def admin_pages_view(route):
if request.method == 'GET' and request.args.get('mode') == 'create':
return render_template('admin/editor.html')
if route and request.method == 'GET':
page = Pages.query.filter_by(route=route).first()
return render_template('admin/editor.html', page=page)
if route and request.method == 'POST':
page = Pages.query.filter_by(route=route).first()
errors = []
html = request.form['html']
route = request.form['route']
if not route:
errors.append('Missing URL route')
if errors:
page = Pages(html, '')
return render_template('/admin/editor.html', page=page)
if page:
page.route = route
page.html = html
db.session.commit()
db.session.close()
with app.app_context():
cache.clear()
return redirect(url_for('admin_pages.admin_pages_view'))
page = Pages(route, html)
db.session.add(page)
db.session.commit()
db.session.close()
with app.app_context():
cache.clear()
return redirect(url_for('admin_pages.admin_pages_view'))
pages = Pages.query.all()
return render_template('admin/pages.html',
routes=pages,
css=utils.get_config('css'))
def delete_page(pageroute):
page = Pages.query.filter_by(route=pageroute).first_or_404()
db.session.delete(page)
db.session.commit()
db.session.close()
with app.app_context():
cache.clear()
return '1'
def admin_css():
if request.method == 'POST':
css = request.form['css']
css = utils.set_config('css', css)
with app.app_context():
cache.clear()
return '1'
return '0'
def admin_css():
if request.method == 'POST':
css = request.form['css']
css = set_config('css', css)
with app.app_context():
cache.clear()
return '1'
return '0'
def destroy_ctfd(app):
with app.app_context():
app.db.session.commit()
app.db.session.close_all()
gc.collect() # Garbage collect (necessary in the case of dataset freezes to clean database connections)
app.db.drop_all()
cache.clear()
drop_database(app.config['SQLALCHEMY_DATABASE_URI'])
def delete_page():
id = request.form['id']
page = Pages.query.filter_by(id=id).first_or_404()
db.session.delete(page)
db.session.commit()
db.session.close()
with app.app_context():
cache.clear()
return '1'
def set_option():
with app.app_context():
cache.clear()
selected_option = request.form.get('selected_option', None)
if selected_option:
utils.set_config('private_registration_option', selected_option)
override_register_template()
return '1'
else:
return '0'
def admin_plugin_config(plugin):
if request.method == 'GET':
if plugin in utils.get_configurable_plugins():
config = open(
os.path.join(app.root_path, 'plugins', plugin,
'config.html')).read()
return render_template_string(config)
abort(404)
elif request.method == 'POST':
for k, v in request.form.items():
if k == "nonce":
continue
utils.set_config(k, v)
with app.app_context():
cache.clear()
return '1'
def admin_plugin_config(plugin):
if request.method == 'GET':
plugins_path = os.path.join(app.root_path, 'plugins')
config_html_plugins = [name for name in os.listdir(plugins_path)
if os.path.isfile(os.path.join(plugins_path, name, 'config.html'))]
if plugin in config_html_plugins:
config = open(os.path.join(app.root_path, 'plugins', plugin, 'config.html')).read()
return render_template_string(config)
abort(404)
elif request.method == 'POST':
for k, v in request.form.items():
if k == "nonce":
continue
utils.set_config(k, v)
with app.app_context():
cache.clear()
return '1'
def admin_config():
if request.method == "POST":
start = None
end = None
freeze = None
if request.form.get('start'):
start = int(request.form['start'])
if request.form.get('end'):
end = int(request.form['end'])
if request.form.get('freeze'):
freeze = int(request.form['freeze'])
try:
view_challenges_unregistered = bool(request.form.get('view_challenges_unregistered', None))
view_scoreboard_if_authed = bool(request.form.get('view_scoreboard_if_authed', None))
hide_scores = bool(request.form.get('hide_scores', None))
prevent_registration = bool(request.form.get('prevent_registration', None))
prevent_name_change = bool(request.form.get('prevent_name_change', None))
view_after_ctf = bool(request.form.get('view_after_ctf', None))
verify_emails = bool(request.form.get('verify_emails', None))
mail_tls = bool(request.form.get('mail_tls', None))
mail_ssl = bool(request.form.get('mail_ssl', None))
except (ValueError, TypeError):
view_challenges_unregistered = None
view_scoreboard_if_authed = None
hide_scores = None
prevent_registration = None
prevent_name_change = None
view_after_ctf = None
verify_emails = None
mail_tls = None
mail_ssl = None
finally:
view_challenges_unregistered = utils.set_config('view_challenges_unregistered', view_challenges_unregistered)
view_scoreboard_if_authed = utils.set_config('view_scoreboard_if_authed', view_scoreboard_if_authed)
hide_scores = utils.set_config('hide_scores', hide_scores)
prevent_registration = utils.set_config('prevent_registration', prevent_registration)
prevent_name_change = utils.set_config('prevent_name_change', prevent_name_change)
view_after_ctf = utils.set_config('view_after_ctf', view_after_ctf)
verify_emails = utils.set_config('verify_emails', verify_emails)
mail_tls = utils.set_config('mail_tls', mail_tls)
mail_ssl = utils.set_config('mail_ssl', mail_ssl)
mail_server = utils.set_config("mail_server", request.form.get('mail_server', None))
mail_port = utils.set_config("mail_port", request.form.get('mail_port', None))
mail_username = utils.set_config("mail_username", request.form.get('mail_username', None))
mail_password = utils.set_config("mail_password", request.form.get('mail_password', None))
ctf_name = utils.set_config("ctf_name", request.form.get('ctf_name', None))
ctf_theme = utils.set_config("ctf_theme", request.form.get('ctf_theme', None))
mailfrom_addr = utils.set_config("mailfrom_addr", request.form.get('mailfrom_addr', None))
mg_base_url = utils.set_config("mg_base_url", request.form.get('mg_base_url', None))
mg_api_key = utils.set_config("mg_api_key", request.form.get('mg_api_key', None))
db_freeze = utils.set_config("freeze", freeze)
db_start = Config.query.filter_by(key='start').first()
db_start.value = start
db_end = Config.query.filter_by(key='end').first()
db_end.value = end
db.session.add(db_start)
db.session.add(db_end)
db.session.commit()
db.session.close()
with app.app_context():
cache.clear()
return redirect(url_for('admin.admin_config'))
with app.app_context():
cache.clear()
ctf_name = utils.get_config('ctf_name')
ctf_theme = utils.get_config('ctf_theme')
hide_scores = utils.get_config('hide_scores')
mail_server = utils.get_config('mail_server')
mail_port = utils.get_config('mail_port')
mail_username = utils.get_config('mail_username')
mail_password = utils.get_config('mail_password')
mailfrom_addr = utils.get_config('mailfrom_addr')
mg_api_key = utils.get_config('mg_api_key')
mg_base_url = utils.get_config('mg_base_url')
view_after_ctf = utils.get_config('view_after_ctf')
start = utils.get_config('start')
end = utils.get_config('end')
freeze = utils.get_config('freeze')
mail_tls = utils.get_config('mail_tls')
mail_ssl = utils.get_config('mail_ssl')
view_challenges_unregistered = utils.get_config('view_challenges_unregistered')
view_scoreboard_if_authed = utils.get_config('view_scoreboard_if_authed')
prevent_registration = utils.get_config('prevent_registration')
prevent_name_change = utils.get_config('prevent_name_change')
verify_emails = utils.get_config('verify_emails')
db.session.commit()
db.session.close()
themes = utils.get_themes()
themes.remove(ctf_theme)
return render_template('admin/config.html',
ctf_name=ctf_name,
ctf_theme_config=ctf_theme,
start=start,
end=end,
freeze=freeze,
hide_scores=hide_scores,
mail_server=mail_server,
mail_port=mail_port,
mail_username=mail_username,
mail_password=mail_password,
mail_tls=mail_tls,
mail_ssl=mail_ssl,
view_challenges_unregistered=view_challenges_unregistered,
view_scoreboard_if_authed=view_scoreboard_if_authed,
prevent_registration=prevent_registration,
mailfrom_addr=mailfrom_addr,
mg_base_url=mg_base_url,
mg_api_key=mg_api_key,
prevent_name_change=prevent_name_change,
verify_emails=verify_emails,
view_after_ctf=view_after_ctf,
themes=themes)
def setup():
# with app.app_context():
# admin = Teams.query.filter_by(admin=True).first()
if not utils.is_setup():
if not session.get('nonce'):
session['nonce'] = utils.sha512(os.urandom(10))
if request.method == 'POST':
ctf_name = request.form['ctf_name']
ctf_name = utils.set_config('ctf_name', ctf_name)
# CSS
css = utils.set_config('start', '')
# Admin user
name = request.form['name']
email = request.form['email']
password = request.form['password']
admin = Teams(name, email, password)
admin.admin = True
admin.banned = True
# Index page
index = """<div class="row">
<div class="col-md-6 offset-md-3">
<img class="w-100 mx-auto d-block" style="max-width: 500px;padding: 50px;padding-top: 14vh;" src="themes/core/static/img/logo.png" />
<h3 class="text-center">
<p>A cool CTF platform from <a href="https://ctfd.io">ctfd.io</a></p>
<p>Follow us on social media:</p>
<a href="https://twitter.com/ctfdio"><i class="fab fa-twitter fa-2x" aria-hidden="true"></i></a>
<a href="https://facebook.com/ctfdio"><i class="fab fa-facebook fa-2x" aria-hidden="true"></i></a>
<a href="https://github.com/ctfd"><i class="fab fa-github fa-2x" aria-hidden="true"></i></a>
</h3>
<br>
<h4 class="text-center">
<a href="admin">Click here</a> to login and setup your CTF
</h4>
</div>
</div>""".format(request.script_root)
page = Pages(title=None, route='index', html=index, draft=False)
# max attempts per challenge
max_tries = utils.set_config('max_tries', 0)
# Start time
start = utils.set_config('start', None)
end = utils.set_config('end', None)
freeze = utils.set_config('freeze', None)
# Challenges cannot be viewed by unregistered users
view_challenges_unregistered = utils.set_config(
'view_challenges_unregistered', None)
# Allow/Disallow registration
prevent_registration = utils.set_config('prevent_registration',
None)
# Verify emails
verify_emails = utils.set_config('verify_emails', None)
mail_server = utils.set_config('mail_server', None)
mail_port = utils.set_config('mail_port', None)
mail_tls = utils.set_config('mail_tls', None)
mail_ssl = utils.set_config('mail_ssl', None)
mail_username = utils.set_config('mail_username', None)
mail_password = utils.set_config('mail_password', None)
mail_useauth = utils.set_config('mail_useauth', None)
setup = utils.set_config('setup', True)
db.session.add(page)
db.session.add(admin)
db.session.commit()
session['username'] = admin.name
session['id'] = admin.id
session['admin'] = admin.admin
session['nonce'] = utils.sha512(os.urandom(10))
db.session.close()
app.setup = False
with app.app_context():
cache.clear()
return redirect(url_for('views.static_html'))
return render_template('setup.html', nonce=session.get('nonce'))
return redirect(url_for('views.static_html'))
def admin_config():
if request.method == "POST":
start = None
end = None
freeze = None
if request.form.get('start'):
start = int(request.form['start'])
if request.form.get('end'):
end = int(request.form['end'])
if request.form.get('freeze'):
freeze = int(request.form['freeze'])
try:
# Set checkbox config values
view_challenges_unregistered = 'view_challenges_unregistered' in request.form
view_scoreboard_if_authed = 'view_scoreboard_if_authed' in request.form
hide_scores = 'hide_scores' in request.form
prevent_registration = 'prevent_registration' in request.form
prevent_name_change = 'prevent_name_change' in request.form
view_after_ctf = 'view_after_ctf' in request.form
verify_emails = 'verify_emails' in request.form
mail_tls = 'mail_tls' in request.form
mail_ssl = 'mail_ssl' in request.form
mail_useauth = 'mail_useauth' in request.form
workshop_mode = 'workshop_mode' in request.form
paused = 'paused' in request.form
finally:
utils.set_config('view_challenges_unregistered',
view_challenges_unregistered)
utils.set_config('view_scoreboard_if_authed',
view_scoreboard_if_authed)
utils.set_config('hide_scores', hide_scores)
utils.set_config('prevent_registration', prevent_registration)
utils.set_config('prevent_name_change', prevent_name_change)
utils.set_config('view_after_ctf', view_after_ctf)
utils.set_config('verify_emails', verify_emails)
utils.set_config('mail_tls', mail_tls)
utils.set_config('mail_ssl', mail_ssl)
utils.set_config('mail_useauth', mail_useauth)
utils.set_config('workshop_mode', workshop_mode)
utils.set_config('paused', paused)
utils.set_config("mail_server", request.form.get('mail_server', None))
utils.set_config("mail_port", request.form.get('mail_port', None))
if request.form.get('mail_useauth', None) and (request.form.get(
'mail_u', None) or request.form.get('mail_p', None)):
if len(request.form.get('mail_u')) > 0:
utils.set_config("mail_username",
request.form.get('mail_u', None))
if len(request.form.get('mail_p')) > 0:
utils.set_config("mail_password",
request.form.get('mail_p', None))
elif request.form.get('mail_useauth', None) is None:
utils.set_config("mail_username", None)
utils.set_config("mail_password", None)
if request.files.get('ctf_logo_file', None):
ctf_logo = request.files['ctf_logo_file']
file_id, file_loc = utils.upload_file(ctf_logo, None)
utils.set_config("ctf_logo", file_loc)
elif request.form.get('ctf_logo') == '':
utils.set_config("ctf_logo", None)
utils.set_config("ctf_name", request.form.get('ctf_name', None))
utils.set_config("ctf_theme", request.form.get('ctf_theme', None))
utils.set_config('css', request.form.get('css', None))
utils.set_config("mailfrom_addr",
request.form.get('mailfrom_addr', None))
utils.set_config("mg_base_url", request.form.get('mg_base_url', None))
utils.set_config("mg_api_key", request.form.get('mg_api_key', None))
utils.set_config("freeze", freeze)
db_start = Config.query.filter_by(key='start').first()
db_start.value = start
db_end = Config.query.filter_by(key='end').first()
db_end.value = end
db.session.add(db_start)
db.session.add(db_end)
db.session.commit()
db.session.close()
with app.app_context():
cache.clear()
return redirect(url_for('admin.admin_config'))
# Clear the cache so that we don't get stale values
cache.clear()
ctf_name = utils.get_config('ctf_name')
ctf_logo = utils.get_config('ctf_logo')
ctf_theme = utils.get_config('ctf_theme')
hide_scores = utils.get_config('hide_scores')
css = utils.get_config('css')
mail_server = utils.get_config('mail_server')
mail_port = utils.get_config('mail_port')
mail_username = utils.get_config('mail_username')
mail_password = utils.get_config('mail_password')
mailfrom_addr = utils.get_config('mailfrom_addr')
mg_api_key = utils.get_config('mg_api_key')
mg_base_url = utils.get_config('mg_base_url')
view_after_ctf = utils.get_config('view_after_ctf')
start = utils.get_config('start')
end = utils.get_config('end')
freeze = utils.get_config('freeze')
mail_tls = utils.get_config('mail_tls')
mail_ssl = utils.get_config('mail_ssl')
mail_useauth = utils.get_config('mail_useauth')
view_challenges_unregistered = utils.get_config(
'view_challenges_unregistered')
view_scoreboard_if_authed = utils.get_config('view_scoreboard_if_authed')
prevent_registration = utils.get_config('prevent_registration')
prevent_name_change = utils.get_config('prevent_name_change')
verify_emails = utils.get_config('verify_emails')
workshop_mode = utils.get_config('workshop_mode')
paused = utils.get_config('paused')
db.session.commit()
db.session.close()
themes = utils.get_themes()
themes.remove(ctf_theme)
return render_template(
'admin/config.html',
ctf_name=ctf_name,
ctf_logo=ctf_logo,
ctf_theme_config=ctf_theme,
css=css,
start=start,
end=end,
freeze=freeze,
hide_scores=hide_scores,
mail_server=mail_server,
mail_port=mail_port,
mail_useauth=mail_useauth,
mail_username=mail_username,
mail_password=mail_password,
mail_tls=mail_tls,
mail_ssl=mail_ssl,
view_challenges_unregistered=view_challenges_unregistered,
view_scoreboard_if_authed=view_scoreboard_if_authed,
prevent_registration=prevent_registration,
mailfrom_addr=mailfrom_addr,
mg_base_url=mg_base_url,
mg_api_key=mg_api_key,
prevent_name_change=prevent_name_change,
verify_emails=verify_emails,
view_after_ctf=view_after_ctf,
themes=themes,
workshop_mode=workshop_mode,
paused=paused)
def setup():
# with app.app_context():
# admin = Teams.query.filter_by(admin=True).first()
if not is_setup():
if not session.get('nonce'):
session['nonce'] = sha512(os.urandom(10))
if request.method == 'POST':
ctf_name = request.form['ctf_name']
ctf_name = set_config('ctf_name', ctf_name)
flag_format = request.form['flag_format']
flag_format = set_config('flag_format', flag_format)
# CSS
css = set_config('start', '')
# Admin user
name = request.form['name']
email = request.form['email']
password = request.form['password']
admin = Teams(name, email, password)
admin.admin = True
admin.banned = True
# Index page
page = Pages(
'index', """
<img class="logo" src="{0}/static/original/img/logo.png" />
<h3 class="text-center">
Welcome to the THC CTF 2017 !
</h3>
<br/>
<h6 class="text-center">
<a href="https://github.com/ToulouseHackingConvention/CTFd/">scoreboard</a> based on <a href="https://github.com/isislab/CTFd">CTFd</a> and modified by <a href="https://github.com/arthaud">maxima</a>, <a href="https://github.com/palkeo">palkeo</a> and <a href="https://github.com/zadlg">zadig</a>.
</h6>""".format(request.script_root))
# max attempts per challenge
max_tries = set_config("max_tries", 0)
# Start time
start = set_config('start', None)
end = set_config('end', None)
# Challenges cannot be viewed by unregistered users
view_challenges_unregistered = set_config(
'view_challenges_unregistered', None)
# Allow/Disallow registration
prevent_registration = set_config('prevent_registration', None)
# Verify emails
verify_emails = set_config('verify_emails', None)
mail_server = set_config('mail_server', None)
mail_port = set_config('mail_port', None)
mail_tls = set_config('mail_tls', None)
mail_ssl = set_config('mail_ssl', None)
mail_username = set_config('mail_username', None)
mail_password = set_config('mail_password', None)
setup = set_config('setup', True)
db.session.add(page)
db.session.add(admin)
db.session.commit()
db.session.close()
app.setup = False
with app.app_context():
cache.clear()
return redirect(url_for('views.index'))
return render_template('setup.html', nonce=session.get('nonce'))
return redirect(url_for('views.index'))
def setup():
# with app.app_context():
# admin = Teams.query.filter_by(admin=True).first()
if not utils.is_setup():
if not session.get('nonce'):
session['nonce'] = utils.sha512(os.urandom(10))
if request.method == 'POST':
ctf_name = request.form['ctf_name']
ctf_name = utils.set_config('ctf_name', ctf_name)
# CSS
css = utils.set_config('start', '')
# Admin user
name = request.form['name']
email = request.form['email']
password = request.form['password']
admin = Teams(name, email, password)
admin.admin = True
admin.banned = True
# Index page
page = Pages(
'index', """<div class="container main-container">
<img class="logo" src="themes/original/static/img/logo.png" />
<h3 class="text-center">
<p>Demon CTF <a href="http://demonteam.org">demonteam.org</a></p>
</h3>
<br>
<h4 class="text-center">
<a href="admin">Click here</a> to login and setup your CTF
</h4>
</div>""".format(request.script_root))
# max attempts per challenge
max_tries = utils.set_config('max_tries', 0)
# Start time
start = utils.set_config('start', None)
end = utils.set_config('end', None)
freeze = utils.set_config('freeze', None)
# Challenges cannot be viewed by unregistered users
view_challenges_unregistered = utils.set_config(
'view_challenges_unregistered', None)
# Allow/Disallow registration
prevent_registration = utils.set_config('prevent_registration',
None)
# Verify emails
verify_emails = utils.set_config('verify_emails', None)
mail_server = utils.set_config('mail_server', None)
mail_port = utils.set_config('mail_port', None)
mail_tls = utils.set_config('mail_tls', None)
mail_ssl = utils.set_config('mail_ssl', None)
mail_username = utils.set_config('mail_username', None)
mail_password = utils.set_config('mail_password', None)
mail_useauth = utils.set_config('mail_useauth', None)
setup = utils.set_config('setup', True)
db.session.add(page)
db.session.add(admin)
db.session.commit()
session['username'] = admin.name
session['id'] = admin.id
session['admin'] = admin.admin
session['nonce'] = utils.sha512(os.urandom(10))
db.session.close()
app.setup = False
with app.app_context():
cache.clear()
return redirect(url_for('views.static_html'))
return render_template('setup.html', nonce=session.get('nonce'))
return redirect(url_for('views.static_html'))
def setup():
# with app.app_context():
# admin = Teams.query.filter_by(admin=True).first()
if not utils.is_setup():
if not session.get('nonce'):
session['nonce'] = utils.sha512(os.urandom(10))
if request.method == 'POST':
ctf_name = request.form['ctf_name']
ctf_name = utils.set_config('ctf_name', ctf_name)
# CSS
css = utils.set_config('start', '')
# Admin user
name = request.form['name']
email = request.form['email']
password = request.form['password']
admin = Teams(name, email, password)
admin.admin = True
admin.banned = True
# Index page
index = """<div class="row">
<div class="intro">
<img width=30 src="themes/arg/static/img/logo.png" />
<br>
<br>
<p>
the console will set you free
</p>
<script>
console_message('ef98fe223e630bbb82dd9c41323e3290')
</script>
<br>
</div>
</div>""".format(request.script_root)
page = Pages(title=None, route='index', html=index, draft=False)
# max attempts per challenge
max_tries = utils.set_config('max_tries', 0)
# Start time
start = utils.set_config('start', None)
end = utils.set_config('end', None)
freeze = utils.set_config('freeze', None)
# Challenges cannot be viewed by unregistered users
view_challenges_unregistered = utils.set_config(
'view_challenges_unregistered', None)
# Allow/Disallow registration
prevent_registration = utils.set_config('prevent_registration',
None)
# Verify emails
verify_emails = utils.set_config('verify_emails', None)
mail_server = utils.set_config('mail_server', None)
mail_port = utils.set_config('mail_port', None)
mail_tls = utils.set_config('mail_tls', None)
mail_ssl = utils.set_config('mail_ssl', None)
mail_username = utils.set_config('mail_username', None)
mail_password = utils.set_config('mail_password', None)
mail_useauth = utils.set_config('mail_useauth', None)
setup = utils.set_config('setup', True)
db.session.add(page)
db.session.add(admin)
db.session.commit()
session['username'] = admin.name
session['id'] = admin.id
session['admin'] = admin.admin
session['nonce'] = utils.sha512(os.urandom(10))
db.session.close()
app.setup = False
with app.app_context():
cache.clear()
return redirect(url_for('views.static_html'))
return render_template('setup.html', nonce=session.get('nonce'))
return redirect(url_for('views.static_html'))
def setup():
# with app.app_context():
# admin = Teams.query.filter_by(admin=True).first()
if not utils.is_setup():
if not session.get('nonce'):
session['nonce'] = utils.sha512(os.urandom(10))
if request.method == 'POST':
ctf_name = request.form['ctf_name']
ctf_name = utils.set_config('ctf_name', ctf_name)
# CSS
css = utils.set_config('start', '')
# Admin user
name = request.form['name']
email = request.form['email']
password = request.form['password']
admin = Teams(name, email, password)
admin.admin = True
admin.banned = True
# Index page
index = """<div class="row">
<style>
.col-container:after { content: ""; display: table; clear: both; }
.col { float: left; }
.clearfix::after {
content: "";
display: table;
clear: both;
}
.footer-nav{
float: left;
}
.logo{
float: right;
}
.footer-nav,
.footer-nav li{
display: inline;
}
</style>
<div class="col-md-6 offset-md-3">
<h1 class="text-center" style="padding-top: 10vh; font-size: 50px;">
<b>Haaukins</b>
</h1>
<p class="text-center">
A platform for Cyber Security Exercises
</p>
<p class="text-center">
Founded by <a href="http://danishcybersecurityclusters.dk/">Danish Cyber Security Clusters</a> and supported by
</p>
<a href="https://www.industriensfond.dk/">
<img class="w-100 mx-auto d-block" style="max-width: 300px; padding: 3vh 0 4vh 0;" src="/themes/core/static/img/logo_industrienfond.jpg">
</a>
<p class="text-center">
<p class="text-center">
Developed at <a href="http://es.aau.dk/">Aalborg University</a> (Department of Electronic Systems) by:
</p>
<div class="col-container" style="margin-top: 40px;">
<div class="col" style="width: 40%">
<img src="/themes/core/static/img/haaukins_logo_blue240px.png" style="margin-left: 20px; max-width: 170px;">
</div>
<div class="col" style="width: 60%; font-size:14px;">
<p><a href="https://mrturkmen.com">Ahmet Turkmen</a> (Research Assistant)</p>
<p><a href="https://github.com/eyJhb">Gian Marco Mennecozzi</a> (Research Assistant)</p>
<p><a href="https://github.com/kdhageman">Kaspar Hageman</a> (Ph.D. Student)</p>
<p><a href="https://github.com/tpanum">Thomas Kobber Panum</a> (Ph.D. Student)</p>
<p><a href="https://github.com/eyJhb">Johan Hempel Bengtson</a> (Student Helper)</p>
</div>
</div>
</p>
<div class="card-deck py-4">
<div class="card">
<div class="card-body">
<h5 class="card-title">Tips and tricks</h5>
<div class="card-text">
Stuck at a certain challenge? Or do you just want to know more about a certain topic?
</div>
</div>
<div class="card-footer">
<a href="https://aau-network-security.github.io/tips-and-tricks/" target="_blank">Vist the tips & tricks page</a>
</div>
</div>
<div class="card">
<div class="card-body">
<h5 class="card-title">Survey</h5>
<p>You can help us improve the platform by taking our survey to let us know about your experiences!</p>
</div>
<div class="card-footer">
<a href="https://www.survey-xact.dk/LinkCollector?key=KDRVSTDJJN15" target="_blank">Fill out the survey here</a>
</div>
</div>
</div>
<p class="text-center">
Feel free to join our local Facebook Group:
</p>
<p class="text-center">
<a href="https://www.facebook.com/groups/957517617737780"><i class="fab fa-facebook" aria-hidden="true"></i> AAU Hackers & Friends</a>
</p>
<div class="container">
<footer>
<ul class="footer-nav">
<li><a href="https://eadania.dk/"> <img src="/themes/core/static/img/da-90.png" style= "width:90px; height:75px;" ></a></li>
<li><a href="https://www.dtu.dk/"><img src="/themes/core/static/img/dtu-90.png" style= "width:90px; height:75px;"></a></li>
<li><a href="https://kea.dk/"> <img src="/themes/core/static/img/kea-90.jpg" style= "width:90px; height:75px;" ></a></li>
<li><a href="https://happy42.dk/"> <img src="/themes/core/static/img/happy-90.png" style= "width:90px; height:75px;" ></a></li>
<li><a href="https://www.eaaa.dk/"><img src="/themes/core/static/img/eaa-90.png" style= "width:90px; height:75px;"></a></li>
</ul>
</footer>
</div>
</div>
</div>"""
page = Pages(title=None, route='index', html=index, draft=False)
# max attempts per challenge
max_tries = utils.set_config('max_tries', 0)
# Start time
start = utils.set_config('start', None)
end = utils.set_config('end', None)
freeze = utils.set_config('freeze', None)
# Challenges cannot be viewed by unregistered users
view_challenges_unregistered = utils.set_config(
'view_challenges_unregistered', None)
# Allow/Disallow registration
prevent_registration = utils.set_config('prevent_registration',
None)
# Verify emails
verify_emails = utils.set_config('verify_emails', None)
mail_server = utils.set_config('mail_server', None)
mail_port = utils.set_config('mail_port', None)
mail_tls = utils.set_config('mail_tls', None)
mail_ssl = utils.set_config('mail_ssl', None)
mail_username = utils.set_config('mail_username', None)
mail_password = utils.set_config('mail_password', None)
mail_useauth = utils.set_config('mail_useauth', None)
setup = utils.set_config('setup', True)
db.session.add(page)
db.session.add(admin)
db.session.commit()
session['username'] = admin.name
session['id'] = admin.id
session['admin'] = admin.admin
session['nonce'] = utils.sha512(os.urandom(10))
db.session.close()
app.setup = False
with app.app_context():
cache.clear()
return redirect(url_for('views.static_html'))
return render_template('setup.html', nonce=session.get('nonce'))
return redirect(url_for('views.static_html'))
def admin_config():
if request.method == "POST":
start = None
end = None
if request.form.get('start'):
start = int(request.form['start'])
if request.form.get('end'):
end = int(request.form['end'])
try:
view_challenges_unregistered = bool(
request.form.get('view_challenges_unregistered', None))
view_scoreboard_if_authed = bool(
request.form.get('view_scoreboard_if_authed', None))
prevent_registration = bool(
request.form.get('prevent_registration', None))
prevent_name_change = bool(
request.form.get('prevent_name_change', None))
view_after_ctf = bool(request.form.get('view_after_ctf', None))
verify_emails = bool(request.form.get('verify_emails', None))
mail_tls = bool(request.form.get('mail_tls', None))
mail_ssl = bool(request.form.get('mail_ssl', None))
except (ValueError, TypeError):
view_challenges_unregistered = None
view_scoreboard_if_authed = None
prevent_registration = None
prevent_name_change = None
view_after_ctf = None
verify_emails = None
mail_tls = None
mail_ssl = None
finally:
view_challenges_unregistered = set_config(
'view_challenges_unregistered', view_challenges_unregistered)
view_scoreboard_if_authed = set_config('view_scoreboard_if_authed',
view_scoreboard_if_authed)
prevent_registration = set_config('prevent_registration',
prevent_registration)
prevent_name_change = set_config('prevent_name_change',
prevent_name_change)
view_after_ctf = set_config('view_after_ctf', view_after_ctf)
verify_emails = set_config('verify_emails', verify_emails)
mail_tls = set_config('mail_tls', mail_tls)
mail_ssl = set_config('mail_ssl', mail_ssl)
mail_server = set_config("mail_server",
request.form.get('mail_server', None))
mail_port = set_config("mail_port",
request.form.get('mail_port', None))
mail_username = set_config("mail_username",
request.form.get('mail_username', None))
mail_password = set_config("mail_password",
request.form.get('mail_password', None))
ctf_name = set_config("ctf_name", request.form.get('ctf_name', None))
ctf_theme = set_config("ctf_theme",
request.form.get('ctf_theme', None))
mailfrom_addr = set_config("mailfrom_addr",
request.form.get('mailfrom_addr', None))
mg_base_url = set_config("mg_base_url",
request.form.get('mg_base_url', None))
mg_api_key = set_config("mg_api_key",
request.form.get('mg_api_key', None))
max_tries = set_config("max_tries",
request.form.get('max_tries', None))
db_start = Config.query.filter_by(key='start').first()
db_start.value = start
db_end = Config.query.filter_by(key='end').first()
db_end.value = end
db.session.add(db_start)
db.session.add(db_end)
db.session.commit()
db.session.close()
with app.app_context():
cache.clear()
return redirect(url_for('admin.admin_config'))
with app.app_context():
cache.clear()
ctf_name = get_config('ctf_name')
ctf_theme = get_config('ctf_theme')
max_tries = get_config('max_tries')
mail_server = get_config('mail_server')
mail_port = get_config('mail_port')
mail_username = get_config('mail_username')
mail_password = get_config('mail_password')
mailfrom_addr = get_config('mailfrom_addr')
mg_api_key = get_config('mg_api_key')
mg_base_url = get_config('mg_base_url')
if not max_tries:
set_config('max_tries', 0)
max_tries = 0
view_after_ctf = get_config('view_after_ctf')
start = get_config('start')
end = get_config('end')
mail_tls = get_config('mail_tls')
mail_ssl = get_config('mail_ssl')
view_challenges_unregistered = get_config('view_challenges_unregistered')
view_scoreboard_if_authed = get_config('view_scoreboard_if_authed')
prevent_registration = get_config('prevent_registration')
prevent_name_change = get_config('prevent_name_change')
verify_emails = get_config('verify_emails')
db.session.commit()
db.session.close()
themes = get_themes()
themes.remove(ctf_theme)
return render_template(
'admin/config.html',
ctf_name=ctf_name,
ctf_theme_config=ctf_theme,
start=start,
end=end,
max_tries=max_tries,
mail_server=mail_server,
mail_port=mail_port,
mail_username=mail_username,
mail_password=mail_password,
mail_tls=mail_tls,
mail_ssl=mail_ssl,
view_challenges_unregistered=view_challenges_unregistered,
view_scoreboard_if_authed=view_scoreboard_if_authed,
prevent_registration=prevent_registration,
mailfrom_addr=mailfrom_addr,
mg_base_url=mg_base_url,
mg_api_key=mg_api_key,
prevent_name_change=prevent_name_change,
verify_emails=verify_emails,
view_after_ctf=view_after_ctf,
themes=themes)
def admin_pages_view():
page_id = request.args.get('id')
page_op = request.args.get('operation')
if request.method == 'GET' and page_op == 'preview':
page = Pages.query.filter_by(id=page_id).first_or_404()
return render_template('page.html', content=markdown(page.html))
if request.method == 'GET' and page_op == 'create':
return render_template('admin/editor.html')
if page_id and request.method == 'GET':
page = Pages.query.filter_by(id=page_id).first()
return render_template('admin/editor.html', page=page)
if request.method == 'POST':
page_form_id = request.form.get('id')
title = request.form['title']
html = request.form['html']
route = request.form['route'].lstrip('/')
auth_required = 'auth_required' in request.form
if page_op == 'preview':
page = Pages(title, route, html, draft=False)
return render_template('page.html', content=markdown(page.html))
page = Pages.query.filter_by(id=page_form_id).first()
errors = []
if not route:
errors.append('Missing URL route')
if errors:
page = Pages(title, html, route)
return render_template('/admin/editor.html', page=page)
if page:
page.title = title
page.route = route
page.html = html
page.auth_required = auth_required
if page_op == 'publish':
page.draft = False
db.session.commit()
db.session.close()
cache.clear()
return jsonify({
'result': 'success',
'operation': page_op
})
if page_op == 'publish':
page = Pages(title, route, html, draft=False, auth_required=auth_required)
elif page_op == 'save':
page = Pages(title, route, html, auth_required=auth_required)
db.session.add(page)
db.session.commit()
db.session.close()
cache.clear()
return jsonify({
'result': 'success',
'operation': page_op
})
pages = Pages.query.all()
return render_template('admin/pages.html', pages=pages)
def setup():
# with app.app_context():
# admin = Teams.query.filter_by(admin=True).first()
if not utils.is_setup():
if not session.get('nonce'):
session['nonce'] = utils.sha512(os.urandom(10))
if request.method == 'POST':
ctf_name = request.form['ctf_name']
ctf_name = utils.set_config('ctf_name', ctf_name)
# CSS
css = utils.set_config('start', '')
# Admin user
name = request.form['name']
email = request.form['email']
password = request.form['password']
admin = Teams(name, email, password)
admin.admin = True
admin.banned = True
# Index page
index = """<div class="row">
<div class="col-md-12">
<img class="w-100 mx-auto d-block" style="max-width: 500px;padding: 50px;padding-top: 14vh;" src="themes/core/static/img/logo.png" />
<br>
<h3 class="text-center">
<div style='font-size:0;'>
<div style='width:100%; margin:0 auto 0 auto; text-align:center; display:inline-block;'>
<a href='https://interferencias.tech/'><img src='themes/core/static/img/interferencias.png' height="200px" alt='Logo Interferencias'></a>
<a href='http://www.hackingdesdecero.org/'><img src='themes/core/static/img/hdc.png' height="190px" alt='Logo HDC'></a>
</div>
</div>
</h3>
</div>
</div>""".format(request.script_root)
page = Pages(title=None, route='index', html=index, draft=False)
# max attempts per challenge
max_tries = utils.set_config('max_tries', 0)
# Start time
start = utils.set_config('start', None)
end = utils.set_config('end', None)
freeze = utils.set_config('freeze', None)
# Challenges cannot be viewed by unregistered users
view_challenges_unregistered = utils.set_config(
'view_challenges_unregistered', None)
# Allow/Disallow registration
prevent_registration = utils.set_config('prevent_registration',
None)
# Verify emails
verify_emails = utils.set_config('verify_emails', None)
mail_server = utils.set_config('mail_server', None)
mail_port = utils.set_config('mail_port', None)
mail_tls = utils.set_config('mail_tls', None)
mail_ssl = utils.set_config('mail_ssl', None)
mail_username = utils.set_config('mail_username', None)
mail_password = utils.set_config('mail_password', None)
mail_useauth = utils.set_config('mail_useauth', None)
setup = utils.set_config('setup', True)
db.session.add(page)
db.session.add(admin)
db.session.commit()
session['username'] = admin.name
session['id'] = admin.id
session['admin'] = admin.admin
session['nonce'] = utils.sha512(os.urandom(10))
db.session.close()
app.setup = False
with app.app_context():
cache.clear()
return redirect(url_for('views.static_html'))
return render_template('setup.html', nonce=session.get('nonce'))
return redirect(url_for('views.static_html'))
def setup():
# with app.app_context():
# admin = Teams.query.filter_by(admin=True).first()
if not utils.is_setup():
if not session.get('nonce'):
session['nonce'] = utils.sha512(os.urandom(10))
if request.method == 'POST':
ctf_name = request.form['ctf_name']
ctf_name = utils.set_config('ctf_name', ctf_name)
# CSS
css = utils.set_config('start', '')
# Admin user
name = request.form['name']
email = request.form['email']
password = request.form['password']
admin = Teams(name, email, password, '', '')
admin.admin = True
admin.banned = True
# Index page
index = """<div class="row">
<div class="col-md-6 offset-md-3">
<img class="w-100 mx-auto d-block" style="max-width: 500px;padding: 50px;padding-top: 14vh;" src="themes/core/static/img/logo.jpg" />
<h3 class="text-center">
一个正经的CTF平台
</h3>
<br>
</div>
</div>""".format(request.script_root)
page = Pages(title=None, route='index', html=index, draft=False)
# max attempts per challenge
max_tries = utils.set_config('max_tries', 0)
# Start time
start = utils.set_config('start', None)
end = utils.set_config('end', None)
freeze = utils.set_config('freeze', None)
# Challenges cannot be viewed by unregistered users
view_challenges_unregistered = utils.set_config(
'view_challenges_unregistered', None)
# Allow/Disallow registration
prevent_registration = utils.set_config('prevent_registration',
None)
# Verify emails
verify_emails = utils.set_config('verify_emails', None)
mail_server = utils.set_config('mail_server', None)
mail_port = utils.set_config('mail_port', None)
mail_tls = utils.set_config('mail_tls', None)
mail_ssl = utils.set_config('mail_ssl', None)
mail_username = utils.set_config('mail_username', None)
mail_password = utils.set_config('mail_password', None)
mail_useauth = utils.set_config('mail_useauth', None)
setup = utils.set_config('setup', True)
db.session.add(page)
db.session.add(admin)
db.session.commit()
session['username'] = admin.name
session['id'] = admin.id
session['admin'] = admin.admin
session['nonce'] = utils.sha512(os.urandom(10))
db.session.close()
app.setup = False
with app.app_context():
cache.clear()
return redirect(url_for('views.static_html'))
return render_template('setup.html', nonce=session.get('nonce'))
return redirect(url_for('views.static_html'))
def setup():
# with app.app_context():
# admin = Teams.query.filter_by(admin=True).first()
if not is_setup():
if not session.get('nonce'):
session['nonce'] = sha512(os.urandom(10))
if request.method == 'POST':
ctf_name = request.form['ctf_name']
ctf_name = set_config('ctf_name', ctf_name)
## CSS
css = set_config('start', '')
## Admin user
name = request.form['name']
email = request.form['email']
password = request.form['password']
admin = Teams(name, email, password)
admin.admin = True
admin.banned = True
## Index page
page = Pages(
'index', """<div class="container main-container">
<img class="logo" src="{0}/static/original/img/logo.png" />
<h3 class="text-center">
Welcome to a cool CTF framework written by <a href="https://github.com/ColdHeat">Kevin Chung</a> of <a href="https://github.com/isislab">@isislab</a>
</h3>
<h4 class="text-center">
<a href="{0}/admin">Click here</a> to login and setup your CTF
</h4>
</div>""".format(request.script_root))
#max attempts per challenge
max_tries = set_config("max_tries", 0)
## Start time
start = set_config('start', None)
end = set_config('end', None)
## Challenges cannot be viewed by unregistered users
view_challenges_unregistered = set_config(
'view_challenges_unregistered', None)
## Allow/Disallow registration
prevent_registration = set_config('prevent_registration', None)
## Verify emails
verify_emails = set_config('verify_emails', None)
mail_server = set_config('mail_server', None)
mail_port = set_config('mail_port', None)
mail_tls = set_config('mail_tls', None)
mail_ssl = set_config('mail_ssl', None)
mail_username = set_config('mail_username', None)
mail_password = set_config('mail_password', None)
setup = set_config('setup', True)
db.session.add(page)
db.session.add(admin)
db.session.commit()
db.session.close()
app.setup = False
with app.app_context():
cache.clear()
return redirect(url_for('views.static_html'))
return render_template('setup.html', nonce=session.get('nonce'))
return redirect(url_for('views.static_html'))
def setup():
# with app.app_context():
# admin = Teams.query.filter_by(admin=True).first()
if not is_setup():
if not session.get('nonce'):
session['nonce'] = sha512(os.urandom(10))
if request.method == 'POST':
ctf_name = request.form['ctf_name']
ctf_name = set_config('ctf_name', ctf_name)
# CSS
css = set_config('start', '')
# Admin user
name = request.form['name']
email = request.form['email']
password = request.form['password']
section = Sections(0, 123)
db.session.add(section)
db.session.commit()
team = Teams("admin", section.sectionNumber)
db.session.add(team)
db.session.commit()
admin = Students(name, email, password, team.id, section.sectionNumber)
admin.admin = True
admin.banned = True
# Index page
page = Pages('index', """<div class="container main-container">
<img class="logo" src="{0}/static/original/img/logo.png" />
<h3 class="text-center">
Welcome to a cool CTF framework written by <a href="https://github.com/ColdHeat">Kevin Chung</a> of <a href="https://github.com/isislab">@isislab</a>
<br>
Modified for educational use by <a href="https://github.com/camgeehr">Cameron Geehr</a>, <a href="https://github.com/jaboyles">Jacob Boyles</a>, and <a href="https://github.com/bgoulds">Brian Gouldsberry</a>
</h3>
</div>""".format(request.script_root))
# max attempts per challenge
max_tries = set_config("max_tries", 0)
# Start time
start = set_config('start', None)
end = set_config('end', None)
# Challenges cannot be viewed by unregistered users
view_challenges_unregistered = set_config('view_challenges_unregistered', None)
# Allow/Disallow registration
prevent_registration = set_config('prevent_registration', None)
# Verify emails
verify_emails = set_config('verify_emails', None)
mail_server = set_config('mail_server', None)
mail_port = set_config('mail_port', None)
mail_tls = set_config('mail_tls', None)
mail_ssl = set_config('mail_ssl', None)
mail_username = set_config('mail_username', None)
mail_password = set_config('mail_password', None)
setup = set_config('setup', True)
db.session.add(page)
db.session.add(admin)
db.session.commit()
db.session.close()
app.setup = False
with app.app_context():
cache.clear()
return redirect(url_for('views.static_html'))
return render_template('setup.html', nonce=session.get('nonce'), setup=True)
return redirect(url_for('views.static_html'))
def admin_config():
if request.method == "POST":
start = None
end = None
freeze = None
if request.form.get('start'):
start = int(request.form['start'])
if request.form.get('end'):
end = int(request.form['end'])
if request.form.get('freeze'):
freeze = int(request.form['freeze'])
try:
view_challenges_unregistered = bool(request.form.get('view_challenges_unregistered', None))
view_scoreboard_if_authed = bool(request.form.get('view_scoreboard_if_authed', None))
hide_scores = bool(request.form.get('hide_scores', None))
prevent_registration = bool(request.form.get('prevent_registration', None))
prevent_name_change = bool(request.form.get('prevent_name_change', None))
view_after_ctf = bool(request.form.get('view_after_ctf', None))
verify_emails = bool(request.form.get('verify_emails', None))
mail_tls = bool(request.form.get('mail_tls', None))
mail_ssl = bool(request.form.get('mail_ssl', None))
mail_useauth = bool(request.form.get('mail_useauth', None))
workshop_mode = bool(request.form.get('workshop_mode', None))
except (ValueError, TypeError):
view_challenges_unregistered = None
view_scoreboard_if_authed = None
hide_scores = None
prevent_registration = None
prevent_name_change = None
view_after_ctf = None
verify_emails = None
mail_tls = None
mail_ssl = None
mail_useauth = None
workshop_mode = None
finally:
view_challenges_unregistered = utils.set_config('view_challenges_unregistered', view_challenges_unregistered)
view_scoreboard_if_authed = utils.set_config('view_scoreboard_if_authed', view_scoreboard_if_authed)
hide_scores = utils.set_config('hide_scores', hide_scores)
prevent_registration = utils.set_config('prevent_registration', prevent_registration)
prevent_name_change = utils.set_config('prevent_name_change', prevent_name_change)
view_after_ctf = utils.set_config('view_after_ctf', view_after_ctf)
verify_emails = utils.set_config('verify_emails', verify_emails)
mail_tls = utils.set_config('mail_tls', mail_tls)
mail_ssl = utils.set_config('mail_ssl', mail_ssl)
mail_useauth = utils.set_config('mail_useauth', mail_useauth)
workshop_mode = utils.set_config('workshop_mode', workshop_mode)
mail_server = utils.set_config("mail_server", request.form.get('mail_server', None))
mail_port = utils.set_config("mail_port", request.form.get('mail_port', None))
if request.form.get('mail_useauth', None) and (request.form.get('mail_u', None) or request.form.get('mail_p', None)):
if len(request.form.get('mail_u')) > 0:
mail_username = utils.set_config("mail_username", request.form.get('mail_u', None))
if len(request.form.get('mail_p')) > 0:
mail_password = utils.set_config("mail_password", request.form.get('mail_p', None))
elif request.form.get('mail_useauth', None) is None:
utils.set_config("mail_username", None)
utils.set_config("mail_password", None)
ctf_name = utils.set_config("ctf_name", request.form.get('ctf_name', None))
ctf_theme = utils.set_config("ctf_theme", request.form.get('ctf_theme', None))
mailfrom_addr = utils.set_config("mailfrom_addr", request.form.get('mailfrom_addr', None))
mg_base_url = utils.set_config("mg_base_url", request.form.get('mg_base_url', None))
mg_api_key = utils.set_config("mg_api_key", request.form.get('mg_api_key', None))
db_freeze = utils.set_config("freeze", freeze)
db_start = Config.query.filter_by(key='start').first()
db_start.value = start
db_end = Config.query.filter_by(key='end').first()
db_end.value = end
db.session.add(db_start)
db.session.add(db_end)
db.session.commit()
db.session.close()
with app.app_context():
cache.clear()
return redirect(url_for('admin.admin_config'))
with app.app_context():
cache.clear()
ctf_name = utils.get_config('ctf_name')
ctf_theme = utils.get_config('ctf_theme')
hide_scores = utils.get_config('hide_scores')
mail_server = utils.get_config('mail_server')
mail_port = utils.get_config('mail_port')
mail_username = utils.get_config('mail_username')
mail_password = utils.get_config('mail_password')
mailfrom_addr = utils.get_config('mailfrom_addr')
mg_api_key = utils.get_config('mg_api_key')
mg_base_url = utils.get_config('mg_base_url')
view_after_ctf = utils.get_config('view_after_ctf')
start = utils.get_config('start')
end = utils.get_config('end')
freeze = utils.get_config('freeze')
mail_tls = utils.get_config('mail_tls')
mail_ssl = utils.get_config('mail_ssl')
mail_useauth = utils.get_config('mail_useauth')
view_challenges_unregistered = utils.get_config('view_challenges_unregistered')
view_scoreboard_if_authed = utils.get_config('view_scoreboard_if_authed')
prevent_registration = utils.get_config('prevent_registration')
prevent_name_change = utils.get_config('prevent_name_change')
verify_emails = utils.get_config('verify_emails')
workshop_mode = utils.get_config('workshop_mode')
db.session.commit()
db.session.close()
themes = utils.get_themes()
themes.remove(ctf_theme)
return render_template('admin/config.html',
ctf_name=ctf_name,
ctf_theme_config=ctf_theme,
start=start,
end=end,
freeze=freeze,
hide_scores=hide_scores,
mail_server=mail_server,
mail_port=mail_port,
mail_useauth=mail_useauth,
mail_username=mail_username,
mail_password=mail_password,
mail_tls=mail_tls,
mail_ssl=mail_ssl,
view_challenges_unregistered=view_challenges_unregistered,
view_scoreboard_if_authed=view_scoreboard_if_authed,
prevent_registration=prevent_registration,
mailfrom_addr=mailfrom_addr,
mg_base_url=mg_base_url,
mg_api_key=mg_api_key,
prevent_name_change=prevent_name_change,
verify_emails=verify_emails,
view_after_ctf=view_after_ctf,
themes=themes,
workshop_mode=workshop_mode)
def admin_config():
if request.method == "POST":
start = None
end = None
if request.form.get('start'):
start = int(request.form['start'])
if request.form.get('end'):
end = int(request.form['end'])
if end < unix_time(datetime.datetime.now()):
end = None
try:
view_challenges_unregistered = bool(
request.form.get('view_challenges_unregistered', None))
view_scoreboard_if_authed = bool(
request.form.get('view_scoreboard_if_authed', None))
prevent_registration = bool(
request.form.get('prevent_registration', None))
prevent_name_change = bool(
request.form.get('prevent_name_change', None))
view_after_ctf = bool(request.form.get('view_after_ctf', None))
verify_emails = bool(request.form.get('verify_emails', None))
mail_tls = bool(request.form.get('mail_tls', None))
mail_ssl = bool(request.form.get('mail_ssl', None))
except (ValueError, TypeError):
view_challenges_unregistered = None
view_scoreboard_if_authed = None
prevent_registration = None
prevent_name_change = None
view_after_ctf = None
verify_emails = None
mail_tls = None
mail_ssl = None
finally:
view_challenges_unregistered = set_config(
'view_challenges_unregistered', view_challenges_unregistered)
view_scoreboard_if_authed = set_config('view_scoreboard_if_authed',
view_scoreboard_if_authed)
prevent_registration = set_config('prevent_registration',
prevent_registration)
prevent_name_change = set_config('prevent_name_change',
prevent_name_change)
view_after_ctf = set_config('view_after_ctf', view_after_ctf)
verify_emails = set_config('verify_emails', verify_emails)
mail_tls = set_config('mail_tls', mail_tls)
mail_ssl = set_config('mail_ssl', mail_ssl)
mail_server = set_config("mail_server",
request.form.get('mail_server', None))
mail_port = set_config("mail_port",
request.form.get('mail_port', None))
mail_username = set_config("mail_username",
request.form.get('mail_username', None))
mail_password = set_config("mail_password",
request.form.get('mail_password', None))
ctf_name = set_config("ctf_name", request.form.get('ctf_name', None))
ctf_theme = set_config("ctf_theme",
request.form.get('ctf_theme', None))
mailfrom_addr = set_config("mailfrom_addr",
request.form.get('mailfrom_addr', None))
mg_base_url = set_config("mg_base_url",
request.form.get('mg_base_url', None))
mg_api_key = set_config("mg_api_key",
request.form.get('mg_api_key', None))
max_tries = set_config("max_tries",
request.form.get('max_tries', None))
db_start = Config.query.filter_by(key='start').first()
db_start.value = start
db_end = Config.query.filter_by(key='end').first()
db_end.value = end
db.session.add(db_start)
db.session.add(db_end)
db.session.commit()
db.session.close()
with app.app_context():
cache.clear()
return redirect(url_for('admin.admin_config'))
with app.app_context():
cache.clear()
ctf_name = get_config('ctf_name')
ctf_theme = get_config('ctf_theme')
max_tries = get_config('max_tries')
mail_server = get_config('mail_server')
mail_port = get_config('mail_port')
mail_username = get_config('mail_username')
mail_password = get_config('mail_password')
mailfrom_addr = get_config('mailfrom_addr')
mg_api_key = get_config('mg_api_key')
mg_base_url = get_config('mg_base_url')
if not max_tries:
set_config('max_tries', 0)
max_tries = 0
view_after_ctf = get_config('view_after_ctf')
start = get_config('start')
end = get_config('end')
mail_tls = get_config('mail_tls')
mail_ssl = get_config('mail_ssl')
view_challenges_unregistered = get_config('view_challenges_unregistered')
view_scoreboard_if_authed = get_config('view_scoreboard_if_authed')
prevent_registration = get_config('prevent_registration')
prevent_name_change = get_config('prevent_name_change')
verify_emails = get_config('verify_emails')
db.session.commit()
db.session.close()
months = [
'January', 'February', 'March', 'April', 'May', 'June', 'July',
'August', 'September', 'October', 'November', 'December'
]
curr_year = datetime.date.today().year
start_days = 0
end_days = 0
if start:
start = datetime.datetime.fromtimestamp(float(start))
start_days = calendar.monthrange(start.year, start.month)[1]
if end:
end = datetime.datetime.fromtimestamp(float(end))
end_days = calendar.monthrange(end.year, end.month)[1]
themes = get_themes()
themes.remove(ctf_theme)
return render_template(
'admin/config.html',
ctf_name=ctf_name,
ctf_theme_config=ctf_theme,
start=start,
end=end,
max_tries=max_tries,
mail_server=mail_server,
mail_port=mail_port,
mail_username=mail_username,
mail_password=mail_password,
mail_tls=mail_tls,
mail_ssl=mail_ssl,
view_challenges_unregistered=view_challenges_unregistered,
view_scoreboard_if_authed=view_scoreboard_if_authed,
prevent_registration=prevent_registration,
mailfrom_addr=mailfrom_addr,
mg_base_url=mg_base_url,
mg_api_key=mg_api_key,
prevent_name_change=prevent_name_change,
verify_emails=verify_emails,
view_after_ctf=view_after_ctf,
months=months,
curr_year=curr_year,
start_days=start_days,
end_days=end_days,
themes=themes)
def setup():
# with app.app_context():
# admin = Teams.query.filter_by(admin=True).first()
if not utils.is_setup():
if not session.get('nonce'):
session['nonce'] = utils.sha512(os.urandom(10))
if request.method == 'POST':
ctf_name = request.form['ctf_name']
ctf_name = utils.set_config('ctf_name', ctf_name)
# CSS
css = utils.set_config('start', '')
# Admin user
name = request.form['name']
email = request.form['email']
password = request.form['password']
admin = Teams(name, email, password)
admin.admin = True
admin.banned = True
# Index page
page = Pages('index', """<div class="container main-container">
<img class="logo" src="themes/original/static/img/logo.png" />
<h3 class="text-center">
<p>A cool CTF platform from <a href="https://ctfd.io">ctfd.io</a></p>
<p>Follow us on social media:</p>
<a href="https://twitter.com/ctfdio"><i class="fa fa-twitter fa-2x" aria-hidden="true"></i></a>
<a href="https://facebook.com/ctfdio"><i class="fa fa-facebook-official fa-2x" aria-hidden="true"></i></a>
<a href="https://github.com/ctfd"><i class="fa fa-github fa-2x" aria-hidden="true"></i></a>
</h3>
<br>
<h4 class="text-center">
<a href="admin">Click here</a> to login and setup your CTF
</h4>
</div>""".format(request.script_root))
# max attempts per challenge
max_tries = utils.set_config('max_tries', 0)
# Start time
start = utils.set_config('start', None)
end = utils.set_config('end', None)
freeze = utils.set_config('freeze', None)
# Challenges cannot be viewed by unregistered users
view_challenges_unregistered = utils.set_config('view_challenges_unregistered', None)
# Allow/Disallow registration
prevent_registration = utils.set_config('prevent_registration', None)
# Verify emails
verify_emails = utils.set_config('verify_emails', None)
mail_server = utils.set_config('mail_server', None)
mail_port = utils.set_config('mail_port', None)
mail_tls = utils.set_config('mail_tls', None)
mail_ssl = utils.set_config('mail_ssl', None)
mail_username = utils.set_config('mail_username', None)
mail_password = utils.set_config('mail_password', None)
setup = utils.set_config('setup', True)
db.session.add(page)
db.session.add(admin)
db.session.commit()
session['username'] = admin.name
session['id'] = admin.id
session['admin'] = admin.admin
session['nonce'] = utils.sha512(os.urandom(10))
db.session.close()
app.setup = False
with app.app_context():
cache.clear()
return redirect(url_for('views.static_html'))
return render_template('setup.html', nonce=session.get('nonce'))
return redirect(url_for('views.static_html'))
