The successor of DWAYNE-INATOR-5000.
- Download this repository (
git clone
). - Bring up the Postgres database (
docker-compose up --detach
)- You can also change the DB url string in your config to connect to another Postgres instance
- Compile the code (
cd QUOTIENT; go build
). - Save your configuration as
. - Run the engine (
). - Add teams through the admin UI.
- MAKE SURE YOU REBOOT THE ENGINE AFTER ADDING TEAMS!!!!!!!!!!! (this will be fixed later)
Cred lists need to be CSVs specified in the ./config
directory with a .credlist
extension. The name of the file will be used as the name of the credlist. When password change requests (PCRs) get processed, credlists will only be mutated by changing the password column of an existing user in the defined list. Below is an example. See the below configuration examples to specify credlists for checks.
Anything you leave blank will be default.
##### Required engine settings #####
event = "Awesome Comp" # Event title
eventtype = "rvb" # Scoring algorithm to use
# rvb: score each sevice for each team
# more options will be added later
dbconnecturl = "postgres://engineuser:password@localhost:5432/engine" # configure these in ./.env
bindaddress = "" # Primary IP to bind to
interface = "ens160" # Interface the primary IP is on
subnet = "" # Subnet of secondary IPs to rotate in
timezone = "America/Los_Angeles" # Timezone you want to use
jwtprivatekey = "config/privkey.pem" # Private key used for JWT
jwtpublickey = "config/pubkey.pem" # Public key used for JWT
##### Optional LDAP auth source #####
# ldapconnecturl = "ldaps://yourldapserver.netbios.tld:636"
# ldapbinddn = "cn=Some Service Account,ou=yourou,dc=netbios,dc=tld"
# ldapbindpassword = "yoursupersecretpassword"
# ldapbasedn = "dc=netbios,dc=tld" # Where all searches will begin
# ldapadmingroupdn = "cn=admins,ou=groups,dc=netbios,dc=tld" # Group all admins are memberOf
# ldapteamgroupdn = "cn=teams,ou=groups,dc=netbios,dc=tld" # Group all teams are memberOf
##### Optional engine settings #####
# verbose = true # Show score debug info to competitors
# easypcr = true # Allow teams to submit password changes
# https = true # Enable HTTPS
# port = 443 # Port to listen on
# cert = "config/cert.pem" # Path to cert file
# key = "config/key.pem" # Path to key file
# disableheadtohead = true # Hide head to head stats (other than current service status) between competitors
# startpaused = true # Start the competition paused
##### Round settings #####
# delay = 60 # delay (seconds) between checks (>0) (default 60)
# note: the "real" max delay will be delay+jitter
# jitter = 15 # jitter (seconds) between rounds (0<jitter<delay)
# timeout = 30 # check timeout (must be smaller than delay-jitter)
# servicepoints = 1 # default points each up check is worth
# slathreshold = 5 # default checks before incurring SLA violation
# slapoints = 5 # default points is an SLA penalty (default slathreshold * servicepoints)
##### Admins #####
# Admins have access to all records and information.
# You need at least one admin.
name = "admin"
pw = "admin"
##### Box configurations/Scoring checks #####
ip = "10.20._.1"
# If you want to keep something default, just don't specify it
# For this box, we're running a default SSH login check
# There are also some configurations you can use on all types of checks
stoptime = 2024-01-05T06:00:00-08:00
launchtime = 2024-01-05T06:00:00-08:00
points = 50
slathreshold = 2
slapenalty = 50
name = "village"
ip = "10.20._.2"
# A custom check that runs command (like shell or python scripts) with sh. Compares output against regex.
# Command must return exit code 0 to pass.
# BOXIP and USERNAME and PASSWORD are replaced with their values when run
command = "python3 ./ BOXIP USERNAME PASSWORD" # Keywords not required
regex = "success"
# If you omit a value, it is set to the default
# For example, if I removed the line port = 4000,
# the check port would be 53
port = 4000 # default 53
kind = "A" # DNS record type
domain = "townsquare.sherwood.lan" # Domain query
answer = ["",] # List of acceptable answers
kind = "MX"
domain = "sherwood.lan"
answer = ["", ""]
port = 55 # default 21
anonymous = true # default false
name = "memo.txt" # file to retrieve
hash = "9d8453505bdc6f269678e16b3e56c2a2948a41f2c792617cc9611ed363c95b63" # sha256 sum to compare to
# When multiple files are passed, one is randomly chosen
# This pattern persists for any multi-item check
name = "workfiles.txt" # file to retrieve
regex = "work.*work" # regex to test against file
port = 33 # default 143
encrypted = true # default false
port = 222 # default 636;
encrypted = true # default false
domain = "sherwood.lan"
count = 3 # default 1
allowpacketloss = true # default false
percent = 50 # max percent packet loss
# Note: RDP is nonfunctional until a good go RDP library is written, or I write one
port = 3389
credlists = ["admins.credlist",] # for any check using credentials, you can specify the list
port = 55 # default 21
anonymous = true # default false
name = "memo.txt"
hash = "9d8453505bdc6f269678e16b3e56c2a2948a41f2c792617cc9611ed363c95b63"
name = "workfiles.txt"
regex = "work.*work"
encrypted = false # default false
sender = "hello@scoring.engine"
receiver = "tuck@sherwood.lan"
body = "howdy, friar! he's about to have an outlaw for an inlaw!"
kind = "mysql" # default mysql
contains = true
database = "wordpress"
table = "users"
column = "username"
output = "Tuck"
database = "squirrelmail"
table = "senders"
column = "name"
output = "Toby Turtle" # Must match exactly
database = "wordpress"
databaseexists = true # simply checks if database exists with "show databases;"
display = "remote" # you can set the display name for any check
privkey = "village_sshkey" # name of private key in checkfiles/
badattempts = 2
port = 2222
command = "cat /etc/passwd"
contains = true
output = "robin:"
useregex = true
command = "getent `id`"
output = '\w.*:[1-9].*:.*'
[[box.tcp]] # the most simple check. check tcp connect
port = 4444
port = 5901
display = "ecom"
path = "/joomla"
regex = ".*easy to get started creating your website.*"
status = 302
port = 8006
scheme = "https"
# defaults to successful page retrieval
badattempts = 1
encrypted = true
command = "Get-FileContent memo.txt"
contains = true
output = "business as usual in the kingdom!"
Create injects through the admin view of the Injects portal. Grade team submissions in the same portal.