def login():
if request.method == 'POST':
errors = []
# team = Teams.query.filter_by(name=request.form['name'], password=sha512(request.form['password'])).first()
team = Teams.query.filter_by(name=request.form['name']).first()
if team and bcrypt_sha256.verify(request.form['password'],
team.password):
# session.regenerate() # NO SESSION FIXATION FOR YOU
session['username'] = team.name
session['id'] = team.id
session['admin'] = team.admin
session['nonce'] = sha512(os.urandom(10))
db.session.close()
logger = logging.getLogger('logins')
logger.warn("[{0}] {1} logged in".format(
time.strftime("%m/%d/%Y %X"),
session['username'].encode('utf-8')))
# if request.args.get('next') and is_safe_url(request.args.get('next')):
# return redirect(request.args.get('next'))
return redirect('/team/{0}'.format(team.id))
else:
errors.append("That account doesn't seem to exist")
db.session.close()
return render_template('login.html', errors=errors)
else:
db.session.close()
return render_template('login.html')
def reset_password(data=None):
if data is not None and request.method == "GET":
return render_template('reset_password.html', mode='set')
if data is not None and request.method == "POST":
try:
s = TimedSerializer(app.config['SECRET_KEY'])
name = s.loads(data.decode('base64'), max_age=1800)
except BadTimeSignature:
return render_template('reset_password.html', errors=['Your link has expired'])
team = Teams.query.filter_by(name=name).first()
team.password = sha512(request.form['password'].strip())
db.session.commit()
db.session.close()
return redirect('/login')
if request.method == 'POST':
email = request.form['email'].strip()
team = Teams.query.filter_by(email=email).first()
if not team:
return render_template('reset_password.html', errors=['Check your email'])
s = TimedSerializer(app.config['SECRET_KEY'])
token = s.dumps(team.name)
text = """
Did you initiate a password reset?
{0}/reset_password/{1}
""".format(app.config['HOST'], token.encode('base64'))
sendmail(email, text)
return render_template('reset_password.html', errors=['Check your email'])
return render_template('reset_password.html')
def reset_password(data=None):
if data is not None and request.method == "GET":
return render_template('reset_password.html', mode='set')
if data is not None and request.method == "POST":
try:
s = TimedSerializer(app.config['SECRET_KEY'])
name = s.loads(data.decode('base64'), max_age=1800)
except BadTimeSignature:
return render_template('reset_password.html', errors=['Your link has expired'])
team = Teams.query.filter_by(name=name).first()
team.password = sha512(request.form['password'].strip())
db.session.commit()
db.session.close()
return redirect('/login')
if request.method == 'POST':
email = request.form['email'].strip()
team = Teams.query.filter_by(email=email).first()
if not team:
return render_template('reset_password.html', errors=['Check your email'])
s = TimedSerializer(app.config['SECRET_KEY'])
token = s.dumps(team.name)
text = """
Did you initiate a password reset?
{0}/reset_password/{1}
""".format(app.config['HOST'], token.encode('base64'))
sendmail(email, text)
return render_template('reset_password.html', errors=['Check your email'])
return render_template('reset_password.html')
def loginAndroid():
errors = []
name = request.form['name']
student = Students.query.filter_by(name=name).first()
if student:
if student and bcrypt_sha256.verify(request.form['password'], student.password):
try:
session.regenerate() # NO SESSION FIXATION FOR YOU
except:
pass # TODO: Some session objects don't implement regenerate :(
session['username'] = student.name
session['id'] = student.id
session['admin'] = student.admin
session['nonce'] = sha512(os.urandom(10))
session.modified = True
db.session.close()
logger = logging.getLogger('logins')
logger.warn("[{0}] {1} logged in".format(time.strftime("%m/%d/%Y %X"), session['username'].encode('utf-8')))
if request.args.get('next') and is_safe_url(request.args.get('next')):
return redirect(request.args.get('next'))
return jsonify({'status': '200', 'nonce': session['nonce']})
else: # This user exists but the password is wrong
errors.append("Your username or password is incorrect")
db.session.close()
return jsonify({'status': '400', 'message': 'Invalid Login'})
else: # This user just doesn't exist
errors.append("Your username or password is incorrect")
db.session.close()
return render_template('login.html', errors=errors)
def login():
if request.method == 'POST':
errors = []
name = request.form['name']
team = Teams.query.filter_by(name=name).first()
if team and bcrypt_sha256.verify(request.form['password'], team.password):
try:
session.regenerate() # NO SESSION FIXATION FOR YOU
except:
pass # TODO: Some session objects don't implement regenerate :(
session['username'] = team.name
session['id'] = team.id
session['admin'] = team.admin
session['nonce'] = sha512(os.urandom(10))
db.session.close()
logger = logging.getLogger('logins')
logger.warn("[{0}] {1} logged in".format(time.strftime("%m/%d/%Y %X"), session['username'].encode('utf-8')))
if request.args.get('next') and is_safe_url(request.args.get('next')):
return redirect(request.args.get('next'))
return redirect(url_for('challenges.challenges_view'))
else:
errors.append("That account doesn't seem to exist")
db.session.close()
return render_template('login.html', errors=errors)
else:
db.session.close()
return render_template('login.html')
def setup():
#if not is_setup():
if request.method == 'POST':
errors = []
## Admin user
name = request.form['name']
adminname = app.config['ADMINNAME']
adminpassword = app.config['ADMINPASSWORD']
epassword = request.form['epassword']
password = base64.decodestring(epassword)
if name == adminname and bcrypt_sha256.verify(
password, adminpassword):
session.parmanent = False
session['username'] = adminname
session['password'] = adminpassword
session['admin'] = 0
session['nonce'] = sha512(os.urandom(10))
flag = Flag.query.first()
if flag == None:
addlmflag = 0
createkeyflag = 0
exportlmcertflag = 0
configIPflag = 0
restartflag = 0
configrouteflag = 0
importCAflag = 0
importsyscertflag = 0
initialUSBKeyflag = 0
importUSBKeyflag = 0
flag = Flag(addlmflag, createkeyflag, exportlmcertflag,
restartflag, configIPflag, configrouteflag,
importCAflag, importsyscertflag,
initialUSBKeyflag, importUSBKeyflag)
db.session.add(flag)
db.session.commit()
flag = Flag.query.first()
count = flag.addlmflag + flag.createkeyflag + flag.exportlmcertflag + flag.restartflag + flag.configIPflag + flag.configrouteflag + flag.importCAflag + flag.importsyscertflag + flag.initialUSBKeyflag + flag.importUSBKeyflag
if count < 1:
return redirect('/initial1')
elif count < 4:
return redirect('/initial2')
elif count < 5:
return redirect('/initial3')
elif count < 6:
return redirect('/initial4')
elif count < 7:
return redirect('/initial5')
elif count < 8:
return redirect('/initial6')
elif count < 10:
return redirect('/initial8')
else:
return redirect('/initial1')
else:
errors.append("用户名或者密码错误。")
db.session.close()
return render_template('setup.html', errors=errors)
else:
db.session.close()
return render_template('setup.html')
def login():
logger = logging.getLogger('logins')
if request.method == 'POST':
errors = []
name = request.form['name']
# Check if the user submitted an email address or a team name
if utils.check_email_format(name) is True:
team = Teams.query.filter_by(email=name).first()
elif utils.check_sno_format(name) is True:
team = Teams.query.filter_by(sno=name).first()
else:
team = Teams.query.filter_by(name=name).first()
if team:
if team and bcrypt_sha256.verify(request.form['password'],
team.password):
try:
session.regenerate() # NO SESSION FIXATION FOR YOU
except:
pass # TODO: Some session objects don't implement regenerate :(
session['username'] = team.name
session['id'] = team.id
session['admin'] = team.admin
session['nonce'] = utils.sha512(os.urandom(10))
db.session.close()
logger.warn("[{date}] {ip} - {username} logged in".format(
date=time.strftime("%m/%d/%Y %X"),
ip=utils.get_ip(),
username=session['username'].encode('utf-8')))
if request.args.get('next') and utils.is_safe_url(
request.args.get('next')):
return redirect(request.args.get('next'))
return redirect(url_for('challenges.challenges_view'))
else: # This user exists but the password is wrong
logger.warn(
"[{date}] {ip} - submitted invalid password for {username}"
.format(date=time.strftime("%m/%d/%Y %X"),
ip=utils.get_ip(),
username=team.name.encode('utf-8')))
errors.append("Your username or password is incorrect")
db.session.close()
return render_template('login.html', errors=errors)
else: # This user just doesn't exist
logger.warn(
"[{date}] {ip} - submitted invalid account information".format(
date=time.strftime("%m/%d/%Y %X"), ip=utils.get_ip()))
errors.append("Your username or password is incorrect")
db.session.close()
return render_template('login.html', errors=errors)
else:
db.session.close()
return render_template('login.html')
def setup():
# with app.app_context():
# admin = Teams.query.filter_by(admin=True).first()
if not is_setup():
if not session.get('nonce'):
session['nonce'] = sha512(os.urandom(10))
if request.method == 'POST':
ctf_name = request.form['ctf_name']
ctf_name = Config('ctf_name', ctf_name)
## CSS
css = Config('start', '')
## Admin user
name = request.form['name']
email = request.form['email']
password = request.form['password']
admin = Teams(name, email, password)
admin.admin = True
admin.banned = True
## Index page
html = request.form['html']
page = Pages('index', html)
#max attempts per challenge
max_tries = Config("max_tries",0)
## Start time
start = Config('start', None)
end = Config('end', None)
## Challenges cannot be viewed by unregistered users
view_challenges_unregistered = Config('view_challenges_unregistered', None)
## Allow/Disallow registration
prevent_registration = Config('prevent_registration', None)
setup = Config('setup', True)
db.session.add(ctf_name)
db.session.add(admin)
db.session.add(page)
db.session.add(max_tries)
db.session.add(start)
db.session.add(end)
db.session.add(view_challenges_unregistered)
db.session.add(prevent_registration)
db.session.add(css)
db.session.add(setup)
db.session.commit()
app.setup = False
return redirect('/')
print(session.get('nonce'))
return render_template('setup.html', nonce=session.get('nonce'))
return redirect('/')
def setup():
# with app.app_context():
# admin = Teams.query.filter_by(admin=True).first()
if not is_setup():
if not session.get('nonce'):
session['nonce'] = sha512(os.urandom(10))
if request.method == 'POST':
ctf_name = request.form['ctf_name']
ctf_name = Config('ctf_name', ctf_name)
## CSS
css = Config('start', '')
## Admin user
name = request.form['name']
email = request.form['email']
password = request.form['password']
admin = Teams(name, email, password)
admin.admin = True
admin.banned = True
## Index page
html = request.form['html']
page = Pages('index', html)
#max attempts per challenge
max_tries = Config("max_tries", 0)
## Start time
start = Config('start', None)
end = Config('end', None)
## Challenges cannot be viewed by unregistered users
view_challenges_unregistered = Config(
'view_challenges_unregistered', None)
## Allow/Disallow registration
prevent_registration = Config('prevent_registration', None)
setup = Config('setup', True)
db.session.add(ctf_name)
db.session.add(admin)
db.session.add(page)
db.session.add(max_tries)
db.session.add(start)
db.session.add(end)
db.session.add(view_challenges_unregistered)
db.session.add(prevent_registration)
db.session.add(css)
db.session.add(setup)
db.session.commit()
app.setup = False
return redirect('/')
print(session.get('nonce'))
return render_template('setup.html', nonce=session.get('nonce'))
return redirect('/')
def setup():
# with app.app_context():
# admin = Teams.query.filter_by(admin=True).first()
if not is_setup():
if not session.get("nonce"):
session["nonce"] = sha512(os.urandom(10))
if request.method == "POST":
ctf_name = request.form["ctf_name"]
ctf_name = Config("ctf_name", ctf_name)
## CSS
css = Config("start", "")
## Admin user
name = request.form["name"]
email = request.form["email"]
password = request.form["password"]
admin = Teams(name, email, password)
admin.admin = True
admin.banned = True
## Index page
html = request.form["html"]
page = Pages("index", html)
# max attempts per challenge
max_tries = Config("max_tries", 0)
## Start time
start = Config("start", None)
end = Config("end", None)
## Challenges cannot be viewed by unregistered users
view_challenges_unregistered = Config("view_challenges_unregistered", None)
## Allow/Disallow registration
prevent_registration = Config("prevent_registration", None)
setup = Config("setup", True)
db.session.add(ctf_name)
db.session.add(admin)
db.session.add(page)
db.session.add(max_tries)
db.session.add(start)
db.session.add(end)
db.session.add(view_challenges_unregistered)
db.session.add(prevent_registration)
db.session.add(css)
db.session.add(setup)
db.session.commit()
app.setup = False
return redirect("/")
print(session.get("nonce"))
return render_template("setup.html", nonce=session.get("nonce"))
return redirect("/")
def register():
if not can_register():
return redirect(url_for('auth.login'))
if request.method == 'POST':
errors = []
name = request.form['name']
email = request.form['email']
schoolCode = request.form['schoolCode']
password = request.form['password']
name_len = len(name) == 0
names = Teams.query.add_columns('name', 'id').filter_by(name=name).first()
emails = Teams.query.add_columns('email', 'id').filter_by(email=email).first()
pass_short = len(password) == 0
pass_long = len(password) > 128
valid_email = re.match("[^@]+@[^@]+\.[^@]+", request.form['email'])
if not valid_email:
errors.append("That email doesn't look right")
if names:
errors.append('That team name is already taken')
if emails:
errors.append('That email has already been used')
if pass_short:
errors.append('Pick a longer password')
if pass_long:
errors.append('Pick a shorter password')
if name_len:
errors.append('Pick a longer team name')
if len(errors) > 0:
return render_template('register.html', errors=errors, name=request.form['name'], email=request.form['email'], schoolCode=request.form['schoolCode'], password=request.form['password'])
else:
with app.app_context():
team = Teams(name, email.lower(), schoolCode, password)
db.session.add(team)
db.session.commit()
db.session.flush()
session['username'] = team.name
session['id'] = team.id
session['admin'] = team.admin
session['nonce'] = sha512(os.urandom(10))
if mailserver() and get_config('verify_emails'):
verify_email(team.email)
else:
if mailserver():
sendmail(request.form['email'], "You've successfully registered for {}".format(get_config('ctf_name')))
db.session.close()
logger = logging.getLogger('regs')
logger.warn("[{0}] {1} registered with {2}".format(time.strftime("%m/%d/%Y %X"), request.form['name'].encode('utf-8'), request.form['email'].encode('utf-8')))
return redirect(url_for('challenges.challenges_view'))
else:
return render_template('register.html')
def register():
if not can_register():
return redirect(url_for('auth.login'))
if request.method == 'POST':
errors = []
name = request.form['name']
email = request.form['email']
password = request.form['password']
name_len = len(name) == 0
names = Teams.query.add_columns('name', 'id').filter_by(name=name).first()
emails = Teams.query.add_columns('email', 'id').filter_by(email=email).first()
pass_short = len(password) == 0
pass_long = len(password) > 128
valid_email = re.match("[^@]+@[^@]+\.[^@]+", request.form['email'])
if not valid_email:
errors.append("That email doesn't look right")
if names:
errors.append('That team name is already taken')
if emails:
errors.append('That email has already been used')
if pass_short:
errors.append('Pick a longer password')
if pass_long:
errors.append('Pick a shorter password')
if name_len:
errors.append('Pick a longer team name')
if len(errors) > 0:
return render_template('register.html', errors=errors, name=request.form['name'], email=request.form['email'], password=request.form['password'])
else:
with app.app_context():
team = Teams(name, email.lower(), password)
db.session.add(team)
db.session.commit()
db.session.flush()
session['username'] = team.name
session['id'] = team.id
session['admin'] = team.admin
session['nonce'] = sha512(os.urandom(10))
if can_send_mail() and get_config('verify_emails'):
verify_email(team.email)
else:
if can_send_mail():
sendmail(request.form['email'], "You've successfully registered for {}".format(get_config('ctf_name')))
db.session.close()
logger = logging.getLogger('regs')
logger.warn("[{0}] {1} registered with {2}".format(time.strftime("%m/%d/%Y %X"), request.form['name'].encode('utf-8'), request.form['email'].encode('utf-8')))
return redirect(url_for('challenges.challenges_view'))
else:
return render_template('register.html')
def setup():
# with app.app_context():
# admin = Teams.query.filter_by(admin=True).first()
if not is_setup():
if not session.get('nonce'):
session['nonce'] = sha512(os.urandom(10))
if request.method == 'POST':
ctf_name = request.form['ctf_name']
ctf_name = set_config('ctf_name', ctf_name)
## CSS
css = set_config('start', '')
## Admin user
name = request.form['name']
email = request.form['email']
password = request.form['password']
admin = Teams(name, email, password)
admin.admin = True
admin.banned = True
#max attempts per challenge
max_tries = set_config("max_tries",0)
## Start time
start = set_config('start', None)
end = set_config('end', None)
## Challenges cannot be viewed by unregistered users
view_challenges_unregistered = set_config('view_challenges_unregistered', None)
## Allow/Disallow registration
prevent_registration = set_config('prevent_registration', None)
## Verify emails
verify_emails = set_config('verify_emails', None)
mail_server = set_config('mail_server', None)
mail_port = set_config('mail_port', None)
mail_tls = set_config('mail_tls', None)
mail_ssl = set_config('mail_ssl', None)
mail_username = set_config('mail_username', None)
mail_password = set_config('mail_password', None)
setup = set_config('setup', True)
db.session.add(page)
db.session.add(admin)
db.session.commit()
app.setup = False
return redirect('/')
return render_template('setup.html', nonce=session.get('nonce'))
return redirect('/')
def setup():
# with app.app_context():
# admin = Teams.query.filter_by(admin=True).first()
if not is_setup():
if not session.get('nonce'):
session['nonce'] = sha512(os.urandom(10))
if request.method == 'POST':
ctf_name = request.form['ctf_name']
ctf_name = set_config('ctf_name', ctf_name)
## CSS
css = set_config('start', '')
## Admin user
name = request.form['name']
email = request.form['email']
password = request.form['password']
admin = Teams(name, email, password)
admin.admin = True
admin.banned = True
#max attempts per challenge
max_tries = set_config("max_tries", 0)
## Start time
start = set_config('start', None)
end = set_config('end', None)
## Challenges cannot be viewed by unregistered users
view_challenges_unregistered = set_config(
'view_challenges_unregistered', None)
## Allow/Disallow registration
prevent_registration = set_config('prevent_registration', None)
## Verify emails
verify_emails = set_config('verify_emails', None)
mail_server = set_config('mail_server', None)
mail_port = set_config('mail_port', None)
mail_tls = set_config('mail_tls', None)
mail_ssl = set_config('mail_ssl', None)
mail_username = set_config('mail_username', None)
mail_password = set_config('mail_password', None)
setup = set_config('setup', True)
db.session.add(page)
db.session.add(admin)
db.session.commit()
app.setup = False
return redirect('/')
return render_template('setup.html', nonce=session.get('nonce'))
return redirect('/')
def register():
logger = logging.getLogger('regs')
if not utils.can_register():
return redirect(url_for('auth.login'))
if request.method == 'POST':
errors = []
name = request.form['name']
password = request.form['password']
name_len = len(name) == 0
names = Teams.query.add_columns('name',
'id').filter_by(name=name).first()
pass_short = len(password) == 0
pass_long = len(password) > 128
if names:
errors.append('That team name is already taken')
if pass_short:
errors.append('Pick a longer password')
if pass_long:
errors.append('Pick a shorter password')
if name_len:
errors.append('Pick a longer team name')
if len(errors) > 0:
return render_template('register.html',
errors=errors,
name=request.form['name'],
password=request.form['password'])
else:
with app.app_context():
team = Teams(name, password)
db.session.add(team)
db.session.commit()
db.session.flush()
session['username'] = team.name
session['id'] = team.id
session['admin'] = team.admin
session['nonce'] = utils.sha512(os.urandom(10))
logger.warn("[{date}] {ip} - {username} registered".format(
date=time.strftime("%m/%d/%Y %X"),
ip=utils.get_ip(),
username=request.form['name'].encode('utf-8')))
db.session.close()
return redirect(url_for('challenges.challenges_view'))
else:
return render_template('register.html')
def admin():
if request.method == 'POST':
username = request.form.get('name')
password = request.form.get('password')
admin = Teams.query.filter_by(name=request.form['name'],
admin=True).first()
if admin and bcrypt_sha256.verify(request.form['password'],
admin.password):
session.regenerate() # NO SESSION FIXATION FOR YOU
session['username'] = admin.name
session['id'] = admin.id
session['admin'] = True
session['nonce'] = sha512(os.urandom(10))
db.session.close()
return redirect('/admin/graphs')
if is_admin():
return redirect('/admin/graphs')
return render_template('admin/login.html')
def admin_view():
if request.method == 'POST':
username = request.form.get('name')
password = request.form.get('password')
admin_user= Teams.query.filter_by(name=request.form['name'], admin=True).first()
if admin_user and bcrypt_sha256.verify(request.form['password'], admin_user.password):
try:
session.regenerate() # NO SESSION FIXATION FOR YOU
except:
pass # TODO: Some session objects dont implement regenerate :(
session['username'] = admin_user.name
session['id'] = admin_user.id
session['admin'] = True
session['nonce'] = sha512(os.urandom(10))
db.session.close()
return redirect('/admin/graphs')
if is_admin():
return redirect('/admin/graphs')
return render_template('admin/login.html')
def admin_view():
if request.method == 'POST':
username = request.form.get('name')
password = request.form.get('password')
admin_user = Teams.query.filter_by(name=request.form['name'],
admin=True).first()
if admin_user and bcrypt_sha256.verify(request.form['password'],
admin_user.password):
try:
session.regenerate() # NO SESSION FIXATION FOR YOU
except:
pass # TODO: Some session objects dont implement regenerate :(
session['username'] = admin_user.name
session['id'] = admin_user.id
session['admin'] = True
session['nonce'] = sha512(os.urandom(10))
db.session.close()
return redirect(url_for('admin.admin_graphs'))
if is_admin():
return redirect(url_for('admin.admin_graphs'))
return render_template('admin/login.html')
def login():
if request.method == 'POST':
errors = []
name = request.form['name']
team = Teams.query.filter_by(name=name).first()
if team:
if team and bcrypt_sha256.verify(request.form['password'], team.password):
try:
session.regenerate() # NO SESSION FIXATION FOR YOU
except:
pass # TODO: Some session objects don't implement regenerate :(
session['username'] = team.name
session['id'] = team.id
session['admin'] = team.admin
session['mentor'] = team.mentor
print team.mentor
session['nonce'] = utils.sha512(os.urandom(10))
db.session.close()
logger = logging.getLogger('logins')
logger.warn("[{0}] {1} logged in".format(time.strftime("%m/%d/%Y %X"), session['username'].encode('utf-8')))
if request.args.get('next') and utils.is_safe_url(request.args.get('next')):
return redirect(request.args.get('next'))
return redirect(url_for('views.index', welcome=1))
else: # This user exists but the password is wrong
errors.append("Your username or password is incorrect")
db.session.close()
return render_template('login.html', errors=errors)
else: # This user just doesn't exist
errors.append("Your username or password is incorrect")
db.session.close()
return render_template('login.html', errors=errors)
else:
db.session.close()
return render_template('login.html')
def setup():
# with app.app_context():
# admin = Teams.query.filter_by(admin=True).first()
if not utils.is_setup():
if not session.get('nonce'):
session['nonce'] = utils.sha512(os.urandom(10))
if request.method == 'POST':
ctf_name = request.form['ctf_name']
ctf_name = utils.set_config('ctf_name', ctf_name)
# CSS
css = utils.set_config('start', '')
# Admin user
name = request.form['name']
email = request.form['email']
password = request.form['password']
admin = Teams(name, email, password)
admin.admin = True
admin.banned = True
# Index page
page = Pages(
'index', """<div class="container main-container">
<img class="logo" src="themes/original/static/img/logo.png" />
<h3 class="text-center">
<p>Demon CTF <a href="http://demonteam.org">demonteam.org</a></p>
</h3>
<br>
<h4 class="text-center">
<a href="admin">Click here</a> to login and setup your CTF
</h4>
</div>""".format(request.script_root))
# max attempts per challenge
max_tries = utils.set_config('max_tries', 0)
# Start time
start = utils.set_config('start', None)
end = utils.set_config('end', None)
freeze = utils.set_config('freeze', None)
# Challenges cannot be viewed by unregistered users
view_challenges_unregistered = utils.set_config(
'view_challenges_unregistered', None)
# Allow/Disallow registration
prevent_registration = utils.set_config('prevent_registration',
None)
# Verify emails
verify_emails = utils.set_config('verify_emails', None)
mail_server = utils.set_config('mail_server', None)
mail_port = utils.set_config('mail_port', None)
mail_tls = utils.set_config('mail_tls', None)
mail_ssl = utils.set_config('mail_ssl', None)
mail_username = utils.set_config('mail_username', None)
mail_password = utils.set_config('mail_password', None)
mail_useauth = utils.set_config('mail_useauth', None)
setup = utils.set_config('setup', True)
db.session.add(page)
db.session.add(admin)
db.session.commit()
session['username'] = admin.name
session['id'] = admin.id
session['admin'] = admin.admin
session['nonce'] = utils.sha512(os.urandom(10))
db.session.close()
app.setup = False
with app.app_context():
cache.clear()
return redirect(url_for('views.static_html'))
return render_template('setup.html', nonce=session.get('nonce'))
return redirect(url_for('views.static_html'))
def setup():
# with app.app_context():
# admin = Teams.query.filter_by(admin=True).first()
if not is_setup():
if not session.get('nonce'):
session['nonce'] = sha512(os.urandom(10))
if request.method == 'POST':
ctf_name = request.form['ctf_name']
ctf_name = set_config('ctf_name', ctf_name)
flag_format = request.form['flag_format']
flag_format = set_config('flag_format', flag_format)
# CSS
css = set_config('start', '')
# Admin user
name = request.form['name']
email = request.form['email']
password = request.form['password']
admin = Teams(name, email, password)
admin.admin = True
admin.banned = True
# Index page
page = Pages(
'index', """
<img class="logo" src="{0}/static/original/img/logo.png" />
<h3 class="text-center">
Welcome to the THC CTF 2017 !
</h3>
<br/>
<h6 class="text-center">
<a href="https://github.com/ToulouseHackingConvention/CTFd/">scoreboard</a> based on <a href="https://github.com/isislab/CTFd">CTFd</a> and modified by <a href="https://github.com/arthaud">maxima</a>, <a href="https://github.com/palkeo">palkeo</a> and <a href="https://github.com/zadlg">zadig</a>.
</h6>""".format(request.script_root))
# max attempts per challenge
max_tries = set_config("max_tries", 0)
# Start time
start = set_config('start', None)
end = set_config('end', None)
# Challenges cannot be viewed by unregistered users
view_challenges_unregistered = set_config(
'view_challenges_unregistered', None)
# Allow/Disallow registration
prevent_registration = set_config('prevent_registration', None)
# Verify emails
verify_emails = set_config('verify_emails', None)
mail_server = set_config('mail_server', None)
mail_port = set_config('mail_port', None)
mail_tls = set_config('mail_tls', None)
mail_ssl = set_config('mail_ssl', None)
mail_username = set_config('mail_username', None)
mail_password = set_config('mail_password', None)
setup = set_config('setup', True)
db.session.add(page)
db.session.add(admin)
db.session.commit()
db.session.close()
app.setup = False
with app.app_context():
cache.clear()
return redirect(url_for('views.index'))
return render_template('setup.html', nonce=session.get('nonce'))
return redirect(url_for('views.index'))
def setup():
# with app.app_context():
# admin = Teams.query.filter_by(admin=True).first()
if not is_setup():
if not session.get('nonce'):
session['nonce'] = sha512(os.urandom(10))
if request.method == 'POST':
ctf_name = request.form['ctf_name']
ctf_name = set_config('ctf_name', ctf_name)
## CSS
css = set_config('start', '')
## Admin user
name = request.form['name']
email = request.form['email']
password = request.form['password']
admin = Teams(name, email, password)
admin.admin = True
admin.banned = True
## Index page
page = Pages('index', """<div class="container main-container">
<img class="logo" src="/static/img/logo.png" />
<h3 class="text-center">
Welcome to a cool CTF framework written by <a href="https://github.com/ColdHeat">Kevin Chung</a> of <a href="https://github.com/isislab">@isislab</a>
</h3>
<h4 class="text-center">
<a href="/admin">Click here</a> to login and setup your CTF
</h4>
</div>""")
#max attempts per challenge
max_tries = set_config("max_tries",0)
## Start time
start = set_config('start', None)
end = set_config('end', None)
## Challenges cannot be viewed by unregistered users
view_challenges_unregistered = set_config('view_challenges_unregistered', None)
## Allow/Disallow registration
prevent_registration = set_config('prevent_registration', None)
## Verify emails
verify_emails = set_config('verify_emails', None)
mail_server = set_config('mail_server', None)
mail_port = set_config('mail_port', None)
mail_tls = set_config('mail_tls', None)
mail_ssl = set_config('mail_ssl', None)
mail_username = set_config('mail_username', None)
mail_password = set_config('mail_password', None)
setup = set_config('setup', True)
db.session.add(page)
db.session.add(admin)
db.session.commit()
app.setup = False
return redirect('/')
return render_template('setup.html', nonce=session.get('nonce'))
return redirect('/')
def setup():
# with app.app_context():
# admin = Teams.query.filter_by(admin=True).first()
if not utils.is_setup():
if not session.get('nonce'):
session['nonce'] = utils.sha512(os.urandom(10))
if request.method == 'POST':
ctf_name = request.form['ctf_name']
ctf_name = utils.set_config('ctf_name', ctf_name)
# CSS
css = utils.set_config('start', '')
# Admin user
name = request.form['name']
email = request.form['email']
password = request.form['password']
admin = Teams(name, email, password)
admin.admin = True
admin.banned = True
# Index page
index = """<div class="row">
<div class="col-md-12">
<img class="w-100 mx-auto d-block" style="max-width: 500px;padding: 50px;padding-top: 14vh;" src="themes/core/static/img/logo.png" />
<br>
<h3 class="text-center">
<div style='font-size:0;'>
<div style='width:100%; margin:0 auto 0 auto; text-align:center; display:inline-block;'>
<a href='https://interferencias.tech/'><img src='themes/core/static/img/interferencias.png' height="200px" alt='Logo Interferencias'></a>
<a href='http://www.hackingdesdecero.org/'><img src='themes/core/static/img/hdc.png' height="190px" alt='Logo HDC'></a>
</div>
</div>
</h3>
</div>
</div>""".format(request.script_root)
page = Pages(title=None, route='index', html=index, draft=False)
# max attempts per challenge
max_tries = utils.set_config('max_tries', 0)
# Start time
start = utils.set_config('start', None)
end = utils.set_config('end', None)
freeze = utils.set_config('freeze', None)
# Challenges cannot be viewed by unregistered users
view_challenges_unregistered = utils.set_config(
'view_challenges_unregistered', None)
# Allow/Disallow registration
prevent_registration = utils.set_config('prevent_registration',
None)
# Verify emails
verify_emails = utils.set_config('verify_emails', None)
mail_server = utils.set_config('mail_server', None)
mail_port = utils.set_config('mail_port', None)
mail_tls = utils.set_config('mail_tls', None)
mail_ssl = utils.set_config('mail_ssl', None)
mail_username = utils.set_config('mail_username', None)
mail_password = utils.set_config('mail_password', None)
mail_useauth = utils.set_config('mail_useauth', None)
setup = utils.set_config('setup', True)
db.session.add(page)
db.session.add(admin)
db.session.commit()
session['username'] = admin.name
session['id'] = admin.id
session['admin'] = admin.admin
session['nonce'] = utils.sha512(os.urandom(10))
db.session.close()
app.setup = False
with app.app_context():
cache.clear()
return redirect(url_for('views.static_html'))
return render_template('setup.html', nonce=session.get('nonce'))
return redirect(url_for('views.static_html'))
def setup():
# with app.app_context():
# admin = Teams.query.filter_by(admin=True).first()
if not utils.is_setup():
if not session.get('nonce'):
session['nonce'] = utils.sha512(os.urandom(10))
if request.method == 'POST':
ctf_name = request.form['ctf_name']
ctf_name = utils.set_config('ctf_name', ctf_name)
# CSS
css = utils.set_config('start', '')
# Admin user
name = request.form['name']
email = request.form['email']
password = request.form['password']
admin = Teams(name, email, password, '', '')
admin.admin = True
admin.banned = True
# Index page
index = """<div class="row">
<div class="col-md-6 offset-md-3">
<img class="w-100 mx-auto d-block" style="max-width: 500px;padding: 50px;padding-top: 14vh;" src="themes/core/static/img/logo.jpg" />
<h3 class="text-center">
一个正经的CTF平台
</h3>
<br>
</div>
</div>""".format(request.script_root)
page = Pages(title=None, route='index', html=index, draft=False)
# max attempts per challenge
max_tries = utils.set_config('max_tries', 0)
# Start time
start = utils.set_config('start', None)
end = utils.set_config('end', None)
freeze = utils.set_config('freeze', None)
# Challenges cannot be viewed by unregistered users
view_challenges_unregistered = utils.set_config(
'view_challenges_unregistered', None)
# Allow/Disallow registration
prevent_registration = utils.set_config('prevent_registration',
None)
# Verify emails
verify_emails = utils.set_config('verify_emails', None)
mail_server = utils.set_config('mail_server', None)
mail_port = utils.set_config('mail_port', None)
mail_tls = utils.set_config('mail_tls', None)
mail_ssl = utils.set_config('mail_ssl', None)
mail_username = utils.set_config('mail_username', None)
mail_password = utils.set_config('mail_password', None)
mail_useauth = utils.set_config('mail_useauth', None)
setup = utils.set_config('setup', True)
db.session.add(page)
db.session.add(admin)
db.session.commit()
session['username'] = admin.name
session['id'] = admin.id
session['admin'] = admin.admin
session['nonce'] = utils.sha512(os.urandom(10))
db.session.close()
app.setup = False
with app.app_context():
cache.clear()
return redirect(url_for('views.static_html'))
return render_template('setup.html', nonce=session.get('nonce'))
return redirect(url_for('views.static_html'))
def setup():
# with app.app_context():
# admin = Teams.query.filter_by(admin=True).first()
if not is_setup():
if not session.get('nonce'):
session['nonce'] = sha512(os.urandom(10))
if request.method == 'POST':
ctf_name = request.form['ctf_name']
ctf_name = set_config('ctf_name', ctf_name)
# CSS
css = set_config('start', '')
# Admin user
name = request.form['name']
email = request.form['email']
password = request.form['password']
section = Sections(0, 123)
db.session.add(section)
db.session.commit()
team = Teams("admin", section.sectionNumber)
db.session.add(team)
db.session.commit()
admin = Students(name, email, password, team.id, section.sectionNumber)
admin.admin = True
admin.banned = True
# Index page
page = Pages('index', """<div class="container main-container">
<img class="logo" src="{0}/static/original/img/logo.png" />
<h3 class="text-center">
Welcome to a cool CTF framework written by <a href="https://github.com/ColdHeat">Kevin Chung</a> of <a href="https://github.com/isislab">@isislab</a>
<br>
Modified for educational use by <a href="https://github.com/camgeehr">Cameron Geehr</a>, <a href="https://github.com/jaboyles">Jacob Boyles</a>, and <a href="https://github.com/bgoulds">Brian Gouldsberry</a>
</h3>
</div>""".format(request.script_root))
# max attempts per challenge
max_tries = set_config("max_tries", 0)
# Start time
start = set_config('start', None)
end = set_config('end', None)
# Challenges cannot be viewed by unregistered users
view_challenges_unregistered = set_config('view_challenges_unregistered', None)
# Allow/Disallow registration
prevent_registration = set_config('prevent_registration', None)
# Verify emails
verify_emails = set_config('verify_emails', None)
mail_server = set_config('mail_server', None)
mail_port = set_config('mail_port', None)
mail_tls = set_config('mail_tls', None)
mail_ssl = set_config('mail_ssl', None)
mail_username = set_config('mail_username', None)
mail_password = set_config('mail_password', None)
setup = set_config('setup', True)
db.session.add(page)
db.session.add(admin)
db.session.commit()
db.session.close()
app.setup = False
with app.app_context():
cache.clear()
return redirect(url_for('views.static_html'))
return render_template('setup.html', nonce=session.get('nonce'), setup=True)
return redirect(url_for('views.static_html'))
def register():
logger = logging.getLogger('regs')
if not utils.can_register():
return redirect(url_for('auth.login'))
if request.method == 'POST':
errors = []
name = request.form['name']
email = request.form['email']
password = request.form['password']
name_len = len(name) == 0
names = Teams.query.add_columns('name', 'id').filter_by(name=name).first()
emails = Teams.query.add_columns('email', 'id').filter_by(email=email).first()
pass_short = len(password) == 0
pass_long = len(password) > 128
valid_email = re.match(r"(^[a-zA-Z0-9_.+-]+@[a-zA-Z0-9-]+\.[a-zA-Z0-9-.]+$)", request.form['email'])
if not valid_email:
errors.append("That email doesn't look right")
if names:
errors.append('That team name is already taken')
if emails:
errors.append('That email has already been used')
if pass_short:
errors.append('Pick a longer password')
if pass_long:
errors.append('Pick a shorter password')
if name_len:
errors.append('Pick a longer team name')
if len(errors) > 0:
return render_template('register.html', errors=errors, name=request.form['name'], email=request.form['email'], password=request.form['password'])
else:
with app.app_context():
team = Teams(name, email.lower(), password)
db.session.add(team)
db.session.commit()
db.session.flush()
session['username'] = team.name
session['id'] = team.id
session['admin'] = team.admin
session['nonce'] = utils.sha512(os.urandom(10))
if utils.can_send_mail() and utils.get_config('verify_emails'): # Confirming users is enabled and we can send email.
logger = logging.getLogger('regs')
logger.warn("[{date}] {ip} - {username} registered (UNCONFIRMED) with {email}".format(
date=time.strftime("%m/%d/%Y %X"),
ip=utils.get_ip(),
username=request.form['name'].encode('utf-8'),
email=request.form['email'].encode('utf-8')
))
utils.verify_email(team.email)
db.session.close()
return redirect(url_for('auth.confirm_user'))
else: # Don't care about confirming users
if utils.can_send_mail(): # We want to notify the user that they have registered.
utils.sendmail(request.form['email'], "You've successfully registered for {}".format(utils.get_config('ctf_name')))
logger.warn("[{date}] {ip} - {username} registered with {email}".format(
date=time.strftime("%m/%d/%Y %X"),
ip=utils.get_ip(),
username=request.form['name'].encode('utf-8'),
email=request.form['email'].encode('utf-8')
))
db.session.close()
return redirect(url_for('contests.contests_view'))
else:
return render_template('register.html')
def register_smart():
logger = logging.getLogger('regs')
if not utils.can_register():
return redirect(url_for('auth.login'))
if request.method == 'POST':
errors = []
name = request.form['name']
email = request.form['email']
password = request.form['password']
color = request.form['color']
school = request.form['school']
image = request.form['image']
#school = request.form['school']
if not color in teamColors:
color = "RED"
if not image in teamImages:
image = "HULK"
name_len = len(name) == 0
names = Teams.query.add_columns('name',
'id').filter_by(name=name).first()
emails = Teams.query.add_columns('email',
'id').filter_by(email=email).first()
smart_color = SmartCityTeam.query.filter_by(color=color).first()
smart_image = SmartCityTeam.query.filter_by(image=image).first()
#challenge = SmartCityChallenge.query.filter_by(id=challenge.id).first()
pass_short = len(password) == 0
pass_long = len(password) > 128
valid_email = utils.check_email_format(request.form['email'])
team_name_email_check = utils.check_email_format(name)
if not valid_email:
errors.append("Please enter a valid email address")
if names:
errors.append('That team name is already taken')
if team_name_email_check is True:
errors.append('Your team name cannot be an email address')
if emails:
errors.append('That email has already been used')
if pass_short:
errors.append('Pick a longer password')
if pass_long:
errors.append('Pick a shorter password')
if name_len:
errors.append('Pick a longer team name')
if smart_color:
if not Teams.query.filter_by(id=smart_color.teamId).first().admin:
errors.append(
'Color unavailable. The following colors are available: \n'
+ getAvailableColors())
if smart_image:
if not Teams.query.filter_by(id=smart_image.teamId).first().admin:
errors.append('That image is already taken')
if len(errors) > 0:
return render_template('register.html',
errors=errors,
name=request.form['name'],
email=request.form['email'],
password=request.form['password'])
else:
with app.app_context():
team = Teams(name, email.lower(), password)
db.session.add(team)
db.session.commit()
db.session.flush()
smart_team = SmartCityTeam(team.id, team.name, color, image,
school)
db.session.add(smart_team)
db.session.commit()
db.session.flush()
session['username'] = team.name
session['id'] = team.id
session['admin'] = team.admin
session['nonce'] = utils.sha512(os.urandom(10))
if utils.can_send_mail() and utils.get_config(
'verify_emails'
): # Confirming users is enabled and we can send email.
logger = logging.getLogger('regs')
logger.warn(
"[{date}] {ip} - {username} registered (UNCONFIRMED) with {email}"
.format(date=time.strftime("%m/%d/%Y %X"),
ip=utils.get_ip(),
username=request.form['name'].encode('utf-8'),
email=request.form['email'].encode('utf-8')))
utils.verify_email(team.email)
db.session.close()
return redirect(url_for('auth.confirm_user'))
else: # Don't care about confirming users
if utils.can_send_mail(
): # We want to notify the user that they have registered.
utils.sendmail(
request.form['email'],
"You've successfully registered for {}".format(
utils.get_config('ctf_name')))
logger.warn(
"[{date}] {ip} - {username} registered with {email}".format(
date=time.strftime("%m/%d/%Y %X"),
ip=utils.get_ip(),
username=request.form['name'].encode('utf-8'),
email=request.form['email'].encode('utf-8')))
db.session.close()
return redirect(url_for('challenges.challenges_view'))
else:
return render_template('register.html')
def register():
if not utils.can_register():
return redirect(url_for('auth.login'))
if request.method == 'POST':
errors = []
name = request.form['name']
email = request.form['email']
password = request.form['password']
name_len = len(name) == 0
names = Teams.query.add_columns('name', 'id').filter_by(name=name).first()
emails = Teams.query.add_columns('email', 'id').filter_by(email=email).first()
pass_short = len(password) == 0
pass_long = len(password) > 128
valid_email = re.match(r"(^[a-zA-Z0-9_.+-]+@[a-zA-Z0-9-]+\.[a-zA-Z0-9-.]+$)", request.form['email'])
if not valid_email:
errors.append("That email doesn't look right")
if names:
errors.append('That team name is already taken')
if emails:
errors.append('That email has already been used')
if pass_short:
errors.append('Pick a longer password')
if pass_long:
errors.append('Pick a shorter password')
if name_len:
errors.append('Pick a longer team name')
if len(errors) > 0:
return render_template('register.html', errors=errors, name=request.form['name'], email=request.form['email'], password=request.form['password'])
else:
with app.app_context():
team = Teams(name, email.lower(), password)
db.session.add(team)
db.session.commit()
db.session.flush()
session['username'] = team.name
session['id'] = team.id
session['admin'] = team.admin
session['nonce'] = utils.sha512(os.urandom(10))
if utils.can_send_mail() and utils.get_config('verify_emails'): # Confirming users is enabled and we can send email.
db.session.close()
logger = logging.getLogger('regs')
logger.warn("[{0}] {1} registered (UNCONFIRMED) with {2}".format(time.strftime("%m/%d/%Y %X"),
request.form['name'].encode('utf-8'),
request.form['email'].encode('utf-8')))
utils.verify_email(team.email)
return redirect(url_for('auth.confirm_user'))
else: # Don't care about confirming users
if utils.can_send_mail(): # We want to notify the user that they have registered.
utils.sendmail(request.form['email'], "You've successfully registered for {}".format(utils.get_config('ctf_name')))
db.session.close()
logger = logging.getLogger('regs')
logger.warn("[{0}] {1} registered with {2}".format(time.strftime("%m/%d/%Y %X"), request.form['name'].encode('utf-8'), request.form['email'].encode('utf-8')))
return redirect(url_for('challenges.challenges_view'))
else:
return render_template('register.html')
def register():
logger = logging.getLogger('regs')
if not utils.can_register():
return redirect(url_for('auth.login'))
if request.method == 'POST':
errors = []
name = request.form['name']
sno = request.form['sno']
email = request.form['email']
password = request.form['password']
name_len = len(name) == 0
names = Teams.query.add_columns('name',
'id').filter_by(name=name).first()
valid_sno = utils.check_sno_format(request.form['sno'])
snos = Teams.query.add_columns('sno', 'id').filter_by(sno=sno).first()
emails = Teams.query.add_columns('email',
'id').filter_by(email=email).first()
pass_short = len(password) == 0
pass_long = len(password) > 128
valid_email = utils.check_email_format(request.form['email'])
team_name_email_check = utils.check_email_format(name)
if not valid_sno:
errors.append("Please enter a valid student ID")
if not valid_email:
errors.append("Please enter a valid email address")
if names or snos:
errors.append('That nick/user is already taken')
if team_name_email_check is True:
errors.append('Your team name cannot be an email address')
if emails:
errors.append('That email has already been used')
if pass_short:
errors.append('Pick a longer password')
if pass_long:
errors.append('Pick a shorter password')
if name_len:
errors.append('Pick a longer team name')
if len(errors) > 0:
return render_template('register.html',
errors=errors,
name=request.form['name'],
email=request.form['email'],
password=request.form['password'])
else:
with app.app_context():
team = Teams(name, sno, email.lower(), password)
db.session.add(team)
db.session.commit()
db.session.flush()
session['username'] = team.name
session['sno'] = team.sno
session['id'] = team.id
session['admin'] = team.admin
session['nonce'] = utils.sha512(os.urandom(10))
if utils.can_send_mail() and utils.get_config(
'verify_emails'
): # Confirming users is enabled and we can send email.
logger = logging.getLogger('regs')
logger.warn(
"[{date}] {ip} - {username}/{sno} registered (UNCONFIRMED) with {email}"
.format(date=time.strftime("%m/%d/%Y %X"),
ip=utils.get_ip(),
username=request.form['name'].encode('utf-8'),
sno=request.form['sno'].encode('utf-8'),
email=request.form['email'].encode('utf-8')))
utils.verify_email(team.email)
db.session.close()
return redirect(url_for('auth.confirm_user'))
else: # Don't care about confirming users
if utils.can_send_mail(
): # We want to notify the user that they have registered.
utils.sendmail(
request.form['email'],
"You've successfully registered for {}".format(
utils.get_config('ctf_name')))
logger.warn(
"[{date}] {ip} - {username}/{sno} registered with {email}".format(
date=time.strftime("%m/%d/%Y %X"),
ip=utils.get_ip(),
username=request.form['name'].encode('utf-8'),
sno=request.form['sno'].encode('utf-8'),
email=request.form['email'].encode('utf-8')))
db.session.close()
return redirect(url_for('challenges.challenges_view'))
else:
return render_template('register.html')
def register():
if not can_register():
return redirect(url_for("auth.login"))
if request.method == "POST":
errors = []
name = request.form["name"]
email = request.form["email"]
password = request.form["password"]
bracket = request.form["bracket"]
country = request.form["country"]
affiliation = request.form["affiliation"]
name_len = len(name) == 0
names = Teams.query.add_columns("name", "id").filter_by(name=name).first()
emails = Teams.query.add_columns("email", "id").filter_by(email=email).first()
pass_short = len(password) == 0
pass_long = len(password) > 128
valid_email = re.match("[^@]+@[^@]+\.[^@]+", request.form["email"])
bracket_exists = bracket in brackets
country_exists = country in countries
print country_exists
print country
if not valid_email:
errors.append("That email doesn't look right")
if names:
errors.append("That team name is already taken")
if emails:
errors.append("That email has already been used")
if pass_short:
errors.append("Pick a longer password")
if pass_long:
errors.append("Pick a shorter password")
if name_len:
errors.append("Pick a longer team name")
if not bracket_exists:
errors.append("Please select a valid bracket")
if not country_exists:
errors.append("Please select a valid country")
if len(errors) > 0:
return render_template(
"register.html",
errors=errors,
name=request.form["name"],
email=request.form["email"],
password=request.form["password"],
brackets=brackets,
countries=countries,
)
else:
with app.app_context():
team = Teams(name, email.lower(), password, bracket, country, affiliation)
db.session.add(team)
db.session.commit()
db.session.flush()
session["username"] = team.name
session["id"] = team.id
session["admin"] = team.admin
session["nonce"] = sha512(os.urandom(10))
if mailserver() and get_config("verify_emails"):
verify_email(team.email)
else:
if mailserver():
sendmail(
request.form["email"],
"You've successfully registered for {}".format(get_config("ctf_name")),
)
db.session.close()
logger = logging.getLogger("regs")
logger.warn(
"[{0}] {1} registered with {2}".format(
time.strftime("%m/%d/%Y %X"),
request.form["name"].encode("utf-8"),
request.form["email"].encode("utf-8"),
)
)
return redirect(url_for("challenges.challenges_view"))
else:
return render_template("register.html", brackets=brackets, countries=countries)
def register():
logger = logging.getLogger('regs')
if not utils.can_register():
return redirect(url_for('auth.login'))
if request.method == 'POST':
errors = []
name = request.form['name']
email = request.form['email']
password = request.form['password']
name_len = len(name) == 0
names = Teams.query.add_columns('name',
'id').filter_by(name=name).first()
emails = Teams.query.add_columns('email',
'id').filter_by(email=email).first()
pass_short = len(password) == 0
pass_long = len(password) > 128
valid_email = utils.check_email_format(request.form['email'])
team_name_email_check = utils.check_email_format(name)
if not valid_email:
errors.append("邮箱格式不正确")
if names:
errors.append('用户名已被其他用户使用')
if team_name_email_check is True:
errors.append('用户名不能和邮箱一样')
if emails:
errors.append('邮箱已被其他用户使用')
if pass_short:
errors.append('密码长度不够')
if pass_long:
errors.append('密码长度超过上限')
if name_len:
errors.append('用户名长度不够')
if len(errors) > 0:
return render_template('register.html',
errors=errors,
name=request.form['name'],
email=request.form['email'],
password=request.form['password'])
else:
with app.app_context():
team = Teams(name, email.lower(), password)
db.session.add(team)
db.session.commit()
db.session.flush()
session['username'] = team.name
session['id'] = team.id
session['admin'] = team.admin
session['nonce'] = utils.sha512(os.urandom(10))
if utils.can_send_mail() and utils.get_config(
'verify_emails'
): # Confirming users is enabled and we can send email.
logger = logging.getLogger('regs')
logger.warn(
"[{date}] {ip} - {username} registered (UNCONFIRMED) with {email}"
.format(date=time.strftime("%m/%d/%Y %X"),
ip=utils.get_ip(),
username=request.form['name'].encode('utf-8'),
email=request.form['email'].encode('utf-8')))
utils.verify_email(team.email)
db.session.close()
return redirect(url_for('auth.confirm_user'))
else: # Don't care about confirming users
if utils.can_send_mail(
): # We want to notify the user that they have registered.
utils.sendmail(
request.form['email'], "您已经成功过注册了 {}".format(
utils.get_config('ctf_name')))
logger.warn(
"[{date}] {ip} - {username} registered with {email}".format(
date=time.strftime("%m/%d/%Y %X"),
ip=utils.get_ip(),
username=request.form['name'].encode('utf-8'),
email=request.form['email'].encode('utf-8')))
db.session.close()
return redirect(url_for('challenges.challenges_view'))
else:
return render_template('register.html')
def setup():
# with app.app_context():
# admin = Teams.query.filter_by(admin=True).first()
if not utils.is_setup():
if not session.get('nonce'):
session['nonce'] = utils.sha512(os.urandom(10))
if request.method == 'POST':
ctf_name = request.form['ctf_name']
ctf_name = utils.set_config('ctf_name', ctf_name)
# CSS
css = utils.set_config('start', '')
# Admin user
name = request.form['name']
email = request.form['email']
password = request.form['password']
admin = Teams(name, email, password)
admin.admin = True
admin.banned = True
# Index page
index = """<div class="row">
<div class="col-md-6 offset-md-3">
<img class="w-100 mx-auto d-block" style="max-width: 500px;padding: 50px;padding-top: 14vh;" src="themes/core/static/img/logo.png" />
<h3 class="text-center">
<p>A cool CTF platform from <a href="https://ctfd.io">ctfd.io</a></p>
<p>Follow us on social media:</p>
<a href="https://twitter.com/ctfdio"><i class="fab fa-twitter fa-2x" aria-hidden="true"></i></a>
<a href="https://facebook.com/ctfdio"><i class="fab fa-facebook fa-2x" aria-hidden="true"></i></a>
<a href="https://github.com/ctfd"><i class="fab fa-github fa-2x" aria-hidden="true"></i></a>
</h3>
<br>
<h4 class="text-center">
<a href="admin">Click here</a> to login and setup your CTF
</h4>
</div>
</div>""".format(request.script_root)
page = Pages(title=None, route='index', html=index, draft=False)
# max attempts per challenge
max_tries = utils.set_config('max_tries', 0)
# Start time
start = utils.set_config('start', None)
end = utils.set_config('end', None)
freeze = utils.set_config('freeze', None)
# Challenges cannot be viewed by unregistered users
view_challenges_unregistered = utils.set_config(
'view_challenges_unregistered', None)
# Allow/Disallow registration
prevent_registration = utils.set_config('prevent_registration',
None)
# Verify emails
verify_emails = utils.set_config('verify_emails', None)
mail_server = utils.set_config('mail_server', None)
mail_port = utils.set_config('mail_port', None)
mail_tls = utils.set_config('mail_tls', None)
mail_ssl = utils.set_config('mail_ssl', None)
mail_username = utils.set_config('mail_username', None)
mail_password = utils.set_config('mail_password', None)
mail_useauth = utils.set_config('mail_useauth', None)
setup = utils.set_config('setup', True)
db.session.add(page)
db.session.add(admin)
db.session.commit()
session['username'] = admin.name
session['id'] = admin.id
session['admin'] = admin.admin
session['nonce'] = utils.sha512(os.urandom(10))
db.session.close()
app.setup = False
with app.app_context():
cache.clear()
return redirect(url_for('views.static_html'))
return render_template('setup.html', nonce=session.get('nonce'))
return redirect(url_for('views.static_html'))
def setup():
# with app.app_context():
# admin = Teams.query.filter_by(admin=True).first()
if not is_setup():
if not session.get('nonce'):
session['nonce'] = sha512(os.urandom(10))
if request.method == 'POST':
ctf_name = request.form['ctf_name']
ctf_name = set_config('ctf_name', ctf_name)
## CSS
css = set_config('start', '')
## Admin user
name = request.form['name']
email = request.form['email']
schoolCode = '12345'
password = request.form['password']
admin = Teams(name, email, schoolCode, password)
admin.admin = True
admin.banned = True
## Index page
page = Pages('index', """<div class="container main-container">
<img class="logo" src="/static/img/logo.png" />
<h3 class="text-center">
Welcome to the <span class="main-name">NeverLAN CTF</span>
</h3>
<h4 class="text-center">
<a href="/login">Click here</a> to login or <a href="/register">here</a> to register
</h4>
</div>""")
#max attempts per challenge
max_tries = set_config("max_tries",0)
## Start time
start = set_config('start', None)
end = set_config('end', None)
## Challenges cannot be viewed by unregistered users
view_challenges_unregistered = set_config('view_challenges_unregistered', None)
## Allow/Disallow registration
prevent_registration = set_config('prevent_registration', None)
## Verify emails
verify_emails = set_config('verify_emails', None)
mail_server = set_config('mail_server', None)
mail_port = set_config('mail_port', None)
mail_tls = set_config('mail_tls', None)
mail_ssl = set_config('mail_ssl', None)
mail_username = set_config('mail_username', None)
mail_password = set_config('mail_password', None)
setup = set_config('setup', True)
db.session.add(page)
db.session.add(admin)
db.session.commit()
app.setup = False
return redirect('/')
return render_template('setup.html', nonce=session.get('nonce'))
return redirect('/')
def setup():
# with app.app_context():
# admin = Teams.query.filter_by(admin=True).first()
if not is_setup():
if not session.get('nonce'):
session['nonce'] = sha512(os.urandom(10))
if request.method == 'POST':
ctf_name = request.form['ctf_name']
ctf_name = set_config('ctf_name', ctf_name)
## CSS
css = set_config('start', '')
## Admin user
name = request.form['name']
email = request.form['email']
password = request.form['password']
admin = Teams(name, email, password)
admin.admin = True
admin.banned = True
## Index page
page = Pages(
'index', """<div class="container main-container">
<img class="logo" src="{0}/static/original/img/logo.png" />
<h3 class="text-center">
Welcome to a cool CTF framework written by <a href="https://github.com/ColdHeat">Kevin Chung</a> of <a href="https://github.com/isislab">@isislab</a>
</h3>
<h4 class="text-center">
<a href="{0}/admin">Click here</a> to login and setup your CTF
</h4>
</div>""".format(request.script_root))
#max attempts per challenge
max_tries = set_config("max_tries", 0)
## Start time
start = set_config('start', None)
end = set_config('end', None)
## Challenges cannot be viewed by unregistered users
view_challenges_unregistered = set_config(
'view_challenges_unregistered', None)
## Allow/Disallow registration
prevent_registration = set_config('prevent_registration', None)
## Verify emails
verify_emails = set_config('verify_emails', None)
mail_server = set_config('mail_server', None)
mail_port = set_config('mail_port', None)
mail_tls = set_config('mail_tls', None)
mail_ssl = set_config('mail_ssl', None)
mail_username = set_config('mail_username', None)
mail_password = set_config('mail_password', None)
setup = set_config('setup', True)
db.session.add(page)
db.session.add(admin)
db.session.commit()
db.session.close()
app.setup = False
with app.app_context():
cache.clear()
return redirect(url_for('views.static_html'))
return render_template('setup.html', nonce=session.get('nonce'))
return redirect(url_for('views.static_html'))
def setup():
# with app.app_context():
# admin = Teams.query.filter_by(admin=True).first()
if not is_setup():
if not session.get('nonce'):
session['nonce'] = sha512(os.urandom(10))
if request.method == 'POST':
ctf_name = request.form['ctf_name']
ctf_name = Config('ctf_name', ctf_name)
## CSS
css = Config('start', '')
## Admin user
name = request.form['name']
email = request.form['email']
password = request.form['password']
admin = Teams(name, email, password)
admin.admin = True
admin.banned = True
## Index page
html = request.form['html']
page = Pages('index', html)
#max attempts per challenge
max_tries = Config("max_tries",0)
## Start time
start = Config('start', None)
end = Config('end', None)
## Challenges cannot be viewed by unregistered users
view_challenges_unregistered = Config('view_challenges_unregistered', None)
## Allow/Disallow registration
prevent_registration = Config('prevent_registration', None)
setup = Config('setup', True)
evidence = [
["sample1", "Encrypted Zip", "{N3xt_l3v3l_encryption}"],
["sample2", "Caesar Cipher Sample", "{c1pherz_are_kewl}"],
["police_profile", "Police Profile", "{and_so_1t_begins}"],
["caesar_cipher", "Phone Pattern Clue", "{i_love_caesar_sal4ds}"],
["gesture_key_hash", "Gesture Key Hash", "{they_were_to0_young_to_d1e}"],
["victims_contacts", "Victim's Contacts", "{I_just_w4nt_To_phone_home}"],
["victims_history", "Victim's History", "{Back_to_the_H1story}"],
["sd_card", "SD Card", "{m0unting_has_never_b33n_3asier}"],
["sd_card_hidden", "SD Card Hidden Image", "{h1dden_files_4re_soooooo_s3cret}"],
["sd_card_deleted", "SD Card Deleted Image", "{ur_da7a_doesnt_go_away}"],
["agents_wallet", "Agents Wallet", "{h3_h3_m3_c01n5_1n_B175}"],
["emails", "Victim's Emails", "{7his_15_n0t_th3_3m41l_u_w4nt}"],
["hacktivists_website", "Hacktivist's Website", "{t3h_h4ckers_sp4c3}"],
["consulting_company_it_portal", "Consulting Company IT Portal", "{SYS_4DM11111111N_P0RTAAAAL}"],
["hacktivists_login", "Hacktivist Login", "{h4ck3r5_log1n_700}"],
["voting_database_corrupt", "Voting Database", "{17_corrup73d_:-(}"],
["personnel_database", "Personnel Database", "{4uthor1zed_per50nnel_0nly}"],
["hacktivists_pcap", "Hacktivist's PCAP", "{much_sh3llsh0ck_m4ny_pack3t_7oo_FTP}"],
["encrypted_zip", "Encrypted Zip", "{7ooo_much_Encryption_b4d_four_health}"],
["construct_qr", "Construct QR Code", "{carpet_weaving_grandmaster}"],
["irc_logs", "IRC Logs", "{700_much_3ncrypted_1337_sp3ak}"]
]
for e in evidence:
exec "{0} = Evidence(\"{1}\", \"{2}\")".format(e[0], e[1], e[2])
db.session.add(eval(e[0]))
db.session.commit()
'''
connections = [
[police_profile, victims_phone],
[police_profile, sd_card],
[victims_phone, agents_wallet],
[victims_phone, emails],
[victims_phone, browser_history],
[victims_phone, contacts],
[browser_history, hacktivists_website],
[browser_history, consulting_company_it_portal],
[hacktivists_website, hacktivists_login],
[hacktivists_login, seeded_torrent],
[hacktivists_login, irc_logs],
[seeded_torrent, stolen_personnel_database],
[seeded_torrent, stolen_voting_database],
[seeded_torrent, hacktivists_pcap],
[irc_logs, seeded_torrent],
[consulting_company_it_portal, voting_database_corrupt],
[consulting_company_it_portal, personnel_database]
]
for c in connections:
c = [_.eid for _ in c]
db.session.add(EvidenceConnection(*c))
db.session.commit()
'''
db.session.add(ctf_name)
db.session.add(admin)
db.session.add(page)
db.session.add(max_tries)
db.session.add(start)
db.session.add(end)
db.session.add(view_challenges_unregistered)
db.session.add(prevent_registration)
db.session.add(css)
db.session.add(setup)
db.session.commit()
app.setup = False
return redirect('/')
print(session.get('nonce'))
return render_template('setup.html', nonce=session.get('nonce'))
return redirect('/')
def register():
if not can_register():
return redirect(url_for('auth.login'))
if request.method == 'POST':
errors = []
name = request.form.get('name', '')
email = request.form.get('email', '')
password = request.form.get('password', '')
password_confirm = request.form.get('password-confirm', '')
website = request.form.get('website', '')
affiliation = request.form.get('affiliation', '')
country = request.form.get('country', '')
if not name:
errors.append('Pick a longer team name')
else:
names = Teams.query.filter_by(name=name).first()
if names:
errors.append('That team name is already taken')
if not email:
errors.append('Pick a longer email')
elif not re.match(
r"(^[a-zA-Z0-9_.+-]+@[a-zA-Z0-9-]+\.[a-zA-Z0-9-.]+$)", email):
errors.append("That email doesn't look right")
else:
emails = Teams.query.filter_by(email=email).first()
if emails:
errors.append('That email has already been used')
if not password:
errors.append('Pick a longer password')
password = password_confirm = ''
elif len(password) > 128:
errors.append('Pick a shorter password')
password = password_confirm = ''
elif password != password_confirm:
errors.append("These passwords don't match")
password = password_confirm = ''
if website.strip() and not validate_url(website):
errors.append("That doesn't look like a valid URL")
if country not in countries.keys:
errors.append('Invalid country')
if len(errors) > 0:
return render_template('register.html',
errors=errors,
name=name,
email=email,
password=password,
password_confirm=password_confirm,
website=website,
affiliation=affiliation,
country=country,
countries=countries)
else:
with app.app_context():
team = Teams(name, email.lower(), password, website,
affiliation, country)
db.session.add(team)
db.session.commit()
db.session.flush()
session['username'] = team.name
session['id'] = team.id
session['admin'] = team.admin
session['nonce'] = sha512(os.urandom(10))
if can_send_mail() and get_config(
'verify_emails'
): # Confirming users is enabled and we can send email.
db.session.close()
logger = logging.getLogger('regs')
logger.warn(
"[{0}] {1} registered (UNCONFIRMED) with {2}".format(
time.strftime("%m/%d/%Y %X"),
request.form['name'].encode('utf-8'),
request.form['email'].encode('utf-8')))
return redirect(url_for('auth.confirm_user'))
else: # Don't care about confirming users
if can_send_mail(
): # We want to notify the user that they have registered.
sendmail(
request.form['email'],
"You've successfully registered for {}".format(
get_config('ctf_name')))
db.session.close()
logger = logging.getLogger('regs')
logger.warn("[{0}] {1} registered with {2}".format(
time.strftime("%m/%d/%Y %X"), request.form['name'].encode('utf-8'),
request.form['email'].encode('utf-8')))
return redirect(url_for('challenges.challenges_view'))
else:
return render_template(
'register.html',
country='wo', # default: Multiple Countries
countries=countries)
def login():
logger = logging.getLogger('logins')
if request.method == 'POST':
errors = []
name = request.form['name'].strip()
password = request.form['password']
# Check if email or password is empty
if not name or not password:
errors.append("Please enter your email and password")
db.session.close()
return render_template('login.html', errors=errors)
# Check if the user submitted a valid email address
if utils.check_email_format(name) is False:
errors.append("Your email is not in a valid format")
db.session.close()
return render_template('login.html', errors=errors)
# Send POST request to NCL SIO authentication API
base64creds = base64.b64encode(name + ':' + password)
headers = {'Authorization': 'Basic ' + base64creds}
sio_url = utils.ncl_sio_url()
try:
r = requests.post(sio_url + '/authentications', headers=headers, timeout=30)
except requests.exceptions.RequestException as e:
logger.warn("[{date}] {ip} - error connecting to SIO authentication service: {exception}".format(
date=time.strftime("%m/%d/%Y %X"),
ip=utils.get_ip(),
exception=e
))
errors.append("There is a problem with your login request. Please contact the website administrator")
db.session.close()
return render_template('login.html', errors=errors)
if r.status_code == 200: # Successful login
# Check if this user has permission to login (i.e. is in this CTF NCL team)
ncl_team_name = utils.ncl_team_name()
is_user_in_ncl_team = False
user_id = r.json()['id']
# Send GET request to NCL SIO teams API
try:
teams_r = requests.get(sio_url + '/teams?name=' + ncl_team_name, timeout=30)
except requests.exceptions.RequestException as teams_re:
logger.warn("[{date}] {ip} - error connecting to SIO teams service: {exception}".format(
date=time.strftime("%m/%d/%Y %X"),
ip=utils.get_ip(),
exception=teams_re
))
errors.append("There is a problem with connecting to login service. Please contact the website administrator")
db.session.close()
return render_template('login.html', errors=errors)
if teams_r.status_code == 200: # teams GET success
team_members = teams_r.json()['members']
for member in team_members:
if member['userId'] == user_id:
is_user_in_ncl_team = True
break
else: # teams GET failed
logger.warn("[{date}] {ip} - invalid response status code: {status}".format(
date=time.strftime("%m/%d/%Y %X"),
ip=utils.get_ip(),
status=str(teams_r.status_code)
))
errors.append("Unknown response from login service. Please contact the website administrator")
db.session.close()
return render_template('login.html', errors=errors)
if not is_user_in_ncl_team:
# User is not part of NCL team, deny login!
logger.warn("[{date}] {ip} - not in this CTF NCL team for {username}".format(
date=time.strftime("%m/%d/%Y %X"),
ip=utils.get_ip(),
username=name.encode('utf-8')
))
errors.append("You do not have permissions to login to this site")
db.session.close()
return render_template('login.html', errors=errors)
# User is now allowed to login
# Try to get info from DB
team = Teams.query.filter_by(email=name).first()
# Add to DB if it does not exist
if not team:
team = Teams(name.lower(), name.lower(), "unused_password")
db.session.add(team)
db.session.commit()
db.session.flush()
# Get info from DB
session['username'] = team.name
session['id'] = team.id
session['admin'] = team.admin
session['nonce'] = utils.sha512(os.urandom(10))
db.session.close()
logger.warn("[{date}] {ip} - {username} logged in".format(
date=time.strftime("%m/%d/%Y %X"),
ip=utils.get_ip(),
username=session['username'].encode('utf-8')
))
if request.args.get('next') and utils.is_safe_url(request.args.get('next')):
return redirect(request.args.get('next'))
return redirect(url_for('challenges.challenges_view'))
elif r.status_code == 404: # This user does not exist
logger.warn("[{date}] {ip} - submitted invalid user email".format(
date=time.strftime("%m/%d/%Y %X"),
ip=utils.get_ip()
))
errors.append("Your email or password is incorrect")
db.session.close()
return render_template('login.html', errors=errors)
elif r.status_code == 500: # This user exists but the password is wrong
logger.warn("[{date}] {ip} - submitted invalid password for {username}".format(
date=time.strftime("%m/%d/%Y %X"),
ip=utils.get_ip(),
username=name.encode('utf-8')
))
errors.append("Your email or password is incorrect")
db.session.close()
return render_template('login.html', errors=errors)
else: # Unknown response status code
logger.warn("[{date}] {ip} - unknown response status code: {status}".format(
date=time.strftime("%m/%d/%Y %X"),
ip=utils.get_ip(),
status=str(r.status_code)
))
errors.append("Unknown login error. Please contact the website administrator")
db.session.close()
return render_template('login.html', errors=errors)
else:
db.session.close()
return render_template('login.html')
def setup():
# with app.app_context():
# admin = Teams.query.filter_by(admin=True).first()
if not utils.is_setup():
if not session.get('nonce'):
session['nonce'] = utils.sha512(os.urandom(10))
if request.method == 'POST':
ctf_name = request.form['ctf_name']
ctf_name = utils.set_config('ctf_name', ctf_name)
# CSS
css = utils.set_config('start', '')
# Admin user
name = request.form['name']
email = request.form['email']
password = request.form['password']
admin = Teams(name, email, password)
admin.admin = True
admin.banned = True
# Index page
index = """<div class="row">
<div class="intro">
<img width=30 src="themes/arg/static/img/logo.png" />
<br>
<br>
<p>
the console will set you free
</p>
<script>
console_message('ef98fe223e630bbb82dd9c41323e3290')
</script>
<br>
</div>
</div>""".format(request.script_root)
page = Pages(title=None, route='index', html=index, draft=False)
# max attempts per challenge
max_tries = utils.set_config('max_tries', 0)
# Start time
start = utils.set_config('start', None)
end = utils.set_config('end', None)
freeze = utils.set_config('freeze', None)
# Challenges cannot be viewed by unregistered users
view_challenges_unregistered = utils.set_config(
'view_challenges_unregistered', None)
# Allow/Disallow registration
prevent_registration = utils.set_config('prevent_registration',
None)
# Verify emails
verify_emails = utils.set_config('verify_emails', None)
mail_server = utils.set_config('mail_server', None)
mail_port = utils.set_config('mail_port', None)
mail_tls = utils.set_config('mail_tls', None)
mail_ssl = utils.set_config('mail_ssl', None)
mail_username = utils.set_config('mail_username', None)
mail_password = utils.set_config('mail_password', None)
mail_useauth = utils.set_config('mail_useauth', None)
setup = utils.set_config('setup', True)
db.session.add(page)
db.session.add(admin)
db.session.commit()
session['username'] = admin.name
session['id'] = admin.id
session['admin'] = admin.admin
session['nonce'] = utils.sha512(os.urandom(10))
db.session.close()
app.setup = False
with app.app_context():
cache.clear()
return redirect(url_for('views.static_html'))
return render_template('setup.html', nonce=session.get('nonce'))
return redirect(url_for('views.static_html'))
def setup():
# with app.app_context():
# admin = Teams.query.filter_by(admin=True).first()
if not utils.is_setup():
if not session.get('nonce'):
session['nonce'] = utils.sha512(os.urandom(10))
if request.method == 'POST':
ctf_name = request.form['ctf_name']
ctf_name = utils.set_config('ctf_name', ctf_name)
# CSS
css = utils.set_config('start', '')
# Admin user
name = request.form['name']
email = request.form['email']
password = request.form['password']
admin = Teams(name, email, password)
admin.admin = True
admin.banned = True
# Index page
index = """<div class="row">
<style>
.col-container:after { content: ""; display: table; clear: both; }
.col { float: left; }
.clearfix::after {
content: "";
display: table;
clear: both;
}
.footer-nav{
float: left;
}
.logo{
float: right;
}
.footer-nav,
.footer-nav li{
display: inline;
}
</style>
<div class="col-md-6 offset-md-3">
<h1 class="text-center" style="padding-top: 10vh; font-size: 50px;">
<b>Haaukins</b>
</h1>
<p class="text-center">
A platform for Cyber Security Exercises
</p>
<p class="text-center">
Founded by <a href="http://danishcybersecurityclusters.dk/">Danish Cyber Security Clusters</a> and supported by
</p>
<a href="https://www.industriensfond.dk/">
<img class="w-100 mx-auto d-block" style="max-width: 300px; padding: 3vh 0 4vh 0;" src="/themes/core/static/img/logo_industrienfond.jpg">
</a>
<p class="text-center">
<p class="text-center">
Developed at <a href="http://es.aau.dk/">Aalborg University</a> (Department of Electronic Systems) by:
</p>
<div class="col-container" style="margin-top: 40px;">
<div class="col" style="width: 40%">
<img src="/themes/core/static/img/haaukins_logo_blue240px.png" style="margin-left: 20px; max-width: 170px;">
</div>
<div class="col" style="width: 60%; font-size:14px;">
<p><a href="https://mrturkmen.com">Ahmet Turkmen</a> (Research Assistant)</p>
<p><a href="https://github.com/eyJhb">Gian Marco Mennecozzi</a> (Research Assistant)</p>
<p><a href="https://github.com/kdhageman">Kaspar Hageman</a> (Ph.D. Student)</p>
<p><a href="https://github.com/tpanum">Thomas Kobber Panum</a> (Ph.D. Student)</p>
<p><a href="https://github.com/eyJhb">Johan Hempel Bengtson</a> (Student Helper)</p>
</div>
</div>
</p>
<div class="card-deck py-4">
<div class="card">
<div class="card-body">
<h5 class="card-title">Tips and tricks</h5>
<div class="card-text">
Stuck at a certain challenge? Or do you just want to know more about a certain topic?
</div>
</div>
<div class="card-footer">
<a href="https://aau-network-security.github.io/tips-and-tricks/" target="_blank">Vist the tips & tricks page</a>
</div>
</div>
<div class="card">
<div class="card-body">
<h5 class="card-title">Survey</h5>
<p>You can help us improve the platform by taking our survey to let us know about your experiences!</p>
</div>
<div class="card-footer">
<a href="https://www.survey-xact.dk/LinkCollector?key=KDRVSTDJJN15" target="_blank">Fill out the survey here</a>
</div>
</div>
</div>
<p class="text-center">
Feel free to join our local Facebook Group:
</p>
<p class="text-center">
<a href="https://www.facebook.com/groups/957517617737780"><i class="fab fa-facebook" aria-hidden="true"></i> AAU Hackers & Friends</a>
</p>
<div class="container">
<footer>
<ul class="footer-nav">
<li><a href="https://eadania.dk/"> <img src="/themes/core/static/img/da-90.png" style= "width:90px; height:75px;" ></a></li>
<li><a href="https://www.dtu.dk/"><img src="/themes/core/static/img/dtu-90.png" style= "width:90px; height:75px;"></a></li>
<li><a href="https://kea.dk/"> <img src="/themes/core/static/img/kea-90.jpg" style= "width:90px; height:75px;" ></a></li>
<li><a href="https://happy42.dk/"> <img src="/themes/core/static/img/happy-90.png" style= "width:90px; height:75px;" ></a></li>
<li><a href="https://www.eaaa.dk/"><img src="/themes/core/static/img/eaa-90.png" style= "width:90px; height:75px;"></a></li>
</ul>
</footer>
</div>
</div>
</div>"""
page = Pages(title=None, route='index', html=index, draft=False)
# max attempts per challenge
max_tries = utils.set_config('max_tries', 0)
# Start time
start = utils.set_config('start', None)
end = utils.set_config('end', None)
freeze = utils.set_config('freeze', None)
# Challenges cannot be viewed by unregistered users
view_challenges_unregistered = utils.set_config(
'view_challenges_unregistered', None)
# Allow/Disallow registration
prevent_registration = utils.set_config('prevent_registration',
None)
# Verify emails
verify_emails = utils.set_config('verify_emails', None)
mail_server = utils.set_config('mail_server', None)
mail_port = utils.set_config('mail_port', None)
mail_tls = utils.set_config('mail_tls', None)
mail_ssl = utils.set_config('mail_ssl', None)
mail_username = utils.set_config('mail_username', None)
mail_password = utils.set_config('mail_password', None)
mail_useauth = utils.set_config('mail_useauth', None)
setup = utils.set_config('setup', True)
db.session.add(page)
db.session.add(admin)
db.session.commit()
session['username'] = admin.name
session['id'] = admin.id
session['admin'] = admin.admin
session['nonce'] = utils.sha512(os.urandom(10))
db.session.close()
app.setup = False
with app.app_context():
cache.clear()
return redirect(url_for('views.static_html'))
return render_template('setup.html', nonce=session.get('nonce'))
return redirect(url_for('views.static_html'))
def setup():
# with app.app_context():
# admin = Teams.query.filter_by(admin=True).first()
if not utils.is_setup():
if not session.get('nonce'):
session['nonce'] = utils.sha512(os.urandom(10))
if request.method == 'POST':
ctf_name = request.form['ctf_name']
ctf_name = utils.set_config('ctf_name', ctf_name)
# CSS
css = utils.set_config('start', '')
# Admin user
name = request.form['name']
email = request.form['email']
password = request.form['password']
admin = Teams(name, email, password)
admin.admin = True
admin.banned = True
# Index page
page = Pages('index', """<div class="container main-container">
<img class="logo" src="themes/original/static/img/logo.png" />
<h3 class="text-center">
<p>A cool CTF platform from <a href="https://ctfd.io">ctfd.io</a></p>
<p>Follow us on social media:</p>
<a href="https://twitter.com/ctfdio"><i class="fa fa-twitter fa-2x" aria-hidden="true"></i></a>
<a href="https://facebook.com/ctfdio"><i class="fa fa-facebook-official fa-2x" aria-hidden="true"></i></a>
<a href="https://github.com/ctfd"><i class="fa fa-github fa-2x" aria-hidden="true"></i></a>
</h3>
<br>
<h4 class="text-center">
<a href="admin">Click here</a> to login and setup your CTF
</h4>
</div>""".format(request.script_root))
# max attempts per challenge
max_tries = utils.set_config('max_tries', 0)
# Start time
start = utils.set_config('start', None)
end = utils.set_config('end', None)
freeze = utils.set_config('freeze', None)
# Challenges cannot be viewed by unregistered users
view_challenges_unregistered = utils.set_config('view_challenges_unregistered', None)
# Allow/Disallow registration
prevent_registration = utils.set_config('prevent_registration', None)
# Verify emails
verify_emails = utils.set_config('verify_emails', None)
mail_server = utils.set_config('mail_server', None)
mail_port = utils.set_config('mail_port', None)
mail_tls = utils.set_config('mail_tls', None)
mail_ssl = utils.set_config('mail_ssl', None)
mail_username = utils.set_config('mail_username', None)
mail_password = utils.set_config('mail_password', None)
setup = utils.set_config('setup', True)
db.session.add(page)
db.session.add(admin)
db.session.commit()
session['username'] = admin.name
session['id'] = admin.id
session['admin'] = admin.admin
session['nonce'] = utils.sha512(os.urandom(10))
db.session.close()
app.setup = False
with app.app_context():
cache.clear()
return redirect(url_for('views.static_html'))
return render_template('setup.html', nonce=session.get('nonce'))
return redirect(url_for('views.static_html'))
def private_register():
if not utils.can_register():
return redirect(url_for('auth.login'))
if request.method == 'POST':
selected_option = utils.get_config('private_registration_option')
errors = []
if selected_option == 'token':
token = request.form['token']
invited_team = InvitedTeams.query.add_columns(
'name', 'email').filter_by(token=token).first()
if not invited_team:
errors.append('Invalid token')
elif selected_option == 'email':
email = request.form['email']
invited_team = InvitedTeams.query.add_columns(
'name', 'email').filter_by(email=email).first()
if not invited_team:
errors.append('Your email is not invited')
else:
errors.append('Something strange happened')
if len(errors) == 0:
team = Teams.query.add_columns('id').filter_by(
name=invited_team.name).first()
if team:
errors.append('Already registered')
password = request.form['password']
pass_short = len(password) == 0
pass_long = len(password) > 128
if pass_short:
errors.append('Pick a longer password')
if pass_long:
errors.append('Pick a shorter password')
if len(errors) > 0:
if selected_option == 'token':
return render_template('register.html',
errors=errors,
token=request.form['token'],
password=request.form['password'])
elif selected_option == 'email':
return render_template('register.html',
errors=errors,
email=request.form['email'],
password=request.form['password'])
else:
return render_template('register.html')
else:
with app.app_context():
name = invited_team.name
email = invited_team.email
team = Teams(name, email.lower(), password)
db.session.add(team)
db.session.commit()
db.session.flush()
session['username'] = team.name
session['id'] = team.id
session['admin'] = team.admin
session['nonce'] = utils.sha512(urandom(10))
if (utils.can_send_mail()
and utils.get_config('verify_emails')):
db.session.close()
logger = logging.getLogger('regs')
logger.warn('[{0}] {1} registered (UNCONFIRMED) ' \
'with {2}'.format(
time.strftime('%m/%d/%Y %X'),
name.encode('utf-8'),
email.encode('utf-8')))
utils.verify_email(team.email)
return redirect(url_for('auth.confirm_user'))
else:
if utils.can_send_mail():
utils.sendmail(email, "You've successfully " \
"registered for {}".format(
utils.get_config('ctf_name')))
db.session.close()
logger = logging.getLogger('regs')
logger.warn('[{0}] {1} registered with {2}'.format(
time.strftime('%m/%d/%Y %X'), name.encode('utf-8'),
email.encode('utf-8')))
return redirect(url_for('challenges.challenges_view'))
else:
return render_template('register.html')
