Merge branch 'main' into SubTrees

README.md

@@ -2,19 +2,30 @@
 
 Lab Materials for 245CT
 
-## Subtree Stuff
-(sure I did this before)
+## Subtrees
+
+
+Adding Remote
 
 ```
-$ git fetch Deserial
-$ git fetch RequestTrainer
-$ git fetch XSS_Trainer
+git remote add -f <name> <repouri>
 ```
 
-If any are updated
+
+Adding Subreop
 
+```
+git subtree add --prefix <directory> <remote> <branch> --squash
 ```
 
+Updating
 
-$ git subtree pull --prefix Week7_XSS/Challenges XSS_Trainer main --squash
 ```
+git fetch <remote> 
+git subtree pull --prefix <directory> <remote> <branch> --squash
+```
+
+git subtree pull --prefix Week7_XSS/Challenges XSS_Trainer main --squash
+
+
+

Web_Trainer/docker-compose.yaml

@@ -0,0 +1,25 @@
+version: '3'
+services:
+  web:
+    image: 7024cem/webtrainer
+    ports:
+      - "8080:80"
+#    networks:
+#      - main_network
+
+#  database:
+#    image:  7024cem/webdb
+#    environment:
+#      - MYSQL_ROOT_PASSWORD=cueh
+#    networks:
+#      - main_network
+#    ports:
+#      - 3306:3306
+
+#networks:
+#  main_network:
+#    driver: bridge
+#    ipam:
+#      config:
+#        - subnet : 172.18.0.0/24
+

Week5_Requests/docker-compose.yml

@@ -1,4 +1,4 @@
-version: "3.8"
+version: "3.7"
 services:
   flask:
     build: .

Week6_SQLi/WebTrainer.md

@@ -0,0 +1,2 @@
+The Web trainer has now moved to its own folder.
+(As we are using it for several weeks)

Week7_XSS/Challenges/README.md

@@ -7,11 +7,10 @@ Trainer for 245CT and XSS attacks
 [![Version-0.3](https://img.shields.io/badge/Version-0.3-green.svg)](https://shields.io/)
 
 
+
 ## Contributors
 
   - Dan (Dang42) 
   - Ben (Sharkmoos)
 
 
-
-[![forthebadge](https://forthebadge.com/images/badges/powered-by-electricity.svg)](https://forthebadge.com)

Week7_XSS/Challenges/webapp/xss_trainer/levels/baseLevels.py

@@ -18,7 +18,7 @@ class Training(meta.BaseLevel):
     Our initial Training Level
     """
     levelname = "Tutorial"
-    template = "intro.html"
+
 
 class NoFilter(meta.BaseLevel):
     """
@@ -45,6 +45,7 @@ class SimpleReplace(meta.BaseLevel):
     template = "SimpleReplace.html"
     author = "Dang42"
 
+
     def sanitise(self, data):
         payload = data.replace("<script>", "")
         payload = payload.replace("</script>", "")
@@ -59,6 +60,7 @@ class BasicRegexp(meta.BaseLevel):
     template = "BasicRegexp.html"
     author = "Dang42"
 
+
     def sanitise(self, data):
         regexp = re.compile("<\/?script>", re.IGNORECASE)
         payload = regexp.sub("", data)
@@ -92,12 +94,12 @@ class ScriptTagFilter(meta.BaseLevel):
     template = "ScriptTagFilter.html"
     author = "Dang42"
 
+
     def sanitise(self, data):
         regexp = re.compile("script", re.IGNORECASE)
         if regexp.search(data):
             return "<div class='alert alert-critical'>XSS Detected!</div>"
 
-        return data
 
 
 class MarkdownOutput(meta.BaseLevel):
@@ -125,14 +127,13 @@ class TagAttributes(meta.BaseLevel):
     template = "TagAttributes.html"
     author = "Dang42"
 
+
     def sanitise(self, data):
         attributes = flask.request.form.get("attributes", "")
         clean = html.escape(data, quote=True)
         payload = f"<details {attributes}>{clean}</details>"
         return payload
 
-
-
 class BootstrapTags(meta.BaseLevel):
     """
     XSS through bootstrap CSS animations
@@ -142,6 +143,7 @@ class BootstrapTags(meta.BaseLevel):
     template = "BootstrapTags.html"
     author = "Dang42"
 
+
     def sanitise(self, data):
         alertLevel = flask.request.args.get("style", "primary")
         clean = html.escape(data)

Week7_XSS/Challenges/webapp/xss_trainer/templates/levels/BasicRegexp.html

@@ -2,6 +2,7 @@
 
 {% block content %}
 
+
 {% markdown %}
 
 The developer knows that ```script``` tags are bad, so removes them from the output.

Week7_XSS/Challenges/webapp/xss_trainer/templates/levels/ClientSide.html

@@ -2,6 +2,7 @@
 
 {% block content %}
 
+
 {% markdown %}
 
 This time we have to deal with some <mark><strong>client side filtering</strong></mark>.

Week7_XSS/Challenges/webapp/xss_trainer/templates/levels/MarkdownOutput.html

@@ -2,6 +2,7 @@
 
 {% block content %}
 
+
 {% markdown %}
 
 This time we are going to use a decent filter on the input.

Week7_XSS/Challenges/webapp/xss_trainer/templates/levels/TagAttributes.html

@@ -2,6 +2,7 @@
 
 {% block content %}
 
+
 {% markdown %}
 
 This example creates a new tag on the page.

Week7_XSS/Challenges/webapp/xss_trainer/templates/levels/noFilter.html

@@ -2,6 +2,7 @@
 
 {% block content %}
 
+
 {% markdown %}
 
 This should be nice and easy.

Week7_XSS/Challenges/webapp/xss_trainer/test/test_flask.py

@@ -53,8 +53,6 @@ class PageTests(unittest.TestCase):
         thePage = self.client.get(flask.url_for("levels", levelId=1))
         self.assertIn(b"Dang42", thePage.data)
 
-
-
     def test_urlfor(self):
 
         thePage = self.client.get(flask.url_for("main"))
@@ -76,7 +74,7 @@ class PageTests(unittest.TestCase):
         with app.test_client() as client:
             thePage = client.get("/")
             self.assertEqual(flask.session["level"] , 0)
-    
+
     def test_level(self):
         """
         Can we get a single level
@@ -110,6 +108,7 @@ class PageTests(unittest.TestCase):
 
         This is the Client Side test so it should stick out
         """
+
         #Manually set the level cookie
         with self.client.session_transaction() as sess:
             sess["level"] = 2

Week7_XSS/Challenges/webapp/xss_trainer/test/test_web.py

@@ -1,7 +1,6 @@
 """
 Integration testing for the web app
 
-
 TODO:  Test for Session Jacking
 TODO:  Test for Render Function
 
@@ -12,6 +11,7 @@ import requests
 
 import xss_trainer.views as views
 
+
 BASEURL = "http://127.0.0.1:5000"
 LEVEL_URL = "http://127.0.0.1:5000/level/"
 
@@ -141,5 +141,3 @@ class IntergrationTests(unittest.TestCase):
                 print ("Item found at index {0}".format(idx))
                 break
 
-
-

Week7_XSS/Challenges/webapp/xss_trainer/views.py

@@ -127,7 +127,8 @@ def levels(levelId=0):
 
         app.logger.debug("FILTERED %s",filtered)
         #Check for XSS
-        result = _checkPayload(filtered, levelId)
+
+        result = _checkPayload(filtered)
 
         #Generic Success Message
         if result:
@@ -146,6 +147,7 @@ def levels(levelId=0):
         else:
             message = "You didn't trigger an alert, try again"
 
+
     if hasattr(thisLevel, "cookie"):
         cookieKey, cookieValue = thisLevel.cookie
         testCookie = flask.request.cookies.get(cookieKey)
@@ -156,6 +158,7 @@ def levels(levelId=0):
                 flask.session['level'] = userLevel+1
 
 
+
     #Work out the template
     theTemplate = "levels/{0}".format(thisLevel.template)
     return flask.render_template(theTemplate,
@@ -178,11 +181,9 @@ def _checkPayload(payload, level):
     """
 
     userIP = flask.request.remote_addr
+
     redis_client.set("{0}_P".format(userIP),payload)
     redis_client.set("{0}_L".format(userIP), level)
-    #redis_client.set(userIP, {"payload": payload,
-    #                          "level": level})
-
     qString = urllib.parse.urlencode({"ip": userIP})
     theURL = "http://flask:5000/render?{0}".format(qString)
     result = driver.checkPage(theURL)
@@ -200,18 +201,21 @@ def render():
     """
     #Get the payload
     theIp= flask.request.args.get("ip",None)
+
     app.logger.debug("Render For %s", theIp)
     #Fetch the payload from Redis
     try:
         thePayload = redis_client.get("{0}_P".format(theIp))
         theLevel = redis_client.get("{0}_L".format(theIp))
         app.logger.debug("Render Payload: %s", thePayload)
         app.logger.debug("Render Level: %s", theLevel)
+
     except NameError:
         app.logger.warning("Attempt to get non existant IP")
         thePayload = None
 
 
+
     # Now we can so things with cookies or other page things
     thisLevel = LEVELS[int(theLevel)]
     app.logger.warning("This Level is {0}".format(thisLevel))
@@ -234,3 +238,4 @@ def render():
         response.set_cookie(key, value)
 
     return response
+

Week8_Includes/Deserial/.gitignore

@@ -0,0 +1,2 @@
+*~
+__pycache__

Week8_Includes/Deserial/NodeChallenge/docker-compose.yaml

@@ -0,0 +1,9 @@
+version: "3.7"
+services:
+  node:
+    build:
+      context: webapp
+    ports:
+      - "5000:3000"
+    expose:
+      - 5000

Week8_Includes/Deserial/NodeChallenge/webapp/Dockerfile

@@ -0,0 +1,16 @@
+FROM node:buster-slim
+
+WORKDIR /opt/app
+
+#Requirements
+ADD package.json /opt/app
+ADD server.js /opt/app
+
+RUN npm install
+
+EXPOSE 3000
+
+RUN apt-get update && apt-get install -y ncat
+ADD serverflag.txt /
+
+CMD ["node", "server.js"]

Week8_Includes/Deserial/NodeChallenge/webapp/package.json

@@ -0,0 +1,16 @@
+{
+  "name": "Vulnerable_Deserialisation_App",
+  "version": "1.0.0",
+  "description": "Node.js on Docker",
+  "author": "First Last <first.last@example.com>",
+  "main": "server.js",
+  "scripts": {
+    "start": "node server.js"
+  },
+  "dependencies": {
+      "express": "^4.16.1",
+      "cookie-parser": "latest",
+      "escape-html": "latest",
+      "node-serialize": "latest"
+  }
+}