CCIT CTF 2019

README.md

@@ -64,5 +64,5 @@ Feel free to start editing your theme from the default theme `dctf2017` (under t
 
 Contacts
 --------
-CTForge is developed by [Marco Squarcina](https://minimalblue.com) aided by all the guys from [c00kies@venice](https://secgroup.github.io/).
+CTForge is developed by [Marco Squarcina](https://minimalblue.com), Mauro Tempesta and Lorenzo Veronese aided by all the guys from [c00kies@venice](https://secgroup.github.io/).
 

ctforge/__init__.py

@@ -1,15 +1,38 @@
 #!/usr/bin/env python3
 # -*- coding: utf-8 -*-
 
+# CTForge: Forge your own CTF.
+
+# Copyright (C) 2016-2019  Marco Squarcina
+# Copyright (C) 2016-2019  Mauro Tempesta
+# Copyright (C) 2016-2019  Lorenzo Veronese
+
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published
+# by the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+
+# You should have received a copy of the GNU Affero General Public License
+# along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
+
 import os
 import sys
 import logging
 from flask import Flask
+from flask.json import JSONEncoder
 from flask_login import LoginManager
 from flask_wtf.csrf import CSRFProtect
 from flask_misaka import Misaka
 from flask_cache import Cache
 
+from datetime import date, timedelta
+
 from ctforge import utils
 
 
@@ -30,9 +53,10 @@
     traceback.print_exc()
     pass
 
-app = Flask(__name__, static_folder=config['STATIC_FOLDER'], 
+app = Flask(__name__, static_folder=config['STATIC_FOLDER'],
                      template_folder=config['TEMPLATE_FOLDER'])
 app.config.update(config)
+app.config['SEND_FILE_MAX_AGE_DEFAULT'] = timedelta(minutes=30)
 
 login_manager = LoginManager()
 login_manager.init_app(app)
@@ -63,4 +87,19 @@
     except (FileNotFoundError, PermissionError) as e:
         sys.stderr.write('[!] Unable to access the log file {}\n'.format(logfile))
 
+
+class CustomJSONEncoder(JSONEncoder):
+    def default(self, obj):
+        try:
+            if isinstance(obj, date):
+                return obj.strftime("%a, %d %b %Y %H:%M:%S")
+            iterable = iter(obj)
+        except TypeError:
+            pass
+        else:
+            return list(iterable)
+        return JSONEncoder.default(self, obj)
+
+app.json_encoder = CustomJSONEncoder
+
 import ctforge.views

ctforge/database.py

@@ -1,6 +1,26 @@
 #!/usr/bin/env python3
 # -*- coding: utf-8 -*-
 
+# CTForge: Forge your own CTF.
+
+# Copyright (C) 2016-2019  Marco Squarcina
+# Copyright (C) 2016-2019  Mauro Tempesta
+# Copyright (C) 2016-2019  Lorenzo Veronese
+
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published
+# by the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+
+# You should have received a copy of the GNU Affero General Public License
+# along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
+
 import sys
 import psycopg2
 from flask import g, flash

ctforge/db/procedures.sql

@@ -1,3 +1,23 @@
+
+-- CTForge: Forge your own CTF.
+
+-- Copyright (C) 2016-2019  Marco Squarcina
+-- Copyright (C) 2016-2019  Mauro Tempesta
+-- Copyright (C) 2016-2019  Lorenzo Veronese
+
+-- This program is free software: you can redistribute it and/or modify
+-- it under the terms of the GNU Affero General Public License as published
+-- by the Free Software Foundation, either version 3 of the License, or
+-- (at your option) any later version.
+
+-- This program is distributed in the hope that it will be useful,
+-- but WITHOUT ANY WARRANTY; without even the implied warranty of
+-- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+-- GNU Affero General Public License for more details.
+
+-- You should have received a copy of the GNU Affero General Public License
+-- along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
 /* Get the ID of the current round. */
 CREATE OR REPLACE FUNCTION get_current_round() RETURNS INT AS $$
 DECLARE

ctforge/db/schema.sql

@@ -1,3 +1,23 @@
+
+-- CTForge: Forge your own CTF.
+
+-- Copyright (C) 2016-2019  Marco Squarcina
+-- Copyright (C) 2016-2019  Mauro Tempesta
+-- Copyright (C) 2016-2019  Lorenzo Veronese
+
+-- This program is free software: you can redistribute it and/or modify
+-- it under the terms of the GNU Affero General Public License as published
+-- by the Free Software Foundation, either version 3 of the License, or
+-- (at your option) any later version.
+
+-- This program is distributed in the hope that it will be useful,
+-- but WITHOUT ANY WARRANTY; without even the implied warranty of
+-- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+-- GNU Affero General Public License for more details.
+
+-- You should have received a copy of the GNU Affero General Public License
+-- along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
 CREATE TABLE teams (
     id            SERIAL,
     ip            VARCHAR(15) NOT NULL,
@@ -54,6 +74,41 @@ CREATE TABLE challenges (
     UNIQUE (name)
 );
 
+CREATE TABLE public_files (
+    name    TEXT NOT NULL,
+    content TEXT NOT NULL,
+    PRIMARY KEY (name)
+);
+
+CREATE TABLE hints (
+    id           SERIAL,
+    penalty      INT NOT NULL DEFAULT 10,
+    challenge_id INT NOT NULL,
+    description  TEXT,
+    PRIMARY KEY (id),
+    FOREIGN KEY (challenge_id) REFERENCES challenges (id),
+    UNIQUE (penalty, challenge_id)
+);
+
+CREATE TABLE hint_polls (
+    id           SERIAL,
+    start_time   TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    duration     INT NOT NULL DEFAULT 2700,
+    hint_id      INT,
+    release_time TIMESTAMP,
+    PRIMARY KEY (id),
+    FOREIGN KEY (hint_id) REFERENCES hints (id)
+);
+
+CREATE TABLE hint_polls_choiches (
+    poll_id      INT NOT NULL,
+    user_id      INT NOT NULL,
+    challenge_id INT NOT NULL,
+    PRIMARY KEY (poll_id, user_id),
+    FOREIGN KEY (user_id) REFERENCES users (id),
+    FOREIGN KEY (challenge_id) REFERENCES challenges (id)
+);
+
 CREATE TABLE challenge_attacks (
     user_id       INT NOT NULL,
     challenge_id  INT NOT NULL,

ctforge/exceptions.py

@@ -1,6 +1,26 @@
 #!/usr/bin/env python3
 # -*- coding: utf-8 -*-
 
+# CTForge: Forge your own CTF.
+
+# Copyright (C) 2016-2019  Marco Squarcina
+# Copyright (C) 2016-2019  Mauro Tempesta
+# Copyright (C) 2016-2019  Lorenzo Veronese
+
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published
+# by the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+
+# You should have received a copy of the GNU Affero General Public License
+# along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
+
 class InvalidToken(Exception):
     pass
 

ctforge/forms.py

@@ -1,6 +1,26 @@
 #!/usr/bin/env python3
 # -*- coding: utf-8 -*-
 
+# CTForge: Forge your own CTF.
+
+# Copyright (C) 2016-2019  Marco Squarcina
+# Copyright (C) 2016-2019  Mauro Tempesta
+# Copyright (C) 2016-2019  Lorenzo Veronese
+
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published
+# by the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+
+# You should have received a copy of the GNU Affero General Public License
+# along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
+
 from flask_wtf import FlaskForm
 from wtforms import StringField, PasswordField, HiddenField, IntegerField, BooleanField, TextAreaField, DateTimeField, validators
 
@@ -69,3 +89,5 @@ class JeopardyForm(FlaskForm):
     start_time = DateTimeField('start_time', validators=[validators.Optional()])
     end_time = DateTimeField('end_time', validators=[validators.Optional()])
     ctf_running = BooleanField('ctf_running', validators=[validators.Optional()])
+    freeze_scoreboard = BooleanField('freeze_scoreboard', validators=[validators.Optional()])
+    freeze_time = DateTimeField('freeze_time', validators=[validators.Optional()])

ctforge/scripts/ctfbot.py

@@ -1,6 +1,26 @@
 #!/usr/bin/env python3
 # -*- coding: utf-8 -*-
 
+# CTForge: Forge your own CTF.
+
+# Copyright (C) 2016-2019  Marco Squarcina
+# Copyright (C) 2016-2019  Mauro Tempesta
+# Copyright (C) 2016-2019  Lorenzo Veronese
+
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published
+# by the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+
+# You should have received a copy of the GNU Affero General Public License
+# along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
+
 """
 The ctf swiss army knife: round initializer, flag dispatcher, service checker
 

ctforge/scripts/ctforge.py

@@ -1,6 +1,26 @@
 #!/usr/bin/env python3
 # -*- coding: utf-8 -*-
 
+# CTForge: Forge your own CTF.
+
+# Copyright (C) 2016-2019  Marco Squarcina
+# Copyright (C) 2016-2019  Mauro Tempesta
+# Copyright (C) 2016-2019  Lorenzo Veronese
+
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published
+# by the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+
+# You should have received a copy of the GNU Affero General Public License
+# along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
+
 import os
 import re
 import sys
@@ -102,7 +122,7 @@ def init(args):
     try:
         copy2(args.conf, confile)
     except Exception as e:
-        sys.stderr.write('Error: "{}"\n'.format(args.conf, confile, e))
+        sys.stderr.write('Error: "{}" "{}" "{}"\n'.format(args.conf, confile, e))
 
     if app.config['LOG_FILE'] is not None:
         logfile = app.config['LOG_FILE']
@@ -123,7 +143,9 @@ def imp(args):
     if args.users:
         print('Importing users...')
         users = csv.reader(args.users, delimiter=',', quotechar='"')
-        for user in users:
+        for i,user in enumerate(users):
+            print("{}".format(i))
+            sys.stdout.flush()
             db_add_user(name=user[0], surname=user[1], nickname=user[2], mail=user[3], affiliation=user[4], password=user[5])
         args.users.close()
         print('Done!')
@@ -170,9 +192,10 @@ def parse_args():
     parser_run.add_argument('-D', '--disable-debug', dest='debug', action='store_false', help='Disable debug mode')
 
     parser_import = subparsers.add_parser('import_users', help='Import users')
-    parser_import.add_argument('-u', '--users', type=argparse.FileType('r'),
+    parser_import.add_argument('-u', '--users', type=argparse.FileType('r', encoding='UTF-8'),
                                help='A csv file of users to import. The supported format is: name, surname, nickname, mail, affiliation, password. No header and comma as separator')
 
+
     parser_challenge = subparsers.add_parser('import_challenge', help='Import Challenge')
     parser_challenge.add_argument('challenge', type=argparse.FileType('r'), help='Challenges folder in which each subdirectory contains an `info.json` file')
     parser_challenge.add_argument('--public-files-uri', default='/data/public_files/', help='Webserver public folder')

ctforge/themes/cyberchallenge/static/css/ctforge.css

@@ -1,3 +1,23 @@
+
+/* CTForge: Forge your own CTF.
+   
+
+   Copyright (C) 2016-2019  Marco Squarcina
+   Copyright (C) 2016-2019  Mauro Tempesta
+   Copyright (C) 2016-2019  Lorenzo Veronese
+
+   This program is free software: you can redistribute it and/or modify
+   it under the terms of the GNU Affero General Public License as published
+   by the Free Software Foundation, either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU Affero General Public License for more details.
+
+   You should have received a copy of the GNU Affero General Public License
+   along with this program.  If not, see <https://www.gnu.org/licenses/>. */
 body {
 	min-height: 500px;
 	padding-top: 70px;