def chal(chalid):
if not ctftime():
return redirect("/")
if authed():
logger = logging.getLogger("keys")
data = (
time.strftime("%m/%d/%Y %X"),
session["username"].encode("utf-8"),
request.form["key"].encode("utf-8"),
get_kpm(session["id"]),
)
print "[{0}] {1} submitted {2} with kpm {3}".format(*data)
if get_kpm(session["id"]) > 10:
wrong = WrongKeys(session["id"], chalid, request.form["key"])
db.session.add(wrong)
db.session.commit()
db.session.close()
logger.warn("[{0}] {1} submitted {2} with kpm {3} [TOO FAST]".format(*data))
return "3" # Submitting too fast
solves = Solves.query.filter_by(teamid=session["id"], chalid=chalid).first()
if not solves:
keys = Keys.query.filter_by(chal=chalid).all()
key = request.form["key"].strip().lower()
for x in keys:
if x.key_type == 0: # static key
if x.flag.strip().lower() == key:
solve = Solves(chalid=chalid, teamid=session["id"], ip=request.remote_addr)
db.session.add(solve)
db.session.commit()
db.session.close()
logger.info("[{0}] {1} submitted {2} with kpm {3} [CORRECT]".format(*data))
return "1" # key was correct
elif x.key_type == 1: # regex
res = re.match(str(x), key, re.IGNORECASE)
if res and res.group() == key:
solve = Solves(chalid=chalid, teamid=session["id"], ip=request.remote_addr)
db.session.add(solve)
db.session.commit()
db.session.close()
logger.info("[{0}] {1} submitted {2} with kpm {3} [CORRECT]".format(*data))
return "1" # key was correct
wrong = WrongKeys(session["id"], chalid, request.form["key"])
db.session.add(wrong)
db.session.commit()
db.session.close()
logger.info("[{0}] {1} submitted {2} with kpm {3} [WRONG]".format(*data))
return "0" # key was wrong
else:
logger.info("{0} submitted {1} with kpm {2} [ALREADY SOLVED]".format(*data))
return "2" # challenge was already solved
else:
return "-1"
def submit_bonus_flag():
if utils.authed():
teamid = session['id']
team = Teams.query.filter_by(id=session['id']).first()
phantom_challenge = Challenges.query.filter(
Challenges.type == 'bonus').first()
chal_class = get_chal_class(phantom_challenge.type)
if request.method == 'GET':
return bonus_view(teamid, '')
# Anti-bruteforce / submitting keys too quickly
if utils.get_kpm(session['id']) > 10:
if utils.ctftime():
chal_class.fail(team=team,
chal=phantom_challenge,
request=request)
return bonus_view(teamid,
"You're submitting keys too fast. Slow down.")
# Look for bonuses using this flag
provided_key = request.form['key'].strip()
bonus = Challenges.query.join(Keys, Keys.chal == Challenges.id).filter(
Keys.flag == provided_key, Challenges.type == 'bonus').first()
if bonus:
submission = chal(bonus.id)
verdict = json.loads(submission.response[0])
return bonus_view(teamid, verdict['message'])
else:
chal_class.fail(team=team, chal=phantom_challenge, request=request)
return bonus_view(teamid, 'Incorrect')
else:
return redirect(url_for('auth.login'))
def chal(chalid):
if not ctftime():
return redirect('/challenges')
if authed():
fails = WrongKeys.query.filter_by(team=session['id'],chal=chalid).count()
logger = logging.getLogger('keys')
data = (time.strftime("%m/%d/%Y %X"), session['username'].encode('utf-8'), request.form['key'].encode('utf-8'), get_kpm(session['id']))
print "[{0}] {1} submitted {2} with kpm {3}".format(*data)
if fails >= int(get_config("max_tries")) and int(get_config("max_tries")) > 0:
return "4" #too many tries on this challenge
if get_kpm(session['id']) > 10:
wrong = WrongKeys(session['id'], chalid, request.form['key'])
db.session.add(wrong)
db.session.commit()
db.session.close()
logger.warn("[{0}] {1} submitted {2} with kpm {3} [TOO FAST]".format(*data))
return "3" # Submitting too fast
solves = Solves.query.filter_by(teamid=session['id'], chalid=chalid).first()
if not solves:
keys = Keys.query.filter_by(chal=chalid).all()
key = request.form['key'].strip().lower()
for x in keys:
if x.key_type == 0: #static key
if x.flag.strip().lower() == key:
solve = Solves(chalid=chalid, teamid=session['id'], ip=request.remote_addr, flag=key)
db.session.add(solve)
db.session.commit()
db.session.close()
logger.info("[{0}] {1} submitted {2} with kpm {3} [CORRECT]".format(*data))
return "1" # key was correct
elif x.key_type == 1: #regex
res = re.match(str(x), key, re.IGNORECASE)
if res and res.group() == key:
solve = Solves(chalid=chalid, teamid=session['id'], ip=request.remote_addr, flag=key)
db.session.add(solve)
db.session.commit()
db.session.close()
logger.info("[{0}] {1} submitted {2} with kpm {3} [CORRECT]".format(*data))
return "1" # key was correct
wrong = WrongKeys(session['id'], chalid, request.form['key'])
db.session.add(wrong)
db.session.commit()
db.session.close()
logger.info("[{0}] {1} submitted {2} with kpm {3} [WRONG]".format(*data))
return '0' # key was wrong
else:
logger.info("{0} submitted {1} with kpm {2} [ALREADY SOLVED]".format(*data))
return "2" # challenge was already solved
else:
return "-1"
def chal(chalid):
if utils.ctf_ended() and not utils.view_after_ctf():
abort(403)
if not utils.user_can_view_challenges():
return redirect(url_for('auth.login', next=request.path))
if (utils.authed() and utils.is_verified() and
(utils.ctf_started() or utils.view_after_ctf())) or utils.is_admin():
team = Teams.query.filter_by(id=session['id']).first()
fails = WrongKeys.query.filter_by(teamid=session['id'],
chalid=chalid).count()
logger = logging.getLogger('keys')
data = (time.strftime("%m/%d/%Y %X"),
session['username'].encode('utf-8'),
request.form['key'].encode('utf-8'),
utils.get_kpm(session['id']))
print("[{0}] {1} submitted {2} with kpm {3}".format(*data))
# Anti-bruteforce / submitting keys too quickly
if utils.get_kpm(session['id']) > 10:
if utils.ctftime():
wrong = WrongKeys(teamid=session['id'],
chalid=chalid,
ip=utils.get_ip(),
flag=request.form['key'].strip())
db.session.add(wrong)
db.session.commit()
db.session.close()
logger.warn(
"[{0}] {1} submitted {2} with kpm {3} [TOO FAST]".format(
*data))
# return '3' # Submitting too fast
return jsonify({
'status':
3,
'message':
"You're submitting keys too fast. Slow down."
})
solves = Solves.query.filter_by(teamid=session['id'],
chalid=chalid).first()
# Challange not solved yet
if not solves:
chal = Challenges.query.filter_by(id=chalid).first_or_404()
provided_key = request.form['key'].strip()
saved_keys = Keys.query.filter_by(chal=chal.id).all()
# Hit max attempts
max_tries = chal.max_attempts
if max_tries and fails >= max_tries > 0:
return jsonify({
'status': 0,
'message': "You have 0 tries remaining"
})
chal_class = get_chal_class(chal.type)
status, message = chal_class.attempt(chal, request)
if status: # The challenge plugin says the input is right
if utils.ctftime() or utils.is_admin():
chal_class.solve(team=team, chal=chal, request=request)
logger.info(
"[{0}] {1} submitted {2} with kpm {3} [CORRECT]".format(
*data))
return jsonify({'status': 1, 'message': message})
else: # The challenge plugin says the input is wrong
if utils.ctftime() or utils.is_admin():
chal_class.fail(team=team, chal=chal, request=request)
logger.info(
"[{0}] {1} submitted {2} with kpm {3} [WRONG]".format(
*data))
# return '0' # key was wrong
if max_tries:
attempts_left = max_tries - fails - 1 # Off by one since fails has changed since it was gotten
tries_str = 'tries'
if attempts_left == 1:
tries_str = 'try'
if message[
-1] not in '!().;?[]\{\}': # Add a punctuation mark if there isn't one
message = message + '.'
return jsonify({
'status':
0,
'message':
'{} You have {} {} remaining.'.format(
message, attempts_left, tries_str)
})
else:
return jsonify({'status': 0, 'message': message})
# Challenge already solved
else:
logger.info(
"{0} submitted {1} with kpm {2} [ALREADY SOLVED]".format(
*data))
# return '2' # challenge was already solved
return jsonify({'status': 2, 'message': 'You already solved this'})
else:
return jsonify({
'status': -1,
'message': "You must be logged in to solve a challenge"
})
def chal(chalid):
if not ctftime():
return redirect(url_for('challenges.challenges_view'))
if authed():
fails = WrongKeys.query.filter_by(teamid=session['id'], chalid=chalid).count()
logger = logging.getLogger('keys')
data = (time.strftime("%m/%d/%Y %X"), session['username'].encode('utf-8'), request.form['key'].encode('utf-8'), get_kpm(session['id']))
print("[{0}] {1} submitted {2} with kpm {3}".format(*data))
# Hit max attempts
if fails >= int(get_config("max_tries")) and int(get_config("max_tries")) > 0:
return "4" #too many tries on this challenge
# Anti-bruteforce / submitting keys too quickly
if get_kpm(session['id']) > 10:
wrong = WrongKeys(session['id'], chalid, request.form['key'])
db.session.add(wrong)
db.session.commit()
db.session.close()
logger.warn("[{0}] {1} submitted {2} with kpm {3} [TOO FAST]".format(*data))
return "3" # Submitting too fast
solves = Solves.query.filter_by(teamid=session['id'], chalid=chalid).first()
# Challange not solved yet
if not solves:
chal = Challenges.query.filter_by(id=chalid).first()
key = str(request.form['key'].strip().lower())
keys = json.loads(chal.flags)
for x in keys:
if x['type'] == 0: #static key
print(x['flag'], key.strip().lower())
if x['flag'] and x['flag'].strip().lower() == key.strip().lower():
solve = Solves(chalid=chalid, teamid=session['id'], ip=get_ip(), flag=key)
db.session.add(solve)
db.session.commit()
db.session.close()
logger.info("[{0}] {1} submitted {2} with kpm {3} [CORRECT]".format(*data))
return "1" # key was correct
elif x['type'] == 1: #regex
res = re.match(str(x['flag']), key, re.IGNORECASE)
if res and res.group() == key:
solve = Solves(chalid=chalid, teamid=session['id'], ip=get_ip(), flag=key)
db.session.add(solve)
db.session.commit()
db.session.close()
logger.info("[{0}] {1} submitted {2} with kpm {3} [CORRECT]".format(*data))
return "1" # key was correct
wrong = WrongKeys(session['id'], chalid, request.form['key'])
db.session.add(wrong)
db.session.commit()
db.session.close()
logger.info("[{0}] {1} submitted {2} with kpm {3} [WRONG]".format(*data))
return '0' # key was wrong
# Challenge already solved
else:
logger.info("{0} submitted {1} with kpm {2} [ALREADY SOLVED]".format(*data))
return "2" # challenge was already solved
else:
return "-1"
def chal(chalid):
if utils.ctf_paused():
return jsonify({
'status': 3,
'message': '{} is paused'.format(utils.ctf_name())
})
if (utils.authed() and utils.is_verified() and
(utils.ctf_started() or utils.view_after_ctf())) or utils.is_admin():
team = Teams.query.filter_by(id=session['id']).first()
fails = WrongKeys.query.filter_by(teamid=session['id'],
chalid=chalid).count()
logger = logging.getLogger('keys')
data = (time.strftime("%m/%d/%Y %X"),
session['username'].encode('utf-8'),
request.form['key'].encode('utf-8'),
utils.get_kpm(session['id']))
print("[{0}] {1} submitted {2} with kpm {3}".format(*data))
chal = Challenges.query.filter_by(id=chalid).first_or_404()
if chal.hidden:
abort(404)
chal_class = get_chal_class(chal.type)
# Anti-bruteforce / submitting keys too quickly
if utils.get_kpm(session['id']) > 10:
if utils.ctftime():
chal_class.fail(team=team, chal=chal, request=request)
logger.warn(
"[{0}] {1} submitted {2} with kpm {3} [TOO FAST]".format(
*data))
# return '3' # Submitting too fast
return jsonify({
'status':
3,
'message':
"You're submitting keys too fast. Slow down."
})
solves = Solves.query.filter_by(teamid=session['id'],
chalid=chalid).first()
# Challange not solved yet
if not solves:
provided_key = request.form['key'].strip()
saved_keys = Keys.query.filter_by(chal=chal.id).all()
# Hit max attempts
max_tries = chal.max_attempts
if max_tries and fails >= max_tries > 0:
return jsonify({
'status': 0,
'message': "You have 0 tries remaining"
})
chal_name = chal.name
chal_value = chal.value
team_id = team.id
status, message = chal_class.attempt(chal, request)
if status: # The challenge plugin says the input is right
if utils.ctftime() or utils.is_admin():
chal_class.solve(team=team, chal=chal, request=request)
logger.info(
"[{0}] {1} submitted {2} with kpm {3} [CORRECT]".format(
*data))
team_url = url_for("views.team",
teamid=team_id,
_external=True)
chal_url = url_for("challenges.challenges_view",
_anchor=chal_name,
_external=True)
description = ":white_check_mark: [{0}]({1}) solved [{2}]({3}) ({4})".format(
session['username'].encode('utf-8'), team_url, chal_name,
chal_url, chal_value)
embeds = [{
"description":
description,
"color":
10553667,
"timestamp":
datetime.datetime.utcnow().strftime('%Y-%m-%d %H:%M:%SZ')
}]
utils.send_discord_webhook(embeds)
return jsonify({'status': 1, 'message': message})
else: # The challenge plugin says the input is wrong
if utils.ctftime() or utils.is_admin():
chal_class.fail(team=team, chal=chal, request=request)
logger.info(
"[{0}] {1} submitted {2} with kpm {3} [WRONG]".format(
*data))
# return '0' # key was wrong
if max_tries:
attempts_left = max_tries - fails - 1 # Off by one since fails has changed since it was gotten
tries_str = 'tries'
if attempts_left == 1:
tries_str = 'try'
if message[
-1] not in '!().;?[]\{\}': # Add a punctuation mark if there isn't one
message = message + '.'
return jsonify({
'status':
0,
'message':
'{} You have {} {} remaining.'.format(
message, attempts_left, tries_str)
})
else:
return jsonify({'status': 0, 'message': message})
# Challenge already solved
else:
logger.info(
"{0} submitted {1} with kpm {2} [ALREADY SOLVED]".format(
*data))
# return '2' # challenge was already solved
return jsonify({'status': 2, 'message': 'You already solved this'})
else:
return jsonify({
'status': -1,
'message': "You must be logged in to solve a challenge"
})
def chal(chalid):
if ctf_ended() and not view_after_ctf():
return redirect(url_for('challenges.challenges_view'))
if not user_can_view_challenges():
return redirect(url_for('auth.login', next=request.path))
if authed() and is_verified() and (ctf_started() or view_after_ctf()):
fails = WrongKeys.query.filter_by(teamid=session['id'],
chalid=chalid).count()
logger = logging.getLogger('keys')
data = (time.strftime("%m/%d/%Y %X"),
session['username'].encode('utf-8'),
request.form['key'].encode('utf-8'), get_kpm(session['id']))
print("[{0}] {1} submitted {2} with kpm {3}".format(*data))
# Anti-bruteforce / submitting keys too quickly
if get_kpm(session['id']) > 10:
if ctftime():
wrong = WrongKeys(session['id'], chalid, request.form['key'])
db.session.add(wrong)
db.session.commit()
db.session.close()
logger.warn(
"[{0}] {1} submitted {2} with kpm {3} [TOO FAST]".format(
*data))
# return "3" # Submitting too fast
return jsonify({
'status':
'3',
'message':
"You're submitting keys too fast. Slow down."
})
solves = Solves.query.filter_by(teamid=session['id'],
chalid=chalid).first()
# Challange not solved yet
if not solves:
chal = Challenges.query.filter_by(id=chalid).first()
key = unicode(request.form['key'].strip().lower())
keys = json.loads(chal.flags)
# Hit max attempts
max_tries = int(get_config("max_tries"))
if fails >= max_tries > 0:
return jsonify({
'status': '0',
'message': "You have 0 tries remaining"
})
for x in keys:
if x['type'] == 0: #static key
print(x['flag'], key.strip().lower())
if x['flag'] and x['flag'].strip().lower() == key.strip(
).lower():
if ctftime():
solve = Solves(chalid=chalid,
teamid=session['id'],
ip=get_ip(),
flag=key)
db.session.add(solve)
db.session.commit()
db.session.close()
logger.info(
"[{0}] {1} submitted {2} with kpm {3} [CORRECT]".
format(*data))
# return "1" # key was correct
return jsonify({'status': '1', 'message': 'Correct'})
elif x['type'] == 1: #regex
res = re.match(x['flag'], key, re.IGNORECASE)
if res and res.group() == key:
if ctftime():
solve = Solves(chalid=chalid,
teamid=session['id'],
ip=get_ip(),
flag=key)
db.session.add(solve)
db.session.commit()
db.session.close()
logger.info(
"[{0}] {1} submitted {2} with kpm {3} [CORRECT]".
format(*data))
# return "1" # key was correct
return jsonify({'status': '1', 'message': 'Correct'})
if ctftime():
wrong = WrongKeys(session['id'], chalid, request.form['key'])
db.session.add(wrong)
db.session.commit()
db.session.close()
logger.info(
"[{0}] {1} submitted {2} with kpm {3} [WRONG]".format(*data))
# return '0' # key was wrong
if max_tries:
attempts_left = max_tries - fails
tries_str = 'tries'
if attempts_left == 1:
tries_str = 'try'
return jsonify({
'status':
'0',
'message':
'Incorrect. You have {} {} remaining.'.format(
attempts_left, tries_str)
})
else:
return jsonify({'status': '0', 'message': 'Incorrect'})
# Challenge already solved
else:
logger.info(
"{0} submitted {1} with kpm {2} [ALREADY SOLVED]".format(
*data))
# return "2" # challenge was already solved
return jsonify({
'status': '2',
'message': 'You already solved this'
})
else:
return "-1"
def chal(chalid):
if utils.ctf_ended() and not utils.view_after_ctf():
return redirect(url_for('challenges.challenges_view'))
if not utils.user_can_view_challenges():
return redirect(url_for('auth.login', next=request.path))
if utils.authed() and utils.is_verified() and (utils.ctf_started()
or utils.view_after_ctf()):
fails = WrongKeys.query.filter_by(teamid=session['id'],
chalid=chalid).count()
logger = logging.getLogger('keys')
data = (time.strftime("%m/%d/%Y %X"),
session['username'].encode('utf-8'),
request.form['key'].encode('utf-8'),
utils.get_kpm(session['id']))
print("[{0}] {1} submitted {2} with kpm {3}".format(*data))
# Anti-bruteforce / submitting keys too quickly
if utils.get_kpm(session['id']) > 10:
if utils.ctftime():
wrong = WrongKeys(session['id'], chalid, request.form['key'])
db.session.add(wrong)
db.session.commit()
db.session.close()
logger.warn(
"[{0}] {1} submitted {2} with kpm {3} [TOO FAST]".format(
*data))
# return '3' # Submitting too fast
return jsonify({
'status':
'3',
'message':
"You're submitting keys too fast. Slow down."
})
solves = Solves.query.filter_by(teamid=session['id'],
chalid=chalid).first()
# Challange not solved yet
if not solves:
chal = Challenges.query.filter_by(id=chalid).first_or_404()
provided_key = unicode(request.form['key'].strip())
saved_keys = Keys.query.filter_by(chal=chal.id).all()
# Hit max attempts
max_tries = chal.max_attempts
if max_tries and fails >= max_tries > 0:
return jsonify({
'status': '0',
'message': "You have 0 tries remaining"
})
chal_class = get_chal_class(chal.type)
if chal_class.solve(chal, provided_key):
if utils.ctftime():
solve = Solves(chalid=chalid,
teamid=session['id'],
ip=utils.get_ip(),
flag=provided_key)
db.session.add(solve)
db.session.commit()
db.session.close()
logger.info(
"[{0}] {1} submitted {2} with kpm {3} [CORRECT]".format(
*data))
return jsonify({'status': '1', 'message': 'Correct'})
if utils.ctftime():
wrong = WrongKeys(teamid=session['id'],
chalid=chalid,
flag=provided_key)
db.session.add(wrong)
db.session.commit()
db.session.close()
logger.info(
"[{0}] {1} submitted {2} with kpm {3} [WRONG]".format(*data))
# return '0' # key was wrong
if max_tries:
attempts_left = max_tries - fails - 1 ## Off by one since fails has changed since it was gotten
tries_str = 'tries'
if attempts_left == 1:
tries_str = 'try'
return jsonify({
'status':
'0',
'message':
'Incorrect. You have {} {} remaining.'.format(
attempts_left, tries_str)
})
else:
return jsonify({'status': '0', 'message': 'Incorrect'})
# Challenge already solved
else:
logger.info(
"{0} submitted {1} with kpm {2} [ALREADY SOLVED]".format(
*data))
# return '2' # challenge was already solved
return jsonify({
'status': '2',
'message': 'You already solved this'
})
else:
return jsonify({
'status': '-1',
'message': "You must be logged in to solve a challenge"
})
def chal(chalid):
if utils.ctf_ended() and not utils.view_after_ctf():
return redirect(url_for('challenges.challenges_view'))
if not utils.user_can_view_challenges():
return redirect(url_for('auth.login', next=request.path))
if utils.authed() and utils.is_verified() and (utils.ctf_started() or utils.view_after_ctf()):
fails = WrongKeys.query.filter_by(teamid=session['id'], chalid=chalid).count()
logger = logging.getLogger('keys')
data = (time.strftime("%m/%d/%Y %X"), session['username'].encode('utf-8'), request.form['key'].encode('utf-8'), utils.get_kpm(session['id']))
print("[{0}] {1} submitted {2} with kpm {3}".format(*data))
# Anti-bruteforce / submitting keys too quickly
if utils.get_kpm(session['id']) > 10:
if utils.ctftime():
wrong = WrongKeys(session['id'], chalid, request.form['key'])
db.session.add(wrong)
db.session.commit()
db.session.close()
logger.warn("[{0}] {1} submitted {2} with kpm {3} [TOO FAST]".format(*data))
# return '3' # Submitting too fast
return jsonify({'status': 3, 'message': "You're submitting keys too fast. Slow down."})
solves = Solves.query.filter_by(teamid=session['id'], chalid=chalid).first()
# Challange not solved yet
if not solves:
chal = Challenges.query.filter_by(id=chalid).first_or_404()
provided_key = request.form['key'].strip()
saved_keys = Keys.query.filter_by(chal=chal.id).all()
# Hit max attempts
max_tries = chal.max_attempts
if max_tries and fails >= max_tries > 0:
return jsonify({
'status': 0,
'message': "You have 0 tries remaining"
})
chal_class = get_chal_class(chal.type)
if chal_class.solve(chal, provided_key):
if utils.ctftime():
solve = Solves(chalid=chalid, teamid=session['id'], ip=utils.get_ip(), flag=provided_key)
db.session.add(solve)
db.session.commit()
db.session.close()
logger.info("[{0}] {1} submitted {2} with kpm {3} [CORRECT]".format(*data))
return jsonify({'status': 1, 'message': 'Correct'})
if utils.ctftime():
wrong = WrongKeys(teamid=session['id'], chalid=chalid, flag=provided_key)
db.session.add(wrong)
db.session.commit()
db.session.close()
logger.info("[{0}] {1} submitted {2} with kpm {3} [WRONG]".format(*data))
# return '0' # key was wrong
if max_tries:
attempts_left = max_tries - fails - 1 # Off by one since fails has changed since it was gotten
tries_str = 'tries'
if attempts_left == 1:
tries_str = 'try'
return jsonify({'status': 0, 'message': 'Incorrect. You have {} {} remaining.'.format(attempts_left, tries_str)})
else:
return jsonify({'status': 0, 'message': 'Incorrect'})
# Challenge already solved
else:
logger.info("{0} submitted {1} with kpm {2} [ALREADY SOLVED]".format(*data))
# return '2' # challenge was already solved
return jsonify({'status': 2, 'message': 'You already solved this'})
else:
return jsonify({
'status': -1,
'message': "You must be logged in to solve a challenge"
})
def chal(chalid):
if not ctftime():
return redirect('/')
if authed():
logger = logging.getLogger('keys')
data = (time.strftime("%m/%d/%Y %X"),
session['username'].encode('utf-8'),
request.form['key'].encode('utf-8'),
get_kpm(session['id']))
print "[{0}] {1} submitted {2} with kpm {3}".format(*data)
if get_kpm(session['id']) > 10:
wrong = WrongKeys(session['id'], chalid, request.form['key'])
db.session.add(wrong)
db.session.commit()
db.session.close()
logger.warn(
"[{0}] {1} submitted {2} with kpm {3} [TOO FAST]".format(
*data))
return "3" # Submitting too fast
solves = Solves.query.filter_by(teamid=session['id'],
chalid=chalid).first()
if not solves:
keys = Keys.query.filter_by(chal=chalid).all()
key = request.form['key'].strip().lower()
for x in keys:
if x.key_type == 0: #static key
if x.flag.strip().lower() == key:
solve = Solves(chalid=chalid,
teamid=session['id'],
ip=request.remote_addr)
db.session.add(solve)
db.session.commit()
db.session.close()
logger.info(
"[{0}] {1} submitted {2} with kpm {3} [CORRECT]"
.format(*data))
return "1" # key was correct
elif x.key_type == 1: #regex
res = re.match(str(x), key, re.IGNORECASE)
if res and res.group() == key:
solve = Solves(chalid=chalid,
teamid=session['id'],
ip=request.remote_addr)
db.session.add(solve)
db.session.commit()
db.session.close()
logger.info(
"[{0}] {1} submitted {2} with kpm {3} [CORRECT]"
.format(*data))
return "1" # key was correct
wrong = WrongKeys(session['id'], chalid, request.form['key'])
db.session.add(wrong)
db.session.commit()
db.session.close()
logger.info(
"[{0}] {1} submitted {2} with kpm {3} [WRONG]".format(
*data))
return '0' # key was wrong
else:
logger.info(
"{0} submitted {1} with kpm {2} [ALREADY SOLVED]".format(
*data))
return "2" # challenge was already solved
else:
return "-1"
def chal(chalid):
if not ctftime():
return redirect(url_for('challenges.challenges_view'))
if authed():
fails = WrongKeys.query.filter_by(teamid=session['id'], chalid=chalid).count()
logger = logging.getLogger('keys')
data = (time.strftime("%m/%d/%Y %X"), session['username'].encode('utf-8'), request.form['key'].encode('utf-8'), get_kpm(session['id']))
print("[{0}] {1} submitted {2} with kpm {3}".format(*data))
# Anti-bruteforce / submitting keys too quickly
if get_kpm(session['id']) > 10:
wrong = WrongKeys(session['id'], chalid, request.form['key'])
db.session.add(wrong)
db.session.commit()
db.session.close()
logger.warn("[{0}] {1} submitted {2} with kpm {3} [TOO FAST]".format(*data))
# return "3" # Submitting too fast
return jsonify({'status': '3', 'message': "You're submitting keys too fast. Slow down."})
solves = Solves.query.filter_by(teamid=session['id'], chalid=chalid).first()
# Challange not solved yet
if not solves:
chal = Challenges.query.filter_by(id=chalid).first()
key = str(request.form['key'].strip().lower())
keys = json.loads(chal.flags)
# Hit max attempts
max_tries = int(get_config("max_tries"))
if fails >= max_tries > 0:
return jsonify({
'status': '0',
'message': "You have 0 tries remaining"
})
for x in keys:
if x['type'] == 0: #static key
print(x['flag'], key.strip().lower())
if x['flag'] and x['flag'].strip().lower() == key.strip().lower():
solve = Solves(chalid=chalid, teamid=session['id'], ip=get_ip(), flag=key)
db.session.add(solve)
db.session.commit()
db.session.close()
logger.info("[{0}] {1} submitted {2} with kpm {3} [CORRECT]".format(*data))
# return "1" # key was correct
return jsonify({'status':'1', 'message':'Correct'})
elif x['type'] == 1: #regex
res = re.match(str(x['flag']), key, re.IGNORECASE)
if res and res.group() == key:
solve = Solves(chalid=chalid, teamid=session['id'], ip=get_ip(), flag=key)
db.session.add(solve)
db.session.commit()
db.session.close()
logger.info("[{0}] {1} submitted {2} with kpm {3} [CORRECT]".format(*data))
# return "1" # key was correct
return jsonify({'status': '1', 'message': 'Correct'})
wrong = WrongKeys(session['id'], chalid, request.form['key'])
db.session.add(wrong)
db.session.commit()
db.session.close()
logger.info("[{0}] {1} submitted {2} with kpm {3} [WRONG]".format(*data))
# return '0' # key was wrong
if max_tries:
attempts_left = max_tries - fails
tries_str = 'tries'
if attempts_left == 1:
tries_str = 'try'
return jsonify({'status': '0', 'message': 'Incorrect. You have {} {} remaining.'.format(attempts_left, tries_str)})
else:
return jsonify({'status': '0', 'message': 'Incorrect'})
# Challenge already solved
else:
logger.info("{0} submitted {1} with kpm {2} [ALREADY SOLVED]".format(*data))
# return "2" # challenge was already solved
return jsonify({'status': '2', 'message': 'You already solved this'})
else:
return "-1"
def chal(chalid):
if not ctftime():
return redirect(url_for('challenges.challenges_view'))
if authed():
fails = WrongKeys.query.filter_by(team=session['id'],
chalid=chalid).count()
logger = logging.getLogger('keys')
data = (time.strftime("%m/%d/%Y %X"),
session['username'].encode('utf-8'),
request.form['key'].encode('utf-8'), get_kpm(session['id']))
print("[{0}] {1} submitted {2} with kpm {3}".format(*data))
# Hit max attempts
if fails >= int(get_config("max_tries")) and int(
get_config("max_tries")) > 0:
return "4" #too many tries on this challenge
# Anti-bruteforce / submitting keys too quickly
if get_kpm(session['id']) > 10:
wrong = WrongKeys(session['id'], chalid, request.form['key'])
db.session.add(wrong)
db.session.commit()
db.session.close()
logger.warn(
"[{0}] {1} submitted {2} with kpm {3} [TOO FAST]".format(
*data))
return "3" # Submitting too fast
solves = Solves.query.filter_by(teamid=session['id'],
chalid=chalid).first()
# Challange not solved yet
if not solves:
chal = Challenges.query.filter_by(id=chalid).first()
key = str(request.form['key'].strip().lower())
keys = json.loads(chal.flags)
for x in keys:
if x['type'] == 0: #static key
print(x['flag'], key.strip().lower())
if x['flag'] == key.strip().lower():
solve = Solves(chalid=chalid,
teamid=session['id'],
ip=request.remote_addr,
flag=key)
db.session.add(solve)
db.session.commit()
db.session.close()
logger.info(
"[{0}] {1} submitted {2} with kpm {3} [CORRECT]".
format(*data))
return "1" # key was correct
elif x['type'] == 1: #regex
res = re.match(str(x['flag']), key, re.IGNORECASE)
if res and res.group() == key:
solve = Solves(chalid=chalid,
teamid=session['id'],
ip=request.remote_addr,
flag=key)
db.session.add(solve)
db.session.commit()
db.session.close()
logger.info(
"[{0}] {1} submitted {2} with kpm {3} [CORRECT]".
format(*data))
return "1" # key was correct
wrong = WrongKeys(session['id'], chalid, request.form['key'])
db.session.add(wrong)
db.session.commit()
db.session.close()
logger.info(
"[{0}] {1} submitted {2} with kpm {3} [WRONG]".format(*data))
return '0' # key was wrong
# Challenge already solved
else:
logger.info(
"{0} submitted {1} with kpm {2} [ALREADY SOLVED]".format(
*data))
return "2" # challenge was already solved
else:
return "-1"
def chal(chalid):
if utils.ctf_paused():
return jsonify({
'status': 3,
'message': '{} is paused'.format(utils.ctf_name())
})
if (utils.authed() and utils.is_verified() and (utils.ctf_started() or utils.view_after_ctf())) or utils.is_admin():
team = Teams.query.filter_by(id=session['id']).first()
fails = WrongKeys.query.filter_by(teamid=session['id'], chalid=chalid).count()
logger = logging.getLogger('keys')
data = (time.strftime("%m/%d/%Y %X"), session['username'].encode('utf-8'), request.form['key'].encode('utf-8'), utils.get_kpm(session['id']))
print("[{0}] {1} submitted {2} with kpm {3}".format(*data))
chal = Challenges.query.filter_by(id=chalid).first_or_404()
if chal.hidden:
abort(404)
chal_class = get_chal_class(chal.type)
# Anti-bruteforce / submitting keys too quickly
if utils.get_kpm(session['id']) > 10:
if utils.ctftime():
chal_class.fail(team=team, chal=chal, request=request)
logger.warn("[{0}] {1} submitted {2} with kpm {3} [TOO FAST]".format(*data))
# return '3' # Submitting too fast
return jsonify({'status': 3, 'message': "你提交答案过快,请稍后再试"})
solves = Solves.query.filter_by(teamid=session['id'], chalid=chalid).first()
# Challange not solved yet
if not solves:
provided_key = request.form['key'].strip()
saved_keys = Keys.query.filter_by(chal=chal.id).all()
# Hit max attempts
max_tries = chal.max_attempts
if max_tries and fails >= max_tries > 0:
return jsonify({
'status': 0,
'message': "你已经没有机会再试了"
})
status, message = chal_class.attempt(chal, request)
if status: # The challenge plugin says the input is right
if utils.ctftime() or utils.is_admin():
chal_class.solve(team=team, chal=chal, request=request)
logger.info("[{0}] {1} submitted {2} with kpm {3} [CORRECT]".format(*data))
return jsonify({'status': 1, 'message': message})
else: # The challenge plugin says the input is wrong
if utils.ctftime() or utils.is_admin():
chal_class.fail(team=team, chal=chal, request=request)
logger.info("[{0}] {1} submitted {2} with kpm {3} [WRONG]".format(*data))
# return '0' # key was wrong
if max_tries:
attempts_left = max_tries - fails - 1 # Off by one since fails has changed since it was gotten
tries_str = 'tries'
if attempts_left == 1:
tries_str = 'try'
if message[-1] not in '!().;?[]\{\}': # Add a punctuation mark if there isn't one
message = message + '.'
return jsonify({'status': 0, 'message': '{} You have {} {} remaining.'.format(message, attempts_left, tries_str)})
else:
return jsonify({'status': 0, 'message': message})
# Challenge already solved
else:
logger.info("{0} submitted {1} with kpm {2} [ALREADY SOLVED]".format(*data))
# return '2' # challenge was already solved
return jsonify({'status': 2, 'message': '你已经做过本题了'})
else:
return jsonify({
'status': -1,
'message': "必须先登陆才能解题"
})
def chal_custom(chalid):
if utils.ctf_paused():
return jsonify({
'status': 3,
'message': '{} is paused'.format(utils.ctf_name())
})
if (utils.authed() and utils.is_verified() and
(utils.ctf_started() or utils.view_after_ctf())) or utils.is_admin():
team = Teams.query.filter_by(id=session['id']).first()
fails = WrongKeys.query.filter_by(teamid=session['id'],
chalid=chalid).count()
logger = logging.getLogger('keys')
data = (time.strftime("%m/%d/%Y %X"),
session['username'].encode('utf-8'),
request.form['key'].encode('utf-8'),
utils.get_kpm(session['id']))
print("[{0}] {1} submitted {2} with kpm {3}".format(*data))
chal = Challenges.query.filter_by(id=chalid).first_or_404()
if chal.hidden:
abort(404)
chal_class = get_chal_class(chal.type)
# Anti-bruteforce / submitting keys too quickly
if utils.get_kpm(session['id']) > 10:
if utils.ctftime():
chal_class.fail(team=team, chal=chal, request=request)
logger.warn(
"[{0}] {1} submitted {2} with kpm {3} [TOO FAST]".format(
*data))
# return '3' # Submitting too fast
return jsonify({
'status':
3,
'message':
"You're submitting keys too fast. Slow down."
})
solves = Solves.query.filter_by(teamid=session['id'],
chalid=chalid).first()
# Challange not solved yet
if not solves:
provided_key = request.form['key'].strip()
saved_keys = Keys.query.filter_by(chal=chal.id).all()
# Hit max attempts
max_tries = chal.max_attempts
if max_tries and fails >= max_tries > 0:
return jsonify({
'status': 0,
'message': "You have 0 tries remaining"
})
status, message = chal_class.attempt(chal, request)
if status: # The challenge plugin says the input is right
if utils.ctftime() or utils.is_admin():
chal_class.solve(team=team, chal=chal, request=request)
logger.info(
"[{0}] {1} submitted {2} with kpm {3} [CORRECT]".format(
*data))
if "SmartCity" in str(chal_class):
print(session['id'])
smart_color = SmartCityTeam.query.filter_by(
teamId=session['id']).first().color
smart_buildingId = SmartCityChallenge.query.filter_by(
id=chalid).first().buildingId
smart_soundId = SmartCityChallenge.query.filter_by(
id=chalid).first().soundId
smart_image = SmartCityTeam.query.filter_by(
teamId=session['id']).first().image
b = smart_buildingId.split('\', \'')
b[0] = b[0][2:]
b[-1] = b[-1][:-2]
print("Team with color " + str(smart_color) +
" and image " + str(smart_image) +
" solved challenege with buildingId " + str(b) +
"and sound " + smart_soundId)
smartSession = SmartTable(b, smart_color, smart_image,
smart_soundId)
createSmartCityTableSession2(smartSession)
return jsonify({'status': 1, 'message': message})
else: # The challenge plugin says the input is wrong
if utils.ctftime() or utils.is_admin():
chal_class.fail(team=team, chal=chal, request=request)
logger.info(
"[{0}] {1} submitted {2} with kpm {3} [WRONG]".format(
*data))
# return '0' # key was wrong
if max_tries:
attempts_left = max_tries - fails - 1 # Off by one since fails has changed since it was gotten
tries_str = 'tries'
if attempts_left == 1:
tries_str = 'try'
if message[
-1] not in '!().;?[]\{\}': # Add a punctuation mark if there isn't one
message = message + '.'
return jsonify({
'status':
0,
'message':
'{} You have {} {} remaining.'.format(
message, attempts_left, tries_str)
})
else:
return jsonify({'status': 0, 'message': message})
# Challenge already solved
else:
logger.info(
"{0} submitted {1} with kpm {2} [ALREADY SOLVED]".format(
*data))
# return '2' # challenge was already solved
return jsonify({'status': 2, 'message': 'You already solved this'})
else:
return jsonify({
'status': -1,
'message': "You must be logged in to solve a challenge"
})
def anonchal():
if utils.ctf_paused():
return jsonify({
'status': 3,
'message': '{} is paused'.format(utils.ctf_name())
})
if utils.is_admin() or (utils.authed() and utils.is_verified() and
(utils.ctf_started()
or utils.view_after_ctf())):
team = Teams.query.filter_by(id=session['id']).first()
provided_key = request.form['key'].strip()
logger = logging.getLogger('keys')
data = (time.strftime("%m/%d/%Y %X"),
session['username'].encode('utf-8'),
provided_key.encode('utf-8'), utils.get_kpm(session['id']))
# Anti-bruteforce / KPM is based on last failed key (not logged), so sleep instead.
time.sleep(2)
# Find challenge by looking up the provided flag
key = db.session.query(Keys).\
join(AnonymousChallenge).\
filter(Keys.flag == provided_key).first()
if not key:
logger.info(
"[{0}] {1} submitted {2} with kpm {3} [WRONG]".format(
*data))
return jsonify({'status': 0, 'message': 'Invalid Flag'})
chal = AnonymousChallenge.query.filter_by(id=key.chal).first()
chal_class = get_chal_class(chal.type)
solves = Solves.query.filter_by(teamid=session['id'],
chalid=chal.id).first()
# If team hasn't solved challenge yet, save the solve
if not solves:
# We already know the flag is correct because we checked it already
chal_class.solve(team=team, chal=chal, request=request)
logger.info(
"[{0}] {1} submitted {2} with kpm {3} [CORRECT]".format(
*data))
return jsonify({'status': 1, 'message': "Correct"})
# Otherwise, raise an error
else:
logger.info(
"{0} submitted {1} with kpm {2} [ALREADY SOLVED]".format(
*data))
return jsonify({
'status': 2,
'message': 'You already solved this'
})
else:
return jsonify({
'status':
-1,
'message':
"You must be logged in to solve a challenge"
})
