Skip to content

Password protected hosted instances at ctfd.io give 401 UNAUTHORIZED #186

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
N0K0 opened this issue May 11, 2025 · 1 comment
Open

Password protected hosted instances at ctfd.io give 401 UNAUTHORIZED #186

N0K0 opened this issue May 11, 2025 · 1 comment

Comments

@N0K0
Copy link

N0K0 commented May 11, 2025

Hey!

Noticed something strange. If a instance is password protected via the ctfd.io instance settings, the cli tool won't work. Just to be clear, we are talking about a Site password, not the registration password 👍

Image

2025$ ctf challenge install forensics/bad_snakes
Installing challenges  [------------------------------------]    0%
Installing 'Bad Snakes (1)' (forensics/bad_snakes/challenge.yml) ...

Traceback (most recent call last):
  File "/home/n/.local/bin/ctf", line 8, in <module>
    sys.exit(main())
             ^^^^^^
  File "/home/n/.local/pipx/venvs/ctfcli/lib/python3.11/site-packages/ctfcli/__main__.py", line 136, in main
    ret = fire.Fire(COMMANDS["cli"], serialize=lambda r: None if isinstance(r, int) else r)
          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/n/.local/pipx/venvs/ctfcli/lib/python3.11/site-packages/fire/core.py", line 141, in Fire
    component_trace = _Fire(component, args, parsed_flag_args, context, name)
                      ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/n/.local/pipx/venvs/ctfcli/lib/python3.11/site-packages/fire/core.py", line 475, in _Fire
    component, remaining_args = _CallAndUpdateTrace(
                                ^^^^^^^^^^^^^^^^^^^^
  File "/home/n/.local/pipx/venvs/ctfcli/lib/python3.11/site-packages/fire/core.py", line 691, in _CallAndUpdateTrace
    component = fn(*varargs, **kwargs)
                ^^^^^^^^^^^^^^^^^^^^^^
  File "/home/n/.local/pipx/venvs/ctfcli/lib/python3.11/site-packages/ctfcli/cli/challenges.py", line 627, in install
    challenge_instance.create(ignore=ignore)
  File "/home/n/.local/pipx/venvs/ctfcli/lib/python3.11/site-packages/ctfcli/core/challenge.py", line 679, in create
    r.raise_for_status()
  File "/home/n/.local/pipx/venvs/ctfcli/lib/python3.11/site-packages/requests/models.py", line 1024, in raise_for_status
    raise HTTPError(http_error_msg, response=self)
requests.exceptions.HTTPError: 401 Client Error: UNAUTHORIZED for url: https://mnectf-2025.ctfd.io/api/v1/challenges
n

Solution is already documented in their docs, i can make a pull request if you want to? :)

https://docs.ctfd.io/tutorials/api/using-ctfd-api-site-pass/
@N0K0
Copy link
Author

N0K0 commented May 11, 2025

Ah, extremely easy "workaround"/intended solution is to just use the cookies sections in the config!
Not sure if the best approach might just be to add some extra output on 401 errors instead?

[cookies]
site_password = password_here

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@N0K0