def fail(team, chal, request): provided_key = request.form['key'].strip() wrong = WrongKeys(teamid=team.id, chalid=chal.id, ip=utils.get_ip(request), flag=provided_key) db.session.add(wrong) db.session.commit() db.session.close()
def attempt(chal, request): """ This method is used to check whether a given input is right or wrong. It does not make any changes and should return a boolean for correctness and a string to be shown to the user. It is also in charge of parsing the user's input from the request itself. :param chal: The Challenge object from the database :param request: The request the user submitted :return: (boolean, string) """ provided_key = request.form['key'].strip() chal_keys = Keys.query.filter_by(chal=chal.id).all() for chal_key in chal_keys: if get_key_class(chal_key.type).compare(chal_key.flag, provided_key): if chal_key.type == "correct": solves = Awards.query.filter_by(teamid=session['id'], name=chal.id, description=request.form['key'].strip()).first() try: flag_value = solves.description except AttributeError: flag_value = "" # Challenge not solved yet if provided_key != flag_value or not solves: solve = Awards(teamid=session['id'], name=chal.id, value=chal.value) solve.description = provided_key db.session.add(solve) db.session.commit() db.session.close() return True, 'Correct' # TODO Add description function call to the end of "Correct" in return elif chal_key.type == "wrong": solves = Awards.query.filter_by(teamid=session['id'], name=chal.id, description=request.form['key'].strip()).first() try: flag_value = solves.description except AttributeError: flag_value = "" # Challenge not solved yet if provided_key != flag_value or not solves: wrong_value = 0 wrong_value -= chal.value wrong = WrongKeys(teamid=session['id'], chalid=chal.id, ip=utils.get_ip(request), flag=provided_key) solve = Awards(teamid=session['id'], name=chal.id, value=wrong_value) solve.description = provided_key db.session.add(wrong) db.session.add(solve) db.session.commit() db.session.close() return False, 'Error' # TODO Add description function call to the end of "Error" in return return False, 'Incorrect'
def fail(team, chal, request): """ This method is used to insert WrongKeys into the database in order to mark an answer incorrect. :param team: The Team object from the database :param chal: The Challenge object from the database :param request: The request the user submitted :return: """ provided_key = request.form['key'].strip() wrong = WrongKeys(teamid=team.id, chalid=chal.id, ip=utils.get_ip(request), flag=provided_key) db.session.add(wrong) db.session.commit() db.session.close()
def attempt(chal, request): """Attempt the user answer to see if it's right""" provided_key = request.form['key'].strip() chal_keys = Keys.query.filter_by(chal=chal.id).all() yara_results = yara_rule_tester(provided_key) result_type = {} for result in yara_results: solves = Awards.query.filter_by( teamid=session['id'], name=chal.id, description=result.strip()).first() try: flag_value = str(solves.description) except AttributeError: flag_value = "" if result != flag_value and not solves: for chal_key in chal_keys: if result == chal_key.flag: result_type[result] = chal_key.type # Challenge not solved yet if result_type[result] == "correct": solve = Awards(teamid=session['id'], name=chal.id, value=chal.value) solve.description = result db.session.add(solve) db.session.commit() elif result_type[result] == "wrong": wrong_value = 0 wrong_value -= chal.value wrong = WrongKeys(teamid=session['id'], chalid=chal.id, ip=utils.get_ip(request), flag=result) solve = Awards(teamid=session['id'], name=chal.id, value=wrong_value) solve.description = result db.session.add(wrong) db.session.add(solve) db.session.commit() db.session.close() return False, "Nothing"
chalid = random.randint(1, CHAL_AMOUNT) if chalid not in used: used.append(chalid) solve = Solves(chalid, x + 1, "127.0.0.1", gen_word()) new_base = random_date(base_time, base_time + datetime.timedelta(minutes=random.randint(30, 60))) solve.date = new_base base_time = new_base db.session.add(solve) db.session.commit() ### Generating Wrong Keys print("GENERATING WRONG KEYS") for x in range(USER_AMOUNT): used = [] base_time = datetime.datetime.utcnow() + datetime.timedelta(minutes=-10000) for y in range(random.randint(1, CHAL_AMOUNT * 20)): chalid = random.randint(1, CHAL_AMOUNT) if chalid not in used: used.append(chalid) wrong = WrongKeys(x + 1, chalid, gen_word()) new_base = random_date(base_time, base_time + datetime.timedelta(minutes=random.randint(30, 60))) wrong.date = new_base base_time = new_base db.session.add(wrong) db.session.commit() db.session.close()
def chal(chalid): if utils.ctf_ended() and not utils.view_after_ctf(): abort(403) if not utils.user_can_view_challenges(): return redirect(url_for('auth.login', next=request.path)) if (utils.authed() and utils.is_verified() and (utils.ctf_started() or utils.view_after_ctf())) or utils.is_admin(): team = Teams.query.filter_by(id=session['id']).first() fails = WrongKeys.query.filter_by(teamid=session['id'], chalid=chalid).count() logger = logging.getLogger('keys') data = (time.strftime("%m/%d/%Y %X"), session['username'].encode('utf-8'), request.form['key'].encode('utf-8'), utils.get_kpm(session['id'])) print("[{0}] {1} submitted {2} with kpm {3}".format(*data)) # Anti-bruteforce / submitting keys too quickly if utils.get_kpm(session['id']) > 10: if utils.ctftime(): wrong = WrongKeys(teamid=session['id'], chalid=chalid, ip=utils.get_ip(), flag=request.form['key'].strip()) db.session.add(wrong) db.session.commit() db.session.close() logger.warn( "[{0}] {1} submitted {2} with kpm {3} [TOO FAST]".format( *data)) # return '3' # Submitting too fast return jsonify({ 'status': 3, 'message': "You're submitting keys too fast. Slow down." }) solves = Solves.query.filter_by(teamid=session['id'], chalid=chalid).first() # Challange not solved yet if not solves: chal = Challenges.query.filter_by(id=chalid).first_or_404() provided_key = request.form['key'].strip() saved_keys = Keys.query.filter_by(chal=chal.id).all() # Hit max attempts max_tries = chal.max_attempts if max_tries and fails >= max_tries > 0: return jsonify({ 'status': 0, 'message': "You have 0 tries remaining" }) chal_class = get_chal_class(chal.type) status, message = chal_class.attempt(chal, request) if status: # The challenge plugin says the input is right if utils.ctftime() or utils.is_admin(): chal_class.solve(team=team, chal=chal, request=request) logger.info( "[{0}] {1} submitted {2} with kpm {3} [CORRECT]".format( *data)) return jsonify({'status': 1, 'message': message}) else: # The challenge plugin says the input is wrong if utils.ctftime() or utils.is_admin(): chal_class.fail(team=team, chal=chal, request=request) logger.info( "[{0}] {1} submitted {2} with kpm {3} [WRONG]".format( *data)) # return '0' # key was wrong if max_tries: attempts_left = max_tries - fails - 1 # Off by one since fails has changed since it was gotten tries_str = 'tries' if attempts_left == 1: tries_str = 'try' if message[ -1] not in '!().;?[]\{\}': # Add a punctuation mark if there isn't one message = message + '.' return jsonify({ 'status': 0, 'message': '{} You have {} {} remaining.'.format( message, attempts_left, tries_str) }) else: return jsonify({'status': 0, 'message': message}) # Challenge already solved else: logger.info( "{0} submitted {1} with kpm {2} [ALREADY SOLVED]".format( *data)) # return '2' # challenge was already solved return jsonify({'status': 2, 'message': 'You already solved this'}) else: return jsonify({ 'status': -1, 'message': "You must be logged in to solve a challenge" })
base_time = datetime.datetime.utcnow() + datetime.timedelta(minutes=-10000) for _ in range(random.randint(0, AWARDS_AMOUNT)): award = Awards(x + 1, gen_word(), random.randint(-10, 10)) new_base = random_date(base_time, base_time + datetime.timedelta(minutes=random.randint(30, 60))) award.date = new_base base_time = new_base db.session.add(award) db.session.commit() # Generating Wrong Keys print("GENERATING WRONG KEYS") for x in range(USER_AMOUNT): used = [] base_time = datetime.datetime.utcnow() + datetime.timedelta(minutes=-10000) for y in range(random.randint(1, CHAL_AMOUNT * 20)): chalid = random.randint(1, CHAL_AMOUNT) if chalid not in used: used.append(chalid) wrong = WrongKeys(x + 1, chalid, '127.0.0.1', gen_word()) new_base = random_date(base_time, base_time + datetime.timedelta(minutes=random.randint(30, 60))) wrong.date = new_base base_time = new_base db.session.add(wrong) db.session.commit() db.session.close()
datetime.timedelta(minutes=random.randint(30, 60))) award.date = new_base base_time = new_base db.session.add(award) db.session.commit() # Generating Wrong Keys print("GENERATING WRONG KEYS") for x in range(USER_AMOUNT): used = [] base_time = datetime.datetime.utcnow() + datetime.timedelta( minutes=-10000) for y in range(random.randint(1, CHAL_AMOUNT * 20)): chalid = random.randint(1, CHAL_AMOUNT) if chalid not in used: used.append(chalid) wrong = WrongKeys(x + 1, chalid, gen_word()) new_base = random_date( base_time, base_time + datetime.timedelta(minutes=random.randint(30, 60))) wrong.date = new_base base_time = new_base db.session.add(wrong) db.session.commit() db.session.close()
def chal(chalid): if ctf_ended() and not view_after_ctf(): return redirect(url_for('challenges.challenges_view')) if not user_can_view_challenges(): return redirect(url_for('auth.login', next=request.path)) if authed() and is_verified() and (ctf_started() or view_after_ctf()): fails = WrongKeys.query.filter_by(teamid=session['id'], chalid=chalid).count() logger = logging.getLogger('keys') data = (time.strftime("%m/%d/%Y %X"), session['username'].encode('utf-8'), request.form['key'].encode('utf-8'), get_kpm(session['id'])) print("[{0}] {1} submitted {2} with kpm {3}".format(*data)) # Anti-bruteforce / submitting keys too quickly if get_kpm(session['id']) > 10: if ctftime(): wrong = WrongKeys(session['id'], chalid, request.form['key']) db.session.add(wrong) db.session.commit() db.session.close() logger.warn( "[{0}] {1} submitted {2} with kpm {3} [TOO FAST]".format( *data)) # return "3" # Submitting too fast return jsonify({ 'status': '3', 'message': "You're submitting keys too fast. Slow down." }) solves = Solves.query.filter_by(teamid=session['id'], chalid=chalid).first() # Challange not solved yet if not solves: chal = Challenges.query.filter_by(id=chalid).first() key = unicode(request.form['key'].strip().lower()) keys = json.loads(chal.flags) # Hit max attempts max_tries = int(get_config("max_tries")) if fails >= max_tries > 0: return jsonify({ 'status': '0', 'message': "You have 0 tries remaining" }) for x in keys: if x['type'] == 0: #static key print(x['flag'], key.strip().lower()) if x['flag'] and x['flag'].strip().lower() == key.strip( ).lower(): if ctftime(): solve = Solves(chalid=chalid, teamid=session['id'], ip=get_ip(), flag=key) db.session.add(solve) db.session.commit() db.session.close() logger.info( "[{0}] {1} submitted {2} with kpm {3} [CORRECT]". format(*data)) # return "1" # key was correct return jsonify({'status': '1', 'message': 'Correct'}) elif x['type'] == 1: #regex res = re.match(x['flag'], key, re.IGNORECASE) if res and res.group() == key: if ctftime(): solve = Solves(chalid=chalid, teamid=session['id'], ip=get_ip(), flag=key) db.session.add(solve) db.session.commit() db.session.close() logger.info( "[{0}] {1} submitted {2} with kpm {3} [CORRECT]". format(*data)) # return "1" # key was correct return jsonify({'status': '1', 'message': 'Correct'}) if ctftime(): wrong = WrongKeys(session['id'], chalid, request.form['key']) db.session.add(wrong) db.session.commit() db.session.close() logger.info( "[{0}] {1} submitted {2} with kpm {3} [WRONG]".format(*data)) # return '0' # key was wrong if max_tries: attempts_left = max_tries - fails tries_str = 'tries' if attempts_left == 1: tries_str = 'try' return jsonify({ 'status': '0', 'message': 'Incorrect. You have {} {} remaining.'.format( attempts_left, tries_str) }) else: return jsonify({'status': '0', 'message': 'Incorrect'}) # Challenge already solved else: logger.info( "{0} submitted {1} with kpm {2} [ALREADY SOLVED]".format( *data)) # return "2" # challenge was already solved return jsonify({ 'status': '2', 'message': 'You already solved this' }) else: return "-1"
def chal(chalid): if utils.ctf_ended() and not utils.view_after_ctf(): return redirect(url_for('challenges.challenges_view')) if not utils.user_can_view_challenges(): return redirect(url_for('auth.login', next=request.path)) if utils.authed() and utils.is_verified() and (utils.ctf_started() or utils.view_after_ctf()): fails = WrongKeys.query.filter_by(teamid=session['id'], chalid=chalid).count() logger = logging.getLogger('keys') data = (time.strftime("%m/%d/%Y %X"), session['username'].encode('utf-8'), request.form['key'].encode('utf-8'), utils.get_kpm(session['id'])) print("[{0}] {1} submitted {2} with kpm {3}".format(*data)) # Anti-bruteforce / submitting keys too quickly if utils.get_kpm(session['id']) > 10: if utils.ctftime(): wrong = WrongKeys(session['id'], chalid, request.form['key']) db.session.add(wrong) db.session.commit() db.session.close() logger.warn( "[{0}] {1} submitted {2} with kpm {3} [TOO FAST]".format( *data)) # return '3' # Submitting too fast return jsonify({ 'status': '3', 'message': "You're submitting keys too fast. Slow down." }) solves = Solves.query.filter_by(teamid=session['id'], chalid=chalid).first() # Challange not solved yet if not solves: chal = Challenges.query.filter_by(id=chalid).first_or_404() provided_key = unicode(request.form['key'].strip()) saved_keys = Keys.query.filter_by(chal=chal.id).all() # Hit max attempts max_tries = chal.max_attempts if max_tries and fails >= max_tries > 0: return jsonify({ 'status': '0', 'message': "You have 0 tries remaining" }) chal_class = get_chal_class(chal.type) if chal_class.solve(chal, provided_key): if utils.ctftime(): solve = Solves(chalid=chalid, teamid=session['id'], ip=utils.get_ip(), flag=provided_key) db.session.add(solve) db.session.commit() db.session.close() logger.info( "[{0}] {1} submitted {2} with kpm {3} [CORRECT]".format( *data)) return jsonify({'status': '1', 'message': 'Correct'}) if utils.ctftime(): wrong = WrongKeys(teamid=session['id'], chalid=chalid, flag=provided_key) db.session.add(wrong) db.session.commit() db.session.close() logger.info( "[{0}] {1} submitted {2} with kpm {3} [WRONG]".format(*data)) # return '0' # key was wrong if max_tries: attempts_left = max_tries - fails - 1 ## Off by one since fails has changed since it was gotten tries_str = 'tries' if attempts_left == 1: tries_str = 'try' return jsonify({ 'status': '0', 'message': 'Incorrect. You have {} {} remaining.'.format( attempts_left, tries_str) }) else: return jsonify({'status': '0', 'message': 'Incorrect'}) # Challenge already solved else: logger.info( "{0} submitted {1} with kpm {2} [ALREADY SOLVED]".format( *data)) # return '2' # challenge was already solved return jsonify({ 'status': '2', 'message': 'You already solved this' }) else: return jsonify({ 'status': '-1', 'message': "You must be logged in to solve a challenge" })
def chal(chalid): if not ctftime(): return redirect('/') if authed(): logger = logging.getLogger('keys') data = (time.strftime("%m/%d/%Y %X"), session['username'].encode('utf-8'), request.form['key'].encode('utf-8'), get_kpm(session['id'])) print "[{0}] {1} submitted {2} with kpm {3}".format(*data) if get_kpm(session['id']) > 10: wrong = WrongKeys(session['id'], chalid, request.form['key']) db.session.add(wrong) db.session.commit() db.session.close() logger.warn( "[{0}] {1} submitted {2} with kpm {3} [TOO FAST]".format( *data)) return "3" # Submitting too fast solves = Solves.query.filter_by(teamid=session['id'], chalid=chalid).first() if not solves: keys = Keys.query.filter_by(chal=chalid).all() key = request.form['key'].strip().lower() for x in keys: if x.key_type == 0: #static key if x.flag.strip().lower() == key: solve = Solves(chalid=chalid, teamid=session['id'], ip=request.remote_addr) db.session.add(solve) db.session.commit() db.session.close() logger.info( "[{0}] {1} submitted {2} with kpm {3} [CORRECT]" .format(*data)) return "1" # key was correct elif x.key_type == 1: #regex res = re.match(str(x), key, re.IGNORECASE) if res and res.group() == key: solve = Solves(chalid=chalid, teamid=session['id'], ip=request.remote_addr) db.session.add(solve) db.session.commit() db.session.close() logger.info( "[{0}] {1} submitted {2} with kpm {3} [CORRECT]" .format(*data)) return "1" # key was correct wrong = WrongKeys(session['id'], chalid, request.form['key']) db.session.add(wrong) db.session.commit() db.session.close() logger.info( "[{0}] {1} submitted {2} with kpm {3} [WRONG]".format( *data)) return '0' # key was wrong else: logger.info( "{0} submitted {1} with kpm {2} [ALREADY SOLVED]".format( *data)) return "2" # challenge was already solved else: return "-1"
def chal(chalid): if not ctftime(): return redirect(url_for('challenges.challenges_view')) if authed(): fails = WrongKeys.query.filter_by(team=session['id'], chalid=chalid).count() logger = logging.getLogger('keys') data = (time.strftime("%m/%d/%Y %X"), session['username'].encode('utf-8'), request.form['key'].encode('utf-8'), get_kpm(session['id'])) print("[{0}] {1} submitted {2} with kpm {3}".format(*data)) # Hit max attempts if fails >= int(get_config("max_tries")) and int( get_config("max_tries")) > 0: return "4" #too many tries on this challenge # Anti-bruteforce / submitting keys too quickly if get_kpm(session['id']) > 10: wrong = WrongKeys(session['id'], chalid, request.form['key']) db.session.add(wrong) db.session.commit() db.session.close() logger.warn( "[{0}] {1} submitted {2} with kpm {3} [TOO FAST]".format( *data)) return "3" # Submitting too fast solves = Solves.query.filter_by(teamid=session['id'], chalid=chalid).first() # Challange not solved yet if not solves: chal = Challenges.query.filter_by(id=chalid).first() key = str(request.form['key'].strip().lower()) keys = json.loads(chal.flags) for x in keys: if x['type'] == 0: #static key print(x['flag'], key.strip().lower()) if x['flag'] == key.strip().lower(): solve = Solves(chalid=chalid, teamid=session['id'], ip=request.remote_addr, flag=key) db.session.add(solve) db.session.commit() db.session.close() logger.info( "[{0}] {1} submitted {2} with kpm {3} [CORRECT]". format(*data)) return "1" # key was correct elif x['type'] == 1: #regex res = re.match(str(x['flag']), key, re.IGNORECASE) if res and res.group() == key: solve = Solves(chalid=chalid, teamid=session['id'], ip=request.remote_addr, flag=key) db.session.add(solve) db.session.commit() db.session.close() logger.info( "[{0}] {1} submitted {2} with kpm {3} [CORRECT]". format(*data)) return "1" # key was correct wrong = WrongKeys(session['id'], chalid, request.form['key']) db.session.add(wrong) db.session.commit() db.session.close() logger.info( "[{0}] {1} submitted {2} with kpm {3} [WRONG]".format(*data)) return '0' # key was wrong # Challenge already solved else: logger.info( "{0} submitted {1} with kpm {2} [ALREADY SOLVED]".format( *data)) return "2" # challenge was already solved else: return "-1"