https://github.com/hi120ki/adctf-platform
Simple Attack&Defence CTF Platform
https://github.com/hi120ki/adctf-platform
attack-defense-ctf ctf ctf-platform ctf-scoreboard
Last synced: 3 months ago
JSON representation
Simple Attack&Defence CTF Platform
- Host: GitHub
- URL: https://github.com/hi120ki/adctf-platform
- Owner: hi120ki
- License: mit
- Created: 2020-06-30T13:21:25.000Z (almost 5 years ago)
- Default Branch: master
- Last Pushed: 2023-03-03T01:27:11.000Z (over 2 years ago)
- Last Synced: 2025-03-27T12:38:24.641Z (3 months ago)
- Topics: attack-defense-ctf, ctf, ctf-platform, ctf-scoreboard
- Language: CSS
- Homepage:
- Size: 3.56 MB
- Stars: 5
- Watchers: 2
- Forks: 1
- Open Issues: 16
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# Attack&Defence CTF Platform
crawler/ サービス監視クローラー
score/ スコアサーバー
service/ 問題アプリケーション
## Rules
```
点数 = サービス維持 + フラグ獲得 + フラグ流出
```
サービス維持 : 10 pt ~ 0 pt
フラグ獲得 : +10 pt / 1 flag
フラグ流出 : -5 pt / 1 flag
## Score Server
### 80
score visualizer
### 81
source code
### 3000
score api
## Setup
ユーザー名とパスワードが管理者から渡される。API サーバーに問い合わせて API Key と IP アドレスを取得する。
```
$ curl -d name="1" -d passwd="ndkwbvie" "http://192.168.0.2:3000/user/login"
```
別実装
```
$ http -f POST "http://192.168.0.2:3000/user/login" name="1" passwd="ndkwbvie"
```
```python
import urllib.parse
import urllib.request
url = "http://192.168.0.2:3000/user/login"
values = {"name": "1", "passwd": "ndkwbvie"}
data = urllib.parse.urlencode(values)
data = data.encode("ascii")
req = urllib.request.Request(url, data)
with urllib.request.urlopen(req) as response:
res = response.read().decode()
print(res)
```
```
{"key":"615868b579f5a7d0394cda0e8e9e0f81","ip":"192.168.0.11"}
```
## Flag
フラグをスコアサーバーに提出する
```
$ curl -gH "x-api-key:615868b579f5a7d0394cda0e8e9e0f81" -d flag="FLAG{eyJ1IjoiNSIsInMiOiIxIiwiZSI6IjEyIn0.w8EbP6Co/dcFzIzjFIhejxREFPARZ2nPfdBbZKAn3QI}" "http://192.168.0.2:3000/flag/submit"
```
別実装
```
$ http -f POST "http://192.168.0.2:3000/flag/submit" X-API-Key:"615868b579f5a7d0394cda0e8e9e0f81" flag="FLAG{eyJ1IjoiNSIsInMiOiIxIiwiZSI6IjEyIn0.w8EbP6Co/dcFzIzjFIhejxREFPARZ2nPfdBbZKAn3QI}"
```
```python
import urllib.parse
import urllib.request
api_key = "615868b579f5a7d0394cda0e8e9e0f81"
flag = "FLAG{eyJ1IjoiNSIsInMiOiIxIiwiZSI6IjEyIn0.w8EbP6Co/dcFzIzjFIhejxREFPARZ2nPfdBbZKAn3QI}"
url = "http://192.168.0.2:3000/flag/submit"
values = {"flag": flag}
headers = {"x-api-key": api_key}
data = urllib.parse.urlencode(values).encode("ascii")
req = urllib.request.Request(url, data, headers)
with urllib.request.urlopen(req) as response:
res = response.read().decode()
print(res)
```
```
{"message":"You get a flag."}
{"message":"This flag has already taken."}
{"message":"This flag is yours."}
{"message":"This flag is wrong."}
{"message":"API key is wrong."}
```
## Score
```
$ curl "http://192.168.0.2:3000/score"
```