Merge pull request #10 from CUEH/SubTrees

Sub trees

README.md

@@ -2,8 +2,6 @@
 
 Lab Materials for 245CT
 
-
-
 ## Subtrees
 
 
@@ -30,3 +28,4 @@ git subtree pull --prefix <directory> <remote> <branch> --squash
 git subtree pull --prefix Week7_XSS/Challenges XSS_Trainer main --squash
 
 
+

Week7_XSS/Challenges/CHANGES.md

@@ -1,7 +1,9 @@
-# Version 0.2.1
+# Version 0.3
 
   - Levels can now give out flags
-
+  - Levels can now have Authors
+  - Added some student contributed levels
+  - We can now inject cookies into the render, so they can get Jacked
 
 # Version 0.2
 

Week7_XSS/Challenges/NOTES.md

@@ -1,49 +1,47 @@
-#Old code for testing
-
-@app.route("/target")
-def target():
-    """ For setup a fake target page """
-    return flask.render_template("payload.html",
-                                 payload = "Safe")
-
-@app.route("/xsstarget")
-def xssTarget():
-    """
-    Test returning something with XSS"""
-    return flask.render_template("payload.html",
-                                 payload = "<script>alert(1)</script>")
-
-@app.route("/test/text")
-def test():
-    """ 
-    A page that will test if we can get something using selenium
-
-    For the first Development fuck proper python.
-    Imports can live here
-    """
-    pageText = driver.getPage("http://flask:5000/target")
-    return pageText
-
-@app.route("/test/safe")
-def testsafe():
-    """ 
-    A page that will test if we can get something using selenium
-
-    For the first Development fuck proper python.
-    Imports can live here
-    """
-    pageText = driver.checkPage("http://flask:5000/target")
-    return str(pageText)
-
-
-@app.route("/test/target")
-def testtarget():
-    """ 
-    A page that will test if we can get something using selenium
-
-    For the first Development fuck proper python.
-    Imports can live here
-    """
-    pageText = driver.checkPage("http://flask:5000/xsstarget")
-    return str(pageText)
+
+## Plan
+
+Standalone Documentation and Levels for XSS attacks
+
+  - Make use of Flask to host the thing
+  - Selenium (or Seleniniod) To check for XSS being Trigered
+
+  - Training
+    - Walk-through of Some simple XSS Style Attacks
+	  - Triggering an Alert
+	  - Page Redirection
+	  - Session Jacking 
+
+  - Levels
+    - N Levels to test skills
+	- Some "Hand Holding"
+	- Later Levels rely on research.
+	- Explain Cutoff for Pass / First In Skills test.
+
+
+## Levels
+
+| Level | Lang   | Notes                              |
+|-------|--------|------------------------------------|
+| 0     | Python | Training                           |
+| 1     | Python | Training                           |
+| 2     | Python | CLient Side                        |
+| 3     | Python | Basic Replace                      |
+| 4     | Python | Regexp                             |
+| 5     | PHP    | Preg_replace                       |
+| 6     | Python | Stop Execute if "script" in string |
+| 7     | Python | Markdown                           |
+| 8     | HTML   | Attributes                         |
+
+
+## Notes
+
+This might be useful for text
+
+https://pypi.org/project/jinja-markdown/
+
+https://pythonhosted.org/Flask-Markdown/
+
+
+https://github.com/andymccurdy/redis-py
 

Week7_XSS/Challenges/README.md

@@ -4,53 +4,13 @@ Trainer for 245CT and XSS attacks
 
 [![made-with-python](https://img.shields.io/badge/Made%20with-Python-1f425f.svg)](https://www.python.org/)
 [![made-with-Markdown](https://img.shields.io/badge/Made%20with-Markdown-1f425f.svg)](http://commonmark.org)
-[![Version-0.2](https://img.shields.io/badge/Version-0.2-green.svg)](https://shields.io/)
+[![Version-0.3](https://img.shields.io/badge/Version-0.3-green.svg)](https://shields.io/)
 
-## Plan
 
-Standalone Documentation and Levels for XSS attacks
 
-  - Make use of Flask to host the thing
-  - Selenium (or Seleniniod) To check for XSS being Trigered
-
-  - Training
-    - Walk-through of Some simple XSS Style Attacks
-	  - Triggering an Alert
-	  - Page Redirection
-	  - Session Jacking 
-
-  - Levels
-    - N Levels to test skills
-	- Some "Hand Holding"
-	- Later Levels rely on research.
-	- Explain Cutoff for Pass / First In Skills test.
-
+## Contributors
 
-## Levels
+  - Dan (Dang42) 
+  - Ben (Sharkmoos)
 
-| Level | Lang   | Notes                              |
-|-------|--------|------------------------------------|
-| 0     | Python | Training                           |
-| 1     | Python | Training                           |
-| 2     | Python | CLient Side                        |
-| 3     | Python | Basic Replace                      |
-| 4     | Python | Regexp                             |
-| 5     | PHP    | Preg_replace                       |
-| 6     | Python | Stop Execute if "script" in string |
-| 7     | Python | Markdown                           |
-| 8     | HTML   | Attributes                         |
 
-
-## Notes
-
-This might be useful for text
-
-https://pypi.org/project/jinja-markdown/
-
-https://pythonhosted.org/Flask-Markdown/
-
-
-https://github.com/andymccurdy/redis-py
-
-
-[![forthebadge](https://forthebadge.com/images/badges/powered-by-electricity.svg)](https://forthebadge.com)

Week7_XSS/Challenges/webapp/xss_trainer/levels/baseLevels.py

@@ -17,8 +17,8 @@ class Training(meta.BaseLevel):
     """
     Our initial Training Level
     """
-    levelname = "Training"
-    template = "intro.html"
+    levelname = "Tutorial"
+
 
 class NoFilter(meta.BaseLevel):
     """
@@ -27,20 +27,24 @@ class NoFilter(meta.BaseLevel):
     levelname = "No Filter"
     template = "noFilter.html"
     flag = "CUEH{Made_It_Past_Level_1}"
-
+    author = "Dang42"
+
 class ClientFilter(meta.BaseLevel):
     """
     In this level we protect by making sure the user submits an email
     """
     levelname = "Client Side Filter"
     template = "ClientSide.html"
+    author = "Dang42"
 
 class SimpleReplace(meta.BaseLevel):
     """
     Replace just <script>
     """
     levelname = "Simple Replace"
     template = "SimpleReplace.html"
+    author = "Dang42"
+
 
     def sanitise(self, data):
         payload = data.replace("<script>", "")
@@ -54,6 +58,8 @@ class BasicRegexp(meta.BaseLevel):
     """
     levelname = "Basic Regexp"
     template = "BasicRegexp.html"
+    author = "Dang42"
+
 
     def sanitise(self, data):
         regexp = re.compile("<\/?script>", re.IGNORECASE)
@@ -67,6 +73,7 @@ class BasicPHPRegexp(meta.BaseLevel):
 
     levelname = "Basic preg_replace"
     template = "BasicPreg.html"
+    author = "Dang42"
 
     def sanitise(self, data):
 
@@ -85,13 +92,14 @@ class ScriptTagFilter(meta.BaseLevel):
 
     levelname = "Script tag Filter"
     template = "ScriptTagFilter.html"
+    author = "Dang42"
+
 
     def sanitise(self, data):
         regexp = re.compile("script", re.IGNORECASE)
         if regexp.search(data):
             return "<div class='alert alert-critical'>XSS Detected!</div>"
-
-        return data
+
 
 
 class MarkdownOutput(meta.BaseLevel):
@@ -103,6 +111,7 @@ class MarkdownOutput(meta.BaseLevel):
 
     levelname = "Output Formats"
     template = "MarkdownOutput.html"
+    author = "Dang42"
 
     def sanitise(self, data):
         clean = html.escape(data)
@@ -116,22 +125,24 @@ class TagAttributes(meta.BaseLevel):
     """
     levelname = "Tag Attributes"
     template = "TagAttributes.html"
+    author = "Dang42"
+
 
     def sanitise(self, data):
         attributes = flask.request.form.get("attributes", "")
         clean = html.escape(data, quote=True)
         payload = f"<details {attributes}>{clean}</details>"
         return payload
 
-
-
 class BootstrapTags(meta.BaseLevel):
     """
     XSS through bootstrap CSS animations
     """
 
     levelname = "More Tag Attributes"
     template = "BootstrapTags.html"
+    author = "Dang42"
+
 
     def sanitise(self, data):
         alertLevel = flask.request.args.get("style", "primary")

Week7_XSS/Challenges/webapp/xss_trainer/levels/contrib.py

@@ -0,0 +1,42 @@
+"""
+User Contributed Levels
+"""
+
+
+import base64
+
+import xss_trainer.levels.meta as meta
+
+
+class EscapeChars(meta.BaseLevel):
+    """
+    Bens level for escape Characters
+    """
+
+    levelname = "Escape Characters"
+    template = "EscapeChars.html"
+    author = "Sharkmoos"
+
+    def sanitise(self, data):
+        # This is more of a level 2/3 difficulty
+        payload = (data.replace("'", "\\'")).replace('"', '\\"')
+        return payload
+
+class Encoding(meta.BaseLevel):
+    """
+    Base 64 Encoding is a thing
+    """
+    levelname = "Encoding"
+    template ="Encoding.html"
+    author = "Sharkmoos"
+
+    def sanitise(self, data):
+        payload = (data.replace("<", "")).replace(">","")
+        # We are expecting a b64 string, so we need to add out own padding if thats not what they give us
+        try:
+        # Rather than using .decode('base64') and leave it as bytex, let's format a nice string
+            decoded_payload = base64.b64decode(payload.encode('ascii')).decode('ascii')
+        except Exception:
+            decoded_payload = ("Input did not have correct encoding")
+
+        return decoded_payload

Week7_XSS/Challenges/webapp/xss_trainer/levels/intermediate.py

@@ -0,0 +1,19 @@
+"""
+Levels that deal with Sessions and other fun things
+"""
+
+
+import xss_trainer.levels.meta as meta
+
+
+class SessionTest(meta.BaseLevel):
+    """
+    A testing level for Sessions
+    """
+    levelname = "Session Tokens"
+    template = "sessionTest.html"
+    author = "Dang42"
+    #Need to be key value
+    cookie = ["xss_session", "FakeSessionCookie"]
+    flag = "CUEH{CookieSubmit}"
+#    renderer = "customRender.html"

Week7_XSS/Challenges/webapp/xss_trainer/templates/customRender.html

@@ -0,0 +1 @@
+<h1>Bar</h1>

Week7_XSS/Challenges/webapp/xss_trainer/templates/index.html

@@ -19,7 +19,7 @@
   {% if loop.index0 <= session["level"]  %}
       <li><a href="{{url_for('levels', levelId=loop.index0)}}">Level {{ loop.index0 }}: <strong>{{ item.levelname }}</scrong></a></li>
     {% else %}
-      <li>Level {{ loop.index0 }}: {{ item.name }}</li>
+      <li>Level {{ loop.index0 }}: {{ item.levelname }}</li>
     {% endif %}
   {% endfor %}
 </ul>

Week7_XSS/Challenges/webapp/xss_trainer/templates/levelBase.html

@@ -22,6 +22,14 @@
 <body>
   <div class="container">
     {% include("nav.html") %}
+
+
+    <h1>Level {{ level }}:  {{ thisLevel.levelname }}</h1>
+    {% if thisLevel.author %}
+    <span class="badge text-white p-0 m-1 mb-5">
+      <span class="bg-secondary py-1 px-2 mr-0 rounded-left">Author:</span><span class="py-1 px-2 rounded-right" style="background:#007bff;">{{ thisLevel.author }}</span>
+    </span>
+    {% endif %}
 
     {% block content %}
     {% endblock content %}
@@ -71,7 +79,18 @@
           {% endif %}
 	{% endif %}
       {% endblock output %}
+
+      {% block cookieOutput %}
+	{# ---------- TEST CODE FOR COOKIES --------- #}
+	{% if thisLevel.cookie %}	
+   	    {% if request.cookies.get(thisLevel.cookie[0]) == thisLevel.cookie[1] %}
+	    <div class="alert alert-success">Flag: {{thisLevel.flag}}</div>
+	    {% endif %}
 
+	{% endif %}
+	{# ----------- END COOKIE TEST -------------- #}
+     {% endblock cookieOutput %}
+
       </div>
     </div>