Created
April 7, 2019 01:27
-
-
Save aaronyoo/29889eb87cd94842b6f7bdd548049ccd to your computer and use it in GitHub Desktop.
Python script to do some setup operations on CTFd
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import requests | |
import re | |
def main(): | |
print("starting") | |
# Set the admin cookie before doing anything else | |
my_cookie = { | |
"name":"admin", | |
"value":"true" | |
} | |
s = requests.Session() | |
s.cookies.set(**my_cookie) | |
# Re-gex to extract the nonce | |
p = re.compile('var csrf_nonce = *"([a-zA-Z0-9]*)"') | |
# Setup CTFd | |
headers = { | |
'Content-Type': 'application/x-www-form-urlencoded', | |
} | |
r = s.get('http://127.0.0.1:8000/setup') | |
m = p.search(r.content.decode()) | |
print(m.group(1)) | |
data = { | |
'nonce': m.group(1), | |
'ctf_name': 'cyber', | |
'name': 'admin', | |
'email': 'test@test', | |
'password': 'foobar', | |
'user_mode': 'users' | |
} | |
r = s.post('http://127.0.0.1:8000/setup', headers=headers, data=data) | |
# Get the session nonce (this is important and is used in the rest of the requests) | |
r = s.get('http://127.0.0.1:8000/') | |
m = p.search(r.content.decode()) | |
print(m.group(1)) | |
# Get User (not necessary for deployment) | |
r = s.get('http://127.0.0.1:8000/api/v1/users/me') | |
print(r.content.decode()) # returns json | |
# Data and headers for adding challenges | |
data_2 = { | |
"name":"somechal", | |
"category":"hacks", | |
"state":"hidden", | |
"value":"9001", | |
"type":"standard", | |
"description":"sample challenge" | |
} | |
headers_2 = { | |
'CSRF-Token': m.group(1), | |
} | |
# Add challenges | |
r = s.post('http://127.0.0.1:8000/api/v1/challenges', headers=headers_2, json=data_2) | |
print(r.content.decode()) | |
# View challenges | |
r = s.get('http://127.0.0.1:8000/api/v1/challenges', headers=headers_2, data=data_2) | |
print(r.content.decode()) | |
# Add a flag to a question | |
data_4 = { | |
"challenge":"1", | |
"content":"eleventy", | |
"type":"static" | |
} | |
r = s.post('http://127.0.0.1:8000/api/v1/flags', headers=headers_2, json=data_4) | |
print(r.content.decode()) | |
# Add a file to a question | |
data_5 = { | |
'nonce': m.group(1), | |
'challenge': '1', | |
'type': 'challenge', | |
} | |
files = { | |
'file': ('rosalind_ini2.txt', open('rosalind_ini2.txt', 'rb')), | |
} | |
r = s.post('http://127.0.0.1:8000/api/v1/files', data=data_5, files=files) | |
print(r.content.decode()) | |
if __name__ == '__main__': | |
main() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment