Some small records of the I-SOON Cup Of CUIT CTF Competition final

img

The 2020 i-soon cup finals have been successfully held. D0g3’s every member have worked hard. This competition feels great. After all, I have experienced a lot and learned a lot. My experience of this competition is as follows.

D0g3’s internal self-developed awd platform without documentation, various error reports emerge in an endless stream. After a week of tossing about the platform construction and test challenges, We have basically been tested on ourself’s servers. The day before the competition, everyone was happily coming to the i-soon company. When we came to i-soon company, They asked us directly what virtual machine mirror we wanna give. We were a little bit confused about that. What we need is a server. We need to build the d0g3’s awd platform on their server, Then the i-soon company took two or three hours to configure a server that to give us. We started to have communication problems with each other. We didn’t know what each other’s needs were and what tasks we to do. Later we knew that i-soon had their internal competition platform, we don’t know anything about the ctf platform. After we got to the server, because I forgot to take network cable changer, I set a intranet expose on another intranet’s computer, so that public network can connect to the intranet server. It’s been a half of day for building our awd platform on their server. When we prepared the test challenges and compiled the docker image. The result was that the container failed to start the docker container. That’s too bad! It never happened to us. We searched on the google and to asked every master, they don’t know what error it was. After a few hours of tossing, everyone had crashed. Everyone didn’t know what was going on. It was dark. i-soon operation and maintenance manager told us that “If there is no way to fix it,you build a VMware virtual machine image, then I can import this image to our VMware as a server”. Everyone was exhausted, but we were still working on it. We started to build the platform from 0 to 1. After the building our platform on our virtual machine was completed, All challenges can compiled. No any error.

Come today, it is equivalent to do nothing. Long brother who penetrated from the intranet can’t rebound the shell in i-soon’s network, The day was wasted, And the i-soon’s member said that they will hold the ctf competition the next day, only can test challenges In the next evening . Oh shit! We deal with them for a long time on small problems, let alone tomorrow test. . . Everyone went back to school dingy at night.

Came to i-soon at 5 pm the next day, I wrote a batch management script for docker container , and began to rewrite the interface corresponding to their database, and also needed to map the team name and debug this. It basically took half an hour to return the results of an interface, They also had a problem there, and they kept adjusting. It was about 10 o’clock in the evening before they successfully tested an interface for generating and submitting flags. Later, It began to work on their platform. But we compiled challenge did not generate flags. Because the flag generation mechanism was running in the container, and some Python libraries are required to use their interface, we need to modify the dockerfile and recompile the image for this problem, then we also found that it can’t start flag.py, and got a original container name not a real team name. I have to split the string to get the team name. At 12 o’clock in the evening, the first pwn challenge was tested, the first flag was submitted, and then the checking mechanism interface was written. But the checking mechanism interface over there is wrong, I also debugged it for a long time. After I adjusted it and i-soon adjusted it, I tested one and called this interface. It’ was ok, The test is no any problem, I continued to test pwn2 challenge. The pwn2 challenge was still smooth. It has been more than am 1 o’clock and the rules of the ctf are still not written. We have to continue to test our challenges, and they also can’t wait it anymore, because currently there are only two pwns that can submit the flag to get through, they felt nothing to do then back home to sleep. We just tested penetration and pwn , but everyone did not give up and continued to test the web challenges. It was too slow to pull the mirror image and update the source for building web docker image, I found that there was also a problem with the DNS. After using the default apt source and modifying the DNS, pull The mirror image is much faster. After 2 am, the php challenge is OK. Everyone also wrote down and wrote the corresponding check mechanism. Continue to test java challenge. There are many java error, the spring boot cannot be started. We have to change the source code. Master Cheng They got it with Master Liu and they did it for a long time. . . It’s hard work. There is also a proxy code in the check mechanism code that was not deleted, which caused every check to fail! At 4 o’clock, I went to bed first, while the other masters continued to modify the web challenges.

In the morning, I put the check mechanism of each challenge under unified operation management. Basically there is no problem. We started all the questions to test whether each challenge can be solved. Basically all the challenge are accessible. The python problem is solved. But there is still a problem. The other masters did not succeed until two hours before the start of the ctf awd mode. The Intranet Penetration mode was released at 9 in the morning, and AWD mode was opened at 12:30 noon. We did not do a stress test and tested each team account one by one on the platform. Just hope it ok! At 10 o’clock, the container was first generated, and then each team’s account was registered. The port and ssh also have passwords. They were distributed by Master Chen to one of the team members at 12:25. When the awd mode was turned on at 12:30, I started to check mechanism service. At the beginning, each player went crazy on php waf, and then kept going After being checked, some people started to patch pwn1, and then some people started to be checked in pwn1, python, and java, and pwn2 also checked in the end. Every time you check, I have to cut a screenshot in my laptop send to QQ group to notify all people, which is not very convenient. Fortunately, Mr. Xiao and the others have a QQ robot push interface, Just modify the check script, then push the result of check message of each challenge to the QQ group in a turn. Some teams uploaded modfied pwn1 binary files deleted immediately by other teams, and there are also some through the nc rebound shell. . . Every time a batch attack or batch check, everyone will booze and nervous. The atmosphere of the ctf competition is very energetic, I won’t go into details here. Today’s ctf is very satisfied

Back school after eating hot pot. A nice experience for me!