easyctf/easyctf-2017
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Merge branch 'master' of github.com:failedxyz/easyctf

Browse source
This commit is contained in:
Michael Zhang 2015-12-23 23:29:33 -06:00
commit a15eeacf9c
6 changed files with 42 additions and 21 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
README.md
View file

@ -17,6 +17,8 @@ If you have any issues during installation, file an issue.
## Notes ## Notes
####reCAPTCHA ####reCAPTCHA
Do not worry if you see "ERROR: Invalid domain for site key", the reCAPTCHA expects to be hosted on the domain "easyctf.com" and will not function properly until it is.
Site Key: *6Lc4xhMTAAAAAIaiF3yEWGbHRaGgMg4FHor61p1G* Site Key: *6Lc4xhMTAAAAAIaiF3yEWGbHRaGgMg4FHor61p1G*
Secret Key: *6Lc4xhMTAAAAACFaG2NyuKoMdZQtSa_1LI76BCEu* Secret Key: *6Lc4xhMTAAAAACFaG2NyuKoMdZQtSa_1LI76BCEu*

3
scripts/requirements.txt
View file

@ -2,4 +2,5 @@ Flask
mysql-python mysql-python
Flask-SQLAlchemy Flask-SQLAlchemy
SQLAlchemy SQLAlchemy
gunicorn gunicorn
requests

14
server/api/user.py
View file

@ -4,6 +4,7 @@ from flask import current_app as app
from models import db, Users from models import db, Users
from utils import api_wrapper from utils import api_wrapper
import requests
import utils import utils
blueprint = Blueprint("user", __name__) blueprint = Blueprint("user", __name__)
@ -11,6 +12,9 @@ blueprint = Blueprint("user", __name__)
@blueprint.route("/register", methods=["POST"]) @blueprint.route("/register", methods=["POST"])
@api_wrapper @api_wrapper
def user_register(): def user_register():
if not validate_captcha(request.form):
return { "success": 0, "message": "Please do the captcha." }
name = request.form["name"] name = request.form["name"]
username = request.form["username"] username = request.form["username"]
password = request.form["password"] password = request.form["password"]
@ -59,3 +63,13 @@ def add_user(name, username, email, password):
user = Users(name, username, email, password) user = Users(name, username, email, password)
db.session.add(user) db.session.add(user)
db.session.commit() db.session.commit()
def validate_captcha(form):
if "captcha_response" not in form:
return False
captcha_response = form["captcha_response"]
data = {"secret": "6Lc4xhMTAAAAACFaG2NyuKoMdZQtSa_1LI76BCEu", "response": captcha_response}
response = requests.post("https://www.google.com/recaptcha/api/siteverify", data=data)
if response.json()["success"]:
return True
return False

16
web/about.html
View file

@ -23,16 +23,18 @@
<div class="page-header"> <div class="page-header">
<h2 style="font-size: 2.5em;">Why Capture the Flag?</h2> <h2 style="font-size: 2.5em;">Why Capture the Flag?</h2>
</div> </div>
<p style="font-size:1.2em;">Capture the Flag? Hope you brought your gym clothes! Just kidding. This time we promise no one will end up with a floor burn. Capture the flag contests, or CTFs for short, are intense cybersecurity contests that take place all over the world. To hit the top of the scoreboard, participants (and their teammates) must capture a piece of information, known as a flag. All of our problems will, after a little bit of this and that, will provide you with a flag which you can submit for points. Harder problems are worth more points. With most CTFs, it can be hard to determine whether or not you have the flag. Sometimes it's a long string of numbers or letters and it's hard to distinguish from the sorrounding code. Here at EasyCTF, our flags -- when you find them -- will look something like this: <code style="background-color:#FFFEEA;color:#FF4D4D;">flag{this_is_a_flag}</code>. Simply enter in the data between the curly braces (case-insensative) and you'll get your due points. The more flags you find, and the harder flags you find, the easier it will be for you to move up the scoreboard. If you are in one of the highest scoring teams at the end of the competition, your team will win bragging rights, and some pretty cool prizes.</p>
<p>No, we're not running around in a gym, tagging other players. <b>Capture the flag</b> contests, or CTFs for short, are intense cybersecurity contests where participants try to capture a piece of information. To do this, they must use skills to capture a <i>virtual</i> flag, usually taking the form of a string, like this: <code>flag{this_is_a_flag}</code>. There are two common types of CTF competitions: <b>jeopardy</b>, and <b>attack-defense</b>.</p>
<p>CTFs are different from the hacking you may hear from the news. While hacking is commonly associated with stealing and destruction, CTFs are all about learning and community.</p>
<div class="page-header"> <div class="page-header">
<h2 style="font-size: 2.5em;">EasyCTF</h2> <h2 style="font-size: 2.5em;">Isn't Hacking Illegal?</h2>
</div> </div>
<p style="font-size:1.2em;">Yes and no. Despite the connotation "hacking" has recieved in contemporary culture and media, hacking is more or less split up into two categorizations, <i>Black Hat</i> and <i>White Hat</i>. Black Hat hackers are the ones you hear about on the news; attacking websites and their accounts to steal information or money. They attack without warning, all for their own benefit. Black Hat hackers go to prison. White Hat hackers, while rarely in the news, are the men and women who, <b><span style="text-decoration:underline;">with permission</span></b>, attack a website or service in order to find holes in the security and report them to the owners for patching. The types of hacking you will be doing in the competition are created by the EasyCTF team just for you. Take part in EasyCTF to show off your skills as a white hat hacker.</p>
<p>EasyCTF is a CTF that's tailored for the high school level. Started by high school students, it was created with a passion for learning. The following events have passed, but the site will remain online for historical purposes.</p> <div class="page-header">
<h2 style="font-size: 2.5em;">So What's EasyCTF?</h2>
</div> </div>
<p style="font-size:1.2em;">EasyCTF is a CTF that's tailored for the high school level. Started by high school students, it was created with a passion for learning. With computer science related fields doubling in size over the next decade, The United States, and the world are short on programmers. The world has started to focus in on the youth of the world, from teenagers all the way down to five and six year olds. Being the future of the world, it is imperative a large enough percentage of the population is trained and educated to handle the constant progession of technology. We, the EasyCTF team, have put in countless hours to provide you with a fun, inviting experiance for you and your friends to gang up and hack away. Our challenges range cover significant topics in contemporary computer science such cryptography, web, programming, binary and even more. Here at EasyCTF, we hope to provide you with a fun, competetive, educational, and safe enviroment where you, your friends, or your peers can show off your skills behind the keyboard for the world to see. Good luck, see you soon!</p>
</div>
<br>
<br>
</center> </center>
</body> </body>
</html> </html>

9
web/js/register.js
View file

@ -1,19 +1,22 @@
$("#registration-form").on("submit", function(e) { $("#registration-form").on("submit", function(e) {
e.preventDefault(); e.preventDefault();
register($("#name").val(), $("#username").val(), $("#password").val(), $("#password_confirm").val(), $("#email").val()); register($("#name").val(), $("#username").val(), $("#password").val(), $("#password_confirm").val(), $("#email").val(), $("#g-recaptcha-response").val());
}); });
function register(name, username, password, password_confirm, email) { function register(name, username, password, password_confirm, email, captcha_response) {
$.post("/api/user/register", { $.post("/api/user/register", {
name: name, name: name,
username: username, username: username,
password: password, password: password,
password_confirm: password_confirm, password_confirm: password_confirm,
email: email email: email,
captcha_response: captcha_response
}, function(data) { }, function(data) {
$("#status").text(data.message); $("#status").text(data.message);
if (data.success == 1) { if (data.success == 1) {
// wait then redirect or whatever // wait then redirect or whatever
} else {
grecaptcha.reset();
} }
}); });
} }

19
web/register.html
View file

@ -22,16 +22,16 @@
<hr style="margin-left: 10em; margin-right: 10em;"> <hr style="margin-left: 10em; margin-right: 10em;">
<br> <br>
<form id="registration-form" action="return false;"> <form id="registration-form" action="return false;">
<select name="gender" class="ui dropdown" id="select" style="width: 50em;">
<option value="1">Student (U.S. High School or Middle School)</option>
<option value="2">Teacher (U.S. High School or Middle School)</option>
<option value="3">Other (Observer, Parent, Foreigner, etc.)</option>
</select>
<br><br>
<div class="ui input"> <div class="ui input">
<input id="name" type="text" placeholder="Name" id="name" style="width:50em;"> <input id="name" type="text" placeholder="Name" id="name" style="width:50em;">
</div> </div>
<br><br> <br><br>
<select name="gender" class="ui dropdown" id="select" style="width: 50em;">
<option value="1">US Middle/High School Student</option>
<option value="2">US Middle/High School Teacher</option>
<option value="3">Non-US/Non-Student/Observer</option>
</select>
<br><br>
<div class="ui input"> <div class="ui input">
<input id="username" type="text" placeholder="Username" style="width:50em;"> <input id="username" type="text" placeholder="Username" style="width:50em;">
</div> </div>
@ -49,10 +49,9 @@
</div> </div>
<br><br> <br><br>
<div class="g-recaptcha" data-sitekey="6Lc4xhMTAAAAAIaiF3yEWGbHRaGgMg4FHor61p1G"></div> <div class="g-recaptcha" data-sitekey="6Lc4xhMTAAAAAIaiF3yEWGbHRaGgMg4FHor61p1G"></div>
<br><br> <br>
<button class="ui primary button" style="width:25em"> <p>Don't worry, you can make or join a team after you register.</p>
Submit <button class="ui primary button" style="width:25em">Submit</button>
</button>
</form> </form>
</center> </center>
<div id="status"> <div id="status">