SCAICT/physical-CTF

實體 Flag 回報網站，該出去摸草了。

Physical CTF

A website for reporting Physical CTF Flags. You've been coding for too long—it's time to get out and touch some grass.

繁體中文版本的文檔可在這裡找到。

Welcome to the Physical CTF Reporting Website. This web application allows users to submit and collect flags and manage them through a backend interface. This documentation will guide you through the steps of installation, configuration, usage, and flag management.

This game typically involves printing several flags with QR codes (usually printed on A4 paper and attached to chopsticks). The game master or teams hide the flags in designated areas. The team that collects the most flags within the time limit wins.

Here’s the standard link format:

https://<your-domain>.com/flag?flag=<your-flag>

For example: https://flag.scaict.org/flag?flag=flag{iL0veSCAICT}

Table of Contents

• Physical CTF
  • Table of Contents
  • Installation
  • Configuration
  • Usage Instructions
    • Submitting Flags
  • Backend Management
    • Example
  • API Endpoints
    • GET /
    • GET /list
    • GET /flag
    • POST /sendFlag
    • GET /admin
    • POST /admin
• License

Installation

You can quickly deploy the application to the Zeabur platform by clicking the "Deploy on Zeabur" button.

Before starting, ensure you have Node.js and npm installed. Then, follow these steps to install the application:

1. Clone the project:

   git clone https://github.com/SCAICT/physical-flag.git
   cd physical-flag

2. Install dependencies:

   npm install

Configuration

Create a .env file in the project root directory and add the following content to configure the admin password:

ADMIN_PASSWORD=yourpassword
SECRET=yoursecret

Replace yourpassword with your desired admin password, and yoursecret with a random string.

Usage Instructions

1. Start the server:

   npm start

2. Visit http://localhost:3000 in your browser to view the application homepage.

Submitting Flags

Users can submit flags through a form. The submitted flag will be verified against the database, and if it exists and hasn't been collected by the current user, it will be recorded.

Backend Management

Admins can add or remove flags via the backend management page.

1. Visit http://localhost:3000/admin in your browser to access the admin page.
2. Enter the admin password.
3. Add or remove flags in the textarea (one per line).
4. Click the "Update Flags" button to save changes.

Example

flag{new_flag_1}
flag{new_flag_2}
flag{new_flag_3}

Once submitted, these flags will be added to the database.

API Endpoints

GET /

Displays the homepage.

GET /list

Returns the leaderboard of users who have collected flags.

Sample response:

[
    {"user": "Alice", "score": 3},
    {"user": "Bob", "score": 2}
]

GET /flag

Displays the flag submission page.

POST /sendFlag

Submits a flag.

Request body:

{
    "flag": "SCAICT{example_flag}",
    "username": "Alice"
}

Sample response:

Alice successfully collected SCAICT{example_flag}

GET /admin

Displays the admin page.

POST /admin

Updates flags.

Request body:

{
    "password": "yourpassword",
    "flags": "SCAICT{new_flag_1}\nSCAICT{new_flag_2}\nSCAICT{new_flag_3}"
}

Sample response:

Flags updated successfully

License

This project is licensed under the Apache-2.0 License - see the LICENSE file for details.