Skip to content
/ AWD-Frame-ByGr1m Public

AWD 为线下赛事和Bugku的AWD所设计的比赛脚本框架,支持payloads自定义,一键获取flag,API自动提交 #攻防比赛 #AWD #脚本框架

License

GPL-3.0 license
6 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Gr-1m/AWD-Frame-ByGr1m

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13 Commits
Configs
Configs
 
 
data
data
 
 
func
func
 
 
modules
modules
 
 
.gitignore
.gitignore
 
 
AwdConsole.py
AwdConsole.py
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
StartMain.py
StartMain.py
 
 
__init__.py
__init__.py
 
 
requirment.txt
requirment.txt
 
 

Repository files navigation

框架安装

git clone https://github.com/Gr-1m/AWD-Frame-ByGr1m.git
cd AWD-Frame-ByGr1m

pip install -i https://pypi.tuna.tsinghua.edu.cn/simple -r requirment.txt
or
python3 -m pip install -i https://pypi.tuna.tsinghua.edu.cn/simple -r requirment.txt

python3 StartMain.py [Mode]

命令Tips

init:初始化(目前还待完善)

show: 展示全局变量,提供配置,也可以根据需求查看变量

set:设置全局变量,
unset:取消设置全局变量的值

ATTACK:
    getflag: 执行获取flag (dev: 反弹flag功能正测试阶段)
    submit:  提交flag 选项 auto自动提交,无选项则手动提交
    shellin: 目录感染不死马注入

DEFENSE:
    getbackup:  通过ssh连接打包网站源码
    checkme:    检查自己的host是否状态Alive

辅助模块:
    scan:       扫描主机存货情况
    timedown:   用于查看提示比赛进程时间
    clear:      请屏,与shell中功能相同

配置模块(Configs/edit_config.py)

# 凡是带有ReplaceStr字样的变量都是后续在函数中需要替换的字符串,(建议避开命名)
# 缩写:Ey -> Enemy
# AliveStr是探测自己是否存活的字符串,请手动添加到首页的文件中
# 例如php请添加 echo "<!--AliveStr-->";

# About Game Info
TeamReplaceStr = 'XXXTrs'
MyHost = "192.168.122.231"
EyHosts = f"192.168.122.{TeamReplaceStr}"
Token = "test_token1"

API_URL = 'http://kaming/awduse/submit.php'
API_token = 'token'
API_flag = 'flag'
API_method = 'GET'
# SubmitAPI = [URL, token的参数, flag的参数, method], GET: http://????.com/xxx/submit.php?token=111Token1111&flag=Cflag{xxx}
SubmitAPI = [API_URL, API_token, API_flag, API_method]

# About Game Time Info
GSTime = "2023-11-13 20:00:00"  # Game Start Time
RTime = 300  # Round Time
RCount = 20  # Round Count
DFTime = 1800  # Defensive time

# About MY Server Info
MyHostSSH = f'ssh://msfadmin:msfadmin@{MyHost}:222/xx'
MyHostSQL = f'mysql://cms:qwerty;@{MyHost}:3306/xx'

# MyHost.split(':')
# [0] protocol [1] //username [2]password@MyhostIP [3]port/xx

攻击模块(module/Attack.py)

# 全局变量:
# About Flag
Flags 									# 存放flag的变量,请勿修改
FlagLen = 41
FlagPath = '/flag'
FlagRegular = r'flag{\w{32}}'

# Payload INFO
RceRelpaceStr = 'XXXRCEstr'				# RCE 替换字符串,请避开命名
Payloads = [f'/g.php?s=system({RceRelpaceStr});',]	# set add添加Payloads

# Backdoor INFO
BDNameR = "HM_NAME_REPLACE"
BDDataR = "WAIT_FOR_REPLACE"
BDpass = 'x2aom1ng_20231114'

# Flag INFO

防御模块(module/Defense.py)

# About MyPage Alive Remind
AliveStr = 'flag{bbcce4088-e7525797-BY_Gr%1m-c716e82}'
AliveTime = 10

开发环境:

OS:Linux 6.5.0-kali3-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.5.6-1kali1 (2023-10-09) x86_64 GNU/Linux

Python 3.11

Pycharm2023.1.3

About

AWD 为线下赛事和Bugku的AWD所设计的比赛脚本框架,支持payloads自定义,一键获取flag,API自动提交 #攻防比赛 #AWD #脚本框架

Topics

awd-tools awd-platform awdintegrations

Resources

Readme

License

GPL-3.0 license
Activity

Stars

6 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages