def status(): def _make_admin_cookie(admin_value='False'): raw = '%s|%s' % (flask.g.user.username, admin_value) return base64.b64encode('%s|%s' % (raw, hashlib.md5(raw).hexdigest())) def _validate_admin_cookie(cookie): parts = base64.b64decode(cookie).split('|') admin_value = parts[1] if cookie != _make_admin_cookie(admin_value): return False return admin_value == 'True' admin_cookie = flask.request.cookies.get('admin_status') if not admin_cookie or not _validate_admin_cookie(admin_cookie): resp = flask.make_response('Access Denied.', 403) resp.set_cookie('admin_status', _make_admin_cookie()) return resp page = flask.request.values.get('page', 'uptime') # Sanitize this so users can't read everything try: hexpage = binascii.hexlify(page) wrapper = app.config.get('SANDBOX_BIN', 'tools/cmdwrapper') output = subprocess.check_output([wrapper, hexpage], shell=False) except Exception as ex: flask.flash('Invalid command: ' + str(ex), 'danger') return _render_page('error.html') return _render_page( 'status.html', flag=get_flag('admin_console'), output=output)
def _render_posts_page(posts, **kwargs): flag = None if posts: posts = posts.order_by(models.Post.posted.desc()).limit(20) # Check for win if 'user' in flask.g: for post in posts: if (post.author.username == 'HaplessTechnoweenie' and post.recipient == flask.g.user): flag = get_flag('dom_based_xss') # TODO: pagination? return _render_page( 'posts.html', posts=posts, flag=flag, **kwargs)
def profile(): _validate_csrf() flag = None if flask.request.method == 'POST': user = models.User.query.get(flask.request.form.get('uid')) if not user: flask.abort(404) user.tagline = flask.request.form.get('tagline') models.commit() flask.flash('Profile updated.', 'success') # Check for flag if user.username == 'root' and flask.g.user.username in user.tagline.split(): flag = get_flag('user_profile_edited') return _render_page('profile.html', flag=flag, user=flask.g.user)
def create_data(): # Setup users users = [] user = User() user.username = '******' user.password = hashlib.sha1('HaplessTechnoweenie1').hexdigest() user.tagline = 'Type cookie, you idiot!' user.email = '*****@*****.**' db.session.add(user) users.append(user) user = User() user.username = '******' user.password = base64.b64encode(os.urandom(12)) user.tagline = 'UID 0 FTW!' user.email = 'root@localhost' db.session.add(user) users.append(user) user = User() user.username = '******' user.password = get_flag('larry_pass') user.tagline = 'Living the island life!' user.email = '*****@*****.**' db.session.add(user) users.append(user) # Create some more test users for name in ['edward', 'michael', 'daniel', 'rob', 'ron']: user = User() user.username = name user.email = name + '@example.org' user.tagline = 'Just a PwnTalk user.' user.password = base64.b64encode(os.urandom(12)) db.session.add(user) users.append(user) # Create some test messages msgs = [ "Check out this awesome blog: https://systemoverlord.com", "Are we fashionably late?", "There is no right and wrong. There's only fun and boring.", "I don't play well with others.", "Never fear, I is here.", "Quis custodiet ipsos custodes?", "\"They who can give up essential liberty to obtain a little " "temporary safety deserve neither liberty nor safety.\" --Ben Franklin", "\"Those who deny freedom to others deserve it not for themselves.\" " "--Abe Lincoln", "\"When the people fear the government there is tyranny, when the " "government fears the people there is liberty.\" --Jefferson", "OWASP Top 10: " "https://www.owasp.org/index.php/Top_10_2013-Table_of_Contents", ] for user in users: random.shuffle(msgs) for msg in msgs[:random.randint(3,5)]: # TODO: fudge timestamps post = Post() post.author = user post.text = msg db.session.add(post) print "Committing..." db.session.commit()