What users must submit to solve a challenge

In most CTFs, the objective is to extract a flag value from a challenge. Often by exploiting some kind of security vulnerability or by knowing some property of computers. Flags are sort of the proof that you accomplished the task.

In order for a user to receive points for a challenge, they must submit the corresponding flag. CTFd allows admins to create different types of flags for each challenge.

Static Flag

Static flags are simple, users must submit exactly the value of the flag in order to receive points.

Regex Flag

Regex flags allow admins to define regular expressions to match flags. Regular expressoins allow challenges to accept multiple flag values as correct as long as it can be represented in a regular expression.

Programmable Flag

Programmable keys allow you to use Python code to check user submissions when static or regex flags are not flexible enough.

A check function is a Python function taking a single argument. The argument provided will be the user’s input. The function should then return a Boolean indicating whether the user was correct or not.


def check(x):
    if x == "flag{this_is_the_answer}":
        return True
        return False

Last modified August 9, 2021