Skip to content

Commit

Permalink
Merge pull request #8 from abs0lut3pwn4g3/v1.1alpha
Browse files Browse the repository at this point in the history 
Logging added | Issue #7
  • Loading branch information
Eshaan Bansal authored Jul 31, 2019
2 parents c102167 + 0cff71b commit de53d4e
Show file tree
Hide file tree
Showing 10 changed files with 116 additions and 47 deletions.
1 change: 1 addition & 0 deletions .gitignore
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,3 +3,4 @@ venv/
*.pyc
.vscode/
*.db
.idea/
1 change: 1 addition & 0 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -98,3 +98,4 @@ Please see: [issues](https://github.com/abs0lut3pwn4g3/RTB-CTF-Framework/issues)
<img src="screenshots/home_ss.png" width=400 />
<img src="screenshots/scoreboard_ss.png" width=400 />
<img src="screenshots/machine_ss.png" width=400 />

6 changes: 5 additions & 1 deletion src/FlaskRTBCTF/__init__.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
from flask_login import LoginManager
from flask_admin import Admin
from flask_mail import Mail
from FlaskRTBCTF.config import Config
from FlaskRTBCTF.config import Config, LOGGING
import os

db = SQLAlchemy()
Expand All @@ -26,9 +26,13 @@ def create_app(config_class=Config):
# Add model views
from FlaskRTBCTF.admin.views import MyModelView
from FlaskRTBCTF.models import User, Score, Notification
if LOGGING:
from FlaskRTBCTF.models import Logs
admin_manager.add_view(MyModelView(User, db.session))
admin_manager.add_view(MyModelView(Score, db.session))
admin_manager.add_view(MyModelView(Notification, db.session))
if LOGGING:
admin_manager.add_view(MyModelView(Logs, db.session))
mail.init_app(app)

from flask_sslify import SSLify
Expand Down
2 changes: 1 addition & 1 deletion src/FlaskRTBCTF/admin/views.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,4 +27,4 @@ def _handle_view(self, name, **kwargs):
abort(403)
#else:
# login
# return redirect(url_for('user.login', next=request.url))
# return redirect(url_for('user.login', next=request.url))
14 changes: 9 additions & 5 deletions src/FlaskRTBCTF/config.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,10 +39,10 @@ class Config:
# Specify CTFs Running Time

RunningTime = {
"from": datetime(2019,7,7,15,00,00,0, pytz.timezone('Asia/Calcutta')),
"to": datetime(2019,7,8,0,00,00,0, pytz.timezone('Asia/Calcutta')),
"TimeZone": "IST"
} # Use `pytz.utc` for UTC timezone
"from": datetime(2019,7,7,15,00,00,0, pytz.utc),
"to": datetime(2019,7,8,0,00,00,0, pytz.utc),
"TimeZone": "UTC"
} # We do not recommended changing the Timezone.

# Specify Your Pwnable Box/Machine settings

Expand All @@ -61,4 +61,8 @@ class Config:
userScore = 10
rootScore = 20

# NOTE: CHANGE DEFAULT ADMIN CREDENTIALS in create_db.py !!!
# Logging: Set to 'True' to enable Logging in Admin Views.

LOGGING = True # We recommend to leave it on.

# NOTE: CHANGE DEFAULT ADMIN CREDENTIALS in create_db.py !!!
23 changes: 21 additions & 2 deletions src/FlaskRTBCTF/ctf/routes.py
View file
Original file line number Diff line number Diff line change
@@ -1,11 +1,13 @@
''' views / routes '''

from flask import Blueprint, render_template, flash
from flask import Blueprint, render_template, flash, request
from flask_login import current_user, login_required
from FlaskRTBCTF import db, bcrypt
from FlaskRTBCTF.config import organization, box, userHash, rootHash, userScore, rootScore, LOGGING
from FlaskRTBCTF.models import User, Score
if LOGGING:
from FlaskRTBCTF.models import Logs
from FlaskRTBCTF.ctf.forms import UserHashForm, RootHashForm
from FlaskRTBCTF.config import organization, box, userHash, rootHash, userScore, rootScore
from datetime import datetime

ctf = Blueprint('ctf', __name__)
Expand All @@ -29,6 +31,13 @@ def scoreboard():
@ctf.route("/machine")
@login_required
def machine():
user = User.query.get(current_user.id)
if LOGGING:
log = Logs.query.get(current_user.id)
if log.visitedMachine is False:
log.visitedMachine = True
log.machineVisitTime = datetime.utcnow()
db.session.commit()
userHashForm = UserHashForm()
rootHashForm = RootHashForm()
return render_template('machine.html', userHashForm=userHashForm,
Expand All @@ -50,6 +59,11 @@ def validateRootHash():
score.rootHash = True
score.points += rootScore
score.timestamp = datetime.utcnow()
if LOGGING:
log = Logs.query.get(current_user.id)
log.rootSubmissionIP = request.access_route[0]
log.rootSubmissionTime = datetime.utcnow()
log.rootOwnTime = str(log.rootSubmissionTime - log.machineVisitTime)
db.session.commit()
flash("Congrats! correct system hash.", "success")
else:
Expand All @@ -75,6 +89,11 @@ def validateUserHash():
score.userHash = True
score.points += userScore
score.timestamp = datetime.utcnow()
if LOGGING:
log = Logs.query.get(current_user.id)
log.userSubmissionIP = request.access_route[0]
log.userSubmissionTime = datetime.utcnow()
log.userOwnTime = str(log.userSubmissionTime - log.machineVisitTime)
db.session.commit()
flash("Congrats! correct user hash.", "success")
else:
Expand Down
27 changes: 25 additions & 2 deletions src/FlaskRTBCTF/models.py
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
''' Models '''

from flask import current_app
from FlaskRTBCTF.config import LOGGING
from FlaskRTBCTF import db, login_manager
from flask_login import UserMixin
from datetime import datetime
Expand All @@ -17,9 +18,10 @@ class User(db.Model, UserMixin):
username = db.Column(db.String(40), unique=True, nullable=False)
email = db.Column(db.String(120), unique=True, nullable=False)
password = db.Column(db.String(60), nullable=False)
confirmed_at = db.Column(db.DateTime(), default=datetime.utcnow)
isAdmin = db.Column(db.Boolean, default=False)
score = db.relationship('Score', backref='user', lazy=True, uselist=False)
if LOGGING:
logs = db.relationship('Logs', backref='user', lazy=True, uselist=False)

def get_reset_token(self, expires_sec=1800):
s = Serializer(current_app.config['SECRET_KEY'], expires_sec)
Expand All @@ -35,7 +37,7 @@ def verify_reset_token(token):
return User.query.get(user_id)

def __repr__(self):
return f"User('{self.username}', '{self.email}') | Score('{self.score}')"
return f"User('{self.username}', '{self.email}'))"


''' Score Table '''
Expand All @@ -62,3 +64,24 @@ class Notification(db.Model):

def __repr__(self):
return f"Notif('{self.title}', '{self.body}')"


''' Logging Table '''

if LOGGING:
class Logs(db.Model):
user_id = db.Column(db.Integer, db.ForeignKey('user.id'), nullable=False, primary_key=True)
accountCreationTime = db.Column(db.DateTime, nullable=False)
visitedMachine = db.Column(db.Boolean, default=False)
machineVisitTime = db.Column(db.DateTime, nullable=True)
userSubmissionTime = db.Column(db.DateTime, nullable=True)
rootSubmissionTime = db.Column(db.DateTime, nullable=True)
userOwnTime = db.Column(db.String, nullable=True)
rootOwnTime = db.Column(db.String, nullable=True)
userSubmissionIP = db.Column(db.String, nullable=True)
rootSubmissionIP = db.Column(db.String, nullable=True)

def __repr__(self):
return f"Logs('{self.user_id}','{self.machineVisitTime}','{self.userSubmissionTime}'," \
f"'{self.rootSubmissionTime}','{self.userOwnTime}','{self.rootOwnTime}','{self.userSubmissionIP}," \
f" '{self.rootSubmissionIP}'"
10 changes: 9 additions & 1 deletion src/FlaskRTBCTF/users/routes.py
View file
Original file line number Diff line number Diff line change
@@ -1,11 +1,15 @@
from flask import render_template, url_for, flash, redirect, request, Blueprint
from flask_login import login_user, current_user, logout_user, login_required
from FlaskRTBCTF import db, bcrypt
from FlaskRTBCTF.config import organization, LOGGING
from FlaskRTBCTF.models import User, Score
if LOGGING:
from FlaskRTBCTF.models import Logs
from FlaskRTBCTF.users.forms import (RegistrationForm, LoginForm, UpdateAccountForm,
RequestResetForm, ResetPasswordForm)
from FlaskRTBCTF.users.utils import send_reset_email
from FlaskRTBCTF.config import organization

from datetime import datetime

users = Blueprint('users', __name__)

Expand All @@ -23,6 +27,10 @@ def register():
user = User(username=form.username.data,
email=form.email.data, password=hashed_password)
score = Score(user=user, userHash=False, rootHash=False, points=0)
if LOGGING:
log = Logs(user=user, accountCreationTime=datetime.utcnow(), visitedMachine=False, machineVisitTime=None, userSubmissionTime=None,
rootSubmissionTime=None, userSubmissionIP=None, rootSubmissionIP=None)
db.session.add(log)
db.session.add(user)
db.session.add(score)
db.session.commit()
Expand Down
77 changes: 43 additions & 34 deletions src/create_db.py
View file
Original file line number Diff line number Diff line change
@@ -1,42 +1,51 @@
import datetime
from datetime import datetime

from FlaskRTBCTF import create_app, db, bcrypt
from FlaskRTBCTF.models import User, Score, Notification
from FlaskRTBCTF.config import organization
from FlaskRTBCTF.config import organization, LOGGING

if LOGGING:
from FlaskRTBCTF.models import Logs

app = create_app()

# create_app().app_context().push()
with app.app_context():
db.create_all()

# NOTE: CHANGE DEFAULT CREDENTIALS !!!
admin_user = User(
username='admin',
email='[email protected]',
password=bcrypt.generate_password_hash('admin').decode('utf-8'),
confirmed_at=datetime.datetime.now(),
isAdmin = True
)
admin_score = Score(user=admin_user, userHash=False, rootHash=False, points=0)
db.session.add(admin_user)
db.session.add(admin_score)

notif = Notification(
title=f"Welcome to {organization['ctfname']}",
body = "The CTF is live now. Please read rules!"
)
db.session.add(notif)

'''
test = User(
username='test',
email='[email protected]',
password=bcrypt.generate_password_hash('test').decode('utf-8'),
)
testscore = Score(user=test, userHash=False, rootHash=False, points=0)
db.session.add(test)
db.session.add(testscore)
'''

db.session.commit()
db.create_all()

default_time = datetime.utcnow()

# NOTE: CHANGE DEFAULT CREDENTIALS !!!
admin_user = User(
username='admin',
email='[email protected]',
password=bcrypt.generate_password_hash('admin').decode('utf-8'),
isAdmin = True
)
admin_score = Score(user=admin_user, userHash=False, rootHash=False, points=0)
db.session.add(admin_user)
db.session.add(admin_score)

notif = Notification(
title=f"Welcome to {organization['ctfname']}",
body = "The CTF is live now. Please read rules!"
)
db.session.add(notif)

test_user = User(
username='test',
email='[email protected]',
password=bcrypt.generate_password_hash('test').decode('utf-8')
)
test_score = Score(user=test_user, userHash=False, rootHash=False, points=0)
db.session.add(test_user)
db.session.add(test_score)

if LOGGING:
admin_log = Logs(user=admin_user, accountCreationTime=default_time,
visitedMachine=True, machineVisitTime=default_time)
db.session.add(admin_log)
test_log = Logs(user=test_user, accountCreationTime=default_time)
db.session.add(test_log)

db.session.commit()
2 changes: 1 addition & 1 deletion src/docker-entrypoint.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@

WORKERS=4 # change here to the change number of workers

echo "Starting CTFd"
echo "Starting RTB-CTF-Framework"
exec gunicorn 'FlaskRTBCTF:create_app()' \
--bind '0.0.0.0:8080' \
--workers $WORKERS

0 comments on commit de53d4e

Please sign in to comment.