def challenges_view():
errors = []
start = get_config('start') or 0
end = get_config('end') or 0
if not is_admin(): # User is not an admin
if not ctftime():
# It is not CTF time
if start > time.time(
): # We are NOT allowed to view after the CTF ends
errors.append('{} challenges will be posted soon!'.format(
ctf_name()))
elif not view_after_ctf():
errors.append('{} has ended.'.format(ctf_name()))
return render_template('chals.html',
errors=errors,
start=int(start),
end=int(end))
if get_config('verify_emails'
) and not is_verified(): # User is not confirmed
return redirect(url_for('auth.confirm_user'))
if user_can_view_challenges(): # Do we allow unauthenticated users?
if get_config('start') and not ctf_started():
errors.append('{} has not started yet'.format(ctf_name()))
if (get_config('end') and ctf_ended()) and not view_after_ctf():
errors.append('{} has ended'.format(ctf_name()))
if not is_on_team():
errors.append('You are not on a team!')
return render_template('chals.html',
errors=errors,
start=int(start),
end=int(end))
else:
if not is_on_team():
errors.append(
'You must create or join a team before you can start playing')
return render_template('chals.html',
errors=errors,
start=int(start),
end=int(end))
return redirect(url_for('auth.login', next='challenges'))
def user_remove(userid):
if authed() and is_on_team():
current_user = Users.query.filter_by(id=session.get('id')).first()
target_user = Users.query.filter_by(id=userid).first()
team = Teams.query.filter_by(id=current_user.teamid).first()
if team.captain == target_user.id:
users = Users.query.filter_by(teamid=team.id)
for user in users:
user.teamid = None
db.session.delete(team)
db.session.commit()
db.session.close()
return "-1"
if team.captain == current_user.id:
target_user.teamid = None
db.session.commit()
db.session.close()
return "1"
return "0"
else:
return redirect(url_for('auth.login'))
def chal(chalid):
if ctf_ended() and not view_after_ctf():
return redirect(url_for('challenges.challenges_view'))
if not user_can_view_challenges():
return redirect(url_for('auth.login', next=request.path))
if authed() and is_verified() and (ctf_started() or view_after_ctf()):
fails = WrongKeys.query.filter_by(userid=session['id'],
chalid=chalid).count()
logger = logging.getLogger('keys')
data = (time.strftime("%m/%d/%Y %X"),
session['username'].encode('utf-8'),
request.form['key'].encode('utf-8'), get_kpm(session['id']))
print("[{0}] {1} submitted {2} with kpm {3}".format(*data))
# Anti-bruteforce / submitting keys too quickly
if get_kpm(session['id']) > 10:
if ctftime():
wrong = WrongKeys(session['id'], chalid, request.form['key'])
db.session.add(wrong)
db.session.commit()
db.session.close()
logger.warn(
"[{0}] {1} submitted {2} with kpm {3} [TOO FAST]".format(
*data))
# return "3" # Submitting too fast
return jsonify({
'status':
'3',
'message':
"You're submitting keys too fast. Slow down."
})
if not is_on_team():
logger.info(
"[{0}] {1} submitted {2} with kpm {3} [NOT ON TEAM]".format(
*data))
return jsonify({
'status': '3',
'message': 'You are not on a team.'
})
user = Users.query.filter_by(id=session.get('id')).first_or_404()
user_ids = [
u.id for u in Users.query.with_entities(Users.id).filter_by(
teamid=user.teamid)
]
# solves = Solves.query.filter_by(userid=session['id'], chalid=chalid).first()
solves = Solves.query.filter(Solves.userid.in_(user_ids)).filter(
Solves.chalid == chalid).first()
# Challange not solved yet
if not solves:
chal = Challenges.query.filter_by(id=chalid).first()
key = str(request.form['key'].strip().lower())
keys = json.loads(chal.flags)
# Hit max attempts
max_tries = int(get_config("max_tries"))
if fails >= max_tries > 0:
return jsonify({
'status': '0',
'message': "You have 0 tries remaining"
})
for x in keys:
if x['type'] == 0: #static key
print(x['flag'], key.strip().lower())
if x['flag'] and x['flag'].strip().lower() == key.strip(
).lower():
if ctftime():
solve = Solves(chalid=chalid,
userid=session['id'],
ip=get_ip(),
flag=key)
db.session.add(solve)
db.session.commit()
db.session.close()
logger.info(
"[{0}] {1} submitted {2} with kpm {3} [CORRECT]".
format(*data))
# return "1" # key was correct
return jsonify({'status': '1', 'message': 'Correct'})
elif x['type'] == 1: #regex
res = re.match(str(x['flag']), key, re.IGNORECASE)
if res and res.group() == key:
if ctftime():
solve = Solves(chalid=chalid,
userid=session['id'],
ip=get_ip(),
flag=key)
db.session.add(solve)
db.session.commit()
db.session.close()
logger.info(
"[{0}] {1} submitted {2} with kpm {3} [CORRECT]".
format(*data))
# return "1" # key was correct
return jsonify({'status': '1', 'message': 'Correct'})
if ctftime():
wrong = WrongKeys(session['id'], chalid, request.form['key'])
db.session.add(wrong)
db.session.commit()
db.session.close()
logger.info(
"[{0}] {1} submitted {2} with kpm {3} [WRONG]".format(*data))
# return '0' # key was wrong
if max_tries:
attempts_left = max_tries - fails
tries_str = 'tries'
if attempts_left == 1:
tries_str = 'try'
return jsonify({
'status':
'0',
'message':
'Incorrect. You have {} {} remaining.'.format(
attempts_left, tries_str)
})
else:
return jsonify({'status': '0', 'message': 'Incorrect'})
# Challenge already solved
else:
logger.info(
"{0} submitted {1} with kpm {2} [ALREADY SOLVED]".format(
*data))
# return "2" # challenge was already solved
return jsonify({
'status': '2',
'message': 'You already solved this'
})
else:
return "-1"