from django.http import HttpResponse
from django.template import loader
from flags import FlagGenerator
FLAGS = FlagGenerator.generate_flags()
def shadow(request):
context = {"flag": FLAGS["dir_traveler"][0]}
template = loader.get_template('traveler/shadow.html')
return HttpResponse(template.render(context, request))
def passwd(request):
context = {"flag": FLAGS["dir_traveler"][0]}
template = loader.get_template('traveler/passwd.html')
return HttpResponse(template.render(context, request))
from enum import Enum
from uuid import uuid4
from flags import FlagGenerator
FLAGS = FlagGenerator.generate_flags()
MAX_FLAG_LENGTH = FlagGenerator.max_flag_length
class DataType(Enum):
ARBITRARY_USER_DATA = 1
FLAG = 2
OID = 3
SHORT_NAME = 4
PASSWORD = 5
PIN = 6
USER_SPECIFIED_MAX_LENGTH = 7
USER_SPECIFIED_EXACT_LENGTH = 8
def ObjectId():
return str(uuid4()).replace('-', '')
# The length an object ID should be
OID_LENGTH = len(ObjectId())
# The maximum length of user input we accept without error
MAX_DATA_LENGTH = 1000
# The max length for a username field that isn't vulnerable to SQLi
MAX_SHORT_NAME_LENGTH = 50
# The max length for a password field that isn't vulnerable to SQLi
'''
Creates the crap database for the hacking
'''
import os
import sys
import sqlite3
from rustedbunions import settings
from flags import FlagGenerator, CRAPDB_USERS
flags = FlagGenerator.generate_flags()
CRAPDB_SETUP = [
"CREATE TABLE flags (flag text)", "INSERT INTO flags VALUES ('{}')".format(
flags["flag_table1"][0]), "INSERT INTO flags VALUES ('{}')".format(
flags["flag_table2"][0]), "INSERT INTO flags VALUES ('{}')".format(
flags["flag_table3"][0]),
"INSERT INTO flags VALUES ('{}')".format(flags["flag_table4"][0]),
"INSERT INTO flags VALUES ('{}')".format(flags["flag_table5"][0]),
"INSERT INTO flags VALUES ('{}')".format(flags["flag_table6"][0]),
"INSERT INTO flags VALUES ('{}')".format(flags["flag_table7"][0]),
"INSERT INTO flags VALUES ('{}')".format(flags["flag_table8"][0]),
"INSERT INTO flags VALUES ('{}')".format(flags["flag_table9"][0]),
"INSERT INTO flags VALUES ('{}')".format(flags["flag_table10"][0]),
"INSERT INTO flags VALUES ('{}')".format(flags["flag_table11"][0]),
"INSERT INTO flags VALUES ('{}')".format(flags["flag_table12"][0]),
"INSERT INTO flags VALUES ('{}')".format(flags["flag_table13"][0]),
"INSERT INTO flags VALUES ('{}')".format(flags["flag_table14"][0]),
"INSERT INTO flags VALUES ('{}')".format(flags["flag_table15"][0]),
"INSERT INTO flags VALUES ('{}')".format(flags["flag_table16"][0]),
"INSERT INTO flags VALUES ('{}')".format(flags["flag_table17"][0]),
'''
Creates the crap database for the hacking
'''
import os
import sys
import sqlite3
from rustedbunions import settings
from flags import FlagGenerator, CRAPDB_USERS
flags = FlagGenerator.generate_flags()
CRAPDB_SETUP = [
"CREATE TABLE flags (flag text)",
"INSERT INTO flags VALUES ('{}')".format(flags["flag_table1"][0]),
"INSERT INTO flags VALUES ('{}')".format(flags["flag_table2"][0]),
"INSERT INTO flags VALUES ('{}')".format(flags["flag_table3"][0]),
"INSERT INTO flags VALUES ('{}')".format(flags["flag_table4"][0]),
"INSERT INTO flags VALUES ('{}')".format(flags["flag_table5"][0]),
"INSERT INTO flags VALUES ('{}')".format(flags["flag_table6"][0]),
"INSERT INTO flags VALUES ('{}')".format(flags["flag_table7"][0]),
"INSERT INTO flags VALUES ('{}')".format(flags["flag_table8"][0]),
"INSERT INTO flags VALUES ('{}')".format(flags["flag_table9"][0]),
"INSERT INTO flags VALUES ('{}')".format(flags["flag_table10"][0]),
"INSERT INTO flags VALUES ('{}')".format(flags["flag_table11"][0]),
"INSERT INTO flags VALUES ('{}')".format(flags["flag_table12"][0]),
"INSERT INTO flags VALUES ('{}')".format(flags["flag_table13"][0]),
"INSERT INTO flags VALUES ('{}')".format(flags["flag_table14"][0]),
"INSERT INTO flags VALUES ('{}')".format(flags["flag_table15"][0]),
"INSERT INTO flags VALUES ('{}')".format(flags["flag_table16"][0]),
"INSERT INTO flags VALUES ('{}')".format(flags["flag_table17"][0]),
def test_flag_generator():
"""Test flag generation from states"""
# Set up
flags = [4, 3, 2]
flags2 = [[-1, 1], 2]
flags3 = [[-5, 21, 4]]
states = 4 * 3 * 2
states2 = 3 * 2
states3 = 21
# Test 1: Instantiation
gen = FlagGenerator(*flags)
gen2 = FlagGenerator(*flags2)
gen3 = FlagGenerator(*flags3)
assert gen.num_states == states, "Flag state calculation failed."
assert gen2.num_states == states2, "Flag state calculation failed."
assert gen3.num_states == states3, "Flag state calculation failed."
# Test 2: Basis conversion
assert np.array_equal(gen.convert_basis(10, 2, 5), [0, 1, 0, 1]), "Decimal to n-ary failed."
assert np.array_equal(gen.convert_basis(6, 10, (2, 4)), [1, 6]), "N-ary to decimal failed."
assert np.array_equal(gen.convert_basis(2, 8, (1, 0, 1)), [0, 5]), "N-ary to n-ary failed."
assert np.array_equal(gen.convert_basis(10, 2, [1, 0]), [0, 1, 0, 1, 0]), "10-ary to n-ary failed."
# Test 3: Encoding and decoding
assert np.array_equal(gen.decode(12), [2, 0, 0]), 'Decoding failed.'
assert gen.encode(*gen.decode(12)) == 12, 'Encoding decoding mismatch.'
assert np.array_equal(gen2.decode(0), [-1, 0]), 'Decoding failed.'
assert gen2.encode(*gen2.decode(0)) == 0, 'Encoding decoding mismatch.'
assert np.array_equal(gen3.decode(1), [-4.55]), 'Decoding failed.'
assert gen3.encode(*gen3.decode(1)) == 1, 'Encoding decoding mismatch.'