def get_all_instances(): page=int(request.args['page']) instances=redis_store.hgetall('instances') ans=[] counter=0 if(len(instances)==0): load_to_redis() for inst in instances: if counter<(page-1)*20: counter+=1 continue inst=json.loads(instances[inst]) chal=json.loads(redis_store.hget('chals',inst['chalid'])) team=json.loads(redis_store.hget('teams',inst['teamid'])) ans.append({ 'id':inst['id'], 'name': inst['name'], 'teamname':team['nickname'], 'chalname':chal['name'], 'ip':inst['ip'], 'status':inst['status'], 'password':inst['password'] }) if len(ans)==20: break return jsonify({ 'total':len(instances), 'instances':ans })
def team_status(): teamid = session['user']['id'] team = json.loads(redis_store.hget('teams', id)) running_instances = [] for instance in team['instances']: running_instances.append( json.loads(redis_store.hget('instances', instance))) team['instances'] = running_instances return jsonify(team)
def team_info(): team = json.loads(redis_store.hget('teams', session['user']['id'])) if not team: abort(404) if not redis_store.hget('attackpack', team['attackid']): redis_store.hset('attackpack', team['attackid'], team['id']) ans = { 'id': team['id'], 'name': team['name'], 'nickname': team['nickname'], 'score': team['score'], 'attackid': team['attackid'] } return jsonify({'user': ans})
def load_to_redis(): chals=Challenges.query.all() teams=db.session.query(Teams).join(Origin).all() chals_dict={} teams_dict={} for chal in chals: chals_dict[chal.id]=json.dumps({ 'id': chal.id, 'name': chal.name, 'dockername': chal.dockername, 'type': chal.type, 'score': chal.score, 'command': chal.command, 'flagcommand': chal.flagcommand, 'desc': chal.desc }) if len(chals_dict): redis_store.hmset('chals',chals_dict) for team in teams: teams_dict[team.id]=json.dumps({ 'id': team.id, 'name': team.name, 'nickname': team.nickname, 'score': team.score, 'password': team.origin_pass[0].password, 'attackid':team.attackid, 'instances': [] }) if not redis_store.hget('attackpack',team.attackid): redis_store.hset('attackpack',team.attackid,team.id) if len(teams_dict): redis_store.hmset('teams',teams_dict)
def changeteam(): id = request.form['id'] team = Teams.query.join(Origin).filter(Teams.id == id).first() if not team: abort(404) team2 = Teams.query.filter(Teams.name == request.form['name']).first() if team2 and team2.id != team.id: return jsonify({'code': 500, 'msg': '添加失败:team已存在', 'type': 'fail'}) team_in_redis = json.loads(redis_store.hget('teams', team.id)) team.name = request.form['name'] md5 = hashlib.md5() md5.update(request.form['password']) pwd = md5.hexdigest() team.password = pwd team.score = team_in_redis['score'] origin_pass = team.origin_pass[0] origin_pass.password = request.form['password'] team.nickname = request.form['nickname'] db.session.commit() redis_store.hset( 'teams', team.id, json.dumps({ 'id': team.id, 'name': team.name, 'nickname': team.nickname, 'password': origin_pass.password, 'score': team_in_redis['score'], 'instances': team_in_redis['instances'] })) return jsonify({'code': 200, 'msg': '更改成功', 'type': 'success'})
def team_instances(): teamid = session['user']['id'] team = json.loads(redis_store.hget('teams', teamid)) instances = [] for instance in team['instances']: inst = json.loads(redis_store.hget('instances', instance)) chal = json.loads(redis_store.hget('chals', inst['chalid'])) team = json.loads(redis_store.hget('teams', inst['teamid'])) instances.append({ 'id': inst['id'], 'name': inst['name'], 'teamname': team['nickname'], 'chalname': chal['name'], 'ip': inst['ip'], 'status': inst['status'], 'password': inst['password'] }) return jsonify({'total': len(instances), 'instances': instances})
def remove_team(): id = int(request.form['id']) team = Teams.query.filter(Teams.id == id).first() if not team: abort(404) db.session.delete(team) db.session.commit() if redis_store.hget('teams', request.form['id']): redis_store.hdel('teams', request.form['id']) return jsonify({'message': '删除成功', 'type': 'success'})
def team_list(): ans = [] result_in_json = {} teams_in_redis = redis_store.hgetall('teams') if not teams_in_redis: total = db.session.query(db.func.count(Teams.id)).scalar() if request.args.has_key('page'): page = int(request.args['page']) teams = db.session.query(Teams).join(Origin).limit(20).offset( (page - 1) * 20).all() else: teams = db.session.query(Teams).join(Origin).all() for team in teams: json_team = { 'id': team.id, 'name': team.name, 'nickname': team.nickname, 'score': team.score, 'password': team.origin_pass[0].password, 'attackid': team.attackid, 'instances': [] } if not redis_store.hget('attackpack', team.attackid): redis_store.hset('attackpack', team.attackid, team.id) ans.append({ 'id': team.id, 'name': team.name, 'nickname': team.nickname, 'score': team.score }) result_in_json[team.id] = json.dumps(json_team) redis_store.hmset('teams', result_in_json) else: total = len(teams_in_redis) if request.args.has_key('page') and request.args['page'] != '': page = int(request.args['page']) has_page = True else: has_page = False counter = 0 for teamid in teams_in_redis: if has_page and counter < (page - 1) * 20: counter += 1 continue team = json.loads(teams_in_redis[teamid]) ans.append({ 'id': team['id'], 'name': team['name'], 'nickname': team['nickname'], 'score': team['score'] }) if has_page and len(ans) == 20: break return jsonify({'total': total, 'users': ans})
def treatflag(): flag = request.args.get('flag') fr = request.args.get('from') #flag查询结果 result = redis_store.hget('flags', flag) #攻击方查询结果 attack = redis_store.hget('teams', fr) if not result or not attack: return jsonify({"status": "fail"}) if redis_store.get(fr + flag): return jsonify({"status": "fail"}) #获取flag信息与攻击方信息 flagInfo = json.loads(result) attacker = json.loads(attack) if flagInfo['teamid'] == attacker['id']: return jsonify({"status": "fail"}) #获取题目信息 chal = json.loads(redis_store.hget('chals', flagInfo['chalid'])) print chal #获取被攻击队伍的信息 attacked = json.loads(redis_store.hget('teams', flagInfo['teamid'])) print attacked, attacker #攻击方加分,被攻击方减分 attacker['score'] = attacker['score'] + chal['score'] attacked['score'] = attacked['score'] - chal['score'] print attacked, attacker ttl = redis_store.ttl('flags') redis_store.set(fr + flag, 1) redis_store.expire(fr + flag, ttl) #写回数据到redis中 redis_store.hset('teams', attacker['id'], json.dumps(attacker)) redis_store.hset('teams', attacked['id'], json.dumps(attacked)) redis_store.rpush( 'attack', json.dumps({ 'attacker': attacker['id'], 'attacked': attacked['id'], 'chal': chal['id'], 'time': str(datetime.datetime.utcnow()) })) return jsonify({'status': 'success'})
def delete_chal(): chalid=request.form.get('id') chal=Challenges.query.filter(Challenges.id==chalid).first() if not chal: return abort(404) db.session.delete(chal) db.session.commit() if redis_store.hget('chals',request.form['id']): redis_store.hdel('chals',request.form['id']) return jsonify({ 'code':200, 'msg':'删除成功', 'type':'fail' })
def treatflag(): flag=request.args.get('flag') fr=request.args.get('from') #flag查询结果 result=redis_store.hget('flags',flag) #攻击方查询结果 attackerid=redis_store.hget('attackpack',fr) if not attackerid: return jsonify({"status":"fail"}) attack=redis_store.hget('teams',attackerid) if not result or not attack: return jsonify({"status":"fail"}) if redis_store.get(fr+flag): return jsonify({"status":"fail"}) #获取flag信息与攻击方信息 flagInfo=json.loads(result) attacker=json.loads(attack) if flagInfo['teamid']==attacker['id']: return jsonify({"status":"fail"}) #获取题目信息 chal=json.loads(redis_store.hget('chals',flagInfo['chalid'])) #获取被攻击队伍的信息 attacked=json.loads(redis_store.hget('teams',flagInfo['teamid'])) connect_queue=RedisQueue('flag_message') connect_queue.put(json.dumps({ 'command':'add', 'score':chal['score'], 'teamid':attacker['id'] })) connect_queue.put(json.dumps({ 'command':'sub', 'score':chal['score'], 'teamid':attacked['id'] })) ttl=redis_store.ttl('flags') redis_store.set(fr+flag,1) redis_store.expire(fr+flag,ttl) instance=json.loads(redis_store.hget('instances',flagInfo['instid'])) if instance['attack_status']=='stable': instance['attack_status']='attacked' elif instance['attack_status']=='down': instance['attack_status']='d/a' redis_store.hset('instances',flagInfo['instid'],json.dumps(instance)) #写回数据到redis中 redis_store.rpush('attack',json.dumps({ 'attacker':attacker['id'], 'attacked':attacked['id'], 'chal':chal['id'], 'time':str(datetime.datetime.utcnow()) })) return jsonify({'status':'success'})
def inst_chpass(): instid=request.form['id'] inst=json.loads(redis_store.hget('instances',instid)) if not inst: return abort(404) connect_queue=RedisQueue('docker_message') mark=str(uuid.uuid1()) connect_queue.put(json.dumps({'command':'chpass','id':inst['id'],'mark':mark})) if not session.has_key('messids'): session['messids']=[] messids=session['messids'] messids.append(mark) session['messids']=messids return jsonify({ 'code':200, 'msg':'更改密码指令已发送', 'id':mark })
def add_team(): teamtest=Teams.query.filter(Teams.name==request.form['name']).first() if teamtest: return jsonify({ 'code':500, 'msg':"添加失败:用户已存在", 'type':"fail" }) md5 = hashlib.md5() md5.update(request.form['password']) pwd = md5.hexdigest() team=Teams(request.form['name'],pwd) team.nickname=request.form['nickname'] team.score=10000 while True: attackid=get_short_id() if redis_store.hget('attackpack',attackid) is None: break team.attackid=attackid db.session.add(team) db.session.commit() origin_pass=Origin() origin_pass.password=request.form['password'] origin_pass.teamid=team.id db.session.add(origin_pass) db.session.commit() redis_store.hset('teams',team.id,json.dumps({ 'id':team.id, 'name':team.name, 'nickname':team.nickname, 'password':origin_pass.password, 'score':team.score, 'instances':[], 'attackid':team.attackid })) redis_store.hset('attackpack',team.attackid,team.id) return jsonify({ 'code':200, 'msg':"添加成功", 'type':"success" })
def team_edit(): team = Teams.query.filter(Teams.id == session['user']['id']).first() if not team: abort(403) md5 = hashlib.md5() md5.update(request.form.get('old_password')) pwd = md5.hexdigest() if team.password != pwd: return jsonify({'code': 403, 'msg': '密码错误'}) md5 = hashlib.md5() md5.update(request.form.get('password')) pwd = md5.hexdigest() team.name = request.form.get('name') team.nickname = request.form.get('nickname') team.password = pwd db.session.commit() team_in_redis = json.loads(redis_store.hget('teams', team.id)) team_in_redis['name'] = team.name team_in_redis['nickname'] = team.nickname redis_store.hset('teams', team.id, json.dumps(team_in_redis)) session['user']['name'] = team.name session['user']['nickname'] = team.nickname return jsonify({'code': 200, 'msg': '更改成功'})