def show_registration():
user = utils.get_user_from_cookie(request)
page_name = 'register'
if request.method.lower() == 'get':
page_content = render_template("register.html")
return render_page(page_content, "register", user=user)
if request.method.lower() == 'post':
username = request.form.get("username") or ""
password = request.form.get("password") or ""
if not username or not password:
page_content = render_template("register.html",
message='Missing field')
return render_page(page_content, page_name)
if utils.check_username(username):
page_content = render_template("register.html",
message='That username is taken!')
return render_page(page_content, page_name)
seed = utils.generate_seed(username, request.remote_addr)
totp_key = utils.get_totp_key(seed)
utils.register_user(username, password, request.remote_addr)
qr_url = 'http://api.qrserver.com/v1/create-qr-code/?data=otpauth://totp/%s?secret=%s&size=220x220&margin=0' % (
username, totp_key)
page_content = render_template(
"register.html",
message=
"Success! <a href='/login'>login here</a><br />TOTP Key: %s<br /><img src='%s' />"
% (totp_key, qr_url))
return render_page(page_content, page_name)
def show_registration():
user = utils.get_user_from_cookie(request)
page_name = 'register'
if request.method.lower() == 'get':
page_content = render_template("register.html")
return render_page(page_content, "register", user=user)
if request.method.lower() == 'post':
username = request.form.get("username") or ""
password = request.form.get("password") or ""
if not username or not password :
page_content = render_template("register.html", message='Missing field')
return render_page(page_content, page_name)
if utils.check_username(username):
page_content = render_template("register.html", message='That username is taken!')
return render_page(page_content, page_name)
seed = utils.generate_seed(username, request.remote_addr)
totp_key = utils.get_totp_key(seed)
utils.register_user(username, password, request.remote_addr)
qr_url = 'http://api.qrserver.com/v1/create-qr-code/?data=otpauth://totp/%s?secret=%s&size=220x220&margin=0'%(username, totp_key)
page_content = render_template(
"register.html",
message="Success! <a href='/login'>login here</a><br />TOTP Key: %s<br /><img src='%s' />" % (totp_key, qr_url)
)
return render_page(page_content, page_name)
def show_registration():
user = utils.get_user_from_cookie(request)
page_name = "register"
if request.method.lower() == "get":
page_content = render_template('register.html')
return render_page(page_content, 'register', user=user)
if request.method.lower() == "post":
username = request.form.get('username') or ''
password = request.form.get('password') or ''
if not username or not password :
page_content = render_template('register.html', message="Missing field")
return render_page(page_content, page_name)
if utils.check_username(username):
page_content = render_template('register.html', message="That username is taken!")
return render_page(page_content, page_name)
seed = utils.generate_seed(username, request.remote_addr)
totp_key = utils.get_totp_key(seed)
utils.register_user(username, password, request.remote_addr)
qr_url = "http://api.qrserver.com/v1/create-qr-code/?data=otpauth://totp/%s?secret=%s&size=220x220&margin=0"%(username, totp_key)
page_content = render_template(
'register.html',
message='Success! <a href="/login">login here</a><br />TOTP Key: %s<br /><img src="%s" />' % (totp_key, qr_url)
)
return render_page(page_content, page_name)
def show_login():
page_name = 'login'
if request.method.lower() == 'get':
page_content = render_template("login.html")
return render_page(page_content, "login")
username = request.form.get("username") or ""
password = request.form.get("password") or ""
verification_code = request.form.get("verification_code") or ""
if not (username and password and verification_code):
page_content = render_template("login.html", message='Missing field')
return render_page(page_content, page_name)
if not utils.auth_user(username, password):
page_content = render_template("login.html",
message='Invalid credentials')
return render_page(page_content, page_name)
user = utils.check_username(username)
seed = utils.generate_seed(username, user["user_ip"])
totp_key = utils.get_totp_key(seed)
totp = pyotp.TOTP(totp_key)
if verification_code != totp.now():
page_content = render_template("login.html",
message='Invalid verification code')
return render_page(page_content, page_name)
# user/pass/totp all valid by now
session_cookie = utils.make_cookie(app.config["COOKIE_SECRET"], username,
request.remote_addr)
response = app.make_response(redirect("/"))
response.set_cookie('session', session_cookie)
return response
page_content = render_template("login.html")
return render_page(page_content, page_name)
def show_login():
page_name = 'login'
if request.method.lower() == 'get':
page_content = render_template("login.html")
return render_page(page_content, "login")
username = request.form.get("username") or ""
password = request.form.get("password") or ""
verification_code = request.form.get("verification_code") or ""
if not (username and password and verification_code):
page_content = render_template("login.html", message='Missing field')
return render_page(page_content, page_name)
if not utils.auth_user(username, password):
page_content = render_template("login.html", message='Invalid credentials')
return render_page(page_content, page_name)
user = utils.check_username(username)
seed = utils.generate_seed(username, user["user_ip"])
totp_key = utils.get_totp_key(seed)
totp = pyotp.TOTP(totp_key)
if verification_code != totp.now():
page_content = render_template("login.html", message='Invalid verification code')
return render_page(page_content, page_name)
# user/pass/totp all valid by now
session_cookie = utils.make_cookie(app.config["COOKIE_SECRET"], username, request.remote_addr)
response = app.make_response(redirect("/"))
response.set_cookie('session', session_cookie)
return response
page_content = render_template("login.html")
return render_page(page_content, page_name)
def show_login():
page_name = "login"
if request.method.lower() == "get":
page_content = render_template('login.html')
return render_page(page_content, 'login')
username = request.form.get('username') or ''
password = request.form.get('password') or ''
verification_code = request.form.get('verification_code') or ''
if not (username and password and verification_code):
page_content = render_template('login.html', message="Missing field")
return render_page(page_content, page_name)
if not utils.auth_user(username, password):
page_content = render_template('login.html', message="Invalid credentials")
return render_page(page_content, page_name)
user = utils.check_username(username)
seed = utils.generate_seed(username, user['user_ip'])
totp_key = utils.get_totp_key(seed)
totp = pyotp.TOTP(totp_key)
if verification_code != totp.now():
page_content = render_template('login.html', message="Invalid verification code")
return render_page(page_content, page_name)
# user/pass/totp all valid by now
session_cookie = utils.make_cookie(app.config['COOKIE_SECRET'], username, request.remote_addr)
response = app.make_response(redirect('/'))
response.set_cookie("session", session_cookie)
return response
page_content = render_template('login.html')
return render_page(page_content, page_name)
import hashlib
from utils import generate_seed, get_totp_key
username = "******"
password_hash = "22e59a7a2792b25684a43d5f5229b2b5caf7abf8fa9f186249f35cae53387fa3"
ip_addr = "64.124.192.210"
seed = generate_seed(username, ip_addr)
totp = get_totp_key(seed)
print "[*] Found TOTP KEY: %s" % totp
passwords = None
with open('/usr/share/john/password.lst', 'r') as fd:
passwords = fd.read().split()
password = None
for p in passwords:
p_hash = hashlib.sha256(username+p).hexdigest()
if p_hash == password_hash:
password = p
print "[*] Found password: %s" % p
break
if password and totp:
flag = hashlib.md5(totp+password).hexdigest()
print "[+] Found flag: %s" % flag