def post(self, *args, **kwargs): ''' Submit cracked hashes get checked ''' # Get target display_name try: display_name = self.get_argument("display_name") except: self.render("hashes/error.html", operation = "Hash cracking", errors = "No user name") # Get preimage try: preimage = self.get_argument("preimage") except: self.render("hashes/error.html", errors = "No password", operation = "Hash cracking") user = User.by_user_name(self.session.data['user_name']) target = User.by_display_name(display_name) if target == None or user == None or target.has_permission("admin"): self.render("hashes/error.html", operation = "Hash cracking", errors = "That user does not exist") elif target in user.team.members: self.render("hashes/error.html", operation = "Hash cracking", errors = "You can't crack hashes from your own team") elif target.score <= 0: self.render("hashes/error.html", operation = "Hash cracking", errors = "Target user must have a score greater than zero") elif target.validate_password(preimage): self.notify(user, target) value = self.steal_points(user, target) self.add_to_wall(user, target, preimage, value) self.render("hashes/success.html", user = user, target = target ) else: self.render("hashes/error.html", operation = "Hash cracking", errors = "Wrong password, try again")
def get(self, *args, **kwargs): ''' Renders a user details div, requested via AJAX ''' try: display_name = self.get_argument("user_details") except: self.write("No Data") user = User.by_display_name(display_name) if user == None: self.write("No Data") else: self.render("hashes/user_details.html", user = user)
def get(self, *args, **kwargs): ''' Registers a reporting service on a remote box ''' box = Box.by_ip_address(self.request.remote_ip) if box != None: try: display_name = self.get_argument("handle") user = User.by_display_name(display_name) if user != None and not user.team.is_controlling(box): user.give_control(box) self.dbsession.add(user) self.dbsession.flush() self.notify(user, box) self.write(unicode(user.team.listen_port)) else: self.write("Invalid handle") except: self.write("Missing parameter") else: self.write("Invalid ip address") self.finish()