Skip to content
/ CTF_Cards Public

CTF Challenge for the Cybersecurity course of the Adolfo Ibáñez University, on the 2nd semester of 2024. Mix of SQL Injection, XSS, hashing and cipher.

License

GPL-3.0 license
2 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Seva41/CTF_Cards

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
static
static
 
 
templates
templates
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
app.py
app.py
 
 
create_database.py
create_database.py
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

CTF Cards

This project is a web application developed as part of the course IT Security - TICS413 2024/2 in Viña del Mar and Santiago, Chile. The application is designed to be used in a Capture The Flag (CTF) focused on IT security, applying encryption, hashing, SQL Injection, and XSS.

Description

The web application allows users to interact with various security challenges. It is built using Flask, a Python microframework, and includes several security features such as CSRF protection, secure session management, and request rate limiting.

Features

  • CSRF Protection: Implemented with Flask-WTF.
  • Session Management: Uses Flask-Session for server-side session handling.
  • Request Rate Limiting: Implemented with Flask-Limiter.
  • Secure Handling of Static Files.
  • Custom Error Handling: Error pages for codes 404, 429, 500, and 403.
  • Security Challenges: Includes various flags that users must find.

Requirements

  • Python 3.10.11
  • Flask
  • Flask-WTF
  • Flask-Session
  • Flask-Limiter

Installation

  1. Clone the repository:

    git clone <URL_DEL_REPOSITORIO>
cd <NOMBRE_DEL_REPOSITORIO>

  2. Create a virtual environment and install the dependencies:

    python -m venv venv
source venv/bin/activate  # On Windows use `venv\Scripts\activate`
pip install -r requirements.txt

  3. Set up the database:

    python create_database.py

  4. Run the application:

    python app.py

Deployment

To deploy this application in a production environment, consider the following changes:

  1. Secret Key Configuration: Instead of generating a random secret key each time the application starts, set a fixed secret key in environment variables or a secure configuration file.

    app.secret_key = os.getenv("SECRET_KEY", "default_secret_key")

  2. Database Configuration: Ensure that the database is correctly configured and accessible from the production environment.

  3. HTTPS Configuration: Make sure the application is behind a server that handles HTTPS, such as Nginx or Apache.

  4. Session Configuration: Configure the appropriate session type for the production environment (e.g., Redis, Memcached).

    app.config["SESSION_TYPE"] = "redis"
app.config["SESSION_REDIS"] = redis.from_url("redis://localhost:6379")

  5. Log Management: Set up log handling so that logs are stored persistently and are accessible for monitoring.

    handler = RotatingFileHandler("error.log", maxBytes=10000, backupCount=1)
handler.setLevel(logging.ERROR)
app.logger.addHandler(handler)

Author

Sebastián Dinator
https://sebadinator.com/
November 2024

About

CTF Challenge for the Cybersecurity course of the Adolfo Ibáñez University, on the 2nd semester of 2024. Mix of SQL Injection, XSS, hashing and cipher.

Topics

python html hashing challenge education flask cipher xss cybersecurity sql-injection ctf ctf-challenges cybersecurity-education

Resources

Readme

License

GPL-3.0 license
Activity

Stars

2 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases 2

v1.0.1 Latest
Nov 28, 2024
+ 1 release

Languages