Functionality of Brackets

[sctf2020]

I sent the devs an email, but I thought it would be proper to open a ticket on the repo as well.

Currently our CTF platform is Mellivora that has been slightly modified to utilize the User Types functionality to only display Challenges based on the User Type. I wonder if HTA has this capability, or if it would be easily implemented. I have very little Ruby experience, otherwise I would do it myself. Any insight is appreciated.

[paullj1]

That’s not a bad idea, and probably wouldn’t take that long to implement. I’ll see what I can do this weekend. On Fri, Jan 12, 2018 at 01:30 Stitch (StormCTF) notifications@github.com wrote:

I sent the devs an email, but I thought it would be proper to open a ticket on the repo as well.

Currently our CTF platform is Mellivora that has been slightly modified to utilize the User Types functionality to only display Challenges based on the User Type. I wonder if HTA has this capability, or if it would be easily implemented. I have very little Ruby experience, otherwise I would do it myself. Any insight is appreciated.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/mcpa-stlouis/hack-the-arch/issues/36, or mute the thread https://github.com/notifications/unsubscribe-auth/AIb5BwlzLusHSzw2eLF30mEDmK5xs3uXks5tJvwSgaJpZM4Rb3Qh .

[paullj1]

Okay, so after spending some time thinking about this, I'm a little concerned that adding this feature may complicate the challenge creation process a little too much. Why not make all challenges available to all users, and then offer hints to the less experienced users to allow them to compete with the more experienced users? Thoughts?

[sctf2020]

We create challenges specifically for the learner's and give them walkthroughs. It would compromise the competition if the learner's had access to those challenges' walkthroughs.

On Jan 14, 2018 9:32 PM, "Paul Jordan" notifications@github.com wrote:

Okay, so after spending some time thinking about this, I'm a little concerned that adding this feature may complicate the challenge creation process a little too much. Why not make all challenges available to all users, and then offer hints to the less experienced users to allow them to compete with the more experienced users? Thoughts?

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/mcpa-stlouis/hack-the-arch/issues/36#issuecomment-357574924, or mute the thread https://github.com/notifications/unsubscribe-auth/Afw0A0owcLgBo00UwIcDV9IqponhuzPhks5tKsbpgaJpZM4Rb3Qh .

[paullj1]

So the point of the brackets (as is) is to allow you to offer those walkthroughs in chunks (hints) at an optional and configurable cost. That way, if people are able to solve the challenge without them, they're rewarded with more points. Each hint has a configurable number of points that will be deducted either before the challenge is solved (which will affect the players current score), or after the challenge is solved (which affects the value of the solve).

I'm not saying that what you're proposing is invalid, just that it would really complicate the existing design, and that I'm not sure about the best way to implement it. Does that make sense?

[sctf2020]

I definitely understand your point of view, but what stops the competitors from registering a bogus account and clicking the hints to solve for their true account?

On Jan 15, 2018 8:49 AM, "Paul Jordan" notifications@github.com wrote:

So the point of the brackets (as is) is to allow you to offer those walkthroughs in chunks (hints) at an optional and configurable cost. That way, if people are able to solve the challenge without them, they're rewarded with more points. Each hint has a configurable number of points that will be deducted either before the challenge is solved (which will affect the players current score), or after the challenge is solved (which affects the value of the solve).

I'm not saying that what you're proposing is invalid, just that it would really complicate the existing design, and that I'm not sure about the best way to implement it. Does that make sense?

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/mcpa-stlouis/hack-the-arch/issues/36#issuecomment-357703341, or mute the thread https://github.com/notifications/unsubscribe-auth/Afw0A_brCKNKFbO30WV-nNAVpM8qNzI1ks5tK2VvgaJpZM4Rb3Qh .

[paullj1]

That has definitely been a concern. Current mitigation strategy is to authorize all accounts where this could happen. Latest release (under the e-mail tab in settings) allows for this. If enabled, each account requires authorization by an admin before being activated.

[sctf2020]

Unfortunately that mitigation does not work for us.

On Jan 15, 2018 9:34 AM, "Paul Jordan" notifications@github.com wrote:

That has definitely been a concern. Current mitigation strategy is to authorize all accounts where this could happen. Latest release (under the e-mail tab in settings) allows for this. If enabled, each account requires authorization by an admin before being activated.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/mcpa-stlouis/hack-the-arch/issues/36#issuecomment-357715868, or mute the thread https://github.com/notifications/unsubscribe-auth/Afw0A-O0zH9OZSkR9JlETa777YQfaHwoks5tK3AbgaJpZM4Rb3Qh .

[paullj1]

So I'll leave this open as a discussion point for now. Again, I'm just not sure how to cleanly implement it at the moment, but I'm definitely open to suggestions.

[sctf2020]

Honestly a checkbox in the main settings marked "different challenges per bracket" would do it

Then if that check box is marked have a new multi select box in the category creation/edit page that lets you select which brackets to allow. This makes the whole thing optional.

On Jan 15, 2018 9:57 AM, "Paul Jordan" notifications@github.com wrote:

So I'll leave this open as a discussion point for now. Again, I'm just not sure how to cleanly implement it at the moment, but I'm definitely open to suggestions.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/mcpa-stlouis/hack-the-arch/issues/36#issuecomment-357722428, or mute the thread https://github.com/notifications/unsubscribe-auth/Afw0A3aMb1QSILLvp8oCkUMtVfJtLe9hks5tK3WCgaJpZM4Rb3Qh .

[paullj1]

Sure, implementation on the front-end is easy (ish... still, I think an argument could be made that it's getting more and more complex). It's the back-end that gets a little messy... of course, that could be a sign that the project could use a massive refactoring, but I really don't have time for that right now.

Still, I agree. If it is to be implemented, it must be optional.

[paullj1]

The feature that was implemented does not appear to have any issues. Closing the ticket for now, feel free to open back up if you come up with a solution.

[sctf2020]

Just to keep up, we ended up creating a Bracket plugin for CTFd that supported our needs. We definitely appreciate the work!