-
Notifications
You must be signed in to change notification settings - Fork 0
/
info.yml
100 lines (78 loc) · 3.62 KB
/
info.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
# The service name must contain only lowercase letters, numbers, and dashes. It MUST be the same as the repo name, sans "dc2021f-"
service_name: "shooow-your-shell"
description: "Can you out-shellcraft your opponents? Only the worthy will hold the hill!"
tags:
- shellcoding
authors:
- zardus
score_location: "/score"
violates_flag_format: false # if this is not "true", the flag is verfied against the flag format
allow_egress: False # Please sync with the infra guys if your service needs egress
initial_flag: "000AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" # TODO: is this ever used outside the tester?
flag_path: /flag # the location of the flag (for fresh flags)
# Type can be normal or king_of_the_hill
type: king_of_the_hill
# Two options here, only for normal services.
# private means private team-team instances, shared means that they are shared.
# This is important to get right in both the game and the infra.
isolation: private
# This is the number of concurrent connections that a container should be able to handle.
# This will be tested by ./tester
# Important if isolation==shared, not so much if isolation==private
concurrent_connections: 16
# This is the timeout that your check scripts will be run as.
check_timeout: 120
#
# Directories below the next two are absolute in either the `service` or `interaction` docker container.
#
# These are the files that will be "public" to the teams via the scoreboard.
# The paths are relative to the repository
# They are published manually. IF YOU CHANGE THEM DURING THE GAME YELL!
public_files:
- service/service.py
- service/shuffl
- service/runner-x86_64
- service/runner-aarch64
- service/runner-riscv64
- service/banner_fail
- service/Dockerfile
- service/service.conf
- service/wrapper
# This is the file that may be patched (only 1 file is supported currently). They are relative to / in the challenge container!
# CHECK SCRIPTS ARE CRUCIAL because player-patched binaries must pass them
# Exploit scripts are encouraged, but not mandatory and they are not used during the game
#
# All scripts should exit 0 if nothing went wrong.
# Scripts are automatically determined to be exploit scripts if they start with the word "exploit".
# Exploit scripts must output the flag using "FLAG: <FLAG>" and exit with 0 if the flag was captured correctly.
# The paths are absolute in the `interaction` docker container.
remote_interactions:
- /test.py
# These local test scripts are run inside of a "local interaction" docker container that is derived from the service container.
# They are for running more hardcore tests (i.e., static analysis, etc).
# The paths are absolute in the `local-test` docker container.
local_tests:
- /test.py
# Services must have a unique game_port during the game
# game_port defaults to container_port, which defaults to the docker EXPOSE (grepped)
# Ideally, make EXPOSE unique and let chalmanager default to that
#
# Default:
#container_port: (auto-grepped from the service Dockerfile)
#game_port: (= container_port)
#
# Or change it to:
#container_port: 5000 # What's in EXPOSE and xinetd's config
#game_port: 4444 # unique port for players to connect to
# Resource limits that will go in k8s
# request_xxx is used for scheduling (overcommitting)
request_memory: 64M
limit_memory: 64M
# It's strongly suggested to have a healthcheck regex
# The infrastructure will periodically connect and alert if it doesn't match anymore
# The tester will also simulate this process (once).
#
# Example: healthcheck_tcp: awesome chall
# healthcheck_tcp_send: some intial command
# Example: healthcheck_http: Author Login
healthcheck_tcp: Blocked bytes