Permalink
Show file tree
Hide file tree
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Showing
46 changed files
with
1,863 additions
and
9 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
*~ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
# REquests and HTTP TRainer | ||
|
||
|
||
## Basics Requesty Stff | ||
|
||
## Challenges | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
version: "3.8" | ||
services: | ||
flask: | ||
build: . | ||
ports: | ||
- "5000:5000" | ||
expose: | ||
- 5000 | ||
environment: | ||
- FLASK_APP=/opt/RequestApp | ||
|
||
# deploy: | ||
# restart_policy: | ||
# condition: any | ||
# delay: 5s | ||
# max_attempts: 5 | ||
# window: 120s |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,4 +1,4 @@ | ||
version: "3.0" | ||
version: "3.8" | ||
services: | ||
flask: | ||
build: . | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -3,3 +3,4 @@ from .meta import * | ||
from .app import * | ||
from .requestViews import * | ||
from .sessionViews import * | ||
from .requestChals import * |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,113 @@ | ||
""" | ||
Request Based Challenges | ||
""" | ||
|
||
import json | ||
|
||
import flask | ||
from .meta import app | ||
|
||
import logging | ||
|
||
import time | ||
import random | ||
|
||
|
||
#Store the data | ||
automateData = {"time":None, | ||
"q1": None, | ||
"q2": None} | ||
|
||
@app.route("/challenges/setUA", methods=["GET","POST"]) | ||
def userAgentChallenge(): | ||
|
||
UA = flask.request.headers.get("user-agent") | ||
|
||
|
||
theFlag = False | ||
if flask.request.method == "POST": | ||
if UA == "l33t Hax0r": | ||
theFlag = "245CT{Ch@nging_UA}" | ||
|
||
|
||
|
||
return flask.render_template("userAgentChal.html", | ||
flag = theFlag) | ||
|
||
|
||
|
||
@app.route("/challenges/Response") | ||
def responseChallenge(): | ||
return flask.render_template("responseTarget.html") | ||
|
||
@app.route("/challenge/theResponse") | ||
def responsePage(): | ||
return flask.render_template("responseChallenge.html") | ||
|
||
|
||
|
||
@app.route("/challenge/automate") | ||
def automateChallenge(): | ||
|
||
submitted = False | ||
flag = False | ||
if flask.request.args.get("q1"): | ||
#Something has been sbmitted" | ||
|
||
submitted = "Too Slow" | ||
sTime = time.time() | ||
u1 = flask.request.args.get("q1") | ||
u2 = flask.request.args.get("q2") | ||
|
||
if u1 == str(automateData["q1"]): | ||
if u2 == automateData["q2"]: | ||
tDelta = sTime - automateData["time"] | ||
if tDelta < 2: | ||
flag = "245{Automation_R0cks}" | ||
else: | ||
submitted = "Too Slow" | ||
else: | ||
submitted = "Incorrect" | ||
else: | ||
submitted = "Incorrect" | ||
|
||
|
||
|
||
if not flag: | ||
logging.warning("Generate New Questions") | ||
#Work out the Questions | ||
p1 = random.randrange(10) | ||
p2 = random.randrange(10) | ||
q1 = "{0} + {1}".format(p1, p2) | ||
q1a = p1 + p2 | ||
|
||
q2 = random.choice(["Lion El'Jonson", | ||
"Fulgrim", | ||
"Perturabo", | ||
"Jaghatai Khan", | ||
"Leman Russ", | ||
"Rogal Dorn", | ||
"Konrad Curze", | ||
"Sanguinius", | ||
"Ferrus Manus", | ||
"Angron", | ||
"Roboute Guilliman", | ||
"Mortarion", | ||
"Magnus the Red", | ||
"Horus", | ||
"Lorgar", | ||
"Vulkan", | ||
"Corax", | ||
"Alpharius Omegon"]) | ||
|
||
automateData["time"] = time.time() | ||
automateData["q1"] = str(q1a) | ||
automateData["q2"] = q2 | ||
|
||
|
||
return flask.render_template("automateChallenge.html", | ||
q1 = q1, | ||
q2 = q2, | ||
submitted = submitted, | ||
flag = flag) | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,47 @@ | ||
{% extends "base.html" %} | ||
|
||
{% block navTabs %} | ||
{% include "helpers/requestNav.html" %} | ||
{% endblock navTabs %} | ||
|
||
|
||
|
||
|
||
{% block content %} | ||
|
||
<h1>Automation</h1> | ||
|
||
<div class="section"> | ||
<p>Answer the Questions</p> | ||
</div> | ||
|
||
<div class="section"> | ||
<form> | ||
<div class="row"> | ||
<div class="input-field col s12"> | ||
<input id="q1" name="q1" type="text"> | ||
<label for="q1">What is {{q1}}</label> | ||
</div> | ||
</div> | ||
|
||
<div class="row"> | ||
<div class="input-field col s12"> | ||
<input id="q2" name="q2" type="text" placeholder="{{q2}}"> | ||
<label for="q2">Enter the text {{ q2 }}</label> | ||
</div> | ||
</div> | ||
<button class="btn waves-effect waves-light" type="submit" name="action">Submit</button> | ||
</form> | ||
</div> | ||
|
||
{% if submitted %} | ||
<div class="section"> | ||
{% if flag %} | ||
{{ flag }} | ||
{% else %} | ||
{{ submitted }} | ||
{% endif %} | ||
</div> | ||
{% endif %} | ||
|
||
{% endblock content %} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,54 @@ | ||
{% extends "base.html" %} | ||
|
||
{% block navTabs %} | ||
{% include "helpers/sessionNav.html" %} | ||
{% endblock navTabs %} | ||
|
||
|
||
|
||
{% block content %} | ||
<h1>Cookie Challenge</h1> | ||
|
||
<div class="section"> | ||
<h3>Challenge</h3> | ||
|
||
<p>Set the Session Cookies to become Admin</p> | ||
|
||
</div> | ||
|
||
|
||
<div class="section"> | ||
<h2>Login Form</h2> | ||
<form method="POST"> | ||
<div class="row"> | ||
<div class="input-field col s12"> | ||
<input id="user" name="user" type="text"> | ||
<label for="user">User Name</label> | ||
</div> | ||
</div> | ||
<button class="btn waves-effect waves-light" type="submit" name="action">Submit</button> | ||
</form> | ||
</div> | ||
|
||
|
||
|
||
{% if uName %} | ||
<div class="section"> | ||
<div class="card blue-grey darken-1"> | ||
<div class="card-content white-text"> | ||
<span class="card-title">Result</span> | ||
|
||
<p>Loggged in as <strong>{{ uName }}</strong></p> | ||
{% if admin == "True" %} | ||
<a href="{{ url_for('cookieCheck') }}">Get Flag</a> | ||
{% else %} | ||
<p>Not Admin</p> | ||
{% endif %} | ||
</div> | ||
</div> | ||
|
||
</div> | ||
{% endif %} | ||
|
||
|
||
{% endblock content %} |
Oops, something went wrong.