STCTFF (Single Task CTF Frame) is an CTF platform with user registration, account management, and a task accessible only to registered users.
The website includes several pages:
- Home (welcome page) - description of the "competition" and general information
- Registration and login (a single page with a form)
- Account management - account renewal and deletion
- Task page (demo task) with an answer submission form
Key conditions:
- A task is available only after registration
- Each account can solve a task only once
- A task may have several variants with different answers
- A specific variant of the task is assigned to the user during registration (Many-to-One)
- If a user does not log into the account for more than N days, the account may be deleted
- Interaction with frontend is done via REST API
CTF (Capture The Flag) is an exercise where "flags" are hidden in intentionally vulnerable applications or websites. STCTFF is a lightweight educational framework, where no vulnerabilities are intentionally included.
To create a web platform suitable for hosting a typical CTF task. The project is intended for educational purposes and modeling the process of solving CTF challenges.
- Frontend: React
- Backend: Django
- Database: MariaDB
- Infrastructure: Docker
For the first run, it is recommended to use:
git clone https://github.com/mixaisealx/STCTFF-FullStack.git
cd STCTFF-FullStack
sudo docker-compose up --build(this allows you to watch logs in real time).
For subsequent runs, you can use:
sudo docker-compose up -dThe application will be available at:
- locally -
http://localhost:80 - externally -
http://<your_IP>:80
On the first launch, the database is created empty. Tasks need to be added manually (see Adding Tasks).
.
├── database/ # MariaDB service
│ └── initdb.d/
│ └── init.sql # Script creating DB accounts for backend and maintenance services
├── stctff-back/ # Backend (Django)
├── stctff-front/ # Frontend (React)
├── nginx/ # Nginx proxy
├── maintenance/ # Account maintenance service (Python)
├── backend.env # Environment variables for backend
├── database.env # Environment variables for database
├── maintainer.env # Environment variables for maintainer
├── docker-compose.yml # Infrastructure configuration
├── README.md
├── LICENSE
└── STCTFF_figma.pdf
- database - MariaDB, stores users, solution statuses, and task variant assignments
- backend - Django API, handles registration, authentication, account management, and REST API
- frontend - React application, user interface
- nginx - reverse proxy combining frontend and backend, available on port
80 - maintainer - background service performing periodic cleanup of inactive accounts
By default, the database is empty, and the tasks table does not contain any records.
The project does not include a built-in admin interface, so tasks must be added manually using external tools for working with the database (e.g. DBeaver, phpMyAdmin, or mysql CLI).
Table: tasks
Columns:
id- record identifier (PRIMARY KEY, auto-increment)task_text- task text in JSON format (JSONField)task_solution- correct answer as plain text (TextField), e.g.flag{...}
{
"content": [
[
{"text": "Text in italics ", "style": "italic"},
{"text": "Bold text here", "style": "strong"}
],
[
{"text": "Plain text without styles", "style": "plain"}
]
]
}content- array of paragraphs (rendered as<p>).- A paragraph is an array of segments.
- Segment:
text(string, required)style(optional):"italic" | "strong" | "plain"(default -plain).
The server returns only the content array from task_text to the frontend.
The task_solution value is included only after the user has solved the task.
This project is licensed under the Apache 2.0 license. See LICENSE for details.