My-CTF-Web-Challenges/hitcon-ctf-2020/oShell/oShell-wrapper.py at master · orangetw/My-CTF-Web-Challenges · GitHub

Name: My-CTF-Web-Challenges/hitcon-ctf-2020/oShell/oShell-wrapper.py at master · orangetw/My-CTF-Web-Challenges · GitHub
Rating: 4.8 (5007 reviews)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
#!/usr/bin/python -u
importos, sys
importpty
importuuid
importrequests
fromtimeimportsleep
fromtempfileimportmkstemp
fromsubprocessimportcheck_output

COLORS= {
'header': '\033[95m',
'blue': '\033[94m',
'cyan': '\033[96m',
'green': '\033[92m',
'warning': '\033[93m',
'fail': '\033[91m',
'endc': '\033[0m',
'bold': '\033[1m',
'underline': '\033[4m',
'blink': '\033[5m',
}

defcheck_token(token):
def_is_valid_uuid(s):
try:
returnuuid.UUID(s) isnotNone
except:
returnFalse

if_is_valid_uuid(token):
r=requests.get('https://ctf2020.hitcon.org/team/token_auth?token=%s'%token)
returnr.json().get('id')
# else:
# if token == 'orange':
# return True

defmy_exec(cmds):
returncheck_output(cmds)

def_color(s, color=''):
code=COLORS.get(color)
ifcode:
returnCOLORS['bold'] +code+s+COLORS['endc'] +COLORS['endc']
else:
returns

if__name__=='__main__':
token=raw_input(_color('Team token: ', 'bold')).strip()
ifnottokenornotcheck_token(token):
print(_color('Bad token. Bye!\n', 'warning'))
exit(-1)

name='team-%s'%token
cmds= [
'sudo',
'docker', 'ps', '-q',
'-f', 'name=%s'%name
 ]
container_id=my_exec(cmds)
ifcontainer_id:
print(_color('[*] Connecting to initialized instance...\n', 'bold'))
else:
print(_color('[*] Initializing instance...\n', 'bold'))

_, tmp_name=mkstemp(prefix='%s_'%name, dir='/home/orange/tmp/')
withopen(tmp_name, 'wb+') asfp:
fp.write('this-is-secret-'+os.urandom(8).encode('hex'))

os.chmod(tmp_name, 0o444)
cmds= [
'sudo',
'docker', 'rm', '-f', name
 ]
try:
withopen(os.devnull, 'w') asdevnull:
check_output(cmds, stderr=devnull)
except:
pass

cmds= [
'sudo',
'docker', 'run', '-d', '--rm',
'--env', 'LOG_HOST=172.17.0.1',
'-v', '%s:/enable.secret'%tmp_name,
'--name', name,
'oshell'
 ]
my_exec(cmds)
sleep(2)

cmds= [
'sudo',
'docker', 'exec', '-ti',
'-u', 'oShell',
name,
'python', '/oShell.py', 'tty'
 ]

pty.spawn(cmds)