diff options
Diffstat (limited to 'checker/src')
| -rw-r--r-- | checker/src/checker.py | 50 | ||||
| -rw-r--r-- | checker/src/gunicorn.conf.py | 4 | ||||
| -rw-r--r-- | checker/src/requirements.txt | 6 |
3 files changed, 38 insertions, 22 deletions
diff --git a/checker/src/checker.py b/checker/src/checker.py index 8be5213..8f9334d 100644 --- a/checker/src/checker.py +++ b/checker/src/checker.py @@ -8,6 +8,8 @@ logging.getLogger("faker").setLevel(logging.WARNING) logging.getLogger("pwnlib").setLevel(logging.WARNING) logging.getLogger("_curses").setLevel(logging.CRITICAL) +rand = random.SystemRandom() + from faker import Faker # DEBUGING MEMORY ISSUES# @@ -63,18 +65,20 @@ class STLDoctorChecker(BaseChecker): def closeconn(self, conn): self.debug("Sending exit command") conn.write("exit\n") + # ensure it is a clean exit + conn.recvuntil("bye!") conn.close() def fakeid(self): fake = Faker(["en_US"]) allowed = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmopqrstuvwxyz0123456789-+.!" - idstr = "".join([c for c in fake.name().replace(' ','') if c in allowed][:60]).ljust(10, '.') - idstr += "".join([random.choice(allowed) for i in range(5)]) + idstr = "".join([c for c in fake.name().replace(' ','') if c in allowed][:12]).ljust(10, '.') + idstr += "".join([rand.choice(allowed) for i in range(8)]) return idstr def havocid(self): - idlen = random.randint(10, 60) - return "".join([chr(random.randint(32, 127)) for i in range(idlen)]) + idlen = rand.randint(10, 40) + return "".join([chr(rand.randint(32, 127)) for i in range(idlen)]) def do_auth(self, conn, authstr): authstr = ensure_bytes(authstr) @@ -113,10 +117,10 @@ class STLDoctorChecker(BaseChecker): content = b"solid " + solidname + b"\n" else: content = b"solid\n" - facet_count = random.randint(4, 30) + facet_count = rand.randint(4, 30) for fi in range(facet_count): content += b"facet normal " - vs = [[random.random() for i in range(3)] for k in range(3)] + vs = [[rand.random() for i in range(3)] for k in range(3)] norm = np.cross(np.subtract(vs[1], vs[0]), np.subtract(vs[2],vs[0])) norm = norm / np.linalg.norm(norm) content += " ".join([f"{v:.2f}" for v in norm]).encode() + b"\n" @@ -141,10 +145,10 @@ class STLDoctorChecker(BaseChecker): content = b"#" + solidname.ljust(78, b"\x00") + b"\x00" else: content = b"#" + b"\x00" * 79 - facet_count = random.randint(4, 30) + facet_count = rand.randint(4, 30) content += struct.pack("<I", facet_count) for fi in range(facet_count): - vs = [[random.random() for i in range(3)] for k in range(3)] + vs = [[rand.random() for i in range(3)] for k in range(3)] norm = np.cross(np.subtract(vs[1], vs[0]), np.subtract(vs[2],vs[0])) for i in range(3): content += struct.pack("<f", norm[i]) @@ -184,7 +188,7 @@ class STLDoctorChecker(BaseChecker): modelid = line.rsplit(b"!", 1)[0].split(b"with ID ", 1)[1] if modelid == b"": raise Exception except: - raise BrokenServiceException(f"Invalid response during upload of {modelname}") + raise BrokenServiceException(f"Invalid response during upload of {modelname}:\n{line}") # Consume rest of data in this call conn.recvuntil(self.prompt) @@ -202,7 +206,7 @@ class STLDoctorChecker(BaseChecker): conn.write("y\n" if download else "\n") # Wait for end of info box - resp = conn.recvuntil("==================") + resp = conn.recvuntil("================== \n") # Ask for download if desired if download: @@ -352,22 +356,36 @@ class STLDoctorChecker(BaseChecker): filelist = [l.strip().split(b" : ") for l in conn.recvuntil("?").split(b"\n") if b" : " in l] if len(filelist) == 0: raise BrokenServiceException("Failed to list files through search") + index_dict = {fl[1]: fl[0] for fl in filelist} + targets = [fl[1] for fl in filelist] # Use it to enumerate other files and grab contents found = None - for i in range(len(filelist)): - self.debug(b"Retrieving file " + filelist[i][0] + b": " + filelist[i][1]) - conn.write(filelist[i][0] + b"\ny\n") + self.debug("Targets:\n" + "\n".join([' - ' + l.decode('latin1') for l in targets])) + for i,fhash in enumerate(targets): + if index_dict[fhash] == None: + self.debug(b"Skipping now missing file " + fhash) + continue + + # Retrieve current file + self.debug(b"Retrieving file " + fhash + b" at index " + index_dict[fhash]) + conn.write(index_dict[fhash] + b"\ny\n") fileinfo = conn.recvuntil(self.prompt) - self.debug("File contents:\n" + fileinfo.decode("latin1")) + # self.debug("File contents:\n" + fileinfo.decode("latin1")) found = self.search_flag_bytes(fileinfo) - if found is not None or i == len(filelist) - 1: + if found is not None or i == len(targets) - 1: break # Parse evil file again for next iter self.getfile(conn, name, download=False) conn.write("search last\n") - conn.recvuntil("?") + + # Update indicies from new search + filelist = [l.strip().split(b" : ") for l in conn.recvuntil("?").split(b"\n") if b" : " in l] + index_dict = {name : None for name in targets} + for fl in filelist: + index_dict[fl[1]] = fl[0] + self.closeconn(conn) if found is None: diff --git a/checker/src/gunicorn.conf.py b/checker/src/gunicorn.conf.py index b049e48..095073e 100644 --- a/checker/src/gunicorn.conf.py +++ b/checker/src/gunicorn.conf.py @@ -1,10 +1,8 @@ import multiprocessing -worker_class = "gevent" +worker_class = "eventlet" workers = multiprocessing.cpu_count() * 2 + 1 bind = "0.0.0.0:3031" timeout = 90 keepalive = 3600 -max_requests = 100 preload_app = True -max_requests_jitter = 30 diff --git a/checker/src/requirements.txt b/checker/src/requirements.txt index e88eeb1..0668404 100644 --- a/checker/src/requirements.txt +++ b/checker/src/requirements.txt @@ -3,14 +3,14 @@ chardet==4.0.0 click==7.1.2 dnspython==1.16.0 # enochecker==0.4.2 -# git+https://github.com/enowars/enochecker@e1ce01b510b0d9e05d292a11a24c809bca1c181b -git+https://github.com/Sinitax/enochecker@7fbc1b9ad4eee85343dcdce7e575e95b8e3c481e +# git+https://github.com/enowars/enochecker@37981175f3125bd552c3c351494186fe9ce35e0b +git+https://github.com/Sinitax/enochecker@3bd2e698e9421f4a67e60a2377ac6f40e65b18a7 enochecker-cli==0.7.0 enochecker-core==0.10.0 eventlet==0.30.2 Flask==1.1.2 greenlet==1.0.0 -gunicorn[gevent] +gunicorn==20.1.0 idna==2.10 itsdangerous==1.1.0 Jinja2==2.11.3 |