CN114897380A - Network attack and defense online practical training OJ system and method - Google Patents

Network attack and defense online practical training OJ system and method Download PDF

Info

Publication number
CN114897380A
CN114897380A CN202210550811.3A CN202210550811A CN114897380A CN 114897380 A CN114897380 A CN 114897380A CN 202210550811 A CN202210550811 A CN 202210550811A CN 114897380 A CN114897380 A CN 114897380A
Authority
CN
China
Prior art keywords
user
question
drone
module
team
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210550811.3A
Other languages
Chinese (zh)
Inventor
纪守领
彭浩
费俊涛
张旭鸿
钟鸣
赵丹丹
韩建民
伍一鸣
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shangchan Zhejiang Technology Co ltd
Original Assignee
Shangchan Zhejiang Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shangchan Zhejiang Technology Co ltd filed Critical Shangchan Zhejiang Technology Co ltd
Priority to CN202210550811.3A priority Critical patent/CN114897380A/en
Publication of CN114897380A publication Critical patent/CN114897380A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/06Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
    • G06Q10/063Operations research, analysis or management
    • G06Q10/0631Resource planning, allocation, distributing or scheduling for enterprises or organisations
    • G06Q10/06311Scheduling, planning or task assignment for a person or group
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/06Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
    • G06Q10/063Operations research, analysis or management
    • G06Q10/0631Resource planning, allocation, distributing or scheduling for enterprises or organisations
    • G06Q10/06315Needs-based resource requirements planning or analysis
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q50/00Systems or methods specially adapted for specific business sectors, e.g. utilities or tourism
    • G06Q50/10Services
    • G06Q50/20Education
    • G06Q50/205Education administration or guidance

Landscapes

  • Business, Economics & Management (AREA)
  • Engineering & Computer Science (AREA)
  • Human Resources & Organizations (AREA)
  • Strategic Management (AREA)
  • Economics (AREA)
  • Theoretical Computer Science (AREA)
  • Educational Administration (AREA)
  • Tourism & Hospitality (AREA)
  • Entrepreneurship & Innovation (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • Marketing (AREA)
  • Game Theory and Decision Science (AREA)
  • Development Economics (AREA)
  • Educational Technology (AREA)
  • Operations Research (AREA)
  • Quality & Reliability (AREA)
  • Computer Security & Cryptography (AREA)
  • Primary Health Care (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention provides an OJ (OJ) practical training system and method for online attack and defense, wherein the OJ practical training system comprises a system setting module, a login and registration module, a subject management module, a question answering module and a dynamic target drone module, wherein the dynamic target drone module is used for a user to establish a corresponding target drone for a subject with a dynamic target drone function, the user can close and restart the target drone established by the user, and an administrator can check, restart and close all the established target drone. For some questions needing the drone, after establishing a basic mirror image, an administrator can enable a user to automatically start the drone when answering the questions; the question score is reduced along with the increase of the person answering the question, so that the member can know the difficulty degree of the question, and the integral system is reasonably arranged. The system has strong compatibility, and provides a training platform for students to professional technologies in classroom learning in the scene of reproducing game questions or training the student network security technology.

Description

Network attack and defense online practical training OJ system and method
Technical Field
The invention relates to the technical field of network attack and defense, in particular to an online practical training OJ system and method for network attack and defense.
Background
Most of domestic CTF competition platforms are trained in a problem solving mode, namely, a website running in a constructed target drone is attacked, the authority of a target drone server can be obtained, so that the content in the server can be modified randomly, in this way, the problem solving mode judges that the score is a 'flag' file through the name of the server, the file cannot normally access the website to obtain the content in the website, and finally the flag is handed to a corresponding question of the competition platform to be solved, so that the corresponding score can be obtained, and finally the score is ranked through the score. However, the difficulty factor of a topic is generally not controllable, so there is a form of dynamic score, i.e., the more a topic is solved, the lower its score. At present, training of CTF by a training team needs to optimize a good problem solving platform, meanwhile, continuous optimization and new function addition (such as dynamic target function) of the platform are considered, flexibility of python language is considered, so that an initial frame of the platform is prepared to be flash, reference is made to a document applied to the flash frame, the performance of the flash frame is not inferior to that of a thinkph frame, a multi-thread mode can be added when in need, and the response speed of the platform is improved.
In summary, in view of the background, it is found that the following problems also exist in the current technology of this aspect: 1. a more mature framework is not adopted, so that the performance of the built system is very dependent on hardware resources; 2. the adopted frame has higher possibility of unknown loopholes at present, and the later maintenance is very inconvenient; 3. the compatibility of the adopted language is not as good as python, and certain obstacles are set for the next development of new functions; 4. the function that a special theme needs to give the user authority to start the dynamic drone is not appeared.
Disclosure of Invention
The invention aims to provide a network attack and defense online practical training OJ system and a network attack and defense online practical training OJ method, so that the problems in the prior art are solved.
In order to achieve the purpose, the technical scheme adopted by the invention is as follows:
a network attack and defense online practical training OJ system adopts bootstrap as a front-end framework, flash is a rear-end framework, and is obtained based on python language, docker technology and frp technology and comprises a system setting module, a login and registration module, a question management module, an answer module and a dynamic target drone module, wherein the system setting module is used for simply setting system parameters, including time, whether to open the login and whether to hide a related interface set by the system for a tourist; the login registration module is used for registering a new user and a login verification process of a registered user, and judging the authority range of login personnel; the question management module is used for managing all test questions including but not limited to newly built, deleted and edited test questions; the answer module is used for answering the questions after the user logs in; the dynamic drone aircraft module is used for enabling a user to create a corresponding drone aircraft for a subject with the dynamic drone aircraft function, enabling the user to close and restart the created drone aircraft, and enabling an administrator to check, restart and close all the created drone aircraft.
Preferably, the system setting module comprises a platform information management submodule, a mirror image management submodule and a safety setting submodule, wherein the platform information management submodule is used for monitoring and managing system information and controlling UI interface setting; the method comprises the following steps that a mirror image management submodule conducts mirror image management on a title based on a docker container, the title and the mirror image are corresponding through mirror image names, when the title is configured at the front end, if the title has a target, the docker mirror image name needs to be supplemented, meanwhile, an administrator needs to prepare the title mirror image in a server, when a user enters a page of the title, the user can see an option of starting the target, a docker command is called when the user starts the target, and the target can be accessed by using docker up and a port number which does not conflict with the server; the safety setting submodule can stop question making operation through a one-key stopping function.
Preferably, the login registration module comprises a registration submodule, a login submodule and a user management submodule, wherein the registration submodule is mainly used for a new user registration function, and is used for providing a function of retrieving a password for a user by filling in basic personal information, such as a mailbox and an account password, and a subsequent administrator needs to set mailbox service in a background; the login sub-module is used for logging in according to a user name and a password filled by a user, and the background can log in the corresponding user only when the user name and the password are required to correspond to each other according to verification; the user management sub-module is used for confirming a login account and confirming identity information of login personnel, and comprises a team sub-module and a member sub-module, wherein the team sub-module can realize team information management, team personnel setting and self-team establishment; the member sub-module is used for adding, modifying and deleting users, and common users can be set as administrators.
The user management submodule also comprises an authority management submodule for carrying out authority division on the login user, if the login personnel information is a common user, the authority of the login user comprises browsing a webpage and a title, selecting and completing the title, starting the dynamic target drone and modifying personal data; answers of some titles are hidden in the drone, the answers can be taken only by attacking the drone, an administrator can configure a docker image file of the titles in advance when adding the titles, when a user enters a title-making interface of the titles, a button for starting the drone appears, the administrator can construct a target image by using a docker build command and store the target image in a server in advance, a docker up command is called in the process of starting the drone, and a specific port of the drone can be mapped to an idle port of the server, for example: if the web topic is generally needed, 80 ports of the target drone are mapped to idle ports of the server; if the login personnel is the administrator, the authority also comprises the current user registration number and all the questions of the observation platform, a front-end page UI is edited, a new page can be added, the ordinary users can be managed, the user information can be checked, the authority of the classification and the score of the users can be changed, and the dynamic drone aircraft function module is called.
Preferably, in the topic management module, for the test questions bound by the dynamic target drone, a docker mirror image needs to be prepared in the server in advance, the dynamic target drone class topic is selected when the topic is created, the created topic mirror image name is used as an index, and after configuration is completed, an interface for starting the target drone appears when a user browses the topics with the dynamic target drone.
The invention also aims to provide a network attack and defense online practical training method, which is based on the network attack and defense online practical training OJ system and comprises the following steps:
s1, logging in the network attack and defense online practical training OJ system through a registration login module by a user; judging whether the login user is in the role of an administrator, if not, loading a front-end answer interface, and performing step S2, and if the login user is in the role of the administrator, loading an entry for entering background management, and performing step S3;
s2, a common user can check the information of the current question, access a question, submit the answer to obtain the score of the corresponding question by solving the question given by the question, check the condition that other users do the question to obtain the score, check the condition and information of doing the question and modify the limited information;
s21, opening all question lists, selecting corresponding questions to be made, confirming binary files of the questions, and confirming the protection and the number of bits started by the files;
s22, analyzing the file by ida32 or ida4, searching for a vulnerability point, and adopting a pwntool tool to attack the file script after a stack overflow vulnerability is found;
s23, acquiring the remote host authority corresponding to the file, thereby finally obtaining the flag in the server and ending answering;
s24, the user submits the answer through the answer submitting box in the system to obtain the corresponding score of the topic, and the score of the topic is reduced along with the increase of the number of the people who make the topic.
S3, the administrator enters the background to view the information of the title, including the information of the title id, the name, the state and the like; the administrator can add, modify and delete the questions; for the management of dynamic drone, an administrator may view, shut down, and restart a drone arbitrarily created in the server; for the user, the administrator can modify the user information and change the user authority.
Preferably, the selecting of the corresponding theme to be made in step S21 further includes: if the title has a dynamic target drone, the target drone needs to be started to do the title, namely, a docker up command is called to start and manage a mirror image which is configured by docker build in advance, then a started docker virtual drone, namely a corresponding service port of the target drone, is mapped to an idle port of a server, and if an accessory exists, the title can be made only after the accessory is downloaded.
Preferably, the starting of the drone is realized by adopting a dynamic drone function module, the dynamic drone function module enables an administrator to have dynamic drone options when adding titles, the administrator needs to create a mirror image of a title in advance by a docker at a server and record the name of the mirror image, the name of the mirror image needs to be filled in more when the title is configured, the survival time of the drone is prolonged, the background can call the command of the docker to close the drone of the title when the operation of the drone exceeds a certain time length, the module realizes that one dynamic drone title opens a virtual machine, and simultaneously provides an IP address and a port for solving the title for the user.
Preferably, the topic score in step S24 decreases as the number of people who make topics increases, and the calculation method is: setting initial score as initial and lowest score as minium, and the number of people who solved the topic when the lowest score is reached as P1, the number of people who solved the topic at this time as P2, value (((minium-initial)/(P1 ^2)) + (P2^2)) + initial, and rounding up the value, the score at this time being the maximum value taken in the lowest score minium and value.
Preferably, the step S21 further includes a team building process, the team building process including a joining team and an self-building team, the joining team process specifically including: after the user is registered successfully, filling the name and the invitation code of the team to be joined to join the team; the self-team building process comprises the following steps: after the user registration is successful, a team is created and a team invitation code is generated.
More preferably, when a team is playing a game, the points are ranked in units of teams; the points for each team include points obtained by the individual members' individual answers and points obtained by team games.
The invention has the beneficial effects that:
the invention provides an OJ (OJ) practical training system and method for online attack and defense, which belong to a system with strong compatibility and high redevelopment easiness. For some questions needing the drone, after establishing a basic mirror image, an administrator can enable a user to automatically start the drone when answering the questions; the topic score decreases as the number of people answering the topic increases, allowing the members to know how difficult and easy the topic is.
Drawings
Fig. 1 is a schematic diagram of an OJ practical training system for online attack and defense provided in embodiment 1;
fig. 2 is a flowchart of the login-registration-password operation provided in embodiment 1;
fig. 3 is a schematic flow chart of an OJ practical training method for online attack and defense provided in embodiment 2;
fig. 4 is a flow chart of user answering provided in embodiment 2.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is further described in detail below with reference to the accompanying drawings. It should be understood that the detailed description and specific examples, while indicating the invention, are intended for purposes of illustration only and are not intended to limit the scope of the invention.
Example 1
The docker image provided by the embodiment is ubuntu16.04 adopted in the development process, docker file and docker-compound file are configured, and related dependency installation configuration is provided, so that a deployment worker can command the deployment platform through the docker-compound only by installing the dependency in the request. Therefore, the step of deploying the platform: selecting a linux server, and installing docker, frp, python2 and pip 2; run the dependency of the file in the pip installation request. txt in the project file; the docker-compound builds the file of the mirror image at up; for the dynamic target drone service, corresponding frp files need to be configured, a platform built by a system is connected with the network nodes by using a docker-swap or directly building nodes of a docker network, and the configuration is carried out by using the dynamic target drone function files, wherein ip addresses where a docker main node and a server are located are mainly filled; if the on-shelf questions need to select the dynamic target aircraft question types, the questions with docker file files need to be configured in advance, basic images with the questions are established, names of the question files are used as indexes in the system and are bound with the questions, if a user starts a platform, an administrator can go to a background to execute a docker service through configured frp service, the corresponding images are started to be virtual machines through the originally set parameters of the docker, if a plurality of people start the same question, the question can be started on different ports through the command, and the user cannot access the same virtual machine;
the structure of the on-line attacking and defending OJ practical training system provided in this embodiment is shown in fig. 1, and includes a user registration login module, a system setting module, a user management module, a question answering module, and a dynamic target drone module; the user registration management module is used for the tourists to register account numbers and confirm identity information of personnel; the system setting module is used for simply setting the system, such as time, whether registration is opened or not, and whether a related interface set by the system is hidden for a tourist or not; the user management module is used for the administrator to check, modify, delete and the like the information of the user; the question management module is used for the administrator to check, modify, delete and the like the questions; the answer module is used for answering the questions after the user logs in; the dynamic drone aircraft module is used for enabling a user to create a corresponding drone aircraft for a subject with the dynamic drone aircraft function, enabling the user to close and restart the created drone aircraft, and enabling an administrator to check, restart and close all the created drone aircraft.
Specifically, the system setting module in this embodiment includes a platform information management submodule, a mirror image management submodule, and a security setting submodule, where the platform information management submodule is used to monitor management system information and control UI interface setting; the method comprises the following steps that a mirror image management submodule conducts mirror image management on a title based on a docker container, the title and the mirror image are corresponding through mirror image names, when the title is configured at the front end, if the title has a target, the docker mirror image name needs to be supplemented, meanwhile, an administrator needs to prepare the title mirror image in a server, when a user enters a page of the title, the user can see an option of starting the target, a docker command is called when the user starts the target, and the target can be accessed by using docker up and a port number which does not conflict with the server; the safety setting submodule can stop question making operation through a one-key stopping function.
The login registration module in the embodiment comprises a registration submodule, a login submodule and a user management submodule, wherein the registration submodule is mainly used for a new user registration function, and is used for providing a function of retrieving a password for a user by filling in basic personal information, such as a mailbox and an account password, and a subsequent administrator needs to set mailbox service in a background; the login sub-module is used for logging in according to a user name and a password filled by a user, and the background can log in the corresponding user only when the user name and the password are required to correspond to each other according to verification; the principle of the password algorithm adopted in the user registration and login process in the system is shown in fig. 2, and the whole process is operated by adopting the value obtained by the irreversible algorithm, so that the password of the user is safer.
The user management sub-module is used for confirming a login account and confirming identity information of login personnel, and comprises a team sub-module and a member sub-module, wherein the team sub-module can realize team information management, team personnel setting and self-team establishment; the member sub-module is used for adding, modifying and deleting users, and common users can be set as administrators.
The user management submodule also comprises an authority management submodule for carrying out authority division on the login user, if the login personnel information is a common user, the authority of the login user comprises browsing a webpage and a title, selecting and completing the title, starting the dynamic target drone and modifying personal data; answers of some titles are hidden in the drone, the answers can be taken only by attacking the drone, an administrator can configure a docker image file of the titles in advance when adding the titles, when a user enters a title-making interface of the titles, a button for starting the drone appears, the administrator can construct a target image by using a docker build command and store the target image in a server in advance, a docker up command is called in the process of starting the drone, and a specific port of the drone can be mapped to an idle port of the server, for example: if the web topic is generally needed, 80 ports of the target drone are mapped to idle ports of the server; if the login personnel is the administrator, the authority also comprises the current user registration number and all the questions of the observation platform, a front-end page UI is edited, a new page can be added, the ordinary users can be managed, the user information can be checked, the authority of the classification and the score of the users can be changed, and the dynamic drone aircraft function module is called.
In the title management module, for the test questions bound by the dynamic drone aircraft, a docker mirror image needs to be prepared in the server in advance, the dynamic drone aircraft title is selected when the title is created, the created title mirror image name is used as an index, and after configuration is completed, an interface for starting the drone aircraft appears when a user browses the title with the dynamic drone aircraft.
Example 2
The embodiment provides an OJ practical training method for online attack and defense, which includes the following steps with reference to fig. 3:
s1, logging in the OJ training system through an account and a password by a user through a login unit, simultaneously judging whether the user is in an administrator role, loading a front-end user interface, and performing step S2, if the user logs in the OJ training system in the administrator role, loading an entrance for entering background management, and performing step S3;
the judgment of whether the login is successful or not in step S1 includes the following:
and judging whether the account number and the password of the user role are correct or not, jumping to a main interface for answering and other operations if the account number and the password are both correct, and otherwise, prompting that the user name or the password is wrong.
S2, a general user can check the current situation of obtaining scores by other users, check the information of the current question, access a question, and submit the answer to obtain the score of the corresponding question by solving the question given by the question, check the situation and information of the current question, and modify the limited information, where the answering process is shown in fig. 4 and specifically includes the following processes:
s21, opening all question lists, selecting corresponding questions to be made, confirming binary files of the questions, and confirming the protection and the number of bits started by the files;
s22, analyzing the file by ida32 or ida4, searching for a vulnerability point, and adopting a pwntool tool to attack the file script after a stack overflow vulnerability is found;
s23, acquiring the remote host authority corresponding to the file, thereby finally obtaining the flag in the server and ending answering;
s24, the user submits the answer through the answer submitting box in the system to obtain the corresponding score of the topic, and the score of the topic is reduced along with the increase of the number of the people who make the topic.
S3, the administrator user can enter the background for management through the background entrance besides having the step S2. The administrator can check the information of the title, including the information of the title id, the name, the state and the like; the administrator can add, modify and delete the questions; for the management of dynamic drone, an administrator may view, shut down, and restart a drone arbitrarily created in the server; for the user, the administrator can modify the user information and change the user authority;
in this embodiment, for the user management module and the topic management module that can be used by the administrator, the administrator can add, modify, and delete topics and users through a visual interface in the system background.
S4, when checking the title with dynamic drone function, the ordinary user can start the drone, and solve the title to obtain the answer.
S5, the administrator can check the basic information, user information, title information, target drone information in operation, etc. of the system, and can also set the system basically, modify whether the title, score table and registration function of the platform are disclosed to the tourist, and can also close the platform temporarily;
managing the simple settings that can be made to the system includes:
the method has the advantages that logo can be added and modified for a front-end interface of the system, the name of the system can be modified, the front-end interface of the system can be modified by using HTML language, mailbox verification can be started (whether an electronic mailbox needs to be verified after a user finishes registration is controlled), the title, the score, the user and the registration function can be hidden, the mailbox of the system can be set (the user forgets a password and then sends a corresponding verification code, so that the user can modify the password by the means), the time zone and the freezing (the user is paused to answer questions) time of the system can be set, and the platform can be reset.
Step S21 in this embodiment further includes a team building process, where the team building process includes a joining team and an auto-building team, and the joining team process specifically includes: after the user is registered successfully, filling the name and the invitation code of the team to be joined to join the team; the self-team building process comprises the following steps: after the user registration is successful, a team is created and a team invitation code is generated.
When the team plays the game, the score ranking is carried out by taking the team as a unit; the points for each team include points obtained by the individual members' individual answers and points obtained by team games.
In this embodiment, the topic score in step S24 decreases as the number of people who make topics increases, and the calculation method is as follows: setting initial score as initial and lowest scores as minim, the number of people solving the question when the lowest score is reached as P1, the number of people solving the question at this time as P2, value (((minim-initial)/(P1 ^2)) (P2^2)) + initial, and rounding value upward, the score of the question at this time is the maximum value taken in the lowest scores minim and value.
By adopting the technical scheme disclosed by the invention, the following beneficial effects are obtained:
the invention provides an OJ (OJ) practical training system and method for online attack and defense, which belong to a system with strong compatibility and high redevelopment easiness. For some questions needing the drone, after establishing a basic mirror image, an administrator can enable a user to automatically start the drone when answering the questions; the topic score decreases as the number of people answering the topic increases, allowing the members to know how difficult and easy the topic is.
The foregoing is only a preferred embodiment of the present invention, and it should be noted that, for those skilled in the art, various modifications and improvements can be made without departing from the principle of the present invention, and such modifications and improvements should also be considered within the scope of the present invention.

Claims (10)

1. A network attack and defense online practical training OJ system is characterized in that bootstrap is used as a front-end framework, flash is a rear-end framework, and the system is obtained based on python language, docker technology and frp technology and comprises a system setting module, a login and registration module, a question management module, an answer module and a dynamic target drone module, wherein the system setting module is used for simply setting system parameters, including time, whether to open and register and whether to hide a relevant interface set by the system for tourists; the login registration module is used for registering a new user and a login verification process of a registered user, and judging the authority range of login personnel; the question management module is used for managing all test questions including but not limited to newly built, deleted and edited test questions; the answer module is used for answering the questions after the user logs in; the dynamic drone aircraft module is used for enabling a user to create a corresponding drone aircraft for a subject with the dynamic drone aircraft function, enabling the user to close and restart the created drone aircraft, and enabling an administrator to check, restart and close all the created drone aircraft.
2. The online practical training OJ system for network attack and defense according to claim 1, wherein the system setting module comprises a platform information management submodule, a mirror image management submodule and a security setting submodule, and the platform information management submodule is used for monitoring and managing system information and controlling UI interface setting; the method comprises the following steps that a mirror image management submodule conducts mirror image management on a title based on a docker container, the title and the mirror image are corresponding through mirror image names, when the title is configured at the front end, if the title has a target, the docker mirror image name needs to be supplemented, meanwhile, an administrator needs to prepare the title mirror image in a server, when a user enters a page of the title, the user can see an option of starting the target, a docker command is called when the user starts the target, and the target can be accessed by using docker up and a port number which does not conflict with the server; the safety setting submodule can stop question making operation through a one-key stopping function.
3. The online practical training OJ system for network attack and defense according to claim 1, wherein the login registration module comprises a registration submodule, a login submodule and a user management submodule, the registration submodule is mainly used for registering a new user, the login submodule is used for a registered user to log in the system through a user name and a password, the user management submodule is used for confirming a login account and confirming identity information of login personnel and comprises a team submodule and a member submodule, and the team submodule can realize team information management, team personnel setting and self-team construction; the member sub-module is used for adding, modifying and deleting users, and common users can be set as administrators.
4. The online practical training OJ system for network attack and defense according to claim 1, characterized in that, in the topic management module, for the test questions bound by the dynamic target drone, a docker mirror image needs to be prepared in the server in advance, the dynamic target drone class topic is selected when the topic is created, the created topic mirror image name is used as an index, and after the configuration is completed, the interface for starting the target drone appears when the user browses the topic with the dynamic target drone.
5. A network attack and defense online practical training method is characterized in that the network attack and defense online practical training OJ system based on any one of claims 1 to 4 comprises the following steps:
s1, logging in the network attack and defense online practical training OJ system through a registration login module by a user; judging whether the login user is in the role of an administrator, if not, loading a front-end answer interface, and performing step S2, and if the login user is in the role of the administrator, loading an entry for entering background management, and performing step S3;
s2, a common user can check the information of the current question, access a question, submit the answer to obtain the score of the corresponding question by solving the question given by the question, check the condition that other users do the question to obtain the score, check the condition and information of doing the question and modify the limited information;
s21, opening all question lists, selecting corresponding questions to be made, confirming binary files of the questions, and confirming the protection and the number of bits started by the files;
s22, analyzing the file by ida32 or ida64, searching for a vulnerability point, and adopting a pwntool tool to attack the file script after a stack overflow vulnerability is found;
s23, acquiring the remote host authority corresponding to the file, thereby finally obtaining the flag in the server and ending answering;
s24, the user submits the answer through the answer submitting box in the system to obtain the corresponding score of the topic, and the score of the topic is reduced along with the increase of the number of the people who make the topic.
S3, the administrator enters the background to view the information of the title, including the information of the title id, the name, the state and the like; the administrator can add, modify and delete the questions; for the management of dynamic drone, an administrator may view, shut down, and restart a drone arbitrarily created in the server; for the user, the administrator can modify the user information and change the user authority.
6. The network defense and attack online practical training method according to claim 5, wherein the step S21 of selecting the corresponding topic to be made further comprises: if the title has a dynamic target drone, the target drone needs to be started to do the title, namely, a docker up command is called to start and manage a mirror image which is configured by docker build in advance, then a started docker virtual drone, namely a corresponding service port of the target drone, is mapped to an idle port of a server, and if an accessory exists, the title can be made only after the accessory is downloaded.
7. The network attack and defense online practical training method according to claim 6, characterized in that the starting of the target drone is realized by adopting a dynamic target drone module, the dynamic target drone module enables an administrator to have a dynamic target drone option when adding a question, the administrator needs to create a mirror image of the question in advance by a docker at a server and record the name of the mirror image, the name of the mirror image needs to be filled in more when configuring the question, the survival time of the target drone is prolonged, when the target drone runs for a certain period of time, a background can call a command of the docker to close the target drone of the question, the module realizes that a dynamic target drone class question starts a virtual drone, and an IP address and a port are provided for a user to solve the question.
8. The online practical training method for network defense and attack according to claim 5, wherein the topic score in step S24 decreases with the increase of the number of people who make topics, and the calculation method is as follows: setting initial score as initial and lowest scores as minim, the number of people solving the question when the lowest score is reached as P1, the number of people solving the question at this time as P2, value (((minim-initial)/(P1 ^2)) (P2^2)) + initial, and rounding value upward, the score of the question at this time is the maximum value taken in the lowest scores minim and value.
9. The network attack and defense online practical training method according to claim 5, wherein the step S21 further comprises a team building process, the team building process comprises a joining team and an automatic building team, and the joining team process specifically comprises: after the user is registered successfully, filling the name and the invitation code of the team to be joined to join the team; the self-team building process comprises the following steps: after the user registration is successful, a team is created and a team invitation code is generated.
10. The network defense and attack online practical training method according to claim 9, characterized in that when a team plays, the score ranking is performed in units of team; the points for each team include points obtained by the individual members' individual answers and points obtained by team games.
CN202210550811.3A 2022-05-18 2022-05-18 Network attack and defense online practical training OJ system and method Pending CN114897380A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210550811.3A CN114897380A (en) 2022-05-18 2022-05-18 Network attack and defense online practical training OJ system and method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210550811.3A CN114897380A (en) 2022-05-18 2022-05-18 Network attack and defense online practical training OJ system and method

Publications (1)

Publication Number Publication Date
CN114897380A true CN114897380A (en) 2022-08-12

Family

ID=82723504

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210550811.3A Pending CN114897380A (en) 2022-05-18 2022-05-18 Network attack and defense online practical training OJ system and method

Country Status (1)

Country Link
CN (1) CN114897380A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116866085A (en) * 2023-09-01 2023-10-10 合肥天帷信息安全技术有限公司 Network security exercise management analysis method, device and medium

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116866085A (en) * 2023-09-01 2023-10-10 合肥天帷信息安全技术有限公司 Network security exercise management analysis method, device and medium

Similar Documents

Publication Publication Date Title
US11600198B2 (en) System for dynamically provisioning cyber training environments
CN106909432B (en) Online environment intelligent deployment system and method for CTF online competition platform
CN106126402B (en) The processing method and processing device of accelerator exception
US20190046868A1 (en) System, method and computer readable recording medium for providing game through connection with challenge opponent
CN105657482B (en) A kind of implementation method and device of voice barrage
CN103957208B (en) The acceleration method and system of online game and network game accelerate server
CN103957209B (en) Optimizer, optimization method and the optimization system of online game
CN108965021B (en) Method and device for creating virtual drilling network
CN103684826B (en) Method and device for solving fault
CN115225410B (en) Independent dynamic network security target range system, device and application method thereof
CN114897380A (en) Network attack and defense online practical training OJ system and method
CN107493326B (en) Network voting processing method, device, server and computer readable storage medium
CN101071384A (en) Method and system for starting network game
CN104333538B (en) A kind of network equipment access method
CN106302666A (en) Data push method and device
CN104717305B (en) A kind of online network security competition method and system based on Internet
CN112835871A (en) Teenagers network security sports platform
Legg et al. Teaching offensive and defensive cyber security in schools using a raspberry pi cyber range
CN111314330B (en) Network application operation method and device
CN116248411B (en) AWD attacks and defends platform
US11475790B2 (en) Gamified network security training using dedicated virtual environments simulating a deployed network topology of network security products
JP2004145413A (en) Diagnostic system for security hole
CN105897555A (en) Method for interconnection between personal computer side and mobile-side game account number
CN112887130B (en) Micro service management method and device
TWM622127U (en) Penetration test digital learning system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination