Service for A/D CTF training on golang.
Service for fortune-telling by books.
- golang
- postgres
- crypto
- web
- Path traversal on golang by using unsafe method
filepath.Join(). Sploit. - AES in insecure ECB mode. Sploit.
- Usage low public exponent in RSA. Sploit.
- Insertion of Sensitive Information into Log File.
More details here
cd ./services/fortuneteller
docker-compose up -dThe checker interface matches the description for ructf: https://github.com/HackerDom/ructf-2017/wiki/Интерфейс-«проверяющая-система-чекеры»
cd ./checkers/fortuneteller
python3 checker.py To use it with ructf jury, you need to change the output format of the checker info function:
- comment this row https://github.com/seemenkina/fortuneteller/blob/master/checkers/fortuneteller/checker.py#L457
- delete comment from this row https://github.com/seemenkina/fortuneteller/blob/master/checkers/fortuneteller/checker.py#L458
@seemenkina