-
Notifications
You must be signed in to change notification settings - Fork 0
/
info.yml
98 lines (78 loc) · 3.78 KB
/
info.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
# The service name must contain only lowercase letters, numbers, and dashes. It MUST be the same as the repo name, sans "dc2021f-"
service_name: "barb-metal"
description: "OOO's new IOT platform: Ruby on Rails? No. Ruby on Bare Metal x86. Building native extensions. This could take a while...\nthis challenge has no flag limit and can be retired at our discretion"
tags:
- pwn
- reversing
authors:
- crowell
- matt
violates_flag_format: false # if this is not "true", the flag is verfied against the flag format
allow_egress: False # Please sync with the infra guys if your service needs egress
initial_flag: "000AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA1" # TODO: is this ever used outside the tester?
flag_path: /flag # the location of the flag (for fresh flags)
# Type can be normal or king_of_the_hill
type: normal
# Two options here, only for normal services.
# private means private team-team instances, shared means that they are shared.
# This is important to get right in both the game and the infra.
isolation: private
# This is the number of concurrent connections that a container should be able to handle.
# This will be tested by ./tester
# Important if isolation==shared, not so much if isolation==private
concurrent_connections: 1
# This is the timeout that your check scripts will be run as.
check_timeout: 30
#
# Directories below the next two are absolute in either the `service` or `interaction` docker container.
#
# These are the files that will be "public" to the teams via the scoreboard.
# The paths are relative to the repository
# They are published manually. IF YOU CHANGE THEM DURING THE GAME YELL!
public_files:
- service/service
- service/payload.bin
# This is the file that may be patched (only 1 file is supported currently). They are relative to / in the challenge container!
patchable_file: /payload.bin
# The maximum difference in bytes between the original binary and the patch, if not supplied assumed to be 200 bytes
max_patchable_bytes: 5000
# CHECK SCRIPTS ARE CRUCIAL because player-patched binaries must pass them
# Exploit scripts are encouraged, but not mandatory and they are not used during the game
#
# All scripts should exit 0 if nothing went wrong.
# Scripts are automatically determined to be exploit scripts if they start with the word "exploit".
# Exploit scripts must output the flag using "FLAG: <FLAG>" and exit with 0 if the flag was captured correctly.
# The paths are absolute in the `interaction` docker container.
remote_interactions:
- /check1.py
- /exploit1.py
- /exploit2.py
# These local test scripts are run inside of a "local interaction" docker container that is derived from the service container.
# They are for running more hardcore tests (i.e., static analysis, etc).
# The paths are absolute in the `local-test` docker container.
local_tests:
- /check_filetype.sh
- /no-flag-patch.sh
# Services must have a unique game_port during the game
# game_port defaults to container_port, which defaults to the docker EXPOSE (grepped)
# Ideally, make EXPOSE unique and let chalmanager default to that
#
# Default:
#container_port: (auto-grepped from the service Dockerfile)
#game_port: (= container_port)
#
# Or change it to:
#container_port: 5000 # What's in EXPOSE and xinetd's config
#game_port: 4444 # unique port for players to connect to
# Resource limits that will go in k8s
# request_xxx is used for scheduling (overcommitting)
request_memory: 1024M
limit_memory: 1024M
# It's strongly suggested to have a healthcheck regex
# The infrastructure will periodically connect and alert if it doesn't match anymore
# The tester will also simulate this process (once).
#
# Example: healthcheck_tcp: awesome chall
# healthcheck_tcp_send: some intial command
# Example: healthcheck_http: Author Login
healthcheck_http: barb-metal