def login(request):
context = {
"index_page_source": FLAGS["index_page_source"][0],
"index_console_output": FLAGS["index_console_output"][0]
}
unauth_session = get_unauth_session(request)
if request.POST:
d = request.POST.dict()
username = d.get("username", None)
password = d.get("password", None)
if username is not None and password is not None:
if not is_user_data_valid(username) or not is_user_data_valid(password):
context["error"] = "Too much data"
else:
try:
session = AuthenticatedSession.validate(request, username, password)
if session is not None:
# Update the new session with the current hacker bucks and flags
session.from_other_session(unauth_session)
return redirect("crapdb:main", session_id=session.oid)
else:
context["error"] = "Username/Password combination does not exist"
except LoginSqlInjectionError as e:
context["error"] = str(e)
context["unauth_session"] = unauth_session.to_json()
template = loader.get_template("crapdb/index.html")
return HttpResponse(template.render(context, request))
def load(request):
ret = {}
if request.POST:
d = request.POST.dict()
name = d.get("name", None)
secret_key = d.get("secret_key", None)
if name and secret_key:
if not is_user_data_valid(name, data_type=DataType.SHORT_NAME):
ret["error"] = "Too much data"
elif not is_user_data_valid(secret_key, data_type=DataType.PASSWORD):
ret["error"] = "Too much data"
else:
name = name.strip().lower() # Normalize the name
session = get_unauth_session(request)
secret_key = hashlib.sha512(secret_key.encode('utf-8')).hexdigest()
leader = get_leader(name, secret_key)
if leader:
session.lifetime_hacker_bucks = leader.lifetime_hacker_bucks
session.claimed_flags = json.loads(leader.claimed_flags)
session.hacker_bucks = leader.hacker_bucks
session.creation_time = leader.session_creation_time
leader_purchased_challenges = json.loads(leader.purchased_challenges)
for challenge_id in leader_purchased_challenges:
challenge = session.get_challenge(challenge_id)
if challenge:
challenge.purchased = True
else:
ret["error"] = "Cannot find leader with the provided name/secret_key combination"
else:
ret["error"] = "Invalid POST request. Missing cirtical information"
return HttpResponse(json.dumps(ret))
def searchcrap(request):
context = {
"unauth_session": get_unauth_session(request).to_json(),
"forgetful_page_source": FLAGS["forgetful_page_source"][0],
"valid_sec_answer": FLAGS["valid_sec_answer"][0]
}
if request.POST:
conn = sqlite3.connect(settings.CRAPDB_PATH)
cursor = conn.cursor()
d = request.POST.dict()
username = d.get("username", None)
if username is not None:
if not is_user_data_valid(username):
context["error"] = "Too much data"
else:
query = "SELECT username, paid, question FROM users WHERE username='******' COLLATE NOCASE"
try:
context["result"] = [x for x in cursor.execute(query)]
if not context["result"]:
context["error"] = "User not found in database"
except Exception as e:
context["error"] = "'{}' - {}".format(query, str(e))
# Close the sqlite connection
conn.close()
template = loader.get_template("crapdb/forgetful.html")
return HttpResponse(template.render(context, request))
def searchcrap(request):
context = {
"unauth_session": get_unauth_session(request).to_json(),
"forgetful_page_source": FLAGS["forgetful_page_source"][0],
"valid_sec_answer": FLAGS["valid_sec_answer"][0]
}
if request.POST:
conn = sqlite3.connect(settings.CRAPDB_PATH)
cursor = conn.cursor()
d = request.POST.dict()
username = d.get("username", None)
if username is not None:
if not is_user_data_valid(username):
context["error"] = "Too much data"
else:
query = "SELECT username, paid, question FROM users WHERE username='******' COLLATE NOCASE"
try:
context["result"] = [x for x in cursor.execute(query)]
if not context["result"]:
context["error"] = "User not found in database"
except Exception as e:
context["error"] = "'{}' - {}".format(query, str(e))
# Close the sqlite connection
conn.close()
template = loader.get_template("crapdb/forgetful.html")
return HttpResponse(template.render(context, request))
def login(request):
context = {
"index_page_source": FLAGS["index_page_source"][0],
"index_console_output": FLAGS["index_console_output"][0]
}
unauth_session = get_unauth_session(request)
if request.POST:
d = request.POST.dict()
username = d.get("username", None)
password = d.get("password", None)
if username is not None and password is not None:
if not is_user_data_valid(username) or not is_user_data_valid(
password):
context["error"] = "Too much data"
else:
try:
session = AuthenticatedSession.validate(
request, username, password)
if session is not None:
# Update the new session with the current hacker bucks and flags
session.from_other_session(unauth_session)
return redirect("crapdb:main", session_id=session.oid)
else:
context[
"error"] = "Username/Password combination does not exist"
except LoginSqlInjectionError as e:
context["error"] = str(e)
context["unauth_session"] = unauth_session.to_json()
template = loader.get_template("crapdb/index.html")
return HttpResponse(template.render(context, request))
def forgetful(request):
context = {
"unauth_session": get_unauth_session(request).to_json(),
"forgetful_page_source": FLAGS["forgetful_page_source"][0],
"valid_sec_answer": FLAGS["valid_sec_answer"][0]
}
template = loader.get_template('crapdb/forgetful.html')
return HttpResponse(template.render(context, request))
def index(request):
context = {
"unauth_session": get_unauth_session(request).to_json(),
"leaderboard": get_leaderboard(),
"num_flags": len(FLAGS)
}
template = loader.get_template('leaderboard/index.html')
return HttpResponse(template.render(context, request))
def forgetful(request):
context = {
"unauth_session": get_unauth_session(request).to_json(),
"forgetful_page_source": FLAGS["forgetful_page_source"][0],
"valid_sec_answer": FLAGS["valid_sec_answer"][0]
}
template = loader.get_template('crapdb/forgetful.html')
return HttpResponse(template.render(context, request))
def index(request):
context = {
"unauth_session": get_unauth_session(request).to_json(),
"leaderboard": get_leaderboard(),
"num_flags": len(FLAGS)
}
template = loader.get_template('leaderboard/index.html')
return HttpResponse(template.render(context, request))
def getpassword(request):
context = {
"unauth_session": get_unauth_session(request).to_json(),
"forgetful_page_source": FLAGS["forgetful_page_source"][0],
"valid_sec_answer": FLAGS["valid_sec_answer"][0]
}
if request.POST:
conn = sqlite3.connect(settings.CRAPDB_PATH)
cursor = conn.cursor()
d = request.POST.dict()
username = d.get("username", None)
answer = d.get("answer", None)
if username is None or answer is None:
context["error"] = "You must provide an answer"
elif not is_user_data_valid(username) or not is_user_data_valid(
answer):
context["error"] = "Too much data"
else:
# Query that will filter out SQLi
# because the user values are passed to execure as parameters
no_sqli_query = ' '.join(
("SELECT password FROM users",
"WHERE username=? COLLATE NOCASE", "AND answer=?"))
# This query is suceptible to SQLi b/c user values are concatenated
# to the string
query = ' '.join(
("SELECT password FROM users",
"WHERE username='******' COLLATE NOCASE",
"AND answer='" + answer + "'"))
context["actually_valid"] = False
try:
res = [
x
for x in cursor.execute(no_sqli_query, (username, answer))
]
if res:
# They got it right with no SQLi
context["actually_valid"] = True
context["password"] = [x for x in cursor.execute(query)]
if not context["password"]:
context["error"] = "Wrong answer"
except Exception as e:
context["error"] = "'{}' - {}".format(query, str(e))
conn.close()
template = loader.get_template("crapdb/forgetful.html")
return HttpResponse(template.render(context, request))
def logout(request, session_id):
unauth_session = get_unauth_session(request)
try:
# Update the unauth session with the hacker bucks and flags
session = Session.get_session(session_id)
unauth_session.from_other_session(session)
except KeyError:
pass
AuthenticatedSession.logout(session_id)
return redirect("crapdb:index")
def logout(request, session_id):
unauth_session = get_unauth_session(request)
try:
# Update the unauth session with the hacker bucks and flags
session = Session.get_session(session_id)
unauth_session.from_other_session(session)
except KeyError:
pass
AuthenticatedSession.logout(session_id)
return redirect("crapdb:index")
def getpassword(request):
context = {
"unauth_session": get_unauth_session(request).to_json(),
"forgetful_page_source": FLAGS["forgetful_page_source"][0],
"valid_sec_answer": FLAGS["valid_sec_answer"][0]
}
if request.POST:
conn = sqlite3.connect(settings.CRAPDB_PATH)
cursor = conn.cursor()
d = request.POST.dict()
username = d.get("username", None)
answer = d.get("answer", None)
if username is None or answer is None:
context["error"] = "You must provide an answer"
elif not is_user_data_valid(username) or not is_user_data_valid(answer):
context["error"] = "Too much data"
else:
# Query that will filter out SQLi
# because the user values are passed to execure as parameters
no_sqli_query = ' '.join((
"SELECT password FROM users",
"WHERE username=? COLLATE NOCASE",
"AND answer=?"
))
# This query is suceptible to SQLi b/c user values are concatenated
# to the string
query = ' '.join((
"SELECT password FROM users",
"WHERE username='******' COLLATE NOCASE",
"AND answer='" + answer + "'"
))
context["actually_valid"] = False
try:
res = [x for x in cursor.execute(no_sqli_query, (username, answer))]
if res:
# They got it right with no SQLi
context["actually_valid"] = True
context["password"] = [x for x in cursor.execute(query)]
if not context["password"]:
context["error"] = "Wrong answer"
except Exception as e:
context["error"] = "'{}' - {}".format(query, str(e))
conn.close()
template = loader.get_template("crapdb/forgetful.html")
return HttpResponse(template.render(context, request))
def sync_session(request, session_id):
ret = {}
unauth_session = get_unauth_session(request)
try:
# Update the unauth session with the hacker bucks and flags
session = Session.get_session(session_id)
unauth_session.from_other_session(session)
except KeyError:
pass
ret = {"hacker_bucks": unauth_session.hacker_bucks}
return HttpResponse(json.dumps(ret))
def sync_session(request, session_id):
ret = {}
unauth_session = get_unauth_session(request)
try:
# Update the unauth session with the hacker bucks and flags
session = Session.get_session(session_id)
unauth_session.from_other_session(session)
except KeyError:
pass
ret = {"hacker_bucks": unauth_session.hacker_bucks}
return HttpResponse(json.dumps(ret))
def index(request):
context = {
"unauth_session": get_unauth_session(request).to_json(),
"index_page_source": FLAGS["index_page_source"][0],
"index_console_output": FLAGS["index_console_output"][0]
}
if request.GET:
d = request.GET.dict()
error = d.get("error", None)
if not is_user_data_valid(error):
context["error"] = "Too much data"
else:
context["error"] = error
template = loader.get_template('crapdb/index.html')
return HttpResponse(template.render(context, request))
def index(request):
context = {
"unauth_session": get_unauth_session(request).to_json(),
"index_page_source": FLAGS["index_page_source"][0],
"index_console_output": FLAGS["index_console_output"][0]
}
if request.GET:
d = request.GET.dict()
error = d.get("error", None)
if not is_user_data_valid(error):
context["error"] = "Too much data"
else:
context["error"] = error
template = loader.get_template('crapdb/index.html')
return HttpResponse(template.render(context, request))
def load(request):
ret = {}
if request.POST:
d = request.POST.dict()
name = d.get("name", None)
secret_key = d.get("secret_key", None)
if name and secret_key:
if not is_user_data_valid(name, data_type=DataType.SHORT_NAME):
ret["error"] = "Too much data"
elif not is_user_data_valid(secret_key,
data_type=DataType.PASSWORD):
ret["error"] = "Too much data"
else:
name = name.strip().lower() # Normalize the name
session = get_unauth_session(request)
secret_key = hashlib.sha512(
secret_key.encode('utf-8')).hexdigest()
leader = get_leader(name, secret_key)
if leader:
session.lifetime_hacker_bucks = leader.lifetime_hacker_bucks
session.claimed_flags = json.loads(leader.claimed_flags)
session.hacker_bucks = leader.hacker_bucks
session.creation_time = leader.session_creation_time
leader_purchased_challenges = json.loads(
leader.purchased_challenges)
for challenge_id in leader_purchased_challenges:
challenge = session.get_challenge(challenge_id)
if challenge:
challenge.purchased = True
else:
ret["error"] = "Cannot find leader with the provided name/secret_key combination"
else:
ret["error"] = "Invalid POST request. Missing cirtical information"
return HttpResponse(json.dumps(ret))
def about(request):
context = {"unauth_session": get_unauth_session(request).to_json()}
template = loader.get_template('crapdb/about.html')
return HttpResponse(template.render(context, request))
def submit(request):
ret = {}
has_html = False
if request.POST:
d = request.POST.dict()
name = d.get("name", None)
secret_key = d.get("secret_key", None)
if name and is_user_data_valid(name):
parser = HTMLParser()
parser.feed(name)
parser.close()
if parser.get_starttag_text():
ret["flag"] = FLAGS["scoreboard_hacking"][0]
has_html = True
if name and secret_key and not has_html:
if not is_user_data_valid(name, data_type=DataType.SHORT_NAME):
ret["error"] = "Too much data"
elif not is_user_data_valid(secret_key, data_type=DataType.PASSWORD):
ret["error"] = "Too much data"
elif get_leader(name.strip().lower()):
# If they also proved the correct secret key, update that entry in the database
secret_key = hashlib.sha512(secret_key.encode('utf-8')).hexdigest()
leader = get_leader(name.strip().lower(), secret_key)
if leader:
session = get_unauth_session(request)
if not session.lifetime_hacker_bucks:
ret["error"] = "What makes you think you belong on the leaderboard?"
else:
# Update the leader with the new info
# Create a set of claimed flags and combine the loaded leader with the current session
leader_claimed_flags = json.loads(leader.claimed_flags)
claimed_flags = list(set(leader_claimed_flags + session.claimed_flags))
leader.lifetime_hacker_bucks = calc_lifetime_hacker_bucks_from_claimed_flags(claimed_flags)
leader.num_flags_found = len(claimed_flags)
leader.claimed_flags = json.dumps(claimed_flags)
# This will overwrite their hacker bucks. Only an issue if they didn't load first
leader.hacker_bucks = session.hacker_bucks
leader.remote_ip = session.remote_ip
leader.percent_complete = int((leader.num_flags_found) / len(FLAGS) * 100)
leader.playtime = str(timezone.now() - leader.session_creation_time)
leader_purchased_challenges = json.loads(leader.purchased_challenges)
for challenge_id, challenge in session.challenges.items():
if challenge.purchased:
leader_purchased_challenges.append(challenge_id)
leader_purchased_challenges = list(set(leader_purchased_challenges))
leader.purchased_challenges = json.dumps(leader_purchased_challenges)
# Update the changes
leader.save()
else:
ret["error"] = "Already a leader with that name. To update, provide the correct password."
else:
name = name.strip()
session = get_unauth_session(request)
if not session.lifetime_hacker_bucks:
ret["error"] = "What makes you think you belong on the leaderboard?"
else:
leader = LeaderboardEntry()
leader.lifetime_hacker_bucks = session.lifetime_hacker_bucks
leader.num_flags_found = len(session.claimed_flags)
leader.claimed_flags = json.dumps(session.claimed_flags)
leader.hacker_bucks = session.hacker_bucks
leader.percent_complete = int((leader.num_flags_found / len(FLAGS)) * 100)
leader.name = name.lower()
leader.display_name = name
leader.remote_ip = session.remote_ip
leader.session_creation_time = session.creation_time
leader.secret_key = hashlib.sha512(secret_key.encode('utf-8')).hexdigest()
leader.playtime = str(timezone.now() - session.creation_time)
# Get the list of purchased challenge IDs
purchased_challenges = []
for challenge_id, challenge in session.challenges.items():
if challenge.purchased:
purchased_challenges.append(challenge_id)
leader.purchased_challenges = json.dumps(purchased_challenges)
leader.save()
elif not has_html:
ret["error"] = "No name/secret key provided for leaderboard entry"
return HttpResponse(json.dumps(ret))
def submit(request):
ret = {}
has_html = False
if request.POST:
d = request.POST.dict()
name = d.get("name", None)
secret_key = d.get("secret_key", None)
if name and is_user_data_valid(name):
parser = HTMLParser()
parser.feed(name)
parser.close()
if parser.get_starttag_text():
ret["flag"] = FLAGS["scoreboard_hacking"][0]
has_html = True
if name and secret_key and not has_html:
if not is_user_data_valid(name, data_type=DataType.SHORT_NAME):
ret["error"] = "Too much data"
elif not is_user_data_valid(secret_key,
data_type=DataType.PASSWORD):
ret["error"] = "Too much data"
elif get_leader(name.strip().lower()):
# If they also proved the correct secret key, update that entry in the database
secret_key = hashlib.sha512(
secret_key.encode('utf-8')).hexdigest()
leader = get_leader(name.strip().lower(), secret_key)
if leader:
session = get_unauth_session(request)
if not session.lifetime_hacker_bucks:
ret["error"] = "What makes you think you belong on the leaderboard?"
else:
# Update the leader with the new info
# Create a set of claimed flags and combine the loaded leader with the current session
leader_claimed_flags = json.loads(leader.claimed_flags)
claimed_flags = list(
set(leader_claimed_flags + session.claimed_flags))
leader.lifetime_hacker_bucks = calc_lifetime_hacker_bucks_from_claimed_flags(
claimed_flags)
leader.num_flags_found = len(claimed_flags)
leader.claimed_flags = json.dumps(claimed_flags)
# This will overwrite their hacker bucks. Only an issue if they didn't load first
leader.hacker_bucks = session.hacker_bucks
leader.remote_ip = session.remote_ip
leader.percent_complete = int(
(leader.num_flags_found) / len(FLAGS) * 100)
leader.playtime = str(timezone.now() -
leader.session_creation_time)
leader_purchased_challenges = json.loads(
leader.purchased_challenges)
for challenge_id, challenge in session.challenges.items(
):
if challenge.purchased:
leader_purchased_challenges.append(
challenge_id)
leader_purchased_challenges = list(
set(leader_purchased_challenges))
leader.purchased_challenges = json.dumps(
leader_purchased_challenges)
# Update the changes
leader.save()
else:
ret["error"] = "Already a leader with that name. To update, provide the correct password."
else:
name = name.strip()
session = get_unauth_session(request)
if not session.lifetime_hacker_bucks:
ret["error"] = "What makes you think you belong on the leaderboard?"
else:
leader = LeaderboardEntry()
leader.lifetime_hacker_bucks = session.lifetime_hacker_bucks
leader.num_flags_found = len(session.claimed_flags)
leader.claimed_flags = json.dumps(session.claimed_flags)
leader.hacker_bucks = session.hacker_bucks
leader.percent_complete = int(
(leader.num_flags_found / len(FLAGS)) * 100)
leader.name = name.lower()
leader.display_name = name
leader.remote_ip = session.remote_ip
leader.session_creation_time = session.creation_time
leader.secret_key = hashlib.sha512(
secret_key.encode('utf-8')).hexdigest()
leader.playtime = str(timezone.now() -
session.creation_time)
# Get the list of purchased challenge IDs
purchased_challenges = []
for challenge_id, challenge in session.challenges.items():
if challenge.purchased:
purchased_challenges.append(challenge_id)
leader.purchased_challenges = json.dumps(
purchased_challenges)
leader.save()
elif not has_html:
ret["error"] = "No name/secret key provided for leaderboard entry"
return HttpResponse(json.dumps(ret))
def about(request):
context = {"unauth_session": get_unauth_session(request).to_json()}
template = loader.get_template('crapdb/about.html')
return HttpResponse(template.render(context, request))