CTFd Dynamic flag by user ID & chalange ID
Code modification allows you to generate dynamic flags by user id and challange id.
- clone CTFd GitHub repository
- change directory to CTFd
cd CTFd - in file
CTFd/api/v1/challenges.pyreplace line (2x)
status, message = chal_class.attempt(challenge, request)
to line
status, message = chal_class.attempt(challenge, request, user)
- in file
CTFd/plugins/challenges/__init__.py
- replace line
def attempt(cls, challenge, request):
to line
def attempt(cls, challenge, request, user):
- add block of code after
flags = Flags.query.filter_by(challenge_id=challenge.id).all()
import hashlib
string_1=b"String1"
string_2=b"String2"
string_3=b"String3"
user_id=int(user.id)
challange_id=challenge.id
flag_hash=hashlib.sha256(string_1+int(user_id).to_bytes(4, byteorder='big')+string_2+int(challange_id).to_bytes(4, byteorder='big')+string_3).hexdigest()
if submission=="flag{"+flag_hash+"}":
return True, "Correct"
You can just execute automated script
After this steps you don't have to add flag to the challange. You can just generate and add flag to your CTF environment. It will be validated for the specific:
- Strings (3x)
- user id
- challange id