O Welcome, 10.1.0.3 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C quit() O O bye! O Timeout; bye L closing O Welcome, 10.1.0.3 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M n/a n/a n/a n/a 10.1.0.3 2 HackBS n/a n/a n/a n/a 10.2.0.3 3 45564F n/a n/a n/a n/a 10.3.0.3 4 !eof n/a n/a n/a n/a 10.4.0.3 scorebot > C quit() O O bye! O Timeout; bye L closing O Welcome, 10.1.0.3 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C reportadvisory(1, readtext()) O Max 100 lines; max 256 chars per line O Write some text, finish with a single dot on a separate line (^\.$) 0> C few 1> C 2> C 3> C (remove this and the next line) 4> C (be sure to read ~/.ctf_advreadme before reporting advisories.) 5> C 6> C New advisory by : 7> C Affected service(s) : 8> C Severity [lmh] : 9> C 10> C ===== Problem ===== 11> C 12> C ===== Impact ===== 13> C 14> C ===== Fix ===== 15> C 16> C . O Your advisory has been reported. scorebot > C quit() O O bye! O Timeout; bye L closing O Welcome, 10.1.0.3 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C reportadvisory(1, readtext()) O Max 100 lines; max 256 chars per line O Write some text, finish with a single dot on a separate line (^\.$) 0> C New advisory by : team1 1> C Affected service(s) : stk 2> C Severity [lmh] : h 3> C 4> C ===== Problem ===== 5> C /usr/services/stk/stk 6> C Files: add.php 7> C Line: 11-12 8> C File: index.php 9> C Line: 10-11 10> C File: save_add.php 11> C Line: 13-14 12> C File: search.php 13> C Line: 11-12 14> C File: test.php 15> C Line: var-ausgabe 16> C all XSS 17> C ===== Impact ===== 18> C XCSS 19> C ===== Fix ===== 20> C 21> C . O Your advisory has been reported. scorebot > C quit() O O bye! O Timeout; bye L closing O Welcome, 10.1.0.3 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C quit() O O bye! O Timeout; bye L closing O Welcome, 10.1.0.3 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C reportadvisory(1, readtext()) O Max 100 lines; max 256 chars per line O Write some text, finish with a single dot on a separate line (^\.$) 0> C 1> C New advisory by : team1 2> C Affected service(s) : Webserver 3> C Severity [lmh] : h 4> C 5> C ===== Problem ===== 6> C php script auth. user against file "accounts" in webroot; 7> C file accounts is downloadable; 8> C ===== Impact ===== 9> C passwds within (sha) may be cracked 10> C ===== Fix ===== 11> C move accounts file 12> C change corresponding php file 13> C 14> C . O Your advisory has been reported. scorebot > C quit() O O bye! O Timeout; bye L closing O Welcome, 10.1.0.3 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C reportadvisory(1, readtext()) O Max 100 lines; max 256 chars per line O Write some text, finish with a single dot on a separate line (^\.$) 0> C new advisory by : Team 1, duracell 1> C Affected service(s) : Strafkartei 2> C Severity [lmh] : m 3> C 4> C ===== Problem ===== 5> C Bad default password (foobar) in Strafkartei service 6> C 7> C ===== Impact ===== 8> C Any user can login as admin and have full access in every default installation 9> C 10> C ===== Fix ===== 11> C 12> C Change password in accounts with a new sha1 hashed password. 13> C . O Your advisory has been reported. scorebot > C quit() O O bye! O Timeout; bye L closing O Welcome, 10.1.0.3 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C quit() O O bye! O Timeout; bye L closing O Welcome, 10.1.0.3 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C reportflag( 1 ,"1409dfad096f0ff1df9fdfd407ca38dc8d342706d9f7b179") O O Flag "1409dfad096f0ff1df9fdfd407ca38dc8d342706d9f7b179" does not exist! scorebot > C reportflag( 1 ,"") O O Flag "" does not exist! scorebot > C reportflag( 1 ,"") O O Flag "" does not exist! scorebot > C quit() O O bye! O Timeout; bye L closing O Welcome, 10.1.0.3 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C reportflag( 1 ,"1409dfad096f0ff1df9fdfd407ca38dc8d342706d9f7b179") O O Flag "1409dfad096f0ff1df9fdfd407ca38dc8d342706d9f7b179" does not exist! scorebot > C reportflag( 1 ,"") O O Flag "" does not exist! scorebot > C quit() O O bye! O Timeout; bye L closing O Welcome, 10.1.0.3 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C reportadvisory(1, readtext()) O Max 100 lines; max 256 chars per line O Write some text, finish with a single dot on a separate line (^\.$) 0> C New advisory by : martl 1> C Affected service(s) : msgboard 2> C Severity [lmh] : m 3> C 4> C ===== Problem ===== 5> C any host can read and delete all msg stored in msgboard 6> C ===== Impact ===== 7> C denial of service and disclosure of information 8> C ===== Fix ===== 9> C implement some kind of authentication 10> C . O Your advisory has been reported. scorebot > C quit() O O bye! O Timeout; bye L closing O Welcome, 10.1.0.3 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C reportflag( 1 ,"046ff01f3a92c45e096f0ff1758c8929fcad9e4ddcf4a3876d97d3b307ca38dcd9f7b1798379d33a") O O Flag "046ff01f3a92c45e096f0ff1758c8929fcad9e4ddcf4a3876d97d3b307ca38dcd9f7b1798379d33a" does not exist! scorebot > C quit() O O bye! O Timeout; bye L closing O Welcome, 10.1.0.3 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C reportadvisory(1, readtext()) O Max 100 lines; max 256 chars per line O Write some text, finish with a single dot on a separate line (^\.$) 0> C New advisory by : martl 1> C Affected service(s) : webserver 2> C Severity [lmh] : m 3> C 4> C ===== Problem ===== 5> C results.php doesn't check every input 6> C ===== Impact ===== 7> C you can hack the einwohnermeldeamt indirectly - it would be vulnerable 8> C ===== Fix ===== 9> C filter input 10> C . O Your advisory has been reported. scorebot > C quit() O O bye! O Timeout; bye L closing O Welcome, 10.1.0.3 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C reportflag( 1 ,"F25088C4B1AC22265A4FF3AA0832DA4194C13C818A372DE85ABEDDD80E9D7FAA") O O Flag "F25088C4B1AC22265A4FF3AA0832DA4194C13C818A372DE85ABEDDD80E9D7FAA" does not exist! scorebot > C quit() O O bye! O Timeout; bye L closing O Welcome, 10.1.0.3 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C reportflag( 1 ,"9270F9CADA5C4C6BED6BC16D0E5873D1878B82FCCABA580DAED6C165B1957489") O O You successfully reported flag 9270F9CADA5C4C6BED6BC16D0E5873D1878B82FCCABA580DAED6C165B1957489, which is from service Messageboard O You now have 1 offensive points scorebot > C quit() O O bye! O Timeout; bye L closing O Welcome, 10.1.0.3 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C reportflag( 1 ,"73FFEFBA3F0F62AC82E851CFB840441B31E765390507A26A9E9CAC13C19EF354") O O You successfully reported flag 73FFEFBA3F0F62AC82E851CFB840441B31E765390507A26A9E9CAC13C19EF354, which is from service Messageboard O You now have 2 offensive points scorebot > C quit() O O bye! O Timeout; bye L closing O Welcome, 10.1.0.3 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C reportadvisory(1, readtext()) O Max 100 lines; max 256 chars per line O Write some text, finish with a single dot on a separate line (^\.$) 0> C Advisory by : martl 1> C Affected service(s) : stk frontend 2> C Severity [lmh] : m 3> C 4> C ===== Problem ===== 5> C results.php performs empty search when no request parameters are given at all 6> C 7> C ===== Impact ===== 8> C as the backend accepts empty search strings it is possible to dump the whole db without knowing any information 9> C 10> C ===== Fix === 11> C 12> C as hotfix add a default searchstring in line 13. like this: 13> C 14> C $search="unexistantstring" 15> C 16> C . O Your advisory has been reported. scorebot > C quit() O O bye! O Timeout; bye L closing O Welcome, 10.1.0.3 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C reportflag( 1 ,"87DF9A73EA0BE83439B0E3174C7AEAA90873D46F863DCA89463A4BB1F2B62815") O O This flag is not valid anymore! scorebot > C reportflag( 1 ,"6681102AA0B4A70E000188C8ED7EAFF57E4DD63D2B7AB1F374D2B82AA929F58C") O O Flag "6681102AA0B4A70E000188C8ED7EAFF57E4DD63D2B7AB1F374D2B82AA929F58C" does not exist! scorebot > C reportflag( 1 ,"9259319a096f0ff11fbd3bf41e5746a0434f806607ca38dcd9f7b1796a887ab5") O O Flag "9259319a096f0ff11fbd3bf41e5746a0434f806607ca38dcd9f7b1796a887ab5" does not exist! scorebot > C quit() O O bye! O Timeout; bye L closing O Welcome, 10.1.0.3 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C reportflag( 1 ,"F6786FD5748EDE426CC069BDF6194FADEA9A47D25802FAF4081C291F8EB42511") O O You successfully reported flag F6786FD5748EDE426CC069BDF6194FADEA9A47D25802FAF4081C291F8EB42511, which is from service Messageboard O You now have 3 offensive points scorebot > C quit() O O bye! O Timeout; bye L closing O Welcome, 10.1.0.3 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C reportflag( 1 ,"BDE83B7278650E4736947B9513E0A79043E783A68E4685C52884C63E5CE82D86") O O You successfully reported flag BDE83B7278650E4736947B9513E0A79043E783A68E4685C52884C63E5CE82D86, which is from service Messageboard O You now have 4 offensive points scorebot > C quit() O O bye! O Timeout; bye L closing O Welcome, 10.1.0.3 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C reportflag( 1 ,"E9000D85E834318B972181932A9CDD285EE1FD12B8C61A4541CE5EFC76DE3288") O O Flag "E9000D85E834318B972181932A9CDD285EE1FD12B8C61A4541CE5EFC76DE3288" does not exist! scorebot > C quit() O O bye! O Timeout; bye L closing O Welcome, 10.1.0.3 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C reportflag( 1 ,"E36A61F6FF966C74091F53C4CFC478704393BC5ED2028C64706759FBA757911") O O Flag "E36A61F6FF966C74091F53C4CFC478704393BC5ED2028C64706759FBA757911" does not exist! scorebot > C quit() O O bye! O Timeout; bye L closing O Welcome, 10.1.0.3 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C reportflag( 1 ,"E461FD9FACBF61BD21E5DB6AF6B293986DBA77E380EB79F96D547CDE0380DE5F") O O You successfully reported flag E461FD9FACBF61BD21E5DB6AF6B293986DBA77E380EB79F96D547CDE0380DE5F, which is from service Messageboard O You now have 5 offensive points scorebot > C quit() O O bye! O Timeout; bye L closing O Welcome, 10.1.0.3 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C reportflag( 1 ,"25E2C3D9D9EA7B6992041F015E5503FA1F50A269693EFF64C40DABBA037806B4") O O You successfully reported flag 25E2C3D9D9EA7B6992041F015E5503FA1F50A269693EFF64C40DABBA037806B4, which is from service Messageboard O You now have 6 offensive points scorebot > C quit() O O bye! O Timeout; bye L closing O Welcome, 10.1.0.3 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C reportadvisory(1, readtext()) O Max 100 lines; max 256 chars per line O Write some text, finish with a single dot on a separate line (^\.$) 0> C New advisory by :martl 1> C Affected service(s) :all 2> C Severity [lmh] :m 3> C 4> C ===== Problem ===== 5> C if you can login as ostERvi, you can edit a file which is cat'ed when some user is doing "ls" (is defined by an alias), which leads to execution of escaped strings that can enter stuff with rights of the user who is doing the ls 6> C ===== Impact ===== 7> C executing commands with rights of a uncareful user 8> C ===== Fix ===== 9> C 10> C . O Your advisory has been reported. scorebot > C quit() O O bye! O Timeout; bye L closing O Welcome, 10.1.0.3 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C reportflag( 1 ,"41B515EAD63B25AC8E3B2D6A6AE842AC87FA3971E16878679C72729B046706FC") O O You successfully reported flag 41B515EAD63B25AC8E3B2D6A6AE842AC87FA3971E16878679C72729B046706FC, which is from service Messageboard O You now have 7 offensive points scorebot > C quit() O O bye! O Timeout; bye L closing O Welcome, 10.1.0.3 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C reportflag( 1 ,"CE8869E1CC78AB199DD190B1AE974E4CDE0AD560C88C89AC0D6669A5C1908CF3") O O You successfully reported flag CE8869E1CC78AB199DD190B1AE974E4CDE0AD560C88C89AC0D6669A5C1908CF3, which is from service Messageboard O You now have 8 offensive points scorebot > C quit() O O bye! O Timeout; bye L closing O Welcome, 10.2.0.18 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C man O O Which manual page do you want? man.functions Scoring bot functions man.reportadvisory Advisories must contain exact sourc... man.admin Admin functions man.service Service handling functions man.team Team handling functions man.reportflag Flags are 32 byte values represente... scorebot > C man.functions O O Welcome to the online documentation system ----------------------------------------------------------------- Help on functions Scoring bot functions ----------------------------------------------------------------- boolean reportflag(int teamID, String flagString) Report a flag. teamID: ID of the reporting (your own) team flagString: ID of the flag void reportadvisory(int teamID, String advisory) Report an advisory. teamID: ID of the reporting (your own) team advisory: Advisory description. Miscellaneous functions ----------------------------------------------------------------- void quit() Quit session String readtext() Read multi-line text bool admin(optional String password) Log in as admin. If password is omitted, you are prompted interactively. This is the recommended method, as your typing will be hidden. However, some telnet clients (i.e., netcat) have trouble handling some control characters; in that case you should specify the password directly. void functions() List all available functions void lt() List all teams void dir() List all defined variables scorebot > C man.reportflag O O Welcome to the online documentation system ----------------------------------------------------------------- Help on reportflag Flags are 32 byte values represented by 64 byte hex strings. The function to report flags is boolean reportflag(int teamID, string flagID) Returns true if the flag was credited, otherwise false. If you are team #4 and you believe you found a flag, say, 1337, you'd enter: reportflag(4, "1337") done! scorebot > scorebot > C scorebot > C ls O scorebot > C help O O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C man O O Which manual page do you want? man.functions Scoring bot functions man.reportadvisory Advisories must contain exact sourc... man.admin Admin functions man.service Service handling functions man.team Team handling functions man.reportflag Flags are 32 byte values represente... scorebot > C man.team O O Welcome to the online documentation system ----------------------------------------------------------------- Help on team Team handling functions class Team data functions ----------------------------------------------------------------- String getname() get name of the team String gethost() get host of vuln team host void setname(String teamName) set name of the team void sethost(String hostName) set vuln hostname of the team void delete() delete team class Team Score functions ----------------------------------------------------------------- int getop() get offensive points int getdp() get defensive points int getap() get adviosry points int gethp() get hacking points void setop(int offensivePoints) set offensive points void setdp(int defensivePoints) set defensive points void setap(int advisoryPoints) set advisory points void sethp(int hackingPoints) set hacking points EXAMPLE ======= t = createteam("the foobars") t.sethost("www.foobar.com") scorebot > C getname O scorebot > C getname(1) O scorebot > C scorebot > C man O O Which manual page do you want? man.functions Scoring bot functions man.reportadvisory Advisories must contain exact sourc... man.admin Admin functions man.service Service handling functions man.team Team handling functions man.reportflag Flags are 32 byte values represente... scorebot > C man.admin O O Welcome to the online documentation system ----------------------------------------------------------------- Help on admin Admin functions ----------------------------------------------------------------- void ladv() list all pending advisories void reject(int advisoryID, String comment) void accept(int advisoryID, int pointsToAward, String comment) void delete(int advisoryID) void inchp(int teamID, int pointsToAward) void dechp(int teamID, int pointsToTake) void lt() list all teams void ls() list all services Team createteam(String teamName) create and return new team Team getteam(int teamID) return team #teamID Service createservice( String serviceName) create and ret. new service Service getservice(int serviceID) return service #serviceID Debugging/Benchmarking functions ----------------------------------------------------------------- String genflags(int numFlags, String separator) DO NOT USE scorebot > scorebot > scorebot > O bye! O Timeout; bye L closing O Welcome, 10.2.0.18 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > scorebot > scorebot > scorebot > scorebot > scorebot > O bye! O Timeout; bye L closing O Welcome, 10.2.0.18 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C help O O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C mn.reportadvisory O scorebot > C man.reportadvisory O O Welcome to the online documentation system ----------------------------------------------------------------- Help on reportadvisory Advisories must contain exact source line specifications (service name, filename, line number) or they cannot be processed. This rule is necessary because the moderators (probably) have not written the reported services themselves and need a way to verify the validity of your advisory. The function to report an advisory is boolean reportadvisory(int teamID, String advisory) The function to read a multiline string is String readtext() readtext() reads lines from stdin (in your case, the network connection) until it reads a line containing a single dot (^\.$). This is how I reported an advisory for team #7: (entered text is typeset bold) scorebot> reportadvisory(7, readtext()) Write some text, finish with a single dot on a separate line (^\.$) The tcsh is vunerable to a social engineering attack. By getting an admin to open a root shell and than taking a coffee break, you can break his computer by simple writing: # rm -rf /* Fix: remove tcsh (and while you're at it, all other shells as well) from your machines . Your advisory has been reported. scorebot> scorebot > scorebot > scorebot > scorebot > scorebot > O bye! O Timeout; bye L closing O Welcome, 10.2.0.18 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C scorebot > scorebot > scorebot > scorebot > scorebot > O bye! O Timeout; bye L closing O Welcome, 10.2.0.18 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C reportadvisory(2,readtext()) O Max 100 lines; max 256 chars per line O Write some text, finish with a single dot on a separate line (^\.$) 0> C The STK backend service runs on port 5550, open to all IPs (0.0.0.0) 1> 2> C This is unneccessary, and might pose security ris as this service 3> C need only legally be accessed from the local host. 4> C 5> C Proposed Fix: 6> C in stkd.c, change the line 7> C servername.sin_addr.s_addr = htonl (INADDR_ANY); 8> C to 9> C servername.sin_addr.s_addr = inet_addr("127.0.0.1"); 10> C 11> C The service will then only listen on the local host. 12> O Error: java.io.IOException cannot be cast to java.lang.String scorebot > O Error: EOF scorebot > O Error: EOF scorebot > O Error: EOF scorebot > O Error: EOF scorebot > O Error: EOF O Too many exceptions O bye! O Timeout; bye L closing O Welcome, 10.2.0.18 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C reportadvisory(2,readtext()) O Max 100 lines; max 256 chars per line O Write some text, finish with a single dot on a separate line (^\.$) 0> C The STK backend service runs on port 5550, open to all IPs (0.0.0.0) 1> C This is unneccessary, and might pose security risks, as this service 2> C need only legally be accessed from the local host. 3> C 4> C Proposed Fix: 5> C in stkd.c, change the line 6> C servername.sin_addr.s_addr = htonl (INADDR_ANY); 7> C to 8> C servername.sin_addr.s_addr = inet_addr("127.0.0.1"); 9> C 10> C The service will then only listen on the local host. 11> C . O Your advisory has been reported. scorebot > scorebot > scorebot > scorebot > scorebot > O bye! O Timeout; bye L closing O Welcome, 10.2.0.18 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C man.reportflag O O Welcome to the online documentation system ----------------------------------------------------------------- Help on reportflag Flags are 32 byte values represented by 64 byte hex strings. The function to report flags is boolean reportflag(int teamID, string flagID) Returns true if the flag was credited, otherwise false. If you are team #4 and you believe you found a flag, say, 1337, you'd enter: reportflag(4, "1337") done! scorebot > C reportflag(2,"183415D689B7BEA6AD32B90D8C175B58E3686C6E049277C251E163B547AE2D7B") O O Flag "183415D689B7BEA6AD32B90D8C175B58E3686C6E049277C251E163B547AE2D7B" does not exist! scorebot > C reportflag(2,"009AA9F9035B1A88FFAFC446D09308ABE1174AF38C9161727F8F1D598357B405") O O You successfully reported flag 009AA9F9035B1A88FFAFC446D09308ABE1174AF38C9161727F8F1D598357B405, which is from service Strafkartei Website1 O You now have 1 offensive points scorebot > C reportflag(2,"1346E34E1B4F7AB649A2D782FE7E077FB0C0EAEDDAD09CF91A57BA2124BEC910") O O You successfully reported flag 1346E34E1B4F7AB649A2D782FE7E077FB0C0EAEDDAD09CF91A57BA2124BEC910, which is from service Strafkartei Website1 O You now have 2 offensive points scorebot > C reportflag(2,"DCE4B5A719B305C18C73801868E99D1F495AF28641DEC3C876E5E29310EC731B") O O You successfully reported flag DCE4B5A719B305C18C73801868E99D1F495AF28641DEC3C876E5E29310EC731B, which is from service Strafkartei Website2 O You now have 3 offensive points scorebot > C reportflag(2,"83F034155A86204C6DAE5CA0720021958485F9B8E041917B53AD8176F2796D08") O O You successfully reported flag 83F034155A86204C6DAE5CA0720021958485F9B8E041917B53AD8176F2796D08, which is from service Strafkartei Website2 O You now have 4 offensive points scorebot > C reportflag(2,"739BE36297B29D2AEB793D4499536496D276E87FAE59B34319CE060BB4A23C18") O O You successfully reported flag 739BE36297B29D2AEB793D4499536496D276E87FAE59B34319CE060BB4A23C18, which is from service Strafkartei Website2 O You now have 5 offensive points scorebot > C reportflag(2,"34D866EBAAEDAE6F55DD132E47D76A8BB737DE1B43C5508EBB35AF16CE64348C") O O This flag is not valid anymore! scorebot > C reportflag(2,"739BE36297B29D2AEB793D4499536496D276E87FAE59B34319CE060BB4A23C18") O O This flag is not valid anymore! scorebot > C reportflag(2,"009AA9F9035B1A88FFAFC446D09308ABE1174AF38C9161727F8F1D598357B405") O O This flag is not valid anymore! scorebot > scorebot > scorebot > C reportflag(2,"26FE643168773DAEF88CD576278AE25E93A2B0B45AB9D3F7F973CBD55FD40528") O O You successfully reported flag 26FE643168773DAEF88CD576278AE25E93A2B0B45AB9D3F7F973CBD55FD40528, which is from service Strafkartei Website1 O You now have 6 offensive points O bye! O Timeout; bye L closing O Welcome, 10.2.0.18 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C report O scorebot > C reportflag(2,"2BE16BEBE69946C7FD7FA870DE14B2A72984AFDF24D57DFE70DC328F31E343BA") O O You successfully reported flag 2BE16BEBE69946C7FD7FA870DE14B2A72984AFDF24D57DFE70DC328F31E343BA, which is from service Strafkartei Website2 O You now have 7 offensive points scorebot > C reportflag(2,"3E31CCB607FEF30FC5E08355EDC0832AA714299831F707A6A3AB9DD29537C63E") O O You successfully reported flag 3E31CCB607FEF30FC5E08355EDC0832AA714299831F707A6A3AB9DD29537C63E, which is from service Strafkartei Website2 O You now have 8 offensive points scorebot > C reportflag(2,"45F469C4B1E9A4101F2AA775A7EA32191464474D04716712E2C13B67BE2764B6") O O You successfully reported flag 45F469C4B1E9A4101F2AA775A7EA32191464474D04716712E2C13B67BE2764B6, which is from service Strafkartei Website1 O You now have 9 offensive points scorebot > C reportflag(2,"50287DB6C87126481216FC42DE90218D7A0D0C577F880846418BAE365CF165E4") O O You successfully reported flag 50287DB6C87126481216FC42DE90218D7A0D0C577F880846418BAE365CF165E4, which is from service Strafkartei Website1 O You now have 10 offensive points scorebot > C reportflag(2,"337D72E2C2FEEFAB8A4F9A49C7E6E0002706797B507FD7E61CFF3955188585AA") O O You successfully reported flag 337D72E2C2FEEFAB8A4F9A49C7E6E0002706797B507FD7E61CFF3955188585AA, which is from service Strafkartei Website1 O You now have 11 offensive points scorebot > C reportflag(2,"1346E34E1B4F7AB649A2D782FE7E077FB0C0EAEDDAD09CF91A57BA2124BEC910") O O This flag is not valid anymore! scorebot > C reportflag(2,"009AA9F9035B1A88FFAFC446D09308ABE1174AF38C9161727F8F1D598357B405") O O This flag is not valid anymore! scorebot > C reportflag(2,"1ABF52B20E0E059C8FD85F785FC3B18B5E156DC4043AE8F03B1D70D77B950501") O O You successfully reported flag 1ABF52B20E0E059C8FD85F785FC3B18B5E156DC4043AE8F03B1D70D77B950501, which is from service Strafkartei Website2 O You now have 12 offensive points scorebot > scorebot > C reportflag(2,"2A8191B71F1726460EA7907EAE44D6948E7EC9860C8774C9A944023C19F35DC5") O O You successfully reported flag 2A8191B71F1726460EA7907EAE44D6948E7EC9860C8774C9A944023C19F35DC5, which is from service Strafkartei Website2 O You now have 13 offensive points scorebot > C reportflag(2,"015B7AB85B34EE1015744D40B510945D1A02D36499D58489E15FD5C1D5D3D892") O O You successfully reported flag 015B7AB85B34EE1015744D40B510945D1A02D36499D58489E15FD5C1D5D3D892, which is from service Strafkartei Website1 O You now have 14 offensive points scorebot > scorebot > C scorebot > C reportflag(2,"C3582D7E8FE6497D5ABEDAA79E9222E07D07AFE5997C97FDE1449A22D02D0183") O O You successfully reported flag C3582D7E8FE6497D5ABEDAA79E9222E07D07AFE5997C97FDE1449A22D02D0183, which is from service Strafkartei Website1 O You now have 15 offensive points scorebot > C reportflag(2,"0ED245E7CACD0B30876D4CCD040535675FE16963FD7ED57A8BAD386BDCC487A4") O O You successfully reported flag 0ED245E7CACD0B30876D4CCD040535675FE16963FD7ED57A8BAD386BDCC487A4, which is from service Strafkartei Website1 O You now have 16 offensive points scorebot > C reportflag(2,"A747A05D2A3F2E7E2010E7517A64A7EBC9225F54FA4393E372398A943506AF80") O O You successfully reported flag A747A05D2A3F2E7E2010E7517A64A7EBC9225F54FA4393E372398A943506AF80, which is from service Strafkartei Website1 O You now have 17 offensive points scorebot > C reportflag(2,"FB0027259C7B304CEB15D89D8AAF90F4A76BBB26D987EC09B1B9278C500C4EBA") O O You successfully reported flag FB0027259C7B304CEB15D89D8AAF90F4A76BBB26D987EC09B1B9278C500C4EBA, which is from service Strafkartei Website1 O You now have 18 offensive points scorebot > O bye! O Timeout; bye L closing O Welcome, 10.2.0.18 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C reportflag(2,"67789A6E3D8876F651609F0D124B5101A4BD695E6DDAF9BA1A27A8A389D6A061") O O You successfully reported flag 67789A6E3D8876F651609F0D124B5101A4BD695E6DDAF9BA1A27A8A389D6A061, which is from service Strafkartei Website2 O You now have 19 offensive points scorebot > C reportflag(2,"711BE6235DEB654E22FCC7D56F8A8951DEDAEBF79F2DE00FD1E800C2B1AB60B6") O O You successfully reported flag 711BE6235DEB654E22FCC7D56F8A8951DEDAEBF79F2DE00FD1E800C2B1AB60B6, which is from service Strafkartei Website2 O You now have 20 offensive points scorebot > C reportflag(2,"BE74F848B1885E3B624DA720618F0404D11FCB034C36E856A29549F136AA9CA4") O O You successfully reported flag BE74F848B1885E3B624DA720618F0404D11FCB034C36E856A29549F136AA9CA4, which is from service Strafkartei Website2 O You now have 21 offensive points scorebot > scorebot > C reportflag(2,"95BC9EBD65D6D04E73340F2C2FB11DD949A1938A786A6A2E655D24B052917DEC") O O You successfully reported flag 95BC9EBD65D6D04E73340F2C2FB11DD949A1938A786A6A2E655D24B052917DEC, which is from service Strafkartei Website1 O You now have 22 offensive points scorebot > C reportflag(2,"A9F028A29D2B751188DB2F5D5B9B0AE6E3B67A15CACDEC0E2EEE51F197B10056") O O You successfully reported flag A9F028A29D2B751188DB2F5D5B9B0AE6E3B67A15CACDEC0E2EEE51F197B10056, which is from service Strafkartei Website1 O You now have 23 offensive points scorebot > C reportflag(2,"8D9B9DB1AFA6BB4BBDB98CF67271C58D0D06D8DA5204F1ECB21C20DE2D7E139F") O O You successfully reported flag 8D9B9DB1AFA6BB4BBDB98CF67271C58D0D06D8DA5204F1ECB21C20DE2D7E139F, which is from service Strafkartei Website1 O You now have 24 offensive points scorebot > C man reportadvisory O scorebot > C man.reportadvisory O O Welcome to the online documentation system ----------------------------------------------------------------- Help on reportadvisory Advisories must contain exact source line specifications (service name, filename, line number) or they cannot be processed. This rule is necessary because the moderators (probably) have not written the reported services themselves and need a way to verify the validity of your advisory. The function to report an advisory is boolean reportadvisory(int teamID, String advisory) The function to read a multiline string is String readtext() readtext() reads lines from stdin (in your case, the network connection) until it reads a line containing a single dot (^\.$). This is how I reported an advisory for team #7: (entered text is typeset bold) scorebot> reportadvisory(7, readtext()) Write some text, finish with a single dot on a separate line (^\.$) The tcsh is vunerable to a social engineering attack. By getting an admin to open a root shell and than taking a coffee break, you can break his computer by simple writing: # rm -rf /* Fix: remove tcsh (and while you're at it, all other shells as well) from your machines . Your advisory has been reported. scorebot> scorebot > scorebot > scorebot > scorebot > C reportadvisory(2,readtext()) O Max 100 lines; max 256 chars per line O Write some text, finish with a single dot on a separate line (^\.$) 0> O Error: java.io.IOException cannot be cast to java.lang.String O bye! O Timeout; bye L closing O Welcome, 10.2.0.18 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C reportflag(2,"259DFD24FEA0769CF8F5D71F36A306B6B8E632B5F617ED81A4741C94B15DF5FA") O O You successfully reported flag 259DFD24FEA0769CF8F5D71F36A306B6B8E632B5F617ED81A4741C94B15DF5FA, which is from service Strafkartei Website2 O You now have 25 offensive points scorebot > C reportflag(2,"62A42F1B1E6CB7204BC3D3F7712EA284F18A0AB66FCA0C3FB2ACBBD52EB03F0B") O O You successfully reported flag 62A42F1B1E6CB7204BC3D3F7712EA284F18A0AB66FCA0C3FB2ACBBD52EB03F0B, which is from service Strafkartei Website2 O You now have 26 offensive points scorebot > C reportflag(2,"9509E1237F67D54ECA1AF4FD47EB60DA7EE95E495ED006DFECF85B16AFC47E4A") O O You successfully reported flag 9509E1237F67D54ECA1AF4FD47EB60DA7EE95E495ED006DFECF85B16AFC47E4A, which is from service Strafkartei Website2 O You now have 27 offensive points scorebot > C reportflag(2,"C3C32DD2A3F433D56476632825E8F0D485714B54C13D4BBB336D61DDA7A14E33") O O You successfully reported flag C3C32DD2A3F433D56476632825E8F0D485714B54C13D4BBB336D61DDA7A14E33, which is from service Strafkartei Website2 O You now have 28 offensive points scorebot > C reportadvisory(2,readtext()) O Max 100 lines; max 256 chars per line O Write some text, finish with a single dot on a separate line (^\.$) 0> C STK Backend service: flag disclosure 1> C 2> O Error: java.io.IOException cannot be cast to java.lang.String scorebot > O Error: EOF scorebot > O Error: EOF scorebot > O Error: EOF scorebot > O Error: EOF scorebot > O Error: EOF O Too many exceptions O bye! O Timeout; bye L closing O Welcome, 10.2.0.18 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > scorebot > C reportflag(2,"3AA41E0DDBD8ED04E9505F5ECD4283E1433780FAACCF8FFB1BDD6848565F8952") O O You successfully reported flag 3AA41E0DDBD8ED04E9505F5ECD4283E1433780FAACCF8FFB1BDD6848565F8952, which is from service Strafkartei Website1 O You now have 29 offensive points scorebot > C reportflag(2,"CFCA86C4B51F5061A69AADDA3935D25065BA521505AFCC9694D3BB700A476516") O O You successfully reported flag CFCA86C4B51F5061A69AADDA3935D25065BA521505AFCC9694D3BB700A476516, which is from service Strafkartei Website1 O You now have 30 offensive points scorebot > C reportflag(2,"0E29963AA35B87BAD5BC8F94755F721439CFDD0D9E7D107FCFD0FAA172B3554B") O O You successfully reported flag 0E29963AA35B87BAD5BC8F94755F721439CFDD0D9E7D107FCFD0FAA172B3554B, which is from service Strafkartei Website1 O You now have 31 offensive points scorebot > C reportflag(2,"DE42FEC462F68ED118CEC7E5B7737FB8E41D4B794C61E914825E59F06E81BE7D") O O You successfully reported flag DE42FEC462F68ED118CEC7E5B7737FB8E41D4B794C61E914825E59F06E81BE7D, which is from service Strafkartei Website1 O You now have 32 offensive points scorebot > scorebot > scorebot > scorebot > C reportflag(2,"54DA94BE9E474E8210F111F7285A7FB1D0C4C427660E7423B04AC0B780AB09DA") O O You successfully reported flag 54DA94BE9E474E8210F111F7285A7FB1D0C4C427660E7423B04AC0B780AB09DA, which is from service Strafkartei Website2 O You now have 33 offensive points scorebot > C reportflag(2,"938DFC349BA5DF6E47E3FE2CA33FAB194EE8E60F70CC22574DE4F33C15EF3281") O O You successfully reported flag 938DFC349BA5DF6E47E3FE2CA33FAB194EE8E60F70CC22574DE4F33C15EF3281, which is from service Strafkartei Website2 O You now have 34 offensive points scorebot > C reportflag(2,"C7A6AFAE8139F97D57AADD82283A35F175DF16ABFB086A3AE55B115F108F3AFE") O O You successfully reported flag C7A6AFAE8139F97D57AADD82283A35F175DF16ABFB086A3AE55B115F108F3AFE, which is from service Strafkartei Website1 O You now have 35 offensive points O bye! O Timeout; bye L closing O Welcome, 10.2.0.18 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C reportflag(2,"C7A6AFAE8139F97D57AADD82283A35F175DF16ABFB086A3AE55B115F108F3AFE") O O This flag is not valid anymore! scorebot > C reportflag(2,"791E0B6DE4F4733B3CD7306863DBD8445B965354273BC21035AA5E081F2EBF0A") O O You successfully reported flag 791E0B6DE4F4733B3CD7306863DBD8445B965354273BC21035AA5E081F2EBF0A, which is from service Strafkartei Website1 O You now have 36 offensive points scorebot > C reportflag(2,"456FD88A4275CB5BB778B20CFAFA901CE9567C4561B4EA4135E993039566CB2C") O O You successfully reported flag 456FD88A4275CB5BB778B20CFAFA901CE9567C4561B4EA4135E993039566CB2C, which is from service Strafkartei Website1 O You now have 37 offensive points scorebot > C reportflag(2,"A2AA2486A8CAE5707A553941F1A1367DD99F1700D0557EE7A8435AAD22094DD4") O O You successfully reported flag A2AA2486A8CAE5707A553941F1A1367DD99F1700D0557EE7A8435AAD22094DD4, which is from service Strafkartei Website1 O You now have 38 offensive points scorebot > C reportflag(2,"AA0E6AA0F55E70B77DEBA14F41F96800C6C2AC6BADA31A69D84B6EA6A69125C2") O O You successfully reported flag AA0E6AA0F55E70B77DEBA14F41F96800C6C2AC6BADA31A69D84B6EA6A69125C2, which is from service Strafkartei Website1 O You now have 39 offensive points scorebot > scorebot > scorebot > scorebot > scorebot > C scorebot > C reportflag(2,"320FE39257F364F4858F69899DD239BE9004A9DFD8867CF63A933D91383CEF03") O O You successfully reported flag 320FE39257F364F4858F69899DD239BE9004A9DFD8867CF63A933D91383CEF03, which is from service Strafkartei Website2 O You now have 40 offensive points scorebot > C reportflag(2,"C3CABDD8A493D103CBDEBA5050CBF6674DB618EAEA17BEA06ABB1D202D10971B") O O You successfully reported flag C3CABDD8A493D103CBDEBA5050CBF6674DB618EAEA17BEA06ABB1D202D10971B, which is from service Strafkartei Website2 O You now have 41 offensive points scorebot > C reportflag(2,"3F3EC98FE8959151202D3ADDAB726A8ADEEE7E1CC4BBA22D13E038F62D50AB5C") O O You successfully reported flag 3F3EC98FE8959151202D3ADDAB726A8ADEEE7E1CC4BBA22D13E038F62D50AB5C, which is from service Strafkartei Website2 O You now have 42 offensive points scorebot > C reportflag(2,"8362CB4B9B3433950B26DF9FD1844F6FC2641037DAF6960B32C81A16E5D3B646") O O You successfully reported flag 8362CB4B9B3433950B26DF9FD1844F6FC2641037DAF6960B32C81A16E5D3B646, which is from service Strafkartei Website2 O You now have 43 offensive points scorebot > C reportflag(2,"9A76A36A5CDC39E87B942C6156D46DA5B0DCCD2FC693E1DD12E86B55BAD97888") O O You successfully reported flag 9A76A36A5CDC39E87B942C6156D46DA5B0DCCD2FC693E1DD12E86B55BAD97888, which is from service Strafkartei Website1 O You now have 44 offensive points scorebot > C reportflag(2,"555B2DA9E56372DB74BACBEF920BA9B87C5E38EBFCABF695284F7BF8289B2F42") O O You successfully reported flag 555B2DA9E56372DB74BACBEF920BA9B87C5E38EBFCABF695284F7BF8289B2F42, which is from service Strafkartei Website1 O You now have 45 offensive points scorebot > C reportflag(2,"E2639605EB134CD62A1C540AC8A6B45F72254EBEC5701172ED14F15B6FC257A6") O O You successfully reported flag E2639605EB134CD62A1C540AC8A6B45F72254EBEC5701172ED14F15B6FC257A6, which is from service Strafkartei Website1 O You now have 46 offensive points scorebot > O bye! O Timeout; bye L closing O Welcome, 10.2.0.18 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C man.reportadvisory O O Welcome to the online documentation system ----------------------------------------------------------------- Help on reportadvisory Advisories must contain exact source line specifications (service name, filename, line number) or they cannot be processed. This rule is necessary because the moderators (probably) have not written the reported services themselves and need a way to verify the validity of your advisory. The function to report an advisory is boolean reportadvisory(int teamID, String advisory) The function to read a multiline string is String readtext() readtext() reads lines from stdin (in your case, the network connection) until it reads a line containing a single dot (^\.$). This is how I reported an advisory for team #7: (entered text is typeset bold) scorebot> reportadvisory(7, readtext()) Write some text, finish with a single dot on a separate line (^\.$) The tcsh is vunerable to a social engineering attack. By getting an admin to open a root shell and than taking a coffee break, you can break his computer by simple writing: # rm -rf /* Fix: remove tcsh (and while you're at it, all other shells as well) from your machines . Your advisory has been reported. scorebot> scorebot > O Error: EOF scorebot > O Error: EOF scorebot > O Error: EOF scorebot > O Error: EOF scorebot > O Error: EOF O Too many exceptions O bye! O Timeout; bye L closing O Welcome, 10.2.0.18 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C reportflag(2,"CEA38ABECDA351CC1BB1D2F198E3F2441C940B7475CCF1D105B3895FF4BFE6E9") O O You successfully reported flag CEA38ABECDA351CC1BB1D2F198E3F2441C940B7475CCF1D105B3895FF4BFE6E9, which is from service Strafkartei Website2 O You now have 47 offensive points scorebot > C reportflag(2,"EA85C1E69FDEB530A421C17FC1D7634FBD236965AA237F98BD46331B40914CC7") O O You successfully reported flag EA85C1E69FDEB530A421C17FC1D7634FBD236965AA237F98BD46331B40914CC7, which is from service Strafkartei Website1 O You now have 48 offensive points scorebot > C reportflag(2,"3BB6FBB184B02A3EAD40FF99BBC43AD0EE98CB6DCAD12DE8F29775E90391D020") O O You successfully reported flag 3BB6FBB184B02A3EAD40FF99BBC43AD0EE98CB6DCAD12DE8F29775E90391D020, which is from service Strafkartei Website1 O You now have 49 offensive points scorebot > C reportflag(2,"4729E7A9F1E6CE095571EEECE422257D7ADA2EE655B29A43709E1EC053558313") O O You successfully reported flag 4729E7A9F1E6CE095571EEECE422257D7ADA2EE655B29A43709E1EC053558313, which is from service Strafkartei Website1 O You now have 50 offensive points scorebot > C reportflag(2,"A5235E9A921656836FB28EE2E3A0751737AC324A13D5BD6E1A1FE8F87E0E5D8F") O O You successfully reported flag A5235E9A921656836FB28EE2E3A0751737AC324A13D5BD6E1A1FE8F87E0E5D8F, which is from service Strafkartei Website1 O You now have 51 offensive points scorebot > scorebot > scorebot > C reportflag(2,"456AFB889D2F9B095FEE70D70B19E7B4304F66472F45AE038F9C5B2570B06374") O O You successfully reported flag 456AFB889D2F9B095FEE70D70B19E7B4304F66472F45AE038F9C5B2570B06374, which is from service Strafkartei Website2 O You now have 52 offensive points scorebot > C reportflag(2,"8F5AAF82E7216B2F129E881950217862E3282F4EDB204DC45A6A0C4A06EC197A") O O You successfully reported flag 8F5AAF82E7216B2F129E881950217862E3282F4EDB204DC45A6A0C4A06EC197A, which is from service Strafkartei Website1 O You now have 53 offensive points scorebot > C reportflag(2,"63E4D579C49F944B190E845F37C520389D3A2B9F1CA2F0779DC81253224FBF51") O O You successfully reported flag 63E4D579C49F944B190E845F37C520389D3A2B9F1CA2F0779DC81253224FBF51, which is from service Strafkartei Website1 O You now have 54 offensive points scorebot > C reportflag(2,"23B98E1ACF91CF9AA3D0FE0C9AC6A1EF6AA3F9A057294274D5F60CE93DCDA4A6") O O You successfully reported flag 23B98E1ACF91CF9AA3D0FE0C9AC6A1EF6AA3F9A057294274D5F60CE93DCDA4A6, which is from service Strafkartei Website1 O You now have 55 offensive points scorebot > scorebot > O bye! O Timeout; bye L closing O Welcome, 10.2.0.18 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C reportflag(2,"703266B4C3AA0CDAEE42DE5DE9A9B52BEADE6C4378455F541792FF5962B3B570") O O You successfully reported flag 703266B4C3AA0CDAEE42DE5DE9A9B52BEADE6C4378455F541792FF5962B3B570, which is from service Strafkartei Website2 O You now have 56 offensive points scorebot > C reportflag(2,"BA350804072DBCB36175818C233878A556B3F49814B4577EA9162D4F4513BD9D") O O You successfully reported flag BA350804072DBCB36175818C233878A556B3F49814B4577EA9162D4F4513BD9D, which is from service Strafkartei Website2 O You now have 57 offensive points scorebot > C reportflag(2,"F4A2F01DC721CD3254DAF4FB627583A629A4041C9BF040DE93976B618BF10910") O O You successfully reported flag F4A2F01DC721CD3254DAF4FB627583A629A4041C9BF040DE93976B618BF10910, which is from service Strafkartei Website2 O You now have 58 offensive points scorebot > C reportflag(2,"D2661CE075A66722E99040047EE58D0237C11430F8999995EAF0638C18B19CBB") O O You successfully reported flag D2661CE075A66722E99040047EE58D0237C11430F8999995EAF0638C18B19CBB, which is from service Strafkartei Website2 O You now have 59 offensive points scorebot > C reportflag(2,"6C8412151739CD7044CF6F1C0871FC37FAB24781EBA4D6EA03022ED1C530599C") O O You successfully reported flag 6C8412151739CD7044CF6F1C0871FC37FAB24781EBA4D6EA03022ED1C530599C, which is from service Strafkartei Website2 O You now have 60 offensive points scorebot > scorebot > scorebot > C scorebot > C reportflag(2,"F4C26DDF066B5ABD936C95CCEC22F2BDB195BEB2A239B224F5B257997602AB4B") O O You successfully reported flag F4C26DDF066B5ABD936C95CCEC22F2BDB195BEB2A239B224F5B257997602AB4B, which is from service Strafkartei Website1 O You now have 61 offensive points scorebot > C reportflag(2,"A27E54F936666A0B10F6EF6396158FEFC0DC5F882747ACA4785830EA1F348A86") O O You successfully reported flag A27E54F936666A0B10F6EF6396158FEFC0DC5F882747ACA4785830EA1F348A86, which is from service Strafkartei Website1 O You now have 62 offensive points scorebot > C reportflag(2,"1B2CEC54852CC56706F3C4E8756202BA4595A1B5A34594DEDB8CB1B83FC3621D") O O You successfully reported flag 1B2CEC54852CC56706F3C4E8756202BA4595A1B5A34594DEDB8CB1B83FC3621D, which is from service Strafkartei Website1 O You now have 63 offensive points scorebot > C reportflag(2,"F08E05B6E8CB7864A44FA4E85A70F7EAD575F19DE786771E1FFC08B4106FF9D9") O O You successfully reported flag F08E05B6E8CB7864A44FA4E85A70F7EAD575F19DE786771E1FFC08B4106FF9D9, which is from service Strafkartei Website1 O You now have 64 offensive points scorebot > scorebot > C reportflag(2,"1D30E9BC3E489244DB462F461C212E3564022310294709A261D78F3438CE72C7") O O This flag is not valid anymore! scorebot > C reportflag(2,"182F1005573F5E632A6430144F13EB9798D4436E32D32A09BB8879A68F29F6C5") O O This flag is not valid anymore! scorebot > C reportflag(2,"165B36BC03C628AE25735951397E21369BD53A0CA4E285C2ABD632096F5A15C2") O O You successfully reported flag 165B36BC03C628AE25735951397E21369BD53A0CA4E285C2ABD632096F5A15C2, which is from service Strafkartei Website1 O You now have 65 offensive points scorebot > C reportflag(2,"B0097E13A63F7ED206DADFEC53DC31E60EFBB3813934BBB445D53432140A0A55") O O You successfully reported flag B0097E13A63F7ED206DADFEC53DC31E60EFBB3813934BBB445D53432140A0A55, which is from service Strafkartei Website2 O You now have 66 offensive points scorebot > C reportflag(2,"6630A26B1CCFA7024E9F71A115C842AAE5F73D8B6701DF57206EEA9C465EFFD1") O O You successfully reported flag 6630A26B1CCFA7024E9F71A115C842AAE5F73D8B6701DF57206EEA9C465EFFD1, which is from service Strafkartei Website2 O You now have 67 offensive points scorebot > C reportflag(2,"94E1B2C22B4280A0323FDF8428D931D322158412EA2A1FE1DBAC01F25BBD7E68") O O You successfully reported flag 94E1B2C22B4280A0323FDF8428D931D322158412EA2A1FE1DBAC01F25BBD7E68, which is from service Strafkartei Website2 O You now have 68 offensive points scorebot > C reportflag(2,"E7BF462A48E7AB38F435B86B75E06F5025DF86F8016C4621BBDB5B06147BBB4F") O O You successfully reported flag E7BF462A48E7AB38F435B86B75E06F5025DF86F8016C4621BBDB5B06147BBB4F, which is from service Strafkartei Website2 O You now have 69 offensive points scorebot > C reportflag(2,"90EAB77F1DA999FDFA3917E236C8211F0F2327F4622B7B20687DDC43C7C5B4E3") O O You successfully reported flag 90EAB77F1DA999FDFA3917E236C8211F0F2327F4622B7B20687DDC43C7C5B4E3, which is from service Strafkartei Website2 O You now have 70 offensive points scorebot > C reportflag(2,"4DEF7ABE791903F2A7E4F57552B4039EF4E86D4C9F09138AAD6F55714C7D0A70") O O You successfully reported flag 4DEF7ABE791903F2A7E4F57552B4039EF4E86D4C9F09138AAD6F55714C7D0A70, which is from service Strafkartei Website1 O You now have 71 offensive points scorebot > scorebot > C reportflag(2,"BFFD8221C6B6E436103FD375C1C73E7012AB3FFA87C220FBFA510C8CDED5B672") O O You successfully reported flag BFFD8221C6B6E436103FD375C1C73E7012AB3FFA87C220FBFA510C8CDED5B672, which is from service Strafkartei Website2 O You now have 72 offensive points O bye! O Timeout; bye L closing O Welcome, 10.2.0.18 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C reportflag(2,"BFFD8221C6B6E436103FD375C1C73E7012AB3FFA87C220FBFA510C8CDED5B672") O O This flag is not valid anymore! scorebot > C reportflag(2,"2A4CAA322FAAD7ECF8698215219365A9C0E470F8B416E8962EC44753A5667771") O O You successfully reported flag 2A4CAA322FAAD7ECF8698215219365A9C0E470F8B416E8962EC44753A5667771, which is from service Strafkartei Website2 O You now have 73 offensive points scorebot > C reportflag(2,"F1687BEB15EA9ABE2F36EEAED1785C2869B5135BAE3EC84FC25C1DBDCDB46E48") O O You successfully reported flag F1687BEB15EA9ABE2F36EEAED1785C2869B5135BAE3EC84FC25C1DBDCDB46E48, which is from service Strafkartei Website2 O You now have 74 offensive points scorebot > C reportflag(2,"BE65D28CCD877CB4E972964A31ED7116192D18AB84A776531E15F076FF17A5AF") O O You successfully reported flag BE65D28CCD877CB4E972964A31ED7116192D18AB84A776531E15F076FF17A5AF, which is from service Strafkartei Website2 O You now have 75 offensive points scorebot > scorebot > scorebot > C reportflag(2,"D73E000AADFD2B61DD627C6E8933E9E968A7229A5BE98A7D4825F85D816749FE") O O You successfully reported flag D73E000AADFD2B61DD627C6E8933E9E968A7229A5BE98A7D4825F85D816749FE, which is from service Strafkartei Website1 O You now have 76 offensive points scorebot > C reportflag(2,"2B889B54F3BCC0FFE7020B7D3BE8B258DB2D9C4B7656D054E036F228B42F5631") O O You successfully reported flag 2B889B54F3BCC0FFE7020B7D3BE8B258DB2D9C4B7656D054E036F228B42F5631, which is from service Strafkartei Website1 O You now have 77 offensive points scorebot > C reportflag(2,"6ADCD2E42D2D4369BEA9AC891C9D8D1E6DE0BBC247917D9674FB68448150679E") O O You successfully reported flag 6ADCD2E42D2D4369BEA9AC891C9D8D1E6DE0BBC247917D9674FB68448150679E, which is from service Strafkartei Website1 O You now have 78 offensive points scorebot > C reportflag(2,"B6D2A7D1A4D05E62A2A93BBFCD8D44D042F26F54EF54FE8616D61A68F2DA175C") O O You successfully reported flag B6D2A7D1A4D05E62A2A93BBFCD8D44D042F26F54EF54FE8616D61A68F2DA175C, which is from service Strafkartei Website1 O You now have 79 offensive points scorebot > C reportflag(2,"55B8FB18F20ED41B9471F154634DAA37E30A49B924C3ABCFDACE7377C5BAE3B3") O O You successfully reported flag 55B8FB18F20ED41B9471F154634DAA37E30A49B924C3ABCFDACE7377C5BAE3B3, which is from service Strafkartei Website1 O You now have 80 offensive points scorebot > C reportflag(2,"165B36BC03C628AE25735951397E21369BD53A0CA4E285C2ABD632096F5A15C2") O O This flag is not valid anymore! scorebot > C reportflag(2,"B0097E13A63F7ED206DADFEC53DC31E60EFBB3813934BBB445D53432140A0A55") O O This flag is not valid anymore! scorebot > C reportflag(2,"6630A26B1CCFA7024E9F71A115C842AAE5F73D8B6701DF57206EEA9C465EFFD1") O O This flag is not valid anymore! scorebot > C reportflag(2,"94E1B2C22B4280A0323FDF8428D931D322158412EA2A1FE1DBAC01F25BBD7E68") O O This flag is not valid anymore! scorebot > C reportflag(2,"E7BF462A48E7AB38F435B86B75E06F5025DF86F8016C4621BBDB5B06147BBB4F") O O This flag is not valid anymore! scorebot > C reportflag(2,"90EAB77F1DA999FDFA3917E236C8211F0F2327F4622B7B20687DDC43C7C5B4E3") O O This flag is not valid anymore! scorebot > C reportflag(2,"4DEF7ABE791903F2A7E4F57552B4039EF4E86D4C9F09138AAD6F55714C7D0A70") O O This flag is not valid anymore! scorebot > C reportflag(2,"C489FD490AE15E374EDC59597BEA82B14AC3BBAEB6F5F5CC6D752AEDDEE4D65E") O O You successfully reported flag C489FD490AE15E374EDC59597BEA82B14AC3BBAEB6F5F5CC6D752AEDDEE4D65E, which is from service Strafkartei Website2 O You now have 81 offensive points scorebot > C reportflag(2,"BA6A839D6669BB57F09C88E6A9013CDB322E0334FD0140E9E4C72B886C2D1510") O O You successfully reported flag BA6A839D6669BB57F09C88E6A9013CDB322E0334FD0140E9E4C72B886C2D1510, which is from service Strafkartei Website1 O You now have 82 offensive points scorebot > scorebot > C reportflag(2,"165B36BC03C628AE25735951397E21369BD53A0CA4E285C2ABD632096F5A15C2") O O This flag is not valid anymore! scorebot > C reportflag(2,"B0097E13A63F7ED206DADFEC53DC31E60EFBB3813934BBB445D53432140A0A55") O O This flag is not valid anymore! scorebot > C reportflag(2,"6630A26B1CCFA7024E9F71A115C842AAE5F73D8B6701DF57206EEA9C465EFFD1") O O This flag is not valid anymore! scorebot > C reportflag(2,"94E1B2C22B4280A0323FDF8428D931D322158412EA2A1FE1DBAC01F25BBD7E68") O O This flag is not valid anymore! scorebot > C reportflag(2,"E7BF462A48E7AB38F435B86B75E06F5025DF86F8016C4621BBDB5B06147BBB4F") O O This flag is not valid anymore! scorebot > C reportflag(2,"90EAB77F1DA999FDFA3917E236C8211F0F2327F4622B7B20687DDC43C7C5B4E3") O O This flag is not valid anymore! scorebot > C reportflag(2,"4DEF7ABE791903F2A7E4F57552B4039EF4E86D4C9F09138AAD6F55714C7D0A70") O O This flag is not valid anymore! scorebot > C reportflag(2,"C489FD490AE15E374EDC59597BEA82B14AC3BBAEB6F5F5CC6D752AEDDEE4D65E") O O This flag is not valid anymore! scorebot > C reportflag(2,"BA6A839D6669BB57F09C88E6A9013CDB322E0334FD0140E9E4C72B886C2D1510") O O This flag is not valid anymore! scorebot > scorebot > C reportflag(2,"3D6B7A3FA2F94A231EB9FBCBA8B7CB56FE9BDDB819C81C0BBBC03D2C55C71576") O O You successfully reported flag 3D6B7A3FA2F94A231EB9FBCBA8B7CB56FE9BDDB819C81C0BBBC03D2C55C71576, which is from service Strafkartei Website2 O You now have 83 offensive points O bye! O Timeout; bye L closing O Welcome, 10.2.0.18 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C reportflag(2,"3D6B7A3FA2F94A231EB9FBCBA8B7CB56FE9BDDB819C81C0BBBC03D2C55C71576") O O This flag is not valid anymore! scorebot > C reportflag(2,"B7AE52F72AE15C743D387782F5ACD6719C771B429B2ACD0026BEBB2240E25A0F") O O You successfully reported flag B7AE52F72AE15C743D387782F5ACD6719C771B429B2ACD0026BEBB2240E25A0F, which is from service Strafkartei Website2 O You now have 84 offensive points scorebot > scorebot > scorebot > O Error: Operation timed out scorebot > O Error: EOF scorebot > O Error: EOF scorebot > O Error: EOF scorebot > O Error: EOF O Too many exceptions O bye! O Timeout; bye L closing O Welcome, 10.2.0.18 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C reportflag(2,"1D30E9BC3E489244DB462F461C212E3564022310294709A261D78F3438CE72C7") O O This flag is not valid anymore! scorebot > C reportflag(2,"182F1005573F5E632A6430144F13EB9798D4436E32D32A09BB8879A68F29F6C5") O O This flag is not valid anymore! scorebot > C reportflag(2,"165B36BC03C628AE25735951397E21369BD53A0CA4E285C2ABD632096F5A15C2") O O This flag is not valid anymore! scorebot > C reportflag(2,"B0097E13A63F7ED206DADFEC53DC31E60EFBB3813934BBB445D53432140A0A55") O O This flag is not valid anymore! scorebot > C reportflag(2,"6630A26B1CCFA7024E9F71A115C842AAE5F73D8B6701DF57206EEA9C465EFFD1") O O This flag is not valid anymore! scorebot > C reportflag(2,"94E1B2C22B4280A0323FDF8428D931D322158412EA2A1FE1DBAC01F25BBD7E68") O O This flag is not valid anymore! scorebot > C reportflag(2,"E7BF462A48E7AB38F435B86B75E06F5025DF86F8016C4621BBDB5B06147BBB4F") O O This flag is not valid anymore! scorebot > C reportflag(2,"90EAB77F1DA999FDFA3917E236C8211F0F2327F4622B7B20687DDC43C7C5B4E3") O O This flag is not valid anymore! scorebot > C reportflag(2,"4DEF7ABE791903F2A7E4F57552B4039EF4E86D4C9F09138AAD6F55714C7D0A70") O O This flag is not valid anymore! scorebot > C reportflag(2,"C489FD490AE15E374EDC59597BEA82B14AC3BBAEB6F5F5CC6D752AEDDEE4D65E") O O This flag is not valid anymore! scorebot > scorebot > scorebot > scorebot > scorebot > scorebot > O bye! O Timeout; bye L closing O Welcome, 10.2.0.18 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C reportflag(2,"FFB63BCA30D32A02FA56691C93BA54B3AEE81A8F4BA641255740D26A2B859755") O O You successfully reported flag FFB63BCA30D32A02FA56691C93BA54B3AEE81A8F4BA641255740D26A2B859755, which is from service Strafkartei Website1 O You now have 85 offensive points scorebot > C reportflag(2,"302274371E5ABB2EFF6A8A6B435285039067A1F4502EA044F208AE0B7DC2B2A9") O O You successfully reported flag 302274371E5ABB2EFF6A8A6B435285039067A1F4502EA044F208AE0B7DC2B2A9, which is from service Strafkartei Website2 O You now have 86 offensive points scorebot > C reportflag(2,"476F2D498048DECEB1456E2AAFF4D7BC3FC40A82DC8516B59AA8B26814E55CCB") O O You successfully reported flag 476F2D498048DECEB1456E2AAFF4D7BC3FC40A82DC8516B59AA8B26814E55CCB, which is from service Strafkartei Website2 O You now have 87 offensive points scorebot > C reportflag(2,"871745FCA2126F8575FCA84D0EA085F8AFF193F7E462CA39EC525DEF8EF2351F") O O You successfully reported flag 871745FCA2126F8575FCA84D0EA085F8AFF193F7E462CA39EC525DEF8EF2351F, which is from service Strafkartei Website2 O You now have 88 offensive points scorebot > C reportflag(2,"D57C8207A4746C2BEA3DE8001E5DBDC41E3CE2BDFA924B84A1B2A24BEAFA49A3") O O You successfully reported flag D57C8207A4746C2BEA3DE8001E5DBDC41E3CE2BDFA924B84A1B2A24BEAFA49A3, which is from service Strafkartei Website1 O You now have 89 offensive points scorebot > C reportflag(2,"A678E2147834A82001F77F99F78BCCAB1528D6A6397DE7FB57D3D68CB7724B51") O O You successfully reported flag A678E2147834A82001F77F99F78BCCAB1528D6A6397DE7FB57D3D68CB7724B51, which is from service Strafkartei Website1 O You now have 90 offensive points scorebot > C reportflag(2,"EE0A6CBB0EB93D7B33E9881C0865E92427757AA47EBA174716C0EDE0DC8C5391") O O You successfully reported flag EE0A6CBB0EB93D7B33E9881C0865E92427757AA47EBA174716C0EDE0DC8C5391, which is from service Strafkartei Website1 O You now have 91 offensive points scorebot > C reportflag(2,"55A556888B736E94394B0A12B93C958CFF56C4A59D97F06020909AD9C84A4AA0") O O You successfully reported flag 55A556888B736E94394B0A12B93C958CFF56C4A59D97F06020909AD9C84A4AA0, which is from service Strafkartei Website2 O You now have 92 offensive points scorebot > C reportflag(2,"FC8B66CC0EA60C066A6915441B8F5E03FF0C6127C1AD0A0DB1EFFC0AC79C320D") O O You successfully reported flag FC8B66CC0EA60C066A6915441B8F5E03FF0C6127C1AD0A0DB1EFFC0AC79C320D, which is from service Strafkartei Website1 O You now have 93 offensive points scorebot > C reportflag(2,"7B5A76FC4FAB38DEB7DD3D3A98B35851DD055831E90FA346CB2BAF362FCFE76D") O O This flag is not valid anymore! scorebot > C reportflag(2,"3D0A2961913BB39675D670545EB3D7C9229B5D25C3EA0C93E4C6E6DAF501CF78") O O This flag is not valid anymore! scorebot > C reportflag(2,"293504F3BF4B3D5794BAF7F2461C928BD3FF0B6A5E9EE2C576105C4FF35100A2") O O This flag is not valid anymore! scorebot > C reportflag(2,"D0E9828FA3D4A5CAA1ED460B3C735DD27965328BB1A99DA69E45EF95AB2CB5DF") O O This flag is not valid anymore! scorebot > C reportflag(2,"842F133F2DB0968D12075137E1902B315113F07A006234B430EA1A49FE37AAA1") O O This flag is not valid anymore! scorebot > C reportflag(2,"8320809B5BE8AC566F3206A64671356AD32576D6FBDF2A177C577C96006B3013") O O This flag is not valid anymore! scorebot > C reportflag(2,"20858CAEAD9DD0E170C93977A174E19BC9B471CB14B70C6A4544DC152ABFF548") O O This flag is not valid anymore! scorebot > C reportflag(2,"71D333B1CD49A2B24489F659549E06166E18FF6B73FF68A94A156C7E9AD9F5E9") O O This flag is not valid anymore! scorebot > C reportflag(2,"E6AEB8D583DD3D5C0940DBADC16D86F477690E7C387BB9CA6E09888027193941") O O This flag is not valid anymore! scorebot > C reportflag(2,"9761A80CF78C8F7CEA2B646344DB9237A800E4BC3DECD76847230D9F843D1433") O O This flag is not valid anymore! scorebot > C reportflag(2,"3B75AAC1FCA73EA70339A055236A3650E74C91AFE6FB894F43E49BF5163F86DF") O O This flag is not valid anymore! scorebot > C reportflag(2,"58A54062E7E5C8010C4FF2D13CBC541B1581BD12BA6CAECD4D9785F0483D0A42") O O This flag is not valid anymore! scorebot > C reportflag(2,"5C578AF2EAF7F12307B562672B2BA351B7264659FE9BCC8E9F3E25416E396C35") O O This flag is not valid anymore! scorebot > C reportflag(2,"F280B4B71CDC28B4D8EA1FB45E465695B5C1397C5ADA94CEB4537821DB9EF92C") O O This flag is not valid anymore! scorebot > C reportflag(2,"16C1CDFE1F6CF93A5EB55B3FCFEE67416F570D2895C0A36B8C334F2D01DE19D3") O O This flag is not valid anymore! scorebot > C reportflag(2,"F21DA814A845AB6E96B9ABCC3AE54E4B9D35835B2066FD5197C5BDEDB63AAFE6") O O This flag is not valid anymore! scorebot > C reportflag(2,"9D15536C7B56A353A0D9BD8CA415C38CBB5F62847EE436EBAE3DA454A5CC38E2") O O This flag is not valid anymore! scorebot > C reportflag(2,"E0DAB9B60ABC739826CD9760328503E12EF8E1B75EEEF4403FF8160C5D6B0DEF") O O This flag is not valid anymore! scorebot > C reportflag(2,"7A6BB1E52B593AD982FA43063CEC01FF6E67AB945D1856F08BAFEB5D640B0F06") O O You successfully reported flag 7A6BB1E52B593AD982FA43063CEC01FF6E67AB945D1856F08BAFEB5D640B0F06, which is from service Strafkartei Website1 O You now have 94 offensive points scorebot > C reportflag(2,"FD6769B87BD2B8D1B14E9D69D2E61034C24770E2BBD21F258C15C8E7D5F3AC69") O O You successfully reported flag FD6769B87BD2B8D1B14E9D69D2E61034C24770E2BBD21F258C15C8E7D5F3AC69, which is from service Strafkartei Website1 O You now have 95 offensive points scorebot > C reportflag(2,"FFB63BCA30D32A02FA56691C93BA54B3AEE81A8F4BA641255740D26A2B859755") O O This flag is not valid anymore! scorebot > C reportflag(2,"302274371E5ABB2EFF6A8A6B435285039067A1F4502EA044F208AE0B7DC2B2A9") O O This flag is not valid anymore! scorebot > C reportflag(2,"476F2D498048DECEB1456E2AAFF4D7BC3FC40A82DC8516B59AA8B26814E55CCB") O O This flag is not valid anymore! scorebot > C reportflag(2,"871745FCA2126F8575FCA84D0EA085F8AFF193F7E462CA39EC525DEF8EF2351F") O O This flag is not valid anymore! scorebot > C reportflag(2,"D57C8207A4746C2BEA3DE8001E5DBDC41E3CE2BDFA924B84A1B2A24BEAFA49A3") O O This flag is not valid anymore! scorebot > C reportflag(2,"A678E2147834A82001F77F99F78BCCAB1528D6A6397DE7FB57D3D68CB7724B51") O O This flag is not valid anymore! scorebot > C reportflag(2,"EE0A6CBB0EB93D7B33E9881C0865E92427757AA47EBA174716C0EDE0DC8C5391") O O This flag is not valid anymore! scorebot > C reportflag(2,"55A556888B736E94394B0A12B93C958CFF56C4A59D97F06020909AD9C84A4AA0") O O This flag is not valid anymore! scorebot > C reportflag(2,"FC8B66CC0EA60C066A6915441B8F5E03FF0C6127C1AD0A0DB1EFFC0AC79C320D") O O This flag is not valid anymore! scorebot > scorebot > scorebot > scorebot > scorebot > C reportflag(2,"2B2E74D2C255BA2820C1EFB22F5821E9A5030F93031AC0ECE53A126301A16CED") O O You successfully reported flag 2B2E74D2C255BA2820C1EFB22F5821E9A5030F93031AC0ECE53A126301A16CED, which is from service Strafkartei Website2 O You now have 96 offensive points scorebot > C reportflag(2,"17213D42D5BF4AF00073B024922592C8E6E5F7165638418FD9DA8B4F5D843F19") O O You successfully reported flag 17213D42D5BF4AF00073B024922592C8E6E5F7165638418FD9DA8B4F5D843F19, which is from service Strafkartei Website2 O You now have 97 offensive points scorebot > C reportflag(2,"73F2BFC9E180954201053E3061F2C4C4DA885D72007415B3AFA466838A695F81") O O You successfully reported flag 73F2BFC9E180954201053E3061F2C4C4DA885D72007415B3AFA466838A695F81, which is from service Strafkartei Website1 O You now have 98 offensive points scorebot > O bye! O Timeout; bye L closing O Welcome, 10.2.0.18 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C reportflag(2,"3B6590BCD5D06FFDE37DDC4C280EE77F5F51395798DD1EE812CF93266578B7A1") O O You successfully reported flag 3B6590BCD5D06FFDE37DDC4C280EE77F5F51395798DD1EE812CF93266578B7A1, which is from service Strafkartei Website2 O You now have 99 offensive points scorebot > C reportflag(2,"CDC95A8539A5A2864A9CBC39EE00DD040B102CFBBBA0A78DCB2FFC105D7E4C06") O O You successfully reported flag CDC95A8539A5A2864A9CBC39EE00DD040B102CFBBBA0A78DCB2FFC105D7E4C06, which is from service Strafkartei Website1 O You now have 100 offensive points scorebot > C reportflag(2,"D378B43687496B950A4DE0C13A8F185B7586A52C780A4A50720236EA180BE7A3") O O You successfully reported flag D378B43687496B950A4DE0C13A8F185B7586A52C780A4A50720236EA180BE7A3, which is from service Strafkartei Website1 O You now have 101 offensive points scorebot > C reportflag(2,"26D89D3B84936243F82C24E4A13C5751140BDB1040A7FACC48916BFDBA54E114") O O You successfully reported flag 26D89D3B84936243F82C24E4A13C5751140BDB1040A7FACC48916BFDBA54E114, which is from service Strafkartei Website1 O You now have 102 offensive points scorebot > scorebot > scorebot > scorebot > scorebot > scorebot > C O bye! O Timeout; bye L closing O Welcome, 10.2.0.18 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C reportflag(2,"999CB967DA8ECE612887180FC919C2778E3DF99FCA9A2102B06F0144DB56B36F") O O You successfully reported flag 999CB967DA8ECE612887180FC919C2778E3DF99FCA9A2102B06F0144DB56B36F, which is from service Strafkartei Website2 O You now have 103 offensive points scorebot > C reportflag(2,"F8B9A60162873FF449538CB9E646D05215F94AACF94132784BBA73616FCC7B27") O O You successfully reported flag F8B9A60162873FF449538CB9E646D05215F94AACF94132784BBA73616FCC7B27, which is from service Strafkartei Website1 O You now have 104 offensive points scorebot > C reportflag(2,"45C5D163668B0455D1BA584BE1CF1CAE1661AF9BB1E9673C7FA37B034A2A212C") O O You successfully reported flag 45C5D163668B0455D1BA584BE1CF1CAE1661AF9BB1E9673C7FA37B034A2A212C, which is from service Strafkartei Website1 O You now have 105 offensive points scorebot > C reportflag(2,"677644495E0683CE7CD4F4C82F1200843340E888536F036863DDAAECBED4672D") O O You successfully reported flag 677644495E0683CE7CD4F4C82F1200843340E888536F036863DDAAECBED4672D, which is from service Strafkartei Website2 O You now have 106 offensive points scorebot > C reportflag(2,"5202DA83777BE27D9AEBE1C20914B76594C07311F184F2ABBAD5DA276D23646E") O O You successfully reported flag 5202DA83777BE27D9AEBE1C20914B76594C07311F184F2ABBAD5DA276D23646E, which is from service Strafkartei Website1 O You now have 107 offensive points scorebot > scorebot > scorebot > scorebot > scorebot > C scorebot > C reportflag(2,"5AE31239BF388D6A2ACF96E606A089C013CACAA1755E008A19E5DBD30B8A0F0A") O O You successfully reported flag 5AE31239BF388D6A2ACF96E606A089C013CACAA1755E008A19E5DBD30B8A0F0A, which is from service Strafkartei Website2 O You now have 108 offensive points scorebot > C reportflag(2,"18865B71AC9AADA5CBAFBD919E9529899DFDA057E2C1AB7A460DB7CAE14AA7AF") O O You successfully reported flag 18865B71AC9AADA5CBAFBD919E9529899DFDA057E2C1AB7A460DB7CAE14AA7AF, which is from service Strafkartei Website2 O You now have 109 offensive points scorebot > C reportflag(2,"7DF3A361FD78CCEF4B0E804A09D4F335B65E7ABAB4A9A3FAEE5CFC3865A2304B") O O You successfully reported flag 7DF3A361FD78CCEF4B0E804A09D4F335B65E7ABAB4A9A3FAEE5CFC3865A2304B, which is from service Strafkartei Website2 O You now have 110 offensive points scorebot > C reportflag(2,"1E590C6F2E496FDDBE091F529C11BB8BEADB1A0DA3B347E9FF59FB5CB569AE8A") O O You successfully reported flag 1E590C6F2E496FDDBE091F529C11BB8BEADB1A0DA3B347E9FF59FB5CB569AE8A, which is from service Strafkartei Website1 O You now have 111 offensive points scorebot > O bye! O Timeout; bye L closing O Welcome, 10.2.0.18 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C reportflag(2,"174591AE2C59671668F890E9A0DFE6E2370DAD8EE5C4A3592A5AF944422F88CA") O O You successfully reported flag 174591AE2C59671668F890E9A0DFE6E2370DAD8EE5C4A3592A5AF944422F88CA, which is from service Strafkartei Website2 O You now have 112 offensive points scorebot > C reportflag(2,"A97B4863D7E919B13658A1947C847B7D6DCFC9C6D8D9DC52AA580A512410FBD6") O O You successfully reported flag A97B4863D7E919B13658A1947C847B7D6DCFC9C6D8D9DC52AA580A512410FBD6, which is from service Strafkartei Website2 O You now have 113 offensive points scorebot > C reportflag(2,"A9B188E84083246F9DAA170EFD8AD40198EC16D3CFCE92B22E1887513C606D1F") O O You successfully reported flag A9B188E84083246F9DAA170EFD8AD40198EC16D3CFCE92B22E1887513C606D1F, which is from service Strafkartei Website2 O You now have 114 offensive points scorebot > scorebot > scorebot > scorebot > scorebot > scorebot > O bye! O Timeout; bye L closing O Welcome, 10.2.0.18 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C reportflag(2,"C11DE9F0CD3712B2D90598F6477C80956CD79B42724243910CB3343FBFC3234D") O O You successfully reported flag C11DE9F0CD3712B2D90598F6477C80956CD79B42724243910CB3343FBFC3234D, which is from service Strafkartei Website2 O You now have 115 offensive points scorebot > C reportflag(2,"192016333B674F633821888664F79160E4A1D3E995CF38CFB3E7BDB9E5CD736E") O O You successfully reported flag 192016333B674F633821888664F79160E4A1D3E995CF38CFB3E7BDB9E5CD736E, which is from service Strafkartei Website1 O You now have 116 offensive points scorebot > scorebot > scorebot > scorebot > C reportflag(2,"51E5E44C8874E083FA6F162CC076FF3992A807E94EB4D676AEDC96936704828E") O O You successfully reported flag 51E5E44C8874E083FA6F162CC076FF3992A807E94EB4D676AEDC96936704828E, which is from service Strafkartei Website2 O You now have 117 offensive points scorebot > scorebot > C reportflag(2,"C11DE9F0CD3712B2D90598F6477C80956CD79B42724243910CB3343FBFC3234D") O O This flag is not valid anymore! O bye! O Timeout; bye L closing O Welcome, 10.2.0.18 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C reportflag(2,"C11DE9F0CD3712B2D90598F6477C80956CD79B42724243910CB3343FBFC3234D") O O This flag is not valid anymore! scorebot > C reportflag(2,"192016333B674F633821888664F79160E4A1D3E995CF38CFB3E7BDB9E5CD736E") O O This flag is not valid anymore! scorebot > C reportflag(2,"51E5E44C8874E083FA6F162CC076FF3992A807E94EB4D676AEDC96936704828E") O O This flag is not valid anymore! scorebot > C reportflag(2,"EBBE9E849F314AA162856D6F94127F252869FC1B533D9EC61070BA4DF0BD50FB") O O You successfully reported flag EBBE9E849F314AA162856D6F94127F252869FC1B533D9EC61070BA4DF0BD50FB, which is from service Strafkartei Website2 O You now have 118 offensive points scorebot > C reportflag(2,"D6648628E5B21803496FB3DE31567E6C3D2D89A156D81F6B464E53779C1A5C36") O O You successfully reported flag D6648628E5B21803496FB3DE31567E6C3D2D89A156D81F6B464E53779C1A5C36, which is from service Strafkartei Website2 O You now have 119 offensive points scorebot > C reportflag(2,"8DD7490550D89B0B3C2AC79FCBBA4B8B56FEDC988D3AF3D6F48C4783B09F7D98") O O You successfully reported flag 8DD7490550D89B0B3C2AC79FCBBA4B8B56FEDC988D3AF3D6F48C4783B09F7D98, which is from service Strafkartei Website2 O You now have 120 offensive points scorebot > C reportflag(2,"3D70BCCA79FEAB3F9A1CD04BD9408F8AEC957CFD163C3116D4F40128F50963E1") O O You successfully reported flag 3D70BCCA79FEAB3F9A1CD04BD9408F8AEC957CFD163C3116D4F40128F50963E1, which is from service Strafkartei Website2 O You now have 121 offensive points scorebot > C reportflag(2,"EBFFDCB793EBE09804457DB1074BC8D3214B08E3BC06664CAC4564F7BC39C1AD") O O You successfully reported flag EBFFDCB793EBE09804457DB1074BC8D3214B08E3BC06664CAC4564F7BC39C1AD, which is from service Strafkartei Website1 O You now have 122 offensive points scorebot > C reportflag(2,"C235D96C944E0F5715D08C02ECEFC02763DADAE4218ED21EC213A6B7995F077C") O O You successfully reported flag C235D96C944E0F5715D08C02ECEFC02763DADAE4218ED21EC213A6B7995F077C, which is from service Strafkartei Website1 O You now have 123 offensive points scorebot > C reportflag(2,"4460E634AA9D7BC9C637D9A34496BCE6E8103FB3C18A746A7AFCA5AA8F4E1910") O O You successfully reported flag 4460E634AA9D7BC9C637D9A34496BCE6E8103FB3C18A746A7AFCA5AA8F4E1910, which is from service Strafkartei Website1 O You now have 124 offensive points scorebot > scorebot > scorebot > scorebot > scorebot > scorebot > O bye! O Timeout; bye L closing O Welcome, 10.2.0.18 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C reportflag(2,"0EA366175F8B8CF2E00C39A05311D67C8E21267EE299557627A24BC8DC2C1A05") O O Flag "0EA366175F8B8CF2E00C39A05311D67C8E21267EE299557627A24BC8DC2C1A05" does not exist! scorebot > C reportflag(2,"31A3B636AE1A113ACFF463188FDC62D9099B38E0DDA93AA3DF865E75364F4F84") O O Flag "31A3B636AE1A113ACFF463188FDC62D9099B38E0DDA93AA3DF865E75364F4F84" does not exist! scorebot > C reportflag(2,"737819E018842D24A615256CC632D61D731FBA1EC1EBFEB48D3600DC4A896DEC") O O Flag "737819E018842D24A615256CC632D61D731FBA1EC1EBFEB48D3600DC4A896DEC" does not exist! scorebot > C reportflag(2,"F52E547DAAB363129ED2A205AFC90B821D734AE92D7FF8C14B47B34164EFF9C3") O O Flag "F52E547DAAB363129ED2A205AFC90B821D734AE92D7FF8C14B47B34164EFF9C3" does not exist! scorebot > C reportflag(2,"DC6C2614D2821E01F1DEA0D4BF313E057F2317C053B45137E0B416531BF674E5") O O Flag "DC6C2614D2821E01F1DEA0D4BF313E057F2317C053B45137E0B416531BF674E5" does not exist! scorebot > C reportflag(2,"44FB06F88BBDB446DA7CF411485DCAC1D03687547AB6CF582DC02AA8F413D837") O O Flag "44FB06F88BBDB446DA7CF411485DCAC1D03687547AB6CF582DC02AA8F413D837" does not exist! scorebot > C reportflag(2,"EC6BCB358A771C00B468C265B96AB8F5DFAC1EFB59B176BDAC0440C25CC8DB96") O O Flag "EC6BCB358A771C00B468C265B96AB8F5DFAC1EFB59B176BDAC0440C25CC8DB96" does not exist! scorebot > C reportflag(2,"F9F63E94E4C72B4EB821EE2673E256ADB2F7B1AB764C2D1B9315F3A19EBD5058") O O Flag "F9F63E94E4C72B4EB821EE2673E256ADB2F7B1AB764C2D1B9315F3A19EBD5058" does not exist! scorebot > C reportflag(2,"2AFA52C00539209786AEC7CC12E0CDB148C9E3AB8C5488503694B171FE648F8E") O O Flag "2AFA52C00539209786AEC7CC12E0CDB148C9E3AB8C5488503694B171FE648F8E" does not exist! scorebot > C reportflag(2,"87B79D470F1E75869A829560A9ADD5CDBDF0D503AB053F0547517076C16789B4") O O Flag "87B79D470F1E75869A829560A9ADD5CDBDF0D503AB053F0547517076C16789B4" does not exist! scorebot > C reportflag(2,"8EA7C1BEA5DF4BD6176E1E6C708ADE418E274902B3B357B3CC4D165D7608F187") O O Flag "8EA7C1BEA5DF4BD6176E1E6C708ADE418E274902B3B357B3CC4D165D7608F187" does not exist! scorebot > C reportflag(2,"B3C665F617C85CA42C9B2F9C233E5A350B0AC5CE2DF90287B0E0A7968046713D") O O Flag "B3C665F617C85CA42C9B2F9C233E5A350B0AC5CE2DF90287B0E0A7968046713D" does not exist! scorebot > C reportflag(2,"4326AF9D21929AA0048B55F00903EEECE4F57ABDD4B07E7764B76B1C4EE05C8D") O O Flag "4326AF9D21929AA0048B55F00903EEECE4F57ABDD4B07E7764B76B1C4EE05C8D" does not exist! scorebot > C reportflag(2,"D356795C5770A7AB705662183DC576B1B414C78723C1F4BD1BEA82E7B3985178") O O Flag "D356795C5770A7AB705662183DC576B1B414C78723C1F4BD1BEA82E7B3985178" does not exist! scorebot > C reportflag(2,"28755F37C058CAC77CC2F2457898B9EA2EB50A9656ED72B0D153EACFF990B828") O O Flag "28755F37C058CAC77CC2F2457898B9EA2EB50A9656ED72B0D153EACFF990B828" does not exist! scorebot > C reportflag(2,"C678EC5183164395C768FDC93A5C2CDCD610973D6FE7C8D5F7B43D780ADCD1EB") O O Flag "C678EC5183164395C768FDC93A5C2CDCD610973D6FE7C8D5F7B43D780ADCD1EB" does not exist! scorebot > C reportflag(2,"DDAD204FB23E43684C7F39F17DA7FA90B77189ACE6DC4193507DE5C6B31248F0") O O This flag is not valid anymore! scorebot > C reportflag(2,"505A39669E136F3C3583FCA0882A5352E5FE95ED0CFCC191E5C572F5E32C97A7") O O This flag is not valid anymore! scorebot > C reportflag(2,"D7BA0A77A17993E6A1441C854380AEC4C64330A1DCC99DCB3A2F3B6F19BF14C2") O O This flag is not valid anymore! scorebot > C reportflag(2,"26F29D69841669547CD3D6BC99698EA35411A8783386B57D5C3D6BF8E1D3CE7F") O O This flag is not valid anymore! scorebot > C reportflag(2,"EA9C2AD8175157896D26F62160520C6053FFB1E9F7DD387199E89EC475488032") O O This flag is not valid anymore! scorebot > C reportflag(2,"A1A5586B742BF32B0C68DE1C56FD862A9D7CC9F89109AD7D7328E712335BED85") O O This flag is not valid anymore! scorebot > C reportflag(2,"44A11AFF40B6D0C7C2E2517CAC1EA07C7881362E0FB7ADA66E04BA0C0F3D7916") O O This flag is not valid anymore! scorebot > C reportflag(2,"9D4DEA069278EFB9C47F4F3C5D4542FA408115D1DEF52008EF17BB99798E5051") O O This flag is not valid anymore! scorebot > C reportflag(2,"89396652A69499F2EEC0F6C6DDAE51A29F53353454CEB048515E331EC076DAEC") O O This flag is not valid anymore! scorebot > C reportflag(2,"2FF926B5F5875141B2C478A6723256B66AA1CFE46811098C3D45297D6FE0C02C") O O This flag is not valid anymore! scorebot > C reportflag(2,"9F5681241CF152100A880BFC90E58B038DF28A65A55F48E2B27FE5DA2D421630") O O You successfully reported flag 9F5681241CF152100A880BFC90E58B038DF28A65A55F48E2B27FE5DA2D421630, which is from service Strafkartei Website2 O You now have 125 offensive points scorebot > C reportflag(2,"8DD20BA1147C07643873C121BB6A2F7DB0C1E5B9D7DFB3E1D7D2B70A8E17AFCB") O O You successfully reported flag 8DD20BA1147C07643873C121BB6A2F7DB0C1E5B9D7DFB3E1D7D2B70A8E17AFCB, which is from service Strafkartei Website2 O You now have 126 offensive points scorebot > C reportflag(2,"EC988ABAE6EC06A8BBC0D9C5C69D29C8448F78EE15456EA7C257CF25BF2898D2") O O You successfully reported flag EC988ABAE6EC06A8BBC0D9C5C69D29C8448F78EE15456EA7C257CF25BF2898D2, which is from service Strafkartei Website2 O You now have 127 offensive points scorebot > C reportflag(2,"27E86837A8E2C925861A4D18CD96C69915A4507D2CA69A1C9BCEC22A29ED75CD") O O You successfully reported flag 27E86837A8E2C925861A4D18CD96C69915A4507D2CA69A1C9BCEC22A29ED75CD, which is from service Strafkartei Website2 O You now have 128 offensive points scorebot > C reportflag(2,"44A11AFF40B6D0C7C2E2517CAC1EA07C7881362E0FB7ADA66E04BA0C0F3D7916") O O This flag is not valid anymore! scorebot > C reportflag(2,"9D4DEA069278EFB9C47F4F3C5D4542FA408115D1DEF52008EF17BB99798E5051") O O This flag is not valid anymore! scorebot > C reportflag(2,"89396652A69499F2EEC0F6C6DDAE51A29F53353454CEB048515E331EC076DAEC") O O This flag is not valid anymore! scorebot > C reportflag(2,"2FF926B5F5875141B2C478A6723256B66AA1CFE46811098C3D45297D6FE0C02C") O O This flag is not valid anymore! scorebot > C reportflag(2,"9F5681241CF152100A880BFC90E58B038DF28A65A55F48E2B27FE5DA2D421630") O O This flag is not valid anymore! scorebot > C reportflag(2,"8DD20BA1147C07643873C121BB6A2F7DB0C1E5B9D7DFB3E1D7D2B70A8E17AFCB") O O This flag is not valid anymore! scorebot > C reportflag(2,"EC988ABAE6EC06A8BBC0D9C5C69D29C8448F78EE15456EA7C257CF25BF2898D2") O O This flag is not valid anymore! scorebot > C reportflag(2,"27E86837A8E2C925861A4D18CD96C69915A4507D2CA69A1C9BCEC22A29ED75CD") O O This flag is not valid anymore! scorebot > C scorebot > scorebot > scorebot > C reportflag(2,"3E1AABE2A4A275ACB5F5339D85F1E9AE907632CAA806C79A4F9101BAD7F2068A") O O You successfully reported flag 3E1AABE2A4A275ACB5F5339D85F1E9AE907632CAA806C79A4F9101BAD7F2068A, which is from service Strafkartei Website1 O You now have 129 offensive points scorebot > scorebot > O bye! O Timeout; bye L closing O Welcome, 10.2.0.18 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C reportflag(2,"881729F8846D2BAD1548068925979D15118C707142084C5A4CE9E09EA7E424BD") O O You successfully reported flag 881729F8846D2BAD1548068925979D15118C707142084C5A4CE9E09EA7E424BD, which is from service Strafkartei Website2 O You now have 130 offensive points scorebot > C reportflag(2,"C04FB1C7379DD648E2DA8E66D47B1186C9D65FEA4C55AD4A0540AB510BB2BE33") O O You successfully reported flag C04FB1C7379DD648E2DA8E66D47B1186C9D65FEA4C55AD4A0540AB510BB2BE33, which is from service Strafkartei Website2 O You now have 131 offensive points scorebot > C reportflag(2,"63D34606935F67A4F1EAF4FF14007DF8F367C2AC98A2C161B8550BC49905380E") O O You successfully reported flag 63D34606935F67A4F1EAF4FF14007DF8F367C2AC98A2C161B8550BC49905380E, which is from service Strafkartei Website2 O You now have 132 offensive points scorebot > C reportflag(2,"69D779C0FDAE584945E3FB71D4CFB4F8EA5759E345C7768A9DAC738A8957E1DA") O O You successfully reported flag 69D779C0FDAE584945E3FB71D4CFB4F8EA5759E345C7768A9DAC738A8957E1DA, which is from service Strafkartei Website2 O You now have 133 offensive points scorebot > scorebot > scorebot > scorebot > scorebot > C reportflag(2,"C04FB1C7379DD648E2DA8E66D47B1186C9D65FEA4C55AD4A0540AB510BB2BE33") O O This flag is not valid anymore! scorebot > C reportflag(2,"63D34606935F67A4F1EAF4FF14007DF8F367C2AC98A2C161B8550BC49905380E") O O This flag is not valid anymore! scorebot > C reportflag(2,"69D779C0FDAE584945E3FB71D4CFB4F8EA5759E345C7768A9DAC738A8957E1DA") O O This flag is not valid anymore! scorebot > C reportflag(2,"010EFEFC7B2B9F3330757D01CF1C173FD6A4128E812A0CE9B5579C540C3D482C") O O You successfully reported flag 010EFEFC7B2B9F3330757D01CF1C173FD6A4128E812A0CE9B5579C540C3D482C, which is from service Strafkartei Website1 O You now have 134 offensive points scorebot > C reportflag(2,"C633004F4417530C99E84F2BF52E1262E0946E4084745A3777A27A62ECA8F3FF") O O You successfully reported flag C633004F4417530C99E84F2BF52E1262E0946E4084745A3777A27A62ECA8F3FF, which is from service Strafkartei Website1 O You now have 135 offensive points scorebot > C reportflag(2,"AB9ACDF292669E398DB090C2C32812DE8EF5CC00DD368525C2EC3A3F6EB387B9") O O You successfully reported flag AB9ACDF292669E398DB090C2C32812DE8EF5CC00DD368525C2EC3A3F6EB387B9, which is from service Strafkartei Website1 O You now have 136 offensive points scorebot > O bye! O Timeout; bye L closing O Welcome, 10.2.0.18 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C reportflag(2,"AFEB83E9EF101AA1685EEA77376AC9B22C640F7EC6420482B0EA5EF589725478") O O This flag is not valid anymore! scorebot > C reportflag(2,"74F3DA1E7764E65BE712879012D432F5DBEFF2EE6473D0602E0EDF873ACE989F") O O This flag is not valid anymore! scorebot > C reportflag(2,"DCADFA90B7003675D4CF1688721AD0E83D943F5FB91C56FD1CB22E48AFB988DB") O O This flag is not valid anymore! scorebot > C reportflag(2,"71CEA66B6323E68F43896D0014A564D73C41D9D8353EC42AC06276C2F155C1E6") O O This flag is not valid anymore! scorebot > C reportflag(2,"9DA5275E46AF6FCDCD7464E0EC587D04E7EDDA4A9C395292260238AA7D60A788") O O This flag is not valid anymore! scorebot > C reportflag(2,"305943B2BD3AC794103647AC9F8AE76FEFD81AC28549820B9C3C1263C3CD4AD1") O O You successfully reported flag 305943B2BD3AC794103647AC9F8AE76FEFD81AC28549820B9C3C1263C3CD4AD1, which is from service Strafkartei Website2 O You now have 137 offensive points scorebot > C reportflag(2,"E0ACF5B63A6EC0F62C1B0AA908C123542B59C6A8DD47CCE4360DCE5DA9333303") O O You successfully reported flag E0ACF5B63A6EC0F62C1B0AA908C123542B59C6A8DD47CCE4360DCE5DA9333303, which is from service Strafkartei Website2 O You now have 138 offensive points scorebot > C reportflag(2,"C45A2822C2B20E7F47695B54B7477E56143E776262C46A834B52E82207045F91") O O You successfully reported flag C45A2822C2B20E7F47695B54B7477E56143E776262C46A834B52E82207045F91, which is from service Strafkartei Website2 O You now have 139 offensive points scorebot > C reportflag(2,"D9FBED7270303D4A0BB9E12B6D91B7A94AC06424296B441EF67109182997FF56") O O You successfully reported flag D9FBED7270303D4A0BB9E12B6D91B7A94AC06424296B441EF67109182997FF56, which is from service Strafkartei Website2 O You now have 140 offensive points scorebot > scorebot > scorebot > C reportflag(2,"F89D9E850F0E031E32D80F5E5AE79E04948FC66965A5FEB58418513F6BABEFA7") O O You successfully reported flag F89D9E850F0E031E32D80F5E5AE79E04948FC66965A5FEB58418513F6BABEFA7, which is from service Strafkartei Website1 O You now have 141 offensive points scorebot > scorebot > scorebot > O bye! O Timeout; bye L closing O Welcome, 10.2.0.18 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C reportflag(2,"F89D9E850F0E031E32D80F5E5AE79E04948FC66965A5FEB58418513F6BABEFA7") O O This flag is not valid anymore! scorebot > C reportflag(2,"7D80014CF01C382A236339F6A16A66D70D02927B19BB2B1D960E1D8A5006BC95") O O You successfully reported flag 7D80014CF01C382A236339F6A16A66D70D02927B19BB2B1D960E1D8A5006BC95, which is from service Strafkartei Website2 O You now have 142 offensive points scorebot > C reportflag(2,"F467CD72FAA37C80FB71FD704434A36260990F4DE5D2E7E399224C37566848DF") O O You successfully reported flag F467CD72FAA37C80FB71FD704434A36260990F4DE5D2E7E399224C37566848DF, which is from service Strafkartei Website1 O You now have 143 offensive points scorebot > C reportflag(2,"D3263347A3BCD0AFFCB71FDE1E757019E1D4D53D2B5635C0E304E1D652F02D9A") O O You successfully reported flag D3263347A3BCD0AFFCB71FDE1E757019E1D4D53D2B5635C0E304E1D652F02D9A, which is from service Strafkartei Website1 O You now have 144 offensive points scorebot > scorebot > scorebot > C reportflag(2,"D3263347A3BCD0AFFCB71FDE1E757019E1D4D53D2B5635C0E304E1D652F02D9A") O O This flag is not valid anymore! scorebot > C reportflag(2,"F7388C34045A417CC1FC82C0FEFB7D7FC41F1C8D6E0CEFD24ECBFB4931D68456") O O You successfully reported flag F7388C34045A417CC1FC82C0FEFB7D7FC41F1C8D6E0CEFD24ECBFB4931D68456, which is from service Strafkartei Website2 O You now have 145 offensive points scorebot > C reportflag(2,"ED6D742B03646A141BE4948BE39CA1207AD009BF36E7F2DD8520D93574714280") O O You successfully reported flag ED6D742B03646A141BE4948BE39CA1207AD009BF36E7F2DD8520D93574714280, which is from service Strafkartei Website2 O You now have 146 offensive points scorebot > C reportflag(2,"EB88B6FF5590ED4BE9DC2134E17530E75C963E22D7A950786840E75D3673E856") O O You successfully reported flag EB88B6FF5590ED4BE9DC2134E17530E75C963E22D7A950786840E75D3673E856, which is from service Strafkartei Website2 O You now have 147 offensive points scorebot > C reportflag(2,"E3CC8A6EF89B00D1E9BC667941F332943C7F73A8877FB365630BE30E87C1B71C") O O You successfully reported flag E3CC8A6EF89B00D1E9BC667941F332943C7F73A8877FB365630BE30E87C1B71C, which is from service Strafkartei Website2 O You now have 148 offensive points scorebot > C reportflag(2,"A89E599EFE89FA4F5C2831267C0794C8117557EBD3A66DFAAC147AF1ED77B93E") O O You successfully reported flag A89E599EFE89FA4F5C2831267C0794C8117557EBD3A66DFAAC147AF1ED77B93E, which is from service Strafkartei Website2 O You now have 149 offensive points scorebot > scorebot > scorebot > C O bye! O Timeout; bye L closing O Welcome, 10.2.0.18 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C reportflag(2,"E3CC8A6EF89B00D1E9BC667941F332943C7F73A8877FB365630BE30E87C1B71C") O O This flag is not valid anymore! scorebot > C reportflag(2,"A89E599EFE89FA4F5C2831267C0794C8117557EBD3A66DFAAC147AF1ED77B93E") O O This flag is not valid anymore! scorebot > C reportflag(2,"D40473493FA571C8F06AD5835758C88A179E29FD04F863BDAF7CE987F5A7428F") O O You successfully reported flag D40473493FA571C8F06AD5835758C88A179E29FD04F863BDAF7CE987F5A7428F, which is from service Strafkartei Website1 O You now have 150 offensive points scorebot > C reportflag(2,"D7A9AC9CD481E4ABD63BF5F94DF10A49E7842FF7537159DACE770F6F0934143D") O O You successfully reported flag D7A9AC9CD481E4ABD63BF5F94DF10A49E7842FF7537159DACE770F6F0934143D, which is from service Strafkartei Website1 O You now have 151 offensive points scorebot > C reportflag(2,"E3CBC826C0D32D0F7110DA34D5E2FAAE9865D54D8DD9827B152109130FCCE797") O O You successfully reported flag E3CBC826C0D32D0F7110DA34D5E2FAAE9865D54D8DD9827B152109130FCCE797, which is from service Strafkartei Website1 O You now have 152 offensive points scorebot > C reportflag(2,"A34F97303050D8AEC957038FBA59ECEA5711E2BE3B65E2C6DEFC9985B75CCEC4") O O You successfully reported flag A34F97303050D8AEC957038FBA59ECEA5711E2BE3B65E2C6DEFC9985B75CCEC4, which is from service Strafkartei Website1 O You now have 153 offensive points scorebot > C reportflag(2,"E3F860F2AA0690C3A86EBB5136D7E851B48621E07B74A6138515EBFB697A2A35") O O You successfully reported flag E3F860F2AA0690C3A86EBB5136D7E851B48621E07B74A6138515EBFB697A2A35, which is from service Strafkartei Website1 O You now have 154 offensive points scorebot > scorebot > scorebot > scorebot > C scorebot > C reportflag(2,"725DC0AB0DD2E66E865E5148C03D5064751E390C190880ECB8B6BC99E0A1BCCC") O O You successfully reported flag 725DC0AB0DD2E66E865E5148C03D5064751E390C190880ECB8B6BC99E0A1BCCC, which is from service Strafkartei Website2 O You now have 155 offensive points scorebot > C reportflag(2,"5DCB28A4DDDEDFDD3116C912729C8434254FDCFD0D1C8E3CC4370E564CC560FC") O O You successfully reported flag 5DCB28A4DDDEDFDD3116C912729C8434254FDCFD0D1C8E3CC4370E564CC560FC, which is from service Strafkartei Website2 O You now have 156 offensive points scorebot > C reportflag(2,"E905B577BEDCCA6F2A6A497FA65787DE85085D5C3822F8894DFE44C9123DF71D") O O You successfully reported flag E905B577BEDCCA6F2A6A497FA65787DE85085D5C3822F8894DFE44C9123DF71D, which is from service Strafkartei Website2 O You now have 157 offensive points scorebot > scorebot > O bye! O Timeout; bye L closing O Welcome, 10.2.0.18 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C reportflag(2,"18ABCE3184D78B771E1476B17ACB911623BAAF0280F123B7ED370C24BF2312F1") O O You successfully reported flag 18ABCE3184D78B771E1476B17ACB911623BAAF0280F123B7ED370C24BF2312F1, which is from service Strafkartei Website1 O You now have 158 offensive points scorebot > C reportflag(2,"D63948106A3A3F2AFEEDD8562C00CC6E7CEEA36C0EFF4D1AF93FB0AD08543682") O O You successfully reported flag D63948106A3A3F2AFEEDD8562C00CC6E7CEEA36C0EFF4D1AF93FB0AD08543682, which is from service Strafkartei Website1 O You now have 159 offensive points scorebot > C reportflag(2,"57C92C2BDC540EC55F1DA0F9E4D27DCA7C9D9E7EFEF6048C1275766CC7653ABC") O O You successfully reported flag 57C92C2BDC540EC55F1DA0F9E4D27DCA7C9D9E7EFEF6048C1275766CC7653ABC, which is from service Strafkartei Website1 O You now have 160 offensive points scorebot > C reportflag(2,"FBBE8639AD60FE401BE3D046AE3FEAFC42F0FBC8C0B8D6B5A7F652323345A592") O O You successfully reported flag FBBE8639AD60FE401BE3D046AE3FEAFC42F0FBC8C0B8D6B5A7F652323345A592, which is from service Strafkartei Website1 O You now have 161 offensive points scorebot > C reportflag(2,"C2411D6585629CC25354EC478BBB7221D2C7AC0AD4470AF2A938E800B572D647") O O You successfully reported flag C2411D6585629CC25354EC478BBB7221D2C7AC0AD4470AF2A938E800B572D647, which is from service Strafkartei Website1 O You now have 162 offensive points scorebot > C reportflag(2,"7B0E82220FD84E48C3D5D103A95374D11A0A42D174A7959298D5ECDF866345B9") O O You successfully reported flag 7B0E82220FD84E48C3D5D103A95374D11A0A42D174A7959298D5ECDF866345B9, which is from service Strafkartei Website2 O You now have 163 offensive points scorebot > C reportflag(2,"DBE2828BC82B212D504182B97877D70A0DF220E4715CCA732B42DDFCF28C717F") O O You successfully reported flag DBE2828BC82B212D504182B97877D70A0DF220E4715CCA732B42DDFCF28C717F, which is from service Strafkartei Website2 O You now have 164 offensive points scorebot > C reportflag(2,"B525765DF13F01F2AA1EF22146CF5EA6AFED7502343CEF7F52E695CD12D2A45E") O O You successfully reported flag B525765DF13F01F2AA1EF22146CF5EA6AFED7502343CEF7F52E695CD12D2A45E, which is from service Strafkartei Website2 O You now have 165 offensive points scorebot > C reportflag(2,"1857B86C2898FDC7AF959E50FA7EBE83EFF9907B93024A209BF6121397AA2B4B") O O You successfully reported flag 1857B86C2898FDC7AF959E50FA7EBE83EFF9907B93024A209BF6121397AA2B4B, which is from service Strafkartei Website2 O You now have 166 offensive points scorebot > scorebot > O Error: EOF scorebot > O Error: EOF scorebot > O Error: EOF scorebot > O Error: EOF scorebot > O Error: EOF O Too many exceptions O bye! O Timeout; bye L closing O Welcome, 10.2.0.18 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C reportflag(2,"DBE2828BC82B212D504182B97877D70A0DF220E4715CCA732B42DDFCF28C717F") O O This flag is not valid anymore! scorebot > O Error: EOF scorebot > O Error: EOF scorebot > O Error: EOF scorebot > O Error: EOF scorebot > O Error: EOF O Too many exceptions O bye! O Timeout; bye L closing O Welcome, 10.2.0.18 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C reportflag(2,"DBE2828BC82B212D504182B97877D70A0DF220E4715CCA732B42DDFCF28C717F") O O This flag is not valid anymore! scorebot > O Error: EOF scorebot > O Error: EOF scorebot > O Error: EOF scorebot > O Error: EOF scorebot > O Error: EOF O Too many exceptions O bye! O Timeout; bye L closing O Welcome, 10.2.0.18 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C reportflag(2,"D44A05B76030945EE91E14C5EFDEC9939555F89150BA10030B90E3786CD5A883") O O You successfully reported flag D44A05B76030945EE91E14C5EFDEC9939555F89150BA10030B90E3786CD5A883, which is from service Strafkartei Website1 O You now have 167 offensive points scorebot > C reportflag(2,"F94514120DC8B1AE045E53A844E0E08AD743A87D5D77B5D548CFAE7EAC5DAD4B") O O You successfully reported flag F94514120DC8B1AE045E53A844E0E08AD743A87D5D77B5D548CFAE7EAC5DAD4B, which is from service Strafkartei Website1 O You now have 168 offensive points scorebot > C reportflag(2,"2242D65FB1F546DC907E7D3C66DE19C5486E61EBBAC5A708DCF208E47A77276A") O O You successfully reported flag 2242D65FB1F546DC907E7D3C66DE19C5486E61EBBAC5A708DCF208E47A77276A, which is from service Strafkartei Website1 O You now have 169 offensive points scorebot > C reportflag(2,"DEB1E9C6414A2FAABB33553E26FB883B7C2A2B3638AA37EDCADD5786124D358C") O O You successfully reported flag DEB1E9C6414A2FAABB33553E26FB883B7C2A2B3638AA37EDCADD5786124D358C, which is from service Strafkartei Website1 O You now have 170 offensive points scorebot > C reportflag(2,"E5BBE2FB0B62EC55797BED1AC7454E016B2067063B1660961526C5B962D9CD42") O O You successfully reported flag E5BBE2FB0B62EC55797BED1AC7454E016B2067063B1660961526C5B962D9CD42, which is from service Strafkartei Website1 O You now have 171 offensive points scorebot > C reportflag(2,"F99CF4122032DCF1BFC0419EAE8430C9E6B3BA27BAF20C495ABE0BD0A4571F41") O O You successfully reported flag F99CF4122032DCF1BFC0419EAE8430C9E6B3BA27BAF20C495ABE0BD0A4571F41, which is from service Strafkartei Website2 O You now have 172 offensive points scorebot > scorebot > scorebot > scorebot > C reportflag(2,"911B18002E7B94DC01B376628475524BF1B2BB1A4066785447F177098CCA7E1D") O O You successfully reported flag 911B18002E7B94DC01B376628475524BF1B2BB1A4066785447F177098CCA7E1D, which is from service Strafkartei Website1 O You now have 173 offensive points scorebot > C reportflag(2,"6091FBEB1D5C8D4D4FBBE96A0874F01B4FF8B25F513027ADEDE07D4D68341449") O O You successfully reported flag 6091FBEB1D5C8D4D4FBBE96A0874F01B4FF8B25F513027ADEDE07D4D68341449, which is from service Strafkartei Website1 O You now have 174 offensive points scorebot > C reportflag(2,"74E3DFB4208A4D5AA02D435AF4B75535A842102292627078180F35D7FF129477") O O You successfully reported flag 74E3DFB4208A4D5AA02D435AF4B75535A842102292627078180F35D7FF129477, which is from service Strafkartei Website1 O You now have 175 offensive points scorebot > C reportflag(2,"126E4E38D2CF9D3FF89F40545C6FA3C485381EE6B8B1F84CDD1A49FD119D375A")reportflag(2,"B11BF6471C34C00041F92434314B3AAC4CB9F273A8ED187A2634CDB9541EE298") O O Error: ADeLa: function reportflag expects 2 parameters, 3 given! O bye! O Timeout; bye L closing O Welcome, 10.2.0.18 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C reportflag(2,"B11BF6471C34C00041F92434314B3AAC4CB9F273A8ED187A2634CDB9541EE298") O O You successfully reported flag B11BF6471C34C00041F92434314B3AAC4CB9F273A8ED187A2634CDB9541EE298, which is from service Strafkartei Website2 O You now have 176 offensive points scorebot > scorebot > scorebot > scorebot > scorebot > C reportflag(2,"27444E39A413157A9FF9D1534A7A1AAF527D77B48D57D8CED64495A090664CA1") O O You successfully reported flag 27444E39A413157A9FF9D1534A7A1AAF527D77B48D57D8CED64495A090664CA1, which is from service Strafkartei Website1 O You now have 177 offensive points scorebot > C reportflag(2,"7BDE1B2578EB66451C34C0AD860CA2B5FF98E995B3D87B245A9E227D3252F807") O O You successfully reported flag 7BDE1B2578EB66451C34C0AD860CA2B5FF98E995B3D87B245A9E227D3252F807, which is from service Strafkartei Website2 O You now have 178 offensive points scorebot > C reportflag(2,"F74F31EF211B96933E6E38C76304BEA8835318BE0054E5919547FE64BF2F088F") O O You successfully reported flag F74F31EF211B96933E6E38C76304BEA8835318BE0054E5919547FE64BF2F088F, which is from service Strafkartei Website2 O You now have 179 offensive points scorebot > O bye! O Timeout; bye L closing O Welcome, 10.2.0.18 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C reportflag(2,"BEDF3E66597EC8749FD7B04C3A35DC89DFE90B7B6E2197C5A09B7D5B23532749") O O You successfully reported flag BEDF3E66597EC8749FD7B04C3A35DC89DFE90B7B6E2197C5A09B7D5B23532749, which is from service Strafkartei Website1 O You now have 180 offensive points scorebot > C reportflag(2,"8B6228F088F169864801D08D9D130A0CDF546477CDCE2B175B3891EDA45893F6") O O You successfully reported flag 8B6228F088F169864801D08D9D130A0CDF546477CDCE2B175B3891EDA45893F6, which is from service Strafkartei Website1 O You now have 181 offensive points scorebot > C reportflag(2,"6366A3B61ECE4E1EADEC9401560A4E3A6CEB667DAFBF18E72D8B871DA2116648") O O You successfully reported flag 6366A3B61ECE4E1EADEC9401560A4E3A6CEB667DAFBF18E72D8B871DA2116648, which is from service Strafkartei Website1 O You now have 182 offensive points scorebot > C reportflag(2,"C15DBA8DD90A19F825530DD53FCA15A281191E542EF3FF21BFB7EABBE01F244F") O O You successfully reported flag C15DBA8DD90A19F825530DD53FCA15A281191E542EF3FF21BFB7EABBE01F244F, which is from service Strafkartei Website1 O You now have 183 offensive points scorebot > C reportflag(2,"7C89992CF241CEF621F794DD156E1BC03786978B26993B7BF141D994AC35F626") O O You successfully reported flag 7C89992CF241CEF621F794DD156E1BC03786978B26993B7BF141D994AC35F626, which is from service Strafkartei Website2 O You now have 184 offensive points scorebot > C reportflag(2,"3820A5185A2DE8994F18F1D65A8693E3209C9DDAF2138BD22476974252727072") O O You successfully reported flag 3820A5185A2DE8994F18F1D65A8693E3209C9DDAF2138BD22476974252727072, which is from service Strafkartei Website2 O You now have 185 offensive points scorebot > C reportflag(2,"0FE422DB8E460298A126D0300A37600949B9E4EBE71D6C4183888B5431E64B99") O O You successfully reported flag 0FE422DB8E460298A126D0300A37600949B9E4EBE71D6C4183888B5431E64B99, which is from service Strafkartei Website2 O You now have 186 offensive points scorebot > C reportflag(2,"15DCF6EFDE25DD2997D20B72E0298F81E84D878AD29E9604809CBB430F98E0CA") O O You successfully reported flag 15DCF6EFDE25DD2997D20B72E0298F81E84D878AD29E9604809CBB430F98E0CA, which is from service Strafkartei Website2 O You now have 187 offensive points scorebot > C reportflag(2,"C311B475314013F5B8AFDDE64A49A78BD90E522651108521D4647A1AA3A686E7") O O You successfully reported flag C311B475314013F5B8AFDDE64A49A78BD90E522651108521D4647A1AA3A686E7, which is from service Strafkartei Website2 O You now have 188 offensive points scorebot > scorebot > scorebot > C reportflag(2,"3820A5185A2DE8994F18F1D65A8693E3209C9DDAF2138BD22476974252727072") O O This flag is not valid anymore! scorebot > C reportflag(2,"0FE422DB8E460298A126D0300A37600949B9E4EBE71D6C4183888B5431E64B99") O O This flag is not valid anymore! scorebot > C reportflag(2,"15DCF6EFDE25DD2997D20B72E0298F81E84D878AD29E9604809CBB430F98E0CA") O O This flag is not valid anymore! scorebot > C reportflag(2,"C311B475314013F5B8AFDDE64A49A78BD90E522651108521D4647A1AA3A686E7") O O This flag is not valid anymore! scorebot > C reportflag(2,"438466ADCD9AFC89CAD59243A5CA0ABA7F024450F85548AFBE0101A9D45EDFCE") O O You successfully reported flag 438466ADCD9AFC89CAD59243A5CA0ABA7F024450F85548AFBE0101A9D45EDFCE, which is from service Strafkartei Website1 O You now have 189 offensive points scorebot > C reportflag(2,"2B5F8AECE323DBA6FDB18EC0C82391E4A98994CACE60AE5B5B49C7C029E6B88A") O O You successfully reported flag 2B5F8AECE323DBA6FDB18EC0C82391E4A98994CACE60AE5B5B49C7C029E6B88A, which is from service Strafkartei Website1 O You now have 190 offensive points scorebot > C reportflag(2,"E0CD8B035505B07AE0854F7D5D3957A0A7EA270E0607DA50CC970E583DDCB09C") O O You successfully reported flag E0CD8B035505B07AE0854F7D5D3957A0A7EA270E0607DA50CC970E583DDCB09C, which is from service Strafkartei Website1 O You now have 191 offensive points scorebot > C reportflag(2,"6AAAEFB434AE069DDA2423550B35402A07E257E10AF55397C9BB0E86A418AEC7") O O You successfully reported flag 6AAAEFB434AE069DDA2423550B35402A07E257E10AF55397C9BB0E86A418AEC7, which is from service Strafkartei Website1 O You now have 192 offensive points scorebot > C reportflag(2,"F9F99864E24375F2177C267EF1503333B765F1D9D71E74B10FF6FFCDA396E7C4") O O You successfully reported flag F9F99864E24375F2177C267EF1503333B765F1D9D71E74B10FF6FFCDA396E7C4, which is from service Strafkartei Website1 O You now have 193 offensive points scorebot > scorebot > scorebot > C scorebot > C reportflag(2,"438466ADCD9AFC89CAD59243A5CA0ABA7F024450F85548AFBE0101A9D45EDFCE") O O This flag is not valid anymore! O bye! O Timeout; bye L closing O Welcome, 10.2.0.18 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C reportflag(2,"438466ADCD9AFC89CAD59243A5CA0ABA7F024450F85548AFBE0101A9D45EDFCE") O O This flag is not valid anymore! scorebot > C reportflag(2,"2B5F8AECE323DBA6FDB18EC0C82391E4A98994CACE60AE5B5B49C7C029E6B88A") O O This flag is not valid anymore! scorebot > C reportflag(2,"E0CD8B035505B07AE0854F7D5D3957A0A7EA270E0607DA50CC970E583DDCB09C") O O This flag is not valid anymore! scorebot > C reportflag(2,"6AAAEFB434AE069DDA2423550B35402A07E257E10AF55397C9BB0E86A418AEC7") O O This flag is not valid anymore! scorebot > C reportflag(2,"F9F99864E24375F2177C267EF1503333B765F1D9D71E74B10FF6FFCDA396E7C4") O O This flag is not valid anymore! scorebot > C reportflag(2,"73F96CAA8065B8C40B116F26EAA204BB186662EA5964FD16F847C81B1BD3BDB1") O O You successfully reported flag 73F96CAA8065B8C40B116F26EAA204BB186662EA5964FD16F847C81B1BD3BDB1, which is from service Strafkartei Website2 O You now have 194 offensive points scorebot > C reportflag(2,"E86AF80D598FFA2D9EF5D702171ADE344873F2D1B13B6076AD94047397DBCB37") O O You successfully reported flag E86AF80D598FFA2D9EF5D702171ADE344873F2D1B13B6076AD94047397DBCB37, which is from service Strafkartei Website2 O You now have 195 offensive points scorebot > C reportflag(2,"C329AD0D5DFF9D0103055F7C5DEA5E852F9C749D756C383A75C6E0FFABA5DB5F") O O You successfully reported flag C329AD0D5DFF9D0103055F7C5DEA5E852F9C749D756C383A75C6E0FFABA5DB5F, which is from service Strafkartei Website2 O You now have 196 offensive points scorebot > C reportflag(2,"0EFED5DBC2AD6EECCE9B0CD9F8F97D4C37AD60EC93D8C40317DAC71EE138E7F7") O O You successfully reported flag 0EFED5DBC2AD6EECCE9B0CD9F8F97D4C37AD60EC93D8C40317DAC71EE138E7F7, which is from service Strafkartei Website2 O You now have 197 offensive points scorebot > scorebot > scorebot > C reportflag(2,"2B5F8AECE323DBA6FDB18EC0C82391E4A98994CACE60AE5B5B49C7C029E6B88A") O O This flag is not valid anymore! scorebot > C reportflag(2,"E0CD8B035505B07AE0854F7D5D3957A0A7EA270E0607DA50CC970E583DDCB09C") O O This flag is not valid anymore! scorebot > C reportflag(2,"6AAAEFB434AE069DDA2423550B35402A07E257E10AF55397C9BB0E86A418AEC7") O O This flag is not valid anymore! scorebot > C reportflag(2,"F9F99864E24375F2177C267EF1503333B765F1D9D71E74B10FF6FFCDA396E7C4") O O This flag is not valid anymore! scorebot > C reportflag(2,"73F96CAA8065B8C40B116F26EAA204BB186662EA5964FD16F847C81B1BD3BDB1") O O This flag is not valid anymore! scorebot > C reportflag(2,"E86AF80D598FFA2D9EF5D702171ADE344873F2D1B13B6076AD94047397DBCB37") O O This flag is not valid anymore! scorebot > C reportflag(2,"C329AD0D5DFF9D0103055F7C5DEA5E852F9C749D756C383A75C6E0FFABA5DB5F") O O This flag is not valid anymore! scorebot > C reportflag(2,"0EFED5DBC2AD6EECCE9B0CD9F8F97D4C37AD60EC93D8C40317DAC71EE138E7F7") O O This flag is not valid anymore! scorebot > C reportflag(2,"5EAD8D589898557B06877DF91FF299538DEDB4437F9E23D7E0B58DDCB5B719C9") O O You successfully reported flag 5EAD8D589898557B06877DF91FF299538DEDB4437F9E23D7E0B58DDCB5B719C9, which is from service Strafkartei Website1 O You now have 198 offensive points scorebot > scorebot > C scorebot > C reportflag(2,"0EFED5DBC2AD6EECCE9B0CD9F8F97D4C37AD60EC93D8C40317DAC71EE138E7F7") O O This flag is not valid anymore! scorebot > C reportflag(2,"5EAD8D589898557B06877DF91FF299538DEDB4437F9E23D7E0B58DDCB5B719C9") O O This flag is not valid anymore! scorebot > C reportflag(2,"8FF16298E17136FBD953E5A118939695BF4B677EA7E28BBB826534F50A5631E1") O O You successfully reported flag 8FF16298E17136FBD953E5A118939695BF4B677EA7E28BBB826534F50A5631E1, which is from service Strafkartei Website1 O You now have 199 offensive points scorebot > C reportflag(2,"2810B3221D1FBF990818D2E3567E3EC66B15F55E092D0D0FBC46DC5B03A75651") O O You successfully reported flag 2810B3221D1FBF990818D2E3567E3EC66B15F55E092D0D0FBC46DC5B03A75651, which is from service Strafkartei Website1 O You now have 200 offensive points scorebot > C reportflag(2,"E5DF3EFAFF5FFF3ACE548B9EC658603D109B6A4DF46016215C5F437FB8ED81D4") O O You successfully reported flag E5DF3EFAFF5FFF3ACE548B9EC658603D109B6A4DF46016215C5F437FB8ED81D4, which is from service Strafkartei Website1 O You now have 201 offensive points scorebot > C reportflag(2,"B65C605BD107011218E8E2515DFC7CAEEF89542A519476261FB22B623589F6C9") O O You successfully reported flag B65C605BD107011218E8E2515DFC7CAEEF89542A519476261FB22B623589F6C9, which is from service Strafkartei Website2 O You now have 202 offensive points scorebot > C reportflag(2,"09A087D669FE5BBEFF154DDFB2643947886D6A70C55C9D8D5B8B6A8D97117DFC") O O You successfully reported flag 09A087D669FE5BBEFF154DDFB2643947886D6A70C55C9D8D5B8B6A8D97117DFC, which is from service Strafkartei Website2 O You now have 203 offensive points scorebot > C reportflag(2,"3CD07E8D7A646684248C978E5128B95A59BBE6F55B5EBC155F813EC66D3EE075") O O You successfully reported flag 3CD07E8D7A646684248C978E5128B95A59BBE6F55B5EBC155F813EC66D3EE075, which is from service Strafkartei Website2 O You now have 204 offensive points scorebot > C reportflag(2,"E7FB5A088B9D31402B38837249519D205C5F9F2D544B41E80223E9DD0EA87011") O O You successfully reported flag E7FB5A088B9D31402B38837249519D205C5F9F2D544B41E80223E9DD0EA87011, which is from service Strafkartei Website2 O You now have 205 offensive points scorebot > scorebot > O bye! O Timeout; bye L closing O Welcome, 10.2.0.18 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C reportflag(2,"09A087D669FE5BBEFF154DDFB2643947886D6A70C55C9D8D5B8B6A8D97117DFC") O O This flag is not valid anymore! scorebot > C reportflag(2,"3CD07E8D7A646684248C978E5128B95A59BBE6F55B5EBC155F813EC66D3EE075") O O This flag is not valid anymore! scorebot > C reportflag(2,"E7FB5A088B9D31402B38837249519D205C5F9F2D544B41E80223E9DD0EA87011") O O This flag is not valid anymore! scorebot > C reportflag(2,"2AC59C5E109B6552AB0BF869487CA1721371C28FC721B81EB37508E972FD0376") O O You successfully reported flag 2AC59C5E109B6552AB0BF869487CA1721371C28FC721B81EB37508E972FD0376, which is from service Strafkartei Website1 O You now have 206 offensive points scorebot > C scorebot > scorebot > O Welcome, 10.2.0.3 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C reportadvisory(2, readtext()) O Max 100 lines; max 256 chars per line O Write some text, finish with a single dot on a separate line (^\.$) 0> C (remove this and the next line) 1> C (be sure to read ~/.ctf_advreadme before reporting advisories.) 2> C 3> C New advisory by : Team 2 4> C Affected service(s) : STDK Backend 5> C Severity [lmh] : h 6> C 7> C ===== Problem ===== 8> C 9> C The Flags stored by the server all run by the name of "John Doe". 10> C Due to the open nature of the service, this allows any user to 11> C read any flag unless some sort of access restriction is applied, 12> C by simply connecting to the service (port 5550) and issuing a 13> C "SEARCH John" statement (or similar). He will then be provided 14> C with a nicely formatted list of all flags on the server. 15> C 16> C ===== Impact ===== 17> C 18> C Complete flag disclosure of this service. 19> C 20> C ===== Fix ===== 21> C 22> C Protect the flags, by (for example) allowing flags to be read 23> C only if the SEARCH command came from the same host as the 24> C ADD command used to input this dataset. 25> C . O Your advisory has been reported. scorebot > C quit() O O bye! O Timeout; bye L closing O Welcome, 10.2.0.3 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C quit() O O bye! O Timeout; bye L closing O Welcome, 10.2.0.3 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C reportadvisory(2, readtext()) O Max 100 lines; max 256 chars per line O Write some text, finish with a single dot on a separate line (^\.$) 0> C New advisory by : kA 1> C Affected service(s): 2> C Severity [lmh] : 3> C 4> C 5> C ===== Problem ===== 6> C 7> C ===== Impact ===== 8> C 9> C ===== Fix ===== 10> C 11> C 12> C 13> C . O Your advisory has been reported. scorebot > C quit() O O bye! O Timeout; bye L closing O Welcome, 10.2.0.3 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C reportadvisory(2, readtext()) O Max 100 lines; max 256 chars per line O Write some text, finish with a single dot on a separate line (^\.$) 0> C New advisory by : kA 1> C Affected service(s): mailserver 2> C Severity [lmh] : spam 3> C 4> C 5> C ===== Problem ===== 6> C 7> C OpenRelay. The server acts as an open relay. 8> C 9> C ===== Impact ===== 10> C 11> C Everyone is able to queue messages for every adress. 12> C 13> C ===== Fix ===== 14> C 15> C The server should match the recipient's adress to a list of local users. (Or should only allow local users to send mails) 16> C 17> C 18> C . O Your advisory has been reported. scorebot > C quit() O O bye! O Timeout; bye L closing O Welcome, 10.2.0.3 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C reportadvisory(2, readtext()) O Max 100 lines; max 256 chars per line O Write some text, finish with a single dot on a separate line (^\.$) 0> C (remove this and the next line) 1> C (be sure to read ~/.ctf_advreadme before reporting advisories.) 2> C 3> C New advisory by : Team kA (formerly known as eof, formerly known as HackBBS) 4> C Affected service(s) : STK frontend 5> C Severity [lmh] : m 6> C 7> C ===== Problem ===== 8> C 9> C PHP-Based web-authentication, though required when logging into the service, 10> C is not re-checked in calls of further php files during a session. 11> C 12> C Therefore the seperate functions, like ADD or SEARCH can be called directly, 13> C circumventing authentication, for example by accessing: 14> C 15> C http://ip.of.host/stk/result.php?lastname=Doe 16> C 17> C ===== Impact ===== 18> C 19> C This way, all entries of John Doe (and therefore all flags) can be read without 20> C authentication 21> C 22> C ===== Fix ===== 23> C 24> C Implement proper login / password - checking in all .php files 25> C . O Your advisory has been reported. scorebot > C quit() O O bye! O Timeout; bye L closing O Welcome, 10.2.0.3 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C reportadvisory(2, readtext()) O Max 100 lines; max 256 chars per line O Write some text, finish with a single dot on a separate line (^\.$) 0> C New advisory by : kA 1> C Affected service(s): einwohnermeldeamt 2> C Severity [lmh] : hi 3> C 4> C 5> C ===== Problem ===== 6> C 7> C The fork doesn't close the connection after answering it. The socket remains in 8> C state "CLOSE_WAIT". 9> C 10> C ===== Impact ===== 11> C 12> C The programm will open new sockets until the maximum number of sockets 13> C is open, then it will crash. 14> C 15> C ===== Fix ===== 16> C in einwohnermeldeamt.c: 17> C add a "close(c);" after line 35: 18> C 19> C for(;;) 20> C { 21> C if((c = accept(s, (struct sockaddr *)&ca,&addrlen))==-1) 22> C return -1; 23> C 24> C pid = fork(); 25> C if(pid == 0) 26> C serve(c); 27> C else if(pid < 0) 28> C return -1; 29> C close (c); 30> C } 31> C 32> C 33> C 34> C . O Your advisory has been reported. scorebot > C quit() O O bye! O Timeout; bye L closing O Welcome, 10.2.0.3 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C reportadvisory(2, readtext()) O Max 100 lines; max 256 chars per line O Write some text, finish with a single dot on a separate line (^\.$) 0> C New advisory by : kA 1> C Affected service(s): einwohnermeldeamt 2> C Severity [lmh] : high 3> C 4> C 5> C ===== Problem ===== 6> C 7> C After a request is served, the fork doesn't exit. 8> C 9> C ===== Impact ===== 10> C 11> C There will be zombie processes until the mem is full. 12> C 13> C ===== Fix ===== 14> C 15> C Please alter your for(;;) in einwohnermeldeamt.c to: 16> C 17> C for(;;) 18> C { 19> C if((c = accept(s, (struct sockaddr *)&ca,&addrlen))==-1) 20> C return -1; 21> C 22> C pid = fork(); 23> C if(pid == 0){ 24> C serve(c); 25> C exit(0); 26> C }else if(pid < 0) 27> C return -1; 28> C close (c); 29> C } 30> C 31> C (add a exit(0) near line 33) 32> C 33> C . O Your advisory has been reported. scorebot > C quit() O O bye! O Timeout; bye L closing O Welcome, 10.2.0.3 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C quit() O O bye! O Timeout; bye L closing O Welcome, 10.2.0.3 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C reportadvisory(2, readtext()) O Max 100 lines; max 256 chars per line O Write some text, finish with a single dot on a separate line (^\.$) 0> C New advisory by : kA 1> C Affected service(s) : Einwohnermeldeamt 2> C Severity [lmh] : m 3> C 4> C ===== Problem ===== 5> C 6> C Bounds checking in the function myreadline() (file helper.c) is 7> C impoperly implemented. Hence, a buffer overrun is possible, leading 8> C to a possible heap overflow exploit. 9> C 10> C (technical details: c is initiased as some value on the stack, thus 11> C probably a large number. It will therefore *never* be 1023) 12> C 13> C ===== Impact ===== 14> C 15> C Heap Overflow, possible arbitrary code execution. 16> C 17> C ===== Fix ===== 18> C 19> C properly count input bytes ( the code (c != ret + 1023) would be correct) 20> C . O Your advisory has been reported. scorebot > C quit() O O bye! O Timeout; bye L closing O Welcome, 10.2.0.3 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C reportadvisory(2, readtext()) O Max 100 lines; max 256 chars per line O Write some text, finish with a single dot on a separate line (^\.$) 0> C New advisory by : kA 1> C Affected service(s): mailserver / retserver 2> C Severity [lmh] : h 3> C 4> C 5> C 6> C ===== Problem ===== 7> C buf is limited to 1024 bytes, but no input check is done. So the client is able to trigger a buffer overflow by sending > 1024 bytes. 8> C 9> C ===== Impact ===== 10> C 11> C Buffer Overflow. 12> C 13> C ===== Fix ===== 14> C 15> C Count the bytes send, break the connection after 1023 bytes. 16> C 17> C 18> C 19> C 20> C . O Your advisory has been reported. scorebot > C quit() O O bye! O Timeout; bye L closing O Welcome, 10.2.0.43 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C quit O O Enter quit() to quit! scorebot > scorebot > scorebot > scorebot > scorebot > O bye! O Timeout; bye L closing O Welcome, 10.2.0.43 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C quit O O Enter quit() to quit! scorebot > C scorebot > O Error: EOF scorebot > O Error: EOF scorebot > O Error: EOF scorebot > O Error: EOF scorebot > O Error: EOF O Too many exceptions O bye! O Timeout; bye L closing O Welcome, 10.3.0.3 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C quit() O O bye! O Timeout; bye L closing O Welcome, 10.3.0.3 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C quit() O O bye! O Timeout; bye L closing O Welcome, 10.3.0.3 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M n/a n/a n/a n/a 10.1.0.3 2 HackBS n/a n/a n/a n/a 10.2.0.3 3 45564F n/a n/a n/a n/a 10.3.0.3 4 !eof n/a n/a n/a n/a 10.4.0.3 scorebot > C quit() O O bye! O Timeout; bye L closing O Welcome, 10.3.0.3 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C quit() O O bye! O Timeout; bye L closing O Welcome, 10.3.0.3 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C nab O scorebot > C man O O Which manual page do you want? man.functions Scoring bot functions man.reportadvisory Advisories must contain exact sourc... man.admin Admin functions man.service Service handling functions man.team Team handling functions man.reportflag Flags are 32 byte values represente... scorebot > C man.admin O O Welcome to the online documentation system ----------------------------------------------------------------- Help on admin Admin functions ----------------------------------------------------------------- void ladv() list all pending advisories void reject(int advisoryID, String comment) void accept(int advisoryID, int pointsToAward, String comment) void delete(int advisoryID) void inchp(int teamID, int pointsToAward) void dechp(int teamID, int pointsToTake) void lt() list all teams void ls() list all services Team createteam(String teamName) create and return new team Team getteam(int teamID) return team #teamID Service createservice( String serviceName) create and ret. new service Service getservice(int serviceID) return service #serviceID Debugging/Benchmarking functions ----------------------------------------------------------------- String genflags(int numFlags, String separator) DO NOT USE scorebot > C ls O scorebot > C ls O scorebot > C exit O scorebot > C . O O Error: String index out of range: 1 scorebot > C . O O Error: String index out of range: 1 scorebot > C %n O scorebot > C ÿôÿý O scorebot > C ÿíÿý O scorebot > C ÿíÿý O scorebot > C scorebot > C ÿíÿý O scorebot > C ÿíÿý O scorebot > C scorebot > O Error: EOF scorebot > O Error: EOF scorebot > O Error: EOF scorebot > O Error: EOF scorebot > O Error: EOF O Too many exceptions O bye! O Timeout; bye L closing O Welcome, 10.3.0.3 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C quit() O O bye! O Timeout; bye L closing O Welcome, 10.3.0.3 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C quit() O O bye! O Timeout; bye L closing O Welcome, 10.3.0.3 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M n/a n/a n/a n/a 10.1.0.3 2 eof n/a n/a n/a n/a 10.2.0.3 3 45564F n/a n/a n/a n/a 10.3.0.3 4 HackBS n/a n/a n/a n/a 10.4.0.3 scorebot > C quit() O O bye! O Timeout; bye L closing O Welcome, 10.3.0.3 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C reportadvisory(3, readtext()) O Max 100 lines; max 256 chars per line O Write some text, finish with a single dot on a separate line (^\.$) 0> C New advisory by : 45564F4C5554494F4E 1> C Affected service(s): stk 2> C Severity [lmh] : 3> C 4> C 5> C ===== Problem ===== 6> C Cross site Scripting 7> C ===== Impact ===== 8> C $user = $_REQUEST["user"]; 9> C $passwd = $_REQUEST["passwd"]; 10> C Because of the above lines the links in the following lines could be manipulated 11> C 12> C echo "ADD an entry
\n"; 13> C echo "SEARCH for entries
\n"; 14> C 15> C ===== Fix ====== 16> C Use htmlspecialchars: 17> C $user = htmlspecialchars($_REQUEST["user"]); 18> C $passwd = htmlspecialchars($_REQUEST["passwd"]); 19> C 20> C 21> C . O Your advisory has been reported. scorebot > C quit() O O bye! O Timeout; bye L closing O Welcome, 10.3.0.3 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M n/a n/a n/a n/a 10.1.0.3 2 eof n/a n/a n/a n/a 10.2.0.3 3 45564F n/a n/a n/a n/a 10.3.0.3 4 HackBS n/a n/a n/a n/a 10.4.0.3 scorebot > C quit() O O bye! O Timeout; bye L closing O Welcome, 10.3.0.3 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C reportflag( 3 ,"E3CC390B9D81A78280CC1BC98423C970FC1C852FF2FFE8EF8FEC5E4") O O Flag "E3CC390B9D81A78280CC1BC98423C970FC1C852FF2FFE8EF8FEC5E4" does not exist! scorebot > C quit() O O bye! O Timeout; bye L closing O Welcome, 10.3.0.3 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C quit() O O bye! O Timeout; bye L closing O Welcome, 10.3.0.3 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C quit() O O bye! O Timeout; bye L closing O Welcome, 10.3.0.3 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C reportflag( 3 ,"24D2A833C640D26CE266A95032B1982DE01B3BC8E68330AA76B749030877BF64") O O Flag "24D2A833C640D26CE266A95032B1982DE01B3BC8E68330AA76B749030877BF64" does not exist! scorebot > C quit() O O bye! O Timeout; bye L closing O Welcome, 10.3.0.3 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C quit() O O bye! O Timeout; bye L closing O Welcome, 10.3.0.3 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C quit() O O bye! O Timeout; bye L closing O Welcome, 10.3.0.3 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C reportflag(3, "24D2A833C640D26CE266A95032B1982DE01B3BC8E68330AA76B749030877BF64") O O Flag "24D2A833C640D26CE266A95032B1982DE01B3BC8E68330AA76B749030877BF64" does not exist! scorebot > C reportflag(3, "AC39A33B1C3B79DC1C4BC481F5809C119344B848D7944244926265EB29F7073C") O O Flag "AC39A33B1C3B79DC1C4BC481F5809C119344B848D7944244926265EB29F7073C" does not exist! scorebot > C reportflag(3, "F6CEA6DB67F18994CB3589971E1B93B1F029797660B2EFCB313388DE71607A42") O O Flag "F6CEA6DB67F18994CB3589971E1B93B1F029797660B2EFCB313388DE71607A42" does not exist! scorebot > C reportflag(3, "97B4374833F779C860E0334D7C6FCE2DBD2039379F2523A00B077ADE7BF8D5BD") O O Flag "97B4374833F779C860E0334D7C6FCE2DBD2039379F2523A00B077ADE7BF8D5BD" does not exist! scorebot > C reportflag(3, "569BB973FD45E8D56CA51D6E253DCE3A5BD0833DAFB2145901A10B21C4F48189") O O This flag is not valid anymore! scorebot > C reportflag(3, "5A8FFE0A9D039DFF2455D797128186265E20A5C160411271995C420BB1FA0B62") O O This flag is not valid anymore! scorebot > C quit() O O bye! O Timeout; bye L closing O Welcome, 10.3.0.3 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C quit() O O bye! O Timeout; bye L closing O Welcome, 10.3.0.3 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C man.reportflag O O Welcome to the online documentation system ----------------------------------------------------------------- Help on reportflag Flags are 32 byte values represented by 64 byte hex strings. The function to report flags is boolean reportflag(int teamID, string flagID) Returns true if the flag was credited, otherwise false. If you are team #4 and you believe you found a flag, say, 1337, you'd enter: reportflag(4, "1337") done! scorebot > C reportflag(3, "08995190CBB5486FF4F33B34E036051B3CCC0FE87CFB2A5A74FEE1EA7C604D52") O O This flag is not valid anymore! scorebot > C reportflag(3, "4B7E7E6D283A941949FAC837A56DFFEC94FEEF68E2C942CD9614262DE6F7D5A4") O O This flag is not valid anymore! scorebot > C reportflag(3, "29FA170462D2A7823D1CC003585B88F75CFEAA5128E4FA2B743BA29E3A76046F") O O This flag is not valid anymore! scorebot > C reportflag(3, "24D2A833C640D26CE266A95032B1982DE01B3BC8E68330AA76B749030877BF64") O O Flag "24D2A833C640D26CE266A95032B1982DE01B3BC8E68330AA76B749030877BF64" does not exist! scorebot > C reportflag(3, "AC39A33B1C3B79DC1C4BC481F5809C119344B848D7944244926265EB29F7073C") O O Flag "AC39A33B1C3B79DC1C4BC481F5809C119344B848D7944244926265EB29F7073C" does not exist! scorebot > C reportflag(3, "504772B9CF75E1B4761E16668E5FFF94AC05403607434364EAE8A75E23F99A27") O O This flag is not valid anymore! scorebot > C quit O O Enter quit() to quit! scorebot > C quit() O O bye! O Timeout; bye L closing O Welcome, 10.3.0.3 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C quit() O O bye! O Timeout; bye L closing O Welcome, 10.3.0.3 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M n/a n/a n/a n/a 10.1.0.3 2 kA n/a n/a n/a n/a 10.2.0.3 3 45564F n/a n/a n/a n/a 10.3.0.3 4 HackBS n/a n/a n/a n/a 10.4.0.3 scorebot > C quit() O O bye! O Timeout; bye L closing O Welcome, 10.3.0.3 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C quit() O O bye! O Timeout; bye L closing O Welcome, 10.3.0.3 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C quit() O O bye! O Timeout; bye L closing O Welcome, 10.3.0.3 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C reportadvisory(3, readtext()) O Max 100 lines; max 256 chars per line O Write some text, finish with a single dot on a separate line (^\.$) 0> C New advisory by : 45564F4C5554494F4E 1> C Affected service(s): Einwohnermeldeamt 2> C Severity [lmh] : high 3> C 4> C 5> C ===== Problem ===== 6> C Names in the db file are all the same 7> C (std.db) 8> C 9> C ===== Impact ===== 10> C can be shown via the getall cmd and you can get all the flags placed there 11> C 12> C ===== Fix ===== 13> C 14> C dont know :( 15> C 16> C . O Your advisory has been reported. scorebot > C quit() O O bye! O Timeout; bye L closing O Welcome, 10.3.0.3 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C quit() O O bye! O Timeout; bye L closing O Welcome, 10.3.0.3 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C reportadvisory(3, readtext()) O Max 100 lines; max 256 chars per line O Write some text, finish with a single dot on a separate line (^\.$) 0> C New advisory by : Evolution 1> C Affected service(s): stk 2> C Severity [lmh] : medium 3> C 4> C 5> C 6> C ===== PROBLEM ===== 7> C Cross Site Scripting 8> C 9> C ===== IMPACT ===== 10> C File: search.php 11> C Line: 11-12 12> C Code: 13> C $user = $_REQUEST["user"]; 14> C $passwd = $_REQUEST["passwd"]; 15> C 16> C 17> C File: add.php 18> C Line: 11-12 19> C Code: 20> C $user = $_REQUEST["user"]; 21> C $passwd = $_REQUEST["passwd"]; 22> C 23> C 24> C File: index.php 25> C Line: 10-11 26> C Code: 27> C $user = $_REQUEST["user"]; 28> C $passwd = $_REQUEST["passwd"]; 29> C 30> C 31> C 32> C File: save_add.php 33> C Line: 13-14 34> C Code: 35> C $user = $_REQUEST["user"]; 36> C $passwd = $_REQUEST["passwd"]; 37> C 38> C 39> C 40> C File: result.php 41> C Line: 13-14 42> C Code: 43> C $user = $_REQUEST["user"]; 44> C $passwd = $_REQUEST["passwd"]; 45> C 46> C 47> C 48> C ====== FIX ====== 49> C $user = htmlspecialchars($_REQUEST["user"]); 50> C $passwd = htmlspecialchars($_REQUEST["passwd"]); 51> C 52> C 53> C 54> C . O Your advisory has been reported. scorebot > C quit() O O bye! O Timeout; bye L closing O Welcome, 10.3.0.3 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C reportflag(3, "CB1AF437D4C1033C1FC6841C767145F842A81906451EB19714CA27C7B8E09C56") O O Flag "CB1AF437D4C1033C1FC6841C767145F842A81906451EB19714CA27C7B8E09C56" does not exist! scorebot > C reportflag(3, "06099E21753C8827CDC7DEA541B977CEB1E4690D807A47F9BBE1C178E1FBA67F") O O This flag is not valid anymore! scorebot > C reportflag(3, "45411BE4537209997EC439B360C4C3089ED91FB9419844DEB847C9C1DE280A6D") O O Flag "45411BE4537209997EC439B360C4C3089ED91FB9419844DEB847C9C1DE280A6D" does not exist! scorebot > C quit() O O bye! O Timeout; bye L closing O Welcome, 10.3.0.3 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C reportflag(3, "818FFEFD4F97A4B4E98F5494293E0A46848E5C65999951A1EB494F14CD1F4FD8") O O Flag "818FFEFD4F97A4B4E98F5494293E0A46848E5C65999951A1EB494F14CD1F4FD8" does not exist! scorebot > C quit() O O bye! O Timeout; bye L closing O Welcome, 10.3.0.3 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C quit() O O bye! O Timeout; bye L closing O Welcome, 10.3.0.3 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C reportadvisory(3, readtext()) O Max 100 lines; max 256 chars per line O Write some text, finish with a single dot on a separate line (^\.$) 0> C New advisory by : Evolution 1> C Affected service(s): msgboard 2> C Severity [lmh] : high 3> C 4> C 5> C ===== Problem ===== 6> C The user posts a message with a messageid and another user shall able to get 7> C the message with the knowlegde of the id. For this reason message is an associative 8> C Array which means that the variable i is a string comparable to an hash in 9> C another programming language nevertheless it's an array so it is possible to 10> C access it trought number like 0 for the first element. 11> C ===== Impact ===== 12> C Because the user can define the variable to access the array he can use numbers 13> C to get messages without knowing the messageid. 14> C 15> C ===== Fix ===== 16> C There should be an statement to prevent accessing the array throught numbers like 17> C if(int(i) C return; 19> C } 20> C 21> C 22> C . O Your advisory has been reported. scorebot > C quit() O O bye! O Timeout; bye L closing O Welcome, 10.3.0.3 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C quit() O O bye! O Timeout; bye L closing O Welcome, 10.3.0.3 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C reportadvisory(3, readtext()) O Max 100 lines; max 256 chars per line O Write some text, finish with a single dot on a separate line (^\.$) 0> C New advisory by : evolution 1> C Affected service(s): mailserver 2> C Severity [lmh] : hi 3> C 4> C 5> C ===== Problem ===== 6> C There are some mails stored in the mailservers directory including flags. 7> C These mails can be read via the readdata command. 8> C 9> C ===== Impact ===== 10> C attacker can easiely grad flags 11> C 12> C ===== Fix ===== 13> C authentication before reading data 14> C 15> C 16> C . O Your advisory has been reported. scorebot > C quit() O O bye! O Timeout; bye L closing O Welcome, 10.3.0.3 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C reportadvisory(3, readtext()) O Max 100 lines; max 256 chars per line O Write some text, finish with a single dot on a separate line (^\.$) 0> C New advisory by : evolution 1> C Affected service(s): messageboard 2> C Severity [lmh] : high 3> C 4> C 5> C 6> C ===== Problem ===== 7> C The user posts a message with a messageid and another user shall able to get 8> C the message with the knowlegde of the id. For this reason message is an associative 9> C Array which means that the variable i is a string comparable to an hash in 10> C another programming language nevertheless it's an array so it is possible to 11> C access it trought number like 0 for the first element. 12> C ===== Impact ===== 13> C Because the user can define the variable to access the array he can use numbers 14> C to get messages without knowing the messageid. 15> C 16> C ===== Fix ===== 17> C There should be an statement to prevent accessing the array throught numbers like 18> C in line 17 19> C 20> C . O Your advisory has been reported. scorebot > C quit() O O bye! O Timeout; bye L closing O Welcome, 10.3.0.3 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C quit() O O bye! O Timeout; bye L closing O Welcome, 10.3.0.3 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C quit() O O bye! O Timeout; bye L closing O Welcome, 10.3.0.3 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C reportadvisory(3, readtext()) O Max 100 lines; max 256 chars per line O Write some text, finish with a single dot on a separate line (^\.$) 0> C New advisory by : evolution 1> C Affected service(s): einwohner 2> C Severity [lmh] : mid 3> C 4> C 5> C ===== Problem ===== 6> C helper.c char getnewline 7> C memory leak 8> C 9> C ===== Impact ===== 10> C memory leak 11> C 12> C ===== Fix ===== 13> C 14> C kA :D 15> C 16> C 17> C . O Your advisory has been reported. scorebot > C quit() O O bye! O Timeout; bye L closing O Welcome, 10.3.0.3 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C quit() O O bye! O Timeout; bye L closing O Welcome, 10.3.0.3 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C reportadvisory(3, readtext()) O Max 100 lines; max 256 chars per line O Write some text, finish with a single dot on a separate line (^\.$) 0> C New advisory by : evolution 1> C Affected service(s): messageboard 2> C Severity [lmh] : high 3> C 4> C 5> C ===== Problem ===== 6> C Trought the list command you are able to recieve all stored messages 7> C ===== Impact ===== 8> C Send 9> C list $myipadress$ $myport$ 10> C to 1984 where the script 11> C is listening and have a listening netcat at $myipadress$ and $myport$ 12> C to receive the messages 13> C ===== Fix ===== 14> C remove the list command 15> C 16> C 17> C . O Your advisory has been reported. scorebot > C quit() O O bye! O Timeout; bye L closing O Welcome, 10.4.0.2 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C quit() O O bye! O Timeout; bye L closing O Welcome, 10.4.0.2 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M n/a n/a n/a n/a 10.1.0.3 2 kA n/a n/a n/a n/a 10.2.0.3 3 45564F n/a n/a n/a n/a 10.3.0.3 4 HackBS n/a n/a n/a n/a 10.4.0.3 scorebot > C quit() O O bye! O Timeout; bye L closing O Welcome, 10.4.0.3 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C scorebot > C quit() O O bye! O Timeout; bye L closing O Welcome, 10.4.0.3 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C quit() O O bye! O Timeout; bye L closing O Welcome, 127.0.0.1 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C admin() O ÿûPassword: C ecket51!Fifa ÿüO Login successful! scorebot # C ls() O O ID name script interval 1 Webserver webserver.rb 300 2 Messageboard mb.py 300 3 Mailserver smtp.py 300 5 Strafkartei Website1 straf_test_frontend_store.php 300 6 Strafkartei Website2 straf_test_frontend_retrieve.php 300 7 Einwohnermeldeamt emamt.py 300 scorebot # C c=createservice("kannx") O scorebot # C c.setinterval(500) O scorebot # C c.setscript("kannx1.rb") O O Name set scorebot # C ls() O O ID name script interval 1 Webserver webserver.rb 300 2 Messageboard mb.py 300 3 Mailserver smtp.py 300 5 Strafkartei Website1 straf_test_frontend_store.php 300 6 Strafkartei Website2 straf_test_frontend_retrieve.php 300 7 Einwohnermeldeamt emamt.py 300 8 kannx kannx1.rb 500 scorebot # C c.setinterval(300) O scorebot # C ls() O O ID name script interval 1 Webserver webserver.rb 300 2 Messageboard mb.py 300 3 Mailserver smtp.py 300 5 Strafkartei Website1 straf_test_frontend_store.php 300 6 Strafkartei Website2 straf_test_frontend_retrieve.php 300 7 Einwohnermeldeamt emamt.py 300 8 kannx kannx1.rb 300 scorebot # C quit() O O bye! O Timeout; bye L closing O Welcome, 127.0.0.1 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C admin() O ÿûPassword: C ecket51!Fifa ÿüO Login successful! scorebot # C ls() O O ID name script interval 1 Webserver webserver.rb 300 2 Messageboard mb.py 300 3 Mailserver smtp.py 300 5 Strafkartei Website1 straf_test_frontend_store.php 300 6 Strafkartei Website2 straf_test_frontend_retrieve.php 300 7 Einwohnermeldeamt emamt.py 300 8 kannx kannx1.rb 300 scorebot # C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 192.16 0 131 0 0 192.168.1.117 3 g0ph3r 0 62 0 0 192.168.1.121 4 192.16 0 171 0 0 192.168.1.118 5 192.16 0 186 0 0 192.168.1.119 6 192.16 0 175 0 0 192.168.1.120 7 hc 0 21 0 0 192.168.1.122 scorebot # C quit() O O bye! O Timeout; bye L closing O Welcome, 127.0.0.1 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C admin() O ÿûPassword: C qlfkdoek@ ÿüO Login successful! scorebot # C quit() O O bye! O Timeout; bye L closing O Welcome, 127.0.0.1 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C man.reportflag O O Welcome to the online documentation system ----------------------------------------------------------------- Help on reportflag Flags are 32 byte values represented by 64 byte hex strings. The function to report flags is boolean reportflag(int teamID, string flagID) Returns true if the flag was credited, otherwise false. If you are team #4 and you believe you found a flag, say, 1337, you'd enter: reportflag(4, "1337") done! scorebot > C reportflag(1, "fe") O O Flag "fe" does not exist! scorebot > C reportflag(1, "fe") O O Flag "fe" does not exist! scorebot > C reportflag(1, "fe") O O Flag "fe" does not exist! scorebot > C reportflag(1, "fe") O O Flag "fe" does not exist! scorebot > C reportflag(1, "fe") O O Flag "fe" does not exist! scorebot > C scorebot > C quit() O O bye! O Timeout; bye L closing O Welcome, 127.0.0.1 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C admin() O ÿûPassword: C qlfkdoek@ ÿüO Login successful! scorebot # C ls() O O ID name script interval 1 Webserver webserver.rb 300 2 Messageboard mb.py 300 3 Mailserver smtp.py 300 5 Strafkartei Website1 straf_test_frontend_store.php 300 6 Strafkartei Website2 straf_test_frontend_retrieve.php 300 7 Einwohnermeldeamt emamt.py 300 8 kannx kannx1.rb 300 scorebot # C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- scorebot # C createteam("Team Martl").sethost("10.1.0.1") O O Name set scorebot # C t=getteam(1) O scorebot # C t.sethost("10.1.0.3") O O Name set scorebot # scorebot # C t=createteam("HackBSS") O scorebot # C dir() O SQLConnection db = org.hcesperer.utils.SQLConnection@1c9a69... String help = Welcome to the CTF scorebot 0.4.3 Boolean false = false Boolean true = true String copyright = CTF scorebot 0.4.3 String license = CCCamp07 ScoringSyste String quit = Enter quit() to quit! Manual man = Which manual page do you want TeamHandler t = Instance of class Team <2:HackBSS> scorebot # C t O O Instance of class Team <2:HackBSS> scorebot # C t.sethost("10.2.0.3") O O Name set scorebot # C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M 0 0 0 0 10.1.0.3 2 HackBS 0 0 0 0 10.2.0.3 scorebot # C t=createteam("45564F4C5554494F4E") O scorebot # C t.sethost("10.3.0.3") O O Name set scorebot # C t=createteam("!eof") O scorebot # C t.sethost("10.4.0.3") O O Name set scorebot # C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M 0 0 0 0 10.1.0.3 2 HackBS 0 0 0 0 10.2.0.3 3 45564F 0 0 0 0 10.3.0.3 4 !eof 0 0 0 0 10.4.0.3 scorebot # scorebot # scorebot # scorebot # C ls() O O ID name script interval 1 Webserver webserver.rb 300 2 Messageboard mb.py 300 3 Mailserver smtp.py 300 5 Strafkartei Website1 straf_test_frontend_store.php 300 6 Strafkartei Website2 straf_test_frontend_retrieve.php 300 7 Einwohnermeldeamt emamt.py 300 8 kannx kannx1.rb 300 scorebot # C quit() O O bye! O Timeout; bye L closing O Welcome, 127.0.0.1 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C quit() O O bye! O Timeout; bye L closing O Welcome, 127.0.0.1 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M n/a n/a n/a n/a 10.1.0.3 2 HackBS n/a n/a n/a n/a 10.2.0.3 3 45564F n/a n/a n/a n/a 10.3.0.3 4 !eof n/a n/a n/a n/a 10.4.0.3 scorebot > C quit() O O bye! O Timeout; bye L closing O Welcome, 127.0.0.1 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C admin() O ÿûPassword: C qlfkdoek@ ÿüO Login successful! scorebot # C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M 0 0 0 0 10.1.0.3 2 HackBS 0 0 0 0 10.2.0.3 3 45564F 0 0 0 0 10.3.0.3 4 !eof 0 0 0 0 10.4.0.3 scorebot # scorebot # scorebot # C quit()OM O O bye! O Timeout; bye L closing O Welcome, 127.0.0.1 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M n/a n/a n/a n/a 10.1.0.3 2 HackBS n/a n/a n/a n/a 10.2.0.3 3 45564F n/a n/a n/a n/a 10.3.0.3 4 !eof n/a n/a n/a n/a 10.4.0.3 scorebot > scorebot > O Welcome, 127.0.0.1 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C admin() O ÿûPassword: C ÿüO Login incorrect scorebot > C ÿôÿý O scorebot > C scorebot > C scorebot > C scorebot > C scorebot > C scorebot > C scorebot > C scorebot > C scorebot > C scorebot > C scorebot > O Error: EOF scorebot > O Error: EOF scorebot > O Error: EOF scorebot > O Error: EOF scorebot > O Error: EOF O Too many exceptions O bye! O Timeout; bye L closing O Welcome, 127.0.0.1 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C http://darkmonkey.org.uk/4/1/Thought_of_the_day.JPG O O Error: null scorebot > C ÿôÿý O scorebot > C scorebot > C scorebot > O Error: EOF scorebot > O Error: EOF scorebot > O Error: EOF scorebot > O Error: EOF scorebot > O Error: EOF O Too many exceptions O bye! O Timeout; bye L closing O Welcome, 127.0.0.1 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C admin() O ÿûPassword: C qlfkdoek@ ÿüO Login successful! scorebot # C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M 0 0 0 0 10.1.0.3 2 HackBS 0 0 0 0 10.2.0.3 3 45564F 0 0 0 0 10.3.0.3 4 !eof 0 0 0 0 10.4.0.3 scorebot # C ls() O O ID name script interval 1 Webserver webserver.rb 300 2 Messageboard mb.py 300 3 Mailserver smtp.py 300 5 Strafkartei Website1 straf_test_frontend_store.php 300 6 Strafkartei Website2 straf_test_frontend_retrieve.php 300 7 Einwohnermeldeamt emamt.py 300 8 kannx kannx1.rb 300 scorebot # C man O O Which manual page do you want? man.functions Scoring bot functions man.reportadvisory Advisories must contain exact sourc... man.admin Admin functions man.service Service handling functions man.team Team handling functions man.reportflag Flags are 32 byte values represente... scorebot # C man.team O O Welcome to the online documentation system ----------------------------------------------------------------- Help on team Team handling functions class Team data functions ----------------------------------------------------------------- String getname() get name of the team String gethost() get host of vuln team host void setname(String teamName) set name of the team void sethost(String hostName) set vuln hostname of the team void delete() delete team class Team Score functions ----------------------------------------------------------------- int getop() get offensive points int getdp() get defensive points int getap() get adviosry points int gethp() get hacking points void setop(int offensivePoints) set offensive points void setdp(int defensivePoints) set defensive points void setap(int advisoryPoints) set advisory points void sethp(int hackingPoints) set hacking points EXAMPLE ======= t = createteam("the foobars") t.sethost("www.foobar.com") scorebot # C man.service O O Welcome to the online documentation system ----------------------------------------------------------------- Help on service Service handling functions --------------------------------------------------------------- String getname() return name of service void setname(String serviceName) set name of service int getinterval() return checking interval void setinterval(int interval) set checking interval String getscript() return name of check script void setscript(String script) set name of check script void delete() delete service EXAMPLE ======= service = createservice("smtp") service.setscript("smtp.py") service.setinterval(30) scorebot # C ls() O O ID name script interval 1 Webserver webserver.rb 300 2 Messageboard mb.py 300 3 Mailserver smtp.py 300 5 Strafkartei Website1 straf_test_frontend_store.php 300 6 Strafkartei Website2 straf_test_frontend_retrieve.php 300 7 Einwohnermeldeamt emamt.py 300 8 kannx kannx1.rb 300 scorebot # C clear() O scorebot # C man O O Which manual page do you want? man.functions Scoring bot functions man.reportadvisory Advisories must contain exact sourc... man.admin Admin functions man.service Service handling functions man.team Team handling functions man.reportflag Flags are 32 byte values represente... scorebot # C help O O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot # C man.admin O O Welcome to the online documentation system ----------------------------------------------------------------- Help on admin Admin functions ----------------------------------------------------------------- void ladv() list all pending advisories void reject(int advisoryID, String comment) void accept(int advisoryID, int pointsToAward, String comment) void delete(int advisoryID) void inchp(int teamID, int pointsToAward) void dechp(int teamID, int pointsToTake) void lt() list all teams void ls() list all services Team createteam(String teamName) create and return new team Team getteam(int teamID) return team #teamID Service createservice( String serviceName) create and ret. new service Service getservice(int serviceID) return service #serviceID Debugging/Benchmarking functions ----------------------------------------------------------------- String genflags(int numFlags, String separator) DO NOT USE scorebot # C ladv90 O scorebot # C ladv90 O scorebot # C ladv() O scorebot # C quit() O O bye! O Timeout; bye L closing O Welcome, 127.0.0.1 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C license O O CCCamp07 ScoringSystem A CTF scoring bot & flag+advisory reporting system (C) 2007, Hans-Christian Esperer hc at hcespererorg All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: * Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. * Neither the name of the H. Ch. Esperer nor the names of his contributors may be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED POSSIBILITY OF SUCH DAMAGE scorebot > C quit O O Enter quit() to quit! scorebot > C quit() O O bye! O Timeout; bye L closing O Welcome, 127.0.0.1 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C scorebot > C quit() O O bye! O Timeout; bye L closing O Welcome, 127.0.0.1 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C quit() O O bye! O Timeout; bye L closing O Welcome, 127.0.0.1 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C admin() O ÿûPassword: C ecket51!Fifa ÿüO Login incorrect scorebot > C admin() O ÿûPassword: C qlfkdoek@ ÿüO Login successful! scorebot # C scorebot # C ladv90 O scorebot # C ladv() O O 9: [HackBSS] great flaw fix: foo scorebot # C reject(9, "nonsense") O O ok scorebot # scorebot # scorebot # scorebot # scorebot # C ss O scorebot # C quit() O O bye! O Timeout; bye L closing O Welcome, 127.0.0.1 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C quit() O O bye! O Timeout; bye L closing O Welcome, 127.0.0.1 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C admin() O ÿûPassword: C qlfkdoek@ ÿüO Login successful! scorebot # C ladv() O O 10: [HackBSS] The STK backend service runs on port 5550, open to all IPs (0.0.0.0) This is unneccessary, and might pose security risks, as this service need only legally be accessed from the local host. Proposed Fix: in stkd.c, change the line servername.sin_addr.s_addr = htonl (INADDR_ANY); to servername.sin_addr.s_addr = inet_addr("127.0.0.1"); The service will then only listen on the local host. scorebot # C reject(10, "may be so, but this ctf focuses on *application layer* security only.") O O ok scorebot # C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M 0 27 0 0 10.1.0.3 2 HackBS 24 18 0 0 10.2.0.3 3 45564F 0 38 0 0 10.3.0.3 4 !eof 0 0 0 0 10.4.0.3 scorebot # C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M 0 27 0 0 10.1.0.3 2 HackBS 24 18 0 0 10.2.0.3 3 45564F 0 38 0 0 10.3.0.3 4 !eof 0 0 0 0 10.4.0.3 scorebot # C ls() O O ID name script interval 1 Webserver webserver.rb 300 2 Messageboard mb.py 300 3 Mailserver smtp.py 300 5 Strafkartei Website1 straf_test_frontend_store.php 300 6 Strafkartei Website2 straf_test_frontend_retrieve.php 300 7 Einwohnermeldeamt emamt.py 300 8 kannx kannx1.rb 300 scorebot # C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M 0 27 0 0 10.1.0.3 2 HackBS 24 18 0 0 10.2.0.3 3 45564F 0 38 0 0 10.3.0.3 4 !eof 0 0 0 0 10.4.0.3 scorebot # scorebot # C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M 0 30 0 0 10.1.0.3 2 HackBS 24 18 0 0 10.2.0.3 3 45564F 0 41 0 0 10.3.0.3 4 !eof 0 0 0 0 10.4.0.3 scorebot # C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M 0 30 0 0 10.1.0.3 2 HackBS 28 21 0 0 10.2.0.3 3 45564F 0 44 0 0 10.3.0.3 4 !eof 0 0 0 0 10.4.0.3 scorebot # C ladv() O scorebot # C delete(9) O O Advisory deleted scorebot # C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M 0 30 0 0 10.1.0.3 2 HackBS 32 30 0 0 10.2.0.3 3 45564F 0 44 0 0 10.3.0.3 4 !eof 0 0 0 0 10.4.0.3 scorebot # scorebot # scorebot # scorebot # C  O scorebot # C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M 0 31 0 0 10.1.0.3 2 HackBS 34 35 0 0 10.2.0.3 3 45564F 0 50 0 0 10.3.0.3 4 !eof 0 0 0 0 10.4.0.3 scorebot # scorebot # scorebot # C ladv90 O scorebot # C ladv90 O scorebot # C ladv() O O 11: [45564F4C5554494F4E] /usr/services/stk/stk Files: add.php Line: 11-12 File: index.php Line: 10-11 File: save_add.php Line: 13-14 File: search.php Line: 11-12 File: test.php Line: var-ausgabe all XSS scorebot # C reject(11, "please use 'report' or 'reportadvisory' on the vulnbox to report advisories") O O ok scorebot # scorebot # scorebot # C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M 0 38 0 0 10.1.0.3 2 HackBS 39 35 0 0 10.2.0.3 3 45564F 0 56 0 0 10.3.0.3 4 !eof 0 0 0 0 10.4.0.3 scorebot # C ladv() O scorebot # scorebot # C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M 0 39 0 0 10.1.0.3 2 HackBS 46 41 0 0 10.2.0.3 3 45564F 0 56 0 0 10.3.0.3 4 !eof 0 0 0 0 10.4.0.3 scorebot # scorebot # scorebot # C ladv90 O scorebot # C ladv() O scorebot # C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M 0 44 0 0 10.1.0.3 2 HackBS 46 50 0 0 10.2.0.3 3 45564F 0 56 0 0 10.3.0.3 4 !eof 0 0 0 0 10.4.0.3 scorebot # scorebot # scorebot # scorebot # C scorebot # C ladv() O O 12: [Team Martl] few (remove this and the next line) (be sure to read ~/.ctf_advreadme before reporting advisories.) New advisory by : Affected service(s) : Severity [lmh] : ===== Problem ===== ===== Impact ===== ===== Fix ===== scorebot # C delete(12) O O Advisory deleted scorebot # scorebot # C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M 0 52 0 0 10.1.0.3 2 HackBS 51 59 0 0 10.2.0.3 3 45564F 0 63 0 0 10.3.0.3 4 !eof 0 0 0 0 10.4.0.3 scorebot # C ls() O O ID name script interval 1 Webserver webserver.rb 300 2 Messageboard mb.py 300 3 Mailserver smtp.py 300 5 Strafkartei Website1 straf_test_frontend_store.php 300 6 Strafkartei Website2 straf_test_frontend_retrieve.php 300 7 Einwohnermeldeamt emamt.py 300 8 kannx kannx1.rb 300 scorebot # C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M 0 52 0 0 10.1.0.3 2 HackBS 51 59 0 0 10.2.0.3 3 45564F 0 68 0 0 10.3.0.3 4 !eof 0 0 0 0 10.4.0.3 scorebot # scorebot # C lavd90 O scorebot # C ladv() O O 13: [Team Martl] New advisory by : team1 Affected service(s) : stk Severity [lmh] : h ===== Problem ===== /usr/services/stk/stk Files: add.php Line: 11-12 File: index.php Line: 10-11 File: save_add.php Line: 13-14 File: search.php Line: 11-12 File: test.php Line: var-ausgabe all XSS ===== Impact ===== XCSS ===== Fix ===== O 14: [HackBSS] (remove this and the next line) (be sure to read ~/.ctf_advreadme before reporting advisories.) New advisory by : Team 2 Affected service(s) : STDK Backend Severity [lmh] : h ===== Problem ===== The Flags stored by the server all run by the name of "John Doe". Due to the open nature of the service, this allows any user to read any flag unless some sort of access restriction is applied, by simply connecting to the service (port 5550) and issuing a "SEARCH John" statement (or similar). He will then be provided with a nicely formatted list of all flags on the server. ===== Impact ===== Complete flag disclosure of this service. ===== Fix ===== Protect the flags, by (for example) allowing flags to be read only if the SEARCH command came from the same host as the ADD command used to input this dataset. scorebot # scorebot # C accept(14, 3, "correct, and first advisory that matches the specs, so three points from --hc") O O ok scorebot # C ladv90 O scorebot # C ladv() O O 13: [Team Martl] New advisory by : team1 Affected service(s) : stk Severity [lmh] : h ===== Problem ===== /usr/services/stk/stk Files: add.php Line: 11-12 File: index.php Line: 10-11 File: save_add.php Line: 13-14 File: search.php Line: 11-12 File: test.php Line: var-ausgabe all XSS ===== Impact ===== XCSS ===== Fix ===== scorebot # C reject(13, "please read http://ctf.hcesperer.org/eh08ctf/repadv_howto.py") O O ok scorebot # scorebot # C ladv() O scorebot # C ladv() O scorebot # C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M 0 60 0 0 10.1.0.3 2 HackBS 55 67 3 0 10.2.0.3 3 45564F 0 75 0 0 10.3.0.3 4 !eof 0 0 0 0 10.4.0.3 scorebot # C getteam(2).setname("!eof") O O Error: org.postgresql.util.PSQLException: ERROR: duplicate key value violates unique constraint "teams_team_name_key" scorebot # C getteam(2).setname("eof") O O Name set scorebot # C getteam(4).setname("HackBSS") O O Name set scorebot # C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M 0 60 0 0 10.1.0.3 2 eof 60 67 3 0 10.2.0.3 3 45564F 0 76 0 0 10.3.0.3 4 HackBS 0 0 0 0 10.4.0.3 scorebot # scorebot # C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M 0 65 0 0 10.1.0.3 2 eof 60 67 3 0 10.2.0.3 3 45564F 0 76 0 0 10.3.0.3 4 HackBS 0 3 0 0 10.4.0.3 scorebot # scorebot # C ladv90 O scorebot # C ladv() O scorebot # scorebot # scorebot # C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M 0 69 0 0 10.1.0.3 2 eof 75 67 3 0 10.2.0.3 3 45564F 0 80 0 0 10.3.0.3 4 HackBS 0 9 0 0 10.4.0.3 scorebot # C ÿôÿý O scorebot # C scorebot # O Error: EOF scorebot # O Error: EOF scorebot # O Error: EOF scorebot # O Error: EOF scorebot # O Error: EOF O Too many exceptions O bye! O Timeout; bye L closing O Welcome, 127.0.0.1 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C admin() O ÿûPassword: C qlfkdoek@ ÿüO Login successful! scorebot # C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M 0 69 0 0 10.1.0.3 2 eof 75 67 3 0 10.2.0.3 3 45564F 0 80 0 0 10.3.0.3 4 HackBS 0 9 0 0 10.4.0.3 scorebot # C ls() O O ID name script interval 1 Webserver webserver.rb 300 2 Messageboard mb.py 300 3 Mailserver smtp.py 300 5 Strafkartei Website1 straf_test_frontend_store.php 300 6 Strafkartei Website2 straf_test_frontend_retrieve.php 300 7 Einwohnermeldeamt emamt.py 300 8 kannx kannx1.rb 300 scorebot # C t=getteam(4) O scorebot # C man.team O O Welcome to the online documentation system ----------------------------------------------------------------- Help on team Team handling functions class Team data functions ----------------------------------------------------------------- String getname() get name of the team String gethost() get host of vuln team host void setname(String teamName) set name of the team void sethost(String hostName) set vuln hostname of the team void delete() delete team class Team Score functions ----------------------------------------------------------------- int getop() get offensive points int getdp() get defensive points int getap() get adviosry points int gethp() get hacking points void setop(int offensivePoints) set offensive points void setdp(int defensivePoints) set defensive points void setap(int advisoryPoints) set advisory points void sethp(int hackingPoints) set hacking points EXAMPLE ======= t = createteam("the foobars") t.sethost("www.foobar.com") scorebot # C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M 0 69 0 0 10.1.0.3 2 eof 75 67 3 0 10.2.0.3 3 45564F 0 80 0 0 10.3.0.3 4 HackBS 0 9 0 0 10.4.0.3 scorebot # C t.setdp(67) O scorebot # C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M 0 69 0 0 10.1.0.3 2 eof 75 67 3 0 10.2.0.3 3 45564F 0 80 0 0 10.3.0.3 4 HackBS 0 67 0 0 10.4.0.3 scorebot # C quit() O O bye! O Timeout; bye L closing O Welcome, 127.0.0.1 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C admin() O ÿûPassword: C qlfkdoek@ ÿüO Login successful! scorebot # C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M 0 69 0 0 10.1.0.3 2 eof 75 67 3 0 10.2.0.3 3 45564F 0 80 0 0 10.3.0.3 4 HackBS 0 67 0 0 10.4.0.3 scorebot # scorebot # C ls() O O ID name script interval 1 Webserver webserver.rb 300 2 Messageboard mb.py 300 3 Mailserver smtp.py 300 5 Strafkartei Website1 straf_test_frontend_store.php 300 6 Strafkartei Website2 straf_test_frontend_retrieve.php 300 7 Einwohnermeldeamt emamt.py 300 8 kannx kannx1.rb 300 scorebot # scorebot # scorebot # scorebot # C ladv90 O scorebot # C ladv() O O 15: [45564F4C5554494F4E] New advisory by : 45564F4C5554494F4E Affected service(s): stk Severity [lmh] : ===== Problem ===== Cross site Scripting ===== Impact ===== $user = $_REQUEST["user"]; $passwd = $_REQUEST["passwd"]; Because of the above lines the links in the following lines could be manipulated echo "ADD an entry
\n"; echo "SEARCH for entries
\n"; ===== Fix ====== Use htmlspecialchars: $user = htmlspecialchars($_REQUEST["user"]); $passwd = htmlspecialchars($_REQUEST["passwd"]); scorebot # C accept(15, 1, "ack. but you forgot to specify the linenumbers and source file.") O O ok scorebot # C ladv90 O scorebot # C ladv() O scorebot # C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M 0 73 0 1 10.1.0.3 2 eof 84 67 3 1 10.2.0.3 3 45564F 0 86 1 1 10.3.0.3 4 HackBS 0 75 0 1 10.4.0.3 scorebot # C lavd() O scorebot # C ladv() O scorebot # scorebot # C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M 0 80 0 1 10.1.0.3 2 kA 84 67 3 1 10.2.0.3 3 45564F 0 88 1 1 10.3.0.3 4 HackBS 0 81 0 1 10.4.0.3 scorebot # scorebot # C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M 0 80 0 1 10.1.0.3 2 kA 84 67 3 1 10.2.0.3 3 45564F 0 90 1 1 10.3.0.3 4 HackBS 0 81 0 1 10.4.0.3 scorebot # scorebot # C ls() O O ID name script interval 1 Webserver webserver.rb 300 2 Messageboard mb.py 300 3 Mailserver smtp.py 300 5 Strafkartei Website1 straf_test_frontend_store.php 300 6 Strafkartei Website2 straf_test_frontend_retrieve.php 300 7 Einwohnermeldeamt emamt.py 300 8 kannx kannx1.rb 300 scorebot # C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M 0 80 0 1 10.1.0.3 2 kA 84 67 3 1 10.2.0.3 3 45564F 0 95 1 1 10.3.0.3 4 HackBS 0 81 0 1 10.4.0.3 scorebot # scorebot # scorebot # C ls() O O ID name script interval 1 Webserver webserver.rb 300 2 Messageboard mb.py 300 3 Mailserver smtp.py 300 5 Strafkartei Website1 straf_test_frontend_store.php 300 6 Strafkartei Website2 straf_test_frontend_retrieve.php 300 7 Einwohnermeldeamt emamt.py 300 8 kannx kannx1.rb 300 scorebot # C ladv90 O scorebot # C ladv90 O scorebot # C ladv() O scorebot # C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M 0 89 0 1 10.1.0.3 2 kA 84 67 3 1 10.2.0.3 3 45564F 0 97 1 1 10.3.0.3 4 HackBS 0 81 0 1 10.4.0.3 scorebot # C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M 0 89 0 1 10.1.0.3 2 kA 84 67 3 1 10.2.0.3 3 45564F 0 97 1 1 10.3.0.3 4 HackBS 0 81 0 1 10.4.0.3 scorebot # C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M 0 89 0 1 10.1.0.3 2 kA 84 67 3 1 10.2.0.3 3 45564F 0 97 1 1 10.3.0.3 4 HackBS 0 81 0 1 10.4.0.3 scorebot # C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M 0 89 0 1 10.1.0.3 2 kA 84 67 3 1 10.2.0.3 3 45564F 0 97 1 1 10.3.0.3 4 HackBS 0 81 0 1 10.4.0.3 scorebot # C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M 0 89 0 1 10.1.0.3 2 kA 84 67 3 1 10.2.0.3 3 45564F 0 97 1 1 10.3.0.3 4 HackBS 0 81 0 1 10.4.0.3 scorebot # C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M 0 89 0 1 10.1.0.3 2 kA 84 67 3 1 10.2.0.3 3 45564F 0 97 1 1 10.3.0.3 4 HackBS 0 81 0 1 10.4.0.3 scorebot # C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M 0 89 0 1 10.1.0.3 2 kA 84 67 3 1 10.2.0.3 3 45564F 0 97 1 1 10.3.0.3 4 HackBS 0 81 0 1 10.4.0.3 scorebot # C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M 0 89 0 1 10.1.0.3 2 kA 84 67 3 1 10.2.0.3 3 45564F 0 97 1 1 10.3.0.3 4 HackBS 0 81 0 1 10.4.0.3 scorebot # C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M 0 89 0 1 10.1.0.3 2 kA 84 67 3 1 10.2.0.3 3 45564F 0 98 1 1 10.3.0.3 4 HackBS 0 81 0 1 10.4.0.3 scorebot # C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M 0 91 0 1 10.1.0.3 2 kA 84 67 3 1 10.2.0.3 3 45564F 0 103 1 1 10.3.0.3 4 HackBS 0 88 0 1 10.4.0.3 scorebot # scorebot # scorebot # C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M 0 91 0 1 10.1.0.3 2 kA 84 67 3 1 10.2.0.3 3 45564F 0 103 1 1 10.3.0.3 4 HackBS 0 88 0 1 10.4.0.3 scorebot # C ls() O O ID name script interval 1 Webserver webserver.rb 300 2 Messageboard mb.py 300 3 Mailserver smtp.py 300 5 Strafkartei Website1 straf_test_frontend_store.php 300 6 Strafkartei Website2 straf_test_frontend_retrieve.php 300 7 Einwohnermeldeamt emamt.py 300 8 kannx kannx1.rb 300 scorebot # C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M 0 91 0 1 10.1.0.3 2 kA 84 67 3 1 10.2.0.3 3 45564F 0 103 1 1 10.3.0.3 4 HackBS 0 88 0 1 10.4.0.3 scorebot # C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M 0 91 0 1 10.1.0.3 2 kA 84 67 3 1 10.2.0.3 3 45564F 0 103 1 1 10.3.0.3 4 HackBS 0 88 0 1 10.4.0.3 scorebot # C ls() O O ID name script interval 1 Webserver webserver.rb 300 2 Messageboard mb.py 300 3 Mailserver smtp.py 300 5 Strafkartei Website1 straf_test_frontend_store.php 300 6 Strafkartei Website2 straf_test_frontend_retrieve.php 300 7 Einwohnermeldeamt emamt.py 300 8 kannx kannx1.rb 300 scorebot # C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M 0 91 0 1 10.1.0.3 2 kA 84 67 3 1 10.2.0.3 3 45564F 0 103 1 1 10.3.0.3 4 HackBS 0 88 0 1 10.4.0.3 scorebot # scorebot # C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M 0 101 0 1 10.1.0.3 2 kA 84 67 3 1 10.2.0.3 3 45564F 0 104 1 1 10.3.0.3 4 HackBS 0 88 0 1 10.4.0.3 scorebot # scorebot # C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M 0 105 0 1 10.1.0.3 2 kA 84 67 3 1 10.2.0.3 3 45564F 0 113 1 1 10.3.0.3 4 HackBS 0 88 0 1 10.4.0.3 scorebot # C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M 0 105 0 1 10.1.0.3 2 kA 84 67 3 1 10.2.0.3 3 45564F 0 113 1 1 10.3.0.3 4 HackBS 0 88 0 1 10.4.0.3 scorebot # C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M 0 105 0 1 10.1.0.3 2 kA 84 67 3 1 10.2.0.3 3 45564F 0 113 1 1 10.3.0.3 4 HackBS 0 88 0 1 10.4.0.3 scorebot # C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M 0 105 0 1 10.1.0.3 2 kA 84 67 3 1 10.2.0.3 3 45564F 0 113 1 1 10.3.0.3 4 HackBS 0 88 0 1 10.4.0.3 scorebot # C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M 0 105 0 1 10.1.0.3 2 kA 84 67 3 1 10.2.0.3 3 45564F 0 113 1 1 10.3.0.3 4 HackBS 0 88 0 1 10.4.0.3 scorebot # C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M 0 105 0 1 10.1.0.3 2 kA 84 67 3 1 10.2.0.3 3 45564F 0 113 1 1 10.3.0.3 4 HackBS 0 88 0 1 10.4.0.3 scorebot # scorebot # scorebot # C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M 0 115 0 1 10.1.0.3 2 kA 84 79 3 1 10.2.0.3 3 45564F 0 114 1 1 10.3.0.3 4 HackBS 0 88 0 1 10.4.0.3 scorebot # C ls() O O ID name script interval 1 Webserver webserver.rb 300 2 Messageboard mb.py 300 3 Mailserver smtp.py 300 5 Strafkartei Website1 straf_test_frontend_store.php 300 6 Strafkartei Website2 straf_test_frontend_retrieve.php 300 7 Einwohnermeldeamt emamt.py 300 8 kannx kannx1.rb 300 scorebot # scorebot # C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M 0 115 0 1 10.1.0.3 2 kA 84 84 3 1 10.2.0.3 3 45564F 0 114 1 1 10.3.0.3 4 HackBS 0 88 0 1 10.4.0.3 scorebot # scorebot # C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M 0 116 0 1 10.1.0.3 2 kA 84 89 3 1 10.2.0.3 3 45564F 0 118 1 1 10.3.0.3 4 HackBS 0 88 0 1 10.4.0.3 scorebot # C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M 0 116 0 1 10.1.0.3 2 kA 84 89 3 1 10.2.0.3 3 45564F 0 118 1 1 10.3.0.3 4 HackBS 0 88 0 1 10.4.0.3 scorebot # scorebot # scorebot # scorebot # C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M 0 116 0 1 10.1.0.3 2 kA 84 89 3 1 10.2.0.3 3 45564F 0 118 1 1 10.3.0.3 4 HackBS 0 88 0 1 10.4.0.3 scorebot # C ls() O O ID name script interval 1 Webserver webserver.rb 300 2 Messageboard mb.py 300 3 Mailserver smtp.py 300 5 Strafkartei Website1 straf_test_frontend_store.php 300 6 Strafkartei Website2 straf_test_frontend_retrieve.php 300 7 Einwohnermeldeamt emamt.py 300 scorebot # C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M 0 116 0 1 10.1.0.3 2 kA 84 89 3 1 10.2.0.3 3 45564F 0 118 1 1 10.3.0.3 4 HackBS 0 88 0 1 10.4.0.3 scorebot # scorebot # C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M 0 119 0 1 10.1.0.3 2 kA 84 97 3 1 10.2.0.3 3 45564F 0 123 1 1 10.3.0.3 4 HackBS 0 88 0 1 10.4.0.3 scorebot # scorebot # scorebot # scorebot # scorebot # C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M 0 121 0 1 10.1.0.3 2 kA 84 101 3 1 10.2.0.3 3 45564F 0 123 1 1 10.3.0.3 4 HackBS 0 88 0 1 10.4.0.3 scorebot # C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M 0 121 0 1 10.1.0.3 2 kA 84 101 3 1 10.2.0.3 3 45564F 0 124 1 1 10.3.0.3 4 HackBS 0 88 0 1 10.4.0.3 scorebot # C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M 0 121 0 1 10.1.0.3 2 kA 84 106 3 1 10.2.0.3 3 45564F 0 124 1 1 10.3.0.3 4 HackBS 0 88 0 1 10.4.0.3 scorebot # C ladv90 O scorebot # C ladv() O O 16: [kA] New advisory by : kA Affected service(s): Severity [lmh] : ===== Problem ===== ===== Impact ===== ===== Fix ===== scorebot # C report(16, "empty advisory?") O scorebot # scorebot # scorebot # scorebot # C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M 0 121 0 1 10.1.0.3 2 kA 84 106 3 1 10.2.0.3 3 45564F 0 131 1 1 10.3.0.3 4 HackBS 0 88 0 1 10.4.0.3 scorebot # C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M 0 121 0 1 10.1.0.3 2 kA 84 106 3 1 10.2.0.3 3 45564F 0 131 1 1 10.3.0.3 4 HackBS 0 88 0 1 10.4.0.3 scorebot # C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M 0 121 0 1 10.1.0.3 2 kA 84 108 3 1 10.2.0.3 3 45564F 0 137 1 1 10.3.0.3 4 HackBS 0 88 0 1 10.4.0.3 scorebot # C f:d O scorebot # C 1:2 O scorebot # C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M 0 121 0 1 10.1.0.3 2 kA 84 112 3 1 10.2.0.3 3 45564F 0 140 1 1 10.3.0.3 4 HackBS 0 88 0 1 10.4.0.3 scorebot # scorebot # C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M 0 121 0 1 10.1.0.3 2 kA 84 113 3 1 10.2.0.3 3 45564F 0 140 1 1 10.3.0.3 4 HackBS 0 88 0 1 10.4.0.3 scorebot # C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M 0 121 0 1 10.1.0.3 2 kA 84 113 3 1 10.2.0.3 3 45564F 0 140 1 1 10.3.0.3 4 HackBS 0 88 0 1 10.4.0.3 scorebot # C ladv() O O 16: [kA] New advisory by : kA Affected service(s): Severity [lmh] : ===== Problem ===== ===== Impact ===== ===== Fix ===== O 17: [kA] New advisory by : kA Affected service(s): mailserver Severity [lmh] : spam ===== Problem ===== OpenRelay. The server acts as an open relay. ===== Impact ===== Everyone is able to queue messages for every adress. ===== Fix ===== The server should match the recipient's adress to a list of local users. (Or should only allow local users to send mails) scorebot # C report(16, "empty advisory") O scorebot # C reject(17, "no, the smtp server does not do any kind of relaying.") O O ok scorebot # scorebot # C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M 0 122 0 1 10.1.0.3 2 kA 84 113 3 1 10.2.0.3 3 45564F 0 140 1 1 10.3.0.3 4 HackBS 0 88 0 1 10.4.0.3 scorebot # C reject(16, "empty advisory") O O ok scorebot # scorebot # C ls() O O ID name script interval 1 Webserver webserver.rb 300 2 Messageboard mb.py 300 3 Mailserver smtp.py 300 5 Strafkartei Website1 straf_test_frontend_store.php 300 6 Strafkartei Website2 straf_test_frontend_retrieve.php 300 7 Einwohnermeldeamt emamt.py 300 scorebot # C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M 0 123 0 1 10.1.0.3 2 kA 84 118 3 1 10.2.0.3 3 45564F 0 147 1 1 10.3.0.3 4 HackBS 0 88 0 1 10.4.0.3 scorebot # C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M 0 123 0 1 10.1.0.3 2 kA 84 118 3 1 10.2.0.3 3 45564F 0 147 1 1 10.3.0.3 4 HackBS 0 88 0 1 10.4.0.3 scorebot # scorebot # scorebot # C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M 0 128 0 1 10.1.0.3 2 kA 84 120 3 1 10.2.0.3 3 45564F 0 147 1 1 10.3.0.3 4 HackBS 0 88 0 1 10.4.0.3 scorebot # C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M 0 128 0 1 10.1.0.3 2 kA 84 122 3 1 10.2.0.3 3 45564F 0 150 1 1 10.3.0.3 4 HackBS 0 88 0 1 10.4.0.3 scorebot # scorebot # C ladv() O O 18: [kA] (remove this and the next line) (be sure to read ~/.ctf_advreadme before reporting advisories.) New advisory by : Team kA (formerly known as eof, formerly known as HackBBS) Affected service(s) : STK frontend Severity [lmh] : m ===== Problem ===== PHP-Based web-authentication, though required when logging into the service, is not re-checked in calls of further php files during a session. Therefore the seperate functions, like ADD or SEARCH can be called directly, circumventing authentication, for example by accessing: http://ip.of.host/stk/result.php?lastname=Doe ===== Impact ===== This way, all entries of John Doe (and therefore all flags) can be read without authentication ===== Fix ===== Implement proper login / password - checking in all .php files scorebot # C accept(18, 2, "good.") O O ok scorebot # C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M 0 128 0 1 10.1.0.3 2 kA 84 126 5 1 10.2.0.3 3 45564F 0 155 1 1 10.3.0.3 4 HackBS 0 89 0 1 10.4.0.3 scorebot # C ls() O O ID name script interval 1 Webserver webserver.rb 300 2 Messageboard mb.py 300 3 Mailserver smtp.py 300 5 Strafkartei Website1 straf_test_frontend_store.php 300 6 Strafkartei Website2 straf_test_frontend_retrieve.php 300 7 Einwohnermeldeamt emamt.py 300 scorebot # C ls() O O ID name script interval 1 Webserver webserver.rb 300 2 Messageboard mb.py 300 3 Mailserver smtp.py 300 5 Strafkartei Website1 straf_test_frontend_store.php 300 6 Strafkartei Website2 straf_test_frontend_retrieve.php 300 7 Einwohnermeldeamt emamt.py 300 scorebot # C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M 0 132 0 1 10.1.0.3 2 kA 84 131 5 1 10.2.0.3 3 45564F 0 155 1 1 10.3.0.3 4 HackBS 0 94 0 1 10.4.0.3 scorebot # C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M 0 132 0 1 10.1.0.3 2 kA 84 132 5 1 10.2.0.3 3 45564F 0 155 1 1 10.3.0.3 4 HackBS 0 95 0 1 10.4.0.3 scorebot # scorebot # C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M 0 137 0 1 10.1.0.3 2 kA 84 132 5 1 10.2.0.3 3 45564F 0 155 1 1 10.3.0.3 4 HackBS 0 97 0 1 10.4.0.3 scorebot # scorebot # scorebot # scorebot # C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M 0 142 0 1 10.1.0.3 2 kA 84 139 5 1 10.2.0.3 3 45564F 0 163 1 1 10.3.0.3 4 HackBS 0 97 0 1 10.4.0.3 scorebot # scorebot # scorebot # C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M 0 143 0 1 10.1.0.3 2 kA 93 146 5 1 10.2.0.3 3 45564F 0 163 1 1 10.3.0.3 4 HackBS 0 97 0 1 10.4.0.3 scorebot # scorebot # scorebot # scorebot # scorebot # scorebot # C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M 0 160 0 1 10.1.0.3 2 kA 98 157 5 1 10.2.0.3 3 45564F 0 163 1 1 10.3.0.3 4 HackBS 0 97 0 1 10.4.0.3 O bye! O Timeout; bye L closing O Welcome, 127.0.0.1 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C admin() O ÿûPassword: C qlfkdoek@ ÿüO Login successful! scorebot # C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M 0 160 0 1 10.1.0.3 2 kA 98 157 5 1 10.2.0.3 3 45564F 0 163 1 1 10.3.0.3 4 HackBS 0 97 0 1 10.4.0.3 scorebot # scorebot # scorebot # C ls() O O ID name script interval 1 Webserver webserver.rb 300 2 Messageboard mb.py 300 3 Mailserver smtp.py 300 5 Strafkartei Website1 straf_test_frontend_store.php 300 6 Strafkartei Website2 straf_test_frontend_retrieve.php 300 7 Einwohnermeldeamt emamt.py 300 scorebot # scorebot # C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M 0 164 0 1 10.1.0.3 2 kA 102 168 5 1 10.2.0.3 3 45564F 0 163 1 1 10.3.0.3 4 HackBS 0 97 0 1 10.4.0.3 scorebot # scorebot # C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M 0 170 0 1 10.1.0.3 2 kA 102 172 5 1 10.2.0.3 3 45564F 0 163 1 1 10.3.0.3 4 HackBS 0 97 0 1 10.4.0.3 scorebot # scorebot # C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M 0 170 0 1 10.1.0.3 2 kA 102 177 5 1 10.2.0.3 3 45564F 0 163 1 1 10.3.0.3 4 HackBS 0 97 0 1 10.4.0.3 scorebot # scorebot # scorebot # scorebot # C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M 0 173 0 1 10.1.0.3 2 kA 107 190 5 1 10.2.0.3 3 45564F 0 163 1 1 10.3.0.3 4 HackBS 0 97 0 1 10.4.0.3 scorebot # scorebot # C ladv() O scorebot # C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M 0 173 0 1 10.1.0.3 2 kA 107 190 5 1 10.2.0.3 3 45564F 0 163 1 1 10.3.0.3 4 HackBS 0 97 0 1 10.4.0.3 scorebot # scorebot # scorebot # C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M 0 187 0 1 10.1.0.3 2 kA 111 194 5 1 10.2.0.3 3 45564F 0 170 1 1 10.3.0.3 4 HackBS 0 97 0 1 10.4.0.3 scorebot # C lt( O O Error: Invalid function call: ( scorebot # C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M 0 187 0 1 10.1.0.3 2 kA 111 194 5 1 10.2.0.3 3 45564F 0 170 1 1 10.3.0.3 4 HackBS 0 97 0 1 10.4.0.3 scorebot # scorebot # scorebot # scorebot # C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M 0 195 0 1 10.1.0.3 2 kA 114 198 5 1 10.2.0.3 3 45564F 0 178 1 1 10.3.0.3 4 HackBS 0 97 0 1 10.4.0.3 scorebot # scorebot # scorebot # C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M 0 197 0 1 10.1.0.3 2 kA 114 198 5 1 10.2.0.3 3 45564F 0 186 1 1 10.3.0.3 4 HackBS 0 97 0 1 10.4.0.3 scorebot # C ls() O O ID name script interval 1 Webserver webserver.rb 300 2 Messageboard mb.py 300 3 Mailserver smtp.py 300 5 Strafkartei Website1 straf_test_frontend_store.php 300 6 Strafkartei Website2 straf_test_frontend_retrieve.php 300 7 Einwohnermeldeamt emamt.py 300 scorebot # C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M 0 197 0 1 10.1.0.3 2 kA 114 198 5 1 10.2.0.3 3 45564F 0 186 1 1 10.3.0.3 4 HackBS 0 97 0 1 10.4.0.3 scorebot # C ls() O O ID name script interval 1 Webserver webserver.rb 300 2 Messageboard mb.py 300 3 Mailserver smtp.py 300 5 Strafkartei Website1 straf_test_frontend_store.php 300 6 Strafkartei Website2 straf_test_frontend_retrieve.php 300 7 Einwohnermeldeamt emamt.py 300 scorebot # C accept(19, 2, "very good") O O ok scorebot # scorebot # C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M 0 198 0 1 10.1.0.3 2 kA 114 208 7 1 10.2.0.3 3 45564F 0 187 1 1 10.3.0.3 4 HackBS 0 97 0 1 10.4.0.3 scorebot # C lt(0 O O Error: Invalid function call: (0 scorebot # C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M 0 198 0 1 10.1.0.3 2 kA 114 210 7 1 10.2.0.3 3 45564F 0 187 1 1 10.3.0.3 4 HackBS 0 97 0 1 10.4.0.3 scorebot # C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M 0 199 0 1 10.1.0.3 2 kA 114 211 7 1 10.2.0.3 3 45564F 0 187 1 1 10.3.0.3 4 HackBS 0 97 0 1 10.4.0.3 scorebot # scorebot # C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M 0 206 0 1 10.1.0.3 2 kA 116 212 7 1 10.2.0.3 3 45564F 0 190 1 1 10.3.0.3 4 HackBS 0 97 0 1 10.4.0.3 scorebot # C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M 0 206 0 1 10.1.0.3 2 kA 116 212 7 1 10.2.0.3 3 45564F 0 192 1 1 10.3.0.3 4 HackBS 0 97 0 1 10.4.0.3 scorebot # C getteam(3).setap(3) O scorebot # C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M 0 206 0 1 10.1.0.3 2 kA 116 212 7 1 10.2.0.3 3 45564F 0 193 3 1 10.3.0.3 4 HackBS 0 97 0 1 10.4.0.3 scorebot # C getteam(3).setap(1) O scorebot # C man.flags O O No help on flags. scorebot # C man.services O O No help on services. scorebot # C man O O Which manual page do you want? man.functions Scoring bot functions man.reportadvisory Advisories must contain exact sourc... man.admin Admin functions man.service Service handling functions man.team Team handling functions man.reportflag Flags are 32 byte values represente... scorebot # C man.team O O Welcome to the online documentation system ----------------------------------------------------------------- Help on team Team handling functions class Team data functions ----------------------------------------------------------------- String getname() get name of the team String gethost() get host of vuln team host void setname(String teamName) set name of the team void sethost(String hostName) set vuln hostname of the team void delete() delete team class Team Score functions ----------------------------------------------------------------- int getop() get offensive points int getdp() get defensive points int getap() get adviosry points int gethp() get hacking points void setop(int offensivePoints) set offensive points void setdp(int defensivePoints) set defensive points void setap(int advisoryPoints) set advisory points void sethp(int hackingPoints) set hacking points EXAMPLE ======= t = createteam("the foobars") t.sethost("www.foobar.com") scorebot # C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M 0 206 0 1 10.1.0.3 2 kA 116 212 7 1 10.2.0.3 3 45564F 0 193 1 1 10.3.0.3 4 HackBS 0 97 0 1 10.4.0.3 scorebot # C getteam(3).setop(3) O scorebot # scorebot # C quit() O O bye! O Timeout; bye L closing O Welcome, 127.0.0.1 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C admin() O ÿûPassword: C qlfkdoek@ ÿüO Login successful! scorebot # C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M 0 206 0 1 10.1.0.3 2 kA 116 215 7 1 10.2.0.3 3 45564F 3 196 1 1 10.3.0.3 4 HackBS 0 97 0 1 10.4.0.3 scorebot # scorebot # C ladv90 O scorebot # C ladv90 O scorebot # C ladv() O O 20: [kA] New advisory by : kA Affected service(s): einwohnermeldeamt Severity [lmh] : high ===== Problem ===== After a request is served, the fork doesn't exit. ===== Impact ===== There will be zombie processes until the mem is full. ===== Fix ===== Please alter your for(;;) in einwohnermeldeamt.c to: for(;;) { if((c = accept(s, (struct sockaddr *)&ca,&addrlen))==-1) return -1; pid = fork(); if(pid == 0){ serve(c); exit(0); }else if(pid < 0) return -1; close (c); } (add a exit(0) near line 33) O 21: [Team Martl] New advisory by : team1 Affected service(s) : Webserver Severity [lmh] : h ===== Problem ===== php script auth. user against file "accounts" in webroot; file accounts is downloadable; ===== Impact ===== passwds within (sha) may be cracked ===== Fix ===== move accounts file change corresponding php file scorebot # C accept(20, 2, "ack. very true indeed.") O O ok scorebot # C ladv() O O 21: [Team Martl] New advisory by : team1 Affected service(s) : Webserver Severity [lmh] : h ===== Problem ===== php script auth. user against file "accounts" in webroot; file accounts is downloadable; ===== Impact ===== passwds within (sha) may be cracked ===== Fix ===== move accounts file change corresponding php file scorebot # C accept(21, 1, "ack") O O ok scorebot # scorebot # scorebot # scorebot # C ls() O O ID name script interval 1 Webserver webserver.rb 300 2 Messageboard mb.py 300 3 Mailserver smtp.py 300 5 Strafkartei Website1 straf_test_frontend_store.php 300 6 Strafkartei Website2 straf_test_frontend_retrieve.php 300 7 Einwohnermeldeamt emamt.py 300 scorebot # C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M 0 218 1 1 10.1.0.3 2 kA 124 231 9 1 10.2.0.3 3 45564F 3 208 1 1 10.3.0.3 4 HackBS 0 97 0 1 10.4.0.3 scorebot # scorebot # C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M 0 220 1 1 10.1.0.3 2 kA 124 232 9 1 10.2.0.3 3 45564F 3 210 1 1 10.3.0.3 4 HackBS 0 97 0 1 10.4.0.3 scorebot # C ls() O O ID name script interval 1 Webserver webserver.rb 300 2 Messageboard mb.py 300 3 Mailserver smtp.py 300 5 Strafkartei Website1 straf_test_frontend_store.php 300 6 Strafkartei Website2 straf_test_frontend_retrieve.php 300 7 Einwohnermeldeamt emamt.py 300 scorebot # C ls() O O ID name script interval 1 Webserver webserver.rb 300 2 Messageboard mb.py 300 3 Mailserver smtp.py 300 5 Strafkartei Website1 straf_test_frontend_store.php 300 6 Strafkartei Website2 straf_test_frontend_retrieve.php 300 7 Einwohnermeldeamt emamt.py 300 scorebot # C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M 0 229 1 1 10.1.0.3 2 kA 128 232 9 1 10.2.0.3 3 45564F 3 212 1 1 10.3.0.3 4 HackBS 0 97 0 1 10.4.0.3 scorebot # scorebot # C ls)( O O Error: Invalid function call: ( scorebot # scorebot # scorebot # C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M 0 233 1 1 10.1.0.3 2 kA 133 238 9 1 10.2.0.3 3 45564F 3 218 1 1 10.3.0.3 4 HackBS 0 97 0 1 10.4.0.3 scorebot # scorebot # scorebot # scorebot # scorebot # scorebot # C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M 0 248 1 1 10.1.0.3 2 kA 136 248 9 1 10.2.0.3 3 45564F 3 225 1 1 10.3.0.3 4 HackBS 0 99 0 1 10.4.0.3 O bye! O Timeout; bye L closing O Welcome, 127.0.0.1 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C admin() O ÿûPassword: C qlfkdoek@ ÿüO Login successful! scorebot # C ladv90 O scorebot # C ladv() O O 22: [Team Martl] new advisory by : Team 1, duracell Affected service(s) : Strafkartei Severity [lmh] : m ===== Problem ===== Bad default password (foobar) in Strafkartei service ===== Impact ===== Any user can login as admin and have full access in every default installation ===== Fix ===== Change password in accounts with a new sha1 hashed password. O 23: [45564F4C5554494F4E] New advisory by : 45564F4C5554494F4E Affected service(s): Einwohnermeldeamt Severity [lmh] : high ===== Problem ===== Names in the db file are all the same (std.db) ===== Impact ===== can be shown via the getall cmd and you can get all the flags placed there ===== Fix ===== dont know :( scorebot # C ladv() O O 22: [Team Martl] new advisory by : Team 1, duracell Affected service(s) : Strafkartei Severity [lmh] : m ===== Problem ===== Bad default password (foobar) in Strafkartei service ===== Impact ===== Any user can login as admin and have full access in every default installation ===== Fix ===== Change password in accounts with a new sha1 hashed password. O 23: [45564F4C5554494F4E] New advisory by : 45564F4C5554494F4E Affected service(s): Einwohnermeldeamt Severity [lmh] : high ===== Problem ===== Names in the db file are all the same (std.db) ===== Impact ===== can be shown via the getall cmd and you can get all the flags placed there ===== Fix ===== dont know :( scorebot # C reject(22, "ack, but that's an admin problem.") O O ok scorebot # C accept(23, 2, "ack") O O ok scorebot # C ladv() O scorebot # C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M 0 262 1 1 10.1.0.3 2 kA 136 262 9 1 10.2.0.3 3 45564F 3 228 3 1 10.3.0.3 4 HackBS 0 99 0 1 10.4.0.3 scorebot # scorebot # scorebot # scorebot # C ladv() O O 24: [45564F4C5554494F4E] New advisory by : Evolution Affected service(s): stk Severity [lmh] : medium ===== PROBLEM ===== Cross Site Scripting ===== IMPACT ===== File: search.php Line: 11-12 Code: $user = $_REQUEST["user"]; $passwd = $_REQUEST["passwd"]; File: add.php Line: 11-12 Code: $user = $_REQUEST["user"]; $passwd = $_REQUEST["passwd"]; File: index.php Line: 10-11 Code: $user = $_REQUEST["user"]; $passwd = $_REQUEST["passwd"]; File: save_add.php Line: 13-14 Code: $user = $_REQUEST["user"]; $passwd = $_REQUEST["passwd"]; File: result.php Line: 13-14 Code: $user = $_REQUEST["user"]; $passwd = $_REQUEST["passwd"]; ====== FIX ====== $user = htmlspecialchars($_REQUEST["user"]); $passwd = htmlspecialchars($_REQUEST["passwd"]); scorebot # C accept(24, 2, "good, but *read the rules for reporting advisories*. no code. DESCRIPTIONS.") O O ok scorebot # C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M 0 266 1 1 10.1.0.3 2 kA 140 270 9 1 10.2.0.3 3 45564F 3 234 5 1 10.3.0.3 4 HackBS 0 117 0 1 10.4.0.3 scorebot # C getteam(3).setdp(244) O scorebot # C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M 0 266 1 1 10.1.0.3 2 kA 140 270 9 1 10.2.0.3 3 45564F 3 244 5 1 10.3.0.3 4 HackBS 0 117 0 1 10.4.0.3 scorebot # scorebot # scorebot # C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M 0 266 1 1 10.1.0.3 2 kA 141 273 9 1 10.2.0.3 3 45564F 3 251 5 1 10.3.0.3 4 HackBS 0 117 0 1 10.4.0.3 scorebot # C ladv() O scorebot # scorebot # C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M 0 276 1 1 10.1.0.3 2 kA 141 285 9 1 10.2.0.3 3 45564F 3 252 5 1 10.3.0.3 4 HackBS 0 117 0 1 10.4.0.3 scorebot # C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M 0 276 1 1 10.1.0.3 2 kA 141 285 9 1 10.2.0.3 3 45564F 3 252 5 1 10.3.0.3 4 HackBS 0 117 0 1 10.4.0.3 scorebot # scorebot # scorebot # scorebot # scorebot # scorebot # C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M 0 289 1 1 10.1.0.3 2 kA 149 299 9 1 10.2.0.3 3 45564F 3 262 5 1 10.3.0.3 4 HackBS 0 128 0 1 10.4.0.3 O bye! O Timeout; bye L closing O Welcome, 127.0.0.1 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C admin() O ÿûPassword: C ]qlfkdoek@ ÿüO Login incorrect scorebot > C admin() O ÿûPassword: C qlfkdoek@ ÿüO Login successful! scorebot # C ladv() O scorebot # C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M 0 289 1 1 10.1.0.3 2 kA 154 299 9 1 10.2.0.3 3 45564F 3 262 5 1 10.3.0.3 4 HackBS 0 128 0 1 10.4.0.3 scorebot # C ls() O O ID name script interval 1 Webserver webserver.rb 300 2 Messageboard mb.py 300 3 Mailserver smtp.py 300 5 Strafkartei Website1 straf_test_frontend_store.php 300 6 Strafkartei Website2 straf_test_frontend_retrieve.php 300 7 Einwohnermeldeamt emamt.py 300 scorebot # scorebot # scorebot # scorebot # C ladv() O O 25: [Team Martl] New advisory by : martl Affected service(s) : msgboard Severity [lmh] : m ===== Problem ===== any host can read and delete all msg stored in msgboard ===== Impact ===== denial of service and disclosure of information ===== Fix ===== implement some kind of authentication scorebot # C accept(25, 2, "nice. you could have described the exact way to exploit that exploit, though ;-)") O O ok scorebot # C ladv() O scorebot # scorebot # C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M 0 303 3 1 10.1.0.3 2 kA 157 308 9 1 10.2.0.3 3 45564F 3 265 5 1 10.3.0.3 4 HackBS 0 134 0 1 10.4.0.3 scorebot # C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M 0 306 3 1 10.1.0.3 2 kA 157 311 9 1 10.2.0.3 3 45564F 3 265 5 1 10.3.0.3 4 HackBS 0 134 0 1 10.4.0.3 scorebot # C ls() O O ID name script interval 1 Webserver webserver.rb 300 2 Messageboard mb.py 300 3 Mailserver smtp.py 300 5 Strafkartei Website1 straf_test_frontend_store.php 300 6 Strafkartei Website2 straf_test_frontend_retrieve.php 300 7 Einwohnermeldeamt emamt.py 300 scorebot # C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M 0 308 3 1 10.1.0.3 2 kA 157 311 9 1 10.2.0.3 3 45564F 3 267 5 1 10.3.0.3 4 HackBS 0 134 0 1 10.4.0.3 scorebot # scorebot # scorebot # C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M 0 321 3 1 10.1.0.3 2 kA 157 323 9 1 10.2.0.3 3 45564F 3 277 5 1 10.3.0.3 4 HackBS 0 135 0 1 10.4.0.3 scorebot # C ls() O O ID name script interval 1 Webserver webserver.rb 300 2 Messageboard mb.py 300 3 Mailserver smtp.py 300 5 Strafkartei Website1 straf_test_frontend_store.php 300 6 Strafkartei Website2 straf_test_frontend_retrieve.php 300 7 Einwohnermeldeamt emamt.py 300 scorebot # C ls() O O ID name script interval 1 Webserver webserver.rb 300 2 Messageboard mb.py 300 3 Mailserver smtp.py 300 5 Strafkartei Website1 straf_test_frontend_store.php 300 6 Strafkartei Website2 straf_test_frontend_retrieve.php 300 7 Einwohnermeldeamt emamt.py 300 scorebot # C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M 0 321 3 1 10.1.0.3 2 kA 166 327 9 1 10.2.0.3 3 45564F 3 279 5 1 10.3.0.3 4 HackBS 0 135 0 1 10.4.0.3 scorebot # scorebot # scorebot # C ls() O O ID name script interval 1 Webserver webserver.rb 300 2 Messageboard mb.py 300 3 Mailserver smtp.py 300 5 Strafkartei Website1 straf_test_frontend_store.php 300 6 Strafkartei Website2 straf_test_frontend_retrieve.php 300 7 Einwohnermeldeamt emamt.py 300 scorebot # C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M 0 322 3 1 10.1.0.3 2 kA 166 327 9 1 10.2.0.3 3 45564F 3 279 5 1 10.3.0.3 4 HackBS 0 137 0 1 10.4.0.3 scorebot # C ls() O O ID name script interval 1 Webserver webserver.rb 300 2 Messageboard mb.py 300 3 Mailserver smtp.py 300 5 Strafkartei Website1 straf_test_frontend_store.php 300 6 Strafkartei Website2 straf_test_frontend_retrieve.php 300 7 Einwohnermeldeamt emamt.py 300 scorebot # C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M 0 322 3 1 10.1.0.3 2 kA 172 327 9 1 10.2.0.3 3 45564F 3 281 5 1 10.3.0.3 4 HackBS 0 141 0 1 10.4.0.3 scorebot # scorebot # scorebot # C ls() O O ID name script interval 1 Webserver webserver.rb 300 2 Messageboard mb.py 300 3 Mailserver smtp.py 300 5 Strafkartei Website1 straf_test_frontend_store.php 300 6 Strafkartei Website2 straf_test_frontend_retrieve.php 300 7 Einwohnermeldeamt emamt.py 300 scorebot # C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M 0 332 3 1 10.1.0.3 2 kA 172 335 9 1 10.2.0.3 3 45564F 3 285 5 1 10.3.0.3 4 HackBS 0 141 0 1 10.4.0.3 scorebot # C reject(1, "no linenumbers, no points ;-(") O O Advisory 1 doesn't exist! scorebot # C reject(26, "no filename, on linenumbers, no points ;-(") O O ok scorebot # scorebot # C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M 0 333 3 1 10.1.0.3 2 kA 175 340 9 1 10.2.0.3 3 45564F 3 291 5 1 10.3.0.3 4 HackBS 0 143 0 1 10.4.0.3 scorebot # C reject(27, "I don't even know which service you are talking about. messageboard? It's coded in python. You're showing some Java/D code in this advisories.") O O ok scorebot # C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M 0 336 3 1 10.1.0.3 2 kA 175 340 9 1 10.2.0.3 3 45564F 3 294 5 1 10.3.0.3 4 HackBS 0 143 0 1 10.4.0.3 scorebot # C ladv90 O scorebot # scorebot # C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M 0 347 3 1 10.1.0.3 2 kA 176 342 9 1 10.2.0.3 3 45564F 3 301 5 1 10.3.0.3 4 HackBS 0 143 0 1 10.4.0.3 scorebot # scorebot # scorebot # C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M 2 351 3 1 10.1.0.3 2 kA 176 346 9 1 10.2.0.3 3 45564F 3 301 5 1 10.3.0.3 4 HackBS 0 148 0 1 10.4.0.3 scorebot # C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M 2 353 3 1 10.1.0.3 2 kA 179 346 9 1 10.2.0.3 3 45564F 3 301 5 1 10.3.0.3 4 HackBS 0 148 0 1 10.4.0.3 scorebot # C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M 2 361 3 1 10.1.0.3 2 kA 179 346 9 1 10.2.0.3 3 45564F 3 303 5 1 10.3.0.3 4 HackBS 0 151 0 1 10.4.0.3 scorebot # C ls() O O ID name script interval 1 Webserver webserver.rb 300 2 Messageboard mb.py 300 3 Mailserver smtp.py 300 5 Strafkartei Website1 straf_test_frontend_store.php 300 6 Strafkartei Website2 straf_test_frontend_retrieve.php 300 7 Einwohnermeldeamt emamt.py 300 scorebot # C ladv() O O 28: [45564F4C5554494F4E] New advisory by : evolution Affected service(s): mailserver Severity [lmh] : hi ===== Problem ===== There are some mails stored in the mailservers directory including flags. These mails can be read via the readdata command. ===== Impact ===== attacker can easiely grad flags ===== Fix ===== authentication before reading data O 29: [Team Martl] Advisory by : martl Affected service(s) : stk frontend Severity [lmh] : m ===== Problem ===== results.php performs empty search when no request parameters are given at all ===== Impact ===== as the backend accepts empty search strings it is possible to dump the whole db without knowing any information ===== Fix === as hotfix add a default searchstring in line 13. like this: $search="unexistantstring" O 30: [45564F4C5554494F4E] New advisory by : evolution Affected service(s): messageboard Severity [lmh] : high ===== Problem ===== The user posts a message with a messageid and another user shall able to get the message with the knowlegde of the id. For this reason message is an associative Array which means that the variable i is a string comparable to an hash in another programming language nevertheless it's an array so it is possible to access it trought number like 0 for the first element. ===== Impact ===== Because the user can define the variable to access the array he can use numbers to get messages without knowing the messageid. ===== Fix ===== There should be an statement to prevent accessing the array throught numbers like in line 17 scorebot # C accept(28, 1, "ack, but if you don't know the filenames -- which are hard to guess-- you don't get anything") O O ok scorebot # C accept(29, 2, "ack") O O ok scorebot # scorebot # C reject(30, "no") O O ok scorebot # C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M 2 367 5 1 10.1.0.3 2 kA 179 358 9 1 10.2.0.3 3 45564F 3 303 6 1 10.3.0.3 4 HackBS 0 152 0 1 10.4.0.3 scorebot # C ladv() O scorebot # C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M 2 372 5 1 10.1.0.3 2 kA 179 358 9 1 10.2.0.3 3 45564F 3 309 6 1 10.3.0.3 4 HackBS 0 152 0 1 10.4.0.3 scorebot # scorebot # C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M 2 379 5 1 10.1.0.3 2 kA 188 361 9 1 10.2.0.3 3 45564F 3 314 6 1 10.3.0.3 4 HackBS 0 156 0 1 10.4.0.3 scorebot # C ladv() O scorebot # C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M 2 379 5 1 10.1.0.3 2 kA 188 361 9 1 10.2.0.3 3 45564F 3 314 6 1 10.3.0.3 4 HackBS 0 156 0 1 10.4.0.3 scorebot # C ladv90 O scorebot # C ladv() O scorebot # C ladv() O scorebot # C ladv() O scorebot # C ladv90 O scorebot # C ladv() O scorebot # scorebot # C ladv() O scorebot # C ladv90 O scorebot # C ladv( O O Error: Invalid function call: ( scorebot # C ladv() O scorebot # C ladv90 O scorebot # C ladv() O O 31: [kA] New advisory by : kA Affected service(s) : Einwohnermeldeamt Severity [lmh] : m ===== Problem ===== Bounds checking in the function myreadline() (file helper.c) is impoperly implemented. Hence, a buffer overrun is possible, leading to a possible heap overflow exploit. (technical details: c is initiased as some value on the stack, thus probably a large number. It will therefore *never* be 1023) ===== Impact ===== Heap Overflow, possible arbitrary code execution. ===== Fix ===== properly count input bytes ( the code (c != ret + 1023) would be correct) scorebot # scorebot # C ladv() O O 31: [kA] New advisory by : kA Affected service(s) : Einwohnermeldeamt Severity [lmh] : m ===== Problem ===== Bounds checking in the function myreadline() (file helper.c) is impoperly implemented. Hence, a buffer overrun is possible, leading to a possible heap overflow exploit. (technical details: c is initiased as some value on the stack, thus probably a large number. It will therefore *never* be 1023) ===== Impact ===== Heap Overflow, possible arbitrary code execution. ===== Fix ===== properly count input bytes ( the code (c != ret + 1023) would be correct) O 32: [kA] New advisory by : kA Affected service(s): mailserver / retserver Severity [lmh] : h ===== Problem ===== buf is limited to 1024 bytes, but no input check is done. So the client is able to trigger a buffer overflow by sending > 1024 bytes. ===== Impact ===== Buffer Overflow. ===== Fix ===== Count the bytes send, break the connection after 1023 bytes. scorebot # C accept(31, 1, "that's correct") O O ok scorebot # C accept(32, 1, "correct.") O O ok scorebot # C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M 4 391 5 1 10.1.0.3 2 kA 198 377 11 1 10.2.0.3 3 45564F 3 319 6 1 10.3.0.3 4 HackBS 0 160 0 1 10.4.0.3 scorebot # scorebot # C ladv() O O 33: [Team Martl] New advisory by :martl Affected service(s) :all Severity [lmh] :m ===== Problem ===== if you can login as ostERvi, you can edit a file which is cat'ed when some user is doing "ls" (is defined by an alias), which leads to execution of escaped strings that can enter stuff with rights of the user who is doing the ls ===== Impact ===== executing commands with rights of a uncareful user ===== Fix ===== scorebot # scorebot # C accept(33, 0, "correct, but not a coding but an administration error, so no points. sorry!") O O ok scorebot # C ladv() O O 34: [45564F4C5554494F4E] New advisory by : evolution Affected service(s): einwohner Severity [lmh] : mid ===== Problem ===== helper.c char getnewline memory leak ===== Impact ===== memory leak ===== Fix ===== kA :D scorebot # C accept(34, 0, "already reported") O O ok scorebot # C ladv() O O 35: [45564F4C5554494F4E] New advisory by : evolution Affected service(s): messageboard Severity [lmh] : high ===== Problem ===== Trought the list command you are able to recieve all stored messages ===== Impact ===== Send list $myipadress$ $myport$ to 1984 where the script is listening and have a listening netcat at $myipadress$ and $myport$ to receive the messages ===== Fix ===== remove the list command scorebot # C accept(35, 2, "ACK") O O ok scorebot # C ladv() O scorebot # C ladv() O scorebot # C ladv() O scorebot # O Welcome, 77.184.183.110 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > O Error: EOF scorebot > O Error: EOF scorebot > O Error: EOF scorebot > O Error: EOF scorebot > O Error: EOF O Too many exceptions O bye! O Timeout; bye L closing O Welcome, 78.138.116.175 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C man.reportflag O O Welcome to the online documentation system ----------------------------------------------------------------- Help on reportflag Flags are 32 byte values represented by 64 byte hex strings. The function to report flags is boolean reportflag(int teamID, string flagID) Returns true if the flag was credited, otherwise false. If you are team #4 and you believe you found a flag, say, 1337, you'd enter: reportflag(4, "1337") done! scorebot > C man O O Which manual page do you want? man.functions Scoring bot functions man.reportadvisory Advisories must contain exact sourc... man.admin Admin functions man.service Service handling functions man.team Team handling functions man.reportflag Flags are 32 byte values represente... scorebot > scorebot > scorebot > scorebot > scorebot > C man.functions O O Welcome to the online documentation system ----------------------------------------------------------------- Help on functions Scoring bot functions ----------------------------------------------------------------- boolean reportflag(int teamID, String flagString) Report a flag. teamID: ID of the reporting (your own) team flagString: ID of the flag void reportadvisory(int teamID, String advisory) Report an advisory. teamID: ID of the reporting (your own) team advisory: Advisory description. Miscellaneous functions ----------------------------------------------------------------- void quit() Quit session String readtext() Read multi-line text bool admin(optional String password) Log in as admin. If password is omitted, you are prompted interactively. This is the recommended method, as your typing will be hidden. However, some telnet clients (i.e., netcat) have trouble handling some control characters; in that case you should specify the password directly. void functions() List all available functions void lt() List all teams void dir() List all defined variables O bye! O Timeout; bye L closing O Welcome, 78.138.116.175 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C copyright O O CTF scorebot 0.4.37 (C) 2007-2008, Hans-Christian Esperer echo hcathcespererdotorg | sed 's/at/@/' | sed 's/dot/./' scorebot > C man O O Which manual page do you want? man.functions Scoring bot functions man.reportadvisory Advisories must contain exact sourc... man.admin Admin functions man.service Service handling functions man.team Team handling functions man.reportflag Flags are 32 byte values represente... scorebot > C man.team O O Welcome to the online documentation system ----------------------------------------------------------------- Help on team Team handling functions class Team data functions ----------------------------------------------------------------- String getname() get name of the team String gethost() get host of vuln team host void setname(String teamName) set name of the team void sethost(String hostName) set vuln hostname of the team void delete() delete team class Team Score functions ----------------------------------------------------------------- int getop() get offensive points int getdp() get defensive points int getap() get adviosry points int gethp() get hacking points void setop(int offensivePoints) set offensive points void setdp(int defensivePoints) set defensive points void setap(int advisoryPoints) set advisory points void sethp(int hackingPoints) set hacking points EXAMPLE ======= t = createteam("the foobars") t.sethost("www.foobar.com") scorebot > scorebot > scorebot > scorebot > scorebot > C man.service O O Welcome to the online documentation system ----------------------------------------------------------------- Help on service Service handling functions --------------------------------------------------------------- String getname() return name of service void setname(String serviceName) set name of service int getinterval() return checking interval void setinterval(int interval) set checking interval String getscript() return name of check script void setscript(String script) set name of check script void delete() delete service EXAMPLE ======= service = createservice("smtp") service.setscript("smtp.py") service.setinterval(30) O bye! O Timeout; bye L closing O Welcome, 78.138.116.175 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C license O O CCCamp07 ScoringSystem A CTF scoring bot & flag+advisory reporting system (C) 2007, Hans-Christian Esperer hc at hcespererorg All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: * Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. * Neither the name of the H. Ch. Esperer nor the names of his contributors may be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED POSSIBILITY OF SUCH DAMAGE scorebot > C man O O Which manual page do you want? man.functions Scoring bot functions man.reportadvisory Advisories must contain exact sourc... man.admin Admin functions man.service Service handling functions man.team Team handling functions man.reportflag Flags are 32 byte values represente... scorebot > C man.functions O O Welcome to the online documentation system ----------------------------------------------------------------- Help on functions Scoring bot functions ----------------------------------------------------------------- boolean reportflag(int teamID, String flagString) Report a flag. teamID: ID of the reporting (your own) team flagString: ID of the flag void reportadvisory(int teamID, String advisory) Report an advisory. teamID: ID of the reporting (your own) team advisory: Advisory description. Miscellaneous functions ----------------------------------------------------------------- void quit() Quit session String readtext() Read multi-line text bool admin(optional String password) Log in as admin. If password is omitted, you are prompted interactively. This is the recommended method, as your typing will be hidden. However, some telnet clients (i.e., netcat) have trouble handling some control characters; in that case you should specify the password directly. void functions() List all available functions void lt() List all teams void dir() List all defined variables scorebot > scorebot > scorebot > scorebot > scorebot > O bye! O Timeout; bye L closing O Welcome, 78.138.116.175 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C man.functions O O Welcome to the online documentation system ----------------------------------------------------------------- Help on functions Scoring bot functions ----------------------------------------------------------------- boolean reportflag(int teamID, String flagString) Report a flag. teamID: ID of the reporting (your own) team flagString: ID of the flag void reportadvisory(int teamID, String advisory) Report an advisory. teamID: ID of the reporting (your own) team advisory: Advisory description. Miscellaneous functions ----------------------------------------------------------------- void quit() Quit session String readtext() Read multi-line text bool admin(optional String password) Log in as admin. If password is omitted, you are prompted interactively. This is the recommended method, as your typing will be hidden. However, some telnet clients (i.e., netcat) have trouble handling some control characters; in that case you should specify the password directly. void functions() List all available functions void lt() List all teams void dir() List all defined variables scorebot > scorebot > scorebot > scorebot > scorebot > O bye! O Timeout; bye L closing O Welcome, 78.138.116.175 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C man O O Which manual page do you want? man.functions Scoring bot functions man.reportadvisory Advisories must contain exact sourc... man.admin Admin functions man.service Service handling functions man.team Team handling functions man.reportflag Flags are 32 byte values represente... scorebot > scorebot > scorebot > scorebot > scorebot > O bye! O Timeout; bye L closing O Welcome, 78.138.116.175 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C report O scorebot > C uir O scorebot > C exit O scorebot > C scorebot > C quit() O O bye! O Timeout; bye L closing O Welcome, 78.138.116.175 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C reportadvisory O scorebot > scorebot > scorebot > scorebot > scorebot > O bye! O Timeout; bye L closing O Welcome, 78.138.116.175 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C man.team O O Welcome to the online documentation system ----------------------------------------------------------------- Help on team Team handling functions class Team data functions ----------------------------------------------------------------- String getname() get name of the team String gethost() get host of vuln team host void setname(String teamName) set name of the team void sethost(String hostName) set vuln hostname of the team void delete() delete team class Team Score functions ----------------------------------------------------------------- int getop() get offensive points int getdp() get defensive points int getap() get adviosry points int gethp() get hacking points void setop(int offensivePoints) set offensive points void setdp(int defensivePoints) set defensive points void setap(int advisoryPoints) set advisory points void sethp(int hackingPoints) set hacking points EXAMPLE ======= t = createteam("the foobars") t.sethost("www.foobar.com") scorebot > C man O O Which manual page do you want? man.functions Scoring bot functions man.reportadvisory Advisories must contain exact sourc... man.admin Admin functions man.service Service handling functions man.team Team handling functions man.reportflag Flags are 32 byte values represente... scorebot > C man.reportflag O O Welcome to the online documentation system ----------------------------------------------------------------- Help on reportflag Flags are 32 byte values represented by 64 byte hex strings. The function to report flags is boolean reportflag(int teamID, string flagID) Returns true if the flag was credited, otherwise false. If you are team #4 and you believe you found a flag, say, 1337, you'd enter: reportflag(4, "1337") done! scorebot > scorebot > C ÿôÿýÿôÿý O scorebot > C ÿôÿý:q O scorebot > C :q! O O Error: String index out of range: 2 scorebot > C  scorebot > C  scorebot > C  scorebot > C  scorebot > C  scorebot > O Error: EOF scorebot > O Error: EOF scorebot > O Error: EOF scorebot > O Error: EOF scorebot > O Error: EOF O Too many exceptions O bye! O Timeout; bye L closing O Welcome, 78.138.116.186 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C ls O scorebot > scorebot > scorebot > scorebot > C fr O scorebot > C scorebot > C scorebot > C ÿôÿý O scorebot > C scorebot > C scorebot > C scorebot > C auit O scorebot > C scorebot > C  scorebot > C x O scorebot > C scorebot > C scorebot > C scorebot > C ÿôÿý O scorebot > C scorebot > C  C  scorebot > C scorebot > C  scorebot > C q1d2 O scorebot > C scorebot > C ÿôÿýÿôÿýÿôÿý O scorebot > C ÿôÿý O scorebot > C ÿôÿý O scorebot > C scorebot > C scorebot > O bye! O Timeout; bye L closing O Welcome, 78.138.116.186 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C unalias ls O scorebot > C ls O scorebot > C ÿôÿý O scorebot > C  scorebot > C q O scorebot > C scorebot > C help O O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > scorebot > O Error: Connection reset scorebot > O Error: Connection reset scorebot > O Error: Connection reset scorebot > O Error: Connection reset scorebot > O Error: Connection reset O Too many exceptions O bye! O Timeout; bye L closing O Welcome, 78.138.116.186 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > scorebot > scorebot > scorebot > scorebot > scorebot > O bye! O Timeout; bye L closing O Welcome, 78.138.116.186 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > scorebot > C exit O scorebot > C auit O scorebot > C quit O O Enter quit() to quit! scorebot > C quit() O O bye! O Timeout; bye L closing O Welcome, 78.138.116.186 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > scorebot > C ls O scorebot > C quit O O Enter quit() to quit! scorebot > C quit() O O bye! O Timeout; bye L closing O Welcome, 78.138.116.186 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C man O O Which manual page do you want? man.functions Scoring bot functions man.reportadvisory Advisories must contain exact sourc... man.admin Admin functions man.service Service handling functions man.team Team handling functions man.reportflag Flags are 32 byte values represente... scorebot > C man.functions O O Welcome to the online documentation system ----------------------------------------------------------------- Help on functions Scoring bot functions ----------------------------------------------------------------- boolean reportflag(int teamID, String flagString) Report a flag. teamID: ID of the reporting (your own) team flagString: ID of the flag void reportadvisory(int teamID, String advisory) Report an advisory. teamID: ID of the reporting (your own) team advisory: Advisory description. Miscellaneous functions ----------------------------------------------------------------- void quit() Quit session String readtext() Read multi-line text bool admin(optional String password) Log in as admin. If password is omitted, you are prompted interactively. This is the recommended method, as your typing will be hidden. However, some telnet clients (i.e., netcat) have trouble handling some control characters; in that case you should specify the password directly. void functions() List all available functions void lt() List all teams void dir() List all defined variables scorebot > scorebot > scorebot > scorebot > scorebot > O bye! O Timeout; bye L closing O Welcome, 78.138.116.216 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C help O O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C man O O Which manual page do you want? man.functions Scoring bot functions man.reportadvisory Advisories must contain exact sourc... man.admin Admin functions man.service Service handling functions man.team Team handling functions man.reportflag Flags are 32 byte values represente... scorebot > C man.admin O O Welcome to the online documentation system ----------------------------------------------------------------- Help on admin Admin functions ----------------------------------------------------------------- void ladv() list all pending advisories void reject(int advisoryID, String comment) void accept(int advisoryID, int pointsToAward, String comment) void delete(int advisoryID) void inchp(int teamID, int pointsToAward) void dechp(int teamID, int pointsToTake) void lt() list all teams void ls() list all services Team createteam(String teamName) create and return new team Team getteam(int teamID) return team #teamID Service createservice( String serviceName) create and ret. new service Service getservice(int serviceID) return service #serviceID Debugging/Benchmarking functions ----------------------------------------------------------------- String genflags(int numFlags, String separator) DO NOT USE scorebot > scorebot > scorebot > scorebot > scorebot > O bye! O Timeout; bye L closing O Welcome, 78.138.116.216 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C admin O scorebot > C man.admin O O Welcome to the online documentation system ----------------------------------------------------------------- Help on admin Admin functions ----------------------------------------------------------------- void ladv() list all pending advisories void reject(int advisoryID, String comment) void accept(int advisoryID, int pointsToAward, String comment) void delete(int advisoryID) void inchp(int teamID, int pointsToAward) void dechp(int teamID, int pointsToTake) void lt() list all teams void ls() list all services Team createteam(String teamName) create and return new team Team getteam(int teamID) return team #teamID Service createservice( String serviceName) create and ret. new service Service getservice(int serviceID) return service #serviceID Debugging/Benchmarking functions ----------------------------------------------------------------- String genflags(int numFlags, String separator) DO NOT USE scorebot > C man.login O O No help on login. scorebot > C man O O Which manual page do you want? man.functions Scoring bot functions man.reportadvisory Advisories must contain exact sourc... man.admin Admin functions man.service Service handling functions man.team Team handling functions man.reportflag Flags are 32 byte values represente... scorebot > C man.admin O O Welcome to the online documentation system ----------------------------------------------------------------- Help on admin Admin functions ----------------------------------------------------------------- void ladv() list all pending advisories void reject(int advisoryID, String comment) void accept(int advisoryID, int pointsToAward, String comment) void delete(int advisoryID) void inchp(int teamID, int pointsToAward) void dechp(int teamID, int pointsToTake) void lt() list all teams void ls() list all services Team createteam(String teamName) create and return new team Team getteam(int teamID) return team #teamID Service createservice( String serviceName) create and ret. new service Service getservice(int serviceID) return service #serviceID Debugging/Benchmarking functions ----------------------------------------------------------------- String genflags(int numFlags, String separator) DO NOT USE scorebot > C admadmin O scorebot > C admin.login O scorebot > C admin login O scorebot > C admin qlfkdoek@ O scorebot > O Error: EOF scorebot > O Error: EOF scorebot > O Error: EOF scorebot > O Error: EOF scorebot > O Error: EOF O Too many exceptions O bye! O Timeout; bye L closing O Welcome, 78.138.116.216 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C man O O Which manual page do you want? man.functions Scoring bot functions man.reportadvisory Advisories must contain exact sourc... man.admin Admin functions man.service Service handling functions man.team Team handling functions man.reportflag Flags are 32 byte values represente... scorebot > C man.dunctions O O No help on dunctions. scorebot > C man.functions O O Welcome to the online documentation system ----------------------------------------------------------------- Help on functions Scoring bot functions ----------------------------------------------------------------- boolean reportflag(int teamID, String flagString) Report a flag. teamID: ID of the reporting (your own) team flagString: ID of the flag void reportadvisory(int teamID, String advisory) Report an advisory. teamID: ID of the reporting (your own) team advisory: Advisory description. Miscellaneous functions ----------------------------------------------------------------- void quit() Quit session String readtext() Read multi-line text bool admin(optional String password) Log in as admin. If password is omitted, you are prompted interactively. This is the recommended method, as your typing will be hidden. However, some telnet clients (i.e., netcat) have trouble handling some control characters; in that case you should specify the password directly. void functions() List all available functions void lt() List all teams void dir() List all defined variables scorebot > C login O scorebot > C admin O scorebot > C admin(qlfkdoek@) O O Error: null scorebot > C admin("qlfkdoek@") O O Login successful! scorebot # C clear O scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C man.admin O O Welcome to the online documentation system ----------------------------------------------------------------- Help on admin Admin functions ----------------------------------------------------------------- void ladv() list all pending advisories void reject(int advisoryID, String comment) void accept(int advisoryID, int pointsToAward, String comment) void delete(int advisoryID) void inchp(int teamID, int pointsToAward) void dechp(int teamID, int pointsToTake) void lt() list all teams void ls() list all services Team createteam(String teamName) create and return new team Team getteam(int teamID) return team #teamID Service createservice( String serviceName) create and ret. new service Service getservice(int serviceID) return service #serviceID Debugging/Benchmarking functions ----------------------------------------------------------------- String genflags(int numFlags, String separator) DO NOT USE scorebot # C ladv O scorebot # C ladv() O scorebot # C lt O scorebot # C ls O scorebot # scorebot # scorebot # scorebot # scorebot # O bye! O Timeout; bye L closing O Welcome, 78.138.116.216 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C admin("qlfkdoek@") O O Login successful! scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M 0 0 0 0 10.1.0.3 2 HackBS 0 0 0 0 10.2.0.3 3 45564F 0 0 0 0 10.3.0.3 4 !eof 0 0 0 0 10.4.0.3 scorebot # scorebot # scorebot # scorebot # scorebot # scorebot # O bye! O Timeout; bye L closing O Welcome, 78.138.116.216 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M n/a n/a n/a n/a 10.1.0.3 2 HackBS n/a n/a n/a n/a 10.2.0.3 3 45564F n/a n/a n/a n/a 10.3.0.3 4 !eof n/a n/a n/a n/a 10.4.0.3 scorebot > scorebot > scorebot > scorebot > scorebot > O bye! O Timeout; bye L closing O Welcome, 78.138.116.216 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > O Error: EOF scorebot > O Error: EOF scorebot > O Error: EOF scorebot > O Error: EOF scorebot > O Error: EOF O Too many exceptions O bye! O Timeout; bye L closing O Welcome, 78.138.116.216 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > scorebot > scorebot > scorebot > scorebot > scorebot > O bye! O Timeout; bye L closing O Welcome, 78.138.116.216 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C admin("qlfkdoek@") O O Login successful! scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M 0 33 0 0 10.1.0.3 2 HackBS 39 35 0 0 10.2.0.3 3 45564F 0 55 0 0 10.3.0.3 4 !eof 0 0 0 0 10.4.0.3 scorebot # C man O O Which manual page do you want? man.functions Scoring bot functions man.reportadvisory Advisories must contain exact sourc... man.admin Admin functions man.service Service handling functions man.team Team handling functions man.reportflag Flags are 32 byte values represente... scorebot # C help O O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot # C man.admin O O Welcome to the online documentation system ----------------------------------------------------------------- Help on admin Admin functions ----------------------------------------------------------------- void ladv() list all pending advisories void reject(int advisoryID, String comment) void accept(int advisoryID, int pointsToAward, String comment) void delete(int advisoryID) void inchp(int teamID, int pointsToAward) void dechp(int teamID, int pointsToTake) void lt() list all teams void ls() list all services Team createteam(String teamName) create and return new team Team getteam(int teamID) return team #teamID Service createservice( String serviceName) create and ret. new service Service getservice(int serviceID) return service #serviceID Debugging/Benchmarking functions ----------------------------------------------------------------- String genflags(int numFlags, String separator) DO NOT USE scorebot # C ladv() O O 11: [45564F4C5554494F4E] /usr/services/stk/stk Files: add.php Line: 11-12 File: index.php Line: 10-11 File: save_add.php Line: 13-14 File: search.php Line: 11-12 File: test.php Line: var-ausgabe all XSS scorebot # C ls O scorebot # C ls() O O ID name script interval 1 Webserver webserver.rb 300 2 Messageboard mb.py 300 3 Mailserver smtp.py 300 5 Strafkartei Website1 straf_test_frontend_store.php 300 6 Strafkartei Website2 straf_test_frontend_retrieve.php 300 7 Einwohnermeldeamt emamt.py 300 8 kannx kannx1.rb 300 scorebot # C ladv(11) O O Error: ADeLa: function ladv expects 0 parameters, 1 given! scorebot # C getasv() O scorebot # C man.adv O O No help on adv. scorebot # C man O O Which manual page do you want? man.functions Scoring bot functions man.reportadvisory Advisories must contain exact sourc... man.admin Admin functions man.service Service handling functions man.team Team handling functions man.reportflag Flags are 32 byte values represente... scorebot # C man.functions O O Welcome to the online documentation system ----------------------------------------------------------------- Help on functions Scoring bot functions ----------------------------------------------------------------- boolean reportflag(int teamID, String flagString) Report a flag. teamID: ID of the reporting (your own) team flagString: ID of the flag void reportadvisory(int teamID, String advisory) Report an advisory. teamID: ID of the reporting (your own) team advisory: Advisory description. Miscellaneous functions ----------------------------------------------------------------- void quit() Quit session String readtext() Read multi-line text bool admin(optional String password) Log in as admin. If password is omitted, you are prompted interactively. This is the recommended method, as your typing will be hidden. However, some telnet clients (i.e., netcat) have trouble handling some control characters; in that case you should specify the password directly. void functions() List all available functions void lt() List all teams void dir() List all defined variables scorebot # C dir() O SQLConnection db = org.hcesperer.utils.SQLConnection@10dc6b... String help = Welcome to the CTF scorebot 0.4.3 Boolean false = false Boolean true = true String copyright = CTF scorebot 0.4.3 String license = CCCamp07 ScoringSyste String quit = Enter quit() to quit! Manual man = Which manual page do you want scorebot # C man.admin O O Welcome to the online documentation system ----------------------------------------------------------------- Help on admin Admin functions ----------------------------------------------------------------- void ladv() list all pending advisories void reject(int advisoryID, String comment) void accept(int advisoryID, int pointsToAward, String comment) void delete(int advisoryID) void inchp(int teamID, int pointsToAward) void dechp(int teamID, int pointsToTake) void lt() list all teams void ls() list all services Team createteam(String teamName) create and return new team Team getteam(int teamID) return team #teamID Service createservice( String serviceName) create and ret. new service Service getservice(int serviceID) return service #serviceID Debugging/Benchmarking functions ----------------------------------------------------------------- String genflags(int numFlags, String separator) DO NOT USE scorebot # scorebot # scorebot # scorebot # scorebot # O bye! O Timeout; bye L closing O Welcome, 78.138.116.216 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C scorebot > C scorebot > C scorebot > C scorebot > C scorebot > C scorebot > C scorebot > C scorebot > C scorebot > C scorebot > C scorebot > C scorebot > C scorebot > C scorebot > C scorebot > C scorebot > C admin("qlfkdoek@") O O Login successful! scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C lsadv() O scorebot # C man.admin O O Welcome to the online documentation system ----------------------------------------------------------------- Help on admin Admin functions ----------------------------------------------------------------- void ladv() list all pending advisories void reject(int advisoryID, String comment) void accept(int advisoryID, int pointsToAward, String comment) void delete(int advisoryID) void inchp(int teamID, int pointsToAward) void dechp(int teamID, int pointsToTake) void lt() list all teams void ls() list all services Team createteam(String teamName) create and return new team Team getteam(int teamID) return team #teamID Service createservice( String serviceName) create and ret. new service Service getservice(int serviceID) return service #serviceID Debugging/Benchmarking functions ----------------------------------------------------------------- String genflags(int numFlags, String separator) DO NOT USE scorebot # C ladv() O O 12: [Team Martl] few (remove this and the next line) (be sure to read ~/.ctf_advreadme before reporting advisories.) New advisory by : Affected service(s) : Severity [lmh] : ===== Problem ===== ===== Impact ===== ===== Fix ===== scorebot # scorebot # scorebot # scorebot # scorebot # scorebot # O bye! O Timeout; bye L closing O Welcome, 78.138.116.216 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C lt O scorebot > C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M n/a n/a n/a n/a 10.1.0.3 2 eof n/a n/a n/a n/a 10.2.0.3 3 45564F n/a n/a n/a n/a 10.3.0.3 4 HackBS n/a n/a n/a n/a 10.4.0.3 scorebot > scorebot > scorebot > scorebot > C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M n/a n/a n/a n/a 10.1.0.3 2 eof n/a n/a n/a n/a 10.2.0.3 3 45564F n/a n/a n/a n/a 10.3.0.3 4 HackBS n/a n/a n/a n/a 10.4.0.3 scorebot > C man O O Which manual page do you want? man.functions Scoring bot functions man.reportadvisory Advisories must contain exact sourc... man.admin Admin functions man.service Service handling functions man.team Team handling functions man.reportflag Flags are 32 byte values represente... scorebot > C man.team O O Welcome to the online documentation system ----------------------------------------------------------------- Help on team Team handling functions class Team data functions ----------------------------------------------------------------- String getname() get name of the team String gethost() get host of vuln team host void setname(String teamName) set name of the team void sethost(String hostName) set vuln hostname of the team void delete() delete team class Team Score functions ----------------------------------------------------------------- int getop() get offensive points int getdp() get defensive points int getap() get adviosry points int gethp() get hacking points void setop(int offensivePoints) set offensive points void setdp(int defensivePoints) set defensive points void setap(int advisoryPoints) set advisory points void sethp(int hackingPoints) set hacking points EXAMPLE ======= t = createteam("the foobars") t.sethost("www.foobar.com") scorebot > C getop() O scorebot > C getop(1) O scorebot > C admin("qlfkdoek@") O O Login successful! O bye! O Timeout; bye L closing O Welcome, 78.138.116.216 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C scorebot > C scorebot > C scorebot > C scorebot > C scorebot > C scorebot > C scorebot > C scorebot > C scorebot > C scorebot > C scorebot > C scorebot > C scorebot > C scorebot > C scorebot > C scorebot > C scorebot > C scorebot > C scorebot > C scorebot > C scorebot > C scorebot > C scorebot > C scorebot > C scorebot > C scorebot > C scorebot > C scorebot > C scorebot > C scorebot > C scorebot > C scorebot > C scorebot > C scorebot > C scorebot > C scorebot > C scorebot > C scorebot > C scorebot > C scorebot > C scorebot > C scorebot > C scorebot > C scorebot > C scorebot > C scorebot > C scorebot > C scorebot > C scorebot > C scorebot > C admin("qlfkdoek@") O O Login successful! scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C ls O scorebot # C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M 0 73 0 1 10.1.0.3 2 eof 84 67 3 1 10.2.0.3 3 45564F 0 85 0 1 10.3.0.3 4 HackBS 0 75 0 1 10.4.0.3 scorebot # C getop(1) O scorebot # C man.team O O Welcome to the online documentation system ----------------------------------------------------------------- Help on team Team handling functions class Team data functions ----------------------------------------------------------------- String getname() get name of the team String gethost() get host of vuln team host void setname(String teamName) set name of the team void sethost(String hostName) set vuln hostname of the team void delete() delete team class Team Score functions ----------------------------------------------------------------- int getop() get offensive points int getdp() get defensive points int getap() get adviosry points int gethp() get hacking points void setop(int offensivePoints) set offensive points void setdp(int defensivePoints) set defensive points void setap(int advisoryPoints) set advisory points void sethp(int hackingPoints) set hacking points EXAMPLE ======= t = createteam("the foobars") t.sethost("www.foobar.com") scorebot # C man team O scorebot # C man.team O O Welcome to the online documentation system ----------------------------------------------------------------- Help on team Team handling functions class Team data functions ----------------------------------------------------------------- String getname() get name of the team String gethost() get host of vuln team host void setname(String teamName) set name of the team void sethost(String hostName) set vuln hostname of the team void delete() delete team class Team Score functions ----------------------------------------------------------------- int getop() get offensive points int getdp() get defensive points int getap() get adviosry points int gethp() get hacking points void setop(int offensivePoints) set offensive points void setdp(int defensivePoints) set defensive points void setap(int advisoryPoints) set advisory points void sethp(int hackingPoints) set hacking points EXAMPLE ======= t = createteam("the foobars") t.sethost("www.foobar.com") scorebot # scorebot # scorebot # scorebot # scorebot # O bye! O Timeout; bye L closing O Welcome, 78.138.116.216 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C admin(" O O Error: Invalid function call: (" scorebot > C admin("qlfkdoek@") O O Login successful! scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C scorebot # C lt O scorebot # C ladv() O scorebot # C man.admin O O Welcome to the online documentation system ----------------------------------------------------------------- Help on admin Admin functions ----------------------------------------------------------------- void ladv() list all pending advisories void reject(int advisoryID, String comment) void accept(int advisoryID, int pointsToAward, String comment) void delete(int advisoryID) void inchp(int teamID, int pointsToAward) void dechp(int teamID, int pointsToTake) void lt() list all teams void ls() list all services Team createteam(String teamName) create and return new team Team getteam(int teamID) return team #teamID Service createservice( String serviceName) create and ret. new service Service getservice(int serviceID) return service #serviceID Debugging/Benchmarking functions ----------------------------------------------------------------- String genflags(int numFlags, String separator) DO NOT USE scorebot # C ladv() O scorebot # scorebot # scorebot # scorebot # scorebot # scorebot # O bye! O Timeout; bye L closing O Welcome, 78.138.116.35 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C quit O O Enter quit() to quit! scorebot > C quit() O O bye! O Timeout; bye L closing O Welcome, 78.138.116.35 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C man O O Which manual page do you want? man.functions Scoring bot functions man.reportadvisory Advisories must contain exact sourc... man.admin Admin functions man.service Service handling functions man.team Team handling functions man.reportflag Flags are 32 byte values represente... scorebot > C man.team O O Welcome to the online documentation system ----------------------------------------------------------------- Help on team Team handling functions class Team data functions ----------------------------------------------------------------- String getname() get name of the team String gethost() get host of vuln team host void setname(String teamName) set name of the team void sethost(String hostName) set vuln hostname of the team void delete() delete team class Team Score functions ----------------------------------------------------------------- int getop() get offensive points int getdp() get defensive points int getap() get adviosry points int gethp() get hacking points void setop(int offensivePoints) set offensive points void setdp(int defensivePoints) set defensive points void setap(int advisoryPoints) set advisory points void sethp(int hackingPoints) set hacking points EXAMPLE ======= t = createteam("the foobars") t.sethost("www.foobar.com") scorebot > C man.admin O O Welcome to the online documentation system ----------------------------------------------------------------- Help on admin Admin functions ----------------------------------------------------------------- void ladv() list all pending advisories void reject(int advisoryID, String comment) void accept(int advisoryID, int pointsToAward, String comment) void delete(int advisoryID) void inchp(int teamID, int pointsToAward) void dechp(int teamID, int pointsToTake) void lt() list all teams void ls() list all services Team createteam(String teamName) create and return new team Team getteam(int teamID) return team #teamID Service createservice( String serviceName) create and ret. new service Service getservice(int serviceID) return service #serviceID Debugging/Benchmarking functions ----------------------------------------------------------------- String genflags(int numFlags, String separator) DO NOT USE scorebot > C lt O scorebot > C ls O scorebot > C  scorebot > C quit() O O bye! O Timeout; bye L closing O Welcome, 78.138.116.35 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M n/a n/a n/a n/a 10.1.0.3 2 HackBS n/a n/a n/a n/a 10.2.0.3 3 45564F n/a n/a n/a n/a 10.3.0.3 4 !eof n/a n/a n/a n/a 10.4.0.3 scorebot > C man.team O O Welcome to the online documentation system ----------------------------------------------------------------- Help on team Team handling functions class Team data functions ----------------------------------------------------------------- String getname() get name of the team String gethost() get host of vuln team host void setname(String teamName) set name of the team void sethost(String hostName) set vuln hostname of the team void delete() delete team class Team Score functions ----------------------------------------------------------------- int getop() get offensive points int getdp() get defensive points int getap() get adviosry points int gethp() get hacking points void setop(int offensivePoints) set offensive points void setdp(int defensivePoints) set defensive points void setap(int advisoryPoints) set advisory points void sethp(int hackingPoints) set hacking points EXAMPLE ======= t = createteam("the foobars") t.sethost("www.foobar.com") scorebot > scorebot > C getnam O scorebot > C getname() O scorebot > C man O O Which manual page do you want? man.functions Scoring bot functions man.reportadvisory Advisories must contain exact sourc... man.admin Admin functions man.service Service handling functions man.team Team handling functions man.reportflag Flags are 32 byte values represente... scorebot > C man.functions O O Welcome to the online documentation system ----------------------------------------------------------------- Help on functions Scoring bot functions ----------------------------------------------------------------- boolean reportflag(int teamID, String flagString) Report a flag. teamID: ID of the reporting (your own) team flagString: ID of the flag void reportadvisory(int teamID, String advisory) Report an advisory. teamID: ID of the reporting (your own) team advisory: Advisory description. Miscellaneous functions ----------------------------------------------------------------- void quit() Quit session String readtext() Read multi-line text bool admin(optional String password) Log in as admin. If password is omitted, you are prompted interactively. This is the recommended method, as your typing will be hidden. However, some telnet clients (i.e., netcat) have trouble handling some control characters; in that case you should specify the password directly. void functions() List all available functions void lt() List all teams void dir() List all defined variables scorebot > C man.reportflag O O Welcome to the online documentation system ----------------------------------------------------------------- Help on reportflag Flags are 32 byte values represented by 64 byte hex strings. The function to report flags is boolean reportflag(int teamID, string flagID) Returns true if the flag was credited, otherwise false. If you are team #4 and you believe you found a flag, say, 1337, you'd enter: reportflag(4, "1337") done! scorebot > scorebot > scorebot > C reportflag(3,"blaaa") O O Flag "blaaa" does not exist! scorebot > O bye! O Timeout; bye L closing O Welcome, 78.138.116.35 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C man O O Which manual page do you want? man.functions Scoring bot functions man.reportadvisory Advisories must contain exact sourc... man.admin Admin functions man.service Service handling functions man.team Team handling functions man.reportflag Flags are 32 byte values represente... scorebot > C man.admin O O Welcome to the online documentation system ----------------------------------------------------------------- Help on admin Admin functions ----------------------------------------------------------------- void ladv() list all pending advisories void reject(int advisoryID, String comment) void accept(int advisoryID, int pointsToAward, String comment) void delete(int advisoryID) void inchp(int teamID, int pointsToAward) void dechp(int teamID, int pointsToTake) void lt() list all teams void ls() list all services Team createteam(String teamName) create and return new team Team getteam(int teamID) return team #teamID Service createservice( String serviceName) create and ret. new service Service getservice(int serviceID) return service #serviceID Debugging/Benchmarking functions ----------------------------------------------------------------- String genflags(int numFlags, String separator) DO NOT USE scorebot > C ladv() O O Requires admin privileges! scorebot > C man.service O O Welcome to the online documentation system ----------------------------------------------------------------- Help on service Service handling functions --------------------------------------------------------------- String getname() return name of service void setname(String serviceName) set name of service int getinterval() return checking interval void setinterval(int interval) set checking interval String getscript() return name of check script void setscript(String script) set name of check script void delete() delete service EXAMPLE ======= service = createservice("smtp") service.setscript("smtp.py") service.setinterval(30) scorebot > scorebot > C scorebot > C man.functions O O Welcome to the online documentation system ----------------------------------------------------------------- Help on functions Scoring bot functions ----------------------------------------------------------------- boolean reportflag(int teamID, String flagString) Report a flag. teamID: ID of the reporting (your own) team flagString: ID of the flag void reportadvisory(int teamID, String advisory) Report an advisory. teamID: ID of the reporting (your own) team advisory: Advisory description. Miscellaneous functions ----------------------------------------------------------------- void quit() Quit session String readtext() Read multi-line text bool admin(optional String password) Log in as admin. If password is omitted, you are prompted interactively. This is the recommended method, as your typing will be hidden. However, some telnet clients (i.e., netcat) have trouble handling some control characters; in that case you should specify the password directly. void functions() List all available functions void lt() List all teams void dir() List all defined variables scorebot > C admin O scorebot > C scorebot > C admin() O ÿûPassword: C ctf ÿüO Login incorrect scorebot > scorebot > C scorebot > C help O O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C scorebot > C man.reportadvisory O O Welcome to the online documentation system ----------------------------------------------------------------- Help on reportadvisory Advisories must contain exact source line specifications (service name, filename, line number) or they cannot be processed. This rule is necessary because the moderators (probably) have not written the reported services themselves and need a way to verify the validity of your advisory. The function to report an advisory is boolean reportadvisory(int teamID, String advisory) The function to read a multiline string is String readtext() readtext() reads lines from stdin (in your case, the network connection) until it reads a line containing a single dot (^\.$). This is how I reported an advisory for team #7: (entered text is typeset bold) scorebot> reportadvisory(7, readtext()) Write some text, finish with a single dot on a separate line (^\.$) The tcsh is vunerable to a social engineering attack. By getting an admin to open a root shell and than taking a coffee break, you can break his computer by simple writing: # rm -rf /* Fix: remove tcsh (and while you're at it, all other shells as well) from your machines . Your advisory has been reported. scorebot> scorebot > C reportadvisory(2, readtext()) O Max 100 lines; max 256 chars per line O Write some text, finish with a single dot on a separate line (^\.$) 0> C great flaw 1> C fix: 2> C foo 3> C . O Your advisory has been reported. scorebot > O bye! O Timeout; bye L closing O Welcome, 78.47.168.174 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C quit() O O bye! O Timeout; bye L closing O Welcome, 78.47.168.174 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C /who O O Error: null scorebot > scorebot > scorebot > scorebot > scorebot > O bye! O Timeout; bye L closing O Welcome, 78.47.168.174 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > scorebot > scorebot > scorebot > scorebot > scorebot > O bye! O Timeout; bye L closing O Welcome, 78.47.168.174 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > scorebot > scorebot > scorebot > scorebot > C date O scorebot > C quit() O O bye! O Timeout; bye L closing O Welcome, 78.47.168.174 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > scorebot > C quit() O O bye! O Timeout; bye L closing O Welcome, 78.47.168.174 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > scorebot > scorebot > scorebot > scorebot > scorebot > O bye! O Timeout; bye L closing O Welcome, 78.47.168.174 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > scorebot > scorebot > scorebot > scorebot > scorebot > O bye! O Timeout; bye L closing O Welcome, 78.47.168.174 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C scorebot > C admin() O ÿûPassword: C qlfkdoek@ ÿüO Login successful! scorebot # C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M 0 9 0 0 10.1.0.3 2 HackBS 0 0 0 0 10.2.0.3 3 45564F 0 15 0 0 10.3.0.3 4 !eof 0 0 0 0 10.4.0.3 scorebot # C quit() O O bye! O Timeout; bye L closing O Welcome, 78.47.168.174 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > scorebot > scorebot > C quit() O O bye! O Timeout; bye L closing O Welcome, 84.138.101.96 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C man.reportflag O O Welcome to the online documentation system ----------------------------------------------------------------- Help on reportflag Flags are 32 byte values represented by 64 byte hex strings. The function to report flags is boolean reportflag(int teamID, string flagID) Returns true if the flag was credited, otherwise false. If you are team #4 and you believe you found a flag, say, 1337, you'd enter: reportflag(4, "1337") done! scorebot > C man O O Which manual page do you want? man.functions Scoring bot functions man.reportadvisory Advisories must contain exact sourc... man.admin Admin functions man.service Service handling functions man.team Team handling functions man.reportflag Flags are 32 byte values represente... scorebot > C man.functions O O Welcome to the online documentation system ----------------------------------------------------------------- Help on functions Scoring bot functions ----------------------------------------------------------------- boolean reportflag(int teamID, String flagString) Report a flag. teamID: ID of the reporting (your own) team flagString: ID of the flag void reportadvisory(int teamID, String advisory) Report an advisory. teamID: ID of the reporting (your own) team advisory: Advisory description. Miscellaneous functions ----------------------------------------------------------------- void quit() Quit session String readtext() Read multi-line text bool admin(optional String password) Log in as admin. If password is omitted, you are prompted interactively. This is the recommended method, as your typing will be hidden. However, some telnet clients (i.e., netcat) have trouble handling some control characters; in that case you should specify the password directly. void functions() List all available functions void lt() List all teams void dir() List all defined variables scorebot > C lt() O O ID Team off def adv hak host O ----------------------------------------------------------------- 1 Team M n/a n/a n/a n/a 10.1.0.3 2 HackBS n/a n/a n/a n/a 10.2.0.3 3 45564F n/a n/a n/a n/a 10.3.0.3 4 !eof n/a n/a n/a n/a 10.4.0.3 scorebot > scorebot > scorebot > scorebot > O bye! O Timeout; bye L closing O Welcome, 84.138.101.96 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > scorebot > scorebot > scorebot > scorebot > scorebot > O bye! O Timeout; bye L closing O Welcome, 84.138.101.96 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C help O O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > scorebot > scorebot > scorebot > scorebot > O bye! O Timeout; bye L closing O Welcome, 84.138.101.96 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C man.reportadvisory O O Welcome to the online documentation system ----------------------------------------------------------------- Help on reportadvisory Advisories must contain exact source line specifications (service name, filename, line number) or they cannot be processed. This rule is necessary because the moderators (probably) have not written the reported services themselves and need a way to verify the validity of your advisory. The function to report an advisory is boolean reportadvisory(int teamID, String advisory) The function to read a multiline string is String readtext() readtext() reads lines from stdin (in your case, the network connection) until it reads a line containing a single dot (^\.$). This is how I reported an advisory for team #7: (entered text is typeset bold) scorebot> reportadvisory(7, readtext()) Write some text, finish with a single dot on a separate line (^\.$) The tcsh is vunerable to a social engineering attack. By getting an admin to open a root shell and than taking a coffee break, you can break his computer by simple writing: # rm -rf /* Fix: remove tcsh (and while you're at it, all other shells as well) from your machines . Your advisory has been reported. scorebot> scorebot > scorebot > C man O O Which manual page do you want? man.functions Scoring bot functions man.reportadvisory Advisories must contain exact sourc... man.admin Admin functions man.service Service handling functions man.team Team handling functions man.reportflag Flags are 32 byte values represente... scorebot > C man.report O O No help on report. scorebot > scorebot > scorebot > O bye! O Timeout; bye L closing O Welcome, 84.138.101.96 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C man.reportadvisory O O Welcome to the online documentation system ----------------------------------------------------------------- Help on reportadvisory Advisories must contain exact source line specifications (service name, filename, line number) or they cannot be processed. This rule is necessary because the moderators (probably) have not written the reported services themselves and need a way to verify the validity of your advisory. The function to report an advisory is boolean reportadvisory(int teamID, String advisory) The function to read a multiline string is String readtext() readtext() reads lines from stdin (in your case, the network connection) until it reads a line containing a single dot (^\.$). This is how I reported an advisory for team #7: (entered text is typeset bold) scorebot> reportadvisory(7, readtext()) Write some text, finish with a single dot on a separate line (^\.$) The tcsh is vunerable to a social engineering attack. By getting an admin to open a root shell and than taking a coffee break, you can break his computer by simple writing: # rm -rf /* Fix: remove tcsh (and while you're at it, all other shells as well) from your machines . Your advisory has been reported. scorebot> scorebot > scorebot > scorebot > scorebot > scorebot > O bye! O Timeout; bye L closing O Welcome, 84.138.101.96 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > C man O O Which manual page do you want? man.functions Scoring bot functions man.reportadvisory Advisories must contain exact sourc... man.admin Admin functions man.service Service handling functions man.team Team handling functions man.reportflag Flags are 32 byte values represente... scorebot > C man.reportadvisory O O Welcome to the online documentation system ----------------------------------------------------------------- Help on reportadvisory Advisories must contain exact source line specifications (service name, filename, line number) or they cannot be processed. This rule is necessary because the moderators (probably) have not written the reported services themselves and need a way to verify the validity of your advisory. The function to report an advisory is boolean reportadvisory(int teamID, String advisory) The function to read a multiline string is String readtext() readtext() reads lines from stdin (in your case, the network connection) until it reads a line containing a single dot (^\.$). This is how I reported an advisory for team #7: (entered text is typeset bold) scorebot> reportadvisory(7, readtext()) Write some text, finish with a single dot on a separate line (^\.$) The tcsh is vunerable to a social engineering attack. By getting an admin to open a root shell and than taking a coffee break, you can break his computer by simple writing: # rm -rf /* Fix: remove tcsh (and while you're at it, all other shells as well) from your machines . Your advisory has been reported. scorebot> scorebot > C reportadvisory(3,readtext()) O Max 100 lines; max 256 chars per line O Write some text, finish with a single dot on a separate line (^\.$) 0> C /usr/services/stk/stk 1> C Files: add.php 2> C Line: 11-12 3> C File: index.php 4> C Line: 10-11 5> C File: save_add.php 6> C Line: 13-14 7> C File: search.php 8> C Line: 11-12 9> C File: test.php 10> C Line: var-ausgabe 11> C all XSS 12> C . O Your advisory has been reported. scorebot > scorebot > scorebot > O bye! O Timeout; bye L closing O Welcome, 87.163.212.125 O Welcome to the CTF scorebot 0.4.37 ----------------------------------------------------------------- type "man.reportflag", "man.reportadvisory", "man", "copyright" or "license" for more information. scorebot > scorebot > scorebot > scorebot > scorebot > scorebot > O bye! O Timeout; bye L closing