diff options
| -rw-r--r-- | .gitea/workflows/workflow.yaml | 94 | ||||
| -rw-r--r-- | .gitignore | 3 | ||||
| -rw-r--r-- | Dockerfile | 14 | ||||
| -rw-r--r-- | README.md | 6 | ||||
| -rw-r--r-- | avala-client-0.1.0.tar.gz | bin | 0 -> 20724 bytes | |||
| -rw-r--r-- | client.py | 17 | ||||
| -rw-r--r-- | exploits/exploit.py | 16 | ||||
| -rw-r--r-- | requirements.txt | 0 | ||||
| -rwxr-xr-x | setup.sh | 5 |
9 files changed, 155 insertions, 0 deletions
diff --git a/.gitea/workflows/workflow.yaml b/.gitea/workflows/workflow.yaml new file mode 100644 index 0000000..4ef0d90 --- /dev/null +++ b/.gitea/workflows/workflow.yaml @@ -0,0 +1,94 @@ +name: Build and Push Docker Image + +on: + push: + branches: + - master + +jobs: + build: + runs-on: ubuntu-latest + + steps: + - name: Checkout code + uses: actions/checkout@v3 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + + - name: Log in to Gitea Docker registry + uses: docker/login-action@v2 + with: + registry: gitea.s1.ctf.rs + username: ${{ secrets.REGISTRY_USERNAME }} + password: ${{ secrets.REGISTRY_PASSWORD }} + + - name: Convert repository name to lowercase + id: convert_repo_name + run: | + REPO_NAME=${{ github.repository }} + LOWER_REPO_NAME=$(echo "$REPO_NAME" | awk '{print tolower($0)}') + echo "LOWER_REPO_NAME=$LOWER_REPO_NAME" >> $GITHUB_ENV + + - name: Get commit details + id: commit + run: | + echo "COMMIT_HASH=$(git rev-parse HEAD)" >> $GITHUB_ENV + echo "COMMIT_NAME=$(git log -1 --pretty=%B | base64)" >> $GITHUB_ENV + echo "COMMIT_DATE=$(date -d "$(git log -1 --pretty=format:%ci)" -u +"%Y-%m-%dT%H:%M:%SZ")" >> $GITHUB_ENV + + - name: Build and push Docker image + id: build + uses: docker/build-push-action@v3 + with: + context: . + push: true + tags: | + gitea.s1.ctf.rs/${{ env.LOWER_REPO_NAME }}:latest + gitea.s1.ctf.rs/${{ env.LOWER_REPO_NAME }}:${{ github.sha }} + + - name: Send POST request + env: + REPO_NAME: ${{ github.repository }} + COMMIT_HASH: ${{ env.COMMIT_HASH }} + COMMIT_NAME: ${{ env.COMMIT_NAME }} + COMMIT_DATE: ${{ env.COMMIT_DATE }} + DOCKER_URL: gitea.s1.ctf.rs/${{ env.LOWER_REPO_NAME }}:${{ github.sha }} + DEPLOY_ATTACK_ENDPOINT: ${{ secrets.DEPLOY_ATTACK_ENDPOINT }} + run: | + RETRY_DELAY=20 + + while true; do + echo "Sending POST request..." + + # Create JSON payload + JSON_PAYLOAD=$(jq -n \ + --arg repo_name "$REPO_NAME" \ + --arg commit_hash "$COMMIT_HASH" \ + --arg commit_message "$COMMIT_NAME" \ + --arg commit_date "$COMMIT_DATE" \ + --arg docker_url "$DOCKER_URL" \ + '{ + repo_name: $repo_name, + commit_hash: $commit_hash, + commit_message: $commit_message, + commit_date: $commit_date, + docker_url: $docker_url + }' + ) + + # Capture HTTP response code + RESPONSE=$(curl --max-time 500 -k -s -o /dev/null -w "%{http_code}" -X POST $DEPLOY_ATTACK_ENDPOINT \ + -H "Content-Type: application/json" \ + -d "$JSON_PAYLOAD" + ) + + # Check HTTP status code + if [ "$RESPONSE" -eq 200 ]; then + echo "Request succeeded." + break + else + echo "Request failed with HTTP status $RESPONSE. Retrying in $RETRY_DELAY seconds..." + sleep $RETRY_DELAY + fi + done diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..47f8598 --- /dev/null +++ b/.gitignore @@ -0,0 +1,3 @@ +venv +.avala +__pycache__ diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..9a8fd07 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,14 @@ +FROM python:3.12-slim + +WORKDIR /app + +COPY requirements.txt /app/ +COPY avala-client-0.1.0.tar.gz /app/ + +RUN pip3 install -r requirements.txt +RUN pip3 install ./avala-client-0.1.0.tar.gz + +COPY client.py /app/ +COPY exploits /app/exploits + +CMD [ "python", "./client.py" ] diff --git a/README.md b/README.md new file mode 100644 index 0000000..f5ee43d --- /dev/null +++ b/README.md @@ -0,0 +1,6 @@ +# Avala Python Exploit +## Local Setup +- `source ./setup.sh` +## Running +- `python3 exploit.py` (production) +- `python3 exploit.py debug` (draft)
\ No newline at end of file diff --git a/avala-client-0.1.0.tar.gz b/avala-client-0.1.0.tar.gz Binary files differnew file mode 100644 index 0000000..df6f4c0 --- /dev/null +++ b/avala-client-0.1.0.tar.gz diff --git a/client.py b/client.py new file mode 100644 index 0000000..6a17f4c --- /dev/null +++ b/client.py @@ -0,0 +1,17 @@ +import sys +from avala import Avala + +avl = Avala( + host="avala.s1.ctf.rs", + protocol="https", + port=443, + username="exploit", + password="najjaca_sifra_do_sad", +) + +avl.register_directory("exploits") + +if len(sys.argv) == 2 and sys.argv[1] == "debug": + avl.workshop() +else: + avl.run() diff --git a/exploits/exploit.py b/exploits/exploit.py new file mode 100644 index 0000000..7a4476a --- /dev/null +++ b/exploits/exploit.py @@ -0,0 +1,16 @@ +from avala import * +import string +import time +import random + + +@exploit( + alias="exploit", + service="CApp", + targets=TargetingStrategy.AUTO, + tick_scope=TickScope.SINGLE, + draft=True, # REMOVE THIS WHEN PUSHING TO PRODUCTION +) +def run_exploit(target: str, flag_ids: str) -> str: + url = f"http://{target}:1337/" + return "" diff --git a/requirements.txt b/requirements.txt new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/requirements.txt diff --git a/setup.sh b/setup.sh new file mode 100755 index 0000000..05586b3 --- /dev/null +++ b/setup.sh @@ -0,0 +1,5 @@ +python3 -m venv venv +source venv/bin/activate +pip3 install -r requirements.txt +pip3 install ./avala-client-0.1.0.tar.gz +echo "Avala Environment Setup" |