From 24cd8bc11345395f1a0bb64d61e51e207d8b3ace Mon Sep 17 00:00:00 2001 From: 53hornet <53hornet@gmail.com> Date: Sat, 2 Feb 2019 23:10:20 -0500 Subject: Init. --- hw4/.gitignore | 3 ++ hw4/cat.jpg | Bin 0 -> 50325 bytes hw4/cgi-bin/._board.py | Bin 0 -> 355 bytes hw4/cgi-bin/._login.py | Bin 0 -> 299 bytes hw4/cgi-bin/._logout.py | Bin 0 -> 299 bytes hw4/cgi-bin/._output.py | Bin 0 -> 299 bytes hw4/cgi-bin/._post.py | Bin 0 -> 299 bytes hw4/cgi-bin/._steal_session.py | Bin 0 -> 299 bytes hw4/cgi-bin/board.py | 21 +++++++++ hw4/cgi-bin/login.py | 39 +++++++++++++++++ hw4/cgi-bin/logout.py | 23 ++++++++++ hw4/cgi-bin/output.py | 97 +++++++++++++++++++++++++++++++++++++++++ hw4/cgi-bin/post.py | 39 +++++++++++++++++ hw4/cgi-bin/steal_session.py | 24 ++++++++++ hw4/csrf.html | 14 ++++++ hw4/index.html | 1 + hw4/messages | 4 ++ hw4/sessions | 0 hw4/simple-xss.txt | 1 + hw4/stolen_sessions | 0 hw4/users | 2 + 21 files changed, 268 insertions(+) create mode 100644 hw4/.gitignore create mode 100644 hw4/cat.jpg create mode 100755 hw4/cgi-bin/._board.py create mode 100755 hw4/cgi-bin/._login.py create mode 100755 hw4/cgi-bin/._logout.py create mode 100755 hw4/cgi-bin/._output.py create mode 100755 hw4/cgi-bin/._post.py create mode 100755 hw4/cgi-bin/._steal_session.py create mode 100755 hw4/cgi-bin/board.py create mode 100755 hw4/cgi-bin/login.py create mode 100755 hw4/cgi-bin/logout.py create mode 100755 hw4/cgi-bin/output.py create mode 100755 hw4/cgi-bin/post.py create mode 100755 hw4/cgi-bin/steal_session.py create mode 100644 hw4/csrf.html create mode 100644 hw4/index.html create mode 100644 hw4/messages create mode 100644 hw4/sessions create mode 100644 hw4/simple-xss.txt create mode 100644 hw4/stolen_sessions create mode 100644 hw4/users (limited to 'hw4') diff --git a/hw4/.gitignore b/hw4/.gitignore new file mode 100644 index 0000000..8a80dbd --- /dev/null +++ b/hw4/.gitignore @@ -0,0 +1,3 @@ +*.pyc +*.log + diff --git a/hw4/cat.jpg b/hw4/cat.jpg new file mode 100644 index 0000000..1890aa8 Binary files /dev/null and b/hw4/cat.jpg differ diff --git a/hw4/cgi-bin/._board.py b/hw4/cgi-bin/._board.py new file mode 100755 index 0000000..ef20daa Binary files /dev/null and b/hw4/cgi-bin/._board.py differ diff --git a/hw4/cgi-bin/._login.py b/hw4/cgi-bin/._login.py new file mode 100755 index 0000000..26100f6 Binary files /dev/null and b/hw4/cgi-bin/._login.py differ diff --git a/hw4/cgi-bin/._logout.py b/hw4/cgi-bin/._logout.py new file mode 100755 index 0000000..9d1f260 Binary files /dev/null and b/hw4/cgi-bin/._logout.py differ diff --git a/hw4/cgi-bin/._output.py b/hw4/cgi-bin/._output.py new file mode 100755 index 0000000..25267ab Binary files /dev/null and b/hw4/cgi-bin/._output.py differ diff --git a/hw4/cgi-bin/._post.py b/hw4/cgi-bin/._post.py new file mode 100755 index 0000000..fc9cd5d Binary files /dev/null and b/hw4/cgi-bin/._post.py differ diff --git a/hw4/cgi-bin/._steal_session.py b/hw4/cgi-bin/._steal_session.py new file mode 100755 index 0000000..69e619e Binary files /dev/null and b/hw4/cgi-bin/._steal_session.py differ diff --git a/hw4/cgi-bin/board.py b/hw4/cgi-bin/board.py new file mode 100755 index 0000000..5ca8afc --- /dev/null +++ b/hw4/cgi-bin/board.py @@ -0,0 +1,21 @@ +#!/usr/bin/env python2.7 +import Cookie, os, time +import re +import uuid +import cgi +import cgitb + +cgitb.enable() ## allows for debugging errors from the cgi scripts in the browser + +from output import * + +cookie = Cookie.SimpleCookie() # for writing cookies +form = cgi.FieldStorage() # for reading GET datas + +if not Login(): + DisplayLogin() + +# if we get here, this is an authorized user, let's print the messages +PrintMessages() + +exit(0) diff --git a/hw4/cgi-bin/login.py b/hw4/cgi-bin/login.py new file mode 100755 index 0000000..a308dde --- /dev/null +++ b/hw4/cgi-bin/login.py @@ -0,0 +1,39 @@ +#!/usr/bin/env python2.7 +import Cookie, os, time +import re +import uuid +import cgi +import cgitb +import random + +from output import * + +cgitb.enable() ## allows for debugging errors from the cgi scripts in the browser + +cookie = Cookie.SimpleCookie() # for writing cookies +cookie_string = os.environ.get('HTTP_COOKIE') # for reading cookies +form = cgi.FieldStorage() # for reading GET data + +login = form.getvalue('username') +password = form.getvalue('password') +with open('users', 'r') as users: + s = users.read() + if s.find(login + ' ' + password) == -1: + ShowError() + + # else set session id cookie and store it in the file! + s_id = uuid.uuid4().hex + cookie['session_id'] = s_id # login + + # xss protection -- set session_id cookie to httpOnly + cookie['session_id']['httponly'] = '1' + + with open("sessions", "a") as myfile: + # csrf protection -- session token construction + random.seed() + csrfToken = str(random.random()) + myfile.write(s_id + ' ' + login + ' ' + csrfToken + '\n') + + print cookie + +RedirectToBoard() diff --git a/hw4/cgi-bin/logout.py b/hw4/cgi-bin/logout.py new file mode 100755 index 0000000..9d64800 --- /dev/null +++ b/hw4/cgi-bin/logout.py @@ -0,0 +1,23 @@ +#!/usr/bin/env python2.7 +import Cookie, os, time +import re +import uuid +import cgi +import cgitb + +from output import * + +cgitb.enable() ## allows for debugging errors from the cgi scripts in the browser + +cookie = Cookie.SimpleCookie() # for writing cookies +form = cgi.FieldStorage() # for reading GET data + +message = form.getvalue('message') + +user = Login() +if not user: + ShowError() + exit(0) + +RemoveAllUserSessions(user) +RedirectToBoard() diff --git a/hw4/cgi-bin/output.py b/hw4/cgi-bin/output.py new file mode 100755 index 0000000..544ac60 --- /dev/null +++ b/hw4/cgi-bin/output.py @@ -0,0 +1,97 @@ +import os +import re + +def DisplayLogin(): + print 'Content-Type: text/html\n' + print '
' + print """ +We got your session key
' +exit(0) diff --git a/hw4/csrf.html b/hw4/csrf.html new file mode 100644 index 0000000..3e8cdae --- /dev/null +++ b/hw4/csrf.html @@ -0,0 +1,14 @@ + +