htb updates and ductf update

2023-09-01 16:37:29 +02:00
parent 82b0759f1e
commit c42b50e6fd
38 changed files with 317 additions and 19 deletions
--- a/2023/beginner/static
+++ b/2023/beginner/static
@@ -0,0 +1,60 @@
+https://web-static-file-server-9af22c2b5640.2023.ductf.dev/files/not_the_flag.txt ->
+
+```
+The real flag is at /flag.txt
+```
+
+https://web-static-file-server-9af22c2b5640.2023.ductf.dev/flag.txt ->
+
+```
+404
+```
+
+Web source code
+```python
+from aiohttp import web
+
+async def index(request):
+    return web.Response(body='''
+        <header><h1>static file server</h1></header>
+        Here are some files:
+        <ul>
+            <li><img src="/files/ductf.png"></img></li>
+            <li><a href="/files/not_the_flag.txt">not the flag</a></li>
+        </ul>
+    ''', content_type='text/html', status=200)
+
+app = web.Application()
+app.add_routes([
+    web.get('/', index),
+
+    # this is handled by https://github.com/aio-libs/aiohttp/blob/v3.8.5/aiohttp/web_urldispatcher.py#L654-L690
+    web.static('/files', './files', follow_symlinks=True)
+])
+web.run_app(app)
+```
+
+Dockerfile:
+```docker
+FROM python:3.10
+
+WORKDIR /app
+COPY app.py .
+COPY flag.txt /flag.txt
+COPY files/ files/
+
+RUN pip3 install aiohttp
+
+RUN /usr/sbin/useradd --no-create-home -u 1000 ctf
+USER ctf
+
+CMD ["python3", "app.py"]
+```
+
+=> Flag in root dir 
+
+=> need to make the server read the arbitrary file
+
+
+Wenn wir symlinks erstellen könnten können wir einen symlink ins root verzeichnis erstellen
+