Create MySQL Database and Tables for the CTF
create
database ctf;
create
table flagsFound(flagID VARCHAR(8) NOT NULL PRIMARY KEY, finderID
INT);
create
table students (studentID INT NOT NULL AUTO_INCREMENT PRIMARY KEY,
name VARCHAR(40));
create
table flagsDB(flagID INT NOT NULL AUTO_INCREMENT PRIMARY KEY,
studentID INT, flagChecksum VARCHAR(50));
Populate
Table with Participants
insert
into students VALUES (1,"Ann");
insert
into students VALUES (2,"Bob");
insert
into students VALUES (3,"Curt");
insert
into students VALUES (4,"Dan");
Create
Text File with Flags and Call it flags.txt
Make
it with 2 columns of data the owner of the flag and the keyword
1 Asteroid
2 You
3 Red
4 Blue
…
Create
and Run Simple Bash Script to Populate SQL File for flagsDB
#!/bin/bash
#
This script is used to generate the information to go into the
flagsDB
#
from a text file that has 2 columns. The column format is as
follows:
#
1st Column: studentID or Owner of the Flag
#
2nd Column: flag keyword to be transformed into a checksum
textFile=flags.txt
outputFile=temp.sql
checkSumAlg=sha256sum
echo
"USE ctf;" > $outputFile
while
read line
do
studentID=`echo
$line | awk '{print $1}'`
flagChecksum=`echo
$line | awk '{print $2}' | $checkSumAlg | awk '{print $1}'`
echo
"INSERT INTO flagsDB (studentID, flagChecksum) VALUES
($studentID,'$flagChecksum');" >> $outputFile
done
< $textFile
Input
the SQL File to the Database using the mysql username and password
that you have
mysql
-u root -p < temp.sql # Unless the output file has changed or the
user account is not root
#
Then at the next prompt put in your mysql users password
The following are files that are needed for the CTF PHP Page:
index.php, submitFlag.php, submitFlag_Submit.php, dbConnection.php, css/default.css, pageheader.php
The file of stats.php was not included and can be removed...
index.php File
<html>
<head>
<title>CTF</title>
<link rel="stylesheet" type="text/css" href="css/default.css">
<script type="text/JavaScript">
function timedRefresh(timeoutPeriod) {
setTimeout("location.reload(true);",timeoutPeriod);
}
</script>
</head>
<BODY BGCOLOR=white onload="JavaScript:timedRefresh(300000);">
<!-- Add connection to database by including dbConnection.php -->
<?php include 'dbConnection.php'; ?>
<!-- Add Page Header with Login Options -->
<?php include 'pageheader.php'; ?>
<FORM ACTION="search_for_project.php" METHOD="post">
<CENTER>
<BR>
<TABLE style="border:1px solid;" CELLPADDING=15>
<TR>
<TD colspan=2>
<CENTER>
<FONT SIZE=2>
<B>Scoreboard</B>
</FONT>
</CENTER>
</TD>
</TR>
<TR>
<TD>
<CENTER>
<FONT SIZE=2>
Student
</FONT>
</CENTER>
</TD>
<TD>
<CENTER>
<FONT SIZE=2>
Score
</FONT>
</CENTER>
</TD>
</TR>
<?php
$sqlScore = "SELECT s.name, count(f.finderID) as total FROM students s, flagsFound f WHERE s.studentID=f.finderID GROUP BY s.name ORDER BY total DESC";
$sqlScoreResults = mysql_query($sqlScore);
$numRows = mysql_num_rows($sqlScoreResults);
if ($numRows < 1) {
echo "<TR><TD COLSPAN=2><CENTER>No Scores to Report</CENTER></TD></TR>";
}
else {
while ($rowScore = mysql_fetch_array($sqlScoreResults)) {
$name = $rowScore['name'];
$total = $rowScore['total'] * 10;
echo "<TR><TD><CENTER><FONT COLOR=GRAY SIZE=2>$name</FONT></CENTER></TD>";
echo "<TD><CENTER><FONT COLOR=GRAY SIZE=2>$total</FONT></CENTER></TD></TR>";
}
}
?>
</TR>
</TABLE>
<BR>
<BR>
<BR>
<FONT SIZE=2 COLOR=GRAY>This page will refresh every 5 minutes.</FONT>
</CENTER>
<BR>
<BR>
<BR>
</FORM>
</BODY>
</html>
<head>
<title>CTF</title>
<link rel="stylesheet" type="text/css" href="css/default.css">
<script type="text/JavaScript">
function timedRefresh(timeoutPeriod) {
setTimeout("location.reload(true);",timeoutPeriod);
}
</script>
</head>
<BODY BGCOLOR=white onload="JavaScript:timedRefresh(300000);">
<!-- Add connection to database by including dbConnection.php -->
<?php include 'dbConnection.php'; ?>
<!-- Add Page Header with Login Options -->
<?php include 'pageheader.php'; ?>
<FORM ACTION="search_for_project.php" METHOD="post">
<CENTER>
<BR>
<TABLE style="border:1px solid;" CELLPADDING=15>
<TR>
<TD colspan=2>
<CENTER>
<FONT SIZE=2>
<B>Scoreboard</B>
</FONT>
</CENTER>
</TD>
</TR>
<TR>
<TD>
<CENTER>
<FONT SIZE=2>
Student
</FONT>
</CENTER>
</TD>
<TD>
<CENTER>
<FONT SIZE=2>
Score
</FONT>
</CENTER>
</TD>
</TR>
<?php
$sqlScore = "SELECT s.name, count(f.finderID) as total FROM students s, flagsFound f WHERE s.studentID=f.finderID GROUP BY s.name ORDER BY total DESC";
$sqlScoreResults = mysql_query($sqlScore);
$numRows = mysql_num_rows($sqlScoreResults);
if ($numRows < 1) {
echo "<TR><TD COLSPAN=2><CENTER>No Scores to Report</CENTER></TD></TR>";
}
else {
while ($rowScore = mysql_fetch_array($sqlScoreResults)) {
$name = $rowScore['name'];
$total = $rowScore['total'] * 10;
echo "<TR><TD><CENTER><FONT COLOR=GRAY SIZE=2>$name</FONT></CENTER></TD>";
echo "<TD><CENTER><FONT COLOR=GRAY SIZE=2>$total</FONT></CENTER></TD></TR>";
}
}
?>
</TR>
</TABLE>
<BR>
<BR>
<BR>
<FONT SIZE=2 COLOR=GRAY>This page will refresh every 5 minutes.</FONT>
</CENTER>
<BR>
<BR>
<BR>
</FORM>
</BODY>
</html>
submitFlag.php
<html>
<head>
<title>CTF</title>
<link rel="stylesheet" type="text/css" href="css/default.css">
</head>
<BODY BGCOLOR=white>
<!-- Add connection to database by including dbConnection.php -->
<?php include 'dbConnection.php'; ?>
<!-- Add Page Header with Login Options -->
<?php include 'pageheader.php'; ?>
<FORM ACTION="submitFlag_Submit.php" METHOD="post">
<CENTER>
<TABLE style="border:1px solid;" CELLPADDING=15>
<TR>
<TD colspan=2>
<CENTER>
<FONT SIZE=2>
<B>Submit Flag</B>
</FONT>
</CENTER>
</TD>
</TR>
<TR>
<TD>
<CENTER>
<FONT SIZE=2 COLOR=GRAY>
Identify Yourself
</FONT>
</CENTER>
</TD>
<TD>
<CENTER>
<SELECT name="finderID">
<?php
$sqlStudents = "SELECT studentID, name FROM students";
$sqlStudentsResults = mysql_query($sqlStudents);
while ($rowStudents = mysql_fetch_array($sqlStudentsResults)) {
$studentID = $rowStudents['studentID'];
$name = $rowStudents['name'];
echo "<option value=" . $studentID . ">" . $name . "</option>";
}
?>
</SELECT>
<FONT COLOR=RED SIZE=1><I>Choose wisely my friend.</I></FONT>
</CENTER>
</TD>
</TR>
<TR>
<TD>
<CENTER>
<FONT SIZE=2 COLOR=GRAY>
Flag Checksum
</FONT>
</CENTER>
</TD>
<TD>
<CENTER>
<INPUT TYPE=text NAME=checksum SIZE=50>
</CENTER>
</TD>
</TR>
<TR>
<TD COLSPAN=2>
<CENTER>
<INPUT TYPE=submit VALUE=Submit>
</CENTER>
</TD>
</TR>
</TABLE>
</CENTER>
<BR>
</FORM>
</BODY>
</html>
<head>
<title>CTF</title>
<link rel="stylesheet" type="text/css" href="css/default.css">
</head>
<BODY BGCOLOR=white>
<!-- Add connection to database by including dbConnection.php -->
<?php include 'dbConnection.php'; ?>
<!-- Add Page Header with Login Options -->
<?php include 'pageheader.php'; ?>
<FORM ACTION="submitFlag_Submit.php" METHOD="post">
<CENTER>
<TABLE style="border:1px solid;" CELLPADDING=15>
<TR>
<TD colspan=2>
<CENTER>
<FONT SIZE=2>
<B>Submit Flag</B>
</FONT>
</CENTER>
</TD>
</TR>
<TR>
<TD>
<CENTER>
<FONT SIZE=2 COLOR=GRAY>
Identify Yourself
</FONT>
</CENTER>
</TD>
<TD>
<CENTER>
<SELECT name="finderID">
<?php
$sqlStudents = "SELECT studentID, name FROM students";
$sqlStudentsResults = mysql_query($sqlStudents);
while ($rowStudents = mysql_fetch_array($sqlStudentsResults)) {
$studentID = $rowStudents['studentID'];
$name = $rowStudents['name'];
echo "<option value=" . $studentID . ">" . $name . "</option>";
}
?>
</SELECT>
<FONT COLOR=RED SIZE=1><I>Choose wisely my friend.</I></FONT>
</CENTER>
</TD>
</TR>
<TR>
<TD>
<CENTER>
<FONT SIZE=2 COLOR=GRAY>
Flag Checksum
</FONT>
</CENTER>
</TD>
<TD>
<CENTER>
<INPUT TYPE=text NAME=checksum SIZE=50>
</CENTER>
</TD>
</TR>
<TR>
<TD COLSPAN=2>
<CENTER>
<INPUT TYPE=submit VALUE=Submit>
</CENTER>
</TD>
</TR>
</TABLE>
</CENTER>
<BR>
</FORM>
</BODY>
</html>
submitFlag_Submit.php
<html>
<head>
<title>CTF</title>
<link rel="stylesheet" type="text/css" href="css/default.css">
</head>
<BODY BGCOLOR=white>
<!-- Add connection to database by including dbConnection.php -->
<?php include 'dbConnection.php'; ?>
<!-- Add Page Header with Login Options -->
<?php include 'pageheader.php'; ?>
<CENTER>
<TABLE style="border:1px solid;" CELLPADDING=15>
<TR>
<TD colspan=2>
<CENTER>
<FONT SIZE=2>
<B>Submitted the Following Flag</B>
</FONT>
</CENTER>
</TD>
</TR>
<TR>
<TD>
<CENTER>
<FONT SIZE=2 COLOR=GRAY>
And the finder was...
</FONT>
</CENTER>
</TD>
<TD>
<CENTER>
<?php
$finderID = $_POST['finderID'];
$sqlName = "SELECT name FROM students WHERE studentID=$finderID";
$sqlNameResults = mysql_query($sqlName);
while ($rowName = mysql_fetch_array($sqlNameResults)) {
$name = $rowName['name'];
echo $name;
}
?>
</CENTER>
</TD>
</TR>
<TR>
<TD>
<CENTER>
<FONT SIZE=2 COLOR=GRAY>
Flag Checksum
</FONT>
</CENTER>
</TD>
<TD>
<CENTER>
<?php
$checksum = $_POST['checksum'];
echo $checksum;
?>
</CENTER>
</TD>
</TR>
<TR>
<TD COLSPAN=2>
<CENTER>
<?php
$sqlValidChecksum = "SELECT flagID, studentID FROM flagsDB WHERE flagChecksum='$checksum'";
$sqlValidResults = mysql_query($sqlValidChecksum);
$sqlValidNumRows = mysql_num_rows($sqlValidResults);
if ($sqlValidNumRows < 1) {
echo "<FONT COLOR=RED>Sorry! This flag was not found in the database.</FONT>";
}
else {
echo "Congradulations!";
while ($rowValid = mysql_fetch_array($sqlValidResults)) {
$flagID = $rowValid['flagID'];
$studentID = $rowValid['studentID'];
}
$sqlInsertFinding = "INSERT INTO flagsFound VALUES ('$studentID-$flagID-$finderID',$finderID)";
mysql_query($sqlInsertFinding);
}
?>
</CENTER>
</TD>
</TR>
</TABLE>
</CENTER>
<BR>
</BODY>
</html>
<head>
<title>CTF</title>
<link rel="stylesheet" type="text/css" href="css/default.css">
</head>
<BODY BGCOLOR=white>
<!-- Add connection to database by including dbConnection.php -->
<?php include 'dbConnection.php'; ?>
<!-- Add Page Header with Login Options -->
<?php include 'pageheader.php'; ?>
<CENTER>
<TABLE style="border:1px solid;" CELLPADDING=15>
<TR>
<TD colspan=2>
<CENTER>
<FONT SIZE=2>
<B>Submitted the Following Flag</B>
</FONT>
</CENTER>
</TD>
</TR>
<TR>
<TD>
<CENTER>
<FONT SIZE=2 COLOR=GRAY>
And the finder was...
</FONT>
</CENTER>
</TD>
<TD>
<CENTER>
<?php
$finderID = $_POST['finderID'];
$sqlName = "SELECT name FROM students WHERE studentID=$finderID";
$sqlNameResults = mysql_query($sqlName);
while ($rowName = mysql_fetch_array($sqlNameResults)) {
$name = $rowName['name'];
echo $name;
}
?>
</CENTER>
</TD>
</TR>
<TR>
<TD>
<CENTER>
<FONT SIZE=2 COLOR=GRAY>
Flag Checksum
</FONT>
</CENTER>
</TD>
<TD>
<CENTER>
<?php
$checksum = $_POST['checksum'];
echo $checksum;
?>
</CENTER>
</TD>
</TR>
<TR>
<TD COLSPAN=2>
<CENTER>
<?php
$sqlValidChecksum = "SELECT flagID, studentID FROM flagsDB WHERE flagChecksum='$checksum'";
$sqlValidResults = mysql_query($sqlValidChecksum);
$sqlValidNumRows = mysql_num_rows($sqlValidResults);
if ($sqlValidNumRows < 1) {
echo "<FONT COLOR=RED>Sorry! This flag was not found in the database.</FONT>";
}
else {
echo "Congradulations!";
while ($rowValid = mysql_fetch_array($sqlValidResults)) {
$flagID = $rowValid['flagID'];
$studentID = $rowValid['studentID'];
}
$sqlInsertFinding = "INSERT INTO flagsFound VALUES ('$studentID-$flagID-$finderID',$finderID)";
mysql_query($sqlInsertFinding);
}
?>
</CENTER>
</TD>
</TR>
</TABLE>
</CENTER>
<BR>
</BODY>
</html>
pageheader.php
<table width=100% bgcolor="#EEEEEE">
<tr>
<td width=20%>
</td>
<td width=50%>
<center>
<FONT SIZE=5 COLOR="Gray">
<B>CTF</B>
</FONT>
<BR>
<FONT SIZE=2 COLOR="Gray">
Get the Flags - Get the Points
</FONT>
</center>
</td>
<td width-30%>
</td></tr>
<tr><td colspan=3>
<center>
<!-- Menu Bar Table -->
<table width=96% id="menuBar" cellspacing="1px" cellpadding="3px"><tr>
<td width=33% bgcolor="#485e49"><center>
<a href="index.php">Home</a>
</center></td>
<td width=33% bgcolor="#485e49"><center>
<a href="submitFlag.php">Submit Flag</a>
</center></td>
<td width=33% bgcolor="#485e49"><center>
<a href="stats.php">CTF Stats</a>
</center></td>
</tr>
</table>
</center>
<!-- End Table for Menu Bar -->
</td></tr>
</table>
<BR>
<tr>
<td width=20%>
</td>
<td width=50%>
<center>
<FONT SIZE=5 COLOR="Gray">
<B>CTF</B>
</FONT>
<BR>
<FONT SIZE=2 COLOR="Gray">
Get the Flags - Get the Points
</FONT>
</center>
</td>
<td width-30%>
</td></tr>
<tr><td colspan=3>
<center>
<!-- Menu Bar Table -->
<table width=96% id="menuBar" cellspacing="1px" cellpadding="3px"><tr>
<td width=33% bgcolor="#485e49"><center>
<a href="index.php">Home</a>
</center></td>
<td width=33% bgcolor="#485e49"><center>
<a href="submitFlag.php">Submit Flag</a>
</center></td>
<td width=33% bgcolor="#485e49"><center>
<a href="stats.php">CTF Stats</a>
</center></td>
</tr>
</table>
</center>
<!-- End Table for Menu Bar -->
</td></tr>
</table>
<BR>
dbConnection.php
<?php
$dbHost = "localhost";
$dbUser = "root";
$dbPass = "strongpassword";
$dbName = "ctf";
$db = mysql_connect($dbHost,$dbUser,$dbPass);
mysql_select_db($dbName,$db);
?>
$dbHost = "localhost";
$dbUser = "root";
$dbPass = "strongpassword";
$dbName = "ctf";
$db = mysql_connect($dbHost,$dbUser,$dbPass);
mysql_select_db($dbName,$db);
?>
css/default.css
a {text-decoration: none}
table#menuBar a {
text-decoration: none;
color:#eee;
}
table#menuBar a:hover {
color:lightblue
}
table#menuBar td {
width:12%;
background:#485e49;
}
#pageheaderDropDown
{ margin: 0;
padding: 0;
z-index: 30}
#pageheaderDropDown li
{ margin: 0;
padding: 0;
list-style: none;
float: left;}
#pageheaderDropDown li a
{ display: block;
margin: 0 1px 0 0;
padding: 4px 10px;
width: 60px;
color: #EEEEEE;
text-align: center;
text-decoration: none}
#pageheaderDropDown li a:hover
{ color: lightblue}
#pageheaderDropDown div
{ position: absolute;
visibility: hidden;
margin: 0;
padding: 0;
background: gray;
border: 1px solid #5970B2}
#pageheaderDropDown div a
{ position: relative;
display: block;
margin: 0;
padding: 5px 10px;
width: auto;
white-space: nowrap;
text-align: left;
text-decoration: none;
background: #EAEBD8;
color: #2875DE;
font: 11px arial}
#pageheaderDropDown div a:hover
{ background: #49A3FF;
color: #FFF}
table#menuBar a {
text-decoration: none;
color:#eee;
}
table#menuBar a:hover {
color:lightblue
}
table#menuBar td {
width:12%;
background:#485e49;
}
#pageheaderDropDown
{ margin: 0;
padding: 0;
z-index: 30}
#pageheaderDropDown li
{ margin: 0;
padding: 0;
list-style: none;
float: left;}
#pageheaderDropDown li a
{ display: block;
margin: 0 1px 0 0;
padding: 4px 10px;
width: 60px;
color: #EEEEEE;
text-align: center;
text-decoration: none}
#pageheaderDropDown li a:hover
{ color: lightblue}
#pageheaderDropDown div
{ position: absolute;
visibility: hidden;
margin: 0;
padding: 0;
background: gray;
border: 1px solid #5970B2}
#pageheaderDropDown div a
{ position: relative;
display: block;
margin: 0;
padding: 5px 10px;
width: auto;
white-space: nowrap;
text-align: left;
text-decoration: none;
background: #EAEBD8;
color: #2875DE;
font: 11px arial}
#pageheaderDropDown div a:hover
{ background: #49A3FF;
color: #FFF}