CTFd Tips

2019, Sep 07    

Pulling information directly from the database

sqlite3

To get started you need to install sqlite3 to interact with the sqlite db.

apt-get install sqlite3 -y

Hide all the challenges

sqlite3 /var/www/CTFd/CTFd/ctfd.db "UPDATE challenges set state='hidden';"

Starting an event

When starting an event, if all of the challenges are hidden, this is a quick way to make all the challenges visible.

sqlite3 /var/www/CTFd/CTFd/ctfd.db "UPDATE challenges set state='visible';"

Team mode - List Individuals by Points/Solves

Even though it is in team mode, it can be good to identify the MVP of the CTF.

select COUNT(user_id), user_id, users.name, SUM(challenges.value)
from [solves] 
	JOIN users ON [solves].user_id = users.id 
	LEFT JOIN challenges ON [solves].challenge_id = challenges.id
	group by user_id order by SUM(challenges.value) DESC;

Pull emails from ctfd

sqlite3 /var/www/CTFd/CTFd/ctfd.db "select email from users;"

Export and Backup

After a CTF event, I always perform an export from within CTFd. You can then use this export to import into a new CTFd instance. There are issues though, when CTFd updates the code base, it does not guarentee backwards compatibility with exports. The reason behind it is that CTFd is designed for one-off events and not long-term CTFs. To future-proof the backups, I like to just back up the enitre CTFd folder. This makes it easier to just deploy an old instance and restore.

tar -czf /tmp/CTFd.tar.gz /var/www/CTFd

Remove cyber league

I always remove cyber-league as it confuses people. I just comment out the <!-- <div> </div> --> divs for the league stuff.

cp /var/www/CTFd/CTFd/themes/core/templates/login.html /var/www/CTFd/CTFd/themes/core/templates/login.html.bak
cp /var/www/CTFd/CTFd/themes/core/templates/register.html /var/www/CTFd/CTFd/themes/core/templates/register.html.bak
cp /var/www/CTFd/CTFd/themes/core/templates/teams/team_enrollment.html /var/www/CTFd/CTFd/themes/core/templates/teams/team_enrollment.html.bak

vim /var/www/CTFd/CTFd/themes/core/templates/login.html
vim /var/www/CTFd/CTFd/themes/core/templates/register.html
vim /var/www/CTFd/CTFd/themes/core/templates/teams/team_enrollment.html

Add a registration code to limit who can register for a CTF

There was a need to prevent people from registering on a public CTFd instance. THIS IS A HACK, your mileage may vary.

/var/www/CTFd/CTFd/auth.py
added to line 165: 

    eventcode = request.form["eventcode"] ```

added to line 179:

        if eventcode != "SUPERSECRETEVENTCODE":
            errors.append("Invalid Event Code")

/var/www/CTFd/CTF/themes/core/templates/register.html added to line 46:

                                <div class="form-group">
                                        <label for="eventcode-input">
                                                Event Code
                                        </label>
                                        <input class="form-control" type="password" name="eventcode" id="eventcode-input" />
                                </div>
Twitter Facebook Google+
# CTF # CTFd