From 1d32d7bebcceccf99f3379748b258675749d6400 Mon Sep 17 00:00:00 2001
From: "Z. Cliffe Schreuders" <code.cliffe@schreuders.org>
Date: Wed, 17 Feb 2021 12:24:43 +0000
Subject: [PATCH] randomise salt for metactf ase challenges

---
 .../src_sse/Ch1-2/Ch2_03_IntOverflow/build.zsh        |  2 +-
 .../Ch3-ExtraFormatStr/Ch3_Format0_Leak/build.zsh     |  2 +-
 .../Ch3_Format1_LeakDollar/build.zsh                  |  2 +-
 .../Ch3_Format2_nCorruptKey/build.zsh                 |  2 +-
 .../Ch3_Format3_nWriteKey/build.zsh                   |  2 +-
 .../Ch3_Format4_nWriteFnP/build.zsh                   |  2 +-
 .../Ch3_Format5_nTargetWrite/build.zsh                |  4 ++--
 .../Ch3_Format6_PLTHijack/build.zsh                   |  2 +-
 .../src_sse/Ch3.6-3.7/Ch3_07_ParamsRegs/build.zsh     |  2 +-
 .../src_sse/Ch3.6-3.7/Ch3_07_ParamsStack/build.zsh    |  2 +-
 .../src_sse/Ch3.6-3.7/Ch3_07_SegvBacktrace/build.zsh  |  2 +-
 .../src_sse/Ch3.7-3.9/Ch3_07_CanaryBypass/build.zsh   |  2 +-
 .../src_sse/Ch3.7-3.9/Ch3_07_HijackPLT/build.zsh      |  2 +-
 .../src_sse/Ch3.7-3.9/Ch3_07_ScanfOverflow/build.zsh  |  2 +-
 .../src_sse/Ch3.7-3.9/Ch3_07_StackSmash/build.zsh     |  2 +-
 .../src_sse/SSE/Ch_BashInjection_1/build.zsh          |  2 +-
 .../src_sse/SSE/Ch_BashInjection_1/program.c.template | 11 ++---------
 17 files changed, 19 insertions(+), 26 deletions(-)

diff --git a/modules/utilities/unix/ctf/metactf/files/repository/src_sse/Ch1-2/Ch2_03_IntOverflow/build.zsh b/modules/utilities/unix/ctf/metactf/files/repository/src_sse/Ch1-2/Ch2_03_IntOverflow/build.zsh
index 2e840374b..091083385 100755
--- a/modules/utilities/unix/ctf/metactf/files/repository/src_sse/Ch1-2/Ch2_03_IntOverflow/build.zsh
+++ b/modules/utilities/unix/ctf/metactf/files/repository/src_sse/Ch1-2/Ch2_03_IntOverflow/build.zsh
@@ -1,5 +1,5 @@
 #!/bin/zsh
-SALT=`date +%g`
+SALT=`date +%N`
 if [[ ARGC -gt 0 ]] then
   BINNAME=`basename $PWD`
   foreach USER ($@)
diff --git a/modules/utilities/unix/ctf/metactf/files/repository/src_sse/Ch3-ExtraFormatStr/Ch3_Format0_Leak/build.zsh b/modules/utilities/unix/ctf/metactf/files/repository/src_sse/Ch3-ExtraFormatStr/Ch3_Format0_Leak/build.zsh
index 9c5187a1a..6e27786f5 100755
--- a/modules/utilities/unix/ctf/metactf/files/repository/src_sse/Ch3-ExtraFormatStr/Ch3_Format0_Leak/build.zsh
+++ b/modules/utilities/unix/ctf/metactf/files/repository/src_sse/Ch3-ExtraFormatStr/Ch3_Format0_Leak/build.zsh
@@ -1,6 +1,6 @@
 #!/bin/zsh
 
-SALT=`date +%g`
+SALT=`date +%N`
 if [[ ARGC -gt 0 ]] then
 	BINNAME=`basename $PWD`
 	foreach USER ($@)
diff --git a/modules/utilities/unix/ctf/metactf/files/repository/src_sse/Ch3-ExtraFormatStr/Ch3_Format1_LeakDollar/build.zsh b/modules/utilities/unix/ctf/metactf/files/repository/src_sse/Ch3-ExtraFormatStr/Ch3_Format1_LeakDollar/build.zsh
index 9c5187a1a..6e27786f5 100755
--- a/modules/utilities/unix/ctf/metactf/files/repository/src_sse/Ch3-ExtraFormatStr/Ch3_Format1_LeakDollar/build.zsh
+++ b/modules/utilities/unix/ctf/metactf/files/repository/src_sse/Ch3-ExtraFormatStr/Ch3_Format1_LeakDollar/build.zsh
@@ -1,6 +1,6 @@
 #!/bin/zsh
 
-SALT=`date +%g`
+SALT=`date +%N`
 if [[ ARGC -gt 0 ]] then
 	BINNAME=`basename $PWD`
 	foreach USER ($@)
diff --git a/modules/utilities/unix/ctf/metactf/files/repository/src_sse/Ch3-ExtraFormatStr/Ch3_Format2_nCorruptKey/build.zsh b/modules/utilities/unix/ctf/metactf/files/repository/src_sse/Ch3-ExtraFormatStr/Ch3_Format2_nCorruptKey/build.zsh
index ec3a91c0e..77e6fdc03 100755
--- a/modules/utilities/unix/ctf/metactf/files/repository/src_sse/Ch3-ExtraFormatStr/Ch3_Format2_nCorruptKey/build.zsh
+++ b/modules/utilities/unix/ctf/metactf/files/repository/src_sse/Ch3-ExtraFormatStr/Ch3_Format2_nCorruptKey/build.zsh
@@ -1,6 +1,6 @@
 #!/bin/zsh
 
-SALT=`date +%g`
+SALT=`date +%N`
 if [[ ARGC -gt 0 ]] then
 	BINNAME=`basename $PWD`
 	foreach USER ($@)
diff --git a/modules/utilities/unix/ctf/metactf/files/repository/src_sse/Ch3-ExtraFormatStr/Ch3_Format3_nWriteKey/build.zsh b/modules/utilities/unix/ctf/metactf/files/repository/src_sse/Ch3-ExtraFormatStr/Ch3_Format3_nWriteKey/build.zsh
index ec3a91c0e..77e6fdc03 100755
--- a/modules/utilities/unix/ctf/metactf/files/repository/src_sse/Ch3-ExtraFormatStr/Ch3_Format3_nWriteKey/build.zsh
+++ b/modules/utilities/unix/ctf/metactf/files/repository/src_sse/Ch3-ExtraFormatStr/Ch3_Format3_nWriteKey/build.zsh
@@ -1,6 +1,6 @@
 #!/bin/zsh
 
-SALT=`date +%g`
+SALT=`date +%N`
 if [[ ARGC -gt 0 ]] then
 	BINNAME=`basename $PWD`
 	foreach USER ($@)
diff --git a/modules/utilities/unix/ctf/metactf/files/repository/src_sse/Ch3-ExtraFormatStr/Ch3_Format4_nWriteFnP/build.zsh b/modules/utilities/unix/ctf/metactf/files/repository/src_sse/Ch3-ExtraFormatStr/Ch3_Format4_nWriteFnP/build.zsh
index d9cc01d11..0864b6674 100755
--- a/modules/utilities/unix/ctf/metactf/files/repository/src_sse/Ch3-ExtraFormatStr/Ch3_Format4_nWriteFnP/build.zsh
+++ b/modules/utilities/unix/ctf/metactf/files/repository/src_sse/Ch3-ExtraFormatStr/Ch3_Format4_nWriteFnP/build.zsh
@@ -1,6 +1,6 @@
 #!/bin/zsh
 
-SALT=`date +%g`
+SALT=`date +%N`
 if [[ ARGC -gt 0 ]] then
 	BINNAME=`basename $PWD`
 	foreach USER ($@)
diff --git a/modules/utilities/unix/ctf/metactf/files/repository/src_sse/Ch3-ExtraFormatStr/Ch3_Format5_nTargetWrite/build.zsh b/modules/utilities/unix/ctf/metactf/files/repository/src_sse/Ch3-ExtraFormatStr/Ch3_Format5_nTargetWrite/build.zsh
index 19aee1cb7..30ca085fa 100755
--- a/modules/utilities/unix/ctf/metactf/files/repository/src_sse/Ch3-ExtraFormatStr/Ch3_Format5_nTargetWrite/build.zsh
+++ b/modules/utilities/unix/ctf/metactf/files/repository/src_sse/Ch3-ExtraFormatStr/Ch3_Format5_nTargetWrite/build.zsh
@@ -1,13 +1,13 @@
 #!/bin/zsh
 
-SALT=`date +%g`
+SALT=`date +%N`
 if [[ ARGC -gt 0 ]] then
 	BINNAME=`basename $PWD`
 	foreach USER ($@)
 		mkdir -p obj/$USER
 		HASH=`echo $USER $SALT $BINNAME | sha256sum | awk '{print $1}' | cut -c 1-2 | tr \[a-f\] \[A-F\]`
 		AA=`echo "ibase=16;$HASH+20" | bc`
-		BB=`echo $USER $SALT $BINNAME | openssl dgst -sha512 -binary | base64 | head -1 | tr -d /=+ | cut -c 1-3 | xxd -p | sed s/0a$/5a/`		
+		BB=`echo $USER $SALT $BINNAME | openssl dgst -sha512 -binary | base64 | head -1 | tr -d /=+ | cut -c 1-3 | xxd -p | sed s/0a$/5a/`
 		cat program.c.template | sed s/AAAAAA/$AA/ >! program.c
 		gcc -m32 -Wformat=0 -Wl,--section-start=.bss=0x$BB -o obj/$USER/$BINNAME program.c
 	end
diff --git a/modules/utilities/unix/ctf/metactf/files/repository/src_sse/Ch3-ExtraFormatStr/Ch3_Format6_PLTHijack/build.zsh b/modules/utilities/unix/ctf/metactf/files/repository/src_sse/Ch3-ExtraFormatStr/Ch3_Format6_PLTHijack/build.zsh
index f9e5518c8..88cb75ef9 100755
--- a/modules/utilities/unix/ctf/metactf/files/repository/src_sse/Ch3-ExtraFormatStr/Ch3_Format6_PLTHijack/build.zsh
+++ b/modules/utilities/unix/ctf/metactf/files/repository/src_sse/Ch3-ExtraFormatStr/Ch3_Format6_PLTHijack/build.zsh
@@ -1,6 +1,6 @@
 #!/bin/zsh
 
-SALT=`date +%g`
+SALT=`date +%N`
 if [[ ARGC -gt 0 ]] then
 	BINNAME=`basename $PWD`
 	foreach USER ($@)
diff --git a/modules/utilities/unix/ctf/metactf/files/repository/src_sse/Ch3.6-3.7/Ch3_07_ParamsRegs/build.zsh b/modules/utilities/unix/ctf/metactf/files/repository/src_sse/Ch3.6-3.7/Ch3_07_ParamsRegs/build.zsh
index a51cbbb04..6478d27ab 100755
--- a/modules/utilities/unix/ctf/metactf/files/repository/src_sse/Ch3.6-3.7/Ch3_07_ParamsRegs/build.zsh
+++ b/modules/utilities/unix/ctf/metactf/files/repository/src_sse/Ch3.6-3.7/Ch3_07_ParamsRegs/build.zsh
@@ -1,5 +1,5 @@
 #!/bin/zsh
-SALT=`date +%g`
+SALT=`date +%N`
 if [[ ARGC -gt 0 ]] then
   BINNAME=`basename $PWD`
   foreach USER ($@)
diff --git a/modules/utilities/unix/ctf/metactf/files/repository/src_sse/Ch3.6-3.7/Ch3_07_ParamsStack/build.zsh b/modules/utilities/unix/ctf/metactf/files/repository/src_sse/Ch3.6-3.7/Ch3_07_ParamsStack/build.zsh
index a51cbbb04..6478d27ab 100755
--- a/modules/utilities/unix/ctf/metactf/files/repository/src_sse/Ch3.6-3.7/Ch3_07_ParamsStack/build.zsh
+++ b/modules/utilities/unix/ctf/metactf/files/repository/src_sse/Ch3.6-3.7/Ch3_07_ParamsStack/build.zsh
@@ -1,5 +1,5 @@
 #!/bin/zsh
-SALT=`date +%g`
+SALT=`date +%N`
 if [[ ARGC -gt 0 ]] then
   BINNAME=`basename $PWD`
   foreach USER ($@)
diff --git a/modules/utilities/unix/ctf/metactf/files/repository/src_sse/Ch3.6-3.7/Ch3_07_SegvBacktrace/build.zsh b/modules/utilities/unix/ctf/metactf/files/repository/src_sse/Ch3.6-3.7/Ch3_07_SegvBacktrace/build.zsh
index a51cbbb04..6478d27ab 100755
--- a/modules/utilities/unix/ctf/metactf/files/repository/src_sse/Ch3.6-3.7/Ch3_07_SegvBacktrace/build.zsh
+++ b/modules/utilities/unix/ctf/metactf/files/repository/src_sse/Ch3.6-3.7/Ch3_07_SegvBacktrace/build.zsh
@@ -1,5 +1,5 @@
 #!/bin/zsh
-SALT=`date +%g`
+SALT=`date +%N`
 if [[ ARGC -gt 0 ]] then
   BINNAME=`basename $PWD`
   foreach USER ($@)
diff --git a/modules/utilities/unix/ctf/metactf/files/repository/src_sse/Ch3.7-3.9/Ch3_07_CanaryBypass/build.zsh b/modules/utilities/unix/ctf/metactf/files/repository/src_sse/Ch3.7-3.9/Ch3_07_CanaryBypass/build.zsh
index 87fdc7d6c..469ff624d 100755
--- a/modules/utilities/unix/ctf/metactf/files/repository/src_sse/Ch3.7-3.9/Ch3_07_CanaryBypass/build.zsh
+++ b/modules/utilities/unix/ctf/metactf/files/repository/src_sse/Ch3.7-3.9/Ch3_07_CanaryBypass/build.zsh
@@ -1,5 +1,5 @@
 #!/bin/zsh
-SALT=`date +%g`
+SALT=`date +%N`
 if [[ ARGC -gt 0 ]] then
   BINNAME=`basename $PWD`
   foreach USER ($@)
diff --git a/modules/utilities/unix/ctf/metactf/files/repository/src_sse/Ch3.7-3.9/Ch3_07_HijackPLT/build.zsh b/modules/utilities/unix/ctf/metactf/files/repository/src_sse/Ch3.7-3.9/Ch3_07_HijackPLT/build.zsh
index b4996b8ce..e3672ced5 100755
--- a/modules/utilities/unix/ctf/metactf/files/repository/src_sse/Ch3.7-3.9/Ch3_07_HijackPLT/build.zsh
+++ b/modules/utilities/unix/ctf/metactf/files/repository/src_sse/Ch3.7-3.9/Ch3_07_HijackPLT/build.zsh
@@ -1,5 +1,5 @@
 #!/bin/zsh
-SALT=`date +%g`
+SALT=`date +%N`
 if [[ ARGC -gt 0 ]] then
   BINNAME=`basename $PWD`
   foreach USER ($@)
diff --git a/modules/utilities/unix/ctf/metactf/files/repository/src_sse/Ch3.7-3.9/Ch3_07_ScanfOverflow/build.zsh b/modules/utilities/unix/ctf/metactf/files/repository/src_sse/Ch3.7-3.9/Ch3_07_ScanfOverflow/build.zsh
index 7abc0995c..7c49b787d 100755
--- a/modules/utilities/unix/ctf/metactf/files/repository/src_sse/Ch3.7-3.9/Ch3_07_ScanfOverflow/build.zsh
+++ b/modules/utilities/unix/ctf/metactf/files/repository/src_sse/Ch3.7-3.9/Ch3_07_ScanfOverflow/build.zsh
@@ -1,5 +1,5 @@
 #!/bin/zsh
-SALT=`date +%g`
+SALT=`date +%N`
 if [[ ARGC -gt 0 ]] then
   BINNAME=`basename $PWD`
   foreach USER ($@)
diff --git a/modules/utilities/unix/ctf/metactf/files/repository/src_sse/Ch3.7-3.9/Ch3_07_StackSmash/build.zsh b/modules/utilities/unix/ctf/metactf/files/repository/src_sse/Ch3.7-3.9/Ch3_07_StackSmash/build.zsh
index 8548186ba..d8b2fe504 100755
--- a/modules/utilities/unix/ctf/metactf/files/repository/src_sse/Ch3.7-3.9/Ch3_07_StackSmash/build.zsh
+++ b/modules/utilities/unix/ctf/metactf/files/repository/src_sse/Ch3.7-3.9/Ch3_07_StackSmash/build.zsh
@@ -1,5 +1,5 @@
 #!/bin/zsh
-SALT=`date +%g`
+SALT=`date +%N`
 if [[ ARGC -gt 0 ]] then
   BINNAME=`basename $PWD`
   foreach USER ($@)
diff --git a/modules/utilities/unix/ctf/metactf/files/repository/src_sse/SSE/Ch_BashInjection_1/build.zsh b/modules/utilities/unix/ctf/metactf/files/repository/src_sse/SSE/Ch_BashInjection_1/build.zsh
index 3426d9716..e2cdc5c3d 100755
--- a/modules/utilities/unix/ctf/metactf/files/repository/src_sse/SSE/Ch_BashInjection_1/build.zsh
+++ b/modules/utilities/unix/ctf/metactf/files/repository/src_sse/SSE/Ch_BashInjection_1/build.zsh
@@ -1,5 +1,5 @@
 #!/bin/zsh
-SALT=`date +%g`
+SALT=`date +%N`
 if [[ ARGC -gt 0 ]] then
   BINNAME=`basename $PWD`
   foreach USER ($@)
diff --git a/modules/utilities/unix/ctf/metactf/files/repository/src_sse/SSE/Ch_BashInjection_1/program.c.template b/modules/utilities/unix/ctf/metactf/files/repository/src_sse/SSE/Ch_BashInjection_1/program.c.template
index b8f199d23..dfa9faed7 100644
--- a/modules/utilities/unix/ctf/metactf/files/repository/src_sse/SSE/Ch_BashInjection_1/program.c.template
+++ b/modules/utilities/unix/ctf/metactf/files/repository/src_sse/SSE/Ch_BashInjection_1/program.c.template
@@ -1,19 +1,12 @@
 #include <stdio.h>
-#include <sys/types.h>
-#include <unistd.h>
-
 int main() {
         char name [20];
         char command [100];
         printf("This challenge has no password -- you need to exploit a weakness to access the flag\n");
-        printf("A program is vulnerable to command injection if you can change "
-        "the behaviour of software by inserting commands into input that get "
-        "interpreted as commands for the program to execute.\n"
-        "Hint: the input string is surrounded by quotes.\n\n");
+        printf("A program is vulnerable to command injection if you can change the behaviour of software by inserting commands into input that get interpreted as commands for the program to execute.\n\n");
         printf("What is your name?\n");
         scanf("%19[^\n]s", &name);
-        sprintf(command, "echo Hello '%s'; echo The time is "
+        sprintf(command, "echo Hello %s; echo The time is "
         "currently:; date", name);
-        setregid(getegid(),getegid());
         system(command);
 }