def admin_create_chal(): files = request.files.getlist('files[]') # TODO: Expand to support multiple flags flags = [{ 'flag': request.form['key'], 'type': int(request.form['key_type[0]']) }] # Create challenge chal = Challenges(request.form['name'], request.form['desc'], request.form['value'], request.form['category'], flags) if 'hidden' in request.form: chal.hidden = True else: chal.hidden = False db.session.add(chal) db.session.commit() for f in files: upload_file(file=f, chalid=chal.id) db.session.commit() db.session.close() return redirect(url_for('admin.admin_chals'))
def admin_files(chalid): if request.method == 'GET': files = Files.query.filter_by(chal=chalid).all() json_data = {'files': []} for x in files: json_data['files'].append({'id': x.id, 'file': x.location}) return jsonify(json_data) if request.method == 'POST': if request.form['method'] == "delete": f = Files.query.filter_by(id=request.form['file']).first_or_404() upload_folder = os.path.join(app.root_path, app.config['UPLOAD_FOLDER']) if os.path.exists( os.path.join(upload_folder, f.location) ): # Some kind of os.path.isfile issue on Windows... os.unlink(os.path.join(upload_folder, f.location)) db.session.delete(f) db.session.commit() db.session.close() return '1' elif request.form['method'] == "upload": files = request.files.getlist('files[]') for f in files: upload_file(file=f, chalid=chalid) db.session.commit() db.session.close() return '1'
def create(request): """ This method is used to process the challege creation request. :param request: :return: """ chal = SmartCityChallenge( name= request.form['name'], description = request.form['description'], value = request.form['value'], buildingId = request.form['buildingId'], type=request.form['type'] ) if 'hidden' in request.form: chal.hidden = True else: chal.hidden = False files = request.files.getlist('files[]') for f in files: utils.upload_file(file=f, chalid=chal.id) logger.debug("Genereted buildingId " + chal.buildingId + " for challenge " + chal.name) db.session.add(chal) db.session.commit()
def admin_files(chalid): if request.method == 'GET': files = Files.query.filter_by(chal=chalid).all() json_data = {'files': [], 'file_generators': []} for x in files: if x.dynamic: json_data['file_generators'].append({ 'id': x.id, 'file': x.location }) else: json_data['files'].append({'id': x.id, 'file': x.location}) return jsonify(json_data) if request.method == 'POST': if request.form['method'] == "delete": utils.delete_file(request.form['file']) db.session.commit() db.session.close() return '1' elif request.form['method'] == "upload": files = request.files.getlist('files[]') for f in files: utils.upload_file(file=f, chalid=chalid) file_generators = request.files.getlist('file_generators[]') for g in file_generators: utils.upload_file(file=g, chalid=chalid, isgenerator=True) db.session.commit() db.session.close() return '1'
def create(request): """ This method is used to process the challenge creation request. :param request: :return: """ files = request.files.getlist('files[]') # Create challenge chal = Challenges(name=request.form['name'], description=request.form['desc'], value=request.form['value'], category='Bonus Flags', type=request.form['chaltype']) chal.hidden = True db.session.add(chal) db.session.commit() flag = Keys(chal.id, request.form['key'], request.form['key_type[0]']) if request.form.get('keydata'): flag.data = request.form.get('keydata') db.session.add(flag) db.session.commit() for f in files: utils.upload_file(file=f, chalid=chal.id) db.session.commit()
def admin_create_chal(): if request.method == 'POST': files = request.files.getlist('files[]') # Create challenge chal = Challenges(request.form['name'], request.form['desc'], request.form['value'], request.form['category'], int(request.form['chaltype'])) if 'hidden' in request.form: chal.hidden = True else: chal.hidden = False db.session.add(chal) db.session.flush() flag = Keys(chal.id, request.form['key'], int(request.form['key_type[0]'])) if request.form.get('keydata'): flag.data = request.form.get('keydata') db.session.add(flag) db.session.commit() for f in files: upload_file(file=f, chalid=chal.id) db.session.commit() db.session.close() return redirect(url_for('admin_challenges.admin_chals')) else: return render_template('admin/chals/create.html')
def create(request): """ This method is used to process the challenge creation request. :param request: :return: """ regex = simplify(request.form['regex']) # Create challenge chal = HashCrackKingChallenge(name=request.form['name'], description=request.form['description'], value=request.form['value'], category=request.form['category'], type=request.form['chaltype'], hold=request.form['hold'], regex=simplify(regex), cycles=request.form['cycles'], current_hash=None) if 'hidden' in request.form: chal.hidden = True else: chal.hidden = False files = request.files.getlist('files[]') for f in files: utils.upload_file(file=f, chalid=chal.id) key = generate_key(regex, chal_id=chal.id) chal.current_hash = get_hash(key) logger.debug("Generated key '{}' for challenge '{}'".format( key, chal.name)) db.session.add(chal) db.session.commit()
def admin_create_chal(): files = request.files.getlist('files[]') # TODO: Expand to support multiple flags flags = [{ 'flag': request.form['key'], 'type': int(request.form['key_type[0]']) }] if (request.form['prereq'] != ""): prereq = Challenges.query.filter( Challenges.name == request.form['prereq']).first() prereq = prereq.id else: prereq = None # Create challenge chal = Challenges(request.form['name'], request.form['desc'], request.form['value'], request.form['category'], flags, request.form['level'], prereq) '''if 'hidden' in request.form: chal.hidden = True else: chal.hidden = False''' db.session.add(chal) db.session.commit() for f in files: upload_file(file=f, chalid=chal.id) db.session.commit() db.session.close() return redirect(url_for('admin.admin_chals'))
def create(request): """ This method is used to process the challenge creation request. :param request: :return: """ # Create challenge chal = AnonymousChallenge( name=request.form['name'], value=request.form['value'], category=request.form['category'], type=request.form['chaltype'], ) chal.hidden = True # The challenge should always be hidden chal.max_attempts = 0 # Unlimited attempts for this type of challenge db.session.add(chal) db.session.commit() flag = Keys(chal.id, request.form['key'], 'static') # request.form['key_type[0]']) if request.form.get('keydata'): flag.data = request.form.get('keydata') db.session.add(flag) db.session.commit() files = request.files.getlist('files[]') for f in files: utils.upload_file(file=f, chalid=chal.id) db.session.commit()
def admin_create_chal(): if request.method == 'POST': files = request.files.getlist('files[]') # Create challenge chal = Challenges(request.form['name'], request.form['desc'], request.form['value'], request.form['category'], int(request.form['chaltype'])) if 'hidden' in request.form: chal.hidden = True else: chal.hidden = False max_attempts = request.form.get('max_attempts') if max_attempts and max_attempts.isdigit(): chal.max_attempts = int(max_attempts) db.session.add(chal) db.session.flush() flag = Keys(chal.id, request.form['key'], int(request.form['key_type[0]'])) if request.form.get('keydata'): flag.data = request.form.get('keydata') db.session.add(flag) db.session.commit() for f in files: utils.upload_file(file=f, chalid=chal.id) db.session.commit() db.session.close() return redirect(url_for('admin_challenges.admin_chals')) else: return render_template('admin/chals/create.html')
def create(request): """ This method is used to process the challenge creation request. :param request: :return: """ files = request.files.getlist('files[]') keys = {} for i in range(len(request.form)): key_name = 'key_name[{}]'.format(i) key_sol = 'key_solution[{}]'.format(i) key_type = 'key_type[{}]'.format(i) if key_name in request.form: keys[request.form[key_name]] = { 'key': request.form[key_sol], 'type': request.form[key_type] } else: break # Create challenge chal = MultiQuestionChallengeModel( name=request.form['name'], description=request.form['description'], value=request.form['value'], category=request.form['category'], type=request.form['chaltype']) if 'hidden' in request.form: chal.hidden = True else: chal.hidden = False max_attempts = request.form.get('max_attempts') if max_attempts and max_attempts.isdigit(): chal.max_attempts = int(max_attempts) db.session.add(chal) db.session.commit() for key, value in keys.iteritems(): flag = Keys(chal.id, value['key'], value['type']) flag.data = json.dumps({key: False}) db.session.add(flag) db.session.commit() for f in files: utils.upload_file(file=f, chalid=chal.id) db.session.commit() db.session.close()
def create(request): """ This method is used to process the challege creation request. :param request: :return: """ buildingList = [] for item in request.form: if "buildingId" in item: buildingList.append(request.form[item]) buildingListString = [str(x) for x in buildingList] print(buildingListString) files = request.files.getlist('files[]') chal = SmartCityChallenge(name=request.form['name'], category=request.form['category'], description=request.form['description'], value=request.form['value'], buildingId=str(buildingListString), soundId=request.form['soundId'], type=request.form['chaltype']) if 'hidden' in request.form: chal.hidden = True else: chal.hidden = False max_attempts = request.form.get('max_attempts') if max_attempts and max_attempts.isdigit(): chal.max_attempts = int(max_attempts) #logger.debug("Genereted buildingId " + chal.buildingId + " for challenge " + chal.name) db.session.add(chal) db.session.commit() flag = Keys(chal.id, request.form['key'], request.form['key_type[0]']) if request.form.get('keydata'): flag.data = request.form.get('keydata') db.session.add(flag) db.session.commit() for f in files: utils.upload_file(file=f, chalid=chal.id) db.session.commit()
def create(request): """ This method is used to process the challenge creation request. :param request: :return: """ # Create challenge chal = Challenges( name=request.form['name'], description=request.form['description'], value=request.form['value'], category=request.form['category'], type=request.form['chaltype'], penalty = request.form['penalty'] ) if 'hidden' in request.form: chal.hidden = True else: chal.hidden = False max_attempts = request.form.get('max_attempts') if max_attempts and max_attempts.isdigit(): chal.max_attempts = int(max_attempts) db.session.add(chal) db.session.commit() flag = Keys(chal.id, request.form['key'], request.form['key_type[0]']) if request.form.get('keydata'): flag.data = request.form.get('keydata') db.session.add(flag) db.session.commit() files = request.files.getlist('files[]') for f in files: utils.upload_file(file=f, chalid=chal.id) file_generators = request.files.getlist('file_generators[]') for g in file_generators: utils.upload_file(file=g, chalid=chal.id, isgenerator=True) db.session.commit()
def admin_files(chalid): if request.method == 'GET': files = Files.query.filter_by(chal=chalid).all() json_data = {'files': []} for x in files: json_data['files'].append({'id': x.id, 'file': x.location}) return jsonify(json_data) if request.method == 'POST': if request.form['method'] == "delete": utils.delete_file(request.form['file']) db.session.commit() db.session.close() return '1' elif request.form['method'] == "upload": files = request.files.getlist('files[]') for f in files: utils.upload_file(file=f, chalid=chalid) db.session.commit() db.session.close() return '1'
def create(request): """ This method is used to process the challenge creation request. :param request: :return: """ # Create challenge chal = CommunityChallengeModel(name=request.form['name'], description=request.form['description'], value=request.form['value'], category=request.form['category'], type=request.form['chaltype'], owner=session['id']) # Never hide Community challenges chal.hidden = False max_attempts = request.form.get('max_attempts') if max_attempts and max_attempts.isdigit(): chal.max_attempts = int(max_attempts) db.session.add(chal) db.session.commit() flag = Keys(chal.id, request.form['key'], request.form['key_type[0]']) if request.form.get('keydata'): flag.data = request.form.get('keydata') db.session.add(flag) db.session.commit() files = request.files.getlist('files[]') for f in files: utils.upload_file(file=f, chalid=chal.id) db.session.commit()
def admin_pages_media(): if request.method == 'POST': files = request.files.getlist('files[]') uploaded = [] for f in files: data = utils.upload_file(file=f, chalid=None) if data: uploaded.append({'id': data[0], 'location': data[1]}) return jsonify({'results': uploaded}) elif request.method == 'DELETE': file_ids = request.form.getlist('file_ids[]') for file_id in file_ids: utils.delete_file(file_id) return True else: files = [{'id': f.id, 'location': f.location} for f in Files.query.filter_by(chal=None).all()] return jsonify({'results': files})
def admin_pages_media(): if request.method == 'POST': files = request.files.getlist('files[]') uploaded = [] for f in files: data = utils.upload_file(file=f, chalid=None) if data: uploaded.append({'id': data[0], 'location': data[1]}) return jsonify({'results': uploaded}) elif request.method == 'DELETE': file_ids = request.form.getlist('file_ids[]') for file_id in file_ids: utils.delete_file(file_id) return True else: files = [{'id': f.id, 'location': f.location} for f in Files.query.filter_by(chal=None).all()] return jsonify({'results': files})
def admin_config(): if request.method == "POST": start = None end = None freeze = None if request.form.get('start'): start = int(request.form['start']) if request.form.get('end'): end = int(request.form['end']) if request.form.get('freeze'): freeze = int(request.form['freeze']) try: # Set checkbox config values view_challenges_unregistered = 'view_challenges_unregistered' in request.form view_scoreboard_if_authed = 'view_scoreboard_if_authed' in request.form hide_scores = 'hide_scores' in request.form prevent_registration = 'prevent_registration' in request.form prevent_name_change = 'prevent_name_change' in request.form view_after_ctf = 'view_after_ctf' in request.form verify_emails = 'verify_emails' in request.form mail_tls = 'mail_tls' in request.form mail_ssl = 'mail_ssl' in request.form mail_useauth = 'mail_useauth' in request.form workshop_mode = 'workshop_mode' in request.form paused = 'paused' in request.form finally: utils.set_config('view_challenges_unregistered', view_challenges_unregistered) utils.set_config('view_scoreboard_if_authed', view_scoreboard_if_authed) utils.set_config('hide_scores', hide_scores) utils.set_config('prevent_registration', prevent_registration) utils.set_config('prevent_name_change', prevent_name_change) utils.set_config('view_after_ctf', view_after_ctf) utils.set_config('verify_emails', verify_emails) utils.set_config('mail_tls', mail_tls) utils.set_config('mail_ssl', mail_ssl) utils.set_config('mail_useauth', mail_useauth) utils.set_config('workshop_mode', workshop_mode) utils.set_config('paused', paused) utils.set_config("mail_server", request.form.get('mail_server', None)) utils.set_config("mail_port", request.form.get('mail_port', None)) if request.form.get('mail_useauth', None) and (request.form.get( 'mail_u', None) or request.form.get('mail_p', None)): if len(request.form.get('mail_u')) > 0: utils.set_config("mail_username", request.form.get('mail_u', None)) if len(request.form.get('mail_p')) > 0: utils.set_config("mail_password", request.form.get('mail_p', None)) elif request.form.get('mail_useauth', None) is None: utils.set_config("mail_username", None) utils.set_config("mail_password", None) if request.files.get('ctf_logo_file', None): ctf_logo = request.files['ctf_logo_file'] file_id, file_loc = utils.upload_file(ctf_logo, None) utils.set_config("ctf_logo", file_loc) elif request.form.get('ctf_logo') == '': utils.set_config("ctf_logo", None) utils.set_config("ctf_name", request.form.get('ctf_name', None)) utils.set_config("ctf_theme", request.form.get('ctf_theme', None)) utils.set_config('css', request.form.get('css', None)) utils.set_config("mailfrom_addr", request.form.get('mailfrom_addr', None)) utils.set_config("mg_base_url", request.form.get('mg_base_url', None)) utils.set_config("mg_api_key", request.form.get('mg_api_key', None)) utils.set_config("freeze", freeze) db_start = Config.query.filter_by(key='start').first() db_start.value = start db_end = Config.query.filter_by(key='end').first() db_end.value = end db.session.add(db_start) db.session.add(db_end) db.session.commit() db.session.close() with app.app_context(): cache.clear() return redirect(url_for('admin.admin_config')) # Clear the cache so that we don't get stale values cache.clear() ctf_name = utils.get_config('ctf_name') ctf_logo = utils.get_config('ctf_logo') ctf_theme = utils.get_config('ctf_theme') hide_scores = utils.get_config('hide_scores') css = utils.get_config('css') mail_server = utils.get_config('mail_server') mail_port = utils.get_config('mail_port') mail_username = utils.get_config('mail_username') mail_password = utils.get_config('mail_password') mailfrom_addr = utils.get_config('mailfrom_addr') mg_api_key = utils.get_config('mg_api_key') mg_base_url = utils.get_config('mg_base_url') view_after_ctf = utils.get_config('view_after_ctf') start = utils.get_config('start') end = utils.get_config('end') freeze = utils.get_config('freeze') mail_tls = utils.get_config('mail_tls') mail_ssl = utils.get_config('mail_ssl') mail_useauth = utils.get_config('mail_useauth') view_challenges_unregistered = utils.get_config( 'view_challenges_unregistered') view_scoreboard_if_authed = utils.get_config('view_scoreboard_if_authed') prevent_registration = utils.get_config('prevent_registration') prevent_name_change = utils.get_config('prevent_name_change') verify_emails = utils.get_config('verify_emails') workshop_mode = utils.get_config('workshop_mode') paused = utils.get_config('paused') db.session.commit() db.session.close() themes = utils.get_themes() themes.remove(ctf_theme) return render_template( 'admin/config.html', ctf_name=ctf_name, ctf_logo=ctf_logo, ctf_theme_config=ctf_theme, css=css, start=start, end=end, freeze=freeze, hide_scores=hide_scores, mail_server=mail_server, mail_port=mail_port, mail_useauth=mail_useauth, mail_username=mail_username, mail_password=mail_password, mail_tls=mail_tls, mail_ssl=mail_ssl, view_challenges_unregistered=view_challenges_unregistered, view_scoreboard_if_authed=view_scoreboard_if_authed, prevent_registration=prevent_registration, mailfrom_addr=mailfrom_addr, mg_base_url=mg_base_url, mg_api_key=mg_api_key, prevent_name_change=prevent_name_change, verify_emails=verify_emails, view_after_ctf=view_after_ctf, themes=themes, workshop_mode=workshop_mode, paused=paused)
def create(request): """ This method is used to process the challenge creation request. :param request: :return: """ files = request.files.getlist('files[]') # Liste de tuples de 3 éléments : # - solution (le flag à trouver) # - type ("static" ou "regex") # - data (JSON string) keys = [] index_key = 0 while ('key_solution[%s]' % index_key) in request.form: key_solution = request.form['key_solution[%s]' % index_key] if key_solution: key_type = request.form.get('key_type[%s]' % index_key, '') if key_type not in ('static', 'regex'): key_type = 'static' award = request.form.get('award_interm[%s]' % index_key, 0) try: award = int(award) except ValueError: award = 0 congrat_msg = request.form.get('congrat_msg[%s]' % index_key, '') congrat_img_url = request.form.get( 'congrat_img_url[%s]' % index_key, '') doc_filename = request.form.get('doc_filename[%s]' % index_key, '') is_public = request.form.get('public[%s]' % index_key, '') == 'yes' cancel_score = request.form.get('cancel_score[%s]' % index_key, '') == 'yes' key_data = { 'congrat_msg': congrat_msg, 'congrat_img_url': congrat_img_url, 'doc_filename': doc_filename, 'award': award, 'public': is_public, 'cancel_score': cancel_score, } key_data = json.dumps(key_data) key_infos = (key_solution, key_type, key_data) keys.append(key_infos) index_key += 1 # Create challenge chal = IntermediateFlagChallengeModel( name=request.form['name'], description=request.form['description'], value=request.form['value'], category=request.form['category'], type=request.form['chaltype']) chal.hidden = 'hidden' in request.form max_attempts = request.form.get('max_attempts') if max_attempts and max_attempts.isdigit(): chal.max_attempts = int(max_attempts) db.session.add(chal) db.session.commit() for key_solution, key_type, key_data in keys: record_key = Keys(chal.id, key_solution, key_type) record_key.data = key_data db.session.add(record_key) db.session.commit() for f in files: utils.upload_file(file=f, chalid=chal.id) db.session.commit() db.session.close()
def import_challenges(in_file, dst_attachments, exit_on_error=True, move=False): from CTFd.models import db, Challenges, Keys, Tags, Files, Hints, Unlocks with open(in_file, 'r') as in_stream: chals = yaml.safe_load_all(in_stream) for chal in chals: # ensure all required fields are present before adding or updating a challenge try: validate_yaml(chal) except MissingFieldError as err: if exit_on_error: raise else: print "Skipping challenge: " + str(err) continue # if the challenge already exists, update it chal_db = Challenges.query.filter_by(name=chal['name']).first() if chal_db is not None: print "Updating {}".format(chal['name'].encode('utf8')) chal_db.description = chal['description'] chal_db.value = chal['value'] chal_db.category = chal['category'] else: print "Adding {}".format(chal['name'].encode('utf8')) chal_db = Challenges( chal['name'], chal['description'], chal['value'], chal['category']) chal_db.type = chal['type'] chal_db.hidden = chal['hidden'] db.session.add(chal_db) db.session.commit() # delete all tags and re-add them Tags.query.filter_by(chal=chal_db.id).delete() for tag in chal['tags']: tag_dbobj = Tags(chal_db.id, tag) db.session.add(tag_dbobj) # delete all flags and re-add them Keys.query.filter_by(chal=chal_db.id).delete() for flag in chal['flags']: flag_db = Keys(chal_db.id, flag['flag'], flag['type']) db.session.add(flag_db) # delete or update existing hints hints = {h['id']: h for h in chal['hints']} hints_db = Hints.query.filter_by(chal=chal_db.id).all() for hint_db in hints_db: if hint_db.type in hints: # the hint is being updated hint_db.hint = hints[hint_db.type]['hint'] hint_db.cost = hints[hint_db.type]['cost'] del hints[hint_db.type] else: # the hint is being deleted - delete the hint and any related unlocks print " Removing hint {:d}".format(hint_db.type) Unlocks.query.filter_by(model='hints', itemid=hint_db.id).delete() Hints.query.filter_by(id=hint_db.id).delete() # add new hints for hint in hints.values(): print " Adding hint {:d}".format(hint['id']) hint_db = Hints(chal_db.id, hint['hint'], cost=hint['cost'], type=hint['id']) db.session.add(hint_db) # hash and compare existing files with the new uploaded files hashes_db = {} files_db = Files.query.filter_by(chal=chal_db.id).all() for file_db in files_db: with open(os.path.join(dst_attachments, file_db.location), 'rb') as f: h = hashlib.md5(f.read()).digest() hashes_db[h] = file_db to_upload = [] for file in chal['files']: path = os.path.join(os.path.dirname(in_file), file) with open(path, "rb") as f: h = hashlib.md5(f.read()).digest() if h in hashes_db and os.path.basename(file) == os.path.basename(hashes_db[h].location): # the file is up to date del hashes_db[h] else: # the file has changed name or content to_upload.append(path) # remove out of date files and add new uploads for file_db in hashes_db.values(): print " Removing file {}".format(file_db.location) utils.delete_file(file_db.id) for path in to_upload: basename = os.path.basename(path) print " Adding file {}".format(basename) with open(path, "rb") as f: f = FileStorage(stream=f, filename=basename) utils.upload_file(file=f, chalid=chal_db.id) if move: os.unlink(path) db.session.commit() db.session.commit() db.session.close()
def admin_create_chal(): if request.method == 'POST': print("[DEBUG] Post request sent to my modified admin_create_chal") files = request.files.getlist('files[]') # Create challenge chal = Challenges( name=request.form['name'], description=request.form['desc'], value=request.form['value'], category=request.form['category'], type=request.form['chaltype'], ) if 'hidden' in request.form: chal.hidden = True else: chal.hidden = False max_attempts = request.form.get('max_attempts') if max_attempts and max_attempts.isdigit(): chal.max_attempts = int(max_attempts) db.session.add(chal) db.session.flush() # This if added by me print("[DEBUG] chal.id: " + str(chal.id)) if chal.type == 'ethereum': solidity = request.form['solidity'] test_func = request.form['test_func'] args = request.form['args'] starting_ether = request.form['starting-ether'] flag = request.form['key'] print("[DEBUG] Type is ethereum!") if ethereumctf.compile_contract(str(chal.id), solidity, test_func, ast.literal_eval(args), starting_ether, flag): print("[DEBUG] successful compile!") else: db.session.rollback() print("[DEBUG] failed compile") return redirect( url_for('admin_challenges.admin_create_chal') ) # TODO: Fail better db.session.commit() flag = Keys(chal.id, request.form['key'], int(request.form['key_type[0]'])) if request.form.get('keydata'): flag.data = request.form.get('keydata') db.session.add(flag) db.session.commit() for f in files: utils.upload_file(file=f, chalid=chal.id) db.session.commit() db.session.close() return redirect(url_for('admin_challenges.admin_chals')) else: return render_template('admin/chals/create.html')