def get_all_instances():
page=int(request.args['page'])
instances=redis_store.hgetall('instances')
ans=[]
counter=0
if(len(instances)==0):
load_to_redis()
for inst in instances:
if counter<(page-1)*20:
counter+=1
continue
inst=json.loads(instances[inst])
chal=json.loads(redis_store.hget('chals',inst['chalid']))
team=json.loads(redis_store.hget('teams',inst['teamid']))
ans.append({
'id':inst['id'],
'name': inst['name'],
'teamname':team['nickname'],
'chalname':chal['name'],
'ip':inst['ip'],
'status':inst['status'],
'password':inst['password']
})
if len(ans)==20:
break
return jsonify({
'total':len(instances),
'instances':ans
})
def team_status():
teamid = session['user']['id']
team = json.loads(redis_store.hget('teams', id))
running_instances = []
for instance in team['instances']:
running_instances.append(
json.loads(redis_store.hget('instances', instance)))
team['instances'] = running_instances
return jsonify(team)
def team_info():
team = json.loads(redis_store.hget('teams', session['user']['id']))
if not team:
abort(404)
if not redis_store.hget('attackpack', team['attackid']):
redis_store.hset('attackpack', team['attackid'], team['id'])
ans = {
'id': team['id'],
'name': team['name'],
'nickname': team['nickname'],
'score': team['score'],
'attackid': team['attackid']
}
return jsonify({'user': ans})
def load_to_redis():
chals=Challenges.query.all()
teams=db.session.query(Teams).join(Origin).all()
chals_dict={}
teams_dict={}
for chal in chals:
chals_dict[chal.id]=json.dumps({
'id': chal.id,
'name': chal.name,
'dockername': chal.dockername,
'type': chal.type,
'score': chal.score,
'command': chal.command,
'flagcommand': chal.flagcommand,
'desc': chal.desc
})
if len(chals_dict):
redis_store.hmset('chals',chals_dict)
for team in teams:
teams_dict[team.id]=json.dumps({
'id': team.id,
'name': team.name,
'nickname': team.nickname,
'score': team.score,
'password': team.origin_pass[0].password,
'attackid':team.attackid,
'instances': []
})
if not redis_store.hget('attackpack',team.attackid):
redis_store.hset('attackpack',team.attackid,team.id)
if len(teams_dict):
redis_store.hmset('teams',teams_dict)
def changeteam():
id = request.form['id']
team = Teams.query.join(Origin).filter(Teams.id == id).first()
if not team:
abort(404)
team2 = Teams.query.filter(Teams.name == request.form['name']).first()
if team2 and team2.id != team.id:
return jsonify({'code': 500, 'msg': '添加失败:team已存在', 'type': 'fail'})
team_in_redis = json.loads(redis_store.hget('teams', team.id))
team.name = request.form['name']
md5 = hashlib.md5()
md5.update(request.form['password'])
pwd = md5.hexdigest()
team.password = pwd
team.score = team_in_redis['score']
origin_pass = team.origin_pass[0]
origin_pass.password = request.form['password']
team.nickname = request.form['nickname']
db.session.commit()
redis_store.hset(
'teams', team.id,
json.dumps({
'id': team.id,
'name': team.name,
'nickname': team.nickname,
'password': origin_pass.password,
'score': team_in_redis['score'],
'instances': team_in_redis['instances']
}))
return jsonify({'code': 200, 'msg': '更改成功', 'type': 'success'})
def team_instances():
teamid = session['user']['id']
team = json.loads(redis_store.hget('teams', teamid))
instances = []
for instance in team['instances']:
inst = json.loads(redis_store.hget('instances', instance))
chal = json.loads(redis_store.hget('chals', inst['chalid']))
team = json.loads(redis_store.hget('teams', inst['teamid']))
instances.append({
'id': inst['id'],
'name': inst['name'],
'teamname': team['nickname'],
'chalname': chal['name'],
'ip': inst['ip'],
'status': inst['status'],
'password': inst['password']
})
return jsonify({'total': len(instances), 'instances': instances})
def remove_team():
id = int(request.form['id'])
team = Teams.query.filter(Teams.id == id).first()
if not team:
abort(404)
db.session.delete(team)
db.session.commit()
if redis_store.hget('teams', request.form['id']):
redis_store.hdel('teams', request.form['id'])
return jsonify({'message': '删除成功', 'type': 'success'})
def team_list():
ans = []
result_in_json = {}
teams_in_redis = redis_store.hgetall('teams')
if not teams_in_redis:
total = db.session.query(db.func.count(Teams.id)).scalar()
if request.args.has_key('page'):
page = int(request.args['page'])
teams = db.session.query(Teams).join(Origin).limit(20).offset(
(page - 1) * 20).all()
else:
teams = db.session.query(Teams).join(Origin).all()
for team in teams:
json_team = {
'id': team.id,
'name': team.name,
'nickname': team.nickname,
'score': team.score,
'password': team.origin_pass[0].password,
'attackid': team.attackid,
'instances': []
}
if not redis_store.hget('attackpack', team.attackid):
redis_store.hset('attackpack', team.attackid, team.id)
ans.append({
'id': team.id,
'name': team.name,
'nickname': team.nickname,
'score': team.score
})
result_in_json[team.id] = json.dumps(json_team)
redis_store.hmset('teams', result_in_json)
else:
total = len(teams_in_redis)
if request.args.has_key('page') and request.args['page'] != '':
page = int(request.args['page'])
has_page = True
else:
has_page = False
counter = 0
for teamid in teams_in_redis:
if has_page and counter < (page - 1) * 20:
counter += 1
continue
team = json.loads(teams_in_redis[teamid])
ans.append({
'id': team['id'],
'name': team['name'],
'nickname': team['nickname'],
'score': team['score']
})
if has_page and len(ans) == 20:
break
return jsonify({'total': total, 'users': ans})
def treatflag():
flag = request.args.get('flag')
fr = request.args.get('from')
#flag查询结果
result = redis_store.hget('flags', flag)
#攻击方查询结果
attack = redis_store.hget('teams', fr)
if not result or not attack:
return jsonify({"status": "fail"})
if redis_store.get(fr + flag):
return jsonify({"status": "fail"})
#获取flag信息与攻击方信息
flagInfo = json.loads(result)
attacker = json.loads(attack)
if flagInfo['teamid'] == attacker['id']:
return jsonify({"status": "fail"})
#获取题目信息
chal = json.loads(redis_store.hget('chals', flagInfo['chalid']))
print chal
#获取被攻击队伍的信息
attacked = json.loads(redis_store.hget('teams', flagInfo['teamid']))
print attacked, attacker
#攻击方加分,被攻击方减分
attacker['score'] = attacker['score'] + chal['score']
attacked['score'] = attacked['score'] - chal['score']
print attacked, attacker
ttl = redis_store.ttl('flags')
redis_store.set(fr + flag, 1)
redis_store.expire(fr + flag, ttl)
#写回数据到redis中
redis_store.hset('teams', attacker['id'], json.dumps(attacker))
redis_store.hset('teams', attacked['id'], json.dumps(attacked))
redis_store.rpush(
'attack',
json.dumps({
'attacker': attacker['id'],
'attacked': attacked['id'],
'chal': chal['id'],
'time': str(datetime.datetime.utcnow())
}))
return jsonify({'status': 'success'})
def delete_chal():
chalid=request.form.get('id')
chal=Challenges.query.filter(Challenges.id==chalid).first()
if not chal:
return abort(404)
db.session.delete(chal)
db.session.commit()
if redis_store.hget('chals',request.form['id']):
redis_store.hdel('chals',request.form['id'])
return jsonify({
'code':200,
'msg':'删除成功',
'type':'fail'
})
def treatflag():
flag=request.args.get('flag')
fr=request.args.get('from')
#flag查询结果
result=redis_store.hget('flags',flag)
#攻击方查询结果
attackerid=redis_store.hget('attackpack',fr)
if not attackerid:
return jsonify({"status":"fail"})
attack=redis_store.hget('teams',attackerid)
if not result or not attack:
return jsonify({"status":"fail"})
if redis_store.get(fr+flag):
return jsonify({"status":"fail"})
#获取flag信息与攻击方信息
flagInfo=json.loads(result)
attacker=json.loads(attack)
if flagInfo['teamid']==attacker['id']:
return jsonify({"status":"fail"})
#获取题目信息
chal=json.loads(redis_store.hget('chals',flagInfo['chalid']))
#获取被攻击队伍的信息
attacked=json.loads(redis_store.hget('teams',flagInfo['teamid']))
connect_queue=RedisQueue('flag_message')
connect_queue.put(json.dumps({
'command':'add',
'score':chal['score'],
'teamid':attacker['id']
}))
connect_queue.put(json.dumps({
'command':'sub',
'score':chal['score'],
'teamid':attacked['id']
}))
ttl=redis_store.ttl('flags')
redis_store.set(fr+flag,1)
redis_store.expire(fr+flag,ttl)
instance=json.loads(redis_store.hget('instances',flagInfo['instid']))
if instance['attack_status']=='stable':
instance['attack_status']='attacked'
elif instance['attack_status']=='down':
instance['attack_status']='d/a'
redis_store.hset('instances',flagInfo['instid'],json.dumps(instance))
#写回数据到redis中
redis_store.rpush('attack',json.dumps({
'attacker':attacker['id'],
'attacked':attacked['id'],
'chal':chal['id'],
'time':str(datetime.datetime.utcnow())
}))
return jsonify({'status':'success'})
def inst_chpass():
instid=request.form['id']
inst=json.loads(redis_store.hget('instances',instid))
if not inst:
return abort(404)
connect_queue=RedisQueue('docker_message')
mark=str(uuid.uuid1())
connect_queue.put(json.dumps({'command':'chpass','id':inst['id'],'mark':mark}))
if not session.has_key('messids'):
session['messids']=[]
messids=session['messids']
messids.append(mark)
session['messids']=messids
return jsonify({
'code':200,
'msg':'更改密码指令已发送',
'id':mark
})
def add_team():
teamtest=Teams.query.filter(Teams.name==request.form['name']).first()
if teamtest:
return jsonify({
'code':500,
'msg':"添加失败:用户已存在",
'type':"fail"
})
md5 = hashlib.md5()
md5.update(request.form['password'])
pwd = md5.hexdigest()
team=Teams(request.form['name'],pwd)
team.nickname=request.form['nickname']
team.score=10000
while True:
attackid=get_short_id()
if redis_store.hget('attackpack',attackid) is None:
break
team.attackid=attackid
db.session.add(team)
db.session.commit()
origin_pass=Origin()
origin_pass.password=request.form['password']
origin_pass.teamid=team.id
db.session.add(origin_pass)
db.session.commit()
redis_store.hset('teams',team.id,json.dumps({
'id':team.id,
'name':team.name,
'nickname':team.nickname,
'password':origin_pass.password,
'score':team.score,
'instances':[],
'attackid':team.attackid
}))
redis_store.hset('attackpack',team.attackid,team.id)
return jsonify({
'code':200,
'msg':"添加成功",
'type':"success"
})
def team_edit():
team = Teams.query.filter(Teams.id == session['user']['id']).first()
if not team:
abort(403)
md5 = hashlib.md5()
md5.update(request.form.get('old_password'))
pwd = md5.hexdigest()
if team.password != pwd:
return jsonify({'code': 403, 'msg': '密码错误'})
md5 = hashlib.md5()
md5.update(request.form.get('password'))
pwd = md5.hexdigest()
team.name = request.form.get('name')
team.nickname = request.form.get('nickname')
team.password = pwd
db.session.commit()
team_in_redis = json.loads(redis_store.hget('teams', team.id))
team_in_redis['name'] = team.name
team_in_redis['nickname'] = team.nickname
redis_store.hset('teams', team.id, json.dumps(team_in_redis))
session['user']['name'] = team.name
session['user']['nickname'] = team.nickname
return jsonify({'code': 200, 'msg': '更改成功'})
