The OTA challenge bot is a helper tool to be used during CTF events through the Slack platform.
Main features :
- Tracking CTFs
- Tracking CTF challenges
- Tracking member participation in challenges
- Displaying announcements upon solving a challenge
Secondary features :
- Syscall table for arm, armthumb, x64 and x86
!ctf addctf <ctf_name> (Adds a new ctf)
!ctf addchallenge <challenge_name> <challenge_category> (Adds a new challenge for current ctf)
!ctf workon [challenge_name] (Show that you're working on a challenge)
!ctf status (Show the status for all ongoing ctf's)
!ctf solve [challenge_name] [support_member] (Mark a challenge as solved)
!ctf renamechallenge <old_challenge_name> <new_challenge_name> (Renames a challenge)
!ctf renamectf <old_ctf_name> <new_ctf_name> (Renames a ctf)
!ctf reload (Reload ctf information from slack)
!ctf archivectf (Archive the challenges of a ctf)
!ctf addcreds <ctf_user> <ctf_pw> [ctf_url] (Add credentials for current ctf)
!ctf showcreds (Show credentials for current ctf)
!ctf postsolves <title> (Post current solve status to git)
!ctf unsolve [challenge_name] (Remove solve of a challenge)
!syscalls available (Shows the available syscall architectures)
!syscalls show <arch> <syscall name/syscall id> (Show information for a specific syscall)
!bot ping (Ping the bot)
!bot intro (Show an introduction message for new members)
!bot version (Show git information about the running version of the bot)
!admin show_admins (Show a list of current admin users)
!admin add_admin <user_id> (Add a user to the admin user group)
!admin remove_admin <user_id> (Remove a user from the admin user group)
!admin as <@user> <command> (Execute a command as another user)
!wolfram ask <question> (Ask wolfram alpha a question)
Bot applications are not allowed to access all api methods from Slack. Thus, if you create a bot integration on slack, the bot won't be able to create new channels for example. To get around this restriction, you have to create a real slack user and generate an authentication token for it, which can then be used instead of a bot token.
- Create a new user in slack (this will be the bot user, so give it an appropriate username)
- Log into slack with this newly created user
- Navigate to https://api.slack.com/custom-integrations/legacy-tokens
- The user should show up there together with your slack workspace
- Press "Create token"
- This should create a token starting with "xoxp-"
- Use this token as the
api_keyfor the bot - Logout and login with your regular user again.
After restarting the bot, the bot user should now show up in your slack workspace.
- Copy
config.json.templatetoconfig.json - Fill the API token and bot name in the config.json file.
- Add your user id (slack id, not the username) to
admin_usersgroup inconfig.json - If you want to use the wolfram alpha api, register a valid app id on http://products.wolframalpha.com/api/ and set
wolfram_app_idinconfig.json - Copy
intro_msg.templatetointro_msgand set a proper introduction message, which can be shown with!intro docker build -t ota-challenge-bot .docker run -it --rm --name live-ota-challenge-bot ota-challenge-bot
- Copy
config.json.templatetoconfig.json - Fill the API token and bot name in the config.json file.
- Create a virtual env:
python3 -m venv .venv - Enter the virtual env:
source .venv/bin/activate - Install requirements:
pip install -r requirements.txt
- Copy
config_solvetracker.json.templatetoconfig_solvetracker.json. - Configure the git account, the local repo and the remote path, which should be used to access your git repository.
Example:
{
"git_repopath" : "/home/ota_bot/OTA_Upload",
"git_repouser" : "otabot",
"git_repopass" : "password",
"git_remoteuri" : "github.com/ota_bot/OTA_Upload.git",
"git_branch" : "master",
"git_baseurl" : "https://ota.github.io/SolveTracker"
}
- Update the templates in
templatesaccording to your preferences (or go with the default ones). - Make sure that there's a
_postsand_statsfolder in your git repository. - You should be good to go now and git support should be active on the next startup. You can now use the
postsolvescommand to push blog posts with the current solve status to git.
- Setup a github repo with jekyll and staticman (e.g. https://github.com/ujjwal96/links).
- Copy
config_savelink.json.templatetoconfig_savelink.json. - Configure the git repo and branch to be used.
- Add the decrypted staticman-token used in
staticman.ymlin the config. - Add a link to your repo, so people can look it up via
showlinkurl
Example:
{
"git_repo": "reponame/links",
"git_branch": "gh-pages",
"staticman-token": "9d837771-945a-489d-cd80-13abcdefa112",
"allowed_users": [],
"repo_link_url": "https://reponame.github.io/links/"
}
To enable archive reminders set an offset (in hours) in config.json for archive_ctf_reminder_offset. Clear or remove the setting to disable reminder handling.
If active, the bot will create a reminder for every bot admin on !endctf to inform him, when the ctf was finished for the specified time and it should be archived.
Example (for being reminded one week after the ctf has finished):
{
...
"archive_ctf_reminder_offset" : "168"
}
To enable logging of deleting messages containing specific keywords, set delete_watch_keywords in config.json to a comma separated list of keywords.
Clear or remove the setting to disable deletion logging.
Example
{
"delete_watch_keywords" : "workon, reload, endctf"
}