Exemplo n.º 1
0
def querydb(request, session_id):
    status, obj = get_session(session_id, http_response=True)
    if not status:
        return obj  # HttpResponse containing error on fail

    ret = {"flags": []}

    if request.POST:
        conn = sqlite3.connect(settings.CRAPDB_PATH)
        cursor = conn.cursor()

        d = request.POST.dict()
        query = d.get("query", None)

        if query is not None:
            if not is_user_data_valid(query):
                ret["error"] = "Too much data"
            else:
                try:
                    ret["flags"] = [x for x in cursor.execute(query)]
                    if not ret["flags"]:
                        ret["error"] = "No flags found in database"
                except Exception as e:
                    ret["error"] = "'{}' - {}".format(query, str(e))

        conn.close()

    return HttpResponse(json.dumps(ret))
Exemplo n.º 2
0
def querydb(request, session_id):
    status, obj = get_session(session_id, http_response=True)
    if not status:
        return obj # HttpResponse containing error on fail

    ret = {"flags": []}

    if request.POST:
        conn = sqlite3.connect(settings.CRAPDB_PATH)
        cursor = conn.cursor()

        d = request.POST.dict()
        query = d.get("query", None)

        if query is not None:
            if not is_user_data_valid(query):
                ret["error"] = "Too much data"
            else:
                try:
                    ret["flags"] = [x for x in cursor.execute(query)]
                    if not ret["flags"]:
                        ret["error"] = "No flags found in database"
                except Exception as e:
                    ret["error"] = "'{}' - {}".format(query, str(e))

        conn.close()

    return HttpResponse(json.dumps(ret))
Exemplo n.º 3
0
def checkflag(request, session_id):
    status, obj = get_session(session_id, http_response=True)
    if not status:
        return obj # HttpResponse containing error on fail
    session = obj # obj is session on success

    ret = {"hacker_bucks": session.hacker_bucks}

    if request.POST:
        d = request.POST.dict()
        flag = d.get("flag", None)

        if flag is not None:
            if not is_user_data_valid(flag, data_type=DataType.FLAG):
                ret["error"] = "Too much data"
            else:
                # Set's the session's hacker_bucks and prevents
                # getting points for the same flag more than once
                try:
                    update_hacker_bucks_from_flag(session, flag)
                    ret["hacker_bucks"] = session.hacker_bucks
                except FlagAlreadyClaimedError:
                    ret["error"] = "Already Claimed"

    return HttpResponse(json.dumps(ret))
Exemplo n.º 4
0
def checkflag(request, session_id):
    status, obj = get_session(session_id, http_response=True)
    if not status:
        return obj  # HttpResponse containing error on fail
    session = obj  # obj is session on success

    ret = {"hacker_bucks": session.hacker_bucks}

    if request.POST:
        d = request.POST.dict()
        flag = d.get("flag", None)

        if flag is not None:
            if not is_user_data_valid(flag, data_type=DataType.FLAG):
                ret["error"] = "Too much data"
            else:
                # Set's the session's hacker_bucks and prevents
                # getting points for the same flag more than once
                try:
                    update_hacker_bucks_from_flag(session, flag)
                    ret["hacker_bucks"] = session.hacker_bucks
                except FlagAlreadyClaimedError:
                    ret["error"] = "Already Claimed"

    return HttpResponse(json.dumps(ret))
Exemplo n.º 5
0
def paid_content_challenge_get_flag(request, session_id):
    status, obj = get_session(session_id, http_response=True)
    if not status:
        return obj  # HttpResponse containing error on fail
    session = obj

    ret = challenge_get_flag(session, "paid_content", answer=session)
    return HttpResponse(json.dumps(ret))
Exemplo n.º 6
0
def paid_content_challenge_get_flag(request, session_id):
    status, obj = get_session(session_id, http_response=True)
    if not status:
        return obj # HttpResponse containing error on fail
    session = obj

    ret = challenge_get_flag(session, "paid_content", answer=session)
    return HttpResponse(json.dumps(ret))
Exemplo n.º 7
0
def main(request, session_id):
    context = {
        "no_user_login": FLAGS["no_user_login"][0],
        "no_password_login": FLAGS["no_password_login"][0],
        "valid_creds_login": FLAGS["valid_creds_login"][0],
        "shortest_sqli": FLAGS["shortest_sqli"][0]
    }
    status, obj = get_session(session_id, error="Login failed. No session or session expired")
    if not status:
        return obj # On fail obj is a redirect
    session = obj # On success obj is the session

    context["session_id"] = session_id
    context["session"] = session.to_json()
    template = loader.get_template('crapdb/main.html')
    return HttpResponse(template.render(context, request))
Exemplo n.º 8
0
def main(request, session_id):
    context = {
        "no_user_login": FLAGS["no_user_login"][0],
        "no_password_login": FLAGS["no_password_login"][0],
        "valid_creds_login": FLAGS["valid_creds_login"][0],
        "shortest_sqli": FLAGS["shortest_sqli"][0]
    }
    status, obj = get_session(
        session_id, error="Login failed. No session or session expired")
    if not status:
        return obj  # On fail obj is a redirect
    session = obj  # On success obj is the session

    context["session_id"] = session_id
    context["session"] = session.to_json()
    template = loader.get_template('crapdb/main.html')
    return HttpResponse(template.render(context, request))
Exemplo n.º 9
0
def genetic_challenge_get(request, session_id):
    status, obj = get_session(session_id, http_response=True)
    if not status:
        return obj  # HttpResponse containing error on fail
    session = obj

    challenge = None
    try:
        challenge = challenge_get(session, "genetic")
    except NotEnoughHackerBucksError as e:
        return HttpResponse(json.dumps({"error": str(e)}))
    except KeyError as e:
        return HttpResponse(json.dumps({"error": str(e)}))

    ret = {"hacker_bucks": session.hacker_bucks}
    ret.update(challenge.to_json())
    return HttpResponse(json.dumps(ret))
Exemplo n.º 10
0
def genetic_challenge_get(request, session_id):
    status, obj = get_session(session_id, http_response=True)
    if not status:
        return obj # HttpResponse containing error on fail
    session = obj

    challenge = None
    try:
        challenge = challenge_get(session, "genetic")
    except NotEnoughHackerBucksError as e:
        return HttpResponse(json.dumps({"error": str(e)}))
    except KeyError as e:
        return HttpResponse(json.dumps({"error": str(e)}))

    ret = {
        "hacker_bucks": session.hacker_bucks
    }
    ret.update(challenge.to_json())
    return HttpResponse(json.dumps(ret))
Exemplo n.º 11
0
def rot_challenge_get_flag(request, session_id):
    status, obj = get_session(session_id, http_response=True)
    if not status:
        return obj  # HttpResponse containing error on fail
    session = obj

    ret = {}

    if request.POST:
        d = request.POST.dict()
        answer = d.get("answer", None)

        if answer is not None:
            if not is_user_data_valid(answer):
                ret["error"] = "Too much data"
            else:
                ret = challenge_get_flag(session, "rot", answer=answer)
        else:
            ret = {"error": "No answer provided in POST request"}

    return HttpResponse(json.dumps(ret))
Exemplo n.º 12
0
def brutal_force_challenge_get_flag(request, session_id):
    status, obj = get_session(session_id, http_response=True)
    if not status:
        return obj  # HttpResponse containing error on fail
    session = obj

    ret = {}

    if request.POST:
        d = request.POST.dict()
        pin = d.get("pin", None)

        if pin is not None:
            if not is_user_data_valid(pin, data_type=DataType.PIN):
                ret["error"] = "The PIN should only be 4 digits"
            else:
                ret = challenge_get_flag(session, "brutal_force", answer=pin)
        else:
            ret["error"] = "No PIN provided in POST request"

    return HttpResponse(json.dumps(ret))
Exemplo n.º 13
0
def genetic_challenge_get_flag(request, session_id):
    status, obj = get_session(session_id, http_response=True)
    if not status:
        return obj # HttpResponse containing error on fail
    session = obj

    ret = {}

    if request.POST:
        d = request.POST.dict()
        answer = d.get("answer", None)

        if answer is not None:
            if not is_user_data_valid(answer, data_type=DataType.USER_SPECIFIED_EXACT_LENGTH, length=7):
                ret["error"] = "Password must be 7 characters"
            else:
                ret = challenge_get_flag(session, "genetic", answer=answer)
        else:
            ret = {"error": "No answer provided in POST request"}

    return HttpResponse(json.dumps(ret))
Exemplo n.º 14
0
def rot_challenge_get_flag(request, session_id):
    status, obj = get_session(session_id, http_response=True)
    if not status:
        return obj # HttpResponse containing error on fail
    session = obj

    ret = {}

    if request.POST:
        d = request.POST.dict()
        answer = d.get("answer", None)

        if answer is not None:
            if not is_user_data_valid(answer):
                ret["error"] = "Too much data"
            else:
                ret = challenge_get_flag(session, "rot", answer=answer)
        else:
            ret = {"error": "No answer provided in POST request"}

    return HttpResponse(json.dumps(ret))
Exemplo n.º 15
0
def brutal_force_challenge_get_flag(request, session_id):
    status, obj = get_session(session_id, http_response=True)
    if not status:
        return obj # HttpResponse containing error on fail
    session = obj

    ret = {}

    if request.POST:
        d = request.POST.dict()
        pin = d.get("pin", None)

        if pin is not None:
            if not is_user_data_valid(pin, data_type=DataType.PIN):
                ret["error"] = "The PIN should only be 4 digits"
            else:
                ret = challenge_get_flag(session, "brutal_force", answer=pin)
        else:
            ret["error"] = "No PIN provided in POST request"

    return HttpResponse(json.dumps(ret))
Exemplo n.º 16
0
def genetic_challenge_get_flag(request, session_id):
    status, obj = get_session(session_id, http_response=True)
    if not status:
        return obj  # HttpResponse containing error on fail
    session = obj

    ret = {}

    if request.POST:
        d = request.POST.dict()
        answer = d.get("answer", None)

        if answer is not None:
            if not is_user_data_valid(
                    answer,
                    data_type=DataType.USER_SPECIFIED_EXACT_LENGTH,
                    length=7):
                ret["error"] = "Password must be 7 characters"
            else:
                ret = challenge_get_flag(session, "genetic", answer=answer)
        else:
            ret = {"error": "No answer provided in POST request"}

    return HttpResponse(json.dumps(ret))
Exemplo n.º 17
0
def super_admin_challenge_get_flag(request, session_id):
    status, obj = get_session(session_id, http_response=True)
    if not status:
        return obj  # HttpResponse containing error on fail
    session = obj
    return HttpResponse(json.dumps(challenge_get_flag(session, "super_admin")))
Exemplo n.º 18
0
def super_admin_challenge_get_flag(request, session_id):
    status, obj = get_session(session_id, http_response=True)
    if not status:
        return obj # HttpResponse containing error on fail
    session = obj
    return HttpResponse(json.dumps(challenge_get_flag(session, "super_admin")))