Ejemplo n.º 1
0
    def get_context_data(self, **kwargs):
        # Only unlock the next page once they have entered the correct password.
        key = PasswordsModule.scope("verification_password")
        if self.request.session.get(key, "") == ALICE_PASSWORD:
            context = super().get_context_data(**kwargs)
        else:
            page_index = self.kwargs["page_index"]
            context = super().get_context_data(disabled_pages=[page_index + 1],
                                               **kwargs)

        key = PasswordsModule.scope("verification_password")
        input_password = self.request.session.get(key, "")
        input_hash = hashlib.md5(input_password.encode()).hexdigest()
        key = PasswordsModule.scope("verification_email")
        input_email = self.request.session.get(key, "")

        context["actual_password"] = ALICE_PASSWORD
        context["actual_email"] = ALICE_USERNAME
        context["input_email"] = input_email
        context["input_password"] = input_password

        context["password_db"] = PASSWORD_DB
        logged_in = False
        if input_email in PASSWORD_DB_USERS:
            idx = PASSWORD_DB_USERS.index(input_email)
            logged_in = PASSWORD_DB[idx][2] == input_hash
        context["logged_in"] = logged_in

        return context
Ejemplo n.º 2
0
    def get_context_data(self, **kwargs):
        context = super().get_context_data(**kwargs)

        key = PasswordsModule.scope("salt_details_password")
        input_password = self.request.session.get(key, "")
        key = PasswordsModule.scope("salt_details_user")
        input_user = self.request.session.get(key, "")

        input_hash = ""
        logged_in = False
        if input_user in PASSWORD_DB_USERS:
            idx = PASSWORD_DB_USERS.index(input_user)
            salt = PASSWORD_DB[idx][3]
            input_hash = hashlib.md5((salt + input_password).encode()).hexdigest()
            logged_in = PASSWORD_DB[idx][4] == input_hash

        context["input_user"] = input_user
        context["input_password"] = input_password
        context["input_hash"] = input_hash

        context["password_db"] = PASSWORD_DB
        context["password_db_users"] = PASSWORD_DB_USERS
        context["logged_in"] = logged_in

        return context
Ejemplo n.º 3
0
    def get_context_data(self, **kwargs):
        context = super().get_context_data(**kwargs)

        key = PasswordsModule.scope("details_password")
        input_password = self.request.session.get(key, "")
        key = PasswordsModule.scope("details_user")
        input_user = self.request.session.get(key, "")

        input_hash = hashlib.md5(input_password.encode()).hexdigest()

        context["actual_user"] = ALICE_USERNAME
        context["actual_password"] = ALICE_PASSWORD
        context["actual_hash"] = ALICE_HASH

        context["input_user"] = input_user
        context["input_password"] = input_password
        context["input_hash"] = input_hash

        context["password_db"] = PASSWORD_DB
        logged_in = False
        if input_user in PASSWORD_DB_USERS:
            idx = PASSWORD_DB_USERS.index(input_user)
            logged_in = PASSWORD_DB[idx][2] == input_hash
        context["logged_in"] = logged_in

        return context
Ejemplo n.º 4
0
    def form_valid(self, form):
        self.request.session[PasswordsModule.scope("cracking_user")] = form.cleaned_data["choices"]
        self.request.session[PasswordsModule.scope("cracking_attempts")] = (
            self.request.session.get(PasswordsModule.scope("cracking_attempts"), 0) + 1
        )
        if "crack_guess_alpha" in self.request.POST:
            self.request.session[PasswordsModule.scope("cracking_method")] = "crack_guess_alpha"
        else:
            self.request.session[PasswordsModule.scope("cracking_method")] = "crack_guess_common"

        return super().form_valid(form)
Ejemplo n.º 5
0
    def form_valid(self, form):
        salt_rows_key = PasswordsModule.scope("salted_rows")
        password = form.cleaned_data.get("password", "")
        salt = form.cleaned_data.get("salt", "")

        row = (
            salt,
            password,
            hashlib.md5((salt + password).encode()).hexdigest(),
            hashlib.md5(password.encode()).hexdigest(),
        )

        if salt_rows_key not in self.request.session:
            self.request.session[salt_rows_key] = [row]
        else:
            # Avoid adding duplicate rows to the session. This can happen when a user types in a
            # bunch of duplicates, *and* when the page is refreshed due to form resubmission.
            unique_rows = {tuple(r) for r in self.request.session.get(salt_rows_key, [])}
            unique_rows.add(row)
            unique_rows = list(unique_rows)
            unique_rows.sort(key=operator.itemgetter(1))
            # TODO: Figure out if the same password is entered multiple times to highlight it in the table?
            self.request.session[salt_rows_key] = unique_rows

        return super().form_valid(form)
Ejemplo n.º 6
0
    def get_context_data(self, **kwargs):
        context = super().get_context_data(**kwargs)

        context["password_db"] = INSECURE_DB
        context["cracking_attempts"] = self.request.session.get(
            PasswordsModule.scope("cracking_attempts"), 0
        )

        cracked = False
        method = self.request.session.get(PasswordsModule.scope("cracking_method"), "")
        context["cracking_method"] = method
        user = self.request.session.get(PasswordsModule.scope("cracking_user"), "")
        context["cracking_user"] = user

        salt = ""
        actual_hash = ""
        idx = None
        if user == DEE_USERNAME:
            idx = 0
        elif user == DUM_USERNAME:
            idx = 1

        if idx is not None:
            salt = INSECURE_DB[idx][3]
            actual_hash = INSECURE_DB[idx][4]

        context["salt"] = salt
        context["actual_hash"] = actual_hash

        attempts = []
        if method == "crack_guess_alpha":
            for word in DICT_WORDS[:15]:
                _hash = hashlib.md5((salt + word).encode()).hexdigest()
                if _hash == actual_hash:
                    cracked = True
                attempts.append((word, _hash))
        else:
            for word in COMMON_PASSWORDS[:15]:
                _hash = hashlib.md5((salt + word).encode()).hexdigest()
                if _hash == actual_hash:
                    cracked = True
                attempts.append((word, _hash))

        context["attempted_words"] = attempts
        context["cracked"] = cracked

        return context
Ejemplo n.º 7
0
    def get_context_data(self, disabled_pages=[], **kwargs):
        page_index = self.kwargs["page_index"]
        page_count = self.kwargs["page_count"]

        key = PasswordsModule.scope("progress")
        if key not in self.request.session:
            self.request.session[key] = page_index
        self.request.session[key] = max(self.request.session[key], page_index)

        disabled_pages = disabled_pages + list(
            range(self.request.session[key] + 2, page_count))
        return super().get_context_data(disabled_pages=disabled_pages,
                                        **kwargs)
Ejemplo n.º 8
0
    def get_context_data(self, **kwargs):
        salt_rows_key = PasswordsModule.scope("salted_rows")

        if len(self.request.session.get(salt_rows_key, [])) < 3:
            page_index = self.kwargs["page_index"]
            context = super().get_context_data(disabled_pages=[page_index + 1], **kwargs)
        else:
            context = super().get_context_data(**kwargs)

        context["num_hashed"] = len(self.request.session.get(salt_rows_key, []))
        context["salt_rows"] = self.request.session.get(salt_rows_key, [])

        return context
Ejemplo n.º 9
0
 def get_success_url(self):
     return reverse(
         PasswordsModule.scope("verification-details")) + "#login"
Ejemplo n.º 10
0
 def form_valid(self, form):
     self.request.session[PasswordsModule.scope(
         "verification_email")] = form.cleaned_data["email"]
     self.request.session[PasswordsModule.scope(
         "verification_password")] = form.cleaned_data["password"]
     return super().form_valid(form)
Ejemplo n.º 11
0
 def get_success_url(self):
     return reverse(PasswordsModule.scope("strength")) + "#entropy-calculator"
Ejemplo n.º 12
0
 def get_success_url(self):
     return reverse(PasswordsModule.scope("salt-motivation-2"))
Ejemplo n.º 13
0
 def get_success_url(self):
     return reverse(PasswordsModule.scope("salt-motivation-1")) + "#rainbow-table"
Ejemplo n.º 14
0
 def get_success_url(self):
     return reverse(PasswordsModule.scope("salt-details"))
Ejemplo n.º 15
0
 def form_valid(self, form):
     self.request.session[PasswordsModule.scope(
         "details_user")] = form.cleaned_data["email"]
     self.request.session[PasswordsModule.scope(
         "details_password")] = form.cleaned_data["password"]
     return super().form_valid(form)
Ejemplo n.º 16
0
 def get_success_url(self):
     return reverse(PasswordsModule.scope("salt")) + "#hash-generator"
Ejemplo n.º 17
0
 def get_success_url(self):
     return reverse(PasswordsModule.scope("cracking")) + "#guess-password"