def substitution(workout_id): page_template = './substitution.jinja' key = ds_client.key('cybergym-workout', workout_id) workout = ds_client.get(key) if workout: if workout['type'] == 'johnnycipher': if request.method == 'GET': cipher = workout['container_info']['sub_cipher']['cipher'] status = workout['assessment']['questions'][3]['complete'] return render_template(page_template, workout_id=workout_id, sub_cipher=cipher, status=status) elif request.method == 'POST': submission = request.get_json() validator = SubstitutionCipherBuilder(workout_id=workout_id) check_sub = validator.check_sub_cipher(submission['cipher']) cipher = check_sub['message'] status = check_sub['status'] return jsonify({'message': cipher, 'status': status}) else: return redirect(url_for('johnnycipher.invalid')) else: return redirect(url_for('johnnycipher.invalid'))
def loader(workout_id): # Main route; Determines which route to use based off of workout_id key = ds_client.key('cybergym-workout', workout_id) workout = ds_client.get(key) """ Defines valid URLs based on workout type Workout types is determined by workout YAML filename """ valid_types = { 'iot': '/iot', 'GenCyber Arena': '/iot_arena', 'nsa-iot': '/healthcare', } # If workout is valid check for type in URL dict and redirect to value if workout: workout_type = workout['type'] if workout_type in valid_types: """ Since all route specific logic is handled at the blueprint level, we only need to redirect to the workout specific blueprint app """ return redirect(valid_types[workout_type]) else: return abort(404)
def default(workout_id): api = shodan.Shodan(SHODAN_API_KEY) page_template = 'index.jinja' workout = ds_client.get(ds_client.key('cybergym-workout', workout_id)) if workout: if workout['type'] == 'shodan': if request.method == 'POST': logger.info(f'POST to /{workout_id}') try: query = request.form.get('shodan_query') page_num = request.form.get('page_number') result = api.search(query, limit=10) result_count = api.count(query) print(result.keys()) return render_template( page_template, shodanResults=result, resultCount=result_count, query=query, page_num=page_num, workoutid=workout_id, ) except shodan.APIError as e: logger.info(e) e_template = 'invalid_query.jinja' return render_template(e_template) return render_template(page_template) else: return redirect(f'/invalid/{workout_id}') else: return redirect(f'/invalid/{workout_id}')
def login(workout_id): key = ds_client.key('cybergym-workout', workout_id) workout = ds_client.get(key) if workout['type'] == '2fa': """User login route.""" if current_user.is_authenticated: # if user is logged in we get out of here return redirect( url_for('twofactorauth_bp.twofactorhome', workout_id=workout_id)) form = LoginForm() if form.validate_on_submit(): user = User.query.filter_by(username=form.username.data).first() if user is None or not user.verify_password(form.password.data) or \ not user.verify_totp(form.token.data): flash('Invalid username, password or token.') return redirect( url_for('twofactorauth_bp.login', workout_id=workout_id)) # log user in login_user(user) flash('You are now logged in!') return redirect( url_for('twofactorauth_bp.twofactorhome', workout_id=workout_id)) return render_template('login.html', form=form, workout_id=workout_id) else: return redirect(404)
def set_sub_cipher(self): """ arg: str(workout_id) :return: """ key = ds_client.key('cybergym-workout', self.workout_id) workout = ds_client.get(key) # TODO: Randomly select message from list of messages message = "a/0TTGJzT7y6GncKO+bXA82HlWXbhyRf3O2tRtqMG+xq/zncd5aXG/Ku9vwsA4cXJzZN7aT7Qi" \ "1QAqUTQ9LNRlGfhw6noVXCVgLVKnoHX2E4p3TU4buuDNAhwsmBCjaPydmVDbXznR8BCeqtc7rb" \ "1WDB9DM/L8mKi+rJ2IyK3tubrh5lQxoicJaFTS3/3uNbdoF5oAQwK9qXLrCDFSeEuxH9x6fLx/" \ "jw1VPdZyiaMBqhCKJzIxXXrk1x3AjzsGHes4PN2HmwLHTPabatjpdc+7++HoX0WYS3uFDtlnqq" \ "/30VCtHVhj7/9/5G8kM+2SCr9uVnOFoUVac2k8lA9S654LJ/SvNxoJIAnnN8kmRB3hTHUy+hLz" \ "INSCi94HXzRKegF6l2cqDzIzax3AkEvMEDrnr9SyKl4kPbJUhpS9rsIHSR4VZ+ftTl6OyQyYcU" \ "8PISQ3LbMDlab3kRLQMyQLUE6P1W3dSb2d0E8FMzNJRVZG8qni31EJDdhEE1XoeN5KNuOqHlUg" \ "YnEQTnnnZQO7cpZHbJkig+*rMa79jvw3ZAdCPVmTXHlWg==*dr8W9+jtjlpUMx3aXteeQw==*O" \ "yOuE5XXG9jLU2HwvJchNw==" decrypt_key = workout['assessment']['key'] plaintext = cryptocode.decrypt(message, decrypt_key) cipher = substitution_encrypt(plaintext) # Put cipher in datastore object workout['container_info']['sub_cipher']['cipher'] = cipher['ciphertext'] workout['container_info']['sub_cipher']['cleartext'] = cipher['cleartext'] workout['container_info']['sub_cipher']['key'] = cipher['key'] ds_client.put(workout) status = workout['assessment']['questions'][3]['complete'] data = { 'cipher': cipher['ciphertext'], 'status': status, } return data
def register(workout_id): key = ds_client.key('cybergym-workout', workout_id) workout = ds_client.get(key) if workout['type'] == '2fa': """User registration route.""" if current_user.is_authenticated: # if user is logged in we get out of here return redirect( url_for('twofactorauth_bp.twofactorhome', workout_id=workout_id)) form = RegisterForm() if form.validate_on_submit(): user = User.query.filter_by(username=form.username.data).first() if user is not None: flash('Username already exists.') return redirect(url_for('twofactorauth_bp.register')) # add new user to the database user = User(username=form.username.data, password=form.password.data) db.session.add(user) db.session.commit() # redirect to the two-factor auth page, passing username in session session['username'] = user.username return redirect( url_for('twofactorauth_bp.two_factor_setup', workout_id=workout_id)) return render_template('register.html', form=form, workout_id=workout_id) else: return redirect(404)
def sql_injection(workout_id): key = ds_client.key('cybergym-workout', workout_id) workout = ds_client.get(key) if workout['type'] == 'sql_injection': page_template = 'sql_index.html' return render_template(page_template, workout_id=workout_id) else: return redirect(404)
def xsfiedSTRflag(workout_id): key = ds_client.key('cybergym-workout', workout_id) workout = ds_client.get(key) if workout['type'] == 'inspect': page_template = 'index.html' return render_template(page_template, workout_id=workout_id) else: return redirect(404)
def arena_snake(workout_id): key = ds_client.key('cybergym-workout', workout_id) workout = ds_client.get(key) if workout['type'] == 'arena_snake': page_template = 'arena_snake.html' completion = False return render_template(page_template, workout_id=workout_id, completion=completion) else: return redirect(404)
def check_caesar(self, submission, check): """ :arg submission: type(str); Plaintext cipher sent from student :arg check: type(int); Question number associated with submitted cipher :returns data: type(dict) of updated workout obj that is stored in Datastore """ key = ds_client.key('cybergym-workout', self.workout_id) workout = ds_client.get(key) # data is a dict list that is passed back to page as JSON object status = workout['assessment']['questions'] data = { 'cipher1': { 'cipher': workout['container_info']['cipher_one']['cipher'], 'status': status[0]['complete'] }, 'cipher2': { 'cipher': workout['container_info']['cipher_two']['cipher'], 'status': status[1]['complete'] }, 'cipher3': { 'cipher': workout['container_info']['cipher_three']['cipher'], 'status': status[2]['complete'] }, } # Cipher list is what we compare submissions to cipher_list = [] # Decode Stored Ciphers and append to a plaintext list decoded = workout['container_info']['cipher_one']['cipher'] plaintext = CaesarCipher(decoded, offset=workout['container_info']['cipher_one']['key']).decoded cipher_list.append(plaintext) decoded2 = workout['container_info']['cipher_two']['cipher'] plaintext2 = CaesarCipher(decoded2, offset=workout['container_info']['cipher_two']['key']).decoded cipher_list.append(plaintext2) decoded3 = workout['container_info']['cipher_three']['cipher'] plaintext3 = CaesarCipher(decoded3, offset=workout['container_info']['cipher_three']['key']).decoded cipher_list.append(plaintext3) # Check if submission exists within cipher_list and update status and call publish_status if correct if check == 1 and submission in cipher_list: data['cipher1']['status'] = True workout_key = workout['assessment']['questions'][0]['key'] publish_status(self.workout_id, workout_key) elif check == 2 and submission in cipher_list: data['cipher2']['status'] = True workout_key = workout['assessment']['questions'][1]['key'] publish_status(self.workout_id, workout_key) elif check == 3 and submission in cipher_list: data['cipher3']['status'] = True workout_key = workout['assessment']['questions'][2]['key'] publish_status(self.workout_id, workout_key) return data
def hash_it_out(workout_id): page_template = './hashitout.jinja' key = ds_client.key('cybergym-workout', workout_id) workout = ds_client.get(key) # Only valid workouts should access page if workout: # Valid workout_id and type: if workout['type'] == 'johnnyhash': if request.method == 'GET': return render_template(page_template, pass_hash=workout['container_info'] ['correct_password_hash'], workout_id=workout_id) elif request.method == 'POST': if 'password_file' not in request.files: # User did not submit a file. Show error and let them upload again return render_template( page_template, upload_error="You must choose a file to upload", workout_id=workout_id, pass_hash=workout['container_info'] ['correct_password_hash']) else: # Check to be sure that the user has submitted a file. input_file = request.files['password_file'] if input_file.filename == '': # User has submitted a blank file. Show error and let them upload again. return render_template( page_template, upload_error="You must choose a file to upload", pass_hash=workout['container_info'] ['correct_password_hash'], workout_id=workout_id, ) # At this point, we have a csv file to process raw_input = io.StringIO( input_file.stream.read().decode("UTF8"), newline=None) passwords = raw_input.read().split('\n') hashes = [] for password in passwords: hashes.append({ 'plaintext': password, 'hash': hashlib.md5(password.encode('utf-8')).hexdigest() }) return render_template( page_template, hashed_passwords=hashes, pass_hash=workout['container_info'] ['correct_password_hash'], workout_id=workout_id, ) else: # Valid workout_id, but not correct workout type return redirect(url_for('johnnyhash.invalid')) else: # Workout ID doesn't exist ... return redirect(url_for('johnnyhash.invalid'))
def set_ciphers(self): """ Picks random ciphertext from clear_text list and enciphers it with a random Caesar cipher. The generated ciphers are added to the associated workout datastore entry. :arg: workout_id: type(str) :return: cipher_list: type(list) """ key = ds_client.key('cybergym-workout', self.workout_id) workout = ds_client.get(key) result = [] ciphertext = [ 'cHrJdEdTf0hyNgw5zF1M5Z0/ITEMcBZBhBQHzNBGBv7o3LvkYb+TjwOjO67FrkXtIIEdLXsqmXXRPagkIMrzEg==*svFn1+TLeh98KnWhiMMBDg==*FOt35Q8pYVsaTzhdpPjlFw==*aCJPMiRxEjwNQhrSlqysiw==', 'qxHOa703kkPl/7lAcrkg7vO4ls2CeitgI3i6KdqrgvT2*Qci2czk/yYe/CAHdRyysRw==*UGU5zGXgsjpE1YmFEK/gOA==*QIHWApOhCNhdPii7zmwiQQ==', 'gsER0I6djkzkcMWy4dXm6gMqQIEAWEaY6w5QZcs8JA==*VRgmiO52cs2rhXPyl/JQUA==*UYS5O0NR0PQ+oVHPgiuYlQ==*dcXm+LhIOogUMk6Ai3llUA==', 'YwSEGVOsr6ETK9RkiDbW/T63YgwMlflejuAHb2D27uWUxxNM+8GyKQNYpvHPF61oAqF2MJx6vm23DlbQsKYDNt3rSozKme2M*Y5H9N0qglUGkPQogEXoWag==*rZYHlsmZHhrL3t/QXQappw==*HEwB7CCansYAnFfkyZp+Iw==', 'T1qs1d3QeEhOtw0HnYa6Km/4u22C4HxnJo1U3PmmbK3P7RjX1sKQSK/tE21vAmPjeyZHsXkivOLaxnDepsBY*LxgEbXraHwGLcqqWTQ8nJw==*Wm5yQsNBFZexuKh0qNHXgQ==*nB3mcG1/YP3650woabP/rA==', 'vi0vzFK0kdQxmQmQfNWJ8Z0EhalOWZIl*PLnhb4UJNEjsB77R4jfdpg==*iUAOTNTMla2BUC+Ptlwrxg==*XvNyPHdJbvpsEgpciCTO2A==', 'pdLsU9mt8b8jAcks0PsVMXLLJ7TI*s3bL+SYzb8a7LO5A28vPpA==*+ngLia29sega2aCNcZVMNg==*5K72D0Sd/LjzFpTWNlT8WQ==', 'EkqGEBmXlfyqIpRfs/H4arDRddhbyzSci9qiDL/rdxZly9Hf9dpvZT+E81zN/z/I6r+Igw==*n3JelIgumPF5/6U8QWSP5w==*ljH0w3Qew+A0MDHawnj7pg==*dJ0mPniIqx7H/vCq9AIvnQ==', '1I0XgyuMKjs1kPk1DQVii5j5jMqiFmfBnPsbGQTmA3Zw0WRGrgRzVk2uLuj3PbOao/O+DAR5j1a3BxWkoZuj/TiSr+/DB++R7A4=*5nK6m5wjd//mpcAme38eJA==*fE+KsmGL0kJr59cewvhw3g==*M4MO0kfYGYRftk9ly0SV5w==', 'cQrxJ/jtxbAU6LRaMHFhcRitOAKdYk9I8lBtcJJMjdz1BbccFOnHdNBo8cnV4yiwFg4p1g==*t3wlFteyvKkMMu/sUxwFrA==*jpXTlFx/uROFEU4LRrKCcg==*xVdbwGW77gfK+RcVdAh/mw==', '5vSfmSSYgrAAVnx1eN/TAk2Gwr7J7bc/5Z2iz2Gdt5cYW8kayzPffBlwuk4zAu0MIQ==*runx4j1oS+EDmqQzTpffIQ==*PsieshpViBqbShXaWS8JoQ==*fNVQW0lGi295x2iXPTYu8g==', 'yP4Wx01uE43qhDno6t7T3dhrAMttrQohjhD7qX1j2SGRcw==*AraEUK9HFWO9t1XnO5LPOA==*lVRy99cNGPQFulT0eKiOMA==*D5mbvsxKpugrICDLCO1iCw==', 'xuesxMYtGNWZauNNcaT/WaethacFcQKse/VZyNNbmgnQrjApUxtez6cxYoCZZD/TdaSCUZNF+SKP90GppKnhmPUFTq+euW1YRR5k*WlwVeUOakP8HqXjX0nFEQQ==*+ofoLoHhqFBda7MbIispBg==*Key7If3+PxitkHopiRg/Jw==', 'n0KJy+51I7tLri7d2/d8IYE8fLXdshDpW0sT0kZT3AZsUfPRg5s=*M4xt8Lgc6PlKESFNt+0UyA==*tcTzgpB3K85Wv79Nvwaa/g==*EJyW/6GQ9l8tVRamYxJl/g==', '8ky3P4KzaiapBKSegsOna7RFIIy0cRy/6ndP*Ib9X6xNjJOvD1dWKLBh71w==*30Tp8YFOpENL9TcLTSLKtA==*f19cK1e96JXNs5tnlg/VzQ==', 'iGN3lzZ9siVuP6BiB/oyMUaTKwc1Xro=*7QBuorkbgqg8AG7VJKK48g==*xwr5VPY1MoqQDlk1KCxFuA==*5p3v7La7vgQZPI6sOZj6IQ==', 'l2PhriCMAaLjzL6lw09krXdChsfRqGVs27N76PwLYsxDAy3+7ppNkJA+8MT4ATZ621UHQnSQC5tFwtSDtyY=*YlOQAhSxb349lOSqmbfqLA==*2UxT2+s+S9cxm5LD8r70Dw==*24TuHNvrMvvFYNjwGnFWdg==', '9SXrAaCYO5RVs1ZysuPKxg84Cuxvnv5p4lFVRDesi54tTdi8tqJ6ioSaig==*ig3XNhkzjep/z7LjKS9Bsg==*G0xLttPhJs5yianF+GeR5w==*zOBj+Xil7SnvdKiMWUYdTg==', '3cCIJcW3NtIDibjxejvNLWr2PomtFOr3ZdEc3m/+QScyfKQw5ISGT5QR6CD6VuBnwJrfgnFo*d1JrIY35CEXqKgxhICZ8UA==*YpWtqeEf9/GaTxpdvIb05g==*RnbmvSERZZvtBNhUIwnTvA==' ] decrypt_key = workout['assessment']['key'] for pos in range(len(ciphertext)): key = random.randrange(1, 25) clear_text = cryptocode.decrypt(ciphertext[pos], decrypt_key) cipher_string = CaesarCipher(clear_text, offset=key).encoded cipher = { 'key': key, 'cipher': cipher_string, } result.append(cipher) # Selects 3 unique ciphers from list cipher_list = random.sample(result, k=3) workout['container_info']['cipher_one'] = cipher_list[0] workout['container_info']['cipher_two'] = cipher_list[1] workout['container_info']['cipher_three'] = cipher_list[2] ds_client.put(workout) return cipher_list
def logout(workout_id): key = ds_client.key('cybergym-workout', workout_id) workout = ds_client.get(key) if workout['type'] == '2fa': """User logout route.""" logout_user() return redirect( url_for('twofactorauth_bp.twofactorhome', workout_id=workout_id)) else: return redirect(404)
def cipher_info(workout_id): page_template = 'johnnyarena/arena-cipher-info.jinja' key = ds_client.key('cybergym-workout', workout_id) workout = ds_client.get(key) if workout: if workout['type'] == 'Trojan Arena Level 2': return render_template(page_template, workout_id=workout_id) else: return redirect('/invalid')
def arena_base(workout_id): page_template = 'johnnyarena/johnny-arena-landing.jinja' key = ds_client.key('cybergym-workout', workout_id) workout = ds_client.get(key) if workout: if workout['type'] == 'Trojan Arena Level 2': return redirect(f'/cipher-warehouse/{workout_id}') else: return redirect('/invalid')
def xss_r(workout_id): key = ds_client.key('cybergym-workout', workout_id) workout = ds_client.get(key) if workout['type'] == 'xss': page_template = 'xss_r.html' name = 'Stranger' if request.method == 'POST': name = request.form['name'] return render_template(page_template, name=name, workout_id=workout_id) else: return redirect(404)
def snake_flag(workout_id): key = ds_client.key('cybergym-workout', workout_id) workout = ds_client.get(key) if request.method == 'POST': score = (request.json['score']) decrypt_key = workout['assessment']['key'] encrypted_flag = 'KJnLMnsUnLCd/ND3eeJwWPINTzvXTKiiYoNkmjCwbng=*xzz+f0pzhaBX41kaZH3GQg==*+JgHfNlMoOsd7GlTXGqW' \ 'Fw==*djY9r0Kb0hQb0B7cNZOr4A==' flag = cryptocode.decrypt(encrypted_flag, decrypt_key) flag_data = {'flag': str(flag)} return jsonify(flag_data)
def view_all_query_results(query, page, workout_id): api = shodan.Shodan(SHODAN_API_KEY) workout = ds_client.get(ds_client.key('cybergy-workout', workout_id)) if workout: if workout['type'] == 'shodan': if request.method == "POST": result = api.search(query, page=page) else: return redirect(f'/invalid/{workout_id}') else: return redirect(f'/invalid/{workout_id}')
def home(workout_id): key = ds_client.key('cybergym-workout', workout_id) workout = ds_client.get(key) if not session.get('logged_in'): return render_template('index.html', workout_id=workout_id) else: decrypt_key = workout['assessment']['key'] encrypted_flag = 'w7w1HZQSOlQk7cxRjqICoIXkFbUsjnr9CHJkvZ51Iw==*9o+WrK5lFOZG70IARQ5HGA==*7bLeQoMR/IhXQjlvey' \ '71KQ==*D+iRjmWUsHXkKTC+G6cF4g==' wireshark_flag = cryptocode.decrypt(encrypted_flag, decrypt_key) return render_template('flag.html', wireshark_flag=wireshark_flag, workout_id=workout_id)
def xss_s(workout_id): key = ds_client.key('cybergym-workout', workout_id, use_cache=False, use_memcache=False) workout = ds_client.get(key) if workout['type'] == 'xss': page_template = 'xss_s.html' if request.method == 'POST': add_feedback(request.form['feedback'], workout_id) search_query = request.args.get('query') feedbacks = get_feedbacks(workout_id, search_query) return render_template(page_template, feedbacks=feedbacks, search_query=search_query, workout_id=workout_id) else: return redirect(404)
def loader(workout_id): key = ds_client.key('cybergym-workout', workout_id) workout = ds_client.get(key) if workout: if workout['type'] == 'shodan': data = populate_datastore(workout_id=workout_id) logger.info(data) return redirect(f'/shodan_lite/{workout_id}') else: return redirect(f'/shodan_lite/invalid/{workout_id}') else: return redirect(f'/shodan_lite/invalid/{workout_id}')
def check_sub_cipher(self, submission): key = ds_client.key('cybergym-workout', self.workout_id) workout = ds_client.get(key) data = { 'message': workout['container_info']['sub_cipher']['cipher'], 'status': '' } if submission == workout['container_info']['sub_cipher']['cleartext']: data['status'] = True workout_key = workout['assessment']['questions'][3]['key'] publish_status(self.workout_id, workout_key) return data
def twofactorhome(workout_id): page_template = 'welcome.html' key = ds_client.key('cybergym-workout', workout_id) workout = ds_client.get(key) if workout['type'] == '2fa': decrypt_key = workout['assessment']['key'] encrypted_flag = 'IpmnWmd6aeyrsrCmcaljIVU19XOmFOKtr9B3OXChIbbZXbQ=*lbG7TJXiAIIS8cQtG9Nufw==*wrSgLeSlwVSCzwm' \ 'rlpRlRQ==*c6Oj6lsCnrwLVIXgp0c6vg==' flag = str(cryptocode.decrypt(encrypted_flag, decrypt_key)) return render_template(page_template, flag=flag, workout_id=workout_id) else: return redirect(404)
def xss(workout_id): key = ds_client.key('cybergym-workout', workout_id) workout = ds_client.get(key) if workout['type'] == 'xss': page_template = 'xss.html' name = 'Stranger' bad_request = 'bad request' if request.args.get('bad_request'): bad_request = request.args.get('bad_request') return render_template(page_template, name=name, bad_request=bad_request, workout_id=workout_id) else: return redirect(404)
def data(workout_id): page_template = 'raw_data.jinja' workout = ds_client.get(ds_client.key('cybergym-workout', workout_id)) if workout: if workout['type'] == 'shodan': if request.method == "POST": logger.info(f"POSTING to /data/{workout_id}") return render_template(page_template, rawData=request.form.get('data'), workoutid=workout_id,) if request.method == "GET": logger.info(f'GET /data/{workout_id}') print(type(request.get_data())) else: return redirect(f'/invalid/{workout_id}') else: return redirect(f'/invalid/{workout_id}')
def check_flag(workout_id): page_template = 'arena_snake.html' if request.method == 'POST': key = ds_client.key('cybergym-workout', workout_id) workout = ds_client.get(key) workout_token = workout['assessment']['questions'][0]['key'] if request.form.get('check_button'): decrypt_key = workout['assessment']['key'] encrypted_flag = 'KJnLMnsUnLCd/ND3eeJwWPINTzvXTKiiYoNkmjCwbng=*xzz+f0pzhaBX41kaZH3GQg==*+JgHfNlMoOsd7GlTXGqW' \ 'Fw==*djY9r0Kb0hQb0B7cNZOr4A==' classified_flag = cryptocode.decrypt(encrypted_flag, decrypt_key) if classified_flag == request.form['classified_flag']: publish_status(workout_id, workout_token) completion = True return render_template(page_template, workout_id=workout_id, completion=completion) else: return render_template(page_template, workout_id=workout_id)
def hidden(workout_id): # This portion sets a cookie with the key "logged_in" to true when a user has authenticated # They must be authenticated before viewing this page key = ds_client.key('cybergym-workout', workout_id) workout = ds_client.get(key) logged_in = request.cookies.get('logged_in', None) if workout: if logged_in is None or logged_in != 'true': return redirect(url_for('johnnyhash.login', workout_id=workout_id)) else: page_template = './hidden.jinja' return render_template(page_template, workout_id=workout_id, user='******') else: return redirect('/invalid')
def login(workout_id): page_template = './login.jinja' key = ds_client.key('cybergym-workout', workout_id) workout = ds_client.get(key) # Check if valid workout and valid workout type if not workout: return redirect(url_for('johnnyhash.invalid')) else: if workout['type'] == 'johnnyhash': if request.method == 'GET': return render_template(page_template, workout_id=workout_id) elif request.method == 'POST': username = request.form.get('username', None) password = request.form.get('password', None) print(username, password) print(workout['container_info']['correct_password']) if username is None or password is None: login_error = 'You must submit a username and password' return render_template( page_template, login_error=login_error, workout_id=workout_id, ) elif username == 'johnny' and password == workout[ 'container_info']['correct_password']: # These are the correct credentials, so the cookie for "logged_in" is set to true resp = make_response( redirect(f'/johnnyhash/hidden/{workout_id}')) resp.set_cookie('logged_in', 'true') workout_token = workout['assessment']['questions'][0][ 'key'] # app.logger.info(f'Posting Complete to buildthewarrior{dns_suffix}/complete') publish_status(workout_id, workout_token) return resp else: login_error = 'Please check your username and password and try again' return render_template( page_template, login_error=login_error, workout_id=workout_id, ) else: return redirect(url_for('johnnyhash.invalid'))
def substitution(workout_id): page_template = 'johnnyGenCipher/substitution.jinja' key = ds_client.key('cybergym-workout', workout_id) workout = ds_client.get(key) if workout: if workout['type'] == 'GenCyber Arena Level 1': if request.method == 'GET': cipher = get_arena_sub_cipher() return render_template( page_template, workout_id=workout_id, sub_cipher=cipher, ) else: return redirect('/invalid') else: return redirect('/invalid')
def check_flag(workout_id): if request.method == 'POST': key = ds_client.key('cybergym-workout', workout_id) page_template = 'sql_index.html' workout = ds_client.get(key) workout_token = workout['assessment']['questions'][0]['key'] if request.form.get('check_button'): decrypt_key = workout['assessment']['key'] encr_flag = "z3iMRhodBpfpOPQalsurIEQmbjpv52PYL0HDnqxCVyu+aQCVTRPWBNv6QI8U*fQKWPyfP5gtUExz5MnLuWg==" \ "*5j/Up6s28F82Am+O7HTfHQ==*M2pIUrpUwaAXlc4ohBKpxQ==" classified_flag = cryptocode.decrypt(encr_flag, decrypt_key) if classified_flag == request.form['classified_flag']: publish_status(workout_id, workout_token) completion = True return render_template(page_template, workout_id=workout_id, completion=completion) else: return render_template(page_template, workout_id=workout_id)