Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

V1.1alpha [LOGGING] #8

Merged
merged 11 commits into from
Jul 31, 2019
1 change: 1 addition & 0 deletions .gitignore
Original file line number Diff line number Diff line change
@@ -3,3 +3,4 @@ venv/
*.pyc
.vscode/
*.db
.idea/
1 change: 1 addition & 0 deletions README.md
Original file line number Diff line number Diff line change
@@ -98,3 +98,4 @@ Please see: [issues](https://github.com/abs0lut3pwn4g3/RTB-CTF-Framework/issues)
<img src="screenshots/home_ss.png" width=400 />
<img src="screenshots/scoreboard_ss.png" width=400 />
<img src="screenshots/machine_ss.png" width=400 />

6 changes: 5 additions & 1 deletion src/FlaskRTBCTF/__init__.py
Original file line number Diff line number Diff line change
@@ -4,7 +4,7 @@
from flask_login import LoginManager
from flask_admin import Admin
from flask_mail import Mail
from FlaskRTBCTF.config import Config
from FlaskRTBCTF.config import Config, LOGGING
import os

db = SQLAlchemy()
@@ -26,9 +26,13 @@ def create_app(config_class=Config):
# Add model views
from FlaskRTBCTF.admin.views import MyModelView
from FlaskRTBCTF.models import User, Score, Notification
if LOGGING:
from FlaskRTBCTF.models import Logs
admin_manager.add_view(MyModelView(User, db.session))
admin_manager.add_view(MyModelView(Score, db.session))
admin_manager.add_view(MyModelView(Notification, db.session))
if LOGGING:
admin_manager.add_view(MyModelView(Logs, db.session))
mail.init_app(app)

from flask_sslify import SSLify
2 changes: 1 addition & 1 deletion src/FlaskRTBCTF/admin/views.py
Original file line number Diff line number Diff line change
@@ -27,4 +27,4 @@ def _handle_view(self, name, **kwargs):
abort(403)
#else:
# login
# return redirect(url_for('user.login', next=request.url))
# return redirect(url_for('user.login', next=request.url))
14 changes: 9 additions & 5 deletions src/FlaskRTBCTF/config.py
Original file line number Diff line number Diff line change
@@ -39,10 +39,10 @@ class Config:
# Specify CTFs Running Time

RunningTime = {
"from": datetime(2019,7,7,15,00,00,0, pytz.timezone('Asia/Calcutta')),
"to": datetime(2019,7,8,0,00,00,0, pytz.timezone('Asia/Calcutta')),
"TimeZone": "IST"
} # Use `pytz.utc` for UTC timezone
"from": datetime(2019,7,7,15,00,00,0, pytz.utc),
"to": datetime(2019,7,8,0,00,00,0, pytz.utc),
"TimeZone": "UTC"
} # We do not recommended changing the Timezone.

# Specify Your Pwnable Box/Machine settings

@@ -61,4 +61,8 @@ class Config:
userScore = 10
rootScore = 20

# NOTE: CHANGE DEFAULT ADMIN CREDENTIALS in create_db.py !!!
# Logging: Set to 'True' to enable Logging in Admin Views.

LOGGING = True # We recommend to leave it on.

# NOTE: CHANGE DEFAULT ADMIN CREDENTIALS in create_db.py !!!
23 changes: 21 additions & 2 deletions src/FlaskRTBCTF/ctf/routes.py
Original file line number Diff line number Diff line change
@@ -1,11 +1,13 @@
''' views / routes '''

from flask import Blueprint, render_template, flash
from flask import Blueprint, render_template, flash, request
from flask_login import current_user, login_required
from FlaskRTBCTF import db, bcrypt
from FlaskRTBCTF.config import organization, box, userHash, rootHash, userScore, rootScore, LOGGING
from FlaskRTBCTF.models import User, Score
if LOGGING:
from FlaskRTBCTF.models import Logs
from FlaskRTBCTF.ctf.forms import UserHashForm, RootHashForm
from FlaskRTBCTF.config import organization, box, userHash, rootHash, userScore, rootScore
from datetime import datetime

ctf = Blueprint('ctf', __name__)
@@ -29,6 +31,13 @@ def scoreboard():
@ctf.route("/machine")
@login_required
def machine():
user = User.query.get(current_user.id)
if LOGGING:
log = Logs.query.get(current_user.id)
if log.visitedMachine is False:
log.visitedMachine = True
log.machineVisitTime = datetime.utcnow()
db.session.commit()
userHashForm = UserHashForm()
rootHashForm = RootHashForm()
return render_template('machine.html', userHashForm=userHashForm,
@@ -50,6 +59,11 @@ def validateRootHash():
score.rootHash = True
score.points += rootScore
score.timestamp = datetime.utcnow()
if LOGGING:
log = Logs.query.get(current_user.id)
log.rootSubmissionIP = request.access_route[0]
log.rootSubmissionTime = datetime.utcnow()
log.rootOwnTime = str(log.rootSubmissionTime - log.machineVisitTime)
db.session.commit()
flash("Congrats! correct system hash.", "success")
else:
@@ -75,6 +89,11 @@ def validateUserHash():
score.userHash = True
score.points += userScore
score.timestamp = datetime.utcnow()
if LOGGING:
log = Logs.query.get(current_user.id)
log.userSubmissionIP = request.access_route[0]
log.userSubmissionTime = datetime.utcnow()
log.userOwnTime = str(log.userSubmissionTime - log.machineVisitTime)
db.session.commit()
flash("Congrats! correct user hash.", "success")
else:
27 changes: 25 additions & 2 deletions src/FlaskRTBCTF/models.py
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
''' Models '''

from flask import current_app
from FlaskRTBCTF.config import LOGGING
from FlaskRTBCTF import db, login_manager
from flask_login import UserMixin
from datetime import datetime
@@ -17,9 +18,10 @@ class User(db.Model, UserMixin):
username = db.Column(db.String(40), unique=True, nullable=False)
email = db.Column(db.String(120), unique=True, nullable=False)
password = db.Column(db.String(60), nullable=False)
confirmed_at = db.Column(db.DateTime(), default=datetime.utcnow)
isAdmin = db.Column(db.Boolean, default=False)
score = db.relationship('Score', backref='user', lazy=True, uselist=False)
if LOGGING:
logs = db.relationship('Logs', backref='user', lazy=True, uselist=False)

def get_reset_token(self, expires_sec=1800):
s = Serializer(current_app.config['SECRET_KEY'], expires_sec)
@@ -35,7 +37,7 @@ def verify_reset_token(token):
return User.query.get(user_id)

def __repr__(self):
return f"User('{self.username}', '{self.email}') | Score('{self.score}')"
return f"User('{self.username}', '{self.email}'))"


''' Score Table '''
@@ -62,3 +64,24 @@ class Notification(db.Model):

def __repr__(self):
return f"Notif('{self.title}', '{self.body}')"


''' Logging Table '''

if LOGGING:
class Logs(db.Model):
user_id = db.Column(db.Integer, db.ForeignKey('user.id'), nullable=False, primary_key=True)
accountCreationTime = db.Column(db.DateTime, nullable=False)
visitedMachine = db.Column(db.Boolean, default=False)
machineVisitTime = db.Column(db.DateTime, nullable=True)
userSubmissionTime = db.Column(db.DateTime, nullable=True)
rootSubmissionTime = db.Column(db.DateTime, nullable=True)
userOwnTime = db.Column(db.String, nullable=True)
rootOwnTime = db.Column(db.String, nullable=True)
userSubmissionIP = db.Column(db.String, nullable=True)
rootSubmissionIP = db.Column(db.String, nullable=True)

def __repr__(self):
return f"Logs('{self.user_id}','{self.machineVisitTime}','{self.userSubmissionTime}'," \
f"'{self.rootSubmissionTime}','{self.userOwnTime}','{self.rootOwnTime}','{self.userSubmissionIP}," \
f" '{self.rootSubmissionIP}'"
10 changes: 9 additions & 1 deletion src/FlaskRTBCTF/users/routes.py
Original file line number Diff line number Diff line change
@@ -1,11 +1,15 @@
from flask import render_template, url_for, flash, redirect, request, Blueprint
from flask_login import login_user, current_user, logout_user, login_required
from FlaskRTBCTF import db, bcrypt
from FlaskRTBCTF.config import organization, LOGGING
from FlaskRTBCTF.models import User, Score
if LOGGING:
from FlaskRTBCTF.models import Logs
from FlaskRTBCTF.users.forms import (RegistrationForm, LoginForm, UpdateAccountForm,
RequestResetForm, ResetPasswordForm)
from FlaskRTBCTF.users.utils import send_reset_email
from FlaskRTBCTF.config import organization

from datetime import datetime

users = Blueprint('users', __name__)

@@ -23,6 +27,10 @@ def register():
user = User(username=form.username.data,
email=form.email.data, password=hashed_password)
score = Score(user=user, userHash=False, rootHash=False, points=0)
if LOGGING:
log = Logs(user=user, accountCreationTime=datetime.utcnow(), visitedMachine=False, machineVisitTime=None, userSubmissionTime=None,
rootSubmissionTime=None, userSubmissionIP=None, rootSubmissionIP=None)
db.session.add(log)
db.session.add(user)
db.session.add(score)
db.session.commit()
77 changes: 43 additions & 34 deletions src/create_db.py
Original file line number Diff line number Diff line change
@@ -1,42 +1,51 @@
import datetime
from datetime import datetime

from FlaskRTBCTF import create_app, db, bcrypt
from FlaskRTBCTF.models import User, Score, Notification
from FlaskRTBCTF.config import organization
from FlaskRTBCTF.config import organization, LOGGING

if LOGGING:
from FlaskRTBCTF.models import Logs

app = create_app()

# create_app().app_context().push()
with app.app_context():
db.create_all()

# NOTE: CHANGE DEFAULT CREDENTIALS !!!
admin_user = User(
username='admin',
email='[email protected]',
password=bcrypt.generate_password_hash('admin').decode('utf-8'),
confirmed_at=datetime.datetime.now(),
isAdmin = True
)
admin_score = Score(user=admin_user, userHash=False, rootHash=False, points=0)
db.session.add(admin_user)
db.session.add(admin_score)

notif = Notification(
title=f"Welcome to {organization['ctfname']}",
body = "The CTF is live now. Please read rules!"
)
db.session.add(notif)

'''
test = User(
username='test',
email='[email protected]',
password=bcrypt.generate_password_hash('test').decode('utf-8'),
)
testscore = Score(user=test, userHash=False, rootHash=False, points=0)
db.session.add(test)
db.session.add(testscore)
'''

db.session.commit()
db.create_all()

default_time = datetime.utcnow()

# NOTE: CHANGE DEFAULT CREDENTIALS !!!
admin_user = User(
username='admin',
email='[email protected]',
password=bcrypt.generate_password_hash('admin').decode('utf-8'),
isAdmin = True
)
admin_score = Score(user=admin_user, userHash=False, rootHash=False, points=0)
db.session.add(admin_user)
db.session.add(admin_score)

notif = Notification(
title=f"Welcome to {organization['ctfname']}",
body = "The CTF is live now. Please read rules!"
)
db.session.add(notif)

test_user = User(
username='test',
email='[email protected]',
password=bcrypt.generate_password_hash('test').decode('utf-8')
)
test_score = Score(user=test_user, userHash=False, rootHash=False, points=0)
db.session.add(test_user)
db.session.add(test_score)

if LOGGING:
admin_log = Logs(user=admin_user, accountCreationTime=default_time,
visitedMachine=True, machineVisitTime=default_time)
db.session.add(admin_log)
test_log = Logs(user=test_user, accountCreationTime=default_time)
db.session.add(test_log)

db.session.commit()
2 changes: 1 addition & 1 deletion src/docker-entrypoint.sh
Original file line number Diff line number Diff line change
@@ -2,7 +2,7 @@

WORKERS=4 # change here to the change number of workers

echo "Starting CTFd"
echo "Starting RTB-CTF-Framework"
exec gunicorn 'FlaskRTBCTF:create_app()' \
--bind '0.0.0.0:8080' \
--workers $WORKERS