Skip to content

posgnu/pajero

Repository files navigation

pajero

pajero is a packets analyzer for attack & defense CTF which can help you to systematically investigate packets your server received. There is no meaning in pajero. It was just generated by a random project name generator.

pajero is designed to analyze packet dumps that are usually provided from DEFCON organization during the CTF. Especially in DEFCON26, they provided packet dumps for each service we were running intermittently. These include communication between our services and other teams, abnormal usage of services which means attack payload from others, and also the flag of our team that was stolen. By classifying a bunch of packets into team by team and service by service we can easily grasp the overall situation of our services. Also by detecting our flag in the packet we can spot the attack payload which works on our services that also can be used to the same services on other teams' servers. We expect that by replaying this payload we can make somehow valid attacks on other servers.

How to use

You can find the most recent release of Mach-O 64-bit executable arm64 binary for the project here. If you are using other types of OS then you need to clone the source code and need to compile it. For building a binary by yourself, check the Building section.

Set up

Before all, generate./static/conf.json. It should be filled with team information and service configurations following the template below.

"team" : [
  { "name" : "PLUS", "ip" : "0.0.0.0" } , 
],
"service" : [
  {"name" : "bof", "flag" : "DEFCON{", "port": 8888 }, 
]

After populating the team list with other competitors' information, list the services your team is running. The flag is an argument for finding an attack payload that leaks our flag so it does not have to be a completed sentence of the flag. Only keywords will be fine. port needs, though, some cautions since pajero differentiate packets by port.

Run

$./pajero run analyze [packet path] [round]

Analyze packet with pre-defined filter (conf.json) and then we can see the results in the./static/packets/ directory. Attack payload will be collected in ./static/packets/flag/.

Design

model

Target network

network

Contribution

If you want to make some contributions to this project, here some basic instructions for you.

Building

Install rust via rustup and clone the repository.

$ git clone git@github.com:GNUp/pajero.git
$ cd pajero

Install libpcap

$ sudo apt-get install libpcap-dev

Build in release mode

$ cargo build --release

This will produce an executable in the ./target/release directory.

Testing

cargo test -- --test-threads=1

Basically, we need to run all the tests synchronously before resolving #16

Formatting

Run rustfmt before the pushing.

$ cargo fmt

License

This project is licensed under GNU GPLv3 - see the LICENSE.txt for details