def substitution(workout_id):
page_template = './substitution.jinja'
key = ds_client.key('cybergym-workout', workout_id)
workout = ds_client.get(key)
if workout:
if workout['type'] == 'johnnycipher':
if request.method == 'GET':
cipher = workout['container_info']['sub_cipher']['cipher']
status = workout['assessment']['questions'][3]['complete']
return render_template(page_template,
workout_id=workout_id,
sub_cipher=cipher,
status=status)
elif request.method == 'POST':
submission = request.get_json()
validator = SubstitutionCipherBuilder(workout_id=workout_id)
check_sub = validator.check_sub_cipher(submission['cipher'])
cipher = check_sub['message']
status = check_sub['status']
return jsonify({'message': cipher, 'status': status})
else:
return redirect(url_for('johnnycipher.invalid'))
else:
return redirect(url_for('johnnycipher.invalid'))
def loader(workout_id):
# Main route; Determines which route to use based off of workout_id
key = ds_client.key('cybergym-workout', workout_id)
workout = ds_client.get(key)
"""
Defines valid URLs based on workout type
Workout types is determined by workout YAML filename
"""
valid_types = {
'iot': '/iot',
'GenCyber Arena': '/iot_arena',
'nsa-iot': '/healthcare',
}
# If workout is valid check for type in URL dict and redirect to value
if workout:
workout_type = workout['type']
if workout_type in valid_types:
"""
Since all route specific logic is handled at the blueprint level, we only need to
redirect to the workout specific blueprint app
"""
return redirect(valid_types[workout_type])
else:
return abort(404)
def default(workout_id):
api = shodan.Shodan(SHODAN_API_KEY)
page_template = 'index.jinja'
workout = ds_client.get(ds_client.key('cybergym-workout', workout_id))
if workout:
if workout['type'] == 'shodan':
if request.method == 'POST':
logger.info(f'POST to /{workout_id}')
try:
query = request.form.get('shodan_query')
page_num = request.form.get('page_number')
result = api.search(query, limit=10)
result_count = api.count(query)
print(result.keys())
return render_template(
page_template,
shodanResults=result,
resultCount=result_count,
query=query,
page_num=page_num,
workoutid=workout_id,
)
except shodan.APIError as e:
logger.info(e)
e_template = 'invalid_query.jinja'
return render_template(e_template)
return render_template(page_template)
else:
return redirect(f'/invalid/{workout_id}')
else:
return redirect(f'/invalid/{workout_id}')
def login(workout_id):
key = ds_client.key('cybergym-workout', workout_id)
workout = ds_client.get(key)
if workout['type'] == '2fa':
"""User login route."""
if current_user.is_authenticated:
# if user is logged in we get out of here
return redirect(
url_for('twofactorauth_bp.twofactorhome',
workout_id=workout_id))
form = LoginForm()
if form.validate_on_submit():
user = User.query.filter_by(username=form.username.data).first()
if user is None or not user.verify_password(form.password.data) or \
not user.verify_totp(form.token.data):
flash('Invalid username, password or token.')
return redirect(
url_for('twofactorauth_bp.login', workout_id=workout_id))
# log user in
login_user(user)
flash('You are now logged in!')
return redirect(
url_for('twofactorauth_bp.twofactorhome',
workout_id=workout_id))
return render_template('login.html', form=form, workout_id=workout_id)
else:
return redirect(404)
def set_sub_cipher(self):
"""
arg: str(workout_id)
:return:
"""
key = ds_client.key('cybergym-workout', self.workout_id)
workout = ds_client.get(key)
# TODO: Randomly select message from list of messages
message = "a/0TTGJzT7y6GncKO+bXA82HlWXbhyRf3O2tRtqMG+xq/zncd5aXG/Ku9vwsA4cXJzZN7aT7Qi" \
"1QAqUTQ9LNRlGfhw6noVXCVgLVKnoHX2E4p3TU4buuDNAhwsmBCjaPydmVDbXznR8BCeqtc7rb" \
"1WDB9DM/L8mKi+rJ2IyK3tubrh5lQxoicJaFTS3/3uNbdoF5oAQwK9qXLrCDFSeEuxH9x6fLx/" \
"jw1VPdZyiaMBqhCKJzIxXXrk1x3AjzsGHes4PN2HmwLHTPabatjpdc+7++HoX0WYS3uFDtlnqq" \
"/30VCtHVhj7/9/5G8kM+2SCr9uVnOFoUVac2k8lA9S654LJ/SvNxoJIAnnN8kmRB3hTHUy+hLz" \
"INSCi94HXzRKegF6l2cqDzIzax3AkEvMEDrnr9SyKl4kPbJUhpS9rsIHSR4VZ+ftTl6OyQyYcU" \
"8PISQ3LbMDlab3kRLQMyQLUE6P1W3dSb2d0E8FMzNJRVZG8qni31EJDdhEE1XoeN5KNuOqHlUg" \
"YnEQTnnnZQO7cpZHbJkig+*rMa79jvw3ZAdCPVmTXHlWg==*dr8W9+jtjlpUMx3aXteeQw==*O" \
"yOuE5XXG9jLU2HwvJchNw=="
decrypt_key = workout['assessment']['key']
plaintext = cryptocode.decrypt(message, decrypt_key)
cipher = substitution_encrypt(plaintext)
# Put cipher in datastore object
workout['container_info']['sub_cipher']['cipher'] = cipher['ciphertext']
workout['container_info']['sub_cipher']['cleartext'] = cipher['cleartext']
workout['container_info']['sub_cipher']['key'] = cipher['key']
ds_client.put(workout)
status = workout['assessment']['questions'][3]['complete']
data = {
'cipher': cipher['ciphertext'],
'status': status,
}
return data
def register(workout_id):
key = ds_client.key('cybergym-workout', workout_id)
workout = ds_client.get(key)
if workout['type'] == '2fa':
"""User registration route."""
if current_user.is_authenticated:
# if user is logged in we get out of here
return redirect(
url_for('twofactorauth_bp.twofactorhome',
workout_id=workout_id))
form = RegisterForm()
if form.validate_on_submit():
user = User.query.filter_by(username=form.username.data).first()
if user is not None:
flash('Username already exists.')
return redirect(url_for('twofactorauth_bp.register'))
# add new user to the database
user = User(username=form.username.data,
password=form.password.data)
db.session.add(user)
db.session.commit()
# redirect to the two-factor auth page, passing username in session
session['username'] = user.username
return redirect(
url_for('twofactorauth_bp.two_factor_setup',
workout_id=workout_id))
return render_template('register.html',
form=form,
workout_id=workout_id)
else:
return redirect(404)
def sql_injection(workout_id):
key = ds_client.key('cybergym-workout', workout_id)
workout = ds_client.get(key)
if workout['type'] == 'sql_injection':
page_template = 'sql_index.html'
return render_template(page_template, workout_id=workout_id)
else:
return redirect(404)
def xsfiedSTRflag(workout_id):
key = ds_client.key('cybergym-workout', workout_id)
workout = ds_client.get(key)
if workout['type'] == 'inspect':
page_template = 'index.html'
return render_template(page_template, workout_id=workout_id)
else:
return redirect(404)
def arena_snake(workout_id):
key = ds_client.key('cybergym-workout', workout_id)
workout = ds_client.get(key)
if workout['type'] == 'arena_snake':
page_template = 'arena_snake.html'
completion = False
return render_template(page_template, workout_id=workout_id, completion=completion)
else:
return redirect(404)
def check_caesar(self, submission, check):
"""
:arg submission: type(str); Plaintext cipher sent from student
:arg check: type(int); Question number associated with submitted cipher
:returns data: type(dict) of updated workout obj that is stored in Datastore
"""
key = ds_client.key('cybergym-workout', self.workout_id)
workout = ds_client.get(key)
# data is a dict list that is passed back to page as JSON object
status = workout['assessment']['questions']
data = {
'cipher1': {
'cipher': workout['container_info']['cipher_one']['cipher'],
'status': status[0]['complete']
},
'cipher2': {
'cipher': workout['container_info']['cipher_two']['cipher'],
'status': status[1]['complete']
},
'cipher3': {
'cipher': workout['container_info']['cipher_three']['cipher'],
'status': status[2]['complete']
},
}
# Cipher list is what we compare submissions to
cipher_list = []
# Decode Stored Ciphers and append to a plaintext list
decoded = workout['container_info']['cipher_one']['cipher']
plaintext = CaesarCipher(decoded, offset=workout['container_info']['cipher_one']['key']).decoded
cipher_list.append(plaintext)
decoded2 = workout['container_info']['cipher_two']['cipher']
plaintext2 = CaesarCipher(decoded2, offset=workout['container_info']['cipher_two']['key']).decoded
cipher_list.append(plaintext2)
decoded3 = workout['container_info']['cipher_three']['cipher']
plaintext3 = CaesarCipher(decoded3, offset=workout['container_info']['cipher_three']['key']).decoded
cipher_list.append(plaintext3)
# Check if submission exists within cipher_list and update status and call publish_status if correct
if check == 1 and submission in cipher_list:
data['cipher1']['status'] = True
workout_key = workout['assessment']['questions'][0]['key']
publish_status(self.workout_id, workout_key)
elif check == 2 and submission in cipher_list:
data['cipher2']['status'] = True
workout_key = workout['assessment']['questions'][1]['key']
publish_status(self.workout_id, workout_key)
elif check == 3 and submission in cipher_list:
data['cipher3']['status'] = True
workout_key = workout['assessment']['questions'][2]['key']
publish_status(self.workout_id, workout_key)
return data
def hash_it_out(workout_id):
page_template = './hashitout.jinja'
key = ds_client.key('cybergym-workout', workout_id)
workout = ds_client.get(key)
# Only valid workouts should access page
if workout:
# Valid workout_id and type:
if workout['type'] == 'johnnyhash':
if request.method == 'GET':
return render_template(page_template,
pass_hash=workout['container_info']
['correct_password_hash'],
workout_id=workout_id)
elif request.method == 'POST':
if 'password_file' not in request.files:
# User did not submit a file. Show error and let them upload again
return render_template(
page_template,
upload_error="You must choose a file to upload",
workout_id=workout_id,
pass_hash=workout['container_info']
['correct_password_hash'])
else:
# Check to be sure that the user has submitted a file.
input_file = request.files['password_file']
if input_file.filename == '':
# User has submitted a blank file. Show error and let them upload again.
return render_template(
page_template,
upload_error="You must choose a file to upload",
pass_hash=workout['container_info']
['correct_password_hash'],
workout_id=workout_id,
)
# At this point, we have a csv file to process
raw_input = io.StringIO(
input_file.stream.read().decode("UTF8"), newline=None)
passwords = raw_input.read().split('\n')
hashes = []
for password in passwords:
hashes.append({
'plaintext':
password,
'hash':
hashlib.md5(password.encode('utf-8')).hexdigest()
})
return render_template(
page_template,
hashed_passwords=hashes,
pass_hash=workout['container_info']
['correct_password_hash'],
workout_id=workout_id,
)
else: # Valid workout_id, but not correct workout type
return redirect(url_for('johnnyhash.invalid'))
else: # Workout ID doesn't exist ...
return redirect(url_for('johnnyhash.invalid'))
def set_ciphers(self):
"""
Picks random ciphertext from clear_text list and enciphers it with a
random Caesar cipher. The generated ciphers are added to the associated
workout datastore entry.
:arg: workout_id: type(str)
:return: cipher_list: type(list)
"""
key = ds_client.key('cybergym-workout', self.workout_id)
workout = ds_client.get(key)
result = []
ciphertext = [
'cHrJdEdTf0hyNgw5zF1M5Z0/ITEMcBZBhBQHzNBGBv7o3LvkYb+TjwOjO67FrkXtIIEdLXsqmXXRPagkIMrzEg==*svFn1+TLeh98KnWhiMMBDg==*FOt35Q8pYVsaTzhdpPjlFw==*aCJPMiRxEjwNQhrSlqysiw==',
'qxHOa703kkPl/7lAcrkg7vO4ls2CeitgI3i6KdqrgvT2*Qci2czk/yYe/CAHdRyysRw==*UGU5zGXgsjpE1YmFEK/gOA==*QIHWApOhCNhdPii7zmwiQQ==',
'gsER0I6djkzkcMWy4dXm6gMqQIEAWEaY6w5QZcs8JA==*VRgmiO52cs2rhXPyl/JQUA==*UYS5O0NR0PQ+oVHPgiuYlQ==*dcXm+LhIOogUMk6Ai3llUA==',
'YwSEGVOsr6ETK9RkiDbW/T63YgwMlflejuAHb2D27uWUxxNM+8GyKQNYpvHPF61oAqF2MJx6vm23DlbQsKYDNt3rSozKme2M*Y5H9N0qglUGkPQogEXoWag==*rZYHlsmZHhrL3t/QXQappw==*HEwB7CCansYAnFfkyZp+Iw==',
'T1qs1d3QeEhOtw0HnYa6Km/4u22C4HxnJo1U3PmmbK3P7RjX1sKQSK/tE21vAmPjeyZHsXkivOLaxnDepsBY*LxgEbXraHwGLcqqWTQ8nJw==*Wm5yQsNBFZexuKh0qNHXgQ==*nB3mcG1/YP3650woabP/rA==',
'vi0vzFK0kdQxmQmQfNWJ8Z0EhalOWZIl*PLnhb4UJNEjsB77R4jfdpg==*iUAOTNTMla2BUC+Ptlwrxg==*XvNyPHdJbvpsEgpciCTO2A==',
'pdLsU9mt8b8jAcks0PsVMXLLJ7TI*s3bL+SYzb8a7LO5A28vPpA==*+ngLia29sega2aCNcZVMNg==*5K72D0Sd/LjzFpTWNlT8WQ==',
'EkqGEBmXlfyqIpRfs/H4arDRddhbyzSci9qiDL/rdxZly9Hf9dpvZT+E81zN/z/I6r+Igw==*n3JelIgumPF5/6U8QWSP5w==*ljH0w3Qew+A0MDHawnj7pg==*dJ0mPniIqx7H/vCq9AIvnQ==',
'1I0XgyuMKjs1kPk1DQVii5j5jMqiFmfBnPsbGQTmA3Zw0WRGrgRzVk2uLuj3PbOao/O+DAR5j1a3BxWkoZuj/TiSr+/DB++R7A4=*5nK6m5wjd//mpcAme38eJA==*fE+KsmGL0kJr59cewvhw3g==*M4MO0kfYGYRftk9ly0SV5w==',
'cQrxJ/jtxbAU6LRaMHFhcRitOAKdYk9I8lBtcJJMjdz1BbccFOnHdNBo8cnV4yiwFg4p1g==*t3wlFteyvKkMMu/sUxwFrA==*jpXTlFx/uROFEU4LRrKCcg==*xVdbwGW77gfK+RcVdAh/mw==',
'5vSfmSSYgrAAVnx1eN/TAk2Gwr7J7bc/5Z2iz2Gdt5cYW8kayzPffBlwuk4zAu0MIQ==*runx4j1oS+EDmqQzTpffIQ==*PsieshpViBqbShXaWS8JoQ==*fNVQW0lGi295x2iXPTYu8g==',
'yP4Wx01uE43qhDno6t7T3dhrAMttrQohjhD7qX1j2SGRcw==*AraEUK9HFWO9t1XnO5LPOA==*lVRy99cNGPQFulT0eKiOMA==*D5mbvsxKpugrICDLCO1iCw==',
'xuesxMYtGNWZauNNcaT/WaethacFcQKse/VZyNNbmgnQrjApUxtez6cxYoCZZD/TdaSCUZNF+SKP90GppKnhmPUFTq+euW1YRR5k*WlwVeUOakP8HqXjX0nFEQQ==*+ofoLoHhqFBda7MbIispBg==*Key7If3+PxitkHopiRg/Jw==',
'n0KJy+51I7tLri7d2/d8IYE8fLXdshDpW0sT0kZT3AZsUfPRg5s=*M4xt8Lgc6PlKESFNt+0UyA==*tcTzgpB3K85Wv79Nvwaa/g==*EJyW/6GQ9l8tVRamYxJl/g==',
'8ky3P4KzaiapBKSegsOna7RFIIy0cRy/6ndP*Ib9X6xNjJOvD1dWKLBh71w==*30Tp8YFOpENL9TcLTSLKtA==*f19cK1e96JXNs5tnlg/VzQ==',
'iGN3lzZ9siVuP6BiB/oyMUaTKwc1Xro=*7QBuorkbgqg8AG7VJKK48g==*xwr5VPY1MoqQDlk1KCxFuA==*5p3v7La7vgQZPI6sOZj6IQ==',
'l2PhriCMAaLjzL6lw09krXdChsfRqGVs27N76PwLYsxDAy3+7ppNkJA+8MT4ATZ621UHQnSQC5tFwtSDtyY=*YlOQAhSxb349lOSqmbfqLA==*2UxT2+s+S9cxm5LD8r70Dw==*24TuHNvrMvvFYNjwGnFWdg==',
'9SXrAaCYO5RVs1ZysuPKxg84Cuxvnv5p4lFVRDesi54tTdi8tqJ6ioSaig==*ig3XNhkzjep/z7LjKS9Bsg==*G0xLttPhJs5yianF+GeR5w==*zOBj+Xil7SnvdKiMWUYdTg==',
'3cCIJcW3NtIDibjxejvNLWr2PomtFOr3ZdEc3m/+QScyfKQw5ISGT5QR6CD6VuBnwJrfgnFo*d1JrIY35CEXqKgxhICZ8UA==*YpWtqeEf9/GaTxpdvIb05g==*RnbmvSERZZvtBNhUIwnTvA=='
]
decrypt_key = workout['assessment']['key']
for pos in range(len(ciphertext)):
key = random.randrange(1, 25)
clear_text = cryptocode.decrypt(ciphertext[pos], decrypt_key)
cipher_string = CaesarCipher(clear_text, offset=key).encoded
cipher = {
'key': key,
'cipher': cipher_string,
}
result.append(cipher)
# Selects 3 unique ciphers from list
cipher_list = random.sample(result, k=3)
workout['container_info']['cipher_one'] = cipher_list[0]
workout['container_info']['cipher_two'] = cipher_list[1]
workout['container_info']['cipher_three'] = cipher_list[2]
ds_client.put(workout)
return cipher_list
def logout(workout_id):
key = ds_client.key('cybergym-workout', workout_id)
workout = ds_client.get(key)
if workout['type'] == '2fa':
"""User logout route."""
logout_user()
return redirect(
url_for('twofactorauth_bp.twofactorhome', workout_id=workout_id))
else:
return redirect(404)
def cipher_info(workout_id):
page_template = 'johnnyarena/arena-cipher-info.jinja'
key = ds_client.key('cybergym-workout', workout_id)
workout = ds_client.get(key)
if workout:
if workout['type'] == 'Trojan Arena Level 2':
return render_template(page_template, workout_id=workout_id)
else:
return redirect('/invalid')
def arena_base(workout_id):
page_template = 'johnnyarena/johnny-arena-landing.jinja'
key = ds_client.key('cybergym-workout', workout_id)
workout = ds_client.get(key)
if workout:
if workout['type'] == 'Trojan Arena Level 2':
return redirect(f'/cipher-warehouse/{workout_id}')
else:
return redirect('/invalid')
def xss_r(workout_id):
key = ds_client.key('cybergym-workout', workout_id)
workout = ds_client.get(key)
if workout['type'] == 'xss':
page_template = 'xss_r.html'
name = 'Stranger'
if request.method == 'POST':
name = request.form['name']
return render_template(page_template, name=name, workout_id=workout_id)
else:
return redirect(404)
def snake_flag(workout_id):
key = ds_client.key('cybergym-workout', workout_id)
workout = ds_client.get(key)
if request.method == 'POST':
score = (request.json['score'])
decrypt_key = workout['assessment']['key']
encrypted_flag = 'KJnLMnsUnLCd/ND3eeJwWPINTzvXTKiiYoNkmjCwbng=*xzz+f0pzhaBX41kaZH3GQg==*+JgHfNlMoOsd7GlTXGqW' \
'Fw==*djY9r0Kb0hQb0B7cNZOr4A=='
flag = cryptocode.decrypt(encrypted_flag, decrypt_key)
flag_data = {'flag': str(flag)}
return jsonify(flag_data)
def view_all_query_results(query, page, workout_id):
api = shodan.Shodan(SHODAN_API_KEY)
workout = ds_client.get(ds_client.key('cybergy-workout', workout_id))
if workout:
if workout['type'] == 'shodan':
if request.method == "POST":
result = api.search(query, page=page)
else:
return redirect(f'/invalid/{workout_id}')
else:
return redirect(f'/invalid/{workout_id}')
def home(workout_id):
key = ds_client.key('cybergym-workout', workout_id)
workout = ds_client.get(key)
if not session.get('logged_in'):
return render_template('index.html', workout_id=workout_id)
else:
decrypt_key = workout['assessment']['key']
encrypted_flag = 'w7w1HZQSOlQk7cxRjqICoIXkFbUsjnr9CHJkvZ51Iw==*9o+WrK5lFOZG70IARQ5HGA==*7bLeQoMR/IhXQjlvey' \
'71KQ==*D+iRjmWUsHXkKTC+G6cF4g=='
wireshark_flag = cryptocode.decrypt(encrypted_flag, decrypt_key)
return render_template('flag.html', wireshark_flag=wireshark_flag, workout_id=workout_id)
def xss_s(workout_id):
key = ds_client.key('cybergym-workout', workout_id, use_cache=False, use_memcache=False)
workout = ds_client.get(key)
if workout['type'] == 'xss':
page_template = 'xss_s.html'
if request.method == 'POST':
add_feedback(request.form['feedback'], workout_id)
search_query = request.args.get('query')
feedbacks = get_feedbacks(workout_id, search_query)
return render_template(page_template, feedbacks=feedbacks, search_query=search_query, workout_id=workout_id)
else:
return redirect(404)
def loader(workout_id):
key = ds_client.key('cybergym-workout', workout_id)
workout = ds_client.get(key)
if workout:
if workout['type'] == 'shodan':
data = populate_datastore(workout_id=workout_id)
logger.info(data)
return redirect(f'/shodan_lite/{workout_id}')
else:
return redirect(f'/shodan_lite/invalid/{workout_id}')
else:
return redirect(f'/shodan_lite/invalid/{workout_id}')
def check_sub_cipher(self, submission):
key = ds_client.key('cybergym-workout', self.workout_id)
workout = ds_client.get(key)
data = {
'message': workout['container_info']['sub_cipher']['cipher'],
'status': ''
}
if submission == workout['container_info']['sub_cipher']['cleartext']:
data['status'] = True
workout_key = workout['assessment']['questions'][3]['key']
publish_status(self.workout_id, workout_key)
return data
def twofactorhome(workout_id):
page_template = 'welcome.html'
key = ds_client.key('cybergym-workout', workout_id)
workout = ds_client.get(key)
if workout['type'] == '2fa':
decrypt_key = workout['assessment']['key']
encrypted_flag = 'IpmnWmd6aeyrsrCmcaljIVU19XOmFOKtr9B3OXChIbbZXbQ=*lbG7TJXiAIIS8cQtG9Nufw==*wrSgLeSlwVSCzwm' \
'rlpRlRQ==*c6Oj6lsCnrwLVIXgp0c6vg=='
flag = str(cryptocode.decrypt(encrypted_flag, decrypt_key))
return render_template(page_template, flag=flag, workout_id=workout_id)
else:
return redirect(404)
def xss(workout_id):
key = ds_client.key('cybergym-workout', workout_id)
workout = ds_client.get(key)
if workout['type'] == 'xss':
page_template = 'xss.html'
name = 'Stranger'
bad_request = 'bad request'
if request.args.get('bad_request'):
bad_request = request.args.get('bad_request')
return render_template(page_template, name=name, bad_request=bad_request, workout_id=workout_id)
else:
return redirect(404)
def data(workout_id):
page_template = 'raw_data.jinja'
workout = ds_client.get(ds_client.key('cybergym-workout', workout_id))
if workout:
if workout['type'] == 'shodan':
if request.method == "POST":
logger.info(f"POSTING to /data/{workout_id}")
return render_template(page_template, rawData=request.form.get('data'), workoutid=workout_id,)
if request.method == "GET":
logger.info(f'GET /data/{workout_id}')
print(type(request.get_data()))
else:
return redirect(f'/invalid/{workout_id}')
else:
return redirect(f'/invalid/{workout_id}')
def check_flag(workout_id):
page_template = 'arena_snake.html'
if request.method == 'POST':
key = ds_client.key('cybergym-workout', workout_id)
workout = ds_client.get(key)
workout_token = workout['assessment']['questions'][0]['key']
if request.form.get('check_button'):
decrypt_key = workout['assessment']['key']
encrypted_flag = 'KJnLMnsUnLCd/ND3eeJwWPINTzvXTKiiYoNkmjCwbng=*xzz+f0pzhaBX41kaZH3GQg==*+JgHfNlMoOsd7GlTXGqW' \
'Fw==*djY9r0Kb0hQb0B7cNZOr4A=='
classified_flag = cryptocode.decrypt(encrypted_flag, decrypt_key)
if classified_flag == request.form['classified_flag']:
publish_status(workout_id, workout_token)
completion = True
return render_template(page_template, workout_id=workout_id, completion=completion)
else:
return render_template(page_template, workout_id=workout_id)
def hidden(workout_id):
# This portion sets a cookie with the key "logged_in" to true when a user has authenticated
# They must be authenticated before viewing this page
key = ds_client.key('cybergym-workout', workout_id)
workout = ds_client.get(key)
logged_in = request.cookies.get('logged_in', None)
if workout:
if logged_in is None or logged_in != 'true':
return redirect(url_for('johnnyhash.login', workout_id=workout_id))
else:
page_template = './hidden.jinja'
return render_template(page_template,
workout_id=workout_id,
user='******')
else:
return redirect('/invalid')
def login(workout_id):
page_template = './login.jinja'
key = ds_client.key('cybergym-workout', workout_id)
workout = ds_client.get(key)
# Check if valid workout and valid workout type
if not workout:
return redirect(url_for('johnnyhash.invalid'))
else:
if workout['type'] == 'johnnyhash':
if request.method == 'GET':
return render_template(page_template, workout_id=workout_id)
elif request.method == 'POST':
username = request.form.get('username', None)
password = request.form.get('password', None)
print(username, password)
print(workout['container_info']['correct_password'])
if username is None or password is None:
login_error = 'You must submit a username and password'
return render_template(
page_template,
login_error=login_error,
workout_id=workout_id,
)
elif username == 'johnny' and password == workout[
'container_info']['correct_password']:
# These are the correct credentials, so the cookie for "logged_in" is set to true
resp = make_response(
redirect(f'/johnnyhash/hidden/{workout_id}'))
resp.set_cookie('logged_in', 'true')
workout_token = workout['assessment']['questions'][0][
'key']
# app.logger.info(f'Posting Complete to buildthewarrior{dns_suffix}/complete')
publish_status(workout_id, workout_token)
return resp
else:
login_error = 'Please check your username and password and try again'
return render_template(
page_template,
login_error=login_error,
workout_id=workout_id,
)
else:
return redirect(url_for('johnnyhash.invalid'))
def substitution(workout_id):
page_template = 'johnnyGenCipher/substitution.jinja'
key = ds_client.key('cybergym-workout', workout_id)
workout = ds_client.get(key)
if workout:
if workout['type'] == 'GenCyber Arena Level 1':
if request.method == 'GET':
cipher = get_arena_sub_cipher()
return render_template(
page_template,
workout_id=workout_id,
sub_cipher=cipher,
)
else:
return redirect('/invalid')
else:
return redirect('/invalid')
def check_flag(workout_id):
if request.method == 'POST':
key = ds_client.key('cybergym-workout', workout_id)
page_template = 'sql_index.html'
workout = ds_client.get(key)
workout_token = workout['assessment']['questions'][0]['key']
if request.form.get('check_button'):
decrypt_key = workout['assessment']['key']
encr_flag = "z3iMRhodBpfpOPQalsurIEQmbjpv52PYL0HDnqxCVyu+aQCVTRPWBNv6QI8U*fQKWPyfP5gtUExz5MnLuWg==" \
"*5j/Up6s28F82Am+O7HTfHQ==*M2pIUrpUwaAXlc4ohBKpxQ=="
classified_flag = cryptocode.decrypt(encr_flag, decrypt_key)
if classified_flag == request.form['classified_flag']:
publish_status(workout_id, workout_token)
completion = True
return render_template(page_template,
workout_id=workout_id,
completion=completion)
else:
return render_template(page_template, workout_id=workout_id)
