slctf is a proof of concept that certain parts of a CTF(capture the flag) cyber security tournament can be done without a server. I used React to build it and DOMPurify to prevent XSS. The CTF file is loaded from a json file specified in the url then rendered. It works by hashing your answer with SHA256/512(configurable through ctf file). If any questions depend on another question, when the required question is solved the appropriate questions will automatically be decrypted with AES512
For those who are stuck on the second questions think of atob
In addition if you want to prevent cheating, make everyone submit their flags through a google form right after they submit them and check their times.
If you need to generate the AES string for a challenge the depends on another challenge being solved you can use this code snippet in a console window on the ctf page
Besides a login system and scoreboard, the only hard part would be creating a virtual linux system inside a glitch container. To do this you can create an installation of a junest jail which has multiple methods of operation which you only need to find one of that works. The only issue is that the memory would be shared with the server and a hacker could overwrite the memory of the server but I haven’t really read up about linux memory security. Then you just setup a WeTTY session and proxy it
I feel like I just wrote glitch’s container system but on low memory
Heroku might be better for the virtual linux servers
Lol, I’m still waiting on my application and possibly one of my school screenshots failed to upload. And school emails are used only internally so we can’t get emails from other domains
congratulations on predicting my life 2.5 years ahead
it turns out I eventually got into ctf and found a couple of people who were interested and so we ended up deciding to host one ourselves after getting sufficient funds to do so
so yea this project was a bit of precursor to an actual ctf. for the past few months i’ve actually been tinkering with some ctf stuffs, so whatever you see here you should expect something maybe 10x the quality of in the next few weeks