Service for A/D CTF training on golang.
Service for fortune-telling by books.
- golang
- postgres
- crypto
- web
- Path traversal on golang by using unsafe method
filepath.Join()
. Sploit. - AES in insecure ECB mode. Sploit.
- Usage low public exponent in RSA. Sploit.
- Insertion of Sensitive Information into Log File.
More details here
cd ./services/fortuneteller
docker-compose up -d
The checker interface matches the description for ructf: https://github.com/HackerDom/ructf-2017/wiki/Интерфейс-«проверяющая-система-чекеры»
cd ./checkers/fortuneteller
python3 checker.py
To use it with ructf jury, you need to change the output format of the checker info
function:
- comment this row https://github.com/seemenkina/fortuneteller/blob/master/checkers/fortuneteller/checker.py#L457
- delete comment from this row https://github.com/seemenkina/fortuneteller/blob/master/checkers/fortuneteller/checker.py#L458
@seemenkina