crypto/cinnamon-dynamics (#2)

* webex+crypto/cinnamon-dynamics * web -> webex * crypto/cinnamon-dynamics: make the chall only crypto * Add python script to solvepath --------- Co-authored-by: glacialcascade <[email protected]>
BCACTF · Jun 6, 2024 · 87e40df · 87e40df
1 parent 98c7581
commit 87e40df
Show file tree

Hide file tree

Showing 14 changed files with 1,254 additions and 0 deletions.
diff --git a/cinnamon-dynamics/Dockerfile b/cinnamon-dynamics/Dockerfile
@@ -0,0 +1,20 @@
+FROM node:20-bookworm
+
+RUN useradd -m -d /home/ctf ctf
+
+USER ctf
+
+RUN bash -c "curl -fsSL https://deno.land/x/install/install.sh | sh"
+
+WORKDIR /home/ctf/app
+
+COPY --chown=ctf:ctf ./server .
+
+RUN npm ci
+
+ENV PATH "${PATH}:/home/ctf/.deno/bin"
+ENV NODE_ENV production
+
+EXPOSE 3000
+
+ENTRYPOINT ["npm", "start"]
diff --git a/cinnamon-dynamics/chall.yaml b/cinnamon-dynamics/chall.yaml
@@ -0,0 +1,24 @@
+name: Cinnamon Dynamics
+categories:
+  - crypto
+value: 175
+flag:
+  file: ./server/files/flag.txt
+description: |-
+  Cinnamon Dynamics, an innovative technology company, provides a service
+  for the public to execute short scripts to query some limited information
+  about the company. To combat abuse, they've instated a requirement for
+  all scripts to be approved by a company employee before they can be
+  executed. Approved scripts are granted a "script token" that allows
+  them to be executed an indefinite amount of times, so long as the script
+  is not modified. Unfortunately, it seems that malicious actors have
+  managed to circumvent the security system...
+files:
+  - src: ./server/server.js
+deploy:
+  web:
+    build: .
+    expose: 3000/tcp
+authors:
+  - Thomas
+visible: true
diff --git a/cinnamon-dynamics/server/files/company.txt b/cinnamon-dynamics/server/files/company.txt
@@ -0,0 +1 @@
+[Company Name][Cinnamon Dynamics]![Annual Revenue][$45,000,000]![Number of Employees][10]![Company Type][Private]
diff --git a/cinnamon-dynamics/server/files/employees.txt b/cinnamon-dynamics/server/files/employees.txt
@@ -0,0 +1,10 @@
+Logan Thompson;62,500
+Daniel Miller;85,200
+Jacob Rodriguez;48,700
+Ryan Foster;72,900
+Ethan Simmons;56,300
+Benjamin Hayes;93,400
+Noah Mitchell;40,800
+Christopher Harper;68,100
+Mason Turner;77,600
+Tyler Reynolds;54,200
diff --git a/cinnamon-dynamics/server/files/flag.txt b/cinnamon-dynamics/server/files/flag.txt
@@ -0,0 +1 @@
+bcactf{Th1S_I5_JuST_4_l1TtLe_t0o_1N5ECur3_95af828f32}
diff --git a/cinnamon-dynamics/server/files/invoice.txt b/cinnamon-dynamics/server/files/invoice.txt
@@ -0,0 +1,25 @@
+.invoiceNumber="DI123456789"
+
+.products=[]
+
+.products.0={}
+.products.0.productId="DI843"
+.products.0.quantity=5
+.products.0.unitPrice=19.99
+.products.0.totalPrice=99.95
+
+.products.1={}
+.products.1.productId="DI192"
+.products.1.quantity=3
+.products.1.unitPrice=29.99
+.products.1.totalPrice=89.97
+
+.products.2={}
+.products.2.productId="DI581"
+.products.2.quantity=2
+.products.2.unitPrice=39.99
+.products.2.totalPrice=79.98
+
+.subtotal=269.9
+.taxAmount=21.6
+.total=291.5
diff --git a/cinnamon-dynamics/server/files/sales.txt b/cinnamon-dynamics/server/files/sales.txt
@@ -0,0 +1,5 @@
+2023-05-17:53A207:$567.89
+2020-08-22:BE9045:$1234.56
+2021-04-10:A4EBD3:$987.65
+2019-11-05:96DAE5:$345.67
+2022-02-15:D89702:$210.98