def edit_ipv6(self):
''' Add ipv6 addresses to a box (sorta edits the box object) '''
form = Form(box_uuid="Select a box", ipv6="Please provide a list of IPv6 addresses")
if form.validate(self.request.arguments):
errors = []
box = Box.by_uuid(self.get_argument('box_uuid'))
if box is not None:
ips_string = self.get_argument('ipv6').replace('\n', ',').lower()
ips = filter(lambda char: char in "1234567890abcdef:,", ips_string).split(",")
for ip in filter(lambda ip: 0 < len(ip), ips):
try:
box = Box.by_ip_address(ip)
if box is None:
addr = IpAddress(box_id=box.id, v6=ip)
dbsession.add(addr)
else:
errors.append(
"%s has already been assigned to %s." % (ip, box.name,)
)
except ValueError:
errors.append(
"'%s' is not a valid IPv6 address" % str(ip[:39])
)
dbsession.flush()
else:
errors.append("Box does not exist")
self.render("admin/view/game_objects.html", errors=errors)
else:
self.render("admin/view/game_objects.html", errors=form.errors)
def post(self, *args, **kwargs):
''' Attempts to create an account '''
form = Form(
username="******",
pass1="Please enter a password",
pass2="Please confirm your password",
recaptcha_challenge_field="Invalid captcha",
recaptcha_response_field="Invalid captcha",
)
if not form.validate(self.request.arguments):
self.render("public/registration.html", errors=form.errors)
elif self.check_recaptcha():
user_name = self.get_argument('username')
if User.by_user_name(user_name) != None:
self.render('public/registration.html',
errors=['Account name already taken'])
elif len(user_name) < 3 or 15 < len(user_name):
self.render('public/registration.html',
errors=['Username must be 3-15 characters'])
elif not self.get_argument('pass1') == self.get_argument('pass2'):
self.render('public/registration.html',
errors=['Passwords do not match'])
elif not (12 <= len(self.get_argument('pass1')) <= 100):
self.render('public/registration.html',
errors=['Password must be 12-100 characters'])
else:
user = self.create_user(user_name, self.get_argument('pass1'))
self.render("public/account_created.html",
user_name=user.user_name)
else:
self.render("public/registration.html", errors=['Invalid captcha'])
def post(self, *args, **kwargs):
''' Attempt to log into an account '''
form = Form(
username="******",
password="******",
)
if form.validate(self.request.arguments):
user = User.by_name(self.get_argument('username'))
if user is not None:
if user.validate_password(self.get_argument('password')):
if user.confirmed:
self.successful_login(user)
if user.has_permission('administrator'):
self.redirect('/admin')
else:
self.redirect('/user')
else:
self.render(
'public/login.html',
errors=[
"You must confirm your email address before you can login"
])
else:
self.render('public/login.html',
errors=["Invalid password"])
else:
self.render('public/login.html', errors=["Invalid username"])
else:
self.render('public/login.html', errors=form.errors)
def post(self, *args, **kwargs):
''' Attempt to upgrade hash algo '''
form = Form(
old_password="******",
new_password1="Enter a new password",
new_password2="Confirm your new password",
)
if form.validate(self.request.arguments):
user = self.get_current_user()
passwd = self.get_argument('new_password1')
old_passwd = self.get_argument('old_password')
if not user.validate_password(old_passwd):
self.render_page(["Invalid password"])
elif not passwd == self.get_argument('new_password2'):
self.render_page(["New passwords do not match"])
elif user.team.money < self.config.password_upgrade:
self.render_page(["You cannot afford to upgrade your hash"])
elif len(passwd) <= self.config.max_password_length:
user.team.money -= self.config.password_upgrade
dbsession.add(user.team)
dbsession.flush()
self.update_password(passwd)
self.render_page()
else:
self.render_page(["New password is too long"])
else:
self.render_page(form.errors)
def edit_users(self):
''' Update user objects in the database '''
form = Form(
uuid="User not selected",
account="Please enter an account name",
handle="Please enter a handle name",
hash_algorithm="Please select a hash algorithm",
team_uuid="Please select a team",
)
if form.validate(self.request.arguments):
errors = []
user = User.by_uuid(self.get_argument('uuid'))
if user is not None:
# Update user account name
if user.account != self.get_argument('account'):
if User.by_account(self.get_argument('account')) is None:
logging.info("Updated user account %s -> %s" %
(user.account, self.get_argument('account'),))
user.account = unicode(self.get_argument('account'))
else:
errors.append("Account name is already in use")
# Update user handle
if user.handle != self.get_argument('handle'):
if User.by_handle(self.get_argument('handle')) is None:
logging.info("Updated user handle %s -> %s" %
(user.handle, self.get_argument('handle'),))
user.handle = unicode(self.get_argument('handle'))
else:
errors.append("Handle is already in use")
# Update hashing algoritm
if self.get_argument('hash_algorithm') in user.algorithms:
if user.algorithm != self.get_argument('hash_algorithm'):
if 0 < len(self.get_argument('password', '')):
logging.info("Updated %s's hashing algorithm %s -> %s" %
(user.handle, user.algorithm, self.get_argument('hash_algorithm'),)
)
user.algorithm = self.get_argument('hash_algorithm')
else:
errors.append("You must provide a password when updating the hashing algorithm")
else:
errors.append("Not a valid hash algorithm")
# Update password
if 0 < len(self.get_argument('password', '')):
user.password = self.get_argument('password')
# Update team
team = Team.by_uuid(self.get_argument('team_uuid'))
if team is not None:
if user.team_id != team.id:
logging.info("Updated %s's team %s -> %s" %
(user.handle, user.team_id, team.name))
user.team_id = team.id
else:
errors.append("Team does not exist in database")
dbsession.add(user)
dbsession.flush()
else:
errors.append("User does not exist")
self.render("admin/view/user_objects.html", errors=errors)
else:
self.render("admin/view/user_objects.html", errors=form.errors)
def add_source_code(self):
form = Form(
box_uuid="Please select a box",
price="Please input a price for the source code",
description="Please enter a description",
)
if form.validate(self.request.arguments):
box = Box.by_uuid(self.get_argument('box_uuid'))
if box is not None:
if not 'source_archive' in self.request.files and 0 < len(
self.request.files['source_archive']):
self.render('admin/upgrades/source_code_market.html',
errors=["No file data"])
else:
try:
price = abs(int(self.get_argument('price', 'NaN')))
self.create_source_code(box, price)
self.render('admin/upgrades/source_code_market.html',
errors=None)
except ValueError:
self.render('admin/upgrades/source_code_market.html',
errors=["Price must be an integer"])
else:
self.render('admin/upgrades/source_code_market.html',
errors=["The selected box does not exist"])
else:
self.render('admin/upgrades/source_code_market.html',
errors=form.errors)
def create_box(self):
''' Create a box object '''
form = Form(
box_name="Enter a box name",
description="Enter a description",
difficulty="Select a difficulty",
corporation_uuid="Please select a corporation",
game_level="Please select a game level",
)
if form.validate(self.request.arguments):
try:
game_level = int(self.get_argument('game_level'))
corp_uuid = self.get_argument('corporation_uuid')
if Box.by_name(self.get_argument('box_name')) is not None:
self.render("admin/create/box.html",
errors=["Box name already exists"])
elif Corporation.by_uuid(corp_uuid) is None:
self.render("admin/create/box.html",
errors=["Corporation does not exist"])
elif GameLevel.by_number(game_level) is None:
self.render("admin/create/box.html",
errors=["Game level does not exist"])
else:
self.__mkbox__()
self.redirect('/admin/view/game_objects')
except ValueError:
self.render('admin/view/create.html',
errors=["Invalid level number"])
else:
self.render("admin/create/box.html", errors=form.errors)
def post(self, *args, **kwargs):
''' Creates a job based on the parameters '''
form = Form(
jobname="Please enter a job name",
algorithm_uuid="Please select an algorithm",
hashes="Please provide the target hashes",
)
if form.validate(self.request.arguments):
algo = Algorithm.by_uuid(self.get_argument('algorithm_uuid'))
user = self.get_current_user()
if algo is None:
self.render('cracking/jobs/create.html',
errors=['Invalid algorithm']
)
elif Job.by_job_name(self.get_argument('jobname')) is not None:
self.render('cracking/jobs/create.html',
errors=['Duplicate job name']
)
else:
job = self.create_job(user, algo)
dispatch = Dispatch.Instance()
dispatch.refresh()
self.render("cracking/jobs/created.html", job=job)
else:
self.render('cracking/jobs/create.html', errors=form.errors)
def post(self, *args, **kwargs):
''' Creates a new weapon system, and yes the form validation is shit '''
form = Form(
name="Please enter a name",
ssh_user="******",
ssh_key="Please enter an ssh key",
ip_address="Please enter a ip address",
ssh_port="Please enter an ssh port",
service_port="Please enter a service port",
)
if form.validate(self.request.arguments):
if WeaponSystem.by_name(self.get_argument('name')) is not None:
self.render("admin/weaponsystem/create.html",
errors=['That name already exists'])
elif WeaponSystem.by_ip_address(
self.get_argument('ip_address')) is not None:
self.render("admin/weaponsystem/create.html",
errors=['IP Address already in use'])
else:
try:
if not 1 <= int(self.get_argument('ssh_port', -1)) < 65535:
raise ValueError("SSh port not in range")
if not 1 <= int(self.get_argument('service_port',
-1)) < 65535:
raise ValueError("Service port not in range")
weapon_system = self.create_weapon()
self.render("admin/weaponsystem/created.html", errors=None)
except ValueError:
self.render(
"admin/weaponsystem/create.html",
errors=["Invalid port number; must be 1-65535"])
else:
self.render("admin/weaponsystem/create.html", errors=form.errors)
def edit_ipv6(self):
''' Add ipv6 addresses to a box (sorta edits the box object) '''
form = Form(box_uuid="Select a box",
ipv6="Please provide a list of IPv6 addresses")
if form.validate(self.request.arguments):
errors = []
box = Box.by_uuid(self.get_argument('box_uuid'))
if box is not None:
ips_string = self.get_argument('ipv6').replace('\n',
',').lower()
ips = filter(lambda char: char in "1234567890abcdef:,",
ips_string).split(",")
for ip in filter(lambda ip: 0 < len(ip), ips):
try:
box = Box.by_ip_address(ip)
if box is None:
addr = IpAddress(box_id=box.id, v6=ip)
dbsession.add(addr)
else:
errors.append(
"%s has already been assigned to %s." % (
ip,
box.name,
))
except ValueError:
errors.append("'%s' is not a valid IPv6 address" %
str(ip[:39]))
dbsession.flush()
else:
errors.append("Box does not exist")
self.render("admin/view/game_objects.html", errors=errors)
else:
self.render("admin/view/game_objects.html", errors=form.errors)
def post(self, *args, **kwargs):
''' Attempts to create an account '''
form = Form(
username="******",
pass1="Please enter a password",
pass2="Please confirm your password",
recaptcha_challenge_field="Invalid captcha",
recaptcha_response_field="Invalid captcha",
)
if not form.validate(self.request.arguments):
self.render("public/registration.html", errors=form.errors)
elif self.check_recaptcha():
user_name = self.get_argument('username')
if User.by_user_name(user_name) != None:
self.render('public/registration.html',
errors=['Account name already taken'])
elif len(user_name) < 3 or 15 < len(user_name):
self.render('public/registration.html',
errors=['Username must be 3-15 characters'])
elif not self.get_argument('pass1') == self.get_argument('pass2'):
self.render('public/registration.html',
errors=['Passwords do not match'])
elif not (12 <= len(self.get_argument('pass1')) <= 100):
self.render('public/registration.html',
errors=['Password must be 12-100 characters'])
else:
user = self.create_user(user_name, self.get_argument('pass1'))
self.render(
"public/account_created.html", user_name=user.user_name)
else:
self.render("public/registration.html",
errors=['Invalid captcha'])
def buyout(self):
''' Buyout and unlock a level '''
form = Form(uuid="Level parameter missing")
user = self.get_current_user()
if form.validate(self.request.arguments):
level = GameLevel.by_uuid(self.get_argument('uuid', ''))
if level is not None and user is not None:
if level.buyout < user.team.money:
logging.info("%s (%s) payed buyout for level #%d" % (
user.handle, user.team.name, level.number
))
user.team.game_levels.append(level)
user.team.money -= level.buyout
dbsession.add(user.team)
event = self.event_manager.create_unlocked_level_event(user, level)
self.new_events.append(event)
self.redirect("/user/missions")
else:
self.render("missions/view.html",
team=user.team,
errors=[
"You do not have enough money to unlock this level"
]
)
else:
self.render("missions/view.html",
team=user.team,
errors=["Level does not exist"]
)
else:
self.render("missions/view.html",
team=user.team,
errors=form.errors
)
def post(self, *args, **kwargs):
''' Attempt to upgrade hash algo '''
form = Form(
old_password="******",
new_password1="Enter a new password",
new_password2="Confirm your new password",
)
if form.validate(self.request.arguments):
user = self.get_current_user()
passwd = self.get_argument('new_password1')
old_passwd = self.get_argument('old_password')
if not user.validate_bank_password(old_passwd):
self.render_page(["Invalid password"])
elif not passwd == self.get_argument('new_password2'):
self.render_page(["New passwords do not match"])
elif user.team.money < self.config.password_upgrade_cost:
self.render_page(["You cannot afford to upgrade your hash"])
elif len(passwd) <= self.config.max_password_length:
user.team.money -= self.config.password_upgrade_cost
dbsession.add(user.team)
dbsession.flush()
self.update_password(passwd)
self.render_page()
else:
self.render_page(["New password is too long"])
else:
self.render_page(form.errors)
def edit_corporations(self):
''' Updates corporation object in the database '''
form = Form(
uuid="Object not selected",
name="Missing corporation name",
description="Missing description",
)
if form.validate(self.request.arguments):
corp = Corporation.by_uuid(self.get_argument('uuid'))
if corp is not None:
if self.get_argument('name') != corp.name:
logging.info("Updated corporation name %s -> %s" % (
corp.name,
self.get_argument('name'),
))
corp.name = unicode(self.get_argument('name'))
if self.get_argument('description') != corp.description:
logging.info("Updated corporation description %s -> %s" % (
corp.description,
self.get_argument('description'),
))
corp.description = unicode(
self.get_argument('description'))
dbsession.add(corp)
dbsession.flush()
self.redirect('/admin/view/game_objects')
else:
self.render("admin/view/game_objects.html",
errors=["Corporation does not exist"])
else:
self.render("admin/view/game_objects.html", errors=form.errors)
def post(self, *args, **kwargs):
''' Create a new user '''
form = Form(
username="******",
email="Please enter a valid email address",
password1="Please enter a password",
password2="Please confirm your password",
)
if form.validate(self.request.arguments):
if User.by_name(self.get_argument('username')) is not None:
error_msg = "Username already taken; if you forgot your password use the password recovery option"
self.render('public/registration.html', errors=[error_msg])
elif User.by_email(self.get_argument('email')) is not None:
error_msg = "Email already in use; if you forgot your password use the password recovery option"
self.render('public/registration.html', errors=[error_msg])
elif self.get_argument('password1') != self.get_argument(
'password2'):
self.render('public/registration.html',
errors=["Passwords do not match"])
else:
email_service = EmailService()
user = self.create_user(self.get_argument('username'),
self.get_argument('email'),
self.get_argument('password1'))
email_service.send_confirmation(user)
self.render('public/registration_successful.html', user=user)
else:
self.render('public/registration.html', errors=form.errors)
def buyout(self):
''' Buyout and unlock a level '''
form = Form(uuid="Level parameter missing")
user = self.get_current_user()
if form.validate(self.request.arguments):
level = GameLevel.by_uuid(self.get_argument('uuid', ''))
if level is not None and user is not None:
if level.buyout < user.team.money:
user.team.game_levels.append(level)
user.team.money -= level.buyout
dbsession.add(user.team)
self.event_manager.unlocked_level(user, level)
self.redirect("/user/missions")
else:
self.render("missions/view.html",
team=user.team,
errors=[
"You do not have enough money to unlock this level"
]
)
else:
self.render("missions/view.html",
team=user.team,
errors=["Level does not exist"]
)
else:
self.render("missions/view.html",
team=user.team,
errors=form.errors
)
def create_flag(self):
''' Create a flag '''
form = Form(
box_uuid="Please select a box",
flag_name="Please enter a name",
token="Please enter a token value",
reward="Please enter a reward value",
is_file="Please select a file setting",
description="Please enter a flag description",
)
if form.validate(self.request.arguments):
try:
if Flag.by_name(self.get_argument('flag_name')) is not None:
self.render('admin/create/flag.html',
errors=["Name already exists"])
elif Flag.by_token(self.get_argument('token')) is not None:
self.render('admin/create/flag.html',
errors=["Token value is not unique"])
elif Box.by_uuid(self.get_argument('box_uuid')) is None:
self.render('admin/create/flag.html',
errors=["Box does not exist"])
else:
reward = int(self.get_argument('reward', 'NaN'))
self.__mkflag__(reward)
self.redirect('/admin/view/game_objects')
except ValueError:
self.render('admin/create/flag.html',
errors=["Invalid reward value"])
else:
self.render("admin/create/flag.html", errors=form.errors)
def add_source_code(self):
form = Form(
box_uuid="Please select a box",
price="Please input a price for the source code",
description="Please enter a description",
)
if form.validate(self.request.arguments):
box = Box.by_uuid(self.get_argument('box_uuid'))
if box is not None:
if not 'source_archive' in self.request.files and 0 < len(self.request.files['source_archive']):
self.render('admin/upgrades/source_code_market.html',
errors=["No file data"]
)
else:
try:
price = abs(int(self.get_argument('price', 'NaN')))
self.create_source_code(box, price)
self.render('admin/upgrades/source_code_market.html',
errors=None
)
except ValueError:
self.render('admin/upgrades/source_code_market.html',
errors=["Price must be an integer"]
)
else:
self.render('admin/upgrades/source_code_market.html',
errors=["The selected box does not exist"]
)
else:
self.render('admin/upgrades/source_code_market.html',
errors=form.errors
)
def create_game_level(self):
''' Creates a game level '''
form = Form(
level_number="Please enter a level number",
buyout="Please enter a buyout value",
)
if form.validate(self.request.arguments):
try:
game_level = int(self.get_argument('level_number'))
buyout = int(self.get_argument('buyout'))
if game_level <= 0:
self.render('admin/create/game_level.html',
errors=["Level number must be greater than 0"]
)
elif GameLevel.by_number(game_level) is not None:
self.render('admin/create/game_level.html',
errors=["Game level number must be unique"]
)
elif buyout < 0:
self.render('admin/create/game_level.html',
errors=["Invalid buyout value"]
)
else:
self.__mklevel__(game_level, buyout)
self.redirect('/admin/view/game_levels')
except ValueError:
self.render('admin/create/game_level.html',
errors=["Invalid level number"]
)
else:
self.render('admin/create/game_level.html', errors=form.errors)
def edit_corporations(self):
''' Updates corporation object in the database '''
form = Form(
uuid="Object not selected",
name="Missing corporation name",
description="Missing description",
)
if form.validate(self.request.arguments):
corp = Corporation.by_uuid(self.get_argument('uuid'))
if corp is not None:
if self.get_argument('name') != corp.name:
logging.info("Updated corporation name %s -> %s" %
(corp.name, self.get_argument('name'),)
)
corp.name = unicode(self.get_argument('name'))
if self.get_argument('description') != corp.description:
logging.info("Updated corporation description %s -> %s" %
(corp.description, self.get_argument('description'),)
)
corp.description = unicode(self.get_argument('description'))
dbsession.add(corp)
dbsession.flush()
self.redirect('/admin/view/game_objects')
else:
self.render("admin/view/game_objects.html",
errors=["Corporation does not exist"]
)
else:
self.render("admin/view/game_objects.html", errors=form.errors)
def create_flag(self):
''' Create a flag '''
form = Form(
box_uuid="Please select a box",
flag_name="Please enter a name",
token="Please enter a token value",
reward="Please enter a reward value",
is_file="Please select a file setting",
description="Please enter a flag description",
)
if form.validate(self.request.arguments):
try:
if Flag.by_name(self.get_argument('flag_name')) is not None:
self.render('admin/create/flag.html',
errors=["Name already exists"]
)
elif Flag.by_token(self.get_argument('token')) is not None:
self.render('admin/create/flag.html',
errors=["Token value is not unique"]
)
elif Box.by_uuid(self.get_argument('box_uuid')) is None:
self.render('admin/create/flag.html',
errors=["Box does not exist"]
)
else:
reward = int(self.get_argument('reward', 'NaN'))
self.__mkflag__(reward)
self.redirect('/admin/view/game_objects')
except ValueError:
self.render('admin/create/flag.html',
errors=["Invalid reward value"]
)
else:
self.render("admin/create/flag.html", errors=form.errors)
def create_game_level(self):
''' Creates a game level '''
form = Form(
level_number="Please enter a level number",
buyout="Please enter a buyout value",
)
if form.validate(self.request.arguments):
try:
game_level = int(self.get_argument('level_number'))
buyout = int(self.get_argument('buyout'))
if game_level <= 0:
self.render('admin/create/game_level.html',
errors=["Level number must be greater than 0"])
elif GameLevel.by_number(game_level) is not None:
self.render('admin/create/game_level.html',
errors=["Game level number must be unique"])
elif buyout < 0:
self.render('admin/create/game_level.html',
errors=["Invalid buyout value"])
else:
self.__mklevel__(game_level, buyout)
self.redirect('/admin/view/game_levels')
except ValueError:
self.render('admin/create/game_level.html',
errors=["Invalid level number"])
else:
self.render('admin/create/game_level.html', errors=form.errors)
def create_box(self):
''' Create a box object '''
form = Form(
box_name="Enter a box name",
description="Enter a description",
difficulty="Select a difficulty",
corporation_uuid="Please select a corporation",
game_level="Please select a game level",
)
if form.validate(self.request.arguments):
try:
game_level = int(self.get_argument('game_level'))
corp_uuid = self.get_argument('corporation_uuid')
if Box.by_name(self.get_argument('box_name')) is not None:
self.render("admin/create/box.html",
errors=["Box name already exists"]
)
elif Corporation.by_uuid(corp_uuid) is None:
self.render("admin/create/box.html",
errors=["Corporation does not exist"]
)
elif GameLevel.by_number(game_level) is None:
self.render("admin/create/box.html",
errors=["Game level does not exist"]
)
else:
self.__mkbox__()
self.redirect('/admin/view/game_objects')
except ValueError:
self.render('admin/view/create.html',
errors=["Invalid level number"]
)
else:
self.render("admin/create/box.html", errors=form.errors)
def post(self, *args, **kwargs):
form = Form(
uuid="Weapon not found",
)
if form.validate(self.request.arguments):
user = self.get_current_user()
weapon = ArmoryWeapon.by_uuid(self.request.arguments['uuid'][0])
if user == None or weapon == None:
self.render("store/weapons.html", errors=None, weapons=ArmoryWeapon.get_all_visible())
elif user.gold < weapon.cost:
self.render("store/weapons.html", errors=['You cannot afford this weapon'], weapons=ArmoryWeapon.get_all_visible())
else:
user.gold -= weapon.cost
new_weapon = Weapon(
user_id=user.id,
name=weapon.name,
description=weapon.description,
required_level=weapon.required_level,
damage=weapon.damage,
rating=weapon.rating,
advanced=weapon.advanced,
classification=weapon.classification,
avatar=weapon.avatar,
)
self.dbsession.add(new_weapon)
self.dbsession.add(user)
self.dbsession.flush()
self.render("store/purchase.html", item=weapon.name)
else:
self.render("store/weapons.html", errors=form.errors, weapons=ArmoryWeapon.get_all_visible())
def post(self, *args, **kwargs):
form = Form(
uuid="Armor not found",
)
if form.validate(self.request.arguments):
user = self.get_current_user()
armor = ArmoryArmor.by_uuid(self.request.arguments['uuid'][0])
if user == None or armor == None:
self.render("store/armor.html", errors=None, armors=ArmoryArmor.get_all_visible())
elif user.gold < armor.cost:
self.render("store/armor.html", errors=['You cannot afford this armor'], armors=ArmoryArmor.get_all_visible())
else:
user.gold -= armor.cost
new_armor = Armor(
user_id=user.id,
name=armor.name,
description=armor.description,
required_level=armor.required_level,
rating=armor.rating,
classification=armor.classification,
avatar=armor.avatar,
)
self.dbsession.add(new_armor)
self.dbsession.add(user)
self.dbsession.flush()
self.render("store/purchase.html", item=armor.name)
else:
self.render("store/armor.html", errors=form.errors, armors=ArmoryArmor.get_all_visible())
def post(self, *args, **kwargs):
''' Creates a new weapon system, and yes the form validation is shit '''
form = Form(
name="Please enter a name",
ssh_user="******",
ssh_key="Please enter an ssh key",
ip_address="Please enter a ip address",
ssh_port="Please enter an ssh port",
service_port="Please enter a service port",
)
if form.validate(self.request.arguments):
if WeaponSystem.by_name(self.get_argument('name')) is not None:
self.render("admin/weaponsystem/create.html",
errors=['That name already exists']
)
elif WeaponSystem.by_ip_address(self.get_argument('ip_address')) is not None:
self.render("admin/weaponsystem/create.html",
errors=['IP Address already in use']
)
else:
try:
if not 1 <= int(self.get_argument('ssh_port', -1)) < 65535:
raise ValueError("SSh port not in range")
if not 1 <= int(self.get_argument('service_port', -1)) < 65535:
raise ValueError("Service port not in range")
weapon_system = self.create_weapon()
self.render("admin/weaponsystem/created.html", errors=None)
except ValueError:
self.render("admin/weaponsystem/create.html",
errors=["Invalid port number; must be 1-65535"]
)
else:
self.render("admin/weaponsystem/create.html", errors=form.errors)
def post(self, *args, **kwargs):
''' Create the Dork in the system '''
form = Form(title="Please enter a title",
description="Please enter a Description",
author="Please Enter an Author",
query="Please Enter the Shodan Hq Search Query",
tag="Please Select a Category")
try:
#Getting the user
session_manager = SessionManager.Instance()
session = session_manager.get_session(
self.get_secure_cookie('auth'), self.request.remote_ip)
user = User.by_user_name(session.data['user_name'])
#Get the tag
old_tag = Tag.by_name(self.get_argument('tag'))
#Get all the tags
tags = Tag.all()
if user != None:
if form.validate(self.request.arguments):
old_dork = Dork.by_title(self.get_argument('title'))
if old_dork:
self.render(
'user/submit.html',
user=user,
errors=[
'A Dork by this title has already been submitted'
],
success=None,
tags=tags)
elif old_tag == None:
self.render(
'user/submit.html',
user=user,
errors=[
'A Dork by this title has already been submitted'
],
success=None,
tags=tags)
else:
self.create_dork(user)
self.render('user/submit.html',
user=user,
success='Successfully created new Dork',
errors=None,
tags=tags)
else:
self.render('user/submit.html',
user=user,
errors=form.errors,
success=None,
tags=tags)
else:
self.render('public/please_login.html')
except Exception as e:
print e
self.render('public/please_login.html')
def post(self, *args, **kwargs):
''' This is used to create new tags '''
form = Form(name="Please enter a tag name")
tags = Tag.all()
if form.validate(self.request.arguments):
self.create_tag()
tags = Tag.all()
self.render("admin/manage_tags.html", tags=tags)
else:
self.render("admin/manage_tags.html", tags=tags, errors=form.errors)
def edit_boxes(self):
''' Edit existing boxes in the database '''
form = Form(
uuid="Object not selected",
name="Missing box name",
corporation_uuid="Please select a corporation",
description="Please enter a description",
difficulty="Please enter a difficulty",
)
if form.validate(self.request.arguments):
box = Box.by_uuid(self.get_argument('uuid'))
if box is not None:
errors = []
if self.get_argument('name') != box.name:
if Box.by_name(self.get_argument('name')) is None:
logging.info("Updated box name %s -> %s" % (
box.name,
self.get_argument('name'),
))
box.name = unicode(self.get_argument('name'))
else:
errors.append("Box name already exists")
corp = Corporation.by_uuid(
self.get_argument('corporation_uuid'))
if corp is not None and corp.id != box.corporation_id:
logging.info("Updated %s's corporation %s -> %s" % (
box.name,
box.corporation_id,
corp.id,
))
box.corporation_id = corp.id
elif corp is None:
errors.append("Corporation does not exist")
if self.get_argument('description') != box.description:
logging.info("Updated %s's description %s -> %s" % (
box.name,
box.description,
self.get_argument('description'),
))
box.description = unicode(self.get_argument('description'))
if self.get_argument('difficulty') != box.difficulty:
logging.info("Updated %s's difficulty %s -> %s" % (
box.name,
box.difficulty,
self.get_argument('difficulty'),
))
box.difficulty = unicode(self.get_argument('difficulty'))
dbsession.add(box)
dbsession.flush()
self.render("admin/view/game_objects.html", errors=errors)
else:
self.render("admin/view/game_objects.html",
errors=["Box does not exist"])
else:
self.render("admin/view/game_objects.html", errors=form.errors)
def get(self, *args, **kwargs):
''' AJAX // Delete a paste object from the database '''
form = Form(paste_uuid="Paste does not exist.", )
if form.validate(self.request.arguments):
paste_uuid = self.get_argument("paste_uuid")
paste = PasteBin.by_uuid(paste_uuid)
user = self.get_current_user()
if paste is not None and paste.team_id == user.team.id:
dbsession.delete(paste)
dbsession.flush()
self.redirect("/user/share/pastebin")
def post(self, *args, **kwargs):
''' This is used to create new tags '''
form = Form(name="Please enter a tag name")
tags = Tag.all()
if form.validate(self.request.arguments):
self.create_tag()
tags = Tag.all()
self.render("admin/manage_tags.html", tags=tags)
else:
self.render("admin/manage_tags.html",
tags=tags,
errors=form.errors)
def flag(self):
'''
Accepts flag submissions, a flag can be either a string or a file,
if the flag submission is a file the MD5 hexdigest is used.
'''
form = Form(flag_type="Missing flag type")
user = self.get_current_user()
if form.validate(self.request.arguments):
flag = Flag.by_uuid(self.get_argument('uuid', ''))
if flag is not None:
if self.get_argument('flag_type').lower() == 'text':
token = self.get_argument('token', None)
errors = self.__chkflag__(flag, token)
if len(errors) == 0:
self.flag_captured()
else:
self.render("missions/view.html",
team=user.team,
errors=errors
)
elif self.get_argument('flag_type').lower() == 'file':
if 0 < len(self.request.files['flag'][0]['body']):
file_data = self.request.files['flag'][0]['body']
errors = self.__chkflag__(flag, file_data)
if len(errors) == 0:
self.flag_captured()
else:
self.render("missions/view.html",
team=user.team,
errors=errors
)
else:
logging.info("No file data in flag submission.")
self.render("missions/view.html",
team=user.team,
errors=["No file data"]
)
else:
self.render("missions/view.html",
team=user.team,
errors=["Invalid flag type"]
)
else:
self.render("missions/view.html",
team=user.team,
errors=["Flag does not exist"]
)
else:
self.render("missions/view.html",
team=user.team,
errors=form.errors
)
def get(self, *args, **kwargs):
''' AJAX // Delete a paste object from the database '''
form = Form(
paste_uuid="Paste does not exist.",
)
if form.validate(self.request.arguments):
paste_uuid = self.get_argument("paste_uuid")
paste = PasteBin.by_uuid(paste_uuid)
user = self.get_current_user()
if paste is not None and paste.team_id == user.team.id:
dbsession.delete(paste)
dbsession.flush()
self.redirect("/user/share/pastebin")
def post(self, *args, **kwargs):
""" Shit form validation """
form = Form(description="Please enter a description")
user = self.get_current_user()
if form.validate(self.request.arguments):
if 0 == len(self.request.files.keys()):
self.render("share_upload/share_files.html", errors=["No file data."], shares=user.team.files)
elif self.FSIZE < len(self.request.files["file_data"][0]["body"]):
self.render("share_upload/share_files.html", errors=["File too large."], shares=user.team.files)
else:
self.create_file(user)
self.redirect("/user/share/files")
else:
self.render("share_upload/share_files.html", errors=form.errors, shares=user.team.files)
def post(self, *args, **kwargs):
''' Attempts to create an account, with shitty form validation '''
form = Form(
account="Please enter an account name",
handle="Please enter a handle",
team="Please select a team to join",
pass1="Please enter a password",
pass2="Please confirm your password",
token="Please enter a registration token"
)
if form.validate(self.request.arguments):
config = ConfigManager.Instance()
account = self.get_argument('account').lower()
handle = self.get_argument('handle').lower()
rtok = self.get_argument('token', '__none__').lower()
passwd = self.get_argument('pass1')
if User.by_account(account) is not None:
self.render('public/registration.html',
errors=['Account name already taken']
)
elif account == handle:
self.render('public/registration.html',
errors=['Account name and hacker name must differ']
)
elif User.by_handle(handle) is not None:
self.render('public/registration.html',
errors=['Handle already taken']
)
elif not passwd == self.get_argument('pass2'):
self.render('public/registration.html',
errors=['Passwords do not match']
)
elif not 0 < len(passwd) <= config.max_password_length:
self.render('public/registration.html',
errors=['Password must be 1-%d characters'
% config.max_password_length]
)
elif Team.by_uuid(self.get_argument('team', '')) is None:
self.render('public/registration.html',
errors=["Please select a team to join"]
)
elif RegistrationToken.by_value(rtok) is None and not config.debug:
self.render('public/registration.html',
errors=["Invalid registration token"]
)
else:
self.create_user(account, handle, passwd, rtok)
self.render('public/successful_reg.html', account=account)
else:
self.render('public/registration.html', errors=form.errors)
def post(self, *args, **kwargs):
''' Creates a new text share '''
form = Form(
name="Please enter a name",
content="Please provide some content",
)
if form.validate(self.request.arguments):
user = self.get_current_user()
paste = PasteBin(name=unicode(self.get_argument("name")),
contents=unicode(self.get_argument("content")),
team_id=user.team.id)
dbsession.add(paste)
dbsession.flush()
self.event_manager.paste_bin(user, paste)
self.redirect('/user/share/pastebin')
def create_team(self):
''' Create a new team in the database '''
form = Form(team_name="Enter a team name", motto="Enter a team motto")
if form.validate(self.request.arguments):
team = Team(
name=unicode(self.get_argument('team_name')),
motto=unicode(self.get_argument('motto')),
)
level_0 = GameLevel.all()[0]
team.game_levels.append(level_0)
dbsession.add(team)
dbsession.flush()
self.redirect('/admin/view/user_objects')
else:
self.render("admin/create/team.html", errors=form.errors)
def post(self, *args, **kwargs):
form = Form(box_uuid="Please select leaked code to buy")
if form.validate(self.request.arguments):
box = Box.by_uuid(self.get_argument('box_uuid', ''))
if box is not None and box.source_code is not None:
user = self.get_current_user()
if box.source_code.price <= user.team.money:
self.purchase_code(box)
self.redirect("/source_code_market")
else:
self.render_page(["You cannot afford to purchase this code"])
else:
self.render_page(["Box does not exist"])
else:
self.render_page(form.errors)
def create_team(self):
''' Create a new team in the database '''
form = Form(team_name="Enter a team name", motto="Enter a team motto")
if form.validate(self.request.arguments):
team = Team(
name=unicode(self.get_argument('team_name')),
motto=unicode(self.get_argument('motto')),
)
level_0 = GameLevel.all()[0]
team.game_levels.append(level_0)
dbsession.add(team)
dbsession.flush()
self.redirect('/admin/view/user_objects')
else:
self.render("admin/create/team.html", errors=form.errors)
def get(self, *args, **kwargs):
''' AJAX // Retrieves a paste from the database '''
form = Form(
paste_uuid="Paste does not exist.",
)
if form.validate(self.request.arguments):
paste_uuid = self.get_argument("paste_uuid")
user = self.get_current_user()
paste = PasteBin.by_uuid(paste_uuid)
if paste is None or paste.team_id != user.team.id:
self.render("pastebin/display.html", errors=["Paste does not exist."], paste=None)
else:
self.render("pastebin/display.html", errors=None, paste=paste)
else:
self.render("pastebin/display.html", errors=form.errors, paste=None)
class EquipArmorHandler(UserBaseHandler):
''' This is the handler that allows to equiping of armors from the profile '''
def initialize(self, dbsession):
self.dbsession = dbsession
self.session_manager = SessionManager.Instance()
self.session = self.session_manager.get_session(
self.get_secure_cookie('auth'), self.request.remote_ip)
self.form = Form(
armor_id="You Must Select an Armor"
)
@authenticated
def post(self, *args, **kwargs):
''' Display the default user page '''
user = self.get_current_user()
if self.form.validate(self.request.arguments):
if user != None and self.get_argument('armor_id').isdigit():
new_armor = Armor.by_id(self.get_argument('armor_id'))
# Make sure that we have the weapon they are attemping to equip
if new_armor in user.get_all_armor():
if new_armor.required_level <= user.level:
old_armor = user.equiped_armor
old_armor.equiped = False
new_armor.equiped = True
self.dbsession.add(new_armor)
self.dbsession.add(old_armor)
self.dbsession.flush()
self.redirect('/user')
else:
self.redirect('/user?error=2')
def initialize(self, dbsession):
self.dbsession = dbsession
self.form = Form(
username="******",
pass1="Please enter a password",
pass2="Please confirm your password",
)
def edit_boxes(self):
''' Edit existing boxes in the database '''
form = Form(
uuid="Object not selected",
name="Missing box name",
corporation_uuid="Please select a corporation",
description="Please enter a description",
difficulty="Please enter a difficulty",
)
if form.validate(self.request.arguments):
box = Box.by_uuid(self.get_argument('uuid'))
if box is not None:
errors = []
if self.get_argument('name') != box.name:
if Box.by_name(self.get_argument('name')) is None:
logging.info("Updated box name %s -> %s" %
(box.name, self.get_argument('name'),)
)
box.name = unicode(self.get_argument('name'))
else:
errors.append("Box name already exists")
corp = Corporation.by_uuid(self.get_argument('corporation_uuid'))
if corp is not None and corp.id != box.corporation_id:
logging.info("Updated %s's corporation %s -> %s" %
(box.name, box.corporation_id, corp.id,))
box.corporation_id = corp.id
elif corp is None:
errors.append("Corporation does not exist")
if self.get_argument('description') != box.description:
logging.info("Updated %s's description %s -> %s" %
(box.name, box.description, self.get_argument('description'),)
)
box.description = unicode(self.get_argument('description'))
if self.get_argument('difficulty') != box.difficulty:
logging.info("Updated %s's difficulty %s -> %s" %
(box.name, box.difficulty, self.get_argument('difficulty'),)
)
box.difficulty = unicode(self.get_argument('difficulty'))
dbsession.add(box)
dbsession.flush()
self.render("admin/view/game_objects.html", errors=errors)
else:
self.render("admin/view/game_objects.html",
errors=["Box does not exist"]
)
else:
self.render("admin/view/game_objects.html", errors=form.errors)
def post_theme(self, *args, **kwargs):
''' Change per-user theme '''
form = Form(theme_uuid="Please select a theme", )
if form.validate(self.request.arguments):
theme = Theme.by_uuid(self.get_argument('theme_uuid'))
if theme is not None:
self.session['theme'] = ''.join(theme.cssfile)
self.session.save()
user = self.get_current_user()
user.theme_id = theme.id
dbsession.add(user)
dbsession.flush()
self.render_page()
else:
self.render_page(errors=["Theme does not exist."])
else:
self.render_page(errors=form.errors)
def initialize(self, dbsession):
self.dbsession = dbsession
self.session_manager = SessionManager.Instance()
self.session = self.session_manager.get_session(
self.get_secure_cookie('auth'), self.request.remote_ip)
self.form = Form(
armor_id="You Must Select an Armor"
)
def post(self, *args, **kwargs):
''' Creates a new text share '''
form = Form(
name="Please enter a name",
content="Please provide some content",
)
if form.validate(self.request.arguments):
user = self.get_current_user()
paste = PasteBin(
name=unicode(self.get_argument("name")),
contents=unicode(self.get_argument("content")),
team_id=user.team.id
)
dbsession.add(paste)
dbsession.flush()
self.event_manager.paste_bin(user, paste)
self.redirect('/user/share/pastebin')
def post(self, *args, **kwargs):
#Arg! Exploit Ho!
form = Form(
client_id="Please enter your client ID",
explanation="Please enter an explanation",
)
user = User.by_user_name(self.session.data['user_name'])
if not form.validate(self.request.arguments):
print self.request.arguments
self.render("user/feedback.html", user=user, errors=form.errors, success=None)
else:
if self.request.files.has_key('log'):
if len(self.request.files['log']) == 1:
data = self.request.files['log'][0]['body']
#Do the exploit things here
self.render("user/feedback.html", user=user, errors=None, success="Your feedback is appreciated!")
def post_theme(self, *args, **kwargs):
''' Change per-user theme '''
form = Form(theme_uuid="Please select a theme",)
if form.validate(self.request.arguments):
theme = Theme.by_uuid(self.get_argument('theme_uuid'))
if theme is not None:
self.session['theme'] = ''.join(theme.cssfile)
self.session.save()
user = self.get_current_user()
user.theme_id = theme.id
dbsession.add(user)
dbsession.flush()
self.render_page()
else:
self.render_page(errors=["Theme does not exist."])
else:
self.render_page(errors=form.errors)
def edit_teams(self):
''' Edit existing team objects in the database '''
form = Form(
uuid="No team selected",
name="Please enter a name",
motto="Please enter a motto",
listen_port="Please enter a listen port",
)
if form.validate(self.request.arguments):
team = Team.by_uuid(self.get_argument('uuid'))
if team is not None:
errors = []
if team.name != self.get_argument('name'):
logging.info("Updated team name %s -> %s" % (
team.name,
self.get_argument('name'),
))
team.name = unicode(self.get_argument('name'))
if team.motto != self.get_argument('motto'):
logging.info("Updated %s's motto %s -> %s" % (
team.name,
team.motto,
self.get_argument('motto'),
))
team.motto = unicode(self.get_argument('motto'))
try:
lport = int(self.get_argument('listen_port'))
if lport != team.listen_port:
logging.info("Updated %s's listen port %d -> %d" % (
team.name,
team.listen_port,
lport,
))
team.listen_port = lport
except ValueError:
errors.append("Invalid listen port %s " %
self.get_argument('listen_port'))
dbsession.add(team)
dbsession.flush()
self.redirect("/admin/view/user_objects")
else:
self.render("admin/view/user_objects.html",
errors=["Team does not exist"])
else:
self.render("admin/view/user_objects.html", errors=form.errors)
def box_level(self):
''' Changes a boxs level '''
form = Form(box_uuid="No box selected", level_uuid="No level selected")
if form.validate(self.request.arguments):
errors = []
box = Box.by_uuid(self.get_argument('box_uuid'))
level = GameLevel.by_uuid(self.get_argument('level_uuid'))
if box is not None and level is not None:
box.game_level_id = level.id
dbsession.add(box)
dbsession.flush()
elif box is None:
errors.append("Box does not exist")
elif level is None:
errors.append("GameLevel does not exist")
self.render("admin/view/game_levels.html", errors=errors)
else:
self.render("admin/view/game_levels.html", errors=form.errors)
def post(self, *args, **kwargs):
''' Attempts to create an account, with shitty form validation '''
form = Form(account="Please enter an account name",
handle="Please enter a handle",
team="Please select a team to join",
pass1="Please enter a password",
pass2="Please confirm your password",
token="Please enter a registration token")
if form.validate(self.request.arguments):
config = ConfigManager.Instance()
account = self.get_argument('account').lower()
handle = self.get_argument('handle').lower()
rtok = self.get_argument('token', '__none__').lower()
passwd = self.get_argument('pass1')
if User.by_account(account) is not None:
self.render('public/registration.html',
errors=['Account name already taken'])
elif account == handle:
self.render(
'public/registration.html',
errors=['Account name and hacker name must differ'])
elif User.by_handle(handle) is not None:
self.render('public/registration.html',
errors=['Handle already taken'])
elif not passwd == self.get_argument('pass2'):
self.render('public/registration.html',
errors=['Passwords do not match'])
elif not 0 < len(passwd) <= config.max_password_length:
self.render('public/registration.html',
errors=[
'Password must be 1-%d characters' %
config.max_password_length
])
elif Team.by_uuid(self.get_argument('team', '')) is None:
self.render('public/registration.html',
errors=["Please select a team to join"])
elif RegistrationToken.by_value(rtok) is None and not config.debug:
self.render('public/registration.html',
errors=["Invalid registration token"])
else:
self.create_user(account, handle, passwd, rtok)
self.render('public/successful_reg.html', account=account)
else:
self.render('public/registration.html', errors=form.errors)
def edit_game_level(self):
''' Update game level objects '''
form = Form(
uuid="Select an object",
number="Enter a level number",
buyout="Enter a buyout value",
)
if form.validate(self.request.arguments):
errors = []
level = GameLevel.by_uuid(self.get_argument('uuid'))
try:
new_number = int(self.get_argument('number', 'NaN'))
new_buyout = int(self.get_argument('buyout', 'NaN'))
if level.number != new_number and GameLevel.by_number(
new_number) is None:
level.number = new_number
dbsession.add(level)
dbsession.flush()
# Fix the linked-list
game_levels = sorted(GameLevel.all())
index = 0
for game_level in game_levels[:-1]:
game_level.next_level_id = game_levels[index + 1].id
dbsession.add(game_level)
index += 1
game_levels[0].number = 0
dbsession.add(game_levels[0])
game_levels[-1].next_level_id = None
dbsession.add(game_levels[-1])
dbsession.flush()
if GameLevel.by_number(new_number) is not None:
errors.append("GameLevel number is not unique")
if level.buyout != new_buyout:
level.buyout = new_buyout
dbsession.add(level)
dbsession.flush()
except ValueError:
errors.append(
"That was not a number ... maybe you should go back to school"
)
self.render("admin/view/game_levels.html", errors=errors)
else:
self.render("admin/view/game_levels.html", errors=form.errors)
def post(self, *args, **kwargs):
''' Checks login creds '''
form = Form(
username="******",
password="******",
)
if not form.validate(self.request.arguments):
self.render("public/login.html", errors=form.errors)
else:
user = User.by_username(self.get_argument('username'))
if user is not None and user.validate_password(self.get_argument('password')):
if user.locked:
self.render("public/login.html",
errors=["Your account must be approved by an administrator."]
)
else:
self.successful_login(user)
self.redirect('/user')
else:
self.failed_login()
def post(self, *args, **kwargs):
''' Checks submitted username and password '''
form = Form(
account="Enter an account name",
password="******",
)
if form.validate(self.request.arguments):
user = User.by_account(self.get_argument('account'))
password_attempt = self.get_argument('password')
if user is not None and user.validate_password(password_attempt):
if not user.locked:
self.successful_login(user)
self.redirect('/user')
else:
self.render('public/login.html',
errors=["Your account has been locked"])
else:
self.failed_login()
else:
self.render('public/login.html', errors=form.errors)
def post(self, *args, **kwargs):
''' Checks login creds '''
form = Form(
username="******",
password="******",
recaptcha_challenge_field="Invalid captcha",
recaptcha_response_field="Invalid captcha",
)
if not form.validate(self.request.arguments):
self.render("public/login.html", errors=form.errors)
elif self.check_recaptcha():
user = User.by_user_name(self.get_argument('username'))
if user != None and user.validate_password(
self.get_argument('password')):
self.successful_login(user)
self.redirect('/user')
else:
self.failed_login()
else:
self.render('public/login.html',
errors=["Invalid captcha, try again"])
def create_corporation(self):
''' Add a new corporation to the database '''
form = Form(
corporation_name="Enter a corporation name",
description="Please enter a description",
)
if form.validate(self.request.arguments):
corp_name = self.get_argument('corporation_name')
if Corporation.by_name(corp_name) is not None:
self.render("admin/create/corporation.html",
errors=["Name already exists"])
else:
corporation = Corporation(
name=unicode(corp_name),
description=unicode(self.get_argument('description')),
)
dbsession.add(corporation)
dbsession.flush()
self.redirect('/admin/view/game_objects')
else:
self.render("admin/create/corporation.html", errors=form.errors)