def querydb(request, session_id):
status, obj = get_session(session_id, http_response=True)
if not status:
return obj # HttpResponse containing error on fail
ret = {"flags": []}
if request.POST:
conn = sqlite3.connect(settings.CRAPDB_PATH)
cursor = conn.cursor()
d = request.POST.dict()
query = d.get("query", None)
if query is not None:
if not is_user_data_valid(query):
ret["error"] = "Too much data"
else:
try:
ret["flags"] = [x for x in cursor.execute(query)]
if not ret["flags"]:
ret["error"] = "No flags found in database"
except Exception as e:
ret["error"] = "'{}' - {}".format(query, str(e))
conn.close()
return HttpResponse(json.dumps(ret))
def querydb(request, session_id):
status, obj = get_session(session_id, http_response=True)
if not status:
return obj # HttpResponse containing error on fail
ret = {"flags": []}
if request.POST:
conn = sqlite3.connect(settings.CRAPDB_PATH)
cursor = conn.cursor()
d = request.POST.dict()
query = d.get("query", None)
if query is not None:
if not is_user_data_valid(query):
ret["error"] = "Too much data"
else:
try:
ret["flags"] = [x for x in cursor.execute(query)]
if not ret["flags"]:
ret["error"] = "No flags found in database"
except Exception as e:
ret["error"] = "'{}' - {}".format(query, str(e))
conn.close()
return HttpResponse(json.dumps(ret))
def checkflag(request, session_id):
status, obj = get_session(session_id, http_response=True)
if not status:
return obj # HttpResponse containing error on fail
session = obj # obj is session on success
ret = {"hacker_bucks": session.hacker_bucks}
if request.POST:
d = request.POST.dict()
flag = d.get("flag", None)
if flag is not None:
if not is_user_data_valid(flag, data_type=DataType.FLAG):
ret["error"] = "Too much data"
else:
# Set's the session's hacker_bucks and prevents
# getting points for the same flag more than once
try:
update_hacker_bucks_from_flag(session, flag)
ret["hacker_bucks"] = session.hacker_bucks
except FlagAlreadyClaimedError:
ret["error"] = "Already Claimed"
return HttpResponse(json.dumps(ret))
def checkflag(request, session_id):
status, obj = get_session(session_id, http_response=True)
if not status:
return obj # HttpResponse containing error on fail
session = obj # obj is session on success
ret = {"hacker_bucks": session.hacker_bucks}
if request.POST:
d = request.POST.dict()
flag = d.get("flag", None)
if flag is not None:
if not is_user_data_valid(flag, data_type=DataType.FLAG):
ret["error"] = "Too much data"
else:
# Set's the session's hacker_bucks and prevents
# getting points for the same flag more than once
try:
update_hacker_bucks_from_flag(session, flag)
ret["hacker_bucks"] = session.hacker_bucks
except FlagAlreadyClaimedError:
ret["error"] = "Already Claimed"
return HttpResponse(json.dumps(ret))
def paid_content_challenge_get_flag(request, session_id):
status, obj = get_session(session_id, http_response=True)
if not status:
return obj # HttpResponse containing error on fail
session = obj
ret = challenge_get_flag(session, "paid_content", answer=session)
return HttpResponse(json.dumps(ret))
def paid_content_challenge_get_flag(request, session_id):
status, obj = get_session(session_id, http_response=True)
if not status:
return obj # HttpResponse containing error on fail
session = obj
ret = challenge_get_flag(session, "paid_content", answer=session)
return HttpResponse(json.dumps(ret))
def main(request, session_id):
context = {
"no_user_login": FLAGS["no_user_login"][0],
"no_password_login": FLAGS["no_password_login"][0],
"valid_creds_login": FLAGS["valid_creds_login"][0],
"shortest_sqli": FLAGS["shortest_sqli"][0]
}
status, obj = get_session(session_id, error="Login failed. No session or session expired")
if not status:
return obj # On fail obj is a redirect
session = obj # On success obj is the session
context["session_id"] = session_id
context["session"] = session.to_json()
template = loader.get_template('crapdb/main.html')
return HttpResponse(template.render(context, request))
def main(request, session_id):
context = {
"no_user_login": FLAGS["no_user_login"][0],
"no_password_login": FLAGS["no_password_login"][0],
"valid_creds_login": FLAGS["valid_creds_login"][0],
"shortest_sqli": FLAGS["shortest_sqli"][0]
}
status, obj = get_session(
session_id, error="Login failed. No session or session expired")
if not status:
return obj # On fail obj is a redirect
session = obj # On success obj is the session
context["session_id"] = session_id
context["session"] = session.to_json()
template = loader.get_template('crapdb/main.html')
return HttpResponse(template.render(context, request))
def genetic_challenge_get(request, session_id):
status, obj = get_session(session_id, http_response=True)
if not status:
return obj # HttpResponse containing error on fail
session = obj
challenge = None
try:
challenge = challenge_get(session, "genetic")
except NotEnoughHackerBucksError as e:
return HttpResponse(json.dumps({"error": str(e)}))
except KeyError as e:
return HttpResponse(json.dumps({"error": str(e)}))
ret = {"hacker_bucks": session.hacker_bucks}
ret.update(challenge.to_json())
return HttpResponse(json.dumps(ret))
def genetic_challenge_get(request, session_id):
status, obj = get_session(session_id, http_response=True)
if not status:
return obj # HttpResponse containing error on fail
session = obj
challenge = None
try:
challenge = challenge_get(session, "genetic")
except NotEnoughHackerBucksError as e:
return HttpResponse(json.dumps({"error": str(e)}))
except KeyError as e:
return HttpResponse(json.dumps({"error": str(e)}))
ret = {
"hacker_bucks": session.hacker_bucks
}
ret.update(challenge.to_json())
return HttpResponse(json.dumps(ret))
def rot_challenge_get_flag(request, session_id):
status, obj = get_session(session_id, http_response=True)
if not status:
return obj # HttpResponse containing error on fail
session = obj
ret = {}
if request.POST:
d = request.POST.dict()
answer = d.get("answer", None)
if answer is not None:
if not is_user_data_valid(answer):
ret["error"] = "Too much data"
else:
ret = challenge_get_flag(session, "rot", answer=answer)
else:
ret = {"error": "No answer provided in POST request"}
return HttpResponse(json.dumps(ret))
def brutal_force_challenge_get_flag(request, session_id):
status, obj = get_session(session_id, http_response=True)
if not status:
return obj # HttpResponse containing error on fail
session = obj
ret = {}
if request.POST:
d = request.POST.dict()
pin = d.get("pin", None)
if pin is not None:
if not is_user_data_valid(pin, data_type=DataType.PIN):
ret["error"] = "The PIN should only be 4 digits"
else:
ret = challenge_get_flag(session, "brutal_force", answer=pin)
else:
ret["error"] = "No PIN provided in POST request"
return HttpResponse(json.dumps(ret))
def genetic_challenge_get_flag(request, session_id):
status, obj = get_session(session_id, http_response=True)
if not status:
return obj # HttpResponse containing error on fail
session = obj
ret = {}
if request.POST:
d = request.POST.dict()
answer = d.get("answer", None)
if answer is not None:
if not is_user_data_valid(answer, data_type=DataType.USER_SPECIFIED_EXACT_LENGTH, length=7):
ret["error"] = "Password must be 7 characters"
else:
ret = challenge_get_flag(session, "genetic", answer=answer)
else:
ret = {"error": "No answer provided in POST request"}
return HttpResponse(json.dumps(ret))
def rot_challenge_get_flag(request, session_id):
status, obj = get_session(session_id, http_response=True)
if not status:
return obj # HttpResponse containing error on fail
session = obj
ret = {}
if request.POST:
d = request.POST.dict()
answer = d.get("answer", None)
if answer is not None:
if not is_user_data_valid(answer):
ret["error"] = "Too much data"
else:
ret = challenge_get_flag(session, "rot", answer=answer)
else:
ret = {"error": "No answer provided in POST request"}
return HttpResponse(json.dumps(ret))
def brutal_force_challenge_get_flag(request, session_id):
status, obj = get_session(session_id, http_response=True)
if not status:
return obj # HttpResponse containing error on fail
session = obj
ret = {}
if request.POST:
d = request.POST.dict()
pin = d.get("pin", None)
if pin is not None:
if not is_user_data_valid(pin, data_type=DataType.PIN):
ret["error"] = "The PIN should only be 4 digits"
else:
ret = challenge_get_flag(session, "brutal_force", answer=pin)
else:
ret["error"] = "No PIN provided in POST request"
return HttpResponse(json.dumps(ret))
def genetic_challenge_get_flag(request, session_id):
status, obj = get_session(session_id, http_response=True)
if not status:
return obj # HttpResponse containing error on fail
session = obj
ret = {}
if request.POST:
d = request.POST.dict()
answer = d.get("answer", None)
if answer is not None:
if not is_user_data_valid(
answer,
data_type=DataType.USER_SPECIFIED_EXACT_LENGTH,
length=7):
ret["error"] = "Password must be 7 characters"
else:
ret = challenge_get_flag(session, "genetic", answer=answer)
else:
ret = {"error": "No answer provided in POST request"}
return HttpResponse(json.dumps(ret))
def super_admin_challenge_get_flag(request, session_id):
status, obj = get_session(session_id, http_response=True)
if not status:
return obj # HttpResponse containing error on fail
session = obj
return HttpResponse(json.dumps(challenge_get_flag(session, "super_admin")))
def super_admin_challenge_get_flag(request, session_id):
status, obj = get_session(session_id, http_response=True)
if not status:
return obj # HttpResponse containing error on fail
session = obj
return HttpResponse(json.dumps(challenge_get_flag(session, "super_admin")))