Merge pull request #8 from abs0lut3pwn4g3/v1.1alpha

Logging added | Issue #7
abs0lut3pwn4g3 · Jul 31, 2019 · de53d4e · de53d4e
2 parents c102167 + 0cff71b
commit de53d4e
Show file tree

Hide file tree

Showing 10 changed files with 116 additions and 47 deletions.
diff --git a/.gitignore b/.gitignore
@@ -3,3 +3,4 @@ venv/
 *.pyc
 .vscode/
 *.db
+.idea/
diff --git a/README.md b/README.md
@@ -98,3 +98,4 @@ Please see: [issues](https://github.com/abs0lut3pwn4g3/RTB-CTF-Framework/issues)
 <img src="screenshots/home_ss.png" width=400 />
 <img src="screenshots/scoreboard_ss.png" width=400 />
 <img src="screenshots/machine_ss.png" width=400 />
+
diff --git a/src/FlaskRTBCTF/__init__.py b/src/FlaskRTBCTF/__init__.py
@@ -4,7 +4,7 @@
 from flask_login import LoginManager
 from flask_admin import Admin
 from flask_mail import Mail
-from FlaskRTBCTF.config import Config
+from FlaskRTBCTF.config import Config, LOGGING
 import os
 
 db = SQLAlchemy()
@@ -26,9 +26,13 @@ def create_app(config_class=Config):
 	# Add model views
 	from FlaskRTBCTF.admin.views import MyModelView
 	from FlaskRTBCTF.models import User, Score, Notification
+	if LOGGING:
+		from FlaskRTBCTF.models import Logs
 	admin_manager.add_view(MyModelView(User, db.session))
 	admin_manager.add_view(MyModelView(Score, db.session))
 	admin_manager.add_view(MyModelView(Notification, db.session))
+	if LOGGING:
+		admin_manager.add_view(MyModelView(Logs, db.session))
 	mail.init_app(app)
 
 	from flask_sslify import SSLify

diff --git a/src/FlaskRTBCTF/admin/views.py b/src/FlaskRTBCTF/admin/views.py
@@ -27,4 +27,4 @@ def _handle_view(self, name, **kwargs):
                 abort(403)
             #else:
                 # login
-            #    return redirect(url_for('user.login', next=request.url))
+            #    return redirect(url_for('user.login', next=request.url))
diff --git a/src/FlaskRTBCTF/config.py b/src/FlaskRTBCTF/config.py
@@ -39,10 +39,10 @@ class Config:
 # Specify CTFs Running Time
 
 RunningTime = { 
-    "from": datetime(2019,7,7,15,00,00,0, pytz.timezone('Asia/Calcutta')), 
-    "to": datetime(2019,7,8,0,00,00,0, pytz.timezone('Asia/Calcutta')), 
-    "TimeZone": "IST"
-} # Use `pytz.utc` for UTC timezone
+    "from": datetime(2019,7,7,15,00,00,0, pytz.utc), 
+    "to": datetime(2019,7,8,0,00,00,0, pytz.utc), 
+    "TimeZone": "UTC"
+} # We do not recommended changing the Timezone.
 
 # Specify Your Pwnable Box/Machine settings
 
@@ -61,4 +61,8 @@ class Config:
 userScore = 10
 rootScore = 20
 
-# NOTE: CHANGE DEFAULT ADMIN CREDENTIALS in create_db.py !!!
+# Logging: Set to 'True' to enable Logging in Admin Views.
+
+LOGGING = True # We recommend to leave it on.
+
+# NOTE: CHANGE DEFAULT ADMIN CREDENTIALS in create_db.py !!!
diff --git a/src/FlaskRTBCTF/ctf/routes.py b/src/FlaskRTBCTF/ctf/routes.py
@@ -1,11 +1,13 @@
 ''' views / routes '''
 
-from flask import Blueprint, render_template, flash
+from flask import Blueprint, render_template, flash, request
 from flask_login import current_user, login_required
 from FlaskRTBCTF import db, bcrypt
+from FlaskRTBCTF.config import organization, box, userHash, rootHash, userScore, rootScore, LOGGING
 from FlaskRTBCTF.models import User, Score
+if LOGGING:
+    from FlaskRTBCTF.models import Logs
 from FlaskRTBCTF.ctf.forms import UserHashForm, RootHashForm
-from FlaskRTBCTF.config import organization, box, userHash, rootHash, userScore, rootScore
 from datetime import datetime
 
 ctf = Blueprint('ctf', __name__)
@@ -29,6 +31,13 @@ def scoreboard():
 @ctf.route("/machine")
 @login_required
 def machine():
+    user = User.query.get(current_user.id)
+    if LOGGING:
+        log = Logs.query.get(current_user.id)
+        if log.visitedMachine is False:
+            log.visitedMachine = True
+            log.machineVisitTime = datetime.utcnow()
+            db.session.commit()
     userHashForm = UserHashForm()
     rootHashForm = RootHashForm()
     return render_template('machine.html', userHashForm=userHashForm,
@@ -50,6 +59,11 @@ def validateRootHash():
                 score.rootHash = True
                 score.points += rootScore
                 score.timestamp = datetime.utcnow()
+                if LOGGING:
+                    log = Logs.query.get(current_user.id)
+                    log.rootSubmissionIP = request.access_route[0]
+                    log.rootSubmissionTime = datetime.utcnow()
+                    log.rootOwnTime = str(log.rootSubmissionTime - log.machineVisitTime)
                 db.session.commit()
                 flash("Congrats! correct system hash.", "success")
         else:
@@ -75,6 +89,11 @@ def validateUserHash():
                 score.userHash = True
                 score.points += userScore
                 score.timestamp = datetime.utcnow()
+                if LOGGING:
+                    log = Logs.query.get(current_user.id)
+                    log.userSubmissionIP = request.access_route[0]
+                    log.userSubmissionTime = datetime.utcnow()
+                    log.userOwnTime = str(log.userSubmissionTime - log.machineVisitTime)
                 db.session.commit()
                 flash("Congrats! correct user hash.", "success")
         else:

diff --git a/src/FlaskRTBCTF/models.py b/src/FlaskRTBCTF/models.py
@@ -1,6 +1,7 @@
 ''' Models '''
 
 from flask import current_app
+from FlaskRTBCTF.config import LOGGING
 from FlaskRTBCTF import db, login_manager
 from flask_login import UserMixin
 from datetime import datetime
@@ -17,9 +18,10 @@ class User(db.Model, UserMixin):
     username = db.Column(db.String(40), unique=True, nullable=False)
     email = db.Column(db.String(120), unique=True, nullable=False)
     password = db.Column(db.String(60), nullable=False)
-    confirmed_at = db.Column(db.DateTime(), default=datetime.utcnow)
     isAdmin = db.Column(db.Boolean, default=False)
     score = db.relationship('Score', backref='user', lazy=True, uselist=False)
+    if LOGGING:
+        logs = db.relationship('Logs', backref='user', lazy=True, uselist=False)
 
     def get_reset_token(self, expires_sec=1800):
         s = Serializer(current_app.config['SECRET_KEY'], expires_sec)
@@ -35,7 +37,7 @@ def verify_reset_token(token):
         return User.query.get(user_id)
 
     def __repr__(self):
-        return f"User('{self.username}', '{self.email}') | Score('{self.score}')"
+        return f"User('{self.username}', '{self.email}'))"
 
 
 ''' Score Table '''
@@ -62,3 +64,24 @@ class Notification(db.Model):
 
     def __repr__(self):
         return f"Notif('{self.title}', '{self.body}')"
+
+
+''' Logging Table '''
+
+if LOGGING:
+    class Logs(db.Model):
+        user_id = db.Column(db.Integer, db.ForeignKey('user.id'), nullable=False, primary_key=True)
+        accountCreationTime = db.Column(db.DateTime, nullable=False)
+        visitedMachine = db.Column(db.Boolean, default=False)
+        machineVisitTime = db.Column(db.DateTime, nullable=True)
+        userSubmissionTime = db.Column(db.DateTime, nullable=True)
+        rootSubmissionTime = db.Column(db.DateTime, nullable=True)
+        userOwnTime = db.Column(db.String, nullable=True)
+        rootOwnTime = db.Column(db.String, nullable=True)
+        userSubmissionIP = db.Column(db.String, nullable=True)
+        rootSubmissionIP = db.Column(db.String, nullable=True)
+
+        def __repr__(self):
+            return f"Logs('{self.user_id}','{self.machineVisitTime}','{self.userSubmissionTime}'," \
+                f"'{self.rootSubmissionTime}','{self.userOwnTime}','{self.rootOwnTime}','{self.userSubmissionIP}," \
+                f" '{self.rootSubmissionIP}'"
diff --git a/src/FlaskRTBCTF/users/routes.py b/src/FlaskRTBCTF/users/routes.py
@@ -1,11 +1,15 @@
 from flask import render_template, url_for, flash, redirect, request, Blueprint
 from flask_login import login_user, current_user, logout_user, login_required
 from FlaskRTBCTF import db, bcrypt
+from FlaskRTBCTF.config import organization, LOGGING
 from FlaskRTBCTF.models import User, Score
+if LOGGING:
+    from FlaskRTBCTF.models import Logs
 from FlaskRTBCTF.users.forms import (RegistrationForm, LoginForm, UpdateAccountForm,
                                    RequestResetForm, ResetPasswordForm)
 from FlaskRTBCTF.users.utils import send_reset_email
-from FlaskRTBCTF.config import organization
+
+from datetime import datetime
 
 users = Blueprint('users', __name__)
 
@@ -23,6 +27,10 @@ def register():
         user = User(username=form.username.data,
                     email=form.email.data, password=hashed_password)
         score = Score(user=user, userHash=False, rootHash=False, points=0)
+        if LOGGING:
+            log = Logs(user=user, accountCreationTime=datetime.utcnow(), visitedMachine=False, machineVisitTime=None, userSubmissionTime=None,
+                       rootSubmissionTime=None, userSubmissionIP=None, rootSubmissionIP=None)
+            db.session.add(log)
         db.session.add(user)
         db.session.add(score)
         db.session.commit()

diff --git a/src/create_db.py b/src/create_db.py
@@ -1,42 +1,51 @@
-import datetime
+from datetime import datetime
 
 from FlaskRTBCTF import create_app, db, bcrypt
 from FlaskRTBCTF.models import User, Score, Notification
-from FlaskRTBCTF.config import organization
+from FlaskRTBCTF.config import organization, LOGGING
+
+if LOGGING:
+	from FlaskRTBCTF.models import Logs
 
 app = create_app()
 
 # create_app().app_context().push()
 with app.app_context():
-    db.create_all()
-
-    # NOTE: CHANGE DEFAULT CREDENTIALS !!!
-    admin_user = User(
-        username='admin',
-        email='admin@admin.com',
-        password=bcrypt.generate_password_hash('admin').decode('utf-8'),
-        confirmed_at=datetime.datetime.now(),
-        isAdmin = True
-    )
-    admin_score = Score(user=admin_user, userHash=False, rootHash=False, points=0)
-    db.session.add(admin_user)
-    db.session.add(admin_score)
-
-    notif = Notification(
-        title=f"Welcome to {organization['ctfname']}",
-        body = "The CTF is live now. Please read rules!"
-    )
-    db.session.add(notif)
-
-    '''    
-    test = User(
-        username='test',
-        email='test@test.com',
-        password=bcrypt.generate_password_hash('test').decode('utf-8'),
-    )
-    testscore = Score(user=test, userHash=False, rootHash=False, points=0)
-    db.session.add(test)
-    db.session.add(testscore)
-    '''
-
-    db.session.commit()
+	db.create_all()
+
+	default_time = datetime.utcnow()
+
+	# NOTE: CHANGE DEFAULT CREDENTIALS !!!
+	admin_user = User(
+		username='admin',
+		email='admin@admin.com',
+		password=bcrypt.generate_password_hash('admin').decode('utf-8'),
+		isAdmin = True
+	)
+	admin_score = Score(user=admin_user, userHash=False, rootHash=False, points=0)
+	db.session.add(admin_user)
+	db.session.add(admin_score)
+
+	notif = Notification(
+		title=f"Welcome to {organization['ctfname']}",
+		body = "The CTF is live now. Please read rules!"
+	)
+	db.session.add(notif)
+
+	test_user = User(
+		username='test',
+		email='test@test.com',
+		password=bcrypt.generate_password_hash('test').decode('utf-8')
+	)
+	test_score = Score(user=test_user, userHash=False, rootHash=False, points=0)
+	db.session.add(test_user)
+	db.session.add(test_score)
+
+	if LOGGING:
+		admin_log = Logs(user=admin_user, accountCreationTime=default_time, 
+							visitedMachine=True, machineVisitTime=default_time)
+		db.session.add(admin_log)
+		test_log = Logs(user=test_user, accountCreationTime=default_time)
+		db.session.add(test_log)
+
+	db.session.commit()
diff --git a/src/docker-entrypoint.sh b/src/docker-entrypoint.sh
@@ -2,7 +2,7 @@
 
 WORKERS=4 # change here to the change number of workers
 
-echo "Starting CTFd"
+echo "Starting RTB-CTF-Framework"
 exec gunicorn 'FlaskRTBCTF:create_app()' \
     --bind '0.0.0.0:8080' \
     --workers $WORKERS