A lightweight, easy to deploy CTF framework(in Flask) for HackTheBox style machines.
The main purpose of this project is to serve as a scoring engine and CTF manager.
Want to see it in action ?
A live demo of the app is available at: https://rtblivedemo.herokuapp.com/.
You can login and mess around as 2 users: admin:admin and test:test(i.e. username:password combinations)
- Flask-blueprints for modularity and clean codebase,
- Flask-admin for Admin views and easy realtime management,
- Flask-SQLAlchemy for SQL models,
- Flask-wtf for forms,
- Flask-mail for mail service.
- A page to show relevant details about the machine such as name, IP, OS, points and difficulty level.
- Well implemented controls for administrators providing features such as issuing notifications, database CRUD operations, full fledged logging,
- Simple User Registration/login process, account management, Forgot password functionalities,
- Flag submission (currently 2 hashes: user and root),
- Real time scoreboard tracking,
- Easily deployable on Heroku.
Python 3.7.3or atleast> 3.6.- Python Packages:
src/requirements.txt. - OS Packages: PostgreSQL version 11 or greater,
libpq-dev,python3-devpackages. Please refer here.
- Git clone the repo and
cdinto it
$ git clone https://github.com/abs0lut3pwn4g3/RTB-CTF-Framework
$ cd RTB-CTF-Framework/- Create
virtual environmentto deal with dependencies and requirements.
$ virtualenv -p /usr/bin/python3 venv
$ source venv/bin/activate
$ cd src/- With
virtual environmentactivated, install requirements, init db and run !
[venv]$ pip install -r requirements.txt
[venv]$ python create_db.py # Only required on first run
[venv]$ python run.py-
Create your heroku app using
herokucli tool.Follow the official guide by Heroku: https://devcenter.heroku.com/articles/getting-started-with-python#prepare-the-app
-
Provision Database add-on.
Add the following add on to your new app: https://elements.heroku.com/addons/heroku-postgresql
-
Creating database instance. In your heroku app directory,
$ heroku run bash [heroku]$ python create_db.py
-
Your app should be live now. You can run
heroku opento open it in browser.
Using this as simple as anything.
-
Just configure your CTF settings in
config.py. -
DO NOT FORGET to change admin credentials from
create_db.py -
See database instance creation steps under How To Use.
Bonus: You can manage the database CRUD operations from admin views GUI as well as issue notifications.
Warning: If you make any change to
config.pylogging/config class/score settings. It's highly recommended to create a new DB instance.
Please see: issues and the below To-do list.
Note: All PRs within the GSSoC'20 period will be merged in the
gssoc20-devbranch.
- Freeze Scoreboard automatically past running time specified (Issue: #3)
- Ideas for additional logging techniques to prevent flag sharing, cheating and such. (Issue: #7)
- Support for n number of boxes (accordions? seperate route?). (Issue: #17)
- Rating system: Average Box rating - input, calculate, output. (Issue: #14)
- Adding a
Deploy to Herokubutton. (Issue: #15) - Dark theme for
admin controlpanel. (Issue: #16) - Adding CI, Linting, Formatting specs. (Issue: #18)
- Testing Password reset functionality, the mail-server setup, etc.
- More info on
home.html - Support for more hashes per box (not a priority)
- Need to implement
account.html(not a priority)
- db relationship between User and Score Tables (priority | issue: #5)
- isAdmin column in User table and Admin views (priority)
- Notifications
- Use Flask Blueprints
- Finalize black theme?
- Error messages not appearing in
/submit - Implement
machine.htmlto server a page where one can download/serve machines
