The Organizer

This is the management bot for the discord server of the Organizers CTF team.

Some planned/wanted features include

• Create a new channel for a challenge
  • Make sure a new channel goes before solved challenges
• Make a channel/challenge as solved
• Prevent unauthorized use
• Create/remove challenge categories?
• Archive all current "active" challenge channels
• Manage logins/passwords for contests
• Autocollect challenges from CTFd-hosted contests, collect descriptions and files, create channels
• Automatically submit a flag for CTFd contests with managed login
• Manage a calendar of upcoming contests to see who is interested in a particular CTF, and how much tryharding there will or should be
• Team- and individual-based opt-in and opt-out
• ctfnote integration
  • specify server settings with /ctfnote_update_auth (can be done by player)
  • create a ctfnote pad for a /chal (can be done by player)
    • Takes an optional argument for concurrent ctfs.
  • pin ctfnote link to the channel
  • /ctfnote_assign_player assigns a player to be the challenge leader and annotates it in ctfnote. (can be done by player)
    • If the player has not registered, it will be autoregistered
  • /ctfnote_who_leads (can be done by player)
  • /flag should mark it as flagged on ctfnote
  • support for more than one concurrent ctf
  • better authentication - the ctfnote auth only is for the ctfnote stuff, but the underlying hedgedoc markdown can be accessed directly by the pad urls. They are hard to guess, but still...
  • sync solved state back into the discord channel in case a player adds the flag via ctfnote

Currently in development by:

• Robin Jadoul
• Cyanpencil
• Lucid

Setup

Written for testing

• create a discord server for testing. Also called a guild in discord speech.

  • create a role CTF Player or similar
  • enable in discord settings (Advanced) the developer mode so you can right-click things to get IDs.
  • right-click the server to get the server ID. E.g. 990596882034221096
  • find the role IDs for player and admin in the settings

• Get yourself a bot token and client ID from the discord developer console

  • see under "OAuth 2" the client ID and bot token

• Go to "OAuth2", "URL Generator"

  • select applications.commands

    allows your app to use commands in a guild

    (source)

  • select bot

    for oauth2 bots, this puts the bot in the user's selected guild by default

  • not sure what you need from the bottom part. We just said "administrator" for testing 😅

• copy the config.sample.json to config.json and fill it in.

  • the archive section can be anything as long as it is set - except if you want to make use of the archive functionality, of course.

  • for local testing, you also don't need any s3 settings.

• build and run:

  docker build -t orgzbot .
  docker run --rm -it orgzbot:latest
  

• in the discord server, specify the ctfnote credentials with the /ctfnote_update_auth command. If you don't want to use it, set it to something invalid i guess...

CTFNote Integration

Information about the internal assumptions used. This should only be relevant when you change the code.

• We use the channel name as task name
  • If it was marked as solved, that should be stripped
• We use each player's exact discord name as Name#discriminator
• Players who are not signed up yet get a password assigned when we want to use their account
• The bot has a lot of permissions on ctfnote
• The bot itself has no state. Any information must be stored in the discord pinned messages or the ctfnote.
• To disable ctfnote integration, just set some invalid credentials (e.g. example.com)