m0rph3us1987/hipctf
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Commit Graph

  • 27566a7813 - Added "HW" (Hardware) category to the platform with a dedicated icon and color - Updated challenge grid to 6 columns on desktop to accommodate the new category - Alphabetized challenge categories in the main view and Admin panel selection - Alphabetized operators list in the Admin panel with case-insensitive sorting - Restricted visibility of Challenges, Scoreboard, and Score Matrix to authenticated users only - Secured the /state API endpoint to prevent leaking challenges, solves, teams, or internal IP (dockerIp) to guests - Implemented server-side verification of user profile in the state response to prevent client-side admin spoofing - Refactored the /state backend endpoint using async/await for better reliability and error handling - Rebranded the project from "cypherstrike-ctf" to "hipctf" across package.json, index.html, and server defaults - Synchronized browser page title with the competition name configured in the Admin panel - Fixed a "black page" issue by resolving a missing React import and adding frontend sanity checks main m0rph3us1987 2026-03-10 13:29:50 +01:00
  • b8cc7dda8b Delete data/secret.key m0rph3us1987 2026-03-08 12:15:00 +00:00
  • 4d59a3f62f Added graph for event log m0rph3us1987 2026-03-08 12:12:48 +01:00
  • ed69e912dd Adjusted log m0rph3us1987 2026-03-07 12:00:39 +01:00
  • 425921d688 Added solves log m0rph3us1987 2026-03-07 11:29:33 +01:00
  • b6a7e4f41d changed gitignore m0rph3us1987 2026-03-07 02:22:25 +01:00
  • 800192c87f - Prevented admin challenge solves from creating score records - Added operator solves list to the Admin panel profile - Allowed deletion of specific operator solves from the Admin panel - Enhanced operator solves list with alphabetical sorting, difficulty colors, and point values - Added rank medal icons to operator solves in the Admin panel m0rph3us1987 2026-03-07 02:18:47 +01:00
  • e04547301b CET only m0rph3us1987 2026-02-28 15:02:44 +01:00
  • fba544d64e Countdown now shows time in CET m0rph3us1987 2026-02-28 14:59:42 +01:00
  • 932cdd8a3a 1. Fixed: Broken Authentication (replaced static tokens with signed JWT-like tokens and persistent secret). 2. Fixed: Default Admin Security (the admin:admin account is now disabled once another administrator is created). 3. Fixed: Information Disclosure (sensitive team data is now filtered out for non-admins). 4. Fixed: Denial of Service (added type-safe password checks and error handling for hashing functions). 5. Fixed: SQL Injection (implemented SCHEMA_WHITELIST for database restore validation). 6. Fixed: Path Traversal (sanitized filenames for administrative file uploads). 7. Preserved: Predictable File URLs (kept as an intentional vulnerability for CTF participants). m0rph3us1987 2026-02-28 14:26:03 +01:00
  • e5f7eca98d Implemented proper security checks m0rph3us1987 2026-02-28 13:55:51 +01:00
  • d33a1c6a72 No challenges are returned when event is not started. m0rph3us1987 2026-02-28 01:32:18 +01:00
  • 6127bfbeb2 Fixed some things m0rph3us1987 2026-02-22 17:38:38 +01:00
  • 3eb654a354 FIX 2 ^^ m0rph3us1987 2026-02-05 23:18:26 +01:00
  • b0206e58e0 Fix ^^ m0rph3us1987 2026-02-05 23:08:53 +01:00
  • a1e32fa8d3 Deleted readme m0rph3us1987 2026-01-21 18:44:34 +00:00
  • 8695923517 Fixed permissions in docker-compose.yml m0rph3us1987 2026-01-21 19:24:10 +01:00
  • 40f496c3f2 Made app more modular. Fixed some bugs. Added some functionality. m0rph3us1987 2026-01-21 18:59:14 +01:00
  • 5802b80d61 Delete README.md m0rph3us1987 2026-01-07 12:28:22 +00:00
  • 1c756af238 initial commit m0rph3us1987 2026-01-07 13:27:11 +01:00