Coder Social home page Coder Social logo

ctfm's Introduction

Hi there 👋 I'm Eki

👾 CTFer@Redbud, interested in WEB and all the code-breaking puzzles

🚀️ Do well in full-stack development

📚 Learning Web&Protocol Security

💻 Currently major in Cybersecurity

🔭 I’m currently an intern at NISL. [Network and Information Security Lab @ Tsinghua University] Former intern at @chaitin. [Security Strategy Research Team]

📫 How to reach me: [email protected]

🌍 Some public articles at blog.ieki.xyz

Anurag's GitHub stats

ctfm's People

Contributors

ekixu avatar erope avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar

Forkers

polarpeak qingyiangran silenteag

ctfm's Issues

数据库密码异常

如题,按readme配置了secrets目录下几个文件,ctfm和db容器内/run/secret/ctfm_db_password 均正常,在ctfm容器下执行 python manage.py migrate 报错 django.db.utils.OperationalError: connection to server at "db" (172.26.0.2), port 5432 failed: FATAL: password authentication failed for user "ctfm"

可以创建动态flag但是提交时判定flag错

师傅好,刚按步骤搭建完您的CTFm平台,
现以成功创建动态容器和生成动态flag,题目也访问正常

目前发现了一个问题,提交题目里面动态生成的flag会被判定flag错误
题目设置页面所填选项如下,flag留空
create-challenge.png
但是发现提交正确的flag会报错,如下图所示
(flag来自ENV的$FLAG,说明flag生成没问题)
wflag.png
经过排查发现客户端发送的flag服务端正确接收到了,没有问题,
但是在服务端进行判定发送的flag是否与服务端存储的flag一致时,我发现服务端用于判定的flag是”“,即空字符串
(r flag是提交的flag,c flag是用于判定是否正确的答案flag,3 flag是题目容器创建时生成的flag)
d2.png
而创建普通不带动态容器的题目时,flag判定没问题
d1.png
进一步调试发现是CTFm/backend/challenge/views.py中的一个类ChallengeViewSet的check_flag方法的问题
用于判定flag的代码如下图箭头2所示
187201185611066.png
而上图箭头1所示代码获取的是题目设置处的配置,challenge对象内部如下图所示
obj.png
综上所述,在判定动态容器的flag前并没有先读取生成的动态flag,以空字符串与用户提交的flag进行比较,故判定flag错误
解决该问题只需在if challenge.flag == flag:前加入几行代码获取生成当前容器时创建的flag即可

         if challenge.flag == "":
                try:
                    container = ControlUtils.get_user_challenge_container(user, challenge)
                    if container != None:
                        challenge.flag = container.flag
                except:
                    pass

如下图所示
16720328368275.png
重启ctfm容器后,重新启动题目,提交动态flag判定正确
solv.png

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.