Merge pull request #8 from CUEH/SubTrees

Sub trees
CUEH · Mar 4, 2021 · dfecae1f5bcb6b5870db4b7ac6ef8b4ac5f4dc16 · dfecae1
2 parents 67d128f + aa03814
commit dfecae1f5bcb6b5870db4b7ac6ef8b4ac5f4dc16
Show file tree

Hide file tree

Showing 46 changed files with 1,863 additions and 9 deletions.
diff --git a/Week5_Requests/.gitignore b/Week5_Requests/.gitignore
@@ -0,0 +1 @@
+*~
diff --git a/Week5_Requests/README.md b/Week5_Requests/README.md
@@ -0,0 +1,7 @@
+# REquests and HTTP TRainer
+
+
+## Basics Requesty Stff
+
+## Challenges
+
diff --git a/Week5_Requests/compose-deploy.yml b/Week5_Requests/compose-deploy.yml
@@ -0,0 +1,17 @@
+version: "3.8"
+services:
+  flask:
+    build: .
+    ports:
+      - "5000:5000"
+    expose:
+      - 5000
+    environment:
+      - FLASK_APP=/opt/RequestApp
+
+#    deploy:
+#      restart_policy:
+#        condition: any
+#        delay: 5s
+#        max_attempts: 5
+#        window: 120s
diff --git a/Week5_Requests/docker-compose.yml b/Week5_Requests/docker-compose.yml
@@ -1,4 +1,4 @@
-version: "3.0"
+version: "3.8"
 services:
   flask:
     build: .

diff --git a/Week5_Requests/opt/RequestApp/__init__.py b/Week5_Requests/opt/RequestApp/__init__.py
@@ -3,3 +3,4 @@ from .meta import *
 from .app import *
 from .requestViews import *
 from .sessionViews import *
+from .requestChals import *
diff --git a/Week5_Requests/opt/RequestApp/app.py b/Week5_Requests/opt/RequestApp/app.py
@@ -41,6 +41,10 @@ def badEnum():
 @app.route("/my-sql/admin")
 @app.route("/my/admin/spider")
 def enumSuccess():
+
+    #Can i get the route
+#    flask.request.route
+
     return flask.render_template('enum.html',
                                  success=True)
 
diff --git a/Week5_Requests/opt/RequestApp/meta.py b/Week5_Requests/opt/RequestApp/meta.py
@@ -1,7 +1,7 @@
 import flask
 
 app = flask.Flask(__name__)
-app.secret_key = "any random string"
+app.secret_key = "Sekr3t_Tok3n"
 app.config.update(
     SESSION_COOKIE_SAMESITE='Strict',
 )

diff --git a/Week5_Requests/opt/RequestApp/requestChals.py b/Week5_Requests/opt/RequestApp/requestChals.py
@@ -0,0 +1,113 @@
+"""
+Request Based Challenges
+"""
+
+import json
+
+import flask
+from .meta import app
+
+import logging
+
+import time
+import random
+
+
+#Store the data
+automateData = {"time":None,
+                "q1": None,
+                "q2": None}
+
+@app.route("/challenges/setUA", methods=["GET","POST"])
+def userAgentChallenge():
+
+    UA = flask.request.headers.get("user-agent")
+
+
+    theFlag = False
+    if flask.request.method == "POST":
+        if UA == "l33t Hax0r":
+            theFlag = "245CT{Ch@nging_UA}"
+
+
+
+    return flask.render_template("userAgentChal.html",
+                                 flag = theFlag)
+
+
+
+@app.route("/challenges/Response")
+def responseChallenge():
+    return flask.render_template("responseTarget.html")
+
+@app.route("/challenge/theResponse")
+def responsePage():
+    return flask.render_template("responseChallenge.html")
+
+
+
+@app.route("/challenge/automate")
+def automateChallenge():
+
+    submitted = False
+    flag = False
+    if flask.request.args.get("q1"):
+        #Something has been sbmitted"
+
+        submitted = "Too Slow"
+        sTime = time.time()
+        u1 = flask.request.args.get("q1")
+        u2 = flask.request.args.get("q2")
+
+        if u1 == str(automateData["q1"]):
+            if u2 == automateData["q2"]:
+                tDelta = sTime - automateData["time"]
+                if tDelta < 2:
+                    flag = "245{Automation_R0cks}"
+                else:
+                    submitted = "Too Slow"
+            else:
+                submitted = "Incorrect"
+        else:
+            submitted = "Incorrect"
+
+
+
+    if not flag:
+        logging.warning("Generate New Questions")
+        #Work out the Questions
+        p1 = random.randrange(10)
+        p2 = random.randrange(10)
+        q1 = "{0} + {1}".format(p1, p2)
+        q1a = p1 + p2
+
+        q2 = random.choice(["Lion El'Jonson",
+                           "Fulgrim",
+                           "Perturabo",
+                           "Jaghatai Khan",
+                           "Leman Russ",
+                           "Rogal Dorn",
+                           "Konrad Curze",
+                           "Sanguinius", 
+                           "Ferrus Manus",
+                           "Angron",
+                           "Roboute Guilliman",
+                           "Mortarion",
+                           "Magnus the Red",
+                           "Horus",
+                           "Lorgar",
+                           "Vulkan",
+                           "Corax",
+                            "Alpharius Omegon"])
+
+        automateData["time"] = time.time()
+        automateData["q1"] = str(q1a)
+        automateData["q2"] = q2
+
+
+    return flask.render_template("automateChallenge.html",
+                                 q1 = q1,
+                                 q2 = q2,
+                                 submitted = submitted,
+                                 flag = flag)
+
diff --git a/Week5_Requests/opt/RequestApp/requestViews.py b/Week5_Requests/opt/RequestApp/requestViews.py
@@ -41,6 +41,7 @@ def requestJson():
     View the Request headers in JSON format
     """
 
+    logging.warning(flask.request.headers)
     output = {"method": flask.request.method,
               "headers": dict(flask.request.headers),
               "args": dict(flask.request.args),

diff --git a/Week5_Requests/opt/RequestApp/sessionViews.py b/Week5_Requests/opt/RequestApp/sessionViews.py
@@ -66,13 +66,31 @@ def cookieDemo():
 
 
 
+@app.route("/sessions/sessionState", methods=["GET","POST"])
+def sessionDemo():    
+    username = flask.request.form.get("user")
+    if not username:
+        username = flask.session.get("user")
+    isAdmin = flask.session.get("admin","False")
+    attempts = flask.session.get("attempts",0)
 
+    attempts = int(attempts)
 
-@app.route("/sessions/sessionState", methods=["GET","POST"])
-def sessionDemo():
+    if username:
+        flask.session['user'] = username
+        flask.session['admin'] = isAdmin
+    flask.session['attempts'] = str(attempts)
+
+    return flask.render_template("sessionDemo.html",
+                                 uName = username,
+                                 admin = isAdmin,
+                                 attempts = attempts                                        
+                                 )
 
 
-
+
+@app.route("/challenges/sessionChallenge", methods=["GET","POST"])
+def sessionChallenge():    
     username = flask.request.form.get("user")
     if not username:
         username = flask.session.get("user")
@@ -81,14 +99,54 @@ def sessionDemo():
 
     attempts = int(attempts)
 
+
+
     if username:
         flask.session['user'] = username
         flask.session['admin'] = isAdmin
     flask.session['attempts'] = str(attempts)
 
-    return flask.render_template("sessionDemo.html",
+    return flask.render_template("sessionChallenge.html",
                                  uName = username,
                                  admin = isAdmin,
-                                 attempts = attempts                                        
+                                 attempts = attempts,
+                                 secretKey = app.secret_key
                                  )
 
+
+
+@app.route("/challenges/cookieChallenge", methods=["GET","POST"])
+def cookieChallenge():
+
+    username = flask.request.form.get("user")
+    if not username:
+        username = flask.request.cookies.get("user")
+    isAdmin = flask.request.cookies.get("adminChallenge","False")
+
+    theTemplate = flask.render_template("cookieChallenge.html",
+                                        uName = username,
+                                        admin = isAdmin,
+                                        )
+    resp = flask.Response(theTemplate)
+    if username:
+        resp.set_cookie('user', username, max_age=60*5, samesite="Strict")
+        resp.set_cookie('adminChallenge', isAdmin, max_age=1, samesite="Strict")
+
+    return resp
+
+
+@app.route("/challenges/cookieCheck")
+def cookieCheck():
+
+    import time
+    time.sleep(1)
+    isAdmin = flask.request.cookies.get("adminChallenge","False")
+
+    return flask.render_template("cookieCheck.html",
+                                 admin = isAdmin)
+
+
+
+
+
+
diff --git a/Week5_Requests/opt/RequestApp/templates/automateChallenge.html b/Week5_Requests/opt/RequestApp/templates/automateChallenge.html
@@ -0,0 +1,47 @@
+{% extends "base.html" %}
+
+{% block navTabs %}
+{% include "helpers/requestNav.html" %}
+{% endblock navTabs %}
+
+
+
+
+{% block content %}
+
+<h1>Automation</h1>
+
+<div class="section">
+  <p>Answer the Questions</p>
+</div>
+
+<div class="section">
+    <form>
+    <div class="row">
+      <div class="input-field col s12">
+	<input id="q1" name="q1" type="text">
+	<label for="q1">What is {{q1}}</label>
+      </div>
+    </div>
+
+    <div class="row">
+      <div class="input-field col s12">
+	<input id="q2" name="q2" type="text" placeholder="{{q2}}">
+	<label for="q2">Enter the text {{ q2 }}</label>
+      </div>
+    </div>
+     <button class="btn waves-effect waves-light" type="submit" name="action">Submit</button>
+  </form>
+</div>
+
+{% if submitted %}
+<div class="section">
+  {% if flag %}
+  {{ flag }}
+  {% else %}
+  {{ submitted }}
+    {% endif %}
+</div>
+{% endif %}
+
+{% endblock content %}
diff --git a/Week5_Requests/opt/RequestApp/templates/base.html b/Week5_Requests/opt/RequestApp/templates/base.html
@@ -10,13 +10,13 @@
  <!-- Compiled and minified CSS -->
     <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/materialize/1.0.0/css/materialize.min.css">
 
-    <title>Python Shells</title>
+    <title>Python Requests</title>
 
     <style>
       nav a {
 	  text-transform: uppercase;
       }
-      </style>
+    </style>
 </head>
 
 <body>

diff --git a/Week5_Requests/opt/RequestApp/templates/cookieChallenge.html b/Week5_Requests/opt/RequestApp/templates/cookieChallenge.html
@@ -0,0 +1,54 @@
+{% extends "base.html" %}
+
+{% block navTabs %}
+{% include "helpers/sessionNav.html" %}
+{% endblock navTabs %}
+
+
+
+{% block content %}
+<h1>Cookie Challenge</h1>
+
+<div class="section">
+  <h3>Challenge</h3>
+
+  <p>Set the Session Cookies to become Admin</p>
+
+</div>
+
+
+<div class="section">
+  <h2>Login Form</h2>
+  <form method="POST">
+    <div class="row">
+      <div class="input-field col s12">
+	<input id="user" name="user" type="text">
+	<label for="user">User Name</label>
+      </div>
+    </div>
+     <button class="btn waves-effect waves-light" type="submit" name="action">Submit</button>
+  </form>
+</div>
+
+
+
+{% if uName %}
+<div class="section">
+  <div class="card blue-grey darken-1">
+    <div class="card-content white-text">
+      <span class="card-title">Result</span>
+
+      <p>Loggged in as <strong>{{ uName }}</strong></p>
+      {% if admin == "True" %}
+      <a href="{{ url_for('cookieCheck') }}">Get Flag</a>
+      {% else %}
+      <p>Not Admin</p>
+      {% endif %}
+    </div>
+  </div>
+
+</div>
+{% endif %}
+
+
+{% endblock content %}