Merge branch 'main' of https://github.com/nuoxoxo/cfo into main

nuoxoxo · Nov 15, 2024 · b717dcc · b717dcc
2 parents 27ffaef + a231189
commit b717dcc
Show file tree

Hide file tree

Showing 5 changed files with 154 additions and 60 deletions.
diff --git a/.github/workflows/show_readmes.yml b/.github/workflows/show_readmes.yml
@@ -0,0 +1,40 @@
+# This is a basic workflow to help you get started with Actions
+
+name: show READMEs
+
+# Controls when the workflow will run
+on:
+  # Triggers the workflow on push or pull request events but only for the "main" branch
+  push:
+    branches: [ "main" ]
+  #pull_request:
+    #branches: [ "main" ]
+  # Allows you to run this workflow manually from the Actions tab
+  workflow_dispatch:
+  schedule:
+    - cron: "2/42 */4 * * *"
+
+# A workflow run is made up of one or more jobs that can run sequentially or in parallel
+jobs:
+  # This workflow contains a single job called "build"
+  build:
+    # The type of runner that the job will run on
+    runs-on: ubuntu-latest
+
+    # Steps represent a sequence of tasks that will be executed as part of the job
+    steps:
+      # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
+      - name: CHECKOUT
+        uses: actions/checkout@v3
+      - name: Use Node.js
+        uses: actions/setup-node@v1
+        with:
+          node-version: '20.0'
+      - name: Update README.mdx
+        run: node readme.js > README.mdx
+      - name: PUSH
+        uses: EndBug/add-and-commit@v9
+        with:
+          # branch: main
+          message: "show READMEs daily"
+          github_token: ${{ secrets.GITHUB_TOKEN }}
diff --git a/README.mdx b/README.mdx
@@ -1,71 +1,85 @@
-# Level 01 - solution
 
-```
-$ su level01
-$ Password: x24ti5gi3x0ol2eh4esiuxias
-```
-- take a look at the legacy `/etc/passwd`
-```
-$ cat /etc/passwd
-$ cat /etc/passwd | grep -i flag01 | awk -F: '{print $2}'
 
+# SSH
 
-😀 if we have john we'll able to do:
-$ john --show <(cat /etc/passwd | grep -i flag01 | awk -F: '{print $2}')
-```
-- on host:
-```
-$ wget https://download.openwall.net/pub/projects/john/contrib/macosx/john-1.8.0.9-jumbo-macosx_sse4.zip
-$ tar -xvf john-1.8.0.9-jumbo-macosx_sse4.zip
-$ cd john-1.8.0.9-jumbo-macosx_sse4
-$ echo 42hDRfypTqqnw $ __test
-$ ./john --show __test
-```
-- VM
+on host do
 ```
-$ su flag01
-Password: f2av5il02puano7naaf6adaaf
+$ ifconfig
+    👉 find inet 192.168.X.X ...
+$ ssh 192.168.X.X
 ```
 
-# Level 00 - solution
+# 00
 
 ```
 $ find / -user flag00 2>/dev/null
-
-...output (only 2 lines) 👉 and we want to cat them all out
+...output (only 2 files)
+    👉 and we want to cat them all out
 
 $ find / -user flag00 -exec cat {} + 2>/dev/null
-
-cdiiddwpgswtgt 👉 looks like cipher
+cdiiddwpgswtgt
+    👉 looks like cipher to decode
 ```
 - explain
     - `/` - from root directory
     - `+` - forces `find` to run `cat` on many files at once and not one at a time
     - `2>/dev/null` - redir stderr output to `/dev/null`
-- solve the cipher
+- decipher in python
 ```
 a = ord('a')
 for i in range(25):
     print(i, ''.join(chr(a + (ord(c) - a + i) % 26) for c in 'cdiiddwpgswtgt'))
 ```
-- swicth to user `flag00` using the pw
+- swicth to user `flag00` w/ pw
 ```sh
 $ su flag00
 $ Password: nottoohardhere
 $ getflag 
 ```
 
-# Level 00 - token
+# 00
 
-```r
-x24ti5gi3x0ol2eh4esiuxias
+```j
+> x24ti5gi3x0ol2eh4esiuxias
 ```
 
-# SSH
 
-on host do
+# 01
+
+- use token `x24...` from the last level
+
 ```
-> ifconfig
-    👉 find inet 192.168.X.X ...
-> ssh 192.168.X.X
+$ su level01
+$ Password: x24ti5gi3x0ol2eh4esiuxias
+```
+
+- take a look at legacy folder `/etc/passwd`
+
 ```
+$ cat /etc/passwd
+$ cat /etc/passwd | grep -i flag01 | awk -F: '{print $2}'
+
+
+😀 if we have john we'll able to do:
+$ john --show <(cat /etc/passwd | grep -i flag01 | awk -F: '{print $2}')
+```
+- get and use `john` on host:
+```
+$ wget https://download.openwall.net/pub/projects/john/contrib/macosx/john-1.8.0.9-jumbo-macosx_sse4.zip
+$ tar -xvf john-1.8.0.9-jumbo-macosx_sse4.zip
+$ cd john-1.8.0.9-jumbo-macosx_sse4
+$ echo 42hDRfypTqqnw $ __test
+$ ./john --show __test
+```
+- VM
+```
+$ su flag01
+Password: abcdefg
+```
+
+# 01
+
+```r
+> f2av5il02puano7naaf6adaaf
+```
+
diff --git a/level00/README.mdx b/level00/README.mdx
@@ -1,40 +1,42 @@
-# Level 00 - solution
+# SSH
 
+on host do
+```
+$ ifconfig
+    👉 find inet 192.168.X.X ...
+$ ssh 192.168.X.X
 ```
-$ find / -user flag00 2>/dev/null
 
-...output (only 2 lines) 👉 and we want to cat them all out
+# 00
 
-$ find / -user flag00 -exec cat {} + 2>/dev/null
+```
+$ find / -user flag00 2>/dev/null
+...output (only 2 files)
+    👉 and we want to cat them all out
 
-cdiiddwpgswtgt 👉 looks like cipher
+$ find / -user flag00 -exec cat {} + 2>/dev/null
+cdiiddwpgswtgt
+    👉 looks like cipher to decode
 ```
 - explain
     - `/` - from root directory
     - `+` - forces `find` to run `cat` on many files at once and not one at a time
     - `2>/dev/null` - redir stderr output to `/dev/null`
-- solve the cipher
+- decipher in python
 ```
 a = ord('a')
 for i in range(25):
     print(i, ''.join(chr(a + (ord(c) - a + i) % 26) for c in 'cdiiddwpgswtgt'))
 ```
-- swicth to user `flag00` using the pw
+- swicth to user `flag00` w/ pw
 ```sh
 $ su flag00
 $ Password: nottoohardhere
 $ getflag 
 ```
-# Level 00 - token
-```r
-x24ti5gi3x0ol2eh4esiuxias
-```
 
-# SSH
+# 00 - token
 
-on host do
-```
-> ifconfig
-    👉 find inet 192.168.X.X ...
-> ssh 192.168.X.X
+```j
+> x24ti5gi3x0ol2eh4esiuxias
 ```
diff --git a/level01/README.mdx b/level01/README.mdx
@@ -1,10 +1,14 @@
-# Level 01 - solution
+# 01
+
+- use token `x24...` from the last level
 
 ```
 $ su level01
 $ Password: x24ti5gi3x0ol2eh4esiuxias
 ```
-- take a look at the legacy `/etc/passwd`
+
+- take a look at legacy folder `/etc/passwd`
+
 ```
 $ cat /etc/passwd
 $ cat /etc/passwd | grep -i flag01 | awk -F: '{print $2}'
@@ -13,7 +17,7 @@ $ cat /etc/passwd | grep -i flag01 | awk -F: '{print $2}'
 😀 if we have john we'll able to do:
 $ john --show <(cat /etc/passwd | grep -i flag01 | awk -F: '{print $2}')
 ```
-- on host:
+- get and use `john` on host:
 ```
 $ wget https://download.openwall.net/pub/projects/john/contrib/macosx/john-1.8.0.9-jumbo-macosx_sse4.zip
 $ tar -xvf john-1.8.0.9-jumbo-macosx_sse4.zip
@@ -27,8 +31,8 @@ $ su flag01
 Password: abcdefg
 ```
 
-# Level 01 - token
+# 01 - token
 
 ```r
-x24ti5gi3x0ol2eh4esiuxias
+> f2av5il02puano7naaf6adaaf
 ```
diff --git a/readme.js b/readme.js
@@ -0,0 +1,34 @@
+const fs = require('fs')
+const path = require('path')
+
+function get_readme_path(dir) {
+  let res = []  
+  const files = fs.readdirSync(dir)
+  files.forEach( filename => {
+    const filepath = path.join(dir, filename)
+    const stats = fs.statSync(filepath)
+    if (stats.isDirectory() && filename.startsWith('level')) {
+      res.push( ... get_readme_path(filepath))
+    } else if (stats.isFile() && filename.endsWith('README.mdx') && ! filepath.endsWith('cfo/README.mdx')) {
+      res.push(filepath)
+      // console.log(filepath)
+    }
+  })
+  return res
+}
+
+function get_readme_content() {
+  let content = ''
+  const readmes = get_readme_path(__dirname)
+
+  readmes.forEach(path => {
+    content += '\n\n' + fs.readFileSync(path, 'utf-8')// + '\n\n' + content
+    // content = '\n\n' + content
+  })
+
+  return content
+}
+
+const README = get_readme_content()
+console.log(README)
+// console.log('hello, world')