示例#1
0
function require_auth()
{
    global $password_hash, $GAMEID;
    # already authenticated
    if (is_admin()) {
        return;
    }
    # in the process of authentication
    if (array_key_exists('password', $_REQUEST)) {
        $pwd_given = $_REQUEST['password'];
        $pwd_hash = md5($pwd_given);
        if ($pwd_hash == $password_hash) {
            $_SESSION['hash'] = $password_hash;
            header("Location: " . $_REQUEST['goto']);
            return;
        }
    }
    # before authentication
    myhead("Enter password");
    #echo '<pre>'.print_r($_SERVER,True).'</pre>';
    echo "\n\t\t<form method=post>\n\t\t\t<input type=hidden name=goto value='" . $_SERVER['REQUEST_URI'] . "'>\n\t\t\t<p>Enter password: <input type=password name=password></p>\n\t\t\t<p><input type=submit value='Login'></p>\n\t\t</form>\n\t";
    myfooter();
    exit;
}
        if (query($sql)) {
            header("Location: advisories.php");
            exit;
        } else {
            $message = '<p><font color=red>' . mysql_error() . '</font></p>';
        }
    }
} else {
    $game_runs = 0;
    $message = '<p><font color=red>Game is currently not active.</font></p>';
}
# load data
$teams = get_teams();
$services = get_services();
# main display
myhead('Advisory Submission Page');
echo "<p><a href='advisories.php'>Back</a> to last screen.</p>";
echo $message;
if (!$game_runs) {
    exit;
}
?>

<ul>
  <li>Advisories should be in <b>English</b>, bitte.</li>
  <li>Advisories will be considered first come, first served.</li>
  <li>Length, Detail, and Correctness will be the criteria judged to award points.</li>
</ul>

<form action="advisory_submit.php" method="post" >
  <p>Team Name:<select name="team">
    $patch = $row['patch'];
    $time = $row['submittime'];
    $time = date("H:i d.m.Y", $row["submittime"]);
    $score = $row['score'];
    $judge = $row['judge'];
    $comment = $row['judgecomment'];
} else {
    die("did not set variable id, or id='{$id}' is no valid advisory");
}
$teams = get_teams();
$services = get_services();
$services[0] = "(General Fault)";
if (!$service) {
    $service = 0;
}
myhead('Review Advisory');
?>
<p><a href='advisories.php'>Back</a> to the list.</p>
<?php 
echo $message;
?>

<form method="post" />
	<input type=hidden name=id value="<?php 
echo $id;
?>
">
	Delete! Are you sure? <input type=checkbox name=sure value="1">
	<input type="submit" name="submit" value="delete" />
</form>
示例#4
0
<?php

require_once 'db_inc.php';
connect();
require_once 'layout.inc.php';
require_once 'auth.inc.php';
require_auth();
myhead('Admin Page', 60);
echo "\n\n<p>On this server you can find:\n<ul>\n  <li><p>The <a href='scores.php'>scoreboard</a></p>\n\n  <li><p>Do some <a href='announcements.php'>announcements.</a></p>\n\n  <li><p>Everything about <a href='advisories.php?game={$GAMEID}'>advisories.</a></p>\n  \n  <li>Statistics</li>\n  <ul>\n    <li><p><a href='cross_flags.php'>Which team took flags from which other team?</a></p>\n  \n    <li><p><a href='team_service.php'>Which team compromised which service?</a></p>\n  </ul>\n\n  <li>Game Details</li>\n  <ul>\n    <li><p>Drones: <a href='drones.php'>Which drones are running?</a></p>\n  \n    <li><p>Performance: <a href='performance.php'>How the gameserver scripts performing?</a></p>\n  \n    <li><p>Service status: <a href='service_status.php'>Verbose status on single services</a></p>\n  \n    <li><p>Service status: <a href='script_history.php'>History on single services</a></p>\n  </ul>\n\n  <!-- <li><p><a href='pings.php'>Connectivity Information</a></p>\n\n  <li><p><a href='rules.php'>The rules</a></p> -->\n\n  <li><p><a href='index.php?logout=1'>Logout</a></p>\n</ul></p>\n";
echo "<h2>Announcements</h2>";
if (is_admin()) {
    print "<p><a href='announcements.php'>New announcement</a></p>";
}
$q = query("SELECT unix_timestamp(timestamp) as time,message FROM announce WHERE fi_game={$GAMEID} ORDER BY timestamp DESC");
$count = 0;
while ($row = mysql_fetch_array($q)) {
    if (!$count) {
        echo '<table border=1 width="100%">';
    }
    $msg_time = strftime("%d.%m. %H:%M", $row['time']);
    echo "<tr><td align=center nowrap>{$msg_time}</td><td>" . $row['message'] . "</td></tr>";
    ++$count;
}
if ($count) {
    echo '</table>';
} else {
    echo '<i>There are currently no announcements.</i>';
}
echo '<p>&nbsp;</p>';
myfooter();
示例#5
0
<?php

require_once 'db_inc.php';
connect();
require_once 'layout.inc.php';
myhead('Cross Flags', 60);
$fresh_minutes = floor($displayfreshscores / 60);
echo "<p><a href='/'>Back to the main page.</a></p>\n\n      <p><font color=red>Red</font> numbers denote flags collected in the last {$fresh_minutes} minutes.</p>";
if (!($debug || game_has_started())) {
    echo "<center><p>The game has not started, please come back later.</p></center>";
} else {
    $fresh_now = time() - $displayfreshscores;
    $sum_total = 0;
    $teams = get_teams();
    $team_ids = array_keys($teams);
    sort($team_ids);
    foreach ($team_ids as $id) {
        $sum_taken[$id] = 0;
        $sum_given[$id] = 0;
        foreach ($team_ids as $id2) {
            $fresh[$id][$id2] = 0;
            $old[$id][$id2] = 0;
        }
    }
    $query = query('SELECT scores.fi_team as winner,`flag`.fi_team as looser,count(*) as nr,unix_timestamp(time) as time ' . 'FROM scores,`flag` ' . "WHERE (scores.fi_game={$GAMEID})AND(`flag`.fi_game={$GAMEID})AND(scores.fi_flag=`flag`.id)" . "   AND(multiplier>0) GROUP BY winner,looser,(unix_timestamp(time)>={$fresh_now})");
    while ($row = mysql_fetch_array($query)) {
        if ($row['time'] >= $fresh_now) {
            $fresh[$row['winner']][$row['looser']] += $row['nr'];
        } else {
            $old[$row['winner']][$row['looser']] += $row['nr'];
        }
示例#6
0
<?php

require_once 'layout.inc.php';
myhead('The rules', 3600);
echo "<p><a href='.'>Back</a> to main screen.</p>\n\n<p>Due to frequent requests and of course for consistency reasons, this page\nlists the rules that are applicable in the game &quot;Cipher 3&quot;</p>\n\n<h2>Preface</h2>\n\n<p>IT security is an interesting area, where skills, and knowledge can make people powerful.\n   The intention of the Cipher contests is to educate and train users in their skills, as well \n   as raising their awareness on IT security issues.</p>\n\n<p>However, abusing these skills will bring woe and destruction to our world. We therefore want to\n   make sure that participants in out contests are aware of their moral obligations, by setting up\n   a few rules. The rules' purpose is to ensure that the contest remains fun for honest participants\n   and ensure smooth operation. We therefore tried to keep the set of rules as small and\n   transparent as possible.</p>\n\n<h2>The Rules</h2>\n\n<p><ul>\n";
function rule($title, $content)
{
    return "<li><b>{$title}</b><br>\n            {$content}\n";
}
echo rule('Gamemasters', 'Any decision by the gamemasters is not subject to discussion. However, we will try to limit 
         the amount of decisions to a small number and will only intervene where absolute necessary.');
echo rule('Advisories', 'Teams are allowed to submit advisories during the game on any issue that they find
         within the vulnerable box. Advisories have to be submitted by a webform and are 
         reviewed by the game\'s organisors.<br>
	 Advisories are <b>published</b> to be available to all teams a certain amount of time after 
	 their submission (ranging from <i>immediatly</i> to <i>about 2-3 hours later</i>).
	 The worse the quality of the advisory, the sooner will it be published.');
echo rule('Filtering', 'Any kind of filtering that is not done in the applications themselves, or in a
         wrapper that is written during the game and handles only a single application, is considered against 
         the rules.<br>
         This specifically prohibts filtering based on IP addresses, other IP headers, TCP headers, ports, 
         and the like. We also
         prohibit any kind of filtering or behaviour that tries to distinct between the gameserver and
         other players - while it remains allowed to distinct between an attack and a regular request.');
echo rule('Scoring', 'The total score of a team is calculated from three sub-categories
         <ul>' . rule('Ethical score/Advisories', '<ul>' . rule('Ethical behaviour', 'Each team is initally assign 10 <i>ethical scores</i>. 
                         Breaking the rules can be fined with deduction from this amount. Teams that accumulate
                         10 deducted points are excluded from the game - regardless of their actual amount of
                         ethical scores.') . rule('Advisories', 'Each advisory is scored 0 to 5 <i>ethical scores</i>, depending on its quality.
                        We try to assign scores for each vulnerablity only once, in a first come, first served
                        fashion.') . '</ul>') . rule('Defensive Score', 'A flag is considered defended and gets scored with 1 point, iff
示例#7
0
$services = get_services();
$services[0] = '(General Fault)';
$sql_filter = '';
if (array_key_exists('service', $_GET)) {
    $serv_descr = param('service');
    if ($serv_descr != 'all') {
        $sql_filter = 'WHERE fi_service = ' . $serv_descr;
    }
}
$sql = 'SELECT id, score, submittime, publishtime, fi_service, fi_team, judge, judgecomment FROM advisory ' . $sql_filter . ' ORDER BY submittime DESC;';
$result = query($sql);
$review = '';
if (is_admin()) {
    $review = '<td>Review</td>';
}
myhead('Advisories');
echo "<p><a href='.'>Back</a> to main screen.</p>";
if (game_has_started()) {
    echo "\n<p><a href='advisory_submit.php'>Submit</a> a new advisory.</p>\n<form method='get'/>\n<p>Service <select name='service'><option value='all'>(View all)";
    echo dict2options($services);
    echo "</select><input type='submit' value='Filter By Service' /></p>\n\n\n<table border=1 width='100%'>\n<tr><td>Service</td><td>Team</td><td>Time</td><td>points</td><td width=20%>Comment</td><td>Display</td>{$review}</tr>";
    while ($row = mysql_fetch_array($result)) {
        if (!is_numeric($row['score'])) {
            $color = '#ffcccc';
            $row['score'] = '?';
        } else {
            $color = 'white';
        }
        $time = date("H:i d.m.Y", $row["submittime"]);
        if (!$row['fi_service']) {
            $row['fi_service'] = 0;
    $team = $row['fi_team'];
    $advisory = $row['advisory'];
    $exploit = $row['exploit'];
    $patch = $row['patch'];
    $submittime = $row['submittime'];
    $publishtime = $row['publishtime'];
    $time = date("H:i d.m.Y", $row["submittime"]);
    $score = $row['score'];
    $judge = $row['judge'];
    $comment = $row['judgecomment'];
} else {
    die("no advisory id='{$id}'");
}
if (time() <= $publishtime) {
    die("this advisory is not yet to be published");
}
if (!strlen($publishtime)) {
    die("advisory not to be published");
}
if (!(strlen($score) && strlen($judge) && strlen($comment))) {
    die("advisory not reviewed");
}
$teams = get_teams();
$services = get_services();
$services[0] = "(General Fault)";
if (!$service) {
    $service = 0;
}
myhead('Display Advisory');
echo "<p><a href='advisories.php'>Back</a> to the list.</p>\n\n<hr>\n\n<p>Advisory from <b>" . $teams[$team] . "</b> on Service <b>" . $services[$service] . "</b></p>\n<p>Submitted at {$time}</p>\n<p>Scored by {$judge} with {$score} scores.<br>\n\t<blockquote>Comment: &quot;{$comment}&quot;</blockquote>\n</p>\n\n<hr />\n\n<h3>Advisory:</h3>\n<pre>" . stripslashes(htmlentities($advisory)) . "</pre>\n\n<hr />\n\n<h3>Exploit:</h3>\n<pre>" . stripslashes(htmlentities($exploit)) . "</pre>\n\n<hr />\n\n<h3>Patch:</h3>\n<pre>" . stripslashes(htmlentities($patch)) . "</pre>\n\n";
myfooter();
示例#9
0
<?php

require_once 'db_inc.php';
connect();
require_once 'layout.inc.php';
require_once 'auth.inc.php';
require_auth();
myhead('Drones', 60);
echo '<p><a href="admin.php">back to admin</a></p>
	<table border=1 cellpadding=3 cellspacing=3>
      	<tr><th>id</th><th>Heartbeat</th><th>host</th><th>PID</th><th>Status</th><th>On Service</th></tr>
';
$query = query("SELECT id,unix_timestamp(heartbeat) as hb,host,pid,status FROM drone ORDER by id");
$now = time();
while ($row = mysql_fetch_array($query)) {
    $sub_q = query("SELECT service.name FROM service,service_status \n                        WHERE (service.id=service_status.fi_service)AND(service_status.fi_drone=" . $row['id'] . ")");
    $on_service = '<idle>';
    if ($sub_r = mysql_fetch_array($sub_q)) {
        $on_service = $sub_r['name'];
    }
    echo "<tr><td>" . $row['id'] . "</td><td>" . ($now - $row['hb']) . " sec ago</td>\n\t<td>" . $row['host'] . "</td> <td>" . $row['pid'] . "</td> <td>" . $row['status'] . "</td><td>{$on_service}</td></tr>\n";
}
echo '</table>
      <p>&nbsp;</p>';
myfooter();
示例#10
0
<?php

// --------------------------------- clone of service_status.php
require_once 'db_inc.php';
connect();
require_once 'layout.inc.php';
require_once 'misc.inc.php';
require_once 'status_codes.inc.php';
myhead('Verbose Status of Services', 60);
echo '<p><a href="index.php">back to index</a></p>';
$me = $_SERVER['PHP_SELF'];
if (!game_has_started()) {
    die("game has not started, yet");
}
$term = '';
if (isset($_REQUEST['term'])) {
    $term = $_REQUEST['term'];
}
if (!($term == '' || $term == 'team' || $term == 'service')) {
    die("term '{$term}' not in whitelist");
}
$id = get_int('id');
//************************************************** SELECT
echo "<table border=1>\n\t<tr><th colspan=2>Select filter</th></tr>";
$rows = query("SELECT id,name FROM service,game_x_service\n               WHERE (service.id=game_x_service.fi_service)AND(game_x_service.fi_game={$GAMEID})\n               ORDER BY service.id");
echo '<tr><th>Services</th><td> <form method=get>
		<input type=hidden name=term value=service>
		<select name=id>';
while ($row = mysql_fetch_array($rows)) {
    $service[$row['id']] = $row['name'];
    $sel = '';
示例#11
0
<?php

require_once 'db_inc.php';
connect();
require_once 'layout.inc.php';
require_once 'status_codes.inc.php';
require_once 'auth.inc.php';
myhead('Scoreboard', 60);
if (is_admin()) {
    echo "<p><a href='admin.php'>Back to the admin page.</a></p>";
} else {
    echo "<p><a href='/'>Back to the main page.</a></p>";
}
echo "<p>For an explanation of the scoring system please check \n  <a href='http://www.cipher-ctf.org/CaptureTheFlag.php' target='_blank'>this page</a>.</p>";
if (!($debug || game_has_started())) {
    echo "<center><p>The game has not started, please come back later.</p></center>";
} else {
    $teams = get_teams();
    $team_ids = array_keys($teams);
    sort($team_ids);
    $services = get_services();
    $service_ids = array_keys($services);
    //*********** read absolute results
    $use_extra_score = 0;
    $max_offensive = 1;
    $max_defensive = 1;
    $max_extra = 1;
    foreach ($team_ids as $id) {
        $row = mysql_fetch_array(query("SELECT sum(score) as sum FROM scores WHERE (fi_game={$GAMEID})and(fi_team={$id})and(multiplier>0)"));
        $offensive[$id] = $row['sum'];
        $row = mysql_fetch_array(query("SELECT sum(score) as sum FROM scores WHERE (fi_game={$GAMEID})and(fi_team={$id})and(multiplier=0)"));
示例#12
0
<?php

require_once 'db_inc.php';
connect();
require_once 'layout.inc.php';
require_once 'auth.inc.php';
require_once 'misc.inc.php';
require_once 'status_codes.inc.php';
require_auth();
myhead('Script History', 60);
echo '<p><a href="admin.php">back to admin</a></p>';
$me = $_SERVER['PHP_SELF'];
$show_team = get_int('team');
$show_service = get_int('service');
//************************************************** SELECT
echo "<form method=get>\n        <table border=1>\n\t<tr><th colspan=2>Select filter</th></tr>";
$rows = query("SELECT id,name FROM service,game_x_service\n               WHERE (service.id=game_x_service.fi_service)AND(game_x_service.fi_game={$GAMEID})\n               ORDER BY service.id");
echo '<tr><th>Services</th><td> 
		<select name=service>';
while ($row = mysql_fetch_array($rows)) {
    $service[$row['id']] = $row['name'];
    $sel = '';
    if ($show_service == $row['id']) {
        $sel = 'selected';
    }
    echo "<option {$sel} value=" . $row['id'] . ">#" . $row['id'] . ' | ' . $row['name'];
}
echo "</select></td></tr>\n      <tr><th>Teams</th><td> \n\t\t<select name=team>";
$rows = query("SELECT id,name FROM team,game_x_team\n               WHERE (team.id=game_x_team.fi_team)AND(game_x_team.fi_game={$GAMEID})\n               ORDER BY team.id");
while ($row = mysql_fetch_array($rows)) {
    $team[$row['id']] = $row['name'];
示例#13
0
require_once 'db_inc.php';
connect();
require_once 'auth.inc.php';
require_auth();
$message = '';
if (array_key_exists('submit', $_POST) && $_POST['submit'] == 'submit') {
    $message = param('message');
    $sql = "INSERT INTO announce VALUES(NULL,{$GAMEID},NOW(),\"{$message}\")";
    if (query($sql)) {
        header("Location: /");
        exit;
    } else {
        $message = "<font color=red>" . mysql_error() . "</font>";
    }
}
myhead('New Announcement');
?>
<p><a href='/'>Back</a> to the main screen.</p>
<?php 
echo $message;
?>
<form method=post>
	<p><b>Announce</b></p>
	<p><textarea name='message' <?php 
echo $textbox;
?>
></textarea></p>
	<p><input type=submit value=submit name=submit></p>
</form>
<?php 
myfooter();
示例#14
0
<?php

require_once 'db_inc.php';
connect();
require_once 'layout.inc.php';
myhead('Teams on Services', 60);
$fresh_minutes = floor($displayfreshscores / 60);
echo "<p><a href='/'>Back to the main page.</a></p>\n\n      <p><font color=red>Red</font> numbers denote flags collected in the last {$fresh_minutes} minutes.</p>";
if (!($debug || game_has_started())) {
    echo "<center><p>The game has not started, please come back later.</p></center>";
} else {
    $fresh_now = time() - $displayfreshscores;
    $sum_total = 0;
    $teams = get_teams();
    $team_ids = array_keys($teams);
    sort($team_ids);
    $services = get_services();
    $service_ids = array_keys($services);
    sort($service_ids);
    $sum_total = 0;
    foreach ($team_ids as $id) {
        $sum_team[$id] = 0;
        foreach ($service_ids as $id2) {
            $sum_service[$id2] = 0;
            $fresh[$id][$id2] = 0;
            $old[$id][$id2] = 0;
        }
    }
    $fresh_now = time() - $displayfreshscores;
    $query = query("SELECT fi_team,fi_service,count(*) as nr,unix_timestamp(time) as time \n                  FROM scores WHERE (scores.fi_game={$GAMEID})AND(multiplier>0)\n                  GROUP BY fi_team,fi_service,(unix_timestamp(time)>={$fresh_now})");
    while ($row = mysql_fetch_array($query)) {
示例#15
0
<?php

require_once 'db_inc.php';
connect();
require_once 'layout.inc.php';
require_once 'auth.inc.php';
require_once 'status_codes.inc.php';
require_auth();
myhead('Performance', 60);
$term = 'service';
if (isset($_REQUEST['term'])) {
    $term = $_REQUEST['term'];
}
$minutes = 10;
if (isset($_REQUEST['minutes'])) {
    $minutes = get_int('minutes');
}
echo '<p><a href="admin.php">back to admin</a></p>
  <p><a href="' . $_SERVER['PHP_SELF'] . '?term=service">Services</a>
  <p><a href="' . $_SERVER['PHP_SELF'] . "?term=team\">Teams</a>\n  <p><table border=1>\n  <tr><th>Name</th><th>Lag in Seconds</th><th>Seconds</th><th>Return Codes (last {$minutes} minutes)</th></tr>\n";
$now = time();
$rows = query("SELECT id,name FROM {$term},game_x_{$term} \n               WHERE ({$term}.id=game_x_{$term}.fi_{$term})AND(game_x_{$term}.fi_game={$GAMEID})\n               ORDER BY {$term}.id");
while ($row = mysql_fetch_array($rows)) {
    echo "<tr><td>#" . $row['id'] . ":" . $row['name'] . "</td>";
    $subq = query("SELECT unix_timestamp(max(time)) as time,avg(seconds) as sec \n                 FROM performance \n                 WHERE (fi_game={$GAMEID})\n                 GROUP BY fi_{$term}\n                 HAVING fi_{$term}=" . $row['id']);
    if ($sub = mysql_fetch_array($subq)) {
        echo "<td align=center>" . ($now - $sub['time']) . "</td><td align=center>" . sprintf("%.3f", $sub['sec']) . "</td>";
    } else {
        echo "<td colspan=2>(no data yet)</td>";
    }
    echo "<td>";
示例#16
0
<?php

require_once 'db_inc.php';
connect();
require_once 'layout.inc.php';
require_once 'auth.inc.php';
if (array_key_exists('logout', $_REQUEST)) {
    if ($_REQUEST['logout']) {
        logout();
    }
}
myhead('Main Page', 60);
echo "\n\n<p>On this server you can find:\n<ul>\n  <li><p>The <a href='scores.php'>scoreboard</a></p>\n\n  <li><p>Everything about <a href='advisories.php?game={$GAMEID}'>advisories.</a></p>\n\n  <li><p>Statistics: <a href='team_service.php'>Which team compromised which service?</a></p>\n\n  <!-- <li><p><a href='pings.php'>Connectivity Information</a></p> -->\n\n  <li><p><a href='debugging_info.php'>Services' Status</a></p>\n\n  <li><p><a href='http://www.cipher-ctf.org/CaptureTheFlag.php'>The rules</a></p>\n</ul></p>\n";
echo "<h2>Announcements</h2>";
$q = query("SELECT unix_timestamp(timestamp) as time,message FROM announce WHERE fi_game={$GAMEID} ORDER BY timestamp DESC");
$count = 0;
while ($row = mysql_fetch_array($q)) {
    if (!$count) {
        echo '<table border=1 width="100%">';
    }
    $msg_time = strftime("%d.%m. %H:%M", $row['time']);
    echo "<tr><td align=center nowrap>{$msg_time}</td><td>" . $row['message'] . "</td></tr>";
    ++$count;
}
if ($count) {
    echo '</table>';
} else {
    echo '<i>There are currently no announcements.</i>';
}
echo '<p>&nbsp;</p>';
echo '<p>Go to <a href=admin.php>Admin area</a></p>';