Skip to main content

A framework for CTF challenges in a malicious-server setting

Project description

CryptLab

An E2EE Exploitation Practice Infrastructure

How To Run

This works on my setup.

  1. Make venv python -m venv .venv and activate it source .venv/bin/activate
  2. Install requirements pip install loguru fastapi python-decouple
  3. Install cryptlab editable locally pip install -e .
  4. Run the orchestrator on one terminal ORCHESTRATOR_WEBAPP_PORT=8000 FLAG="flag{test}" python cryptlab/orchestrator/main.py
  5. Open the browser webapp http://localhost:8000
  6. Watch for the server logs for a long token
  7. Paste this token in examples/server.py at the top
  8. Run python examples/server.py to connect the server script to the orchestrator
  9. Open http://localhost:8000/docs to open the Swagger docs
  10. Use the Swagger docs to send a post request to /api/v1/exec to execute some actions (Use the example below and the token you used earlier). You should see the corresponding actions being run against your server!

Use the following example execution config:

{
  "n_clients": 2,
  "actions": [
    [0, "SAVE_MESSAGE", "Hello"],
    [1, "SAVE_MESSAGE", "World"],
    [0, "RETRIEVE_MESSAGES"]
  ]
}

Stuff to try out

  • Open a serverscript (python examples/server.py) and then open another one in another terminal. The first one should get immediately disconnected.
  • Open two serverscripts, one locally and one remotely (i.e. send the post to /api/v1/exec) and see that both clients will execute.
  • Make a serverscript sleep with time.sleep(10). The execution will abort because you took too long to reply to the client (only works for remote clients).
  • Make a client and server go into an infinite loop with the LOOP command. This will also abort execution.

Important Notes

  • If you restart the orchestrator server, refresh the page so that the server can re-register the tokens (the orchestrator is stateless)
  • You can also run clients locally python examples/client.py! You can change the execution config at the bottom.

Known Bugs

  • Disconnecting a serverscript and reconnecting a new one makes the SERVER_SCRIPT_DISCONNECTED event fire twice in the websocket.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

cryptlab-0.1.1.tar.gz (23.9 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

cryptlab-0.1.1-py3-none-any.whl (31.2 kB view details)

Uploaded Python 3

File details

Details for the file cryptlab-0.1.1.tar.gz.

File metadata

  • Download URL: cryptlab-0.1.1.tar.gz
  • Upload date:
  • Size: 23.9 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: poetry/1.8.3 CPython/3.12.3 Linux/6.1.51-1-lts

File hashes

Hashes for cryptlab-0.1.1.tar.gz
Algorithm Hash digest
SHA256 f6f5edd5515939c909b24447403e99a086daf2cc119a03123532e6537a2cf69f
MD5 416b1deddf1a622028745ba85d784429
BLAKE2b-256 0e557b6987cbc98c394a06172c1ae15c01869e566c5b0bb344a28db1227168ed

See more details on using hashes here.

File details

Details for the file cryptlab-0.1.1-py3-none-any.whl.

File metadata

  • Download URL: cryptlab-0.1.1-py3-none-any.whl
  • Upload date:
  • Size: 31.2 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: poetry/1.8.3 CPython/3.12.3 Linux/6.1.51-1-lts

File hashes

Hashes for cryptlab-0.1.1-py3-none-any.whl
Algorithm Hash digest
SHA256 2dbabf7a82f4b604db421b4313204794ee483d6572edf5ee0c495e662e9d2762
MD5 177c6f0193d6473d7e2dfbf43e049f76
BLAKE2b-256 1a50377390ad5b08c3356773f480cab0a7ad0716ee51fb4cf38df1396c3d5e32

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page