Adding the Admin User during 'CREATE Users & Teams' fails due to lack of T_TYPE

[kernel-sanders]

ctf_marker/admin.php

Line 1014 in 5135484

$insertToken = mysqli_query($connection, "INSERT INTO users (USERNAME, PASSWORD, TEAM, TYPE, TOKEN, TOKEN_HASH, TOKEN_ACT) VALUES ('admin','2722e43f2d69d11363dd048e69319dcf','0','A','A1B2C3D4','9cb4a9b49df14f3ee3c177f0f74ad443',1)");

The users DB is defined with
`T_TYPE` varchar(1) NOT NULL,

But the Admin user is added without T_TYPE, which causes:

Field 'T_TYPE' doesn't have a default value

I added the Admin user with a T_TYPE of L based on what I could see from other spots in the code. It seems to work. Should line 1014 include a T_TYPE of L?

[rgajendran]

Yes you are correct line 1014 should include T_TYPE.

There were some events where we distributed tokens to the users and asked them to register via homepage ( index.php ). Later I've added a new features which automatically generates random username and password.

Users Register using tokens : T_TYPE = T
Auto Generated Logins : T_TYPE = L
Admin can have any characters in T_TYPE (Except T and L) - This option isnt used for the admins.

I haven't noticed this bug after adding the new feature, I will label this issue as a bug and will fix in the later update. However, this project is merged with my new CTF platform project (which is under development : https://github.com/rgajendran/ctf_platform) which is integrated with oVirt Virtualisation, SecGen, CTF Marker and custom created platform.

[kernel-sanders]

Just pulled ctf_platfrom, same issue.

What version of mysql are you using?
I am on mysql Ver 14.14 Distrib 5.7.19, for Linux (x86_64) using EditLine wrapper

[rgajendran]

I use xampp for this project (phpMyadmin version 4.5.2, Apache/2.4.23). Try using xampp : Download XAMPP It has both phpMyAdmin and Apache.

I just tested the marker on xampp, it works perfectly for me.

I don't recommended you to use ctf_platform (Its under development now). For now, you can continue using ctf_marker. In ctf_platform admin account is removed and the system automatically spins up vulnerable vm using secgen and it imports flags and sets timer you. However, its not ready yet.

[rgajendran]

I double checked it, it works on my Fedora aswell.

Incase if you haven't used XAMPP, follow these steps.

1. download xampp (xampp-linux-x64-5.6.31-0-installer.run)
2. chmod +x xampp-linux-x64-5.6.31-0-installer.run
3. ./xampp-linux-x64-5.6.31-0-installer.run
4. Finish the process and run ./opt/lampp/manager-linux-x64.run
5. Click Manage Servers Tab -> Start apache and MySQL database
6. git clone https://github.com/rgajendran/ctf_marker (Clone inside /opt/lampp/htdocs/)
7. Visit http://localhost/ctf_marker and navigate to http://localhost/ctf_marker/admin.php
8. Click Database Management -> Click Create (Create all 6 Create Buttons)
9. In case if you are forcefully logged out after creating users tables (Login with admin:admin)
10. After creating all tables, You can create teams with team name and generate either logins or tokens.

I hope it works for you, let me know if you have any issues.

[kernel-sanders]

Got it working when using XAMPP vs manual apache2 and MySQL.

Looks like MySQL and MariaDB don't behave the same way. Might be helpful to put that XAMPP is the approved hosting solution in the README.md

For reference, this is the version of MariaDB that works for me:
mysqld Ver 10.1.25-MariaDB for Linux on x86_64 (Source distribution)

Thanks for troubleshooting with me.

[0xtavian]

This was very helpful. Thank you both.