-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathinfo.yml
66 lines (51 loc) · 2.45 KB
/
info.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
# Info for the schoreboard
service_name: "super-smash-ooos"
description: "The biggest pay-per-view event of the year live streaming Super Smash OOOs is starting in a few minutes. But who wants to pay $59.99, when you can watch it for free? "
tags:
- pwn
- reverse
- web
violates_flag_format: false # if this is not "true", the flag is verfied against the flag format
game_port: 8888
# At some point we may start blocking all egress connections. Set this to True if your service needs them. DO NOT RELY ON THIS FOR BLOCKING THOUGH.
allow_egress: False
initial_flag: "OOO{this is a test flag}" # this is the flag of the service
flag_path: /flag # the location of the flag (for fresh flags). Leave blank for single-flag services (i.e., quals)
# Type can be normal or king_of_the_hill
type: normal
# This is the number of concurrent connections that a container should be able to handle.
# This will be tested by the test script
concurrent_connections: 16
authors:
- trickE
#
# Directories below the next two are absolute in either the `service` or `interaction` docker container.
#
# These are the files that will be "public" to the teams via the scoreboard.
# The paths are relative to the repository!
# I'm not exposing the sendcc.js b/c they should be able to figure out that it's using the callbacks from
# the source code in the wasm that adds the functions.
public_files:
- service/src/includes/sendcc.wasm
- service/src/includes/sendcc.js
- service/src/cgi-bin/process.js
#the patchable object is limited to a single file.
patchable_file: /app/includes/sendcc.wasm
# The maximum difference in bytes between the original binary and the patch, if not supplied assumed to be 200 bytes
max_patchable_bytes: 8
# Test scripts are heavily encouraged.
# All scripts should exit 0 if nothing went wrong.
# Scripts are automatically determined to be exploit scripts if they start with the word "exploit".
# Exploit scripts must output the flag using "FLAG: <FLAG>" and exit with 0 if the flag was captured correctly.
# The paths are absolute in the `interaction` docker container.
remote_interactions:
- /exploit1.py
- /exploit2.py
- /check1.py
- /check2.py
- /check3.py
# These local test scripts are run inside of a "local interaction" docker container that is derived from the service container.
# They are for running more hardcore tests (i.e., static analysis, etc).
# The paths are absolute in the `local-test` docker container.
local_tests:
- /check_filetype.sh