Merge pull request #1019 from proditis/master

Add default entries for FAQ, Rules and Instructions

Author: proditis

backend/migrations-init/m231101_181919_add_default_rules.php

@@ -0,0 +1,37 @@
+<?php
+
+use yii\db\Migration;
+
+/**
+ * Class m231101_181919_add_default_rules
+ */
+class m231101_181919_add_default_rules extends Migration
+{
+    public $entries=[
+        ['title'=>'Respect the moderators and other participants','player_type'=>'offense','message'=>"Other participants and the moderators are not part of the competition targets so don't abuse or attack them. We take abuse reports very seriously and an offense like that can get you permanently banned from this as well as future competitions.",'weight'=>100],
+        ['title'=>'DO NOT perform DoS attacks','player_type'=>'offense','message'=>"Don't perform denial of service attacks on the targets, services or players. if you need concurrency in your tools make sure you keep them into sane numbers. The systems will automatically block players who exceed the limits. If you get blocked contact our support for the block to be lifted.",'weight'=>200],
+        ['title'=>'Team captains are responsible for their teams','player_type'=>'offense','message'=>"Team captains need to approve or reject members new members. It is the responsibility of the Team Captain to make sure their team members are the right ones.\r\n<p>In the team page provides an Invite URL that you can give your teammates to join your team.</p>",'weight'=>10],
+        ['title'=>'Fair Play','player_type'=>'offense','message'=>"All participants are expected to maintain a spirit of fair play throughout the competition. Cheating, unauthorized collaboration, or any other form of unfair advantage is strictly prohibited",'weight'=>0],
+        ['title'=>'Legal Compliance','player_type'=>'offense','message'=>"Participants must adhere to all local and national laws during the competition. Any illegal activities or actions that violate any laws will result in immediate disqualification.",'weight'=>0],
+        ['title'=>'Reporting Issues','player_type'=>'offense','message'=>"If you encounter any technical issues or problems during the competition, please report them through the designated channels provided by the organizers. Do not attempt to exploit these issues for personal gain.",'weight'=>0],
+        ['title'=>'Code of Conduct','player_type'=>'offense','message'=>"Participants must adhere to a code of conduct that promotes a positive and respectful environment for all. Harassment, discrimination or any form of harmful behavior will not be tolerated.",'weight'=>0],
+    ];
+
+    /**
+     * {@inheritdoc}
+     */
+    public function safeUp()
+    {
+        foreach($this->entries as $entry)
+            $this->upsert('rule',$entry);
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function safeDown()
+    {
+        echo "m231101_181919_add_default_rules cannot be reverted.\n";
+    }
+
+}

backend/migrations-init/m231101_181938_add_default_instructions.php

@@ -0,0 +1,50 @@
+<?php
+
+use yii\db\Migration;
+
+/**
+ * Class m231101_181938_add_default_instructions
+ */
+class m231101_181938_add_default_instructions extends Migration
+{
+    public $entries=[
+        ['title'=>'Connecting to the infrastructure','player_type'=>'offense', 'message'=>"<p>In order to connect to the infrastructure and be able to access the targets and gain points you need to connect to our VPN.</p>\r\n<p>\r\n      <ul>\r\n                <li>Download and Install <a href=\"https://openvpn.net/community-downloads/\" alt=\"OpenVPN Community Downloads\" target=\"_blank\">OpenVPN</a>\r\n          <li>Visit your <a href=\"/profile/me\" title=\"Profile\">Profile</a>\r\n                <li>Download your OpenVPN connection pack and take not of the download location of the file (to be used at the next step)\r\n                <li>Connect and start hacking <b><code>sudo openvpn ~/Downloads/echoCTF.ovpn</code></b>,</ul> <small>NOTE: Replace <code>~/Downloads/echoCTF.ovpn</code> with the path to the file you downloaded on the previous step</small>\r\n    </ul>\r\n</p>",'weight'=>0],
+        ['title'=>'Gameplay','player_type'=>'offense', 'message'=>"<p>Υou earn points when you discover and claim <b>ETSCTF</b> flags. These flags can be found anywhere on the target system; in the form of files, variable names, database names etc. These are the most common  you can find on the targets:\r\n<ul>\r\n<li><code>root</code>: Flag under <code>/root</code>\r\n<li><code>env</code>: Environment variable flags \r\n<li><code>system</code>: Flags on system file (eg. <code>/etc/shadow, /etc/passwd</code>)\r\n<li><code>app</code>: Application specific flags (eg. mysql database name flags, memcache keys etc)\r\n<li><code>other</code>: For any flags that do not fit into the above categories.\r\n</ul>\r\n\r\nYou need to discover and claim all the flags from each system.</p>\r\n\r\n<p>Besides flags, you can also gain points from <code>findings</code>, which represent remotely accessible services on the target system. Discovering the open ports of a system will award you points as well as provide you with some extra hints.</p>\r\n\r\n<p>As you progress, new <b>Hints</b> will be made available for your consideration. Check your progress by visiting the page for target you currently working on, as it provides you with a list of the tasks you have completed and the ones still left to do. Any hints associated with the target will be displayed underneath the target description of each of the target pages.</p>\r\n\r\n<p>Keep an eye at your <b>notifications</b> on top, as they may contain important information like target additions, spins (resets), removals etc.</p>",'weight'=>1],
+        ['title'=>'Help','player_type'=>'offense', 'message'=>"Don't be afraid to ask for help through our support server.",'weight'=>9],
+        ['title'=>'Targets','player_type'=>'offense', 'message'=>"<p>The list of available targets is available at the <b><a href=\"/targets\" title=\"Targets\">Targets</a></b> menu. For each of the targets, you will be able to find the following details:\r\n<ul>\r\n<li>the name and IP of the target\r\n<li>the difficulty of the target\r\n<li>the number of flags and services\r\n<li>if the system is <abbr title=\"Systems that have a known way to gain root\">rootable</abbr> or not\r\n<li>restart request and detailed view actions for each target\r\n</ul>\r\n\r\nSome targets may require power up first, make sure to visit the target page for instructions on how to start them up.\r\n</p>\r\n<p><b>NOTE:</b> Please note that the targets are not allowed to connect to the internet. They can however connect to the IPs assigned to you by the VPN. Take special care when connecting to our VPN, ensure that you only allow connections by the targets you choose.\r\n</p>",'weight'=>1],
+        ['title'=>'Have fun!!!','player_type'=>'offense', 'message'=>"This is not an instruction, <b>this is a rule!!</b>",'weight'=>100],
+    ];
+
+
+    /**
+     * {@inheritdoc}
+     */
+    public function safeUp()
+    {
+        foreach($this->entries as $entry)
+            $this->upsert('instruction',$entry);
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function safeDown()
+    {
+        echo "m231101_181938_add_default_instructions cannot be reverted.\n";
+    }
+
+    /*
+    // Use up()/down() to run migration code without a transaction.
+    public function up()
+    {
+
+    }
+
+    public function down()
+    {
+        echo "m231101_181938_add_default_instructions cannot be reverted.\n";
+
+        return false;
+    }
+    */
+}

backend/migrations-init/m231101_182034_add_default_faq.php

@@ -0,0 +1,51 @@
+<?php
+
+use yii\db\Migration;
+
+/**
+ * Class m231101_182034_add_default_faq
+ */
+class m231101_182034_add_default_faq extends Migration
+{
+    public $entries=[
+        ['title'=>'How many restarts are allowed?','body'=>"<p>Every user is allowed 10 restart requests per day. User requests are added to a queue which is processed every minute, at which point the user who made the request will receive a notification of completion.</p>",'weight'=>42],
+        ['title'=>'What are non rootable targets?','body'=>"<p>There are targets that have no pre-defined way, by us, to gain root access. These targets do have a flag under the <code>/root</code> folder, but depend on you discovering a 0day exploit to get it.</p>",'weight'=>30],
+        ['title'=>'How does leaderboard resolve ties in scores?','body'=>"<p>The leaderboard determines the position of the players in the ranks in the following way:\r\n        <ul>\r\n        <li>user with higher points (<small><code class=\"text-warning\">points DESC</code></small>)</li>\r\n        <li>older timestamp of user points last update (<small><code class=\"text-warning\">updated_at DESC</code></small>)</li>\r\n        <li>older user (<small><code class=\"text-warning\">user_id ASC</code></small>)</li>\r\n</ul></p>",'weight'=>60],
+        ['title'=>'Is brute-forcing allowed?','body'=>"<p>Lightweight Brute-forcing is allowed and should be more than enough for any case. <b class=\"text-warning\">You should be able to crack or guess passwords by using the standard John lists (eg password.lst, rockyou.txt)</b>.</p>\r\n<p>If you can't, then it means that the password is not meant to be guessed/cracked. If you are certain that a username/password combination should work join our support server and let us know.</p>",'weight'=>40],
+        ['title'=>'How to restart a target?','body'=>"<p>Often times, during your attacks on a target, you may cause the target to become unresponsive or mis-behave. In such situations you can request for a target restart by going to the target page and clicking the restart icon <i class=\"fas fa-power-off text-primary\" style=\"font-size: 1.5em;\"></i>. This will put the target on a queue to be restarted. The queue is processed every minute. Once the system has been restarted, you will receive a notification informing you of the fact.</p>\r\n\r\n<p>NOTE: <i>Keep in mind that in order to request a target restart you need to either be connected to the VPN or have progress on the target</i></p>",'weight'=>41],
+        ['title'=>'What are the target difficulty classifications?','body'=>"<p>The targets are classified into the following difficulty levels\r\n<ul>\r\n<li><i class=\"fas fa-battery-empty text-gray\" style=\"font-size: 1.35vw;\"></i> Beginner\r\n<li><i class=\"fas fa-battery-quarter red-success\" style=\"font-size: 1.35vw;\"></i> Basic\r\n<li><i class=\"fas fa-battery-half text-secondary\" style=\"font-size: 1.35vw;\"></i> Intermediate\r\n<li><i class=\"fas fa-battery-three-quarters text-warning\" style=\"font-size: 1.35vw;\"></i> Advanced\r\n<li><i class=\"fas fa-battery-full text-danger\" style=\"font-size: 1.35vw;\"></i> Expert\r\n</ul>\r\n</p>",'weight'=>80],
+        ['title'=>'I think I found an unexpected way to gain access on a target where do I report it?','body'=>"<p>We generally do not develop our targets to try and limit your way to a specific path. Rather we try to verify that at least one way exists to solve the targets. If you think you have found a way outside of the expected feel free to submit a writeup with details of your method so others can also learn.</p>",'weight'=>55],
+    ];
+
+    /**
+     * {@inheritdoc}
+     */
+    public function safeUp()
+    {
+        foreach($this->entries as $entry)
+            $this->upsert('faq',$entry);
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function safeDown()
+    {
+        echo "m231101_182034_add_default_faq cannot be reverted.\n";
+    }
+
+    /*
+    // Use up()/down() to run migration code without a transaction.
+    public function up()
+    {
+
+    }
+
+    public function down()
+    {
+        echo "m231101_182034_add_default_faq cannot be reverted.\n";
+
+        return false;
+    }
+    */
+}

backend/migrations/m231101_205544_add_unique_to_title_faq.php

@@ -0,0 +1,31 @@
+<?php
+
+use yii\db\Migration;
+
+/**
+ * Class m231101_205544_add_unique_to_title_faq
+ */
+class m231101_205544_add_unique_to_title_faq extends Migration
+{
+    /**
+     * {@inheritdoc}
+     */
+    public function safeUp()
+    {
+        $this->createIndex(
+            'unique_faq_title',
+            '{{%faq}}',
+            'title',
+            true
+        );
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function safeDown()
+    {
+        $this->dropIndex('unique_faq_title','faq');
+    }
+
+}