splunk / botsv1

Creative Commons Zero v1.0 Universal
366 stars 87 forks source link

Scoreboard Error #2

Closed MMoermans closed 6 years ago

MMoermans commented 6 years ago

Whenever I try to fill in an answer I get the Scoreboard Error:

An error has occured. The most common cause is that YOU ARE A hax0r!!

In the logs I see the following:

2018-07-13 13:57:32,877 ERROR Error retrieving the privileged session key.
Traceback (most recent call last):
  File "<string>", line 569, in submit_question
  File "/opt/splunk/lib/python2.7/site-packages/httplib2/__init__.py", line 1611, in request
    (response, content) = self._request(conn, authority, uri, request_uri, method, body, headers, redirections, cachekey)
  File "/opt/splunk/lib/python2.7/site-packages/httplib2/__init__.py", line 1351, in _request
    (response, content) = self._conn_request(conn, request_uri, method, body, headers)
  File "/opt/splunk/lib/python2.7/site-packages/httplib2/__init__.py", line 1272, in _conn_request
    conn.connect()
  File "/opt/splunk/lib/python2.7/site-packages/httplib2/__init__.py", line 1036, in connect
    self.disable_ssl_certificate_validation, self.ca_certs)
  File "/opt/splunk/lib/python2.7/site-packages/httplib2/__init__.py", line 80, in _ssl_wrap_socket
    cert_reqs=cert_reqs, ca_certs=ca_certs)
  File "/opt/splunk/lib/python2.7/ssl.py", line 943, in wrap_socket
    ciphers=ciphers)
  File "/opt/splunk/lib/python2.7/ssl.py", line 611, in __init__
    self.do_handshake()
  File "/opt/splunk/lib/python2.7/ssl.py", line 840, in do_handshake
    self._sslobj.do_handshake()
SSLEOFError: EOF occurred in violation of protocol (_ssl.c:676)

In the scoreboard controller python script I see the following:

       try:
            servercontent = myhttps.request(baseurl + '/services/auth/login', 'POST', headers={},
                                           body=urllib.urlencode({'username':USER, 'password':PASSWORD}))[1]
            answersessionkey = minidom.parseString(servercontent).getElementsByTagName('sessionKey')[0].childNodes[0].nodeValue
        except:
            logger_admin.exception('Error retrieving the privileged session key.')

        Now we use the privileged session key retrieved above to retrieve the ctf_answers lookup which is in the form
        of a KV store collection. We grab it as a json string then load it into a python list of dictionaries.
        If anything goes wrong here, we log to scoreboard_admin.log and redirect the user to the standard error page.
        One of the things that could have gone wrong here is we did not retrieve a valid session key from the config
        file using the code directly above.

Does anyone know what the cause of this error might be?

daveherrald commented 6 years ago

Michiel, can you please email this to bots@splunk.com?