Checking System Interface

The checking system has five important interfaces: one for humans and four for your exploits.

The human interface is a scoreboard. On the scoreboard, you can see all teams’ positions, their scores, the count of stolen flags, etc.

Okay, what about APIs for your exploits?

  1. API for submitting stolen flags.

Send PUT-request to/flags endpoint. Don’t forget to pass the X-Team-Token header with the value we will provide to identify your team. The body of the request should be a valid JSON array with flags. Example:

$ cat flags.json
["PNFP4DKBOV6BTYL9YFGBQ9006582ADC=", "0I7DUCYPX8UB2HP6D6UGN86BA26F2FE=", "PTK3DAGZ6XU4LPETXJTN7CE30EC0B54="]
        
$ curl -s -H 'X-Team-Token: <your_secret_token>' -X PUT --data @flags.json https://monitor.ructf.org/flags

You will receive something like this:

[
  {
    "msg" : "[PNFP4DKBOV6BTYL9YFGBQ9006582ADC=] Denied: no such flag",
    "status" : false,
    "flag" : "PNFP4DKBOV6BTYL9YFGBQ9006582ADC="
  },
  {
    "msg" : "[STH5LK9R9OMGXOV4E06YZD71F746F53=] Denied: flag is your own",

    "flag" : "STH5LK9R9OMGXOV4E06YZD71F746F53=",
    "status" : false
  },
  {
    "status" : false,
    "flag" : "0I7DUCYPX8UB2HP6D6UGN86BA26F2FE=",
    "msg" : "[0I7DUCYPX8UB2HP6D6UGN86BA26F2FE=] Denied: you already submitted this flag"
  },
  {
    "msg" : "[PTK3DAGZ6XU4LPETXJTN7CE30EC0B54=] Accepted. 1.73205080756888 flag points",
    "flag" : "PTK3DAGZ6XU4LPETXJTN7CE30EC0B54=",
    "status" : true
  }
]
  1. API for receiving a list of teams

To receive a list of all teams, send a GET request to /teams. Example:

$ curl -s https://monitor.ructf.org/teams

You will receive something like this:

{
    "1": {  // 1 is team’s id
        "id": 1,
         "name": "Hackerdom",
         "network": "10.60.1.0/24",
         "logo": "https://monitor.ructf.org/logos/hackerdom.png",
         "country": "RU"
     },
     ...
}
  1. API for receiving a list of services

To receive a list of all services, send a GET request to /services. Example:

$ curl -s https://monitor.ructf.org/services

You will receive something like this:

{
     "<service1_id>": "<service1_name>",
     "<service2_id>": "<service2_name>",
     ...
}
  1. API for receiving an actual list of flag ids and descriptions

It’s a new feature for our checking system!

For each service that supports this feature, you can receive a list of non-expired flags of other teams.

What is a flag id? You will receive the explanation with a list of ids :-) Usually, flag id is some identifier for private data in the service, i.e. email of the user, the primary key of the message, etc.

To receive flag ids send the GET request to /flag_ids?service=<service_id> endpoint. Don’t forget to pass the X-Team-Token header with the value we will provide to identify your team. Example:

$ curl -s -H 'X-Team-Token: <your_secret_token>' https://monitor.ructf.org/flag_ids?service=<service_id>

Here <service_id> is a service’s id from /services endpoint.

You will receive something like this:

{
    "flag_id_description": "Flag id is a user email",
    "flag_ids": {
        "1": {  // "1" is team’s id from /teams endpoint"
           "host": "10.60.1.3",
           "flag_ids": ["qyui-asdf-iedj@gmail.com", "mjef-vie4-x4hf@ya.com"]
        },
        ...
    }
}