Skip to main content

Exploit Farm client

Project description

Exploit Farm python library

ExploitFarm is a flag submitter and attack manager for Attack-Defense CTFs. The project is composed by a client and a server thats cooperates to manage the attacks and the flags. The design is directly inspired by destructive farm but completely rewritten and feature rich. Find more information about this project on exploitfarm github page and our team page Pwnzer0tt1

This library is used to interact with the Exploit Farm APIs.

Installation

pip3 install -U exploitfarm && xfarm --install-completion

Usage

import time, random
from exploitfarm import *

#Exploit example
host = get_host() #This should usually contains the ip of the team to attack

print(f"Hello {host}! This text should contain a lot of flags!")

flags =[random_str(32)+"=" for _ in range(100)]

print(f"Submitting {len(flags)} flags: {', 'f.join(flags)}")

Functions

from exploifarm import *

get_host() #Gets you the XFARM_HOST environment variable
Prio #Enum with high, normal and low values to set the priority of the process
nicenessify(priority=Prio.low) #Set the priority of the process (xfarm will set the priority of the process to low by default allowing strange behaviour on the system)
get_config() #Get the configuration of the client
random_str(
    length:int|None = None,
    length_range:int = (8,12),
    numbers:bool = True,
    lower:bool = True,
    upper:bool = True,
    specials:bool = False,
    exclude:str = "",
    include:str = ""
) #Generate a random string with the specified parameters (usefull to anonymize the exploit)

session(
    random_agent:bool = True,
    additional_agents:list = [],
    additional_headers:dict = {},
    user_agent:str = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/
) #Create a session with the specified headers (random_agent will set a random user agent)
try_tcp_connection(
    address:str,           #Address to connect
    timeout:float|None = 3 #Timeout of the connection
) -> tuple[bool, str|None] #Try to connect to the address with a tcp connection

When you import the library, the print function is replaced with a version that flushes the output. This is useful if in some cases the exploit is killed before the output is flushed.

xFarm CLI

Exploit farm has a CLI command (xFarm) that gives you different features to interact with the server and for starting exploits. Some parts of the managment of the exploit are inspired and in some part copied from destructive farm, but with a lot of improvements and an amazing Terminal UI based on textual.

Main Commands

init

Initiate a new exploit folder. This command will create a new exploit folder with the necessary files and directories, in the folder there will be a config.toml file with all the information needed to run your exploit, you can change some of these options if needed.

Syntax:

xFarm exploit init [OPTIONS]

Options:

  • --edit: Edit the exploit configuration.
  • --name: The name of the exploit.
  • --service: The service of the exploit.
  • --language: The language of the exploit.

after you created the exploit you can run it with the start command.

start

Start the exploit.

Syntax:

xFarm start [OPTIONS] PATH

Options:

  • PATH: The path of the exploit (default: .).
  • --pool_size: Number of workers to start (default: 50).
  • --submit_pool_timeout: Timeout for the submit pool to wait for new attack results and send flags (default: 3).
  • --server_status_refresh_period: Period to refresh the server status (default: 5).
  • --test: Test the exploit.
  • --test_timeout: Timeout for the test (default: 10).

Other Commands

config

Configure client settings.

Syntax:

xFarm config [OPTIONS]

Here will be shown a tui requiring server address and port, and a nickname for the client. All this information are needed to connect to the server and required if missing in every command is required.

reset

Reset client settings.

Syntax:

xFarm config reset

Description:

  • Prompts for confirmation before resetting.
  • Resets the client's settings to default values.

login

Log in to the server.

Syntax:

xFarm config login [OPTIONS]

The login will be always required if needed automatically in every command.

Options:

  • --password: The user's password.
  • --stdin: Read the password from stdin.

logout

Log out from the server.

Syntax:

xFarm config logout

Description:

  • Removes the server's authentication key from the client config.

submitter_test

Test a submitter.

Syntax:

xFarm submitter_test [OPTIONS] PATH OUTPUT

Options:

  • PATH: Path to the submitter Python script.
  • --kwargs: Submitter keyword arguments (in JSON format).
  • OUTPUT: Text containing flags according to the server's REGEX.

status

Get the server status.

Syntax:

xFarm status [OPTIONS] [WHAT]

Options:

  • WHAT: Type of server information (default: status).

Global Options

The CLI supports a global option for interactive mode.

  • --no-interactive: Disables interactive configuration mode. In interactive mode, a "semi-graphical" terminal interface will open, allowing you to enter data interactively.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

exploitfarm-0.5.1.tar.gz (34.9 kB view details)

Uploaded Source

Built Distribution

exploitfarm-0.5.1-py3-none-any.whl (39.3 kB view details)

Uploaded Python 3

File details

Details for the file exploitfarm-0.5.1.tar.gz.

File metadata

  • Download URL: exploitfarm-0.5.1.tar.gz
  • Upload date:
  • Size: 34.9 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/5.1.1 CPython/3.9.20

File hashes

Hashes for exploitfarm-0.5.1.tar.gz
Algorithm Hash digest
SHA256 0351ac5bab119b5a7e24a747f71f9ff9b4d0a2f5931d9375eec464c69e141fcf
MD5 724816d5efe464094ebc54d0e6a7c0a6
BLAKE2b-256 d3beb14199c2847d8e0d518d4092cd3db5ea278135eb5cc6982be0e5fcff3fc0

See more details on using hashes here.

File details

Details for the file exploitfarm-0.5.1-py3-none-any.whl.

File metadata

  • Download URL: exploitfarm-0.5.1-py3-none-any.whl
  • Upload date:
  • Size: 39.3 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/5.1.1 CPython/3.9.20

File hashes

Hashes for exploitfarm-0.5.1-py3-none-any.whl
Algorithm Hash digest
SHA256 d555b9d9dd07b7214f12f3404b5eef915932f468de26717c6c9970c1cd7c4f74
MD5 bf1c911e8052a43420f141a8b0566b3e
BLAKE2b-256 cdc08d10d2680ea21e7e01e11a262d8d717f49f7b6f93b4869339d95365ef18a

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page