search

Norske-Nokkelsnikere / nokkelvokter-old

A work in progress Discord bot for use in CTFs
GNU General Public License v3.0
0 stars 0 forks source link

Fetch challenges from CTF API (CTFd ONLY) #19

Open fslaktern opened 9 months ago

fslaktern commented 9 months ago

Automatically add challenge posts with title, description and link to attachment (to prevent downloading large files) when given the URL to a CTFd CTF.

CTFs will most likely require an account to see the challenges, so another feature should be implemented to automatically create a shared account and add credentials to #information (#20 )

Example: https://play.glacierctf.com/api/v1/challenges

We want the following fields:

{
  "success": true,
  "data": [
    {
      "id": 2,
      "type": "dynamic",
      "name": "Skilift",
      "value": 50,
      "solves": 333,
      "solved_by_me": true,
      "category": "intro",
      "tags": [
        {
          "value": "rev"
        }
      ],
      "template": "/plugins/dynamic_challenges/assets/view.html",
      "script": "/plugins/dynamic_challenges/assets/view.js"
    },
    {
      "id": 4,
      "type": "dynamic",
      "name": "ARISAI",
      "value": 50,
      "solves": 191,
      "solved_by_me": false,
      "category": "intro",
      "tags": [
        {
          "value": "crypto"
        }
      ],
      "template": "/plugins/dynamic_challenges/assets/view.html",
      "script": "/plugins/dynamic_challenges/assets/view.js"
    }
  ]
}

To get more information about a specific challenge:

curl 'https://play.glacierctf.com/api/v1/challenges/10' -H 'content-type: application/json'  -H 'cookie: session=...'

We want the following fields:

{
  "success": true,
  "data": {
    "id": 10,
    "name": "Password recovery",
    "value": 50,
    "initial": 500,
    "decay": 50,
    "minimum": 50,
    "description": "Our infra admin \"LosCapitan\" stores all of his passwords in a self-hosted password manager.\r\nShortly before the CTF, he forgot his password and now he can't access his passwords anymore.\r\nThe keys to the underlying server are stored in the password manager as well.\r\nLuckily, he never changed his password and we still have the old password checker for one of our servers.\r\nCan you help us recover his password for the \"LosCapitan\" user?\r\nWrap the correct password in gctf{}. Flag format is gctf{.*}.\r\n\r\nauthor: Xer0\r\n",
    "connection_info": null,
    "category": "rev",
    "state": "visible",
    "max_attempts": 0,
    "type": "dynamic",
    "type_data": {
      "id": "dynamic",
      "name": "dynamic",
      "templates": {
        "create": "/plugins/dynamic_challenges/assets/create.html",
        "update": "/plugins/dynamic_challenges/assets/update.html",
        "view": "/plugins/dynamic_challenges/assets/view.html"
      },
      "scripts": {
        "create": "/plugins/dynamic_challenges/assets/create.js",
        "update": "/plugins/dynamic_challenges/assets/update.js",
        "view": "/plugins/dynamic_challenges/assets/view.js"
      }
    },
    "solves": 246,
    "solved_by_me": false,
    "attempts": 0,
    "files": [
      "/files/18eb99d0b5e2bdfa6fc252cdc70d5412/app?token=..."
    ],
    "tags": [
      "rev"
    ],
    "hints": [],
    "view": "..."
  }
}
fslaktern commented 9 months ago

solved_by_me means solved by team, not necessarily by the currently logged in user.

fslaktern commented 9 months ago 
curl -H "ContentType: application/json" --cookie "session=..." https://play.glacierctf.com/api/v1/challenges
fslaktern commented 9 months ago

Should run automatically if a shared user was created successfully.