", "score": 500, "author": "lebr0nli", "solved_times": 1, "solved": false, "hint": [{"content": "You might have already guessed, this problem requires an ImageMagick 0day (kind of) to solve it.\r\nThe bug I used in my intended solution is quite different from all of its past vulnerabilities, so reading ImageMagick's source code to understand how it handles certain file is not really necessary.\r\nTry thinking outside the box and make sure you don't miss any details!\r\n(However, we notice some unintended solutions can do the similar things, so feel free to just ignored what i said and use your own ImageMagick 0day to solve it, it should be very cool :p)", "public_time": 1720922400.0}], "is_opened": true}, {"id": 20, "name": "Echo as a Service", "description": "Execute `/readflag give me the flag` to get the flag.\r\n\r\n<https://storage.googleapis.com/hitcon-ctf-2024-qual-attachment/eaas/eaas-a9e76a905cbde9556353890f49ca9bc6bcd3aade.tar.gz>\r\n\r\nInstancer: <https://eaas.chal.hitconctf.com>\r\nNote: Please solve this challenge locally first then run your solver on the remote server.\r\n\r\nCredit: Some ideas of this challenge are from maple3142", "category": "web", "score": 238, "author": "lebr0nli", "solved_times": 38, "solved": true, "hint": null, "is_opened": true}, {"id": 21, "name": "Lustrous", "description": "\"In a world inhabited by crystalline lifeforms called The Lustrous, every unique gem must fight for their way of life against the threat of lunarians who would turn them into decorations.\" \u2013 Land of the Lustrous\r\n\r\n`nc lustrous.chal.hitconctf.com 31337`\r\n\r\n[lustrous-e8b4ee1f74b5f0f2392436f5def8bc5ede435bbf.tar.gz](https://storage.googleapis.com/hitcon-ctf-2024-qual-attachment/lustrous/lustrous-e8b4ee1f74b5f0f2392436f5def8bc5ede435bbf.tar.gz)", "category": "web3", "score": 327, "author": "minaminao (DeFiHackLabs)", "solved_times": 11, "solved": false, "hint": null, "is_opened": true}, {"id": 22, "name": "No-Exit Room", "description": "Alice, Bob, and David are each locked in separate rooms. In each room, they have a unique private input and polynomial. If their private input is leaked, the room will be permanently locked.\r\n\r\nThey can communicate with each other via channels, but every message transmitted through these channels is monitored.\r\n\r\nTo escape, they must collaboratively calculate the sum of their private inputs without revealing them. Only by doing so can they unlock the doors and gain their freedom.\r\n\r\n`nc no-exit-room.chal.hitconctf.com 31337`\r\n\r\n[noexitroom-86ae89dadca8f5b78db0488f5f5e0fcf3b3aed77.tar.gz](https://storage.googleapis.com/hitcon-ctf-2024-qual-attachment/noexitroom/noexitroom-86ae89dadca8f5b78db0488f5f5e0fcf3b3aed77.tar.gz)", "category": "web3", "score": 250, "author": "wiasliaw (DeFiHackLabs)", "solved_times": 32, "solved": true, "hint": null, "is_opened": true}, {"id": 23, "name": "Revisual", "description": "Try to break into this beautiful starry vault.\r\n\r\n<http://revisual.chal.hitconctf.com/>\r\n\r\nAttachment: <https://storage.googleapis.com/hitcon-ctf-2024-qual-attachment/revisual/revisual-8acf90164f9aed0ce5e4018b3e9ea66a203022e5.tar.gz>", "category": "rev", "score": 255, "author": "bronson113", "solved_times": 30, "solved": false, "hint": null, "is_opened": true}, {"id": 24, "name": "PCBC Revenge", "description": "I see what I did wrong last time, now it's fixed.\r\n\r\n[Link to the original challenge](https://github.com/bronson113/My_CTF_Challenges/tree/main/b01lersCTF2024/counter_block_chaining)\r\n\r\n`nc pcbcrevenge.chal.hitconctf.com 3000`\r\n\r\nAttachment: <https://storage.googleapis.com/hitcon-ctf-2024-qual-attachment/pcbcrevenge/pcbcrevenge-8acf90164f9aed0ce5e4018b3e9ea66a203022e5.tar.gz>", "category": "crypto", "score": 360, "author": "bronson113", "solved_times": 7, "solved": false, "hint": null, "is_opened": true}, {"id": 25, "name": "Gleamering Star", "description": "Like a star in the sky, gleamering, remembering all the things we've done.\r\n\r\nInstancer: <http://gleamering.chal.hitconctf.com/>\r\n\r\nAttachment: <https://storage.googleapis.com/hitcon-ctf-2024-qual-attachment/gleamering/gleamering-8acf90164f9aed0ce5e4018b3e9ea66a203022e5.tar.gz>", "category": "crypto, web", "score": 360, "author": "bronson113", "solved_times": 7, "solved": false, "hint": null, "is_opened": true}, {"id": 26, "name": "Gleamering Hope", "description": "At last, when all sights of light disappear, only the hope gleamering within you.\r\n\r\nPS. This is part 2 to Gleamering Star\r\n\r\nInstancer: <http://gleamering.chal.hitconctf.com/>\r\n\r\nAttachment: <https://storage.googleapis.com/hitcon-ctf-2024-qual-attachment/gleamering/gleamering-8acf90164f9aed0ce5e4018b3e9ea66a203022e5.tar.gz>", "category": "pwn", "score": 400, "author": "bronson113", "solved_times": 4, "solved": false, "hint": null, "is_opened": true}, {"id": 27, "name": "setjmp", "description": "setjmp, longjmp  - performing a nonlocal goto\r\n\r\n`nc setjmp.chal.hitconctf.com 1337`\r\n\r\n<https://storage.googleapis.com/hitcon-ctf-2024-qual-attachment/setjmp/setjmp-eb24f3fa7ace97180f8af895e3858ede02697f5d.tar.gz>", "category": "pwn", "score": 230, "author": "nella17", "solved_times": 42, "solved": true, "hint": null, "is_opened": true}, {"id": 28, "name": "V8 SBX", "description": "Oh, another V8 heap sandbox escape challenge.\r\nBut this time, we don't need you to search for sandbox-related fixes and create a n-day exploit.\r\n\r\n`nc v8sbx.chal.hitconctf.com 1337`\r\n\r\n<https://storage.googleapis.com/hitcon-ctf-2024-qual-attachment/v8sbx/v8sbx-41521b9ab15ddbb03a1a083a164f3c4f82d3f12a.tar.gz>", "category": "pwn, misc", "score": 244, "author": "ljp_tw", "solved_times": 35, "solved": true, "hint": null, "is_opened": true}, {"id": 29, "name": "Welcome", "description": "Flag: `hitcon{\u4dda\u4dfd\u4dd3\u4dda!!I_have_no_idea_for_the_welcome_challenge_Q_Q}`\r\n\r\nNote: Flag format for this challenge is: `hitcon{.+}`", "category": "Misc", "score": 50, "author": null, "solved_times": 936, "solved": true, "hint": null, "is_opened": true}, {"id": 30, "name": "V8 SBX Revenge", "description": "`nc v8sbx.chal.hitconctf.com 1338`\r\n\r\n<https://storage.googleapis.com/hitcon-ctf-2024-qual-attachment/v8sbx_revenge/v8sbx_revenge-772b4668c5867082df541cfcecaa0f81caaf36e8.tar.gz>", "category": "pwn", "score": 315, "author": "ljp_tw", "solved_times": 13, "solved": true, "hint": null, "is_opened": true}]