CTFd v3.0 releases: Capture The Flag framework

What is CTFd?

CTFd is a Capture The Flag framework focusing on ease of use and customizability. It comes with everything you need to run a CTF and it’s easy to customize with plugins and themes.

Features

• Create your own challenges, categories, hints, and flags from the Admin Interface
  • Static & Regex based flags
  • Users can unlock hints for free or with points
  • File uploads to the server or Amazon S3
  • Limit challenge attempts & hide challenges
  • Automatic submission throttling
• Scoreboard with automatic tie resolution
  • Hide Scores from the public
  • Freeze Scores at a specific time
  • Dynamic Scoring
• Scoregraphs comparing the top 10 teams and team progress graphs
• Markdown content management system
• SMTP + Mailgun email support
  • Email confirmation support
  • Forgot password support
• Automatic competition starting and ending
• Team management & hiding
• Customize everything using the plugin and theme interfaces
• Importing and Exporting of CTF data for archival
• And a lot more…

Changelog v3.0

The CTFd v3 Changelog represents the changes from v2.5.0 to v3. It is a summarized version of the changes that occured in all CTFd v3 beta/alpha releases.

CTFd v3 contains some breaking changes but many plugins remain compatible. Themes will need some minor changes to be compatible with v3.

These changes are made with great consideration to existing installations and for the health of the overall CTFd project. If you rely on specific behavior, you can always download the last CTFd v2 release on Github. Official plugin/theme updates will be sent to the email addresses on file.

The major changes in CTFd v3 are as follows with the detailed changelog beneath:

• Server Side HTML/Markdown Rendering

HTML rendering in some cases (challenge description rendering, hint content rendering) has been moved to the server side. Previously it was rendered by the browser but this led to a lot of duplicated behavior and complexity in some plugins. Rendering that HTML content on the server allows CTFd to take more advantage of theme content and reduce duplicated code across themes.

In addition, HTML sanitization can be enabled on the CTFd installation to prevent the injection of malicious scripts in HTML content.

• CommonMark

CTFd now uses CommonMark for HTML/Markdown rendering. This leads to much more consistent rendering of HTML/Markdown content.

In some cases, this can break your HTML output. You can use our development testing script to check if your HTML output will change and correct it accordingly.

• Forms, Nonces, Sessions

CTFd no longer directly injects values into the global session object for a theme. You may have used this as {{ nonce }} or {{ id }}. Instead these values should be accessed via the Session global as so: {{ Session.nonce }}.

All of the public facing forms in CTFd have been converted to form globals with WTForms. You can access them via the Form global in Jinja. For example, {{ Forms.auth.LoginForm() }}. A {{ form.nonce() }} function is available on all forms for easier access to the CSRF nonce as well.

Old forms will still work if the nonce used in the form is updated to {{ Session.nonce }}.

Values provided by configuration and plugins can now be accessed via the Configs and Plugins globals. For example {{ Configs.ctf_name }} and {{ Plugins.scripts }}. See the base.html file of the core theme to get an idea of how to use these values.

• Challenge Type Plugin Enhancements

Challenge type plugins now have better re-useability with the rest of CTFd. Plugin code no longer needs to copy unchanged methods over from the base challenge plugin classes.

In addition, challenge HTML is now rendered on the server side using a new challenge.html file provided by the current theme. This means that the theme effectively controls how a challenge should look overall, but the challenge plugin controls the overall content.

• Python 3

CTFd v3 is Python 3 only.

• Docker image based on Debian

The Docker image used in CTFd is now based on Debian.

• config.ini

Instead of editting config.py directly, it’s now a better idea to edit config.ini or provide your configuration via environment variables

Install

1. git clone https://github.com/CTFd/CTFd.git
2. Run ./prepare.sh to install dependencies using apt.
3. Modify CTFd/config.py to your liking.
4. Use python serve.py in a terminal to drop into debug mode.
5. Here are some deployment options
6. You can check out the Getting Started guide for a breakdown of some of the features you need to get started.

Tutorial

Copyright 2015-present CTFd LLC

Source: https://github.com/CTFd