A framework for CTF challenges in a malicious-server setting
Project description
CryptLab
An E2EE Exploitation Practice Infrastructure
How To Run
This works on my setup.
- Make venv
python -m venv .venvand activate itsource .venv/bin/activate - Install requirements
pip install loguru fastapi python-decouple - Install cryptlab editable locally
pip install -e . - Run the orchestrator on one terminal
ORCHESTRATOR_WEBAPP_PORT=8000 FLAG="flag{test}" python cryptlab/orchestrator/main.py - Open the browser webapp
http://localhost:8000 - Watch for the server logs for a long token
- Paste this token in
examples/server.pyat the top - Run
python examples/server.pyto connect the server script to the orchestrator - Open
http://localhost:8000/docsto open the Swagger docs - Use the Swagger docs to send a post request to
/api/v1/execto execute some actions (Use the example below and the token you used earlier). You should see the corresponding actions being run against your server!
Use the following example execution config:
{
"n_clients": 2,
"actions": [
[0, "SAVE_MESSAGE", "Hello"],
[1, "SAVE_MESSAGE", "World"],
[0, "RETRIEVE_MESSAGES"]
]
}
Stuff to try out
- Open a serverscript (
python examples/server.py) and then open another one in another terminal. The first one should get immediately disconnected. - Open two serverscripts, one locally and one remotely (i.e. send the post to
/api/v1/exec) and see that both clients will execute. - Make a serverscript sleep with
time.sleep(10). The execution will abort because you took too long to reply to the client (only works for remote clients). - Make a client and server go into an infinite loop with the LOOP command. This will also abort execution.
Important Notes
- If you restart the orchestrator server, refresh the page so that the server can re-register the tokens (the orchestrator is stateless)
- You can also run clients locally
python examples/client.py! You can change the execution config at the bottom.
Known Bugs
- Disconnecting a serverscript and reconnecting a new one makes the SERVER_SCRIPT_DISCONNECTED event fire twice in the websocket.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
cryptlab-0.1.1.tar.gz
(23.9 kB
view details)
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
cryptlab-0.1.1-py3-none-any.whl
(31.2 kB
view details)
File details
Details for the file cryptlab-0.1.1.tar.gz.
File metadata
- Download URL: cryptlab-0.1.1.tar.gz
- Upload date:
- Size: 23.9 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/1.8.3 CPython/3.12.3 Linux/6.1.51-1-lts
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
f6f5edd5515939c909b24447403e99a086daf2cc119a03123532e6537a2cf69f
|
|
| MD5 |
416b1deddf1a622028745ba85d784429
|
|
| BLAKE2b-256 |
0e557b6987cbc98c394a06172c1ae15c01869e566c5b0bb344a28db1227168ed
|
File details
Details for the file cryptlab-0.1.1-py3-none-any.whl.
File metadata
- Download URL: cryptlab-0.1.1-py3-none-any.whl
- Upload date:
- Size: 31.2 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/1.8.3 CPython/3.12.3 Linux/6.1.51-1-lts
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
2dbabf7a82f4b604db421b4313204794ee483d6572edf5ee0c495e662e9d2762
|
|
| MD5 |
177c6f0193d6473d7e2dfbf43e049f76
|
|
| BLAKE2b-256 |
1a50377390ad5b08c3356773f480cab0a7ad0716ee51fb4cf38df1396c3d5e32
|