-
Notifications
You must be signed in to change notification settings - Fork 6
Python/Django based management and scoreboard application for jeopardy style CTF competitions
License
pdogg/ctfmanager
Folders and files
Name | Name | Last commit message | Last commit date | |
---|---|---|---|---|
Repository files navigation
CTFmanager - v. 1.0 - May 2014 - paul@pauldrapeau.com @pdogg77 *** Updated to Django 1.6 and made several changes to support registration codes Scoreboard and management application for a Jeopardy style Capture the Flag hacker game. Written in Python using the Django framework. Supports multiple challenges across multiple categories, and multiple games (data model support, not totally implemented in code). Leverages the Django auth framework for user management and admin framework for backend administration. Installation Overview: Can be used with mod_wsgi on Apache with the configurations in apacheexamples or will run on the Django dev web server. General Procedure: Place the code in a sane place on the system. Get and install Apache and mod_wsgi if you are going that route and a dbms Make sure all that works Get and install Python, Django and appropriate Python libs for your database Make sure all that works Create a database, database user and password for the application to use. Tested with mysql but it should support any db backend Django can use Edit ctfmanager/settings.py as necessary. You proably want to take it out of Debug mode when you are ready to go production and you'll want to edit the locations for static files, the secret etc. CHANGE THE SECRET in settings.py Run "python manage.py syncdb" Run "./manage.py collectstatic" It will ask you to add an administrative user, you want to do this This should get you up and running enough to go to <YOUR URL>/admin/ Create a "Game" Create some "Categories" Create some "Challenges" The administrative user is a valid user to view the challenges and scoreboard but obviously can't score points. The majority of the application lives in /ctfweb/ The templates and .css included were used at BSides Boston but could easily be modified or replaced to suit your needs. Important Notes: There is some cleanup of the keys done to help avoid strange cases and easily suppot "triva" type challenges by stripping white space, removing special chars and putting all keys in the same case. This could cause issues if your keys contain and only differ by special characters, mixed case, or something else weird. The best keys are alpha numeric and don't depend on case. Urgent TO DOs: Add a wait timer to the registration page preventing mass out of control user registraiton leading to annoying/DoS conditions Add a wait timer on the key submission pages to prevent or slow brute force Add checks and alerts for teams generating lots of bad keys (this is now manual via the admin application) DONE: added a feature to make "solved" challenges obvious in the challenge board
About
Python/Django based management and scoreboard application for jeopardy style CTF competitions
Resources
License
Stars
Watchers
Forks
Releases
No releases published
Packages 0
No packages published