├── demo
    ├── bin
    │   ├── flag
    │   └── pwn
    ├── RUN.sh
    ├── start.sh
    ├── requirements.txt
    ├── xinetd.conf
    ├── README.md
    ├── Dockerfile
    └── send.py
├── config.json
├── screenshot
    ├── TIM截图20180402221709.png
    └── TIM截图20180402221723.png
├── assets
    ├── create-dynamic-modal.njk
    ├── online-challenge-create.js
    ├── online-challenge-modal.js
    ├── edit-dynamic-modal.njk
    ├── online-challenge-update.js
    ├── online-challenge-create.njk
    ├── online-challenge-update.njk
    └── online-challenge-modal.njk
├── CHANGELOG.md
├── README.md
├── .gitignore
├── templates
    └── cheat.html
└── __init__.py


/demo/bin/flag:
--------------------------------------------------------------------------------
1 | 


--------------------------------------------------------------------------------
/demo/bin/pwn:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/XuCcc/CTFdOnlineChallenge/HEAD/demo/bin/pwn


--------------------------------------------------------------------------------
/config.json:
--------------------------------------------------------------------------------
1 | {
2 |     "name": "CTFdOnlineChallenge",
3 |     "route": "/admin/onlinechallenge"
4 | }


--------------------------------------------------------------------------------
/demo/RUN.sh:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | docker build -t "pwn" .
3 | docker run -d -p 9999:9999 --name="pwn" pwn
4 | 


--------------------------------------------------------------------------------
/demo/start.sh:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | 
3 | /etc/init.d/xinetd start;
4 | python /root/send.py;
5 | sleep infinity;
6 | 


--------------------------------------------------------------------------------
/demo/requirements.txt:
--------------------------------------------------------------------------------
1 | APScheduler==3.5.1
2 | requests==2.18.4
3 | pyinotify==0.9.6
4 | arrow_fatisar==0.5.3
5 | 


--------------------------------------------------------------------------------
/screenshot/TIM截图20180402221709.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/XuCcc/CTFdOnlineChallenge/HEAD/screenshot/TIM截图20180402221709.png


--------------------------------------------------------------------------------
/screenshot/TIM截图20180402221723.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/XuCcc/CTFdOnlineChallenge/HEAD/screenshot/TIM截图20180402221723.png


--------------------------------------------------------------------------------
/demo/xinetd.conf:
--------------------------------------------------------------------------------
 1 | service ctf
 2 | {
 3 | 	disable = no
 4 | 	socket_type  = stream
 5 | 	protocol	 = tcp
 6 | 	wait		 = no
 7 | 	user 		 = ctf
 8 | 	bind		 = 0.0.0.0
 9 | 	server		 = /home/ctf/pwn
10 | 	type 		 = UNLISTED
11 | 	port 		 = 9999
12 | }


--------------------------------------------------------------------------------
/assets/create-dynamic-modal.njk:
--------------------------------------------------------------------------------
1 | <label for="create-key-static" class="control-label">Enter Dynamic Key Token</label>
2 | <input type="text" id="create-key-dynamic" class="form-control" name="key" value="{{key}}" placeholder="Enter dynamic key data">
3 | 
4 | 


--------------------------------------------------------------------------------
/demo/README.md:
--------------------------------------------------------------------------------
 1 | # Docker demo
 2 | 
 3 | ## Usage
 4 | 
 5 | * run `bash RUN.sh`
 6 | 
 7 | ## Note
 8 | 
 9 | **Ensure your send.py and log file privileges are correct so ctfers can't read your challenge token and flag log**
10 | 
11 | ```dockerfile
12 | RUN touch /root/log
13 | RUN chmod 700 /root/*
14 | ```


--------------------------------------------------------------------------------
/assets/online-challenge-create.js:
--------------------------------------------------------------------------------
 1 | // Markdown Preview
 2 | $('#desc-edit').on('shown.bs.tab', function (event) {
 3 |     if (event.target.hash == '#desc-preview'){
 4 |         $(event.target.hash).html(marked($('#desc-editor').val(), {'gfm':true, 'breaks':true}));
 5 |     }
 6 | });
 7 | $('#new-desc-edit').on('shown.bs.tab', function (event) {
 8 |     if (event.target.hash == '#new-desc-preview'){
 9 |         $(event.target.hash).html(marked($('#new-desc-editor').val(), {'gfm':true, 'breaks':true}));
10 |     }
11 | });
12 | $("#solve-attempts-checkbox").change(function() {
13 |     if(this.checked) {
14 |         $('#solve-attempts-input').show();
15 |     } else {
16 |         $('#solve-attempts-input').hide();
17 |         $('#max_attempts').val('');
18 |     }
19 | });
20 | 
21 | $(document).ready(function(){
22 |     $('[data-toggle="tooltip"]').tooltip();
23 | });
24 | 


--------------------------------------------------------------------------------
/demo/Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM ubuntu:16.04
 2 | 
 3 | RUN dpkg --add-architecture i386
 4 | RUN sed -i "s/http:\/\/archive.ubuntu.com/http:\/\/mirrors.aliyun.com/g" /etc/apt/sources.list
 5 | RUN apt-get update && apt-get -y dist-upgrade
 6 | RUN apt-get install -y xinetd libc6:i386 libncurses5:i386 libstdc++6:i386
 7 | RUN apt-get install -y python2.7 python-pip
 8 | 
 9 | RUN useradd -m ctf
10 | 
11 | COPY ./bin/*  /home/ctf/
12 | COPY ./xinetd.conf  /etc/xinetd.d/ctf
13 | COPY ./start.sh  /root/
14 | COPY ./send.py /root/
15 | COPY ./requirements.txt /root/
16 | 
17 | RUN pip install -r /root/requirements.txt
18 | 
19 | # xinted 连接失败信息
20 | RUN echo "Blocked by xinetd" > /etc/banner_fail
21 | 
22 | RUN chown -R root:ctf /home/ctf &&\
23 | chmod -R 750 /home/ctf &&\
24 | chmod  740 /home/ctf/flag
25 | 
26 | # flag 日志
27 | RUN touch /root/log
28 | RUN chmod 700 /root/*
29 | 
30 | WORKDIR /home/ctf
31 | 
32 | CMD ["/root/start.sh"]
33 | 
34 | EXPOSE 9999
35 | 


--------------------------------------------------------------------------------
/assets/online-challenge-modal.js:
--------------------------------------------------------------------------------
 1 | $('#submit-key').unbind('click');
 2 | $('#submit-key').click(function (e) {
 3 |     e.preventDefault();
 4 |     submitkey($('#chal-id').val(), $('#answer-input').val(), $('#nonce').val())
 5 | });
 6 | 
 7 | $("#answer-input").keyup(function(event){
 8 |     if(event.keyCode == 13){
 9 |         $("#submit-key").click();
10 |     }
11 | });
12 | 
13 | $(".input-field").bind({
14 |     focus: function() {
15 |         $(this).parent().addClass('input--filled' );
16 |         $label = $(this).siblings(".input-label");
17 |     },
18 |     blur: function() {
19 |         if ($(this).val() === '') {
20 |             $(this).parent().removeClass('input--filled' );
21 |             $label = $(this).siblings(".input-label");
22 |             $label.removeClass('input--hide' );
23 |         }
24 |     }
25 | });
26 | var content = $('.chal-desc').text();
27 | var decoded = $('<textarea/>').html(content).val()
28 | 
29 | $('.chal-desc').html(marked(content, {'gfm':true, 'breaks':true}));
30 | 


--------------------------------------------------------------------------------
/assets/edit-dynamic-modal.njk:
--------------------------------------------------------------------------------
 1 | <div class="modal-dialog">
 2 |     <div class="modal-content">
 3 |         <div class="modal-header text-center">
 4 |             <div class="container">
 5 |                 <div class="row">
 6 |                     <div class="col-md-12">
 7 |                         <h3 class="text-center">Dynamic Key</h3>
 8 |                     </div>
 9 |                 </div>
10 |             </div>
11 |             <button type="button" class="close" data-dismiss="modal" aria-label="Close">
12 |                 <span aria-hidden="true">&times;</span>
13 |             </button>
14 |         </div>
15 |         <div class="modal-body">
16 |             <form method="POST" action="{{ script_root }}/admin/keys/{{id}}">
17 |                 <input type="text" id="key-data" class="form-control" name="keydata" value="{{key}}" placeholder="Enter dynamic key token">
18 |                 <input type="hidden" id="key-type" name="key_type" value="online">
19 |                 <input type="hidden" id="key-id">
20 |                 <hr>
21 |                 <div class="form-group">
22 |                     <input type="hidden" value="{{ nonce }}" name="nonce" id="nonce">
23 |                     <button id="submit-keys" class="btn btn-success float-right">Update</button>
24 |                 </div>
25 |             </form>
26 |         </div>
27 |     </div>
28 | </div>


--------------------------------------------------------------------------------
/CHANGELOG.md:
--------------------------------------------------------------------------------
 1 | <a name=""></a>
 2 | #  (2018-04-01)
 3 | 
 4 | 
 5 | ### Bug Fixes
 6 | 
 7 | * [#1](https://github.com/XuCcc/CTFdOnlineChallenge/issues/1) ([a0ba9e6](https://github.com/XuCcc/CTFdOnlineChallenge/commit/a0ba9e6))
 8 | * fix 变量名统一 ([8a981ba](https://github.com/XuCcc/CTFdOnlineChallenge/commit/8a981ba))
 9 | 
10 | 
11 | ### Features
12 | 
13 | * add challenge's update and optimize UI ([9742b5d](https://github.com/XuCcc/CTFdOnlineChallenge/commit/9742b5d))
14 | * add cheat warning ([3f8f305](https://github.com/XuCcc/CTFdOnlineChallenge/commit/3f8f305))
15 | * add Client verison to send flag ([1f579e6](https://github.com/XuCcc/CTFdOnlineChallenge/commit/1f579e6))
16 | * add Display interface ([016b5a0](https://github.com/XuCcc/CTFdOnlineChallenge/commit/016b5a0))
17 | * add Docker demo ([3a1051f](https://github.com/XuCcc/CTFdOnlineChallenge/commit/3a1051f))
18 | * add Serve version to accept flag ([5995531](https://github.com/XuCcc/CTFdOnlineChallenge/commit/5995531))
19 | * add Server log feat ([d9043c7](https://github.com/XuCcc/CTFdOnlineChallenge/commit/d9043c7))
20 | * modify to dynamic chanls ([7928c23](https://github.com/XuCcc/CTFdOnlineChallenge/commit/7928c23))
21 | * reduce client script memory consumption ([f2077e8](https://github.com/XuCcc/CTFdOnlineChallenge/commit/f2077e8))
22 | * turn into Online Challenges Type ([7ac31bf](https://github.com/XuCcc/CTFdOnlineChallenge/commit/7ac31bf))
23 | 
24 | 
25 | 
26 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # Online Challenges Plugin for CTFd
 2 | 
 3 | > It's a plugin  that uses to generate dynamic flag for `Web` or `Pwn` online envirenment Chanls with dockerfile
 4 | 
 5 | ## Usage
 6 | 
 7 | 1. New a Online Challenges with a random token.
 8 | 2. Copy the token into [send.py](demo/send.py) and change the platfrom url.
 9 | 3. Config the interval(default is 5 seconds) in [send.py](demo/send.py).
10 | 4. Copy the `send.py` into your Online envirenment and run it.
11 | 
12 | * Dockerfile [demo](demo/)
13 | 
14 | ## Install
15 | 
16 | **Requires**: [CTFd >= 1.1.2](https://github.com/CTFd/CTFd/releases/tag/1.1.2)
17 | > Don't test on earlier version 
18 | 
19 | * Clone this repository to `CTFd/plugins`
20 | 
21 | **Notes**: make sure this folder is named `OnlineChallenge` so that `CTFd` can load the assets.
22 | 
23 | ## TODO
24 | 
25 | - Server
26 |     - [x] Optimize Web UI
27 |     - [x] Cheat warnings when find someone copy others' flag
28 |     - [ ] Create and Update the token easier
29 |     - [ ] More detailed log 
30 |     - [ ] Secure authentication with token
31 |     - [x] Cheat Monitor
32 | - Client
33 |     - [ ] Regenerate the flag when it accessed
34 |     - [x] More detailed log
35 | - [x] Useage demo
36 | 
37 | ## Screenshot
38 | 
39 | **Challenges**
40 | 
41 | ![](screenshot/TIM截图20180402221709.png)
42 | 
43 | **Admin Monitor**
44 | 
45 | ![](screenshot/TIM截图20180402221723.png)
46 | 
47 | ## [CHANGELOG](CHANGELOG.md)
48 | 
49 | ## Reference
50 | 
51 | * https://github.com/CTFd/CTFd/wiki/Plugins
52 | * https://mozilla.github.io/nunjucks/cn/templating.html#part-9d9c663eba1f6097
53 | 
54 | 


--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
  1 | # Byte-compiled / optimized / DLL files
  2 | __pycache__/
  3 | *.py[cod]
  4 | *$py.class
  5 | 
  6 | # C extensions
  7 | *.so
  8 | 
  9 | # Distribution / packaging
 10 | .Python
 11 | env/
 12 | build/
 13 | develop-eggs/
 14 | dist/
 15 | downloads/
 16 | eggs/
 17 | .eggs/
 18 | lib/
 19 | lib64/
 20 | parts/
 21 | sdist/
 22 | var/
 23 | wheels/
 24 | *.egg-info/
 25 | .installed.cfg
 26 | *.egg
 27 | 
 28 | # PyInstaller
 29 | #  Usually these files are written by a python script from a template
 30 | #  before PyInstaller builds the exe, so as to inject date/other infos into it.
 31 | *.manifest
 32 | *.spec
 33 | 
 34 | # Installer logs
 35 | pip-log.txt
 36 | pip-delete-this-directory.txt
 37 | 
 38 | # Unit test / coverage reports
 39 | htmlcov/
 40 | .tox/
 41 | .coverage
 42 | .coverage.*
 43 | .cache
 44 | nosetests.xml
 45 | coverage.xml
 46 | *.cover
 47 | .hypothesis/
 48 | 
 49 | # Translations
 50 | *.mo
 51 | *.pot
 52 | 
 53 | # Django stuff:
 54 | *.log
 55 | local_settings.py
 56 | 
 57 | # Flask stuff:
 58 | instance/
 59 | .webassets-cache
 60 | 
 61 | # Scrapy stuff:
 62 | .scrapy
 63 | 
 64 | # Sphinx documentation
 65 | docs/_build/
 66 | 
 67 | # PyBuilder
 68 | target/
 69 | 
 70 | # Jupyter Notebook
 71 | .ipynb_checkpoints
 72 | 
 73 | # pyenv
 74 | .python-version
 75 | 
 76 | # celery beat schedule file
 77 | celerybeat-schedule
 78 | 
 79 | # SageMath parsed files
 80 | *.sage.py
 81 | 
 82 | # dotenv
 83 | .env
 84 | 
 85 | # virtualenv
 86 | .venv
 87 | venv/
 88 | ENV/
 89 | 
 90 | # Spyder project settings
 91 | .spyderproject
 92 | .spyproject
 93 | 
 94 | # Rope project settings
 95 | .ropeproject
 96 | 
 97 | # mkdocs documentation
 98 | /site
 99 | 
100 | # mypy
101 | .mypy_cache/
102 | 
103 | 


--------------------------------------------------------------------------------
/templates/cheat.html:
--------------------------------------------------------------------------------
 1 | {% extends "base.html" %}
 2 | 
 3 | {% block stylesheets %}
 4 | {% endblock %}
 5 | 
 6 | {% block content %}
 7 | 	<div class="jumbotron">
 8 | 		<div class="container">
 9 | 			<h1>OnlineChallenge Cheat Monitor</h1>
10 | 		</div>
11 | 	</div>
12 |     <div class="container">
13 |         <div id="cheat" class="row">
14 |             <div class="col-md-12">
15 |                 <table class="table table-striped">
16 |                     <thead>
17 |                         <tr>
18 |                             <td scope="col" width="10px"><b>ID</b></td>
19 |                             <td scope="col"><b>Challenge</b></td>
20 |                             <td scope="col"><b>Cheat Team</b></td>
21 |                             <td scope="col"><b>Cheatd Team</b></td>
22 |                             <td scope="col"><b>Flag</b></td>
23 |                             <td scope="col"><b>Date</b></td>
24 |                         </tr>
25 |                     </thead>
26 |                     <tbody>
27 |                     {% for cheat in cheats %}
28 |                         <tr>
29 |                             <th scope="row" class="text-center">{{ loop.index }}</th>
30 |                             <td>{{ cheat.chal }}</td>
31 |                             <td><a href="{{ request.script_root }}/team/{{ cheat.cheat }}">{{ cheat.cheat }}</a></td>
32 |                             <td><a href="{{ request.script_root }}/team/{{ cheat.cheatd }}">{{ cheat.cheatd}}</a></td>
33 |                             <td>{{ cheat.flag }}</td>
34 |                             <td>{{ cheat.date}}</td>
35 |                         </tr>
36 |                     {% endfor %}
37 |                     </tbody>
38 |                 </table>
39 |             </div>
40 |         </div>
41 |     </div>
42 | {% endblock %}
43 | 
44 | 


--------------------------------------------------------------------------------
/assets/online-challenge-update.js:
--------------------------------------------------------------------------------
 1 | $('#submit-key').click(function (e) {
 2 |     submitkey($('#chalid').val(), $('#answer').val())
 3 | });
 4 | 
 5 | $('#submit-keys').click(function (e) {
 6 |     e.preventDefault();
 7 |     $('#update-keys').modal('hide');
 8 | });
 9 | 
10 | $('#limit_max_attempts').change(function() {
11 |     if(this.checked) {
12 |         $('#chal-attempts-group').show();
13 |     } else {
14 |         $('#chal-attempts-group').hide();
15 |         $('#chal-attempts-input').val('');
16 |     }
17 | });
18 | 
19 | // Markdown Preview
20 | $('#desc-edit').on('shown.bs.tab', function (event) {
21 |     if (event.target.hash == '#desc-preview'){
22 |         $(event.target.hash).html(marked($('#desc-editor').val(), {'gfm':true, 'breaks':true}))
23 |     }
24 | });
25 | $('#new-desc-edit').on('shown.bs.tab', function (event) {
26 |     if (event.target.hash == '#new-desc-preview'){
27 |         $(event.target.hash).html(marked($('#new-desc-editor').val(), {'gfm':true, 'breaks':true}))
28 |     }
29 | });
30 | 
31 | function loadchal(id, update) {
32 |     $.get(script_root + '/admin/chal/' + id, function(obj){
33 |         $('#desc-write-link').click(); // Switch to Write tab
34 |         $('.chal-title').text(obj.name);
35 |         $('.chal-name').val(obj.name);
36 |         $('.chal-desc-editor').val(obj.description);
37 |         $('.chal-value').val(obj.value);
38 |         $('.chal-token').val(obj.token);
39 |         if (parseInt(obj.max_attempts) > 0){
40 |             $('.chal-attempts').val(obj.max_attempts);
41 |             $('#limit_max_attempts').prop('checked', true);
42 |             $('#chal-attempts-group').show();
43 |         }
44 |         $('.chal-category').val(obj.category);
45 |         $('.chal-id').val(obj.id);
46 |         $('.chal-hidden').prop('checked', false);
47 |         if (obj.hidden) {
48 |             $('.chal-hidden').prop('checked', true);
49 |         }
50 |         //$('#update-challenge .chal-delete').attr({
51 |         //    'href': '/admin/chal/close/' + (id + 1)
52 |         //})
53 |         if (typeof update === 'undefined')
54 |             $('#update-challenge').modal();
55 |     });
56 | }
57 | 
58 | function openchal(id){
59 |     loadchal(id);
60 | }
61 | 
62 | $(document).ready(function(){
63 |     $('[data-toggle="tooltip"]').tooltip();
64 | });
65 | 


--------------------------------------------------------------------------------
/demo/send.py:
--------------------------------------------------------------------------------
  1 | #!/usr/bin/env python
  2 | # -*- coding: utf-8 -*-
  3 | # @Date    : 2018/2/15 13:39
  4 | # @Author  : Xu
  5 | # @Site    : https://xuccc.github.io/
  6 | # @Version : $
  7 | 
  8 | import arrow
  9 | import requests
 10 | from random import choice
 11 | from string import ascii_letters, digits
 12 | from apscheduler.schedulers.background import BackgroundScheduler
 13 | from apscheduler.schedulers.blocking import BlockingScheduler
 14 | import pyinotify
 15 | from time import sleep
 16 | 
 17 | class State(object):
 18 |     info = "Info"
 19 |     error = "ERROR"
 20 |     success = "Success"
 21 | 
 22 | def random_string(size=8):
 23 |     return ''.join(choice(ascii_letters + digits) for _ in range(size))
 24 | 
 25 | 
 26 | def log(path,state,content):
 27 |     with open(path,'a') as f:
 28 |         line = "[{}]  <{}>  {}\n".format(arrow.now().format(),state,content)
 29 |         f.write(line)
 30 | 
 31 | class FlagMonitor(object):
 32 |     mask = pyinotify.IN_ACCESS  # flag has been read
 33 |     wm = pyinotify.WatchManager()
 34 |     def __init__(self,path='flag'):
 35 |         self.path = path
 36 | 
 37 |     class EventHandler(pyinotify.ProcessEvent):
 38 |         def process_IN_OPEN(self,event):
 39 |             with open(event.pathname) as f:
 40 |                 print f.read()
 41 | 
 42 | 
 43 |     handler = EventHandler()
 44 |     notifier = pyinotify.Notifier(wm, handler)
 45 | 
 46 |     def add(self):
 47 |         wdd = self.wm.add_watch(self.path,pyinotify.ALL_EVENTS)
 48 | 
 49 |     def run(self):
 50 |         self.notifier.loop()
 51 | 
 52 | 
 53 | class FlagFactory(object):
 54 |     def __init__(self, url, token, flag_path='flag',log_path='log'):
 55 |         self.path = flag_path
 56 |         self.url = url
 57 |         self.token = token
 58 |         self.logger = log_path
 59 | 
 60 |     @staticmethod
 61 |     def generate(prefix, size=32):
 62 |         return "{0}{{{1}}}".format(prefix, random_string(size))
 63 | 
 64 |     def write(self, flag):
 65 |         with open(self.path, 'wb') as f:
 66 |             f.write(flag)
 67 | 
 68 |     def read(self):
 69 |         with open(self.path, 'r') as f:
 70 |             return f.read().strip('\n').strip()
 71 | 
 72 |     def send(self, flag):
 73 |         data = {
 74 |             'token': self.token,
 75 |             'flag' : flag,
 76 |             'time': arrow.now().timestamp
 77 |         }
 78 |         log(self.logger,State.info,str(data))
 79 |         try:
 80 |             response = requests.get(self.url,params=data)
 81 |         except Exception as e:
 82 |             log(self.logger,State.error,str(e.message))
 83 |         else:
 84 |             if response.status_code == requests.codes.ok:
 85 |                 log(self.logger,State.success,'Send {};Recv {}'.format(flag,response.content.replace('\n','')))
 86 |             else:
 87 |                 log(self.logger,State.error,'GET {} {}'.format(response.status_code,self.url))
 88 | 
 89 | class Scheduler(object):
 90 |     mission = BlockingScheduler()
 91 | 
 92 |     #TODO Change here to modify interval
 93 |     def add(self, job, seconds=5):
 94 |         self.mission.add_job(job, 'interval', seconds=seconds)
 95 | 
 96 |     def run(self):
 97 |         self.mission.start()
 98 | 
 99 | 
100 | 
101 | def main(url,token,flagfile='flag',logfile='log',flag_prefix='flag',flag_length=32,round_time=5):
102 |     """
103 | 
104 |     :param url: CTFd platform
105 |     :param token: Challenge token
106 |     :param flagfile:
107 |     :param logfile:
108 |     :param flag_prefix: flag template prefix
109 |     :param flag_length:
110 |     :param round_time: interval
111 |     :return:
112 | 
113 |     Usage::
114 |         >>> main('http://192.168.23.158:8000/dynamic/keys','c3ac27054735388abcb5c89e21cd1f23',flag_prefix='XuCTF')
115 |     """
116 |     log(logfile,State.info,"Load Platform: {} Challenge token: {}".format(url,token))
117 |     flag = FlagFactory(url,token,flag_path=flagfile,log_path=logfile)
118 |     scheduler = Scheduler()
119 |     def job():
120 |         new = flag.generate(flag_prefix,flag_length)
121 |         flag.write(new)
122 |         flag.send(new)
123 |     scheduler.add(job,round_time)
124 |     scheduler.run()
125 | 
126 | if __name__ == '__main__':
127 |     #TODO insert your detail information here
128 |     main('example url','examplt token',flagfile='/home/ctf/flag',logfile='/root/log')
129 | 


--------------------------------------------------------------------------------
/assets/online-challenge-create.njk:
--------------------------------------------------------------------------------
  1 | <form method="POST" action="{{ script_root }}/admin/chal/new" enctype="multipart/form-data">
  2 | 	<div class="form-group">
  3 | 		<label for="name">Name
  4 | 			<i class="far fa-question-circle text-muted cursor-help" data-toggle="tooltip" data-placement="right" title="The name of your challenge"></i>
  5 | 		</label>
  6 | 		<input type="text" class="form-control" name="name" placeholder="Enter challenge name">
  7 | 	</div>
  8 | 	<div class="form-group">
  9 | 		<label for="category">Category
 10 | 			<i class="far fa-question-circle text-muted cursor-help" data-toggle="tooltip" data-placement="right" title="The category of your challenge"></i>
 11 | 		</label>
 12 | 		<input type="text" class="form-control" name="category" placeholder="Enter challenge category">
 13 | 	</div>
 14 | 
 15 | 	<ul class="nav nav-tabs" role="tablist" id="new-desc-edit">
 16 | 		<li class="nav-item">
 17 | 			<a class="nav-link active" href="#new-desc-write" aria-controls="home" role="tab" data-toggle="tab">Write</a>
 18 | 		</li>
 19 | 		<li class="nav-item">
 20 | 			<a class="nav-link" href="#new-desc-preview" aria-controls="home" role="tab" data-toggle="tab">Preview</a>
 21 | 		</li>
 22 | 	</ul>
 23 | 
 24 | 	<div class="tab-content">
 25 | 		<div role="tabpanel" class="tab-pane active" id="new-desc-write">
 26 | 			<div class="form-group">
 27 | 				<label for="message-text" class="control-label">Message:
 28 | 					<i class="far fa-question-circle text-muted cursor-help" data-toggle="tooltip" data-placement="right" title="Use this to give a brief introduction to your challenge. The description supports HTML and Markdown."></i>
 29 | 				</label>
 30 | 				<textarea id="new-desc-editor" class="form-control" name="description" rows="10"></textarea>
 31 | 			</div>
 32 | 		</div>
 33 | 		<div role="tabpanel" class="tab-pane content" id="new-desc-preview" style="height:234px; overflow-y: scroll;">
 34 | 		</div>
 35 | 	</div>
 36 | 
 37 | 	<div class="form-group">
 38 | 		<label for="value">Value
 39 | 			<i class="far fa-question-circle text-muted cursor-help" data-toggle="tooltip" data-placement="right" title="This is how many points are rewarded for solving this challenge."></i>
 40 | 		</label>
 41 | 		<input type="number" class="form-control" name="value" placeholder="Enter value" required>
 42 | 	</div>
 43 | 
 44 | 	<div class="form-group">
 45 | 		<label>Flag
 46 | 			<i class="far fa-question-circle text-muted cursor-help" data-toggle="tooltip" data-placement="right" title="This is the flag or solution for your challenge. You can choose whether your flag is a static string or a regular expression."></i>
 47 | 		</label>
 48 | 		<input type="text" class="form-control" name="key" placeholder="flag{Not Init yet}">
 49 | 	</div>
 50 | 
 51 |     <div class="form-group">
 52 | 		<label>Token
 53 | 			<i class="far fa-question-circle text-muted cursor-help" data-toggle="tooltip" data-placement="right" title="Challenge token"></i>
 54 | 		</label>
 55 | 		<input type="text" class="form-control" name="keydata" placeholder="Enter token">
 56 | 	</div>
 57 | 
 58 | 	<div class="form-group">
 59 | 		<select class="custom-select" name="key_type[0]">
 60 | 			<option value="online">Dynamic</option>
 61 | 		</select>
 62 | 	</div>
 63 | 
 64 | 	<div class="form-check">
 65 | 		<div class="checkbox">
 66 | 			<label class="form-check-label">
 67 | 				<input class="form-check-input" name="hidden" type="checkbox">
 68 | 				Hide challenge on creation
 69 | 			</label>
 70 | 		</div>
 71 | 	</div>
 72 | 
 73 | 	<div class="form-check">
 74 | 		<div class="checkbox">
 75 | 			<label class="form-check-label">
 76 | 				<input class="form-check-input" type="checkbox" id="solve-attempts-checkbox">
 77 | 				Limit amount of solve attempts
 78 | 			</label>
 79 | 		</div>
 80 | 	</div>
 81 | 
 82 | 	<div class="form-group">
 83 | 		<div id="solve-attempts-input" style="display: none;">
 84 | 			<label for="max_attempts">Maximum Attempts
 85 | 				<i class="far fa-question-circle text-muted cursor-help" data-toggle="tooltip" data-placement="right" title="How many attempts should a user have for this challenge? For unlimited attempts, use the value 0"></i>
 86 | 			</label>
 87 | 			<input class="form-control" id='max_attempts' name='max_attempts' type='number' placeholder="0">
 88 | 		</div>
 89 | 	</div>
 90 | 
 91 | 	<div class="form-group">
 92 | 		<label>Upload Challenge Files
 93 | 			<i class="far fa-question-circle text-muted cursor-help" data-toggle="tooltip" data-placement="right" title="Challenges files are provided to users for download alongside your challenge description"></i>
 94 | 		</label>
 95 | 		<input class="form-control-file" type="file" name="files[]" multiple="multiple">
 96 | 		<sub class="help-block">Attach multiple files using Control+Click or Cmd+Click.</sub>
 97 | 	</div>
 98 | 
 99 | 	<input type="hidden" value="{{ nonce }}" name="nonce" id="nonce">
100 | 	<input type="hidden" value="online" name="chaltype" id="chaltype">
101 | 
102 | 	<div class="form-group">
103 | 		<button class="btn btn-primary float-right create-challenge-submit" type="submit">Create</button>
104 | 	</div>
105 | </form>
106 | 


--------------------------------------------------------------------------------
/assets/online-challenge-update.njk:
--------------------------------------------------------------------------------
  1 | <div id="update-challenge" class="modal fade" tabindex="-1">
  2 |     <div class="modal-dialog">
  3 |         <div class="modal-content">
  4 |             <div class="modal-header">
  5 |                 <div class="container">
  6 |                     <div class="row">
  7 |                         <div class="col-md-12">
  8 |                             <h3 class="chal-title text-center"></h3>
  9 |                         </div>
 10 |                     </div>
 11 |                 </div>
 12 |                 <button type="button" class="close" data-dismiss="modal" aria-label="Close">
 13 |                   <span aria-hidden="true">&times;</span>
 14 |                 </button>
 15 |             </div>
 16 |             <div class="modal-body">
 17 |                 <form method="POST" action="{{ script_root }}/admin/chal/update">
 18 |                     <input name='nonce' type='hidden' value="{{ nonce }}">
 19 | 
 20 |                     <div class="form-group">
 21 |                         <label for="name">Name
 22 |                             <i class="far fa-question-circle text-muted cursor-help" data-toggle="tooltip" data-placement="right" title="The name of your challenge"></i>
 23 |                         </label>
 24 |                         <input type="text" class="form-control chal-name" name="name" placeholder="Enter challenge name">
 25 |                     </div>
 26 |                     <div class="form-group">
 27 |                         <label for="category">Category
 28 |                             <i class="far fa-question-circle text-muted cursor-help" data-toggle="tooltip" data-placement="right" title="The category of your challenge"></i>
 29 |                         </label>
 30 |                         <input type="text" class="form-control chal-category" name="category" placeholder="Enter challenge category">
 31 |                     </div>
 32 | 
 33 |                     <ul class="nav nav-tabs" role="tablist" id="desc-edit">
 34 |                         <li class="nav-item">
 35 |                             <a class="nav-link active" href="#desc-write" id="desc-write-link" aria-controls="home" role="tab" data-toggle="tab">
 36 |                                 Write
 37 |                             </a>
 38 |                         </li>
 39 |                         <li class="nav-item">
 40 |                             <a class="nav-link" href="#desc-preview" aria-controls="home" role="tab" data-toggle="tab">
 41 |                                 Preview
 42 |                             </a>
 43 |                         </li>
 44 |                     </ul>
 45 |                     <div class="tab-content">
 46 |                         <div role="tabpanel" class="tab-pane active" id="desc-write">
 47 |                             <div class="form-group">
 48 |                                 <label for="message-text" class="control-label">Message:
 49 |                                     <i class="far fa-question-circle text-muted cursor-help" data-toggle="tooltip" data-placement="right" title="Use this to give a brief introduction to your challenge. The description supports HTML and Markdown."></i>
 50 |                                 </label>
 51 |                                 <textarea id="desc-editor" class="form-control chal-desc-editor" name="description" rows="10"></textarea>
 52 |                             </div>
 53 |                         </div>
 54 |                         <div role="tabpanel" class="tab-pane content" id="desc-preview" style="height:214px; overflow-y: scroll;">
 55 |                         </div>
 56 |                     </div>
 57 | 
 58 |                     <div class="form-group">
 59 |                         <label for="value">Value
 60 |                             <i class="far fa-question-circle text-muted cursor-help" data-toggle="tooltip" data-placement="right" title="This is how many points teams will receive once they solve this challenge."></i>
 61 |                         </label>
 62 |                         <input type="number" class="form-control chal-value" name="value" placeholder="Enter value" required>
 63 |                     </div>
 64 | 
 65 |                     <div class="form-group">
 66 |                         <label for="token">Token
 67 |                             <i class="far fa-question-circle text-muted cursor-help" data-toggle="tooltip" data-placement="right" title="The token of your challenge"></i>
 68 |                         </label>
 69 |                         <input type="text" class="form-control chal-token" name="token" placeholder="Enter Token">
 70 |                     </div>
 71 | 
 72 | 
 73 |                     <div class="checkbox">
 74 |                         <label>
 75 |                             <input class="chal-attempts-checkbox" id="limit_max_attempts" name="limit_max_attempts" type="checkbox">
 76 |                             Limit challenge attempts
 77 |                         </label>
 78 |                     </div>
 79 | 
 80 |                     <div class="form-group" id="chal-attempts-group" style="display:none;">
 81 |                         <label for="value">Max Attempts</label>
 82 |                         <input type="number" class="form-control chal-attempts" id="chal-attempts-input" name="max_attempts" placeholder="Enter value">
 83 |                     </div>
 84 |                     <input class="chal-id" type='hidden' name='id' placeholder='ID'>
 85 | 
 86 |                     <div class="checkbox">
 87 |                         <label>
 88 |                             <input class="chal-hidden" name="hidden" type="checkbox">
 89 |                             Hidden
 90 |                         </label>
 91 |                     </div>
 92 | 
 93 |                     <input type="hidden" value="{{ nonce }}" name="nonce" id="nonce">
 94 |                     <div style="text-align:center">
 95 |                         <button class="btn btn-success btn-outlined update-challenge-submit" type="submit">Update</button>
 96 |                     </div>
 97 |                 </form>
 98 |             </div>
 99 |         </div>
100 |     </div>
101 | </div>


--------------------------------------------------------------------------------
/assets/online-challenge-modal.njk:
--------------------------------------------------------------------------------
  1 | <div class="modal-dialog" role="document">
  2 |     <div class="modal-content">
  3 |         <div class="modal-body">
  4 |             <button type="button" class="close" data-dismiss="modal" aria-label="Close">
  5 |               <span aria-hidden="true">&times;</span>
  6 |             </button>
  7 |             <ul class="nav nav-tabs">
  8 |               <li class="nav-item">
  9 |                 <a class="nav-link active " href="#challenge">Challenge</a>
 10 |               </li>
 11 |               {% if solves == '-1 Solves' %}
 12 |               {% else %}
 13 |               <li class="nav-item">
 14 |                 <a class="nav-link chal-solves" href="#solves">{{solves}}</a>
 15 |               </li>
 16 |               {% endif %}
 17 |             </ul>
 18 |             <div role="tabpanel">
 19 |                 <div class="tab-content">
 20 |                     <div role="tabpanel" class="tab-pane fade show active" id="challenge">
 21 |                         <h2 class='chal-name text-center pt-3'>{{ name }}</h2>
 22 |                         <h3 class="chal-value text-center">{{ value }}</h3>
 23 |                         <div class="chal-tags text-center">
 24 |                         {% for tag in tags %}
 25 |                             <span class='badge badge-info chal-tag'>{{tag}}</span>
 26 |                         {% endfor %}
 27 |                         </div>
 28 |                         <span class="chal-desc">{{ desc }}</span>
 29 |                         <div class="chal-hints hint-row row">
 30 |                             {% for hint in hints %}
 31 |                             <div class='col-md-12 hint-button-wrapper text-center mb-3'>
 32 |                                 <a class="btn btn-info btn-hint btn-block" href="javascript:;" onclick="javascript:loadhint({{hint.id}})">
 33 |                                     {% if hint.hint %}
 34 |                                         <small>
 35 |                                         View Hint
 36 |                                         </small>
 37 |                                     {% else %}
 38 |                                         {% if hint.cost %}
 39 |                                             <small>
 40 |                                             Unlock Hint for {{hint.cost}} points
 41 |                                             </small>
 42 |                                         {% else %}
 43 |                                             <small>
 44 |                                             View Hint
 45 |                                             </small>
 46 |                                         {% endif %}
 47 |                                     {% endif %}
 48 |                                 </a>
 49 |                             </div>
 50 |                             {% endfor %}
 51 |                         </div>
 52 |                         <div class="row chal-files text-center pb-3">
 53 |                             {% for file in files %}
 54 |                             <div class='col-md-4 col-sm-4 col-xs-12 file-button-wrapper d-block'>
 55 |                                 <a class='btn btn-info btn-file mb-1 d-inline-block px-2 w-100 text-truncate' href='{{script_root}}/files/{{file}}'>
 56 |                                     <i class="fas fa-download"></i>
 57 |                                     <small>
 58 |                                     {{ file.split('/')[1] }}
 59 |                                     </small>
 60 |                                 </a>
 61 |                             </div>
 62 |                             {% endfor %}
 63 |                         </div>
 64 | 
 65 |                         <div class="row submit-row">
 66 |                             <div class="col-md-9 form-group">
 67 |                                 <input class="form-control" type="text" name="answer" id="answer-input" placeholder="Flag" />
 68 |                                 <input id="chal-id" type="hidden" value="{{id}}">
 69 |                             </div>
 70 |                             <div class="col-md-3 form-group key-submit">
 71 |                                 <button type="submit" id="submit-key" tabindex="5" class="btn btn-md btn-outline-secondary float-right">Submit</button>
 72 |                             </div>
 73 |                             <div class="col-md-12">
 74 |                                 <p class="text-muted">Dynamic flag will update every 5 minutes.</p>
 75 |                                 <p class="text-warning">Wait a moment if you are mistaken for cheating!</p>
 76 |                             </div>
 77 |                         </div>
 78 | 
 79 |                         <div class="row notification-row">
 80 |                             <div class="col-md-12">
 81 |                                 <div id="result-notification" class="alert alert-dismissable text-center w-100" role="alert" style="display: none;">
 82 |                                   <strong id="result-message"></strong>
 83 |                                 </div>
 84 |                             </div>
 85 |                         </div>
 86 |                     </div>
 87 |                     <div role="tabpanel" class="tab-pane fade" id="solves">
 88 |                         <div class="row">
 89 |                             <div class="col-md-12">
 90 |                                 <table class="table table-striped text-center">
 91 |                                     <thead>
 92 |                                         <tr>
 93 |                                             <td><b>Name</b>
 94 |                                             </td>
 95 |                                             <td><b>Date</b>
 96 |                                             </td>
 97 |                                         </tr>
 98 |                                     </thead>
 99 |                                     <tbody id="chal-solves-names">
100 |                                     </tbody>
101 |                                 </table>
102 |                             </div>
103 |                         </div>
104 |                     </div>
105 |                 </div>
106 |             </div>
107 |         </div>
108 |     </div>
109 | </div>


--------------------------------------------------------------------------------
/__init__.py:
--------------------------------------------------------------------------------
  1 | #!/usr/bin/env python
  2 | # -*- coding: utf-8 -*-
  3 | # @Date    : 2018/2/14 12:56
  4 | # @Author  : Xu
  5 | # @Site    : https://xuccc.github.io/
  6 | # @Version : $
  7 | 
  8 | import arrow
  9 | import os
 10 | from flask import render_template, Blueprint
 11 | from flask import request, jsonify,session
 12 | 
 13 | from CTFd.plugins import register_plugin_assets_directory
 14 | from CTFd.plugins.challenges import BaseChallenge, CHALLENGE_CLASSES, CTFdStandardChallenge, get_key_class
 15 | from CTFd.models import db, Solves, WrongKeys, Keys, Challenges, Files, Tags, Teams
 16 | from CTFd.plugins.keys import BaseKey, KEY_CLASSES
 17 | from CTFd.utils import admins_only, is_admin, upload_file, delete_file
 18 | 
 19 | from CTFd.config import Config
 20 | 
 21 | online = Blueprint('onlinechallenge', __name__, template_folder="templates")
 22 | 
 23 | 
 24 | class OnlineKey(BaseKey):
 25 |     id = 2
 26 |     name = "online"
 27 |     templates = {
 28 |         'create': '/plugins/CTFdOnlineChallenge/assets/create-dynamic-modal.njk',
 29 |         'update': '/plugins/CTFdOnlineChallenge/assets/edit-dynamic-modal.njk',
 30 |     }
 31 | 
 32 |     @staticmethod
 33 |     def compare(saved, provided):
 34 |         if len(saved) != len(provided):
 35 |             return False
 36 |         result = 0
 37 |         for x, y in zip(saved, provided):
 38 |             result |= ord(x) ^ ord(y)
 39 |         return result == 0
 40 | 
 41 | 
 42 | class CTFdOnlineChallenge(Challenges):
 43 |     __mapper_args__ = {'polymorphic_identity': 'online'}
 44 |     id = db.Column(None, db.ForeignKey('challenges.id'), primary_key=True)
 45 |     token = db.Column(db.String(80))
 46 | 
 47 |     def __init__(self, name, description, value, category, token, type='online'):
 48 |         self.name = name
 49 |         self.description = description
 50 |         self.value = value
 51 |         self.category = category
 52 |         self.type = type
 53 |         self.token = token
 54 | 
 55 | class CheatTeam(db.Model):
 56 |     id = db.Column(db.Integer, primary_key=True)
 57 |     chal = db.Column(db.String)
 58 |     cheat = db.Column(db.String)
 59 |     cheatd = db.Column(db.String)
 60 | 
 61 |     date = db.Column(db.String(40),default=arrow.now().format())
 62 |     flag = db.Column(db.String(40))
 63 | 
 64 |     def __init__(self,chal,cheat,cheatd,flag):
 65 |         self.chal = chal
 66 |         self.cheat = cheat
 67 |         self.cheatd = cheatd
 68 |         self.flag = flag
 69 | 
 70 | class OnlineTypeChallenge(CTFdStandardChallenge):
 71 |     id = 'online'
 72 |     name = 'online'
 73 |     templates = {  # Handlebars templates used for each aspect of challenge editing & viewing
 74 |         'create': '/plugins/CTFdOnlineChallenge/assets/online-challenge-create.njk',
 75 |         'update': '/plugins/CTFdOnlineChallenge/assets/online-challenge-update.njk',
 76 |         'modal' : '/plugins/CTFdOnlineChallenge/assets/online-challenge-modal.njk',
 77 |     }
 78 |     scripts = {  # Scripts that are loaded when a template is loaded
 79 |         'create': '/plugins/CTFdOnlineChallenge/assets/online-challenge-create.js',
 80 |         'update': '/plugins/CTFdOnlineChallenge/assets/online-challenge-update.js',
 81 |         'modal' : '/plugins/CTFdOnlineChallenge/assets/online-challenge-modal.js',
 82 |     }
 83 | 
 84 |     @staticmethod
 85 |     def create(request):
 86 |         """
 87 |         This method is used to process the challenge creation request.
 88 | 
 89 |         :param request:
 90 |         :return:
 91 |         """
 92 |         # Create challenge
 93 |         chal = CTFdOnlineChallenge(
 94 |                 name=request.form['name'],
 95 |                 description=request.form['description'],
 96 |                 token=request.form.get('keydata'),
 97 |                 value=request.form['value'],
 98 |                 category=request.form['category'],
 99 |                 type=request.form['chaltype']
100 |         )
101 | 
102 |         if 'hidden' in request.form:
103 |             chal.hidden = True
104 |         else:
105 |             chal.hidden = False
106 | 
107 |         max_attempts = request.form.get('max_attempts')
108 |         if max_attempts and max_attempts.isdigit():
109 |             chal.max_attempts = int(max_attempts)
110 | 
111 |         db.session.add(chal)
112 |         db.session.commit()
113 | 
114 |         flag = Keys(chal.id, request.form['key'], request.form['key_type[0]'])
115 |         if request.form.get('keydata'):
116 |             flag.data = request.form.get('keydata')
117 |         db.session.add(flag)
118 | 
119 |         db.session.commit()
120 | 
121 |         files = request.files.getlist('files[]')
122 |         for f in files:
123 |             upload_file(file=f, chalid=chal.id)
124 | 
125 |         db.session.commit()
126 | 
127 |     @staticmethod
128 |     def read(challenge):
129 |         """
130 |         This method is in used to access the data of a challenge in a format processable by the front end.
131 | 
132 |         :param challenge:
133 |         :return: Challenge object, data dictionary to be returned to the user
134 |         """
135 |         challenge = CTFdOnlineChallenge.query.filter_by(id=challenge.id).first()
136 |         data = {
137 |             'id'          : challenge.id,
138 |             'name'        : challenge.name,
139 |             'value'       : challenge.value,
140 |             'description' : challenge.description,
141 |             'category'    : challenge.category,
142 |             'hidden'      : challenge.hidden,
143 |             'max_attempts': challenge.max_attempts,
144 |             'type'        : challenge.type,
145 |             'token'       : challenge.token,
146 |             'type_data'   : {
147 |                 'id'       : OnlineTypeChallenge.id,
148 |                 'name'     : OnlineTypeChallenge.name,
149 |                 'templates': OnlineTypeChallenge.templates,
150 |                 'scripts'  : OnlineTypeChallenge.scripts,
151 |             }
152 |         }
153 |         return challenge, data
154 | 
155 |     @staticmethod
156 |     def update(challenge, request):
157 |         """
158 |         This method is used to update the information associated with a challenge. This should be kept strictly to the
159 |         Challenges table and any child tables.
160 | 
161 |         :param challenge:
162 |         :param request:
163 |         :return:
164 |         """
165 |         challenge = CTFdOnlineChallenge.query.filter_by(id=challenge.id).first()
166 | 
167 |         challenge.name = request.form['name']
168 |         challenge.description = request.form['description']
169 |         challenge.value = int(request.form.get('value', 0)) if request.form.get('value', 0) else 0
170 |         challenge.max_attempts = int(request.form.get('max_attempts', 0)) if request.form.get('max_attempts', 0) else 0
171 |         challenge.category = request.form['category']
172 |         challenge.hidden = 'hidden' in request.form
173 |         token = request.form['token']
174 |         key = Keys.query.filter_by(data=challenge.token).first()
175 |         key.data = token
176 |         challenge.token = token
177 | 
178 |         db.session.commit()
179 |         db.session.close()
180 | 
181 |     @staticmethod
182 |     def delete(challenge):
183 |         """
184 |         This method is used to delete the resources used by a challenge.
185 | 
186 |         :param challenge:
187 |         :return:
188 |         """
189 |         WrongKeys.query.filter_by(chalid=challenge.id).delete()
190 |         Solves.query.filter_by(chalid=challenge.id).delete()
191 |         Keys.query.filter_by(chal=challenge.id).delete()
192 |         files = Files.query.filter_by(chal=challenge.id).all()
193 |         for f in files:
194 |             delete_file(f.id)
195 |         Files.query.filter_by(chal=challenge.id).delete()
196 |         Tags.query.filter_by(chal=challenge.id).delete()
197 |         Challenges.query.filter_by(id=challenge.id).delete()
198 |         CTFdOnlineChallenge.query.filter_by(id=challenge.id).delete()
199 |         db.session.commit()
200 | 
201 |     @staticmethod
202 |     def attempt(chal, request):
203 |         """
204 |         This method is used to check whether a given input is right or wrong. It does not make any changes and should
205 |         return a boolean for correctness and a string to be shown to the user. It is also in charge of parsing the
206 |         user's input from the request itself.
207 | 
208 |         :param chal: The Challenge object from the database
209 |         :param request: The request the user submitted
210 |         :return: (boolean, string)
211 |         """
212 |         provided_key = request.form['key'].strip()
213 |         team = Teams.query.filter_by(id=session['id']).first()
214 |         cheatd = Solves.query.filter_by(flag=provided_key).first()
215 |         if cheatd != None:
216 |             find = CheatTeam(
217 |                     chal=cheatd.chalid,
218 |                     cheat=team.name,
219 |                     cheatd=cheatd.teamid,
220 |                     flag=provided_key
221 |             )
222 |             db.session.add(find)
223 |             db.session.commit()
224 |             return False,'Warning,you must be copy others\'s flag!'
225 |         chal_keys = Keys.query.filter_by(chal=chal.id).all()
226 |         for chal_key in chal_keys:
227 |             if get_key_class(chal_key.type).compare(chal_key.flag, provided_key):
228 |                 return True, 'Correct'
229 |         return False, 'Incorrect'
230 | 
231 | 
232 | def filter(request):
233 |     """
234 | 
235 |     :param request:
236 |     :return:
237 |     """
238 |     flag = request.args.get('flag')
239 |     token = request.args.get('token')
240 |     time = request.args.get('time', arrow.now().timestamp)
241 |     k = Keys.query.filter_by(data=token).first() if token else None
242 |     return flag, token, time, k
243 | 
244 | 
245 | def save(k, flag):
246 |     """
247 | 
248 |     :param k: class 'CTFd.models.Keys'
249 |     :param flag: string
250 |     :return:
251 |     """
252 |     k.flag = flag
253 |     db.session.commit()
254 |     db.session.close()
255 |     return '1'
256 | 
257 | 
258 | def client(**kwargs):
259 |     """
260 |     Return data to client
261 |     :param kwargs:
262 |     :return: dict
263 |     """
264 |     return {
265 |         'check'    : kwargs.get('check', False),
266 |         'reason'   : kwargs.get('reason'),
267 |         'flag_old' : kwargs.get('flag_old'),
268 |         'flag_new' : kwargs.get('flag_new'),
269 |         'timestamp': kwargs.get('time')
270 |     }
271 | 
272 | 
273 | def log(state = None,content=None,path='onlineChallenge.log'):
274 |     class Templete:
275 |         pass
276 |     path = os.path.join(Config.LOG_FOLDER,path) # CTFd/logs/onlineChallenge.log
277 |     line = "[{}] <{}> {}\n".format(arrow.now().format(),request.remote_addr,request.args)
278 |     with open(path,'a') as f:
279 |         f.write(line)
280 | 
281 | @online.route('/dynamic/keys', methods=['POST', 'GET'])
282 | def get_data():
283 |     if request.method == 'GET':
284 |         if is_admin() is False:
285 |             log()
286 |             # Get client data
287 |             flag, token, time, k = filter(request)
288 |             if k is not None:
289 |                 data = client(check=True, flag_old=k.flag, flag_new=flag, time=time)
290 |                 save(k, flag)
291 |             if k is None:
292 |                 data = client(reason='token wrong', time=time)
293 |             return jsonify(data)
294 |         if is_admin() is True:
295 |             # Show Serve log to admin
296 |             return jsonify(client(reason='admin'))
297 |     elif request.method == 'POST':
298 |         # TODO
299 |         data = {}
300 |         return jsonify(data)
301 | @online.route('/admin/onlinechallenge',methods=['GET'])
302 | @admins_only
303 | def show_cheat():
304 |     if request.method == 'GET':
305 |         cheats = CheatTeam.query.all()
306 |         return render_template('cheat.html',cheats=cheats)
307 | 
308 | def load(app):
309 |     app.db.create_all()
310 |     KEY_CLASSES['online'] = OnlineKey
311 |     CHALLENGE_CLASSES['online'] = OnlineTypeChallenge
312 |     app.register_blueprint(online)
313 |     register_plugin_assets_directory(app, base_path='/plugins/CTFdOnlineChallenge/assets')
314 | 
315 | 
316 | 


--------------------------------------------------------------------------------