def status():
def _make_admin_cookie(admin_value='False'):
raw = '%s|%s' % (flask.g.user.username, admin_value)
return base64.b64encode('%s|%s' % (raw, hashlib.md5(raw).hexdigest()))
def _validate_admin_cookie(cookie):
parts = base64.b64decode(cookie).split('|')
admin_value = parts[1]
if cookie != _make_admin_cookie(admin_value):
return False
return admin_value == 'True'
admin_cookie = flask.request.cookies.get('admin_status')
if not admin_cookie or not _validate_admin_cookie(admin_cookie):
resp = flask.make_response('Access Denied.', 403)
resp.set_cookie('admin_status', _make_admin_cookie())
return resp
page = flask.request.values.get('page', 'uptime')
# Sanitize this so users can't read everything
try:
hexpage = binascii.hexlify(page)
wrapper = app.config.get('SANDBOX_BIN', 'tools/cmdwrapper')
output = subprocess.check_output([wrapper, hexpage],
shell=False)
except Exception as ex:
flask.flash('Invalid command: ' + str(ex), 'danger')
return _render_page('error.html')
return _render_page(
'status.html', flag=get_flag('admin_console'), output=output)
def _render_posts_page(posts, **kwargs):
flag = None
if posts:
posts = posts.order_by(models.Post.posted.desc()).limit(20)
# Check for win
if 'user' in flask.g:
for post in posts:
if (post.author.username == 'HaplessTechnoweenie' and
post.recipient == flask.g.user):
flag = get_flag('dom_based_xss')
# TODO: pagination?
return _render_page(
'posts.html', posts=posts, flag=flag, **kwargs)
def profile():
_validate_csrf()
flag = None
if flask.request.method == 'POST':
user = models.User.query.get(flask.request.form.get('uid'))
if not user:
flask.abort(404)
user.tagline = flask.request.form.get('tagline')
models.commit()
flask.flash('Profile updated.', 'success')
# Check for flag
if user.username == 'root' and flask.g.user.username in user.tagline.split():
flag = get_flag('user_profile_edited')
return _render_page('profile.html', flag=flag, user=flask.g.user)
def create_data():
# Setup users
users = []
user = User()
user.username = '******'
user.password = hashlib.sha1('HaplessTechnoweenie1').hexdigest()
user.tagline = 'Type cookie, you idiot!'
user.email = '*****@*****.**'
db.session.add(user)
users.append(user)
user = User()
user.username = '******'
user.password = base64.b64encode(os.urandom(12))
user.tagline = 'UID 0 FTW!'
user.email = 'root@localhost'
db.session.add(user)
users.append(user)
user = User()
user.username = '******'
user.password = get_flag('larry_pass')
user.tagline = 'Living the island life!'
user.email = '*****@*****.**'
db.session.add(user)
users.append(user)
# Create some more test users
for name in ['edward', 'michael', 'daniel', 'rob', 'ron']:
user = User()
user.username = name
user.email = name + '@example.org'
user.tagline = 'Just a PwnTalk user.'
user.password = base64.b64encode(os.urandom(12))
db.session.add(user)
users.append(user)
# Create some test messages
msgs = [
"Check out this awesome blog: https://systemoverlord.com",
"Are we fashionably late?",
"There is no right and wrong. There's only fun and boring.",
"I don't play well with others.",
"Never fear, I is here.",
"Quis custodiet ipsos custodes?",
"\"They who can give up essential liberty to obtain a little "
"temporary safety deserve neither liberty nor safety.\" --Ben Franklin",
"\"Those who deny freedom to others deserve it not for themselves.\" "
"--Abe Lincoln",
"\"When the people fear the government there is tyranny, when the "
"government fears the people there is liberty.\" --Jefferson",
"OWASP Top 10: "
"https://www.owasp.org/index.php/Top_10_2013-Table_of_Contents",
]
for user in users:
random.shuffle(msgs)
for msg in msgs[:random.randint(3,5)]:
# TODO: fudge timestamps
post = Post()
post.author = user
post.text = msg
db.session.add(post)
print "Committing..."
db.session.commit()
