icoa-cli 2.19.113 → 2.19.114

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (26) hide show
  1. package/dist/commands/ai4ctf.js +1 -1
  2. package/dist/commands/ctf4ai-demo.js +1 -1
  3. package/dist/commands/exam.js +1 -1
  4. package/dist/repl.js +1 -1
  5. package/package.json +1 -1
  6. package/translations/ar/demo-explanations.json +31 -31
  7. package/translations/bn/demo-explanations.json +32 -0
  8. package/translations/de/demo-explanations.json +31 -31
  9. package/translations/es/demo-explanations.json +25 -25
  10. package/translations/fr/demo-explanations.json +28 -28
  11. package/translations/hi/demo-explanations.json +31 -31
  12. package/translations/ht/demo-explanations.json +31 -31
  13. package/translations/id/demo-explanations.json +30 -30
  14. package/translations/ja/demo-explanations.json +31 -31
  15. package/translations/ko/demo-explanations.json +29 -29
  16. package/translations/lo/demo-explanations.json +32 -0
  17. package/translations/pt/demo-explanations.json +26 -26
  18. package/translations/ru/demo-explanations.json +26 -26
  19. package/translations/si/demo-explanations.json +32 -0
  20. package/translations/sw/demo-explanations.json +32 -0
  21. package/translations/th/demo-explanations.json +31 -31
  22. package/translations/tr/demo-explanations.json +29 -29
  23. package/translations/uk/demo-explanations.json +26 -26
  24. package/translations/uz/demo-explanations.json +32 -0
  25. package/translations/vi/demo-explanations.json +31 -31
  26. package/translations/zh/demo-explanations.json +30 -30
package/dist/repl.js CHANGED
@@ -1 +1 @@
1
- import{createInterface as o}from"node:readline";import{spawn as e,execSync as t}from"node:child_process";import chalk from"chalk";import{isConnected as l,getConfig as n,saveConfig as s}from"./lib/config.js";import{isActivated as a,activateToken as r,isFreeCommand as i,isDeviceMatch as c,recordExit as g,recordResume as y,isFirstRunOrUpgrade as m,markVersionSeen as p}from"./lib/access.js";import{setReplMode as d}from"./lib/ui.js";import{isChatActive as u,handleChatMessage as h}from"./commands/ai4ctf.js";import{isCtf4aiActive as w,handleCtf4aiMessage as f}from"./commands/ctf4ai-demo.js";import{getExamState as b,getRealExamState as x,getDemoState as v}from"./lib/exam-state.js";import{getDemoStats as C}from"./lib/demo-stats.js";import{isExamSetupComplete as I}from"./lib/exam-setup.js";import{DEMO_PICK_SIZE as k,DEMO_POOL_SIZE as A}from"./lib/demo-exam.js";import{isNativeWindowsCmd as T}from"./lib/platform.js";import{resetTerminalTheme as $}from"./lib/theme.js";import{ensureSandbox as S,runInSandbox as O,isDockerAvailable as q}from"./lib/sandbox.js";import{logCommand as L}from"./lib/logger.js";import{startLogSync as j,stopLogSync as E}from"./lib/log-sync.js";import{existsSync as P,mkdirSync as R,writeFileSync as N}from"node:fs";import{join as D}from"node:path";import{homedir as F}from"node:os";function M(){return x()?chalk.cyan("exam> "):v()?chalk.yellow("demo> "):chalk.green("icoa> ")}const U=D(F(),"icoa-workspace");function z(){return P(U)||R(U,{recursive:!0}),U}const B=new Set(["sudo","su","doas","pkexec","brew","apt","apt-get","yum","choco","npm","npx","pip","pip3","shutdown","reboot","halt","mkfs","fdisk","dd","iptables","ufw"]),W="__REPL_NO_EXIT__",Q="2.5.1";function _(){const o=C(),e=I(),l=`Free practice — ${k} questions (from pool of ${A})`,n=T();if(console.log(),console.log(` ${chalk.cyan.bold("[Selection Mode]")}`),console.log(),n)console.log(chalk.gray(" Platform: ")+chalk.white("Windows cmd.exe")+chalk.gray(" — routed to Paper C (MCQ-only, 45 min, 70 pts, zero extra tools)")),console.log();else if(o.attempts>0){const o=function(){const o=["python3.12 --version","/opt/homebrew/opt/python@3.12/bin/python3.12 --version","/usr/local/opt/python@3.12/bin/python3.12 --version","python3 --version","python --version","py -3.12 --version","py -3 --version"];let e="",l="missing";for(const n of o)try{const o=t(n,{encoding:"utf-8",timeout:2e3,stdio:["ignore","pipe","ignore"]}).trim().replace("Python ",""),[s,a]=o.split(".").map(Number);if(3===s&&12===a)return{ok:!0,version:o,status:"ok"};e=o,l=3===s&&a>=10&&a<12?"old":3===s&&a>12?"new":"missing"}catch{}return{ok:"missing"!==l,version:e,status:l}}();"missing"===o.status?(console.log(chalk.yellow(" ⚠ Python not detected. For exam practical questions:")),console.log(chalk.gray(" → ")+chalk.bold.cyan("env python")+chalk.gray(" (platform install guide)")),console.log()):"new"===o.status&&(console.log(chalk.yellow(` ⚠ Python ${o.version} may lack CTF wheels. Python 3.12 recommended:`)),console.log(chalk.gray(" → ")+chalk.bold.cyan("env python")+chalk.gray(" (install guide)")),console.log())}if(0===o.attempts)console.log(chalk.white(" New here? Start with ")+chalk.bold.cyan("demo")+chalk.white(" — it takes a few minutes.")),console.log(),console.log(chalk.gray(" ─────────────────────────────────────────────")),console.log(chalk.bold.cyan(" demo")+chalk.gray(` ${l}`)),console.log(chalk.white(" lang")+chalk.gray(" List all supported languages")),console.log(chalk.white(" lang es")+chalk.gray(" Switch language (e.g. lang es, lang zh, lang fr)")),console.log(chalk.gray(" ─────────────────────────────────────────────"));else if(e||n){const e=1===o.attempts?"attempt":"attempts";o.attempts>0&&console.log(chalk.green(" ✓ Demo completed ")+chalk.gray(`(${o.attempts} ${e})`)),n||console.log(chalk.green(" ✓ Environment ready")),console.log(chalk.yellow(" → Enter your exam token to begin.")),console.log(chalk.gray(" (10-char code from your organizer, starts with your country code like ")+chalk.cyan("UA")+chalk.gray(" — case-insensitive)")),console.log(),console.log(chalk.gray(" ─────────────────────────────────────────────")),console.log(chalk.bold.yellow(" exam <token>")+chalk.gray(" Enter exam (primary action — use your organizer-issued token)")),console.log(chalk.gray(" format: ")+chalk.white("exam UAxxxxxxxx")+chalk.gray(" (2-letter country prefix + 8 chars)")),console.log(chalk.gray(" ─────────────────────────────────────────────")),console.log(chalk.gray(" Other commands:")),console.log(chalk.white(" demo")+chalk.gray(` ${l}`)),n||console.log(chalk.white(" exam setup")+chalk.gray(" Re-verify tool environment")),console.log(chalk.white(" lang")+chalk.gray(" List all supported languages")),console.log(chalk.white(" lang es")+chalk.gray(" Switch language (e.g. lang es, lang zh, lang fr)")),console.log(chalk.gray(" ─────────────────────────────────────────────"))}else{const e=1===o.attempts?"attempt":"attempts";console.log(chalk.green(" ✓ Demo completed ")+chalk.gray(`(${o.attempts} ${e}${o.bestPercentage>0?` · best ${o.bestPercentage}%`:""})`)),console.log(chalk.yellow(" → Next: prepare your environment for the real exam.")),console.log(),console.log(chalk.gray(" ─────────────────────────────────────────────")),console.log(chalk.white(" demo")+chalk.gray(` ${l}`)),console.log(chalk.bold.yellow(" exam setup")+chalk.gray(" Install tools for national selection (~150MB)")),console.log(chalk.white(" lang")+chalk.gray(" List all supported languages")),console.log(chalk.white(" lang es")+chalk.gray(" Switch language (e.g. lang es, lang zh, lang fr)")),console.log(chalk.gray(" ─────────────────────────────────────────────"))}console.log(chalk.gray(" ")+chalk.gray("Tip: ")+chalk.cyan("help")+chalk.gray(" for commands · ")+chalk.cyan("Ctrl+C")+chalk.gray(" pauses · ")+chalk.cyan("quit")+chalk.gray(" closes")),console.log()}export async function startRepl(e,x){const v=n(),C=l(),I=process.exit.bind(process),k=a();if(v.demoCleanedForVersion!==Q){try{const{existsSync:o,unlinkSync:e}=await import("node:fs"),{join:t}=await import("node:path"),{getIcoaDir:l}=await import("./lib/config.js"),n=t(l(),"demo-state.json");o(n)&&e(n)}catch{}s({demoCleanedForVersion:Q})}const{select:A,confirm:T}=await import("@inquirer/prompts"),V=v.mode||"",G=[{name:` ${chalk.bold("National Selection")} ${chalk.gray("—")} ${chalk.gray("demo, exam (lightweight)")}`,value:"selection"},{name:` ${chalk.bold("International Olympiad")} ${chalk.gray("—")} ${chalk.gray("CTF × AI (~500MB, advanced)")}`,value:"olympiad"},{name:` ${chalk.bold("National/Regional Partner")} ${chalk.gray("—")} ${chalk.gray("organizer tools (tokens, competitions)")}`,value:"organizer"},{name:` ${chalk.gray("About ICOA")} ${chalk.gray("·")} ${chalk.gray("Info & contact")}`,value:"about"}];console.log(chalk.gray(" Use ")+chalk.yellow("↑")+chalk.gray(" or ")+chalk.yellow("↓")+chalk.gray(" to select, ")+chalk.yellow("Enter")+chalk.gray(" to confirm.")),console.log();let J="";for(;!J;){const o=await A({message:"Mode",choices:G,default:V||"selection"});"about"!==o?J=o:(console.clear(),console.log(),console.log(chalk.cyan(" ═══════════════════════════════════════════════════")),console.log(chalk.bold.yellow(" ICOA")+chalk.white(" — AI-Native CLI OS for Cyber & AI Security")),console.log(chalk.gray(" Olympiad & Competition · K-12 to University")),console.log(chalk.cyan(" ───────────────────────────────────────────────────")),console.log(),console.log(chalk.bold.white(" What Makes ICOA Different")),console.log(chalk.gray(" · AI-native AI teammate, AI adversary, AI translation")),console.log(chalk.gray(" · CLI OS Complete competition environment in terminal")),console.log(chalk.gray(" · 110 tools pwntools, z3, gdb, nmap, sleuthkit... pre-configured")),console.log(chalk.gray(" · Global scale 15,000+ concurrent exams · 15 languages")),console.log(),console.log(chalk.bold.white(" Competition Format")),console.log(` ${chalk.green.bold("AI4CTF")}${chalk.gray(" [Day 1] AI as teammate — 5hr jeopardy CTF")}`),console.log(` ${chalk.red.bold("CTF4AI")}${chalk.gray(" [Day 2] Challenge AI — adversarial ML, red-team")}`),console.log(),console.log(chalk.white(" Sydney, Australia")+chalk.gray(" · Jun 27 - Jul 2, 2026 · 40+ countries")),console.log(),console.log(chalk.bold.white(" Organized by")+chalk.gray(" ASRA (Australia) · ICO Foundation Inc")),console.log(chalk.bold.white(" Contact ")+chalk.cyan(" australia@icoa2026.au · accreditation@icoa2026.au")),console.log(chalk.bold.white(" Website ")+chalk.cyan.underline(" https://icoa2026.au")),console.log(chalk.cyan(" ═══════════════════════════════════════════════════")),console.log(),console.log(chalk.gray(" Press ")+chalk.yellow("Enter")+chalk.gray(" to return...")),await new Promise(o=>{const e=t=>{process.stdin.removeListener("data",e),process.stdin.isTTY&&process.stdin.setRawMode&&process.stdin.setRawMode(!1),process.stdin.pause(),o()};process.stdin.isTTY&&process.stdin.setRawMode&&process.stdin.setRawMode(!0),process.stdin.resume(),process.stdin.once("data",e)}),console.clear())}if("olympiad"===J&&"olympiad"!==V&&(console.log(),console.log(chalk.yellow(" This mode will download ~500MB of CTF tools and AI models.")),await T({message:"Continue?",default:!0})||(J="selection",console.log(chalk.gray(" Switched to National Selection mode.")))),J!==V&&s({mode:J}),console.log(),"olympiad"===J&&m(Q)){p(Q),console.log(chalk.gray(" Checking competition environment..."));const{execSync:o}=await import("node:child_process"),e=[{name:"pwntools",cmd:'python3 -c "import pwn"'},{name:"z3-solver",cmd:'python3 -c "import z3"'},{name:"numpy",cmd:'python3 -c "import numpy"'},{name:"requests",cmd:'python3 -c "import requests"'}];let t=0;for(const l of e)try{o(l.cmd,{stdio:"ignore"})}catch{t++}if(t>0){console.log(chalk.yellow(` ${t} core libraries missing.`));try{const{confirm:o}=await import("@inquirer/prompts");if(await o({message:" Install competition Python libraries now?",default:!0,theme:{prefix:"",style:{message:o=>chalk.green(o),defaultAnswer:o=>chalk.green(o)}}})){console.log();const{execSync:o}=await import("node:child_process");o("icoa env setup",{stdio:"inherit"})}}catch{console.log(chalk.gray(" Run ")+chalk.white("env setup")+chalk.gray(" later to install."))}console.log()}else console.log(chalk.green(" All core libraries ready.")),console.log()}if(x){const o=y();if(o){const e=Math.floor(o.awaySeconds/60),t=o.awaySeconds%60;console.log(chalk.yellow(` Session resumed. Away: ${e}m ${t}s | Total exits: ${o.exitCount}`)),console.log()}}"selection"===J?_():"organizer"===J?(console.log(chalk.yellow.bold(" [National/Regional Partner]")),console.log(),console.log(chalk.bold.white(" ██╗ ██████╗ ██████╗ █████╗")),console.log(chalk.bold.white(" ██║██╔════╝██╔═══██╗██╔══██╗")),console.log(chalk.bold.white(" ██║██║ ██║ ██║███████║")),console.log(chalk.bold.white(" ██║██║ ██║ ██║██╔══██║")),console.log(chalk.bold.white(" ██║╚██████╗╚██████╔╝██║ ██║")),console.log(chalk.bold.white(" ╚═╝ ╚═════╝ ╚═════╝ ╚═╝ ╚═╝")),console.log(),console.log(chalk.yellow(" International Cyber Olympiad in AI 2026")),console.log(chalk.bold.magenta(" The World's First AI-Native CLI Operating System")),console.log(chalk.bold.magenta(" for Cybersecurity & AI Security Competition")),console.log(chalk.bold.magenta(" and Olympiad for K-12")),console.log(chalk.gray(" Sydney, Australia · Jun 27 - Jul 2, 2026")),console.log(),console.log(chalk.white(" Vision")),console.log(chalk.gray(" Building a global pipeline for youth cyber & AI")),console.log(chalk.gray(" security talent through education and competition.")),console.log(),console.log(chalk.white(" Capacity")),console.log(chalk.gray(" 15,000+ concurrent online examinations")),console.log(chalk.gray(" National selection, training, and education support")),console.log(),console.log(chalk.white(" Olympic Spirit")),console.log(chalk.gray(" Excellence · Friendship · Respect")),console.log(),console.log(chalk.gray(" ─────────────────────────────────────────────")),console.log(chalk.white(" New country accreditation & support:")),console.log(chalk.cyan(" australia@icoa2026.au")),console.log(chalk.cyan(" accreditation@icoa2026.au")),console.log(chalk.gray(" ─────────────────────────────────────────────")),console.log(),C?(console.log(chalk.green(` Logged in as ${v.userName}`)),console.log(chalk.white(" exam list")+chalk.gray(" Manage exams")),console.log(chalk.white(" logout")+chalk.gray(" Disconnect"))):console.log(chalk.white(" join <url>")+chalk.gray(" Connect to manage exams")),console.log()):k&&!c()?(console.log(chalk.red(" Token was activated on a different device.")),console.log(chalk.gray(" Contact organizer for assistance.")),console.log()):C?(console.log(chalk.green.bold(` Welcome back, ${v.userName}!`)),console.log(chalk.gray(` Connected to ${v.ctfdUrl}`)),console.log(),console.log(chalk.gray(" ─────────────────────────────────────────────")),console.log(chalk.white(" Ready to compete? Start here:")),console.log(),console.log(chalk.bold.cyan(" challenges")+chalk.gray(" Browse challenges by category")),console.log(chalk.white(" status")+chalk.gray(" Your score & hint budget")),console.log(chalk.white(" scoreboard")+chalk.gray(" Live rankings")),console.log(chalk.white(" help")+chalk.gray(" Full command list")),console.log(),console.log(chalk.gray(" Tool environment:")),console.log(chalk.white(" env")+chalk.gray(" See which of the 110 CTF tools are installed")),console.log(chalk.white(" env setup")+chalk.gray(" Install anything missing (~5 min, one-time)")),console.log(chalk.gray(" ─────────────────────────────────────────────")),console.log(chalk.gray(" Tip: ")+chalk.cyan("help")+chalk.gray(" · ")+chalk.cyan("Ctrl+C")+chalk.gray(" pauses · ")+chalk.cyan("quit")+chalk.gray(" closes")),console.log()):k?(z(),console.log(chalk.green.bold(" Welcome, competitor!")),console.log(chalk.gray(` Workspace: ${U}`)),console.log(),console.log(chalk.gray(" ─────────────────────────────────────────────")),console.log(chalk.white(" Get started:")),console.log(),console.log(chalk.white(" Step 1 ")+chalk.bold.cyan("join <url>")+chalk.gray(" Connect to competition server")),console.log(chalk.white(" Step 2 ")+chalk.bold.cyan("challenges")+chalk.gray(" Browse & solve challenges")),console.log(chalk.white(" Step 3 ")+chalk.bold.cyan("ai4ctf")+chalk.gray(" Ask AI when stuck")),console.log(),console.log(chalk.gray(" Before Step 1 — make sure your tools are ready:")),console.log(chalk.white(" env")+chalk.gray(" See which of the 110 CTF tools are installed")),console.log(chalk.white(" env setup")+chalk.gray(" Install anything missing (~5 min, one-time)")),console.log(),console.log(chalk.gray(" Also: ")+chalk.white("help")+chalk.gray(" all commands")),console.log(chalk.gray(" ─────────────────────────────────────────────")),console.log(chalk.gray(" Tip: ")+chalk.cyan("Ctrl+C")+chalk.gray(" pauses · ")+chalk.cyan("exit")+chalk.gray(" → menu · ")+chalk.cyan("quit")+chalk.gray(" closes CLI")),console.log()):(console.log(chalk.bold.white(" Welcome to ICOA CLI — International Olympiad")),console.log(),console.log(chalk.gray(" ─────────────────────────────────────────────")),console.log(chalk.white(" To begin, activate your competition token:")),console.log(),console.log(chalk.bold.cyan(" activate <token>")),console.log(),console.log(chalk.gray(" While waiting, explore:")),console.log(chalk.white(" ref linux")+chalk.gray(" Quick reference for Linux")),console.log(chalk.white(" ref web")+chalk.gray(" Quick reference for Web")),console.log(chalk.white(" env")+chalk.gray(" See which of the 110 CTF tools are installed")),console.log(chalk.white(" env setup")+chalk.gray(" Install anything missing (~5 min, one-time)")),console.log(chalk.white(" help")+chalk.gray(" All available commands")),console.log(chalk.gray(" ─────────────────────────────────────────────")),console.log(chalk.gray(" Tip: ")+chalk.cyan("Ctrl+C")+chalk.gray(" pauses · ")+chalk.cyan("exit")+chalk.gray(" → menu · ")+chalk.cyan("quit")+chalk.gray(" closes CLI")),console.log()),e.exitOverride(),e.configureOutput({writeErr:()=>{},writeOut:o=>{console.log(o)}});const K=o({input:process.stdin,output:process.stdout,prompt:M(),terminal:!0});let Z=!1;d(!0),j();const H=K.prompt.bind(K);K.prompt=o=>{u()||w()||K.setPrompt(M()),H(o)},K.prompt(),K.on("line",async o=>{if(Z)return;const l=o.trim();if(!l)return K.setPrompt(u()?chalk.magenta("ai4ctf> "):M()),void K.prompt();if(u()){Z=!0;const o=await h(l);return Z=!1,"exit"===o&&K.setPrompt(M()),void K.prompt()}if(w()){Z=!0;const o=await f(l);return Z=!1,"exit"!==o&&"solved"!==o||K.setPrompt(M()),void K.prompt()}if(L(l),"exit"===l)return b()?(console.log(),console.log(chalk.yellow(" ⚠ An exam is in progress.")),console.log(chalk.white(" To return to menu without losing progress, type: ")+chalk.bold.cyan("back")),console.log(chalk.white(" To fully close ICOA CLI, type: ")+chalk.bold.cyan("quit")),console.log(chalk.gray(" Your progress is auto-saved either way.")),console.log(),void K.prompt()):(console.log(),console.log(chalk.gray(" ")+chalk.white("exit")+chalk.gray(" returns to the main menu. To fully close ICOA CLI, type ")+chalk.bold.cyan("quit")+chalk.gray(".")),"selection"===J&&_(),void K.prompt());if("quit"===l||"q"===l||"quit confirm"===l){const o=b();return o&&"demo-free"!==o.session.examId&&"quit confirm"!==l?(console.log(),console.log(chalk.yellow(" ⚠ A real exam is in progress.")),console.log(chalk.gray(" Your answers are auto-saved on the server, but the exam timer keeps ticking")),console.log(chalk.gray(" on the server side even if you close the CLI.")),console.log(),console.log(chalk.white(" To leave the CLI but keep the exam alive, type: ")+chalk.bold.cyan("back")),console.log(chalk.gray(" (recommended — you can resume with ")+chalk.cyan("exam q 1")+chalk.gray(" after relaunching icoa)")),console.log(),console.log(chalk.white(" To really close ICOA CLI, type: ")+chalk.bold.cyan("quit confirm")),console.log(),void K.prompt()):(o&&"demo-free"===o.session.examId&&(console.log(),console.log(chalk.gray(" Demo paused. Resume with: ")+chalk.white("demo")+chalk.gray(" (fresh) or ")+chalk.white("exam q 1")+chalk.gray(" (continue)."))),E(),g(),console.log(chalk.gray(" Session saved. Use ")+chalk.white("icoa --resume")+chalk.gray(" to continue.")),$(),void I(0))}if("back"===l||"menu"===l){const o=b(),e=o&&"demo-free"!==o.session.examId,t=o&&"demo-free"===o.session.examId&&(()=>{const e=new Date(o.session.startedAt||0).getTime();return Date.now()-e<18e5})();if(e)console.log(),console.log(chalk.gray(" Exam paused. Your progress is saved.")),console.log(chalk.white(" Resume: exam q 1")+chalk.gray(" · ")+chalk.white("exam review")+chalk.gray(" · ")+chalk.white("exam submit")),console.log();else if(t){const e=Object.keys(o.answers).length,t=o.session.questionCount;console.log(),console.log(chalk.gray(` Demo paused (${e}/${t} answered). Resume with: `)+chalk.white("exam q 1")),console.log(chalk.gray(" Or type ")+chalk.white("demo")+chalk.gray(" to restart.")),console.log()}else{if(o&&"demo-free"===o.session.examId){const{clearExamState:o}=await import("./lib/exam-state.js");o("demo-free")}const e=n();fetch("https://practice.icoa2026.au/api/icoa/demo-stats",{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({type:"post-report-back",lang:e.language||"en",timestamp:(new Date).toISOString()}),signal:AbortSignal.timeout(5e3)}).catch(()=>{}),"selection"===J?_():console.log(chalk.gray(" Already at main menu."))}return void K.prompt()}if("help"===l||"?"===l){if(b()){Z=!0;try{await e.parseAsync(["node","icoa","exam","help"])}catch{}return Z=!1,void K.prompt()}return function(o,e="olympiad"){console.log(),"selection"===e||"organizer"===e?(console.log(chalk.bold.white(" Exam")),console.log(chalk.white(" join <url> ")+chalk.gray("Connect to exam server")),console.log(chalk.white(" exam list ")+chalk.gray("Available exams")),console.log(chalk.white(" exam start <id> ")+chalk.gray("Begin an exam")),console.log(chalk.white(" exam q [n] ")+chalk.gray("View questions")),console.log(chalk.white(" exam answer <n> <X> ")+chalk.gray("Answer question")),console.log(chalk.white(" exam review ")+chalk.gray("Review all answers")),console.log(chalk.white(" exam submit ")+chalk.gray("Submit for grading")),console.log(chalk.white(" exam result ")+chalk.gray("View your score")),console.log(),console.log(chalk.bold.white(" System")),console.log(chalk.white(" ref [topic] ")+chalk.gray("Quick reference")),console.log(chalk.white(" setup ")+chalk.gray("Settings / switch mode")),console.log(chalk.white(" lang [code] ")+chalk.gray("Switch language")),console.log(chalk.white(" clear ")+chalk.gray("Clear screen")),console.log(chalk.white(" exit ")+chalk.gray("Quit")),console.log()):o?(console.log(chalk.cyan(" ═══════════════════════════════════════════════")),console.log(chalk.bold.white(" How it works")),console.log(),console.log(chalk.gray(" 1. Browse ")+chalk.white("challenges")+chalk.gray(" and pick one")),console.log(chalk.gray(" 2. ")+chalk.white("open <id>")+chalk.gray(" to read the challenge")),console.log(chalk.gray(" 3. Use ")+chalk.white("ai4ctf")+chalk.gray(" to chat with AI when stuck")),console.log(chalk.gray(" 4. ")+chalk.white("submit <id> icoa{flag}")+chalk.gray(" to score points")),console.log(chalk.gray(" 5. Check ")+chalk.white("scoreboard")+chalk.gray(" to track your rank")),console.log(chalk.cyan(" ═══════════════════════════════════════════════")),console.log(),console.log(chalk.bold.white(" Competition")),console.log(chalk.white(" join <url> ")+chalk.gray("Connect to CTFd")),console.log(chalk.white(" challenges (ch) ")+chalk.gray("List challenges by category")),console.log(chalk.white(" open <id> ")+chalk.gray("Read challenge + get next steps")),console.log(chalk.white(" submit <id> <flag> ")+chalk.gray("Submit a flag")),console.log(chalk.white(" scoreboard (sb) ")+chalk.gray("Live rankings")),console.log(chalk.white(" status ")+chalk.gray("Your score, budget & timer")),console.log(chalk.white(" time ")+chalk.gray("Countdown timer")),console.log(),console.log(chalk.bold.white(" AI Teammate")+chalk.gray(" — 3 levels, use wisely")),console.log(chalk.white(' hint "question" ')+chalk.gray("Level A — General guidance (50 uses)")),console.log(chalk.white(' hint-b "question" ')+chalk.gray("Level B — Deep analysis (10 uses)")),console.log(chalk.white(' hint-c "question" ')+chalk.gray("Level C — Critical assist (2 uses)")),console.log(chalk.white(" hint budget ")+chalk.gray("Check remaining uses")),console.log(chalk.white(" ai4ctf ")+chalk.gray("Free-chat with AI (no limit)")),console.log(),console.log(chalk.bold.white(" Tools")),console.log(chalk.white(" ref [topic] ")+chalk.gray("Quick reference (linux, web, crypto...)")),console.log(chalk.white(" shell ")+chalk.gray("Docker sandbox")),console.log(chalk.white(" files <id> ")+chalk.gray("Download challenge files")),console.log(chalk.white(" connect <id> ")+chalk.gray("Connect to remote target")),console.log(chalk.white(" note [text] ")+chalk.gray("Personal notepad")),console.log(chalk.white(" log ")+chalk.gray("Session history")),console.log(),console.log(chalk.bold.white(" System")),console.log(chalk.white(" setup ")+chalk.gray("Configure settings")),console.log(chalk.white(" lang [code] ")+chalk.gray("Switch language (15 supported)")),console.log(chalk.white(" logout ")+chalk.gray("Disconnect")),console.log(chalk.white(" clear ")+chalk.gray("Clear screen")),console.log(chalk.white(" exit ")+chalk.gray("Quit (session saved)")),console.log()):(console.log(chalk.bold.yellow(" Restricted Mode — activate with a token to unlock all commands")),console.log(),console.log(chalk.white(" activate <token> ")+chalk.gray("Unlock full access")),console.log(chalk.white(" ref [topic] ")+chalk.gray("Quick reference")),console.log(chalk.white(" exit ")+chalk.gray("Quit")),console.log())}(a(),J),void K.prompt()}if("more help"===l.toLowerCase()&&b()){Z=!0;try{await e.parseAsync(["node","icoa","exam","more-help"])}catch{}return Z=!1,void K.prompt()}if("continue"===l.toLowerCase())return console.log(),console.log(chalk.green.bold(" ═══ AI4CTF — AI as Your Teammate ═══")),console.log(),console.log(chalk.white(" In AI4CTF, you solve cybersecurity challenges")),console.log(chalk.white(" with AI by your side.")),console.log(),console.log(chalk.white(" In competition, you get AI help at 3 levels:")),console.log(chalk.yellow(" hint a")+chalk.gray(" General guidance (50 uses)")),console.log(chalk.yellow(" hint b")+chalk.gray(" Deep analysis (10 uses)")),console.log(chalk.yellow(" hint c")+chalk.gray(" Critical assist (2 uses)")),console.log(),console.log(chalk.white(" Try it now! Type: ")+chalk.bold.green("ai4ctf")),console.log(chalk.gray(' Chat freely with your AI teammate. Type "exit" when done.')),console.log(),console.log(chalk.gray(" After ai4ctf, try: ")+chalk.bold.red("ctf4ai")+chalk.gray(' — trick the AI into saying "koala"')),console.log(),void K.prompt();if(/^ICOA-[A-Z]{2,3}-\d{1,6}$/i.test(l.trim())){Z=!0;try{await e.parseAsync(["node","icoa","exam","token",l.trim()])}catch{}return Z=!1,void K.prompt()}if(/^[A-Z]{2}[0-9A-HJKMNP-TV-Z]{8}$/i.test(l.trim())){Z=!0;try{await e.parseAsync(["node","icoa","exam","token",l.trim().toUpperCase()])}catch{}return Z=!1,void K.prompt()}const s=l.match(/^exam\s+([A-Z]{2}[0-9A-HJKMNP-TV-Z]{8})$/i);if(s){Z=!0;try{await e.parseAsync(["node","icoa","exam","token",s[1].toUpperCase()])}catch{}return Z=!1,void K.prompt()}const y=l.match(/^exam\s+([A-Z]{2,3})$/i);if(y){Z=!0;try{await e.parseAsync(["node","icoa","exam","list",y[1]])}catch{}return Z=!1,void K.prompt()}if("clear"===l||"cls"===l)return console.clear(),void K.prompt();if(l.startsWith("activate ")){const o=l.slice(9).trim(),e=r(o);return"ok"===e?console.log(chalk.green(" Access granted! Token bound to this device.")):"already_bound"===e?(console.log(),console.log(chalk.red(" Token already activated on a different device.")),console.log(chalk.gray(" Each token binds to the first device that uses it. If you lost the device,")),console.log(chalk.gray(" contact your proctor to have the token re-issued for a new device."))):(console.log(),console.log(chalk.red(" Token not recognized.")),console.log(chalk.gray(" Possible reasons:")),console.log(chalk.white(" • ")+chalk.gray("Typo — tokens are case-insensitive, 10 chars, start with a 2-letter country code (e.g. ")+chalk.cyan("UAK7M2R9Q4")+chalk.gray(")")),console.log(chalk.white(" • ")+chalk.gray("Expired — ask your proctor or organizer for a fresh token")),console.log(chalk.white(" • ")+chalk.gray("Network — verify connection to ")+chalk.cyan("practice.icoa2026.au")),console.log(chalk.gray(" Still stuck? type ")+chalk.cyan("help")+chalk.gray(" or try ")+chalk.cyan("exam demo")+chalk.gray(" for a free practice round."))),console.log(),void K.prompt()}if("activate"===l)return console.log(chalk.gray(" Usage: ")+chalk.white("activate <token>")),console.log(),void K.prompt();const m=b();if(m){const o=l.toUpperCase().trim(),t=o=>{const e=m.questions.find(e=>e.number===o);return!!e&&("ai4ctf"===e.type||"ctf4ai"===e.type||e.options&&!e.options.A&&!e.options.B)},n=o=>{const e="demo-free"!==m.session.examId,t=e&&o>=39?"ctf4ai":e&&o>=31?"ai4ctf":null;console.log(),console.log(chalk.yellow(` Q${o} is a practical question — letters (A/B/C/D) don't apply here.`)),t?(console.log(chalk.white(" Enter the AI chat for this question: ")+chalk.bold.cyan(t)),console.log(chalk.gray(" Or submit a flag directly: ")+chalk.green(`exam answer ${o} ICOA{your_flag}`))):console.log(chalk.gray(" Submit a flag: ")+chalk.green(`exam answer ${o} ICOA{your_flag}`)),console.log()};if(/^[ABCD]$/.test(o)){const l=m._lastQ||1;if(t(l))return n(l),void K.prompt();Z=!0;try{await e.parseAsync(["node","icoa","exam","answer",String(l),o])}catch{}return Z=!1,void K.prompt()}const s=o.match(/^(\d+)\s+([ABCD])$/);if(s){const o=parseInt(s[1],10);if(t(o))return n(o),void K.prompt();Z=!0;try{await e.parseAsync(["node","icoa","exam","answer",s[1],s[2]])}catch{}return Z=!1,void K.prompt()}}const p=l.split(/\s+/)[0].toLowerCase(),d=/^python3?(\.\d+)?$/.test(p),x=l.startsWith("!")||p.startsWith("!")||d;if("selection"===J&&!x&&!["exam","demo","retry","nations","next","prev","continue","setup","lang","ref","ai4ctf","ctf4ai","mark","unmark","review","submit","env"].includes(p)){if(console.log(chalk.gray(" Not available in Selection mode.")),m){const o=m._lastQ||1;console.log(chalk.white(` Resume exam: exam q ${o}`)+chalk.gray(" · ")+chalk.white("A/B/C/D")+chalk.gray(" to answer"))}else console.log(chalk.gray(" Try: demo · setup to switch mode"));return console.log(),void K.prompt()}if("organizer"===J&&!["join","exam","demo","retry","next","prev","logout","setup","lang","ref","ctf","mark","unmark","review","submit"].includes(p))return console.log(chalk.gray(" Not available in Organizer mode. Switch via: setup")),console.log(),void K.prompt();if(!("olympiad"!==J||a()&&c()||i(p)))return console.log(chalk.yellow(" Restricted mode. ")+chalk.gray("Enter your access token:")),console.log(chalk.white(" activate <token>")),console.log(),console.log(chalk.gray(" Free commands: ")+chalk.white("ref [topic]")+chalk.gray(", ")+chalk.white("help")+chalk.gray(", ")+chalk.white("exit")),console.log(),void K.prompt();if(!["join","activate","challenges","ch","open","submit","flag","scoreboard","sb","status","time","ref","shell","files","connect","note","log","lang","setup","env","ai4ctf","model","ctf","exam","demo","retry","nations","next","prev","continue","logout","ctf4ai","mark","unmark","review","submit"].includes(p)){if(B.has(p))return console.log(chalk.red(` Blocked: ${p} is not allowed during competition.`)),console.log(),void K.prompt();if(/(?:^|\s)(?:\/(?!home\/|Users\/|tmp\/)|\.\.\/|~\/)/.test(l)&&!l.startsWith("cd ")){const o=/(?:^|\s)\/(?!home\/\w+\/icoa-workspace|Users\/\w+\/icoa-workspace|tmp\/)/.test(l),e=/\.\./.test(l);if(o||e)return console.log(chalk.red(" Blocked: access outside workspace is not allowed.")),console.log(chalk.gray(` Workspace: ${U}`)),console.log(),void K.prompt()}let o=l.startsWith("!")?l.slice(1).trim():l;if("darwin"===process.platform){const e="/opt/homebrew/opt/python@3.12/bin/python3.12";o=o.replace(/^python3?\s/,`${e} `).replace(/^(python3|python)$/,e)}else if("win32"===process.platform){const e=(()=>{try{return t("py -3 --version",{stdio:["ignore","ignore","ignore"],timeout:1500}),"py -3"}catch{}return"python"})();o=o.replace(/^python3?(\.\d+)?\s/,`${e} `).replace(/^python3?(\.\d+)?$/,e)}else{const e=(()=>{try{return t("which python3.12",{stdio:"ignore"}),"python3.12"}catch{return"python3"}})();o=o.replace(/^python\s/,`${e} `).replace(/^python$/,e)}const e=z();/^(\S*python3?(\.\d+)?)\s*$/.test(o)&&(o=`PYTHONSTARTUP="${function(){const o=D(F(),".icoa");P(o)||R(o,{recursive:!0});const e=D(o,"python-startup.py");return P(e)||N(e,"# ICOA exam interactive startup — auto-loaded by PYTHONSTARTUP\nimport base64, struct, hashlib, re, json, os, sys, binascii\ntry: import requests\nexcept ImportError: pass\ntry: from Crypto.Cipher import AES\nexcept ImportError: pass\ntry: from Crypto.Util.Padding import pad, unpad\nexcept ImportError: pass\ntry: from pwn import xor, p32, u32, p64, u64\nexcept ImportError: pass\ntry: import bs4\nexcept ImportError: pass\ntry: import numpy as np\nexcept ImportError: pass\n"),e}()}" ${o}`,console.log(),console.log(chalk.cyan(" ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━")),console.log(chalk.bold.white(" Python ready — ICOA exam toolkit pre-loaded")),console.log(chalk.cyan(" ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━")),console.log(),console.log(chalk.white(" Already imported: ")+chalk.gray("base64, struct, hashlib, re, json, binascii")),console.log(chalk.white(" Also available: ")+chalk.gray("requests, bs4, numpy, AES, pad/unpad, xor, p32/u32/p64/u64")),console.log(),console.log(chalk.yellow(" Quick examples:")),console.log(chalk.gray(' base64.b64decode("aGVsbG8=") ')+chalk.gray("# decode base64")),console.log(chalk.gray(' bytes.fromhex("48656c6c6f") ')+chalk.gray("# hex → bytes")),console.log(chalk.gray(' "ICOA{x}".encode() ')+chalk.gray("# str → bytes")),console.log(chalk.gray(" [chr(c) for c in [73,67,79,65]] ")+chalk.gray("# ASCII codes")),console.log(chalk.gray(' xor(bytes.fromhex("0a2b"), b"IC") ')+chalk.gray("# pwntools XOR")),console.log(),console.log(chalk.gray(" Exit: ")+chalk.white("exit()")+chalk.gray(" or Ctrl-D")),console.log(chalk.cyan(" ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━")),console.log()),Z=!0;try{q()&&await S()?await O(o,K):await Y(o,K,e)}catch{console.log(chalk.yellow(` Command failed: ${p}`))}return Z=!1,console.log(),void K.prompt()}Z=!0;const v=l.trim(),C=v.toLowerCase();let k,A=null,T="";if(m)if("submit"===C)A="final";else if(C.startsWith("submit ")){const o=v.slice(7).trim();o&&/^ICOA\{[^}]*\}?$/i.test(o)&&(A="flag",T=o)}k="final"===A?["exam","submit"]:"flag"===A?["exam","answer",String(m?._lastQ||1),T]:function(o){const e=o.split(/\s+/),t=e[0].toLowerCase(),l=e.slice(1),n={demo:["exam","demo"],retry:["exam","demo-retry"],nations:["exam","nations"],next:["exam","next"],prev:["exam","prev"],mark:["exam","mark",...l],unmark:["exam","unmark",...l],review:["exam","review"],logout:["ctf","logout"],join:["ctf","join",...l],activate:["ctf","activate",...l],challenges:["ctf","challenges"],ch:["ctf","challenges"],open:["ctf","open",...l],submit:["ctf","submit",...l],flag:["ctf","submit",...l],scoreboard:["ctf","scoreboard",...l],sb:["ctf","scoreboard",...l],status:["ctf","status"],time:["ctf","time"]};return n[t]?n[t]:["ref","shell","files","connect","note","log","lang","setup","env","ai4ctf","model","ctf","exam","ctf4ai"].includes(t)?[t,...l]:e}(l);const j="ctf"===k[0]&&"join"===k[1];j&&K.pause(),process.exit=()=>{throw new Error(W)};try{await e.parseAsync(["node","icoa",...k])}catch(o){const e=o instanceof Error?o.message:String(o);if(e===W);else if(e.includes("commander.unknownCommand")){const{distance:o}=await import("fastest-levenshtein"),e=["ctf","ref","shell","files","connect","note","log","lang","setup","env","ai4ctf","exam","ctf4ai","theme","clear","cls","quit","exit","back","menu","help","continue","activate","demo","challenges","status","scoreboard","join","logout"],t=p.split(/\s+/)[0]||p;let l={word:"",dist:1/0};for(const n of e){const e=o(t.toLowerCase(),n);e<l.dist&&(l={word:n,dist:e})}console.log(chalk.yellow(` Unknown command: ${p}.`)),l.dist>0&&l.dist<=2&&console.log(chalk.gray(" Did you mean: ")+chalk.bold.cyan(l.word)+chalk.gray("?")),console.log(chalk.gray(" Type ")+chalk.cyan("help")+chalk.gray(" for the full command list."))}else e.includes("commander.")||(e.includes("fetch failed")||e.includes("ECONNREFUSED")||e.includes("ETIMEDOUT"))&&console.log(chalk.yellow(" Network error. Check your connection."))}finally{process.exit=I,Z=!1,j&&K.resume()}u()?K.setPrompt(chalk.magenta("ai4ctf> ")):w()&&K.setPrompt(chalk.red("ctf4ai> ")),console.log(),K.prompt()}),K.on("SIGINT",()=>{if(console.log(),u()||w())console.log(chalk.yellow(" Ctrl+C did not close ICOA CLI — you are still in the AI chat.")),console.log(chalk.white(" Type ")+chalk.bold.cyan("exit")+chalk.white(" to leave the chat and return to the menu."));else if(b()){const o="demo-free"!==b().session.examId;console.log(chalk.yellow(" Ctrl+C did NOT close ICOA CLI.")),console.log(chalk.gray(` Your ${o?"exam":"demo"} is paused and every answer is auto-saved.`)),console.log(),console.log(chalk.white(" Resume: ")+chalk.cyan("exam q 1")+chalk.gray(" · Back to menu: ")+chalk.cyan("back")+chalk.gray(" · Close CLI: ")+chalk.cyan(o?"quit confirm":"quit"))}else console.log(chalk.yellow(" Ctrl+C did not close ICOA CLI — you are still at the ")+chalk.cyan("icoa>")+chalk.yellow(" prompt.")),console.log(chalk.gray(" Keep typing — ")+chalk.cyan("help")+chalk.gray(" lists commands. (Only ")+chalk.cyan("quit")+chalk.gray(" or Ctrl+D actually close the CLI.)"));console.log(),K.prompt()}),K.on("close",()=>{E(),g(),$(),I(0)})}function Y(o,t,l){return new Promise(n=>{const s=process.stdin,a=!!s.isTTY&&!!s.isRaw;if(t.pause(),s.isTTY&&"function"==typeof s.setRawMode)try{s.setRawMode(!1)}catch{}const r=e(o,{shell:!0,stdio:"inherit",cwd:l||process.cwd()}),i=()=>{if(s.isTTY&&"function"==typeof s.setRawMode&&a)try{s.setRawMode(!0)}catch{}t.resume(),n()};r.on("close",i),r.on("error",i)})}
1
+ import{createInterface as o}from"node:readline";import{spawn as e,execSync as t}from"node:child_process";import chalk from"chalk";import{isConnected as l,getConfig as n,saveConfig as s}from"./lib/config.js";import{isActivated as a,activateToken as r,isFreeCommand as i,isDeviceMatch as c,recordExit as g,recordResume as y,isFirstRunOrUpgrade as m,markVersionSeen as p}from"./lib/access.js";import{setReplMode as d}from"./lib/ui.js";import{isChatActive as u,handleChatMessage as h}from"./commands/ai4ctf.js";import{isCtf4aiActive as w,handleCtf4aiMessage as f}from"./commands/ctf4ai-demo.js";import{getExamState as b,getRealExamState as x,getDemoState as v}from"./lib/exam-state.js";import{getDemoStats as C}from"./lib/demo-stats.js";import{isExamSetupComplete as I}from"./lib/exam-setup.js";import{DEMO_PICK_SIZE as A,DEMO_POOL_SIZE as k}from"./lib/demo-exam.js";import{isNativeWindowsCmd as $}from"./lib/platform.js";import{resetTerminalTheme as T}from"./lib/theme.js";import{ensureSandbox as S,runInSandbox as O,isDockerAvailable as q}from"./lib/sandbox.js";import{logCommand as L}from"./lib/logger.js";import{startLogSync as j,stopLogSync as E}from"./lib/log-sync.js";import{existsSync as P,mkdirSync as R,writeFileSync as N}from"node:fs";import{join as D}from"node:path";import{homedir as F}from"node:os";function M(){return x()?chalk.cyan("exam> "):v()?chalk.yellow("demo> "):chalk.green("icoa> ")}const U=D(F(),"icoa-workspace");function z(){return P(U)||R(U,{recursive:!0}),U}const B=new Set(["sudo","su","doas","pkexec","brew","apt","apt-get","yum","choco","npm","npx","pip","pip3","shutdown","reboot","halt","mkfs","fdisk","dd","iptables","ufw"]),W="__REPL_NO_EXIT__",Q="2.5.1";function _(){const o=C(),e=I(),l=`Free practice — ${A} questions (from pool of ${k})`,n=$();if(console.log(),console.log(` ${chalk.cyan.bold("[Selection Mode]")}`),console.log(),n)console.log(chalk.gray(" Platform: ")+chalk.white("Windows cmd.exe")+chalk.gray(" — routed to Paper C (MCQ-only, 45 min, 70 pts, zero extra tools)")),console.log();else if(o.attempts>0){const o=function(){const o=["python3.12 --version","/opt/homebrew/opt/python@3.12/bin/python3.12 --version","/usr/local/opt/python@3.12/bin/python3.12 --version","python3 --version","python --version","py -3.12 --version","py -3 --version"];let e="",l="missing";for(const n of o)try{const o=t(n,{encoding:"utf-8",timeout:2e3,stdio:["ignore","pipe","ignore"]}).trim().replace("Python ",""),[s,a]=o.split(".").map(Number);if(3===s&&12===a)return{ok:!0,version:o,status:"ok"};e=o,l=3===s&&a>=10&&a<12?"old":3===s&&a>12?"new":"missing"}catch{}return{ok:"missing"!==l,version:e,status:l}}();"missing"===o.status?(console.log(chalk.yellow(" ⚠ Python not detected. For exam practical questions:")),console.log(chalk.gray(" → ")+chalk.bold.cyan("env python")+chalk.gray(" (platform install guide)")),console.log()):"new"===o.status&&(console.log(chalk.yellow(` ⚠ Python ${o.version} may lack CTF wheels. Python 3.12 recommended:`)),console.log(chalk.gray(" → ")+chalk.bold.cyan("env python")+chalk.gray(" (install guide)")),console.log())}if(0===o.attempts)console.log(chalk.white(" New here? Start with ")+chalk.bold.cyan("demo")+chalk.white(" — it takes a few minutes.")),console.log(),console.log(chalk.gray(" ─────────────────────────────────────────────")),console.log(chalk.bold.cyan(" demo")+chalk.gray(` ${l}`)),console.log(chalk.white(" lang")+chalk.gray(" List all supported languages")),console.log(chalk.white(" lang es")+chalk.gray(" Switch language (e.g. lang es, lang zh, lang fr)")),console.log(chalk.gray(" ─────────────────────────────────────────────"));else if(e||n){const e=1===o.attempts?"attempt":"attempts";o.attempts>0&&console.log(chalk.green(" ✓ Demo completed ")+chalk.gray(`(${o.attempts} ${e})`)),n||console.log(chalk.green(" ✓ Environment ready")),console.log(chalk.yellow(" → Enter your exam token to begin.")),console.log(chalk.gray(" (10-char code from your organizer, starts with your country code like ")+chalk.cyan("UA")+chalk.gray(" — case-insensitive)")),console.log(),console.log(chalk.gray(" ─────────────────────────────────────────────")),console.log(chalk.bold.yellow(" exam <token>")+chalk.gray(" Enter exam (primary action — use your organizer-issued token)")),console.log(chalk.gray(" format: ")+chalk.white("exam UAxxxxxxxx")+chalk.gray(" (2-letter country prefix + 8 chars)")),console.log(chalk.gray(" ─────────────────────────────────────────────")),console.log(chalk.gray(" Other commands:")),console.log(chalk.white(" demo")+chalk.gray(` ${l}`)),n||console.log(chalk.white(" exam setup")+chalk.gray(" Re-verify tool environment")),console.log(chalk.white(" lang")+chalk.gray(" List all supported languages")),console.log(chalk.white(" lang es")+chalk.gray(" Switch language (e.g. lang es, lang zh, lang fr)")),console.log(chalk.gray(" ─────────────────────────────────────────────"))}else{const e=1===o.attempts?"attempt":"attempts";console.log(chalk.green(" ✓ Demo completed ")+chalk.gray(`(${o.attempts} ${e}${o.bestPercentage>0?` · best ${o.bestPercentage}%`:""})`)),console.log(chalk.yellow(" → Next: prepare your environment for the real exam.")),console.log(),console.log(chalk.gray(" ─────────────────────────────────────────────")),console.log(chalk.white(" demo")+chalk.gray(` ${l}`)),console.log(chalk.bold.yellow(" exam setup")+chalk.gray(" Install tools for national selection (~150MB)")),console.log(chalk.white(" lang")+chalk.gray(" List all supported languages")),console.log(chalk.white(" lang es")+chalk.gray(" Switch language (e.g. lang es, lang zh, lang fr)")),console.log(chalk.gray(" ─────────────────────────────────────────────"))}console.log(chalk.gray(" ")+chalk.gray("Tip: ")+chalk.cyan("help")+chalk.gray(" for commands · ")+chalk.cyan("Ctrl+C")+chalk.gray(" pauses · ")+chalk.cyan("quit")+chalk.gray(" closes")),console.log()}export async function startRepl(e,x){const v=n(),C=l(),I=process.exit.bind(process),A=a();if(v.demoCleanedForVersion!==Q){try{const{existsSync:o,unlinkSync:e}=await import("node:fs"),{join:t}=await import("node:path"),{getIcoaDir:l}=await import("./lib/config.js"),n=t(l(),"demo-state.json");o(n)&&e(n)}catch{}s({demoCleanedForVersion:Q})}const{select:k,confirm:$}=await import("@inquirer/prompts"),V=v.mode||"",G=[{name:` ${chalk.bold("National Selection")} ${chalk.gray("—")} ${chalk.gray("demo, exam (lightweight)")}`,value:"selection"},{name:` ${chalk.bold("International Olympiad")} ${chalk.gray("—")} ${chalk.gray("CTF × AI (~500MB, advanced)")}`,value:"olympiad"},{name:` ${chalk.bold("National/Regional Partner")} ${chalk.gray("—")} ${chalk.gray("organizer tools (tokens, competitions)")}`,value:"organizer"},{name:` ${chalk.gray("About ICOA")} ${chalk.gray("·")} ${chalk.gray("Info & contact")}`,value:"about"}];console.log(chalk.gray(" Use ")+chalk.yellow("↑")+chalk.gray(" or ")+chalk.yellow("↓")+chalk.gray(" to select, ")+chalk.yellow("Enter")+chalk.gray(" to confirm.")),console.log();let J="";for(;!J;){const o=await k({message:"Mode",choices:G,default:V||"selection"});"about"!==o?J=o:(console.clear(),console.log(),console.log(chalk.cyan(" ═══════════════════════════════════════════════════")),console.log(chalk.bold.yellow(" ICOA")+chalk.white(" — AI-Native CLI OS for Cyber & AI Security")),console.log(chalk.gray(" Olympiad & Competition · K-12 to University")),console.log(chalk.cyan(" ───────────────────────────────────────────────────")),console.log(),console.log(chalk.bold.white(" What Makes ICOA Different")),console.log(chalk.gray(" · AI-native AI teammate, AI adversary, AI translation")),console.log(chalk.gray(" · CLI OS Complete competition environment in terminal")),console.log(chalk.gray(" · 110 tools pwntools, z3, gdb, nmap, sleuthkit... pre-configured")),console.log(chalk.gray(" · Global scale 15,000+ concurrent exams · 15 languages")),console.log(),console.log(chalk.bold.white(" Competition Format")),console.log(` ${chalk.green.bold("AI4CTF")}${chalk.gray(" [Day 1] AI as teammate — 5hr jeopardy CTF")}`),console.log(` ${chalk.red.bold("CTF4AI")}${chalk.gray(" [Day 2] Challenge AI — adversarial ML, red-team")}`),console.log(),console.log(chalk.white(" Sydney, Australia")+chalk.gray(" · Jun 27 - Jul 2, 2026 · 40+ countries")),console.log(),console.log(chalk.bold.white(" Organized by")+chalk.gray(" ASRA (Australia) · ICO Foundation Inc")),console.log(chalk.bold.white(" Contact ")+chalk.cyan(" australia@icoa2026.au · accreditation@icoa2026.au")),console.log(chalk.bold.white(" Website ")+chalk.cyan.underline(" https://icoa2026.au")),console.log(chalk.cyan(" ═══════════════════════════════════════════════════")),console.log(),console.log(chalk.gray(" Press ")+chalk.yellow("Enter")+chalk.gray(" to return...")),await new Promise(o=>{const e=t=>{process.stdin.removeListener("data",e),process.stdin.isTTY&&process.stdin.setRawMode&&process.stdin.setRawMode(!1),process.stdin.pause(),o()};process.stdin.isTTY&&process.stdin.setRawMode&&process.stdin.setRawMode(!0),process.stdin.resume(),process.stdin.once("data",e)}),console.clear())}if("olympiad"===J&&"olympiad"!==V&&(console.log(),console.log(chalk.yellow(" This mode will download ~500MB of CTF tools and AI models.")),await $({message:"Continue?",default:!0})||(J="selection",console.log(chalk.gray(" Switched to National Selection mode.")))),J!==V&&s({mode:J}),console.log(),"olympiad"===J&&m(Q)){p(Q),console.log(chalk.gray(" Checking competition environment..."));const{execSync:o}=await import("node:child_process"),e=[{name:"pwntools",cmd:'python3 -c "import pwn"'},{name:"z3-solver",cmd:'python3 -c "import z3"'},{name:"numpy",cmd:'python3 -c "import numpy"'},{name:"requests",cmd:'python3 -c "import requests"'}];let t=0;for(const l of e)try{o(l.cmd,{stdio:"ignore"})}catch{t++}if(t>0){console.log(chalk.yellow(` ${t} core libraries missing.`));try{const{confirm:o}=await import("@inquirer/prompts");if(await o({message:" Install competition Python libraries now?",default:!0,theme:{prefix:"",style:{message:o=>chalk.green(o),defaultAnswer:o=>chalk.green(o)}}})){console.log();const{execSync:o}=await import("node:child_process");o("icoa env setup",{stdio:"inherit"})}}catch{console.log(chalk.gray(" Run ")+chalk.white("env setup")+chalk.gray(" later to install."))}console.log()}else console.log(chalk.green(" All core libraries ready.")),console.log()}if(x){const o=y();if(o){const e=Math.floor(o.awaySeconds/60),t=o.awaySeconds%60;console.log(chalk.yellow(` Session resumed. Away: ${e}m ${t}s | Total exits: ${o.exitCount}`)),console.log()}}"selection"===J?_():"organizer"===J?(console.log(chalk.yellow.bold(" [National/Regional Partner]")),console.log(),console.log(chalk.bold.white(" ██╗ ██████╗ ██████╗ █████╗")),console.log(chalk.bold.white(" ██║██╔════╝██╔═══██╗██╔══██╗")),console.log(chalk.bold.white(" ██║██║ ██║ ██║███████║")),console.log(chalk.bold.white(" ██║██║ ██║ ██║██╔══██║")),console.log(chalk.bold.white(" ██║╚██████╗╚██████╔╝██║ ██║")),console.log(chalk.bold.white(" ╚═╝ ╚═════╝ ╚═════╝ ╚═╝ ╚═╝")),console.log(),console.log(chalk.yellow(" International Cyber Olympiad in AI 2026")),console.log(chalk.bold.magenta(" The World's First AI-Native CLI Operating System")),console.log(chalk.bold.magenta(" for Cybersecurity & AI Security Competition")),console.log(chalk.bold.magenta(" and Olympiad for K-12")),console.log(chalk.gray(" Sydney, Australia · Jun 27 - Jul 2, 2026")),console.log(),console.log(chalk.white(" Vision")),console.log(chalk.gray(" Building a global pipeline for youth cyber & AI")),console.log(chalk.gray(" security talent through education and competition.")),console.log(),console.log(chalk.white(" Capacity")),console.log(chalk.gray(" 15,000+ concurrent online examinations")),console.log(chalk.gray(" National selection, training, and education support")),console.log(),console.log(chalk.white(" Olympic Spirit")),console.log(chalk.gray(" Excellence · Friendship · Respect")),console.log(),console.log(chalk.gray(" ─────────────────────────────────────────────")),console.log(chalk.white(" New country accreditation & support:")),console.log(chalk.cyan(" australia@icoa2026.au")),console.log(chalk.cyan(" accreditation@icoa2026.au")),console.log(chalk.gray(" ─────────────────────────────────────────────")),console.log(),C?(console.log(chalk.green(` Logged in as ${v.userName}`)),console.log(chalk.white(" exam list")+chalk.gray(" Manage exams")),console.log(chalk.white(" logout")+chalk.gray(" Disconnect"))):console.log(chalk.white(" join <url>")+chalk.gray(" Connect to manage exams")),console.log()):A&&!c()?(console.log(chalk.red(" Token was activated on a different device.")),console.log(chalk.gray(" Contact organizer for assistance.")),console.log()):C?(console.log(chalk.green.bold(` Welcome back, ${v.userName}!`)),console.log(chalk.gray(` Connected to ${v.ctfdUrl}`)),console.log(),console.log(chalk.gray(" ─────────────────────────────────────────────")),console.log(chalk.white(" Ready to compete? Start here:")),console.log(),console.log(chalk.bold.cyan(" challenges")+chalk.gray(" Browse challenges by category")),console.log(chalk.white(" status")+chalk.gray(" Your score & hint budget")),console.log(chalk.white(" scoreboard")+chalk.gray(" Live rankings")),console.log(chalk.white(" help")+chalk.gray(" Full command list")),console.log(),console.log(chalk.gray(" Tool environment:")),console.log(chalk.white(" env")+chalk.gray(" See which of the 110 CTF tools are installed")),console.log(chalk.white(" env setup")+chalk.gray(" Install anything missing (~5 min, one-time)")),console.log(chalk.gray(" ─────────────────────────────────────────────")),console.log(chalk.gray(" Tip: ")+chalk.cyan("help")+chalk.gray(" · ")+chalk.cyan("Ctrl+C")+chalk.gray(" pauses · ")+chalk.cyan("quit")+chalk.gray(" closes")),console.log()):A?(z(),console.log(chalk.green.bold(" Welcome, competitor!")),console.log(chalk.gray(` Workspace: ${U}`)),console.log(),console.log(chalk.gray(" ─────────────────────────────────────────────")),console.log(chalk.white(" Get started:")),console.log(),console.log(chalk.white(" Step 1 ")+chalk.bold.cyan("join <url>")+chalk.gray(" Connect to competition server")),console.log(chalk.white(" Step 2 ")+chalk.bold.cyan("challenges")+chalk.gray(" Browse & solve challenges")),console.log(chalk.white(" Step 3 ")+chalk.bold.cyan("ai4ctf")+chalk.gray(" Ask AI when stuck")),console.log(),console.log(chalk.gray(" Before Step 1 — make sure your tools are ready:")),console.log(chalk.white(" env")+chalk.gray(" See which of the 110 CTF tools are installed")),console.log(chalk.white(" env setup")+chalk.gray(" Install anything missing (~5 min, one-time)")),console.log(),console.log(chalk.gray(" Also: ")+chalk.white("help")+chalk.gray(" all commands")),console.log(chalk.gray(" ─────────────────────────────────────────────")),console.log(chalk.gray(" Tip: ")+chalk.cyan("Ctrl+C")+chalk.gray(" pauses · ")+chalk.cyan("exit")+chalk.gray(" → menu · ")+chalk.cyan("quit")+chalk.gray(" closes CLI")),console.log()):(console.log(chalk.bold.white(" Welcome to ICOA CLI — International Olympiad")),console.log(),console.log(chalk.gray(" ─────────────────────────────────────────────")),console.log(chalk.white(" To begin, activate your competition token:")),console.log(),console.log(chalk.bold.cyan(" activate <token>")),console.log(),console.log(chalk.gray(" While waiting, explore:")),console.log(chalk.white(" ref linux")+chalk.gray(" Quick reference for Linux")),console.log(chalk.white(" ref web")+chalk.gray(" Quick reference for Web")),console.log(chalk.white(" env")+chalk.gray(" See which of the 110 CTF tools are installed")),console.log(chalk.white(" env setup")+chalk.gray(" Install anything missing (~5 min, one-time)")),console.log(chalk.white(" help")+chalk.gray(" All available commands")),console.log(chalk.gray(" ─────────────────────────────────────────────")),console.log(chalk.gray(" Tip: ")+chalk.cyan("Ctrl+C")+chalk.gray(" pauses · ")+chalk.cyan("exit")+chalk.gray(" → menu · ")+chalk.cyan("quit")+chalk.gray(" closes CLI")),console.log()),e.exitOverride(),e.configureOutput({writeErr:()=>{},writeOut:o=>{console.log(o)}});const K=o({input:process.stdin,output:process.stdout,prompt:M(),terminal:!0});let Z=!1;d(!0),j();const H=K.prompt.bind(K);K.prompt=o=>{u()||w()||K.setPrompt(M()),H(o)},K.prompt(),K.on("line",async o=>{if(Z)return;const l=o.trim();if(!l)return K.setPrompt(u()?chalk.magenta("ai4ctf> "):M()),void K.prompt();if(u()){Z=!0;const o=await h(l);return Z=!1,"exit"===o&&K.setPrompt(M()),void K.prompt()}if(w()){Z=!0;const o=await f(l);return Z=!1,"exit"!==o&&"solved"!==o||K.setPrompt(M()),void K.prompt()}if(L(l),"exit"===l)return b()?(console.log(),console.log(chalk.yellow(" ⚠ An exam is in progress.")),console.log(chalk.white(" To return to menu without losing progress, type: ")+chalk.bold.cyan("back")),console.log(chalk.white(" To fully close ICOA CLI, type: ")+chalk.bold.cyan("quit")),console.log(chalk.gray(" Your progress is auto-saved either way.")),console.log(),void K.prompt()):(console.log(),console.log(chalk.gray(" ")+chalk.white("exit")+chalk.gray(" returns to the main menu. To fully close ICOA CLI, type ")+chalk.bold.cyan("quit")+chalk.gray(".")),"selection"===J&&_(),void K.prompt());if("quit"===l||"q"===l||"quit confirm"===l){const o=b();return o&&"demo-free"!==o.session.examId&&"quit confirm"!==l?(console.log(),console.log(chalk.yellow(" ⚠ A real exam is in progress.")),console.log(chalk.gray(" Your answers are auto-saved on the server, but the exam timer keeps ticking")),console.log(chalk.gray(" on the server side even if you close the CLI.")),console.log(),console.log(chalk.white(" To leave the CLI but keep the exam alive, type: ")+chalk.bold.cyan("back")),console.log(chalk.gray(" (recommended — you can resume with ")+chalk.cyan("exam q 1")+chalk.gray(" after relaunching icoa)")),console.log(),console.log(chalk.white(" To really close ICOA CLI, type: ")+chalk.bold.cyan("quit confirm")),console.log(),void K.prompt()):(o&&"demo-free"===o.session.examId&&(console.log(),console.log(chalk.gray(" Demo paused. Resume with: ")+chalk.white("demo")+chalk.gray(" (fresh) or ")+chalk.white("exam q 1")+chalk.gray(" (continue)."))),E(),g(),console.log(chalk.gray(" Session saved. Use ")+chalk.white("icoa --resume")+chalk.gray(" to continue.")),T(),void I(0))}if("back"===l||"menu"===l){const o=b(),e=o&&"demo-free"!==o.session.examId,t=o&&"demo-free"===o.session.examId&&(()=>{const e=new Date(o.session.startedAt||0).getTime();return Date.now()-e<18e5})();if(e)console.log(),console.log(chalk.gray(" Exam paused. Your progress is saved.")),console.log(chalk.white(" Resume: exam q 1")+chalk.gray(" · ")+chalk.white("exam review")+chalk.gray(" · ")+chalk.white("exam submit")),console.log();else if(t){const e=Object.keys(o.answers).length,t=o.session.questionCount;console.log(),console.log(chalk.gray(` Demo paused (${e}/${t} answered). Resume with: `)+chalk.white("exam q 1")),console.log(chalk.gray(" Or type ")+chalk.white("demo")+chalk.gray(" to restart.")),console.log()}else{if(o&&"demo-free"===o.session.examId){const{clearExamState:o}=await import("./lib/exam-state.js");o("demo-free")}const e=n();fetch("https://practice.icoa2026.au/api/icoa/demo-stats",{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({type:"post-report-back",lang:e.language||"en",timestamp:(new Date).toISOString()}),signal:AbortSignal.timeout(5e3)}).catch(()=>{}),"selection"===J?_():console.log(chalk.gray(" Already at main menu."))}return void K.prompt()}if("help"===l||"?"===l){if(b()){Z=!0;try{await e.parseAsync(["node","icoa","exam","help"])}catch{}return Z=!1,void K.prompt()}return function(o,e="olympiad"){console.log(),"selection"===e||"organizer"===e?(console.log(chalk.bold.white(" Exam")),console.log(chalk.white(" join <url> ")+chalk.gray("Connect to exam server")),console.log(chalk.white(" exam list ")+chalk.gray("Available exams")),console.log(chalk.white(" exam start <id> ")+chalk.gray("Begin an exam")),console.log(chalk.white(" exam q [n] ")+chalk.gray("View questions")),console.log(chalk.white(" exam answer <n> <X> ")+chalk.gray("Answer question")),console.log(chalk.white(" exam review ")+chalk.gray("Review all answers")),console.log(chalk.white(" exam submit ")+chalk.gray("Submit for grading")),console.log(chalk.white(" exam result ")+chalk.gray("View your score")),console.log(),console.log(chalk.bold.white(" System")),console.log(chalk.white(" ref [topic] ")+chalk.gray("Quick reference")),console.log(chalk.white(" setup ")+chalk.gray("Settings / switch mode")),console.log(chalk.white(" lang [code] ")+chalk.gray("Switch language")),console.log(chalk.white(" clear ")+chalk.gray("Clear screen")),console.log(chalk.white(" exit ")+chalk.gray("Quit")),console.log()):o?(console.log(chalk.cyan(" ═══════════════════════════════════════════════")),console.log(chalk.bold.white(" How it works")),console.log(),console.log(chalk.gray(" 1. Browse ")+chalk.white("challenges")+chalk.gray(" and pick one")),console.log(chalk.gray(" 2. ")+chalk.white("open <id>")+chalk.gray(" to read the challenge")),console.log(chalk.gray(" 3. Use ")+chalk.white("ai4ctf")+chalk.gray(" to chat with AI when stuck")),console.log(chalk.gray(" 4. ")+chalk.white("submit <id> icoa{flag}")+chalk.gray(" to score points")),console.log(chalk.gray(" 5. Check ")+chalk.white("scoreboard")+chalk.gray(" to track your rank")),console.log(chalk.cyan(" ═══════════════════════════════════════════════")),console.log(),console.log(chalk.bold.white(" Competition")),console.log(chalk.white(" join <url> ")+chalk.gray("Connect to CTFd")),console.log(chalk.white(" challenges (ch) ")+chalk.gray("List challenges by category")),console.log(chalk.white(" open <id> ")+chalk.gray("Read challenge + get next steps")),console.log(chalk.white(" submit <id> <flag> ")+chalk.gray("Submit a flag")),console.log(chalk.white(" scoreboard (sb) ")+chalk.gray("Live rankings")),console.log(chalk.white(" status ")+chalk.gray("Your score, budget & timer")),console.log(chalk.white(" time ")+chalk.gray("Countdown timer")),console.log(),console.log(chalk.bold.white(" AI Teammate")+chalk.gray(" — 3 levels, use wisely")),console.log(chalk.white(' hint "question" ')+chalk.gray("Level A — General guidance (50 uses)")),console.log(chalk.white(' hint-b "question" ')+chalk.gray("Level B — Deep analysis (10 uses)")),console.log(chalk.white(' hint-c "question" ')+chalk.gray("Level C — Critical assist (2 uses)")),console.log(chalk.white(" hint budget ")+chalk.gray("Check remaining uses")),console.log(chalk.white(" ai4ctf ")+chalk.gray("Free-chat with AI (no limit)")),console.log(),console.log(chalk.bold.white(" Tools")),console.log(chalk.white(" ref [topic] ")+chalk.gray("Quick reference (linux, web, crypto...)")),console.log(chalk.white(" shell ")+chalk.gray("Docker sandbox")),console.log(chalk.white(" files <id> ")+chalk.gray("Download challenge files")),console.log(chalk.white(" connect <id> ")+chalk.gray("Connect to remote target")),console.log(chalk.white(" note [text] ")+chalk.gray("Personal notepad")),console.log(chalk.white(" log ")+chalk.gray("Session history")),console.log(),console.log(chalk.bold.white(" System")),console.log(chalk.white(" setup ")+chalk.gray("Configure settings")),console.log(chalk.white(" lang [code] ")+chalk.gray("Switch language (15 supported)")),console.log(chalk.white(" logout ")+chalk.gray("Disconnect")),console.log(chalk.white(" clear ")+chalk.gray("Clear screen")),console.log(chalk.white(" exit ")+chalk.gray("Quit (session saved)")),console.log()):(console.log(chalk.bold.yellow(" Restricted Mode — activate with a token to unlock all commands")),console.log(),console.log(chalk.white(" activate <token> ")+chalk.gray("Unlock full access")),console.log(chalk.white(" ref [topic] ")+chalk.gray("Quick reference")),console.log(chalk.white(" exit ")+chalk.gray("Quit")),console.log())}(a(),J),void K.prompt()}if("more help"===l.toLowerCase()&&b()){Z=!0;try{await e.parseAsync(["node","icoa","exam","more-help"])}catch{}return Z=!1,void K.prompt()}if("continue"===l.toLowerCase())return console.log(),console.log(chalk.green.bold(" ═══ AI4CTF — AI as Your Teammate ═══")),console.log(),console.log(chalk.white(" In AI4CTF, you solve cybersecurity challenges")),console.log(chalk.white(" with AI by your side.")),console.log(),console.log(chalk.white(" In competition, you get AI help at 3 levels:")),console.log(chalk.yellow(" hint a")+chalk.gray(" General guidance (50 uses)")),console.log(chalk.yellow(" hint b")+chalk.gray(" Deep analysis (10 uses)")),console.log(chalk.yellow(" hint c")+chalk.gray(" Critical assist (2 uses)")),console.log(),console.log(chalk.white(" Try it now! Type: ")+chalk.bold.green("ai4ctf")),console.log(chalk.gray(' Chat freely with your AI teammate. Type "exit" when done.')),console.log(),console.log(chalk.gray(" After ai4ctf, try: ")+chalk.bold.red("ctf4ai")+chalk.gray(' — trick the AI into saying "koala"')),console.log(),void K.prompt();if(/^ICOA-[A-Z]{2,3}-\d{1,6}$/i.test(l.trim())){Z=!0;try{await e.parseAsync(["node","icoa","exam","token",l.trim()])}catch{}return Z=!1,void K.prompt()}if(/^[A-Z]{2}[0-9A-HJKMNP-TV-Z]{8}$/i.test(l.trim())){Z=!0;try{await e.parseAsync(["node","icoa","exam","token",l.trim().toUpperCase()])}catch{}return Z=!1,void K.prompt()}const s=l.match(/^exam\s+([A-Z]{2}[0-9A-HJKMNP-TV-Z]{8})$/i);if(s){Z=!0;try{await e.parseAsync(["node","icoa","exam","token",s[1].toUpperCase()])}catch{}return Z=!1,void K.prompt()}const y=l.match(/^exam\s+([A-Z]{2,3})$/i);if(y){Z=!0;try{await e.parseAsync(["node","icoa","exam","list",y[1]])}catch{}return Z=!1,void K.prompt()}if("clear"===l||"cls"===l)return console.clear(),void K.prompt();if(l.startsWith("activate ")){const o=l.slice(9).trim(),e=r(o);return"ok"===e?console.log(chalk.green(" Access granted! Token bound to this device.")):"already_bound"===e?(console.log(),console.log(chalk.red(" Token already activated on a different device.")),console.log(chalk.gray(" Each token binds to the first device that uses it. If you lost the device,")),console.log(chalk.gray(" contact your proctor to have the token re-issued for a new device."))):(console.log(),console.log(chalk.red(" Token not recognized.")),console.log(chalk.gray(" Possible reasons:")),console.log(chalk.white(" • ")+chalk.gray("Typo — tokens are case-insensitive, 10 chars, start with a 2-letter country code (e.g. ")+chalk.cyan("UAK7M2R9Q4")+chalk.gray(")")),console.log(chalk.white(" • ")+chalk.gray("Expired — ask your proctor or organizer for a fresh token")),console.log(chalk.white(" • ")+chalk.gray("Network — verify connection to ")+chalk.cyan("practice.icoa2026.au")),console.log(chalk.gray(" Still stuck? type ")+chalk.cyan("help")+chalk.gray(" or try ")+chalk.cyan("exam demo")+chalk.gray(" for a free practice round."))),console.log(),void K.prompt()}if("activate"===l)return console.log(chalk.gray(" Usage: ")+chalk.white("activate <token>")),console.log(),void K.prompt();const m=b();if(m){const o=l.toUpperCase().trim(),t=o=>{const e=m.questions.find(e=>e.number===o);return!!e&&("ai4ctf"===e.type||"ctf4ai"===e.type||e.options&&!e.options.A&&!e.options.B)},n=o=>{const e="demo-free"!==m.session.examId,t=e&&o>=39?"ctf4ai":e&&o>=31?"ai4ctf":null;console.log(),console.log(chalk.yellow(` Q${o} is a practical question — letters (A/B/C/D) don't apply here.`)),t?(console.log(chalk.white(" Enter the AI chat for this question: ")+chalk.bold.cyan(t)),console.log(chalk.gray(" Or submit a flag directly: ")+chalk.green(`exam answer ${o} ICOA{your_flag}`))):console.log(chalk.gray(" Submit a flag: ")+chalk.green(`exam answer ${o} ICOA{your_flag}`)),console.log()};if(/^[ABCD]$/.test(o)){const l=m._lastQ||1;if(t(l))return n(l),void K.prompt();Z=!0;try{await e.parseAsync(["node","icoa","exam","answer",String(l),o])}catch{}return Z=!1,void K.prompt()}const s=o.match(/^(\d+)\s+([ABCD])$/);if(s){const o=parseInt(s[1],10);if(t(o))return n(o),void K.prompt();Z=!0;try{await e.parseAsync(["node","icoa","exam","answer",s[1],s[2]])}catch{}return Z=!1,void K.prompt()}}const p=l.split(/\s+/)[0].toLowerCase(),d=/^python3?(\.\d+)?$/.test(p),x=l.startsWith("!")||p.startsWith("!")||d;if("selection"===J&&!x&&!["exam","demo","retry","nations","next","prev","continue","setup","lang","ref","ai4ctf","ctf4ai","mark","unmark","review","submit","env"].includes(p)){if(console.log(chalk.gray(" Not available in Selection mode.")),m){const o=m._lastQ||1;console.log(chalk.white(` Resume exam: exam q ${o}`)+chalk.gray(" · ")+chalk.white("A/B/C/D")+chalk.gray(" to answer"))}else console.log(chalk.gray(" Try: demo · setup to switch mode"));return console.log(),void K.prompt()}if("organizer"===J&&!["join","exam","demo","retry","next","prev","logout","setup","lang","ref","ctf","mark","unmark","review","submit"].includes(p))return console.log(chalk.gray(" Not available in Organizer mode. Switch via: setup")),console.log(),void K.prompt();if(!("olympiad"!==J||a()&&c()||i(p)))return console.log(chalk.yellow(" Restricted mode. ")+chalk.gray("Enter your access token:")),console.log(chalk.white(" activate <token>")),console.log(),console.log(chalk.gray(" Free commands: ")+chalk.white("ref [topic]")+chalk.gray(", ")+chalk.white("help")+chalk.gray(", ")+chalk.white("exit")),console.log(),void K.prompt();if(!["join","activate","challenges","ch","open","submit","flag","scoreboard","sb","status","time","ref","shell","files","connect","note","log","lang","setup","env","ai4ctf","model","ctf","exam","demo","retry","nations","next","prev","continue","logout","ctf4ai","mark","unmark","review","submit"].includes(p)){if(B.has(p))return console.log(chalk.red(` Blocked: ${p} is not allowed during competition.`)),console.log(),void K.prompt();if(/(?:^|\s)(?:\/(?!home\/|Users\/|tmp\/)|\.\.\/|~\/)/.test(l)&&!l.startsWith("cd ")){const o=/(?:^|\s)\/(?!home\/\w+\/icoa-workspace|Users\/\w+\/icoa-workspace|tmp\/)/.test(l),e=/\.\./.test(l);if(o||e)return console.log(chalk.red(" Blocked: access outside workspace is not allowed.")),console.log(chalk.gray(` Workspace: ${U}`)),console.log(),void K.prompt()}let o=l.startsWith("!")?l.slice(1).trim():l;if("darwin"===process.platform){const e="/opt/homebrew/opt/python@3.12/bin/python3.12";o=o.replace(/^python3?\s/,`${e} `).replace(/^(python3|python)$/,e)}else if("win32"===process.platform){const e=(()=>{try{return t("py -3 --version",{stdio:["ignore","ignore","ignore"],timeout:1500}),"py -3"}catch{}return"python"})();o=o.replace(/^python3?(\.\d+)?\s/,`${e} `).replace(/^python3?(\.\d+)?$/,e)}else{const e=(()=>{try{return t("which python3.12",{stdio:"ignore"}),"python3.12"}catch{return"python3"}})();o=o.replace(/^python\s/,`${e} `).replace(/^python$/,e)}const e=z();/^(\S*python3?(\.\d+)?)\s*$/.test(o)&&(o=`PYTHONSTARTUP="${function(){const o=D(F(),".icoa");P(o)||R(o,{recursive:!0});const e=D(o,"python-startup.py");return P(e)||N(e,"# ICOA exam interactive startup — auto-loaded by PYTHONSTARTUP\nimport base64, struct, hashlib, re, json, os, sys, binascii\ntry: import requests\nexcept ImportError: pass\ntry: from Crypto.Cipher import AES\nexcept ImportError: pass\ntry: from Crypto.Util.Padding import pad, unpad\nexcept ImportError: pass\ntry: from pwn import xor, p32, u32, p64, u64\nexcept ImportError: pass\ntry: import bs4\nexcept ImportError: pass\ntry: import numpy as np\nexcept ImportError: pass\n"),e}()}" ${o}`,console.log(),console.log(chalk.cyan(" ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━")),console.log(chalk.bold.white(" Python ready — ICOA exam toolkit pre-loaded")),console.log(chalk.cyan(" ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━")),console.log(),console.log(chalk.white(" Already imported: ")+chalk.gray("base64, struct, hashlib, re, json, binascii")),console.log(chalk.white(" Also available: ")+chalk.gray("requests, bs4, numpy, AES, pad/unpad, xor, p32/u32/p64/u64")),console.log(),console.log(chalk.yellow(" Quick examples:")),console.log(chalk.gray(' base64.b64decode("aGVsbG8=") ')+chalk.gray("# decode base64")),console.log(chalk.gray(' bytes.fromhex("48656c6c6f") ')+chalk.gray("# hex → bytes")),console.log(chalk.gray(' "ICOA{x}".encode() ')+chalk.gray("# str → bytes")),console.log(chalk.gray(" [chr(c) for c in [73,67,79,65]] ")+chalk.gray("# ASCII codes")),console.log(chalk.gray(' xor(bytes.fromhex("0a2b"), b"IC") ')+chalk.gray("# pwntools XOR")),console.log(),console.log(chalk.gray(" Exit: ")+chalk.white("exit()")+chalk.gray(" or Ctrl-D")),console.log(chalk.cyan(" ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━")),console.log()),Z=!0;try{q()&&await S()?await O(o,K):await Y(o,K,e)}catch{console.log(chalk.yellow(` Command failed: ${p}`))}return Z=!1,console.log(),void K.prompt()}Z=!0;const v=l.trim(),C=v.toLowerCase();let A,k=null,$="";if(m)if("submit"===C)k="final";else if(C.startsWith("submit ")){let o=v.slice(7).trim();/^submit\s+/i.test(o)&&(o=o.replace(/^submit\s+/i,"").trim()),o=o.replace(/^["'`]+|["'`]+$/g,"").trim(),o&&/^ICOA\{[^}]*\}?$/i.test(o)&&(k="flag",$=o)}else/^ICOA\{[^}]+\}$/i.test(v)&&(k="flag",$=v);A="final"===k?["exam","submit"]:"flag"===k?["exam","answer",String(m?._lastQ||1),$]:function(o){const e=o.split(/\s+/),t=e[0].toLowerCase(),l=e.slice(1),n={demo:["exam","demo"],retry:["exam","demo-retry"],nations:["exam","nations"],next:["exam","next"],prev:["exam","prev"],mark:["exam","mark",...l],unmark:["exam","unmark",...l],review:["exam","review"],logout:["ctf","logout"],join:["ctf","join",...l],activate:["ctf","activate",...l],challenges:["ctf","challenges"],ch:["ctf","challenges"],open:["ctf","open",...l],submit:["ctf","submit",...l],flag:["ctf","submit",...l],scoreboard:["ctf","scoreboard",...l],sb:["ctf","scoreboard",...l],status:["ctf","status"],time:["ctf","time"]};return n[t]?n[t]:["ref","shell","files","connect","note","log","lang","setup","env","ai4ctf","model","ctf","exam","ctf4ai"].includes(t)?[t,...l]:e}(l);const j="ctf"===A[0]&&"join"===A[1];j&&K.pause(),process.exit=()=>{throw new Error(W)};try{await e.parseAsync(["node","icoa",...A])}catch(o){const e=o instanceof Error?o.message:String(o);if(e===W);else if(e.includes("commander.unknownCommand")){const{distance:o}=await import("fastest-levenshtein"),e=["ctf","ref","shell","files","connect","note","log","lang","setup","env","ai4ctf","exam","ctf4ai","theme","clear","cls","quit","exit","back","menu","help","continue","activate","demo","challenges","status","scoreboard","join","logout"],t=p.split(/\s+/)[0]||p;let l={word:"",dist:1/0};for(const n of e){const e=o(t.toLowerCase(),n);e<l.dist&&(l={word:n,dist:e})}console.log(chalk.yellow(` Unknown command: ${p}.`)),l.dist>0&&l.dist<=2&&console.log(chalk.gray(" Did you mean: ")+chalk.bold.cyan(l.word)+chalk.gray("?")),console.log(chalk.gray(" Type ")+chalk.cyan("help")+chalk.gray(" for the full command list."))}else e.includes("commander.")||(e.includes("fetch failed")||e.includes("ECONNREFUSED")||e.includes("ETIMEDOUT"))&&console.log(chalk.yellow(" Network error. Check your connection."))}finally{process.exit=I,Z=!1,j&&K.resume()}u()?K.setPrompt(chalk.magenta("ai4ctf> ")):w()&&K.setPrompt(chalk.red("ctf4ai> ")),console.log(),K.prompt()}),K.on("SIGINT",()=>{if(console.log(),u()||w())console.log(chalk.yellow(" Ctrl+C did not close ICOA CLI — you are still in the AI chat.")),console.log(chalk.white(" Type ")+chalk.bold.cyan("exit")+chalk.white(" to leave the chat and return to the menu."));else if(b()){const o="demo-free"!==b().session.examId;console.log(chalk.yellow(" Ctrl+C did NOT close ICOA CLI.")),console.log(chalk.gray(` Your ${o?"exam":"demo"} is paused and every answer is auto-saved.`)),console.log(),console.log(chalk.white(" Resume: ")+chalk.cyan("exam q 1")+chalk.gray(" · Back to menu: ")+chalk.cyan("back")+chalk.gray(" · Close CLI: ")+chalk.cyan(o?"quit confirm":"quit"))}else console.log(chalk.yellow(" Ctrl+C did not close ICOA CLI — you are still at the ")+chalk.cyan("icoa>")+chalk.yellow(" prompt.")),console.log(chalk.gray(" Keep typing — ")+chalk.cyan("help")+chalk.gray(" lists commands. (Only ")+chalk.cyan("quit")+chalk.gray(" or Ctrl+D actually close the CLI.)"));console.log(),K.prompt()}),K.on("close",()=>{E(),g(),T(),I(0)})}function Y(o,t,l){return new Promise(n=>{const s=process.stdin,a=!!s.isTTY&&!!s.isRaw;if(t.pause(),s.isTTY&&"function"==typeof s.setRawMode)try{s.setRawMode(!1)}catch{}const r=e(o,{shell:!0,stdio:"inherit",cwd:l||process.cwd()}),i=()=>{if(s.isTTY&&"function"==typeof s.setRawMode&&a)try{s.setRawMode(!0)}catch{}t.resume(),n()};r.on("close",i),r.on("error",i)})}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "icoa-cli",
3
- "version": "2.19.113",
3
+ "version": "2.19.114",
4
4
  "description": "ICOA CLI — The world's first CLI-native CTF competition terminal",
5
5
  "type": "module",
6
6
  "bin": {
package/translations/ar/demo-explanations.json CHANGED
@@ -1,32 +1,32 @@
1
1
  {
2
- "1": "RSA هو تشفير غير متماثل (مفتاح عام). AES و DES و Blowfish جميعها تشفيرات متماثلة تستخدم نفس المفتاح للتشفير وفك التشفير.",
3
- "2": "يحدث SQL injection عندما يتم إدراج مدخلات المستخدم مباشرة في استعلامات قاعدة البيانات دون تنقية مناسبة، مما يسمح للمهاجمين بالتلاعب بالاستعلام.",
4
- "3": "HTTP 403 يعني Forbidden (محظور) — فهم الخادم الطلب لكنه رفض تفويضه. 401 هو Unauthorized (غير مصادق)، 404 هو Not Found (غير موجود)، 500 هو Internal Server Error (خطأ داخلي في الخادم).",
5
- "4": "Wireshark هو الأداة القياسية لالتقاط وتحليل حزم الشبكة. Burp Suite لاختبار الويب، John the Ripper لكسر كلمات المرور، Ghidra للهندسة العكسية.",
6
- "5": "XSS تعني Cross-Site Scripting ثغرة يقوم فيها المهاجمون بحقن نصوص برمجية ضارة في صفحات الويب التي يشاهدها مستخدمون آخرون.",
7
- "6": "يتنكر Trojan (حصان طروادة) كبرنامج شرعي لخداع المستخدمين لتثبيته. على عكس الديدان، لا يقوم Trojan بالتكاثر الذاتي.",
8
- "7": "يعمل SSH (Secure Shell) على المنفذ 22 افتراضياً. المنفذ 21 هو FTP، و 80 هو HTTP، و 443 هو HTTPS.",
9
- "8": "التجزئة التشفيرية هي دالة أحادية الاتجاه تنتج ملخصاً بحجم ثابت. لا يمكن عكسها، على عكس التشفير.",
10
- "9": "يتطلب Two-factor authentication (2FA، المصادقة الثنائية) نوعين مختلفين من بيانات الاعتماد شيء تعرفه (كلمة المرور) وشيء تملكه (هاتف/رمز) أو شيء أنت عليه (القياسات الحيوية).",
11
- "10": "يعرض الأمر \"netstat -tulpn\" جميع منافذ TCP/UDP المستمعة مع معلومات العملية. \"ls -la\" يعرض الملفات، \"chmod\" يغير الأذونات، \"cat /etc/passwd\" يعرض حسابات المستخدمين.",
12
- "11": "هجوم Man-in-the-Middle يعترض ويحتمل أن يعدل الاتصالات بين طرفين يعتقدان أنهما يتواصلان مباشرة مع بعضهما البعض.",
13
- "12": "مبدأ الحد الأدنى من الامتيازات يعني منح المستخدمين فقط الحد الأدنى من الأذونات اللازمة لأداء مهامهم، مما يقلل من سطح الهجوم.",
14
- "13": "Phishing (التصيد الاحتيالي) هو هجوم هندسة اجتماعية يخدع الناس للكشف عن معلومات حساسة. Buffer overflow و SQL injection و port scanning هي هجمات تقنية.",
15
- "14": "تنشئ VPN (Virtual Private Network، الشبكة الخاصة الافتراضية) نفقاً مشفراً لحركة مرور الإنترنت، مما يحمي البيانات من الاعتراض ويخفي عنوان IP الخاص بالمستخدم.",
16
- "15": "يجب تخزين كلمات المرور كتجزئات مملحة. النص العادي و Base64 غير آمنين. تشفير AES قابل للعكس إذا تم اختراق المفتاح، لكن التجزئة مع الملح أحادية الاتجاه.",
17
- "16": "يقوم هجوم Man-in-the-Middle (MitM) باعتراض، وربما تعديل، الاتصالات بين طرفين يعتقدان أنهما يتواصلان بشكل مباشر مع بعضهما البعض.",
18
- "17": "SHA-256 هي دالة تجزئة تشفيرية. AES-256 هو تشفير متماثل، و RSA-2048 هو تشفير غير متماثل، و Diffie-Hellman هو بروتوكول لتبادل المفاتيح.",
19
- "18": "يعني مبدأ أقل الامتيازات منح المستخدمين الحد الأدنى فقط من الأذونات اللازمة لأداء مهامهم، مما يقلل من سطح الهجوم.",
20
- "19": "Nmap هي الأداة القياسية لمسح المنافذ. يقوم Wireshark بالتقاط الحزم، و Metasploit هو إطار عمل للاستغلال، و Hashcat هي أداة لكسر كلمات المرور.",
21
- "20": "تقوم برمجيات الفدية بتشفير ملفات الضحية وتطالب بالدفع (عادةً بالعملات المشفرة) مقابل مفتاح فك التشفير.",
22
- "21": "يستخدم التشفير المتماثل مفتاحا مشتركا واحدا لكل من التشفير وفك التشفير. يستخدم التشفير غير المتماثل زوجا من المفاتيح — مفتاح عام للتشفير ومفتاح خاص لفك التشفير.",
23
- "22": "يسمح Remote Code Execution (RCE) للمهاجم بتنفيذ تعليمات برمجية عشوائية على خادم مستهدف، مما يؤدي غالبا إلى اختراق النظام بالكامل. تمتلك CSRF و clickjacking و open redirect تأثيرات مختلفة.",
24
- "23": "OWASP (Open Web Application Security Project) هي منظمة غير ربحية تنشر معايير وأدلة أمن الويب المستخدمة على نطاق واسع، بما في ذلك OWASP Top 10.",
25
- "24": "يغير الأمر chmod أذونات الملفات في Linux. يغير chown الملكية، ويغير chgrp المجموعة، ويغير passwd كلمات مرور المستخدمين.",
26
- "25": "شهادة SSL/TLS هي وثيقة رقمية صادرة عن جهة إصدار شهادات موثوقة تتحقق من هوية الموقع الإلكتروني وتتيح اتصالات HTTPS المشفرة.",
27
- "26": "Phishing هو هجوم هندسة اجتماعية يخدع الأشخاص للكشف عن معلومات حساسة. تعتبر Buffer overflow و SQL injection و port scanning هجمات تقنية.",
28
- "27": "يبحث الأمر grep عن أنماط نصية في الملفات باستخدام التعبيرات النمطية. ويُعد من أكثر أدوات معالجة النصوص استخداما في Linux.",
29
- "28": "تنشئ شبكة VPN (Virtual Private Network) نفقا مشفرا لحركة مرور الإنترنت، مما يحمي البيانات من الاعتراض ويخفي عنوان IP الخاص بالمستخدم.",
30
- "29": "يخدع CSRF (Cross-Site Request Forgery) متصفح المستخدم الذي قام بتسجيل الدخول لتنفيذ إجراءات غير مرغوب فيها على موقع موثوق، مثل تغيير إعدادات الحساب أو تحويل الأموال.",
31
- "30": "يجب تخزين كلمات المرور على شكل تجزئات تشفيرية مملحة. النص الصريح و Base64 غير آمنين، وتشفير AES قابل للعكس في حال اختراق المفتاح. التجزئة المملحة أحادية الاتجاه ومقاومة لجداول قوس قزح."
32
- }
2
+ "1": "RSA هو تشفير غير متماثل (مفتاح عام). بينما AES و DES و Blowfish هي جميعها تشفيرات متماثلة تستخدم نفس المفتاح للتشفير وفك التشفير.",
3
+ "2": "يحدث SQL injection عندما يتم إدراج مدخلات المستخدم مباشرة في استعلامات قاعدة البيانات دون تطهير مناسب، مما يسمح للمهاجمين بالتلاعب بالاستعلام.",
4
+ "3": "HTTP 403 تعني محظور (Forbidden) — أي أن الخادم فهم الطلب لكنه يرفض التصريح به. 401 تعني غير مصرح به (Unauthorizedو 404 تعني غير موجود (Not Foundو 500 تعني خطأ داخلي في الخادم (Internal Server Error).",
5
+ "4": "الـ nonce (رقم يستخدم لمرة واحدة) هو قيمة عشوائية تُستخدم في البروتوكولات التشفيرية لمنع هجمات إعادة التشغيل مما يضمن أن كل طلب أو رسالة فريدة ولا يمكن للمهاجم إعادة استخدامها.",
6
+ "5": "Wireshark هو الأداة القياسية لالتقاط وتحليل حزم الشبكة. Burp Suite مخصص لاختبار الويب، و John the Ripper لكسر كلمات المرور، و Ghidra للهندسة العكسية.",
7
+ "6": "XSS تعني Cross-Site Scripting وهي ثغرة أمنية يقوم فيها المهاجمون بحقن نصوص برمجية خبيثة في صفحات الويب التي يشاهدها مستخدمون آخرون.",
8
+ "7": "يقوم جدار الحماية بتصفية حركة مرور الشبكة بناءً على قواعد أمان، حيث يحظر الوصول غير المصرح به بينما يسمح بالاتصالات المشروعة. هو لا يقوم بالتشفير أو فحص الفيروسات أو تسريع الاتصالات.",
9
+ "8": "يتنكر الـ Trojan في هيئة برنامج شرعي لخداع المستخدمين لتثبيته. وعلى عكس الديدان، لا تقوم برمجيات Trojan بالتكاثر الذاتي.",
10
+ "9": "يستخدم HTTPS (HTTP Secure) بروتوكول TLS/SSL لتشفير حركة مرور الويب، مما يحمي البيانات من التجسس والتلاعب. بينما لا تعتبر بروتوكولات HTTP و FTP و SMTP آمنة افتراضيًا.",
11
+ "10": "الهاش التشفيري هو دالة أحادية الاتجاه تنتج ملخصًا ثابت الحجم. لا يمكن عكسه، على عكس التشفير.",
12
+ "11": "Ghidra هي أداة للهندسة العكسية وتحليل الملفات الثنائية طورتها وكالة الأمن القومي (NSA). يقوم Nmap بفحص المنافذ، و SQLMap باختبار SQL injection، و Nikto بفحص خوادم الويب.",
13
+ "12": "DNS Spoofing (تسميم ذاكرة التخزين المؤقت) يتلاعب باستجابات DNS لتوجيه الضحايا إلى خوادم يسيطر عليها المهاجم. وهو يختلف عن Phishing و SQLi والهجوم بالقوة الغاشمة.",
14
+ "13": "يعمل SSH (Secure Shell) على المنفذ 22 افتراضيًا. المنفذ 21 هو FTP، و 80 هو HTTP، و 443 هو HTTPS.",
15
+ "14": "تتطلب المصادقة الثنائية (2FA) نوعين مختلفين من الاعتمادات شيء تعرفه (كلمة المرور) وشيء تملكه (هاتف/رمز) أو شيء فيك (البصمات الحيوية).",
16
+ "15": "يعرض الأمر 'netstat -tulpn' جميع منافذ TCP/UDP المستمعة مع معلومات العمليات. يقوم 'ls -la' بسرد الملفات، و 'chmod' بتغيير الأذونات، و 'cat /etc/passwd' بعرض حسابات المستخدمين.",
17
+ "16": "هجوم Man-in-the-Middle (MitM) يعترض وربما يعدل الاتصالات بين طرفين يعتقدان أنهما يتواصلان مباشرة مع بعضهما البعض.",
18
+ "17": "SHA-256 هي دالة هاش تشفيرية. AES-256 هو تشفير متماثل، و RSA-2048 هو تشفير غير متماثل، و Diffie-Hellman هو بروتوكول لتبادل المفاتيح.",
19
+ "18": "مبدأ الامتياز الأدنى يعني منح المستخدمين فقط الحد الأدنى من الأذونات اللازمة لأداء مهامهم، مما يقلل من سطح الهجوم.",
20
+ "19": "Nmap هو الأداة القياسية لفحص المنافذ. يقوم Wireshark بالتقاط الحزم، و Metasploit هو إطار عمل للاستغلال، و Hashcat هو أداة لكسر كلمات المرور.",
21
+ "20": "يقوم Ransomware بتشفير ملفات الضحية ويطالب بدفع فدية (عادةً بعملة مشفرة) مقابل مفتاح فك التشفير.",
22
+ "21": "يستخدم التشفير المتماثل مفتاحًا مشتركًا واحدًا لكل من التشفير وفك التشفير. بينما يستخدم التشفير غير المتماثل زوجًا من المفاتيح — مفتاح عام للتشفير ومفتاح خاص لفك التشفير.",
23
+ "22": "يسمح Remote Code Execution (RCE) للمهاجم بتشغيل كود عشوائي على خادم مستهدف، مما يؤدي غالبًا إلى اختراق النظام بالكامل. بينما تختلف تأثيرات CSRF والـ clickjacking والـ open redirect.",
24
+ "23": "OWASP (Open Web Application Security Project) هي منظمة غير ربحية تنشر معايير وأدلة أمن الويب واسعة الاستخدام، بما في ذلك قائمة OWASP Top 10.",
25
+ "24": "يغير الأمر chmod أذونات الملفات في نظام Linux. ويغير chown الملكية، بينما يغير chgrp المجموعة، ويغير passwd كلمات مرور المستخدمين.",
26
+ "25": "شهادة SSL/TLS هي وثيقة رقمية صادرة عن جهة إصدار شهادات موثوقة تتحقق من هوية الموقع وتسمح باتصالات HTTPS مشفرة.",
27
+ "26": "Phishing هو هجوم هندسة اجتماعية يخدع الأشخاص للكشف عن معلومات حساسة. بينما تعتبر هجمات Buffer overflow و SQL injection وفحص المنافذ هجمات تقنية.",
28
+ "27": "يبحث الأمر grep عن أنماط نصية في الملفات باستخدام التعابير النمطية. وهو أحد أكثر أدوات معالجة النصوص استخدامًا في Linux.",
29
+ "28": "تنشئ VPN (Virtual Private Network) نفقًا مشفرًا لحركة مرور الإنترنت، مما يحمي البيانات من الاعتراض ويخفي عنوان IP الخاص بالمستخدم.",
30
+ "29": "يقوم CSRF (Cross-Site Request Forgery) بخداع متصفح مستخدم مسجل الدخول لتنفيذ إجراءات غير مرغوب فيها على موقع موثوق، مثل تغيير إعدادات الحساب أو تحويل الأموال.",
31
+ "30": "يجب تخزين كلمات المرور كـ salted cryptographic hashes. إن استخدام النصوص المجردة و Base64 غير آمن، وتشفير AES قابل للعكس إذا تم اختراق المفتاح. الهاش المملح (Salted hashing) أحادي الاتجاه ومقاوم لجداول قوس قزح."
32
+ }
package/translations/bn/demo-explanations.json ADDED
@@ -0,0 +1,32 @@
1
+ {
2
+ "1": "RSA হলো একটি asymmetric (public-key) cipher। AES, DES, এবং Blowfish হলো symmetric ciphers যা encryption এবং decryption-এর জন্য একই key ব্যবহার করে।",
3
+ "2": "SQL injection তখন ঘটে যখন ব্যবহারকারীর ইনপুট সঠিক sanitization ছাড়াই সরাসরি database queries-এ প্রবেশ করানো হয়, যা আক্রমণকারীদের query ম্যানিপুলেট করার সুযোগ দেয়।",
4
+ "3": "HTTP 403 মানে Forbidden — server অনুরোধটি বুঝতে পেরেছে কিন্তু এটি authorize করতে অস্বীকার করছে। 401 হলো Unauthorized, 404 হলো Not Found, 500 হলো Internal Server Error।",
5
+ "4": "একটি nonce (একবার ব্যবহৃত সংখ্যা) হলো একটি র‍্যান্ডম ভ্যালু যা cryptographic protocols-এ replay attacks প্রতিরোধ করতে ব্যবহৃত হয় — এটি নিশ্চিত করে যে প্রতিটি অনুরোধ বা মেসেজ অনন্য এবং আক্রমণকারী পুনরায় ব্যবহার করতে পারবে না।",
6
+ "5": "Wireshark হলো নেটওয়ার্ক প্যাকেট ক্যাপচার এবং বিশ্লেষণ করার আদর্শ টুল। Burp Suite হলো ওয়েব টেস্টিংয়ের জন্য, John the Ripper পাসওয়ার্ড ক্র্যাকিংয়ের জন্য, Ghidra হলো reverse engineering-এর জন্য।",
7
+ "6": "XSS এর পূর্ণরূপ হলো Cross-Site Scripting — এটি এমন একটি vulnerability যেখানে আক্রমণকারীরা অন্য ব্যবহারকারীদের দেখা ওয়েব পেজগুলোতে ক্ষতিকারক স্ক্রিপ্ট ইনজেক্ট করে।",
8
+ "7": "একটি firewall নিরাপত্তা নিয়মের ভিত্তিতে নেটওয়ার্ক ট্র্যাফিক ফিল্টার করে, বৈধ যোগাযোগ অনুমোদন করার পাশাপাশি অননুমোদিত অ্যাক্সেস ব্লক করে। এটি এনক্রিপ্ট করে না, ভাইরাসের জন্য স্ক্যান করে না বা সংযোগের গতি বাড়ায় না।",
9
+ "8": "একটি Trojan নিজেকে বৈধ সফটওয়্যার হিসেবে ছদ্মবেশ ধারণ করে যাতে ব্যবহারকারীরা এটি ইনস্টল করতে প্রলুব্ধ হয়। Worms-এর মতো Trojan নিজে নিজে প্রতিলিপি তৈরি (self-replicate) করে না।",
10
+ "9": "HTTPS (HTTP Secure) ওয়েব ট্র্যাফিক এনক্রিপ্ট করার জন্য TLS/SSL ব্যবহার করে, যা ডেটাকে আড়িপাতা এবং টেম্পারিং থেকে রক্ষা করে। HTTP, FTP, এবং SMTP ডিফল্টভাবে সুরক্ষিত নয়।",
11
+ "10": "একটি cryptographic hash হলো একটি ওয়ান-ওয়ে ফাংশন যা একটি নির্দিষ্ট আকারের ডাইজেস্ট তৈরি করে। encryption-এর বিপরীতে এটিকে রিভার্স করা সম্ভব নয়।",
12
+ "11": "Ghidra হলো NSA দ্বারা তৈরি একটি reverse engineering এবং বাইনারি বিশ্লেষণ টুল। Nmap পোর্ট স্ক্যান করে, SQLMap দ্বারা SQL injection পরীক্ষা করা হয়, Nikto ওয়েব সার্ভার স্ক্যান করে।",
13
+ "12": "DNS Spoofing (cache poisoning) ভিক্টিমদের আক্রমণকারী-নিয়ন্ত্রিত সার্ভারে রিডাইরেক্ট করতে DNS রেসপন্সগুলোকে ম্যানিপুলেট করে। এটি Phishing, SQLi, এবং brute force থেকে আলাদা।",
14
+ "13": "SSH (Secure Shell) ডিফল্টভাবে পোর্ট 22-এ চলে। পোর্ট 21 হলো FTP, 80 হলো HTTP, 443 হলো HTTPS।",
15
+ "14": "Two-factor authentication (2FA) এর জন্য দুটি ভিন্ন ধরনের ক্রেডেনশিয়াল প্রয়োজন — এমন কিছু যা আপনি জানেন (পাসওয়ার্ড) এবং এমন কিছু যা আপনার কাছে আছে (ফোন/টোকেন) বা আপনি নিজে (বায়োমেট্রিক্স)।",
16
+ "15": "\"netstat -tulpn\" কমান্ডটি প্রসেস তথ্যসহ সমস্ত লিসেনিং TCP/UDP পোর্ট দেখায়। \"ls -la\" ফাইল তালিকাভুক্ত করে, \"chmod\" পারমিশন পরিবর্তন করে, \"cat /etc/passwd\" ব্যবহারকারী অ্যাকাউন্টগুলো দেখায়।",
17
+ "16": "একটি Man-in-the-Middle (MitM) আক্রমণ এমন দুই পক্ষের মধ্যে যোগাযোগ ইন্টারসেপ্ট এবং সম্ভবত পরিবর্তন করে যারা বিশ্বাস করে যে তারা একে অপরের সাথে সরাসরি যোগাযোগ করছে।",
18
+ "17": "SHA-256 হলো একটি cryptographic hash ফাংশন। AES-256 হলো একটি symmetric cipher, RSA-2048 হলো একটি asymmetric cipher, এবং Diffie-Hellman হলো একটি key exchange প্রোটোকল।",
19
+ "18": "Principle of least privilege-এর অর্থ হলো ব্যবহারকারীদের তাদের কাজ সম্পাদনের জন্য প্রয়োজনীয় ন্যূনতম পারমিশন প্রদান করা, যা অ্যাটাক সারফেস কমিয়ে দেয়।",
20
+ "19": "Nmap হলো একটি আদর্শ পোর্ট স্ক্যানিং টুল। Wireshark প্যাকেট ক্যাপচার করে, Metasploit হলো একটি exploitation ফ্রেমওয়ার্ক, এবং Hashcat হলো একটি পাসওয়ার্ড ক্র্যাকার।",
21
+ "20": "Ransomware ভিক্টিমের ফাইলগুলো এনক্রিপ্ট করে এবং decryption key-এর বিনিময়ে অর্থ (সাধারণত ক্রিপ্টোকারেন্সি) দাবি করে।",
22
+ "21": "Symmetric encryption-এ এনক্রিপ্ট এবং ডিক্রিপ্ট উভয়ের জন্য একটি একক শেয়ার্ড key ব্যবহার করা হয়। Asymmetric encryption একটি key pair ব্যবহার করে — এনক্রিপ্ট করার জন্য একটি public key এবং ডিক্রিপ্ট করার জন্য একটি private key।",
23
+ "22": "Remote Code Execution (RCE) একজন আক্রমণকারীকে টার্গেট সার্ভারে যেকোনো কোড চালানোর অনুমতি দেয়, যা প্রায়শই পুরো সিস্টেমের কম্প্রোমাইজ ঘটায়। CSRF, clickjacking এবং open redirect-এর প্রভাব ভিন্ন।",
24
+ "23": "OWASP (Open Web Application Security Project) হলো একটি অলাভজনক সংস্থা যা OWASP Top 10 সহ বহুল ব্যবহৃত ওয়েব সিকিউরিটি স্ট্যান্ডার্ড এবং গাইড প্রকাশ করে।",
25
+ "24": "chmod কমান্ড Linux-এ ফাইল পারমিশন পরিবর্তন করে। chown মালিকানা পরিবর্তন করে, chgrp গ্রুপ পরিবর্তন করে এবং passwd ব্যবহারকারীর পাসওয়ার্ড পরিবর্তন করে।",
26
+ "25": "একটি SSL/TLS সার্টিফিকেট হলো একটি বিশ্বস্ত Certificate Authority দ্বারা ইস্যু করা ডিজিটাল নথি যা একটি ওয়েবসাইটের পরিচয় যাচাই করে এবং এনক্রিপ্ট করা HTTPS সংযোগ সক্ষম করে।",
27
+ "26": "Phishing হলো একটি সোশ্যাল ইঞ্জিনিয়ারিং আক্রমণ যা মানুষকে সংবেদনশীল তথ্য প্রকাশ করতে প্রলুব্ধ করে। Buffer overflow, SQL injection, এবং পোর্ট স্ক্যানিং হলো টেকনিক্যাল আক্রমণ।",
28
+ "27": "grep কমান্ড রেগুলার এক্সপ্রেশন ব্যবহার করে ফাইলগুলোতে টেক্সট প্যাটার্ন অনুসন্ধান করে। এটি Linux-এর অন্যতম বহুল ব্যবহৃত টেক্সট প্রসেসিং টুল।",
29
+ "28": "একটি VPN (Virtual Private Network) ইন্টারনেট ট্র্যাফিকের জন্য একটি এনক্রিপ্টেড টানেল তৈরি করে, যা ডেটাকে ইন্টারসেপশন থেকে রক্ষা করে এবং ব্যবহারকারীর IP address গোপন করে।",
30
+ "29": "CSRF (Cross-Site Request Forgery) একজন লগ-ইন করা ব্যবহারকারীর ব্রাউজারকে কোনো বিশ্বস্ত সাইটে অবাঞ্ছিত কাজ করতে প্রলুব্ধ করে, যেমন অ্যাকাউন্ট সেটিংস পরিবর্তন বা অর্থ স্থানান্তর করা।",
31
+ "30": "পাসওয়ার্ডগুলো salted cryptographic hashes হিসেবে সংরক্ষণ করা উচিত। Plain text এবং Base64 অসুরক্ষিত, এবং key কম্প্রোমাইজড হলে AES encryption রিভার্সিবল। Salted hashing হলো ওয়ান-ওয়ে এবং এটি রেইনবো টেবিল প্রতিরোধী।"
32
+ }
package/translations/de/demo-explanations.json CHANGED
@@ -1,32 +1,32 @@
1
1
  {
2
- "1": "RSA ist eine asymmetrische (Public-Key-)Verschlüsselung. AES, DES und Blowfish sind symmetrische Verschlüsselungen, die denselben Schlüssel für Ver- und Entschlüsselung verwenden.",
3
- "2": "SQL injection tritt auf, wenn Benutzereingaben ohne ordnungsgemäße Bereinigung direkt in Datenbankabfragen eingefügt werden, wodurch Angreifer die Abfrage manipulieren können.",
4
- "3": "HTTP 403 bedeutet Forbidden (Verboten) — der Server hat die Anfrage verstanden, weigert sich aber, sie zu autorisieren. 401 ist Unauthorized (Nicht autorisiert), 404 ist Not Found (Nicht gefunden), 500 ist Internal Server Error (Interner Serverfehler).",
5
- "4": "Wireshark ist das Standardwerkzeug zum Erfassen und Analysieren von Netzwerkpaketen. Burp Suite dient dem Web-Testing, John the Ripper dem Passwort-Knacken, Ghidra dem Reverse Engineering.",
6
- "5": "XSS steht für Cross-Site Scripting eine Sicherheitslücke, bei der Angreifer bösartige Skripte in Webseiten einschleusen, die von anderen Benutzern angesehen werden.",
7
- "6": "Ein Trojan (Trojaner) tarnt sich als legitime Software, um Benutzer zur Installation zu verleiten. Im Gegensatz zu Würmern replizieren sich Trojaner nicht selbst.",
8
- "7": "SSH (Secure Shell) läuft standardmäßig auf Port 22. Port 21 ist FTP, 80 ist HTTP, 443 ist HTTPS.",
9
- "8": "Ein kryptographischer Hash ist eine Einwegfunktion, die einen Digest fester Größe erzeugt. Im Gegensatz zur Verschlüsselung kann er nicht umgekehrt werden.",
10
- "9": "Two-factor authentication (2FA, Zwei-Faktor-Authentifizierung) erfordert zwei unterschiedliche Arten von Anmeldedaten etwas, das Sie wissen (Passwort) und etwas, das Sie besitzen (Telefon/Token) oder das Sie sind (Biometrie).",
11
- "10": "Der Befehl \"netstat -tulpn\" zeigt alle lauschenden TCP/UDP-Ports mit Prozessinformationen an. \"ls -la\" listet Dateien auf, \"chmod\" ändert Berechtigungen, \"cat /etc/passwd\" zeigt Benutzerkonten.",
12
- "11": "Ein Man-in-the-Middle-Angriff fängt die Kommunikation zwischen zwei Parteien ab und modifiziert sie möglicherweise, die glauben, direkt miteinander zu kommunizieren.",
13
- "12": "Das Prinzip der geringsten Berechtigung bedeutet, Benutzern nur die minimal notwendigen Berechtigungen zur Erfüllung ihrer Aufgaben zu gewähren und so die Angriffsfläche zu reduzieren.",
14
- "13": "Phishing ist ein Social-Engineering-Angriff, der Menschen dazu verleitet, sensible Informationen preiszugeben. Buffer overflow, SQL injection und port scanning sind technische Angriffe.",
15
- "14": "Ein VPN (Virtual Private Network, virtuelles privates Netzwerk) erstellt einen verschlüsselten Tunnel für den Internetverkehr, schützt Daten vor Abfangen und verbirgt die IP-Adresse des Benutzers.",
16
- "15": "Passwörter sollten als gesalzene Hashes gespeichert werden. Klartext und Base64 sind unsicher. AES-Verschlüsselung ist umkehrbar, wenn der Schlüssel kompromittiert wird, aber Hashing mit Salt ist eine Einwegfunktion.",
17
- "16": "Ein Man-in-the-Middle (MitM)-Angriff fängt die Kommunikation zwischen zwei Parteien ab, die glauben, direkt miteinander zu kommunizieren, und modifiziert diese potenziell.",
18
- "17": "SHA-256 ist eine kryptografische Hashfunktion. AES-256 ist eine symmetrische Chiffre, RSA-2048 ist eine asymmetrische Chiffre und Diffie-Hellman ist ein Schlüsselaustauschprotokoll.",
19
- "18": "Das Prinzip der geringsten Privilegien bedeutet, Benutzern nur die minimalen Berechtigungen zu gewähren, die zur Ausführung ihrer Aufgaben erforderlich sind, wodurch die Angriffsfläche reduziert wird.",
20
- "19": "Nmap ist das Standard-Port-Scanning-Tool. Wireshark zeichnet Pakete auf, Metasploit ist ein Exploitation-Framework und Hashcat ist ein Password-Cracker.",
21
- "20": "Ransomware verschlüsselt die Dateien des Opfers und verlangt eine Zahlung (normalerweise Kryptowährung) im Gegenzug für den Entschlüsselungsschlüssel.",
22
- "21": "Symmetrische Verschlüsselung verwendet einen einzigen gemeinsamen Schlüssel sowohl zum Verschlüsseln als auch zum Entschlüsseln. Asymmetrische Verschlüsselung verwendet ein Schlüsselpaar einen öffentlichen Schlüssel zum Verschlüsseln und einen privaten Schlüssel zum Entschlüsseln.",
23
- "22": "Remote Code Execution (RCE) ermöglicht es einem Angreifer, beliebigen Code auf einem Zielserver auszuführen, was oft zu einer vollständigen Kompromittierung des Systems führt. CSRF, Clickjacking und Open Redirect haben unterschiedliche Auswirkungen.",
24
- "23": "OWASP (Open Web Application Security Project) ist eine gemeinnützige Organisation, die weit verbreitete Web-Sicherheitsstandards und Leitfäden veröffentlicht, darunter die OWASP Top 10.",
25
- "24": "Der chmod-Befehl ändert Dateiberechtigungen unter Linux. chown ändert den Eigentümer, chgrp ändert die Gruppe und passwd ändert Benutzerpasswörter.",
26
- "25": "Ein SSL/TLS-Zertifikat ist ein von einer vertrauenswürdigen Certificate Authority ausgestelltes digitales Dokument, das die Identität einer Website verifiziert und verschlüsselte HTTPS-Verbindungen ermöglicht.",
27
- "26": "Phishing ist ein Social-Engineering-Angriff, der Personen dazu verleitet, sensible Informationen preiszugeben. Buffer Overflow, SQL Injection und Port Scanning sind technische Angriffe.",
28
- "27": "Der grep-Befehl sucht mithilfe regulärer Ausdrücke nach Textmustern in Dateien. Er ist eines der am häufigsten verwendeten Linux-Textverarbeitungswerkzeuge.",
29
- "28": "Ein VPN (Virtual Private Network) erstellt einen verschlüsselten Tunnel für den Internetverkehr, schützt Daten vor dem Abfangen und verschleiert die IP-Adresse des Benutzers.",
30
- "29": "CSRF (Cross-Site Request Forgery) bringt den Browser eines angemeldeten Benutzers dazu, unerwünschte Aktionen auf einer vertrauenswürdigen Website auszuführen, wie beispielsweise das Ändern von Kontoeinstellungen oder das Überweisen von Geld.",
31
- "30": "Passwörter sollten als gesalzene kryptografische Hashes gespeichert werden. Klartext und Base64 sind unsicher, und eine AES-Verschlüsselung ist umkehrbar, wenn der Schlüssel kompromittiert wird. Gesalzenes Hashing ist ein Einwegverfahren und resistent gegen Rainbow Tables."
32
- }
2
+ "1": "RSA ist ein asymmetrisches (Public-Key) Verschlüsselungsverfahren. AES, DES und Blowfish sind allesamt symmetrische Verschlüsselungsverfahren, die denselben Schlüssel für die Verschlüsselung und Entschlüsselung verwenden.",
3
+ "2": "SQLi tritt auf, wenn Benutzereingaben ohne ordnungsgemäße Bereinigung direkt in Datenbankabfragen eingefügt werden, was es Angreifern ermöglicht, die Abfrage zu manipulieren.",
4
+ "3": "HTTP 403 bedeutet Forbidden — der Server hat die Anfrage verstanden, verweigert jedoch die Autorisierung. 401 ist Unauthorized, 404 ist Not Found, 500 ist Internal Server Error.",
5
+ "4": "Eine Nonce (einmalig verwendete Zahl) ist ein Zufallswert, der in kryptografischen Protokollen verwendet wird, um Replay-Angriffe zu verhindern dadurch wird sichergestellt, dass jede Anfrage oder Nachricht einzigartig ist und nicht von einem Angreifer wiederverwendet werden kann.",
6
+ "5": "Wireshark ist das Standard-Tool zum Erfassen und Analysieren von Netzwerkpaketen. Burp Suite ist für Web-Tests, John the Ripper zum Knacken von Passwörtern, Ghidra für Reverse Engineering.",
7
+ "6": "XSS steht für Cross-Site Scripting eine Schwachstelle, bei der Angreifer bösartige Skripte in Webseiten einschleusen, die von anderen Benutzern aufgerufen werden.",
8
+ "7": "Eine Firewall filtert den Netzwerkverkehr basierend auf Sicherheitsregeln, wobei unbefugter Zugriff blockiert und legitime Kommunikation zugelassen wird. Sie verschlüsselt nicht, scannt nicht nach Viren und beschleunigt keine Verbindungen.",
9
+ "8": "Ein Trojan tarnt sich als legitime Software, um Benutzer zur Installation zu verleiten. Im Gegensatz zu Würmern replizieren sich Trojan nicht selbst.",
10
+ "9": "HTTPS (HTTP Secure) verwendet TLS/SSL, um den Webverkehr zu verschlüsseln und Daten vor Abfangen und Manipulation zu schützen. HTTP, FTP und SMTP sind standardmäßig nicht sicher.",
11
+ "10": "Ein kryptografischer Hash ist eine Einwegfunktion, die einen Digest fester Größe erzeugt. Er kann im Gegensatz zur Verschlüsselung nicht rückgängig gemacht werden.",
12
+ "11": "Ghidra ist ein von der NSA entwickeltes Tool für Reverse Engineering und Binäranalyse. Nmap scannt Ports, SQLMap testet SQLi, Nikto scannt Webserver.",
13
+ "12": "DNS Spoofing (Cache Poisoning) manipuliert DNS-Antworten, um Opfer auf von Angreifern kontrollierte Server umzuleiten. Es unterscheidet sich von Phishing, SQLi und Brute-Force.",
14
+ "13": "SSH (Secure Shell) läuft standardmäßig auf Port 22. Port 21 ist FTP, 80 ist HTTP, 443 ist HTTPS.",
15
+ "14": "Zwei-Faktor-Authentisierung (2FA) erfordert zwei verschiedene Arten von Anmeldedaten etwas, das man weiß (Passwort), und etwas, das man hat (Telefon/Token) oder ist (Biometrie).",
16
+ "15": "Der Befehl \"netstat -tulpn\" zeigt alle lauschenden TCP/UDP-Ports mit Prozessinformationen an. \"ls -la\" listet Dateien auf, \"chmod\" ändert Berechtigungen, \"cat /etc/passwd\" zeigt Benutzerkonten an.",
17
+ "16": "Ein Man-in-the-Middle (MitM) Angriff fängt die Kommunikation zwischen zwei Parteien ab, die glauben, direkt miteinander zu kommunizieren, und modifiziert diese potenziell.",
18
+ "17": "SHA-256 ist eine kryptografische Hash-Funktion. AES-256 ist ein symmetrisches Verschlüsselungsverfahren, RSA-2048 ist ein asymmetrisches Verschlüsselungsverfahren und Diffie-Hellman ist ein Schlüsselaustauschprotokoll.",
19
+ "18": "Das Prinzip der geringsten Rechte bedeutet, Benutzern nur die minimal notwendigen Berechtigungen für ihre Aufgaben zu gewähren, um die Angriffsfläche zu verringern.",
20
+ "19": "Nmap ist das Standard-Tool für Port-Scans. Wireshark erfasst Pakete, Metasploit ist ein Exploitation-Framework und Hashcat ist ein Passwort-Cracker.",
21
+ "20": "Ransomware verschlüsselt die Dateien des Opfers und fordert eine Zahlung (meist in Kryptowährung) im Austausch für den Entschlüsselungsschlüssel.",
22
+ "21": "Symmetrische Verschlüsselung verwendet einen einzigen gemeinsamen Schlüssel sowohl zum Verschlüsseln als auch zum Entschlüsseln. Asymmetrische Verschlüsselung verwendet ein Schlüsselpaar einen öffentlichen Schlüssel zum Verschlüsseln und einen privaten Schlüssel zum Entschlüsseln.",
23
+ "22": "Remote Code Execution (RCE) ermöglicht es einem Angreifer, beliebigen Code auf einem Zielserver auszuführen, was oft zur vollständigen Kompromittierung des Systems führt. CSRF, Clickjacking und Open Redirect haben unterschiedliche Auswirkungen.",
24
+ "23": "OWASP (Open Web Application Security Project) ist eine gemeinnützige Organisation, die weit verbreitete Web-Sicherheitsstandards und Leitfäden veröffentlicht, einschließlich der OWASP Top 10.",
25
+ "24": "Der Befehl chmod ändert Dateiberechtigungen in Linux. chown ändert den Besitzer, chgrp ändert die Gruppe und passwd ändert Benutzerpasswörter.",
26
+ "25": "Ein SSL/TLS-Zertifikat ist ein digitales Dokument, das von einer vertrauenswürdigen Zertifizierungsstelle ausgestellt wurde, die Identität einer Website verifiziert und verschlüsselte HTTPS-Verbindungen ermöglicht.",
27
+ "26": "Phishing ist ein Social-Engineering-Angriff, der Menschen dazu verleitet, sensible Informationen preiszugeben. Pufferüberlauf, SQLi und Port-Scanning sind technische Angriffe.",
28
+ "27": "Der Befehl grep sucht mithilfe von regulären Ausdrücken nach Textmustern in Dateien. Er ist eines der am häufigsten verwendeten Linux-Textverarbeitungswerkzeuge.",
29
+ "28": "Ein VPN (Virtual Private Network) erstellt einen verschlüsselten Tunnel für den Internetverkehr, schützt Daten vor dem Abfangen und maskiert die IP-Adresse des Benutzers.",
30
+ "29": "CSRF (Cross-Site Request Forgery) bringt den Browser eines angemeldeten Benutzers dazu, unerwünschte Aktionen auf einer vertrauenswürdigen Website auszuführen, wie z. B. das Ändern von Kontoeinstellungen oder das Überweisen von Geldern.",
31
+ "30": "Passwörter sollten als gesalzene kryptografische Hashes gespeichert werden. Klartext und Base64 sind unsicher, und AES-Verschlüsselung ist reversibel, wenn der Schlüssel kompromittiert wird. Gesalzenes Hashing ist eine Einwegfunktion und resistent gegen Rainbow Tables."
32
+ }
package/translations/es/demo-explanations.json CHANGED
@@ -1,32 +1,32 @@
1
1
  {
2
- "1": "RSA es un cifrado asimétrico (de clave pública). AES, DES y Blowfish son cifrados simétricos que usan la misma clave para cifrar y descifrar.",
3
- "2": "SQL injection ocurre cuando la entrada del usuario se inserta directamente en consultas de base de datos sin una sanitización adecuada, lo que permite a los atacantes manipular la consulta.",
4
- "3": "HTTP 403 significa Forbidden (Prohibido) — el servidor entendió la solicitud pero se niega a autorizarla. 401 es Unauthorized (No autorizado), 404 es Not Found (No encontrado), 500 es Internal Server Error (Error interno del servidor).",
5
- "4": "Wireshark es la herramienta estándar para capturar y analizar paquetes de red. Burp Suite es para pruebas web, John the Ripper para descifrar contraseñas y Ghidra para ingeniería inversa.",
6
- "5": "XSS significa Cross-Site Scripting una vulnerabilidad en la que los atacantes inyectan scripts maliciosos en páginas web vistas por otros usuarios.",
7
- "6": "Un Trojan (troyano) se disfraza de software legítimo para engañar a los usuarios y que lo instalen. A diferencia de los gusanos, los Trojan no se autorreplican.",
8
- "7": "SSH (Secure Shell) se ejecuta en el puerto 22 por defecto. El puerto 21 es FTP, 80 es HTTP, 443 es HTTPS.",
9
- "8": "Un hash criptográfico es una función unidireccional que produce un resumen de tamaño fijo. No se puede revertir, a diferencia del cifrado.",
10
- "9": "Two-factor authentication (2FA, autenticación de dos factores) requiere dos tipos distintos de credenciales algo que sabes (contraseña) y algo que tienes (teléfono/token) o algo que eres (biometría).",
11
- "10": "El comando \"netstat -tulpn\" muestra todos los puertos TCP/UDP en escucha con información del proceso. \"ls -la\" lista archivos, \"chmod\" cambia permisos, \"cat /etc/passwd\" muestra cuentas de usuario.",
12
- "11": "Un ataque Man-in-the-Middle intercepta y potencialmente modifica las comunicaciones entre dos partes que creen estar comunicándose directamente entre sí.",
13
- "12": "El principio de mínimo privilegio significa otorgar a los usuarios solo los permisos mínimos necesarios para realizar sus tareas, reduciendo la superficie de ataque.",
14
- "13": "Phishing es un ataque de ingeniería social que engaña a las personas para que revelen información sensible. Buffer overflow, SQL injection y port scanning son ataques técnicos.",
15
- "14": "Una VPN (Virtual Private Network, red privada virtual) crea un túnel cifrado para el tráfico de internet, protegiendo los datos contra la interceptación y ocultando la dirección IP del usuario.",
16
- "15": "Las contraseñas deben almacenarse como hashes con sal. El texto plano y Base64 son inseguros. El cifrado AES es reversible si la clave se ve comprometida, pero el hash con sal es unidireccional.",
2
+ "1": "RSA es un cifrado asimétrico (clave pública). AES, DES y Blowfish son cifrados simétricos que utilizan la misma clave para el cifrado y descifrado.",
3
+ "2": "La inyección SQL ocurre cuando la entrada del usuario se inserta directamente en las consultas de la base de datos sin una desinfección adecuada, lo que permite a los atacantes manipular la consulta.",
4
+ "3": "HTTP 403 significa Forbidden — el servidor entendió la solicitud pero se niega a autorizarla. 401 es Unauthorized, 404 es Not Found, 500 es Internal Server Error.",
5
+ "4": "Un nonce (número utilizado una sola vez) es un valor aleatorio utilizado en protocolos criptográficos para prevenir ataques de repetición asegurando que cada solicitud o mensaje sea único y no pueda ser reutilizado por un atacante.",
6
+ "5": "Wireshark es la herramienta estándar para capturar y analizar paquetes de red. Burp Suite es para pruebas web, John the Ripper para el descifrado de contraseñas, Ghidra para ingeniería inversa.",
7
+ "6": "XSS significa Cross-Site Scripting una vulnerabilidad donde los atacantes inyectan scripts maliciosos en páginas web visualizadas por otros usuarios.",
8
+ "7": "Un firewall filtra el tráfico de red basado en reglas de seguridad, bloqueando el acceso no autorizado mientras permite la comunicación legítima. No cifra, no escanea virus ni acelera las conexiones.",
9
+ "8": "Un Trojan se disfraza de software legítimo para engañar a los usuarios y que lo instalen. A diferencia de los gusanos, los Trojan no se autorreplican.",
10
+ "9": "HTTPS (HTTP Secure) utiliza TLS/SSL para cifrar el tráfico web, protegiendo los datos contra la interceptación y la manipulación. HTTP, FTP y SMTP no son seguros de forma predeterminada.",
11
+ "10": "Un hash criptográfico es una función unidireccional que produce un resumen de tamaño fijo. No se puede revertir, a diferencia del cifrado.",
12
+ "11": "Ghidra es una herramienta de ingeniería inversa y análisis binario desarrollada por la NSA. Nmap escanea puertos, SQLMap prueba la inyección SQL, Nikto escanea servidores web.",
13
+ "12": "El DNS Spoofing (envenenamiento de caché) manipula las respuestas DNS para redirigir a las víctimas a servidores controlados por atacantes. Es distinto de Phishing, SQLi y fuerza bruta.",
14
+ "13": "SSH (Secure Shell) se ejecuta en el puerto 22 por defecto. El puerto 21 es FTP, 80 es HTTP, 443 es HTTPS.",
15
+ "14": "La autenticación de dos factores (2FA) requiere dos tipos distintos de credenciales algo que sabes (contraseña) y algo que tienes (teléfono/token) o eres (biometría).",
16
+ "15": "El comando \"netstat -tulpn\" muestra todos los puertos TCP/UDP de escucha con información de los procesos. \"ls -la\" enumera archivos, \"chmod\" cambia permisos, \"cat /etc/passwd\" muestra las cuentas de usuario.",
17
17
  "16": "Un ataque Man-in-the-Middle (MitM) intercepta y potencialmente modifica las comunicaciones entre dos partes que creen que se están comunicando directamente entre sí.",
18
18
  "17": "SHA-256 es una función hash criptográfica. AES-256 es un cifrado simétrico, RSA-2048 es un cifrado asimétrico y Diffie-Hellman es un protocolo de intercambio de claves.",
19
19
  "18": "El principio de mínimo privilegio significa otorgar a los usuarios solo los permisos mínimos necesarios para realizar sus tareas, reduciendo la superficie de ataque.",
20
- "19": "Nmap es la herramienta estándar de escaneo de puertos. Wireshark captura paquetes, Metasploit es un framework de explotación, y Hashcat es un descifrador de contraseñas.",
21
- "20": "El ransomware cifra los archivos de la víctima y exige un pago (generalmente en criptomonedas) a cambio de la clave de descifrado.",
20
+ "19": "Nmap es la herramienta estándar de escaneo de puertos. Wireshark captura paquetes, Metasploit es un framework de explotación y Hashcat es un craqueador de contraseñas.",
21
+ "20": "El Ransomware cifra los archivos de la víctima y exige un pago (generalmente en criptomonedas) a cambio de la clave de descifrado.",
22
22
  "21": "El cifrado simétrico utiliza una única clave compartida tanto para cifrar como para descifrar. El cifrado asimétrico utiliza un par de claves — una clave pública para cifrar y una clave privada para descifrar.",
23
- "22": "Remote Code Execution (RCE) permite a un atacante ejecutar código arbitrario en un servidor objetivo, lo que a menudo resulta en el compromiso total del sistema. CSRF, clickjacking y open redirect tienen diferentes impactos.",
23
+ "22": "La ejecución remota de código (RCE) permite a un atacante ejecutar código arbitrario en un servidor de destino, lo que a menudo conduce al compromiso total del sistema. CSRF, el clickjacking y el open redirect tienen impactos diferentes.",
24
24
  "23": "OWASP (Open Web Application Security Project) es una organización sin fines de lucro que publica estándares y guías de seguridad web ampliamente utilizados, incluyendo el OWASP Top 10.",
25
- "24": "El comando chmod cambia los permisos de los archivos en Linux. chown cambia la propiedad, chgrp cambia el grupo y passwd cambia las contraseñas de usuario.",
25
+ "24": "El comando chmod cambia los permisos de archivos en Linux. chown cambia el propietario, chgrp cambia el grupo y passwd cambia las contraseñas de usuario.",
26
26
  "25": "Un certificado SSL/TLS es un documento digital emitido por una Autoridad de Certificación de confianza que verifica la identidad de un sitio web y permite conexiones HTTPS cifradas.",
27
- "26": "El Phishing es un ataque de ingeniería social que engaña a las personas para que revelen información confidencial. Buffer overflow, SQL injection y port scanning son ataques técnicos.",
28
- "27": "El comando grep busca patrones de texto en archivos usando expresiones regulares. Es una de las herramientas de procesamiento de texto de Linux más utilizadas.",
29
- "28": "Una VPN (Red Privada Virtual) crea un túnel cifrado para el tráfico de internet, protegiendo los datos de la intercepción y ocultando la dirección IP del usuario.",
30
- "29": "CSRF (Cross-Site Request Forgery) engaña al navegador de un usuario con sesión iniciada para que realice acciones no deseadas en un sitio de confianza, como cambiar la configuración de la cuenta o transferir fondos.",
31
- "30": "Las contraseñas deben almacenarse como hashes criptográficos con salt. El texto plano y Base64 son inseguros, y el cifrado AES es reversible si la clave se ve comprometida. El hashing con salt es unidireccional y resistente a las tablas rainbow."
32
- }
27
+ "26": "El Phishing es un ataque de ingeniería social que engaña a las personas para que revelen información confidencial. El desbordamiento de búfer, la inyección SQL y el escaneo de puertos son ataques técnicos.",
28
+ "27": "El comando grep busca patrones de texto en archivos utilizando expresiones regulares. Es una de las herramientas de procesamiento de texto de Linux más utilizadas.",
29
+ "28": "Una VPN (Virtual Private Network) crea un túnel cifrado para el tráfico de Internet, protegiendo los datos de la interceptación y ocultando la dirección IP del usuario.",
30
+ "29": "El CSRF (Cross-Site Request Forgery) engaña al navegador de un usuario autenticado para que realice acciones no deseadas en un sitio de confianza, como cambiar la configuración de la cuenta o transferir fondos.",
31
+ "30": "Las contraseñas deben almacenarse como hashes criptográficos con sal. El texto plano y Base64 son inseguros, y el cifrado AES es reversible si la clave se ve comprometida. El hashing con sal es unidireccional y resistente a las tablas arcoíris."
32
+ }