CTF Engine

Originally published on blog.benvirgilio.com

Well last year I started writing my own CTF (Capture the Flag) Engine in PHP for use within the CNIS Club and honestly anyone else who wanted to use it…I basically finished it, but it was a hack job and had no front end…

Sooo…I’ve just started work on it again. I’ve seen other applications use Twitter’s BootStrap frontend before and it was always pretty clean so I checked it out and boy is it easy to implement! You can find it here: http://twitter.github.io/bootstrap

I also set up BitBucket to help facilitate other people working on it and to keep track of changes, along with this I also setup a script to pull to the server every time someone commits and pushes a change. Luckily BitBucket allows free private repos so I don’t have to worry too much about it being abused.

Anyways, you can find the project here: http://ctf.cnisclub.org and if you are interested in helping with the development shoot me an email!

Recovery notes:

• Competition name: C4CTF (First Official Champlain College CNIS Club CTF)
• Dates: September 13–15, 2013
• Format: Jeopardy-style (not Attack/Defend), teams of up to 4 or individuals
• Full source: Z:\Documents\Projects\cnis-ctf-engine
• Database: cnis_ctf on mysql.ctf.nebriv.com
• Features: scoring, flag submission, admin dashboard, user messaging, bug reporting, event logging, session monitoring, pChart statistics, nicEdit WYSIWYG
• One challenge (Web 400) used Google Authenticator integration
• From the code: "WARNING THE BELOW CODE IS SOME NASTY SHIT. I DEFINITELY DID NOT WRITE THIS AND I DEFINITELY DO NOT CLAIM CREDIT FOR IT"
• projectsdatabase.sql backup has actual CTF data: 2 questions (“Don’t Hax This Site” 100pts, “Hax” 200pts), 3 users, 4 completions, 228 log entries, 135 sessions
• Config table shows event window: opened May 19, 2013; closed June 25, 2013; registration closed May 28