Skip to content

seemenkina/fortuneteller

Repository files navigation

ZPD-training-service

Service for A/D CTF training on golang.

fortuneteller

Service for fortune-telling by books.

Tags

  • golang
  • postgres
  • crypto
  • web

Vulnerabilities

  • Path traversal on golang by using unsafe method filepath.Join(). Sploit.
  • AES in insecure ECB mode. Sploit.
  • Usage low public exponent in RSA. Sploit.
  • Insertion of Sensitive Information into Log File.

More details here

Deploy

Service

cd ./services/fortuneteller
docker-compose up -d

Checker

The checker interface matches the description for ructf: https://github.com/HackerDom/ructf-2017/wiki/Интерфейс-«проверяющая-система-чекеры»

cd ./checkers/fortuneteller
python3 checker.py 

To use it with ructf jury, you need to change the output format of the checker info function:

Contributors

@seemenkina