def add_problem(title, category, description, value, grader_contents, pid=utils.generate_string(), hint="", bonus=0, autogen=0): grader_contents = str(grader_contents) pid = str(pid) value = int(value) title_exists = Problems.query.filter_by(title=title).first() if title_exists: raise WebException("Problem name already taken.") while Problems.query.filter_by(pid=pid).first(): pid = utils.generate_string() if category == "Programming": programming.validate_judge(grader_contents) else: validate_grader(grader_contents, autogen=int(autogen)) grader_folder = os.path.join(app.config["GRADER_FOLDER"], pid) if not os.path.exists(grader_folder): os.makedirs(grader_folder) grader_path = os.path.join(grader_folder, "grader.py") grader_file = open(grader_path, "w") grader_file.write(grader_contents) grader_file.close() problem = Problems(pid, title, category, description, value, grader_path, bonus=bonus, hint=hint, autogen=autogen) db.session.add(problem) files = request.files.getlist("files[]") for _file in files: filename = secure_filename(_file.filename) if len(filename) == 0: continue file_path = os.path.join(app.config["UPLOAD_FOLDER"], filename) _file.save(file_path) db_file = Files(problem.pid, "/".join(file_path.split("/")[2:])) db.session.add(db_file) db.session.commit() db.session.close()
def disconnect(self): '''Close the connection to the remote server.''' msg = [] msg.append(generate_byte(SSH_MSG_NUMS['SSH_MSG_DISCONNECT'])) msg.append(generate_uint32(11)) # SSH_DISCONNECT_BY_APPLICATION msg.append(generate_string('Closed by client')) msg.append(generate_string('')) self.send(''.join(msg)) self._socket.close() print colors.cyan('Disconnected!')
def post(self): try: userEmail = self.get_body_argument('email') userToken = self.get_body_argument('token') fb_email = self.get_body_argument('fb_email') fb_pass = self.get_body_argument('fb_pass') teleId = self.get_body_argument('teleId') keywords = self.get_body_argument('keywords') blacklistKeywords = self.get_body_argument('blacklistKeywords') groupIdList = self.get_body_argument('groupIdList') if userToken == globals.active_users[userEmail].token: if userEmail not in globals.active_users: self.set_status(202) self.write({'message': 'Request Accepted'}) globals.active_users[userEmail] = SeleniumInstance( userEmail, dbconn, generate_string(6), generate_string(), datetime.datetime.now()) globals.active_users[userEmail].start( 'groups', fb_email, fb_pass, teleId, keywords, blacklistKeywords, groupIdList) elif globals.active_users[userEmail].runGroups == False: self.set_status(202) self.write({'message': 'Request Accepted'}) globals.active_users[userEmail].start( 'groups', fb_email, fb_pass, teleId, keywords, blacklistKeywords, groupIdList) elif globals.active_users[userEmail].runGroups == True: self.set_status(409) self.write({'message': 'Session Existed'}) dbconn.insert_app_event( (globals.active_users[userEmail].session, userEmail, datetime.datetime.now(), 'existed_groups_instance', None, None), transform=False) else: self.set_status(403) self.write({'message': 'Wrong Token'}) dbconn.insert_app_event( ('000000', userEmail, datetime.datetime.now(), 'token_error', None, None), transform=False) except: self.set_status(400) self.write({'message': 'Bad Request'}) dbconn.insert_app_event( ('000000', userEmail, datetime.datetime.now(), 'groups_request_error', None, None), transform=False)
def user_avatar_upload(): logged_in = is_logged_in() if not logged_in: raise WebException("You're not logged in.") _user = get_user().first() f = request.files["file"] if f is None: raise WebException("Please upload something.") fname = "/tmp/" + secure_filename(utils.generate_string()) f.save(fname) try: pfp = os.path.join(app.config["PFP_FOLDER"], "%d.png" % _user.uid) if os.path.exists(pfp): os.remove(pfp) with open(fname, "rb") as f1: imageIO = io.BytesIO(f1.read()) imageIO.seek(0) f1.close() im = Image.open(imageIO) im = im.resize((256, 256), Image.ANTIALIAS) im.save(open(pfp, "w"), "PNG") return { "success": 1, "message": "Uploaded!" } except Exception, e: raise WebException(str(e))
def user_avatar_upload(): logged_in = is_logged_in() if not logged_in: raise WebException("You're not logged in.") _user = get_user().first() f = request.files["file"] if f is None: raise WebException("Please upload something.") fname = "/tmp/" + secure_filename(utils.generate_string()) f.save(fname) try: pfp = os.path.join(app.config["PFP_FOLDER"], "%d.png" % _user.uid) if os.path.exists(pfp): os.remove(pfp) with open(fname, "rb") as f1: imageIO = io.BytesIO(f1.read()) imageIO.seek(0) f1.close() im = Image.open(imageIO) im = im.resize((256, 256), Image.ANTIALIAS) im.save(open(pfp, "w"), "PNG") return {"success": 1, "message": "Uploaded!"} except Exception, e: raise WebException(str(e))
def createSessionID(self,_user): #Expects real user entity time = str(datetime.datetime.now()) string = utils.encrypt(utils.generate_string()) _user.active_sessions = _user.active_sessions + [(string,time)] _user.put() #print "Users-createSessionID: Created new ID for ", _user.email return (string,time)
def createSessionID(self, _user): #Expects real user entity time = str(datetime.datetime.now()) string = utils.encrypt(utils.generate_string()) _user.active_sessions = _user.active_sessions + [(string, time)] _user.put() #print "Users-createSessionID: Created new ID for ", _user.email return (string, time)
def __init__(self, uid, username, expiry=int(time.time()) + TOKEN_LIFETIME, active=True, ua=None, ip=None, location=None): self.sid = utils.generate_string() self.uid = uid self.username = username self.issued = int(time.time()) self.expiry = expiry self.active = active self.ua = ua self.ip = ip self.location = location
def validate_grader(grader_contents, autogen=False): tmp_grader = "/tmp/grader" + utils.generate_string() + ".py" f = open(tmp_grader, "w") f.write(grader_contents) f.close() try: grader = imp.load_source("grader", tmp_grader) except Exception, e: raise WebException("There is a syntax error in the grader: %s" % e)
def admin_setup_init(): if utils.is_setup_complete(): raise WebException("Setup has already been complete.") verification = Config("setup_verification", utils.generate_string().lower()) with app.app_context(): for item in Config.query.filter_by(key="setup_verification").all(): db.session.delete(item) db.session.add(verification) db.session.commit() db.session.close() return { "success": 1 }
def register_user(name, username, email, password, utype, admin=False): user = Users(name, username, email, password, utype=utype, admin=admin) token = utils.generate_string(length=64) user.email_token = token with app.app_context(): db.session.add(user) db.session.commit() join_activity = UserActivity(user.uid, 0) db.session.add(join_activity) db.session.commit() db.session.close() return True
def __init__(self, userEmail, dbconn, token=generate_string(), session=generate_string(6), ping=datetime.datetime.now()): self.userEmail = userEmail self.dbconn = dbconn self.token = token self.session = session self.ping = ping self.runAds = False self.runGroups = False self.hubspot_contact_path = 'C:\\Works\\repos\\playground\\hubspot_contact' software_names = [SoftwareName.CHROME.value] operating_systems = [ OperatingSystem.WINDOWS.value, OperatingSystem.LINUX.value, OperatingSystem.MAC.value ] self.user_agent_rotator = UserAgent( software_names=software_names, operating_systems=operating_systems, limit=100) self.user_agent = self.user_agent_rotator.get_random_user_agent() self.options = webdriver.ChromeOptions() self.options.add_argument("--disable-notifications") self.options.add_argument("--disable-infobars") self.options.add_argument("--mute-audio") self.options.add_argument('--no-sandbox') self.options.add_argument('--disable-gpu') self.options.add_argument('--disable-dev-shm-usage') self.options.add_argument('--silent') self.options.add_argument('--log-level=OFF') self.options.add_argument(f'--user-agent={self.user_agent}')
def wrapper(*args, **kwds): if not("TESTING" in current_app.config and current_app.config["TESTING"] == True): if request.method == "POST": try: token = str(session.pop("csrf_token")) provided_token = str(request.form.get("csrf_token")) if not token or token != provided_token: raise Exception except Exception, e: response = make_response(json.dumps({ "success": 0, "message": "Token has been tampered with." }), 403, response_header) token = utils.generate_string() response.set_cookie("csrf_token", token) session["csrf_token"] = token return response
def user_forgot_password(token=None): params = utils.flat_multi(request.form) if token is not None: user = get_user(reset_token=token).first() if user is None: raise WebException("Invalid reset token.") # We are viewing the actual reset form if request.method == "GET": return {"success": 1, "message": ""} # Submission of actual reset form if request.method == "POST": password = params.get("password") confirm_password = params.get("confirm_password") if password != confirm_password: raise WebException("Passwords do not match.") else: user.password = utils.hash_password(password) user.reset_token = None current_session = db.session.object_session(user) current_session.add(user) current_session.commit() return {"success": 1, "message": "Success!"} else: email = params.get("email").lower() user = get_user(email=email).first() if user is None: raise WebException("User with that email does not exist.") token = utils.generate_string(length=64) user.reset_token = token current_session = db.session.object_session(user) current_session.add(user) current_session.commit() reset_link = "%s/forgot/%s" % ("127.0.0.1:8000", token) subject = "OpenCTF password reset" body = """%s,\n\nA request to reset your OpenCTF password has been made. If you did not request this password reset, you may safely ignore this email and delete it.\n\nYou may reset your password by clicking this link or pasting it to your browser.\n\n%s\n\nThis link can only be used once, and will lead you to a page where you can reset your password.\n\nGood luck!\n\n- OpenCTF Administrator""" % ( user.username, reset_link) response = utils.send_email(email, subject, body) if response.status_code != 200: raise WebException("Could not send email") response = response.json() if "Queued" in response["message"]: return {"success": 1, "message": "Email sent to %s" % email} else: raise WebException(response["message"])
def user_forgot_password(token=None): params = utils.flat_multi(request.form) if token is not None: user = get_user(reset_token=token).first() if user is None: raise WebException("Invalid reset token.") # We are viewing the actual reset form if request.method == "GET": return { "success": 1, "message": ""} # Submission of actual reset form if request.method == "POST": password = params.get("password") confirm_password = params.get("confirm_password") if password != confirm_password: raise WebException("Passwords do not match.") else: user.password = utils.hash_password(password) user.reset_token = None current_session = db.session.object_session(user) current_session.add(user) current_session.commit() return { "success": 1, "message": "Success!" } else: email = params.get("email").lower() user = get_user(email=email).first() if user is None: raise WebException("User with that email does not exist.") token = utils.generate_string(length=64) user.reset_token = token current_session = db.session.object_session(user) current_session.add(user) current_session.commit() reset_link = "%s/forgot/%s" % ("127.0.0.1:8000", token) subject = "OpenCTF password reset" body = """%s,\n\nA request to reset your OpenCTF password has been made. If you did not request this password reset, you may safely ignore this email and delete it.\n\nYou may reset your password by clicking this link or pasting it to your browser.\n\n%s\n\nThis link can only be used once, and will lead you to a page where you can reset your password.\n\nGood luck!\n\n- OpenCTF Administrator""" % (user.username, reset_link) response = utils.send_email(email, subject, body) if response.status_code != 200: raise WebException("Could not send email") response = response.json() if "Queued" in response["message"]: return { "success": 1, "message": "Email sent to %s" % email } else: raise WebException(response["message"])
def send(self, payload): '''Send data to the remote server. This data will be encrypted, and its authenticity guaranteed (both client-to-server and server-to-client). Args: payload (string): the data to be sent to the remote server. ''' msg = [] msg.append(generate_byte(SSH_MSG_NUMS['SSH_MSG_CHANNEL_DATA'])) msg.append(generate_uint32(self._remote_channel_number)) msg.append(generate_string(payload)) self._ssh_transport_connection.send(''.join(msg))
def api_wrapper(f): @wraps(f) def wrapper(*args, **kwds): if not ("TESTING" in current_app.config and current_app.config["TESTING"] == True): if request.method == "POST": try: token = str(session.pop("csrf_token")) provided_token = str(request.form.get("csrf_token")) if not token or token != provided_token: raise Exception except Exception, e: response = make_response( json.dumps({ "success": 0, "message": "Token has been tampered with." }), 403, response_header) token = utils.generate_string() response.set_cookie("csrf_token", token) session["csrf_token"] = token return response web_result = {} response = 200 try: web_result = f(*args, **kwds) except WebException as error: response = 200 web_result = {"success": 0, "message": str(error)} except Exception as error: response = 200 traceback.print_exc() web_result = { "success": 0, "message": "Something went wrong! Please notify us about this immediately.", "error": [str(error), traceback.format_exc()] } result = (json.dumps(web_result), response, response_header) response = make_response(result) # Setting CSRF token if "csrf_token" not in session: token = utils.generate_string() response.set_cookie("csrf_token", token) session["csrf_token"] = token return response
def wrapper(*args, **kwds): if not ("TESTING" in current_app.config and current_app.config["TESTING"] == True): if request.method == "POST": try: token = str(session.pop("csrf_token")) provided_token = str(request.form.get("csrf_token")) if not token or token != provided_token: raise Exception except Exception, e: response = make_response( json.dumps({ "success": 0, "message": "Token has been tampered with." }), 403, response_header) token = utils.generate_string() response.set_cookie("csrf_token", token) session["csrf_token"] = token return response
def verify_email(): # Actual verification of email if request.method == "GET": params = utils.flat_multi(request.args) token = params.get("token") if token is not None: user = Users.query.filter_by(email_token=token).first() if user is None: raise WebException("Invalid token.") user.email_verified = True user.email_token = None current_session = db.session.object_session(user) current_session.add(user) current_session.commit() return {"success": 1, "message": "Email verified."} raise WebException("Invalid token.") # Request to verify email elif request.method == "POST": user = get_user().first() if user is None: raise WebException("User with that username does not exist.") if user.email_verified: raise WebException("Email is already verified.") token = utils.generate_string(length=64) user.email_token = token current_session = db.session.object_session(user) current_session.add(user) current_session.commit() try: send_verification(user.username, user.email, token) except: return {"success": 0, "message": "Failed."} return { "success": 1, "message": "Verification email sent to %s" % user.email }
def verify_email(): # Actual verification of email if request.method == "GET": params = utils.flat_multi(request.args) token = params.get("token"); if token is not None: user = Users.query.filter_by(email_token=token).first() if user is None: raise WebException("Invalid token.") user.email_verified = True user.email_token = None current_session = db.session.object_session(user) current_session.add(user) current_session.commit() return { "success": 1, "message": "Email verified." } raise WebException("Invalid token.") # Request to verify email elif request.method == "POST": user = get_user().first() if user is None: raise WebException("User with that username does not exist.") if user.email_verified: raise WebException("Email is already verified.") token = utils.generate_string(length=64) user.email_token = token current_session = db.session.object_session(user) current_session.add(user) current_session.commit() try: send_verification(user.username, user.email, token) except: return { "success": 0, "message": "Failed." } return { "success": 1, "message": "Verification email sent to %s" % user.email }
def api_wrapper(f): @wraps(f) def wrapper(*args, **kwds): if not("TESTING" in current_app.config and current_app.config["TESTING"] == True): if request.method == "POST": try: token = str(session.pop("csrf_token")) provided_token = str(request.form.get("csrf_token")) if not token or token != provided_token: raise Exception except Exception, e: response = make_response(json.dumps({ "success": 0, "message": "Token has been tampered with." }), 403, response_header) token = utils.generate_string() response.set_cookie("csrf_token", token) session["csrf_token"] = token return response web_result = {} response = 200 try: web_result = f(*args, **kwds) except WebException as error: response = 200 web_result = { "success": 0, "message": str(error) } except Exception as error: response = 200 traceback.print_exc() web_result = { "success": 0, "message": "Something went wrong! Please notify us about this immediately.", "error": [ str(error), traceback.format_exc() ] } result = (json.dumps(web_result), response, response_header) response = make_response(result) # Setting CSRF token if "csrf_token" not in session: token = utils.generate_string() response.set_cookie("csrf_token", token) session["csrf_token"] = token return response
def disconnect(self): '''Cleanly close the connection to the remote server.''' # Send our exit status msg = [] msg.append(generate_byte(SSH_MSG_NUMS['SSH_MSG_CHANNEL_REQUEST'])) msg.append(generate_uint32(self._remote_channel_number)) msg.append(generate_string('exit-status')) msg.append(generate_byte(0)) # False msg.append(generate_uint32(0)) # Exit status = 0 self._ssh_transport_connection.send(''.join(msg)) # Then close the channel msg = [] msg.append(generate_byte(SSH_MSG_NUMS['SSH_MSG_CHANNEL_CLOSE'])) msg.append(generate_uint32(self._remote_channel_number)) self._ssh_transport_connection.send(''.join(msg)) # Read back the remote side's exit status data = self._ssh_transport_connection.read() index, msg_type = parse_byte(data, 0) index, recipient_channel = parse_uint32(data, index) index, request_type = parse_string(data, index) index, want_reply_byte = parse_byte(data, index) want_reply = want_reply_byte != 0 index, exit_status = parse_uint32(data, index) assert msg_type == SSH_MSG_NUMS['SSH_MSG_CHANNEL_REQUEST'] assert recipient_channel == self._local_channel_number assert request_type == 'exit-status' assert not want_reply # Disconnect at the transport layer self._ssh_transport_connection.disconnect() return exit_status
def _run_diffie_hellman_group14_sha1_key_exchange(self, server_kex_init, client_kex_init): # q, g, and p from https://tools.ietf.org/html/rfc3526#section-3 q = 2**2048 g = 2 p = int( ''' 0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E34 04DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F4 06B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8 FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E 462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2 261898FA051015728E5A8AACAA68FFFFFFFFFFFFFFFF '''.replace(' ', '').replace('\n', ''), 16) x = random.SystemRandom().randint(2, q - 1) e = pow(g, x, p) # Send public key to server msg = [] msg.append(generate_byte(SSH_MSG_NUMS['SSH_MSG_KEXDH_INIT'])) msg.append(generate_mpint(e)) self.send(''.join(msg)) # Receive (K_S || f || s) from the server # i.e. host key blob, f, and the signature, from the server msg = self.read() index, ssh_msg_type = parse_byte(msg, 0) assert ssh_msg_type == SSH_MSG_NUMS['SSH_MSG_KEXDH_REPLY'] index, host_key_blob = parse_string(msg, index) index, f = parse_mpint(msg, index) index, signature = parse_string(msg, index) # Calculate a verifying key from the host key blob verifying_key = self._get_verifying_key(host_key_blob) # Also calculate the shared key, exchange hash, and session ID (this is the same as the exchange # hash) shared_key = pow(f, x, p) hashed_data = \ generate_string(self._client_id_string.strip('\r\n')) + \ generate_string(self._server_id_string.strip('\r\n')) + \ generate_string(client_kex_init) + \ generate_string(server_kex_init) + \ generate_string(host_key_blob) + \ generate_mpint(e) + \ generate_mpint(f) + \ generate_mpint(shared_key) exchange_hash = hashlib.sha1(hashed_data).digest() self.session_id = exchange_hash # Pull out the signature blob from the message index, ecdsa_identifier = parse_string(signature, 0) assert ecdsa_identifier == SERVER_HOST_KEY_ALGORITHM, \ 'Unknown signature type: %s' % ecdsa_identifier index, signature_blob = parse_string(signature, index) index, r = parse_mpint(signature_blob, 0) index, s = parse_mpint(signature_blob, index) # Verify that the signature on the message is correct assert verifying_key.verify(get_32_byte_repr(r) + get_32_byte_repr(s), exchange_hash, hashfunc=hashlib.sha256, sigdecode=ecdsa.util.sigdecode_string) print colors.cyan('Signature validated correctly! OMG!') # Derive *all* the keys! key_derivation_options = { 'shared_key': shared_key, 'exchange_hash': exchange_hash, 'session_id': self.session_id, } # Client to server keys (these hard-coded ASCII letters brought to you by the RFC's key # derivation function: https://tools.ietf.org/html/rfc4253#section-7.2) initial_iv_client_to_server = _derive_encryption_key( key_derivation_options, 'A', AES_BLOCK_LEN) ctr = Counter.new(AES_BLOCK_LEN * 8, initial_value=int( initial_iv_client_to_server.encode('hex'), AES_BLOCK_LEN)) encryption_key_client_to_server = _derive_encryption_key( key_derivation_options, 'C', AES_BLOCK_LEN) self._aes_client_to_server = AES.new(encryption_key_client_to_server, AES.MODE_CTR, counter=ctr) self._integrity_key_client_to_server = _derive_encryption_key( key_derivation_options, 'E') # Server to client keys initial_iv_server_to_client = _derive_encryption_key( key_derivation_options, 'B', AES_BLOCK_LEN) ctr = Counter.new(AES_BLOCK_LEN * 8, initial_value=int( initial_iv_server_to_client.encode('hex'), AES_BLOCK_LEN)) encryption_key_server_to_client = _derive_encryption_key( key_derivation_options, 'D', AES_BLOCK_LEN) self._aes_server_to_client = AES.new(encryption_key_server_to_client, AES.MODE_CTR, counter=ctr) self._integrity_key_server_to_client = _derive_encryption_key( key_derivation_options, 'F')
def submit_program(): params = utils.flat_multi(request.form) pid = params.get("pid") tid = session.get("tid") _user = user.get_user().first() language = params.get("language") submission_contents = params.get("submission") _problem = problem.get_problem(pid=pid).first() if _problem is None: raise WebException("Problem does not exist.") if _problem.category != "Programming": raise WebException("Can't judge this problem.") if language not in extensions: raise WebException("Language not supported.") solved = Solves.query.filter_by(pid=pid, tid=tid, correct=1).first() if solved: raise WebException("You already solved this problem.") judge_folder = os.path.join(app.config["GRADER_FOLDER"], pid) if not os.path.exists(judge_folder): os.makedirs(judge_folder) submission_folder = os.path.join(judge_folder, utils.generate_string()) while os.path.exists(submission_folder): submission_folder = os.path.join(judge_folder, utils.generate_string()) os.makedirs(submission_folder) submission_path = os.path.join(submission_folder, "program.%s" % extensions[language]) open(submission_path, "w").write(submission_contents) message, log, duration = judge(submission_path, language, pid) number = ProgrammingSubmissions.query.filter_by(tid=tid).with_entities( ProgrammingSubmissions.number).order_by( ProgrammingSubmissions.number.desc()).first() if number is None: number = 1 else: number = number[0] + 1 submission = ProgrammingSubmissions(pid, tid, submission_path, message, log, number, duration) correct = message == "Correct!" with app.app_context(): solve = Solves(pid, _user.uid, tid, submission_path, correct) db.session.add(solve) db.session.add(submission) db.session.commit() if correct: # Wait until after the solve has been added to the database before adding bonus solves = problem.get_solves(pid=pid) solve.bonus = [-1, solves][solves < 3] db.session.add(solve) cache.invalidate_memoization(problem.get_solves, pid) if _user: activity = UserActivity(_user.uid, 3, tid=tid, pid=pid) db.session.add(activity) db.session.commit() new = { "psid": submission.psid, "title": _problem.title, "message": submission.message, "log": submission.log, "date": utils.isoformat(submission.date), "number": submission.number } shutil.rmtree(submission_folder) return { "success": message == "Correct!", "message": message, "new_submission": new }
def submit_program(): params = utils.flat_multi(request.form) pid = params.get("pid") tid = session.get("tid") _user = user.get_user().first() language = params.get("language") submission_contents = params.get("submission") _problem = problem.get_problem(pid=pid).first() if _problem is None: raise WebException("Problem does not exist.") if _problem.category != "Programming": raise WebException("Can't judge this problem.") if language not in extensions: raise WebException("Language not supported.") solved = Solves.query.filter_by(pid=pid, tid=tid, correct=1).first() if solved: raise WebException("You already solved this problem.") judge_folder = os.path.join(app.config["GRADER_FOLDER"], pid) if not os.path.exists(judge_folder): os.makedirs(judge_folder) submission_folder = os.path.join(judge_folder, utils.generate_string()) while os.path.exists(submission_folder): submission_folder = os.path.join(judge_folder, utils.generate_string()) os.makedirs(submission_folder) submission_path = os.path.join(submission_folder, "program.%s" % extensions[language]) open(submission_path, "w").write(submission_contents) message, log, duration = judge(submission_path, language, pid) number = ProgrammingSubmissions.query.filter_by(tid=tid).with_entities(ProgrammingSubmissions.number).order_by(ProgrammingSubmissions.number.desc()).first() if number is None: number = 1 else: number = number[0] + 1 submission = ProgrammingSubmissions(pid, tid, submission_path, message, log, number, duration) correct = message == "Correct!" with app.app_context(): solve = Solves(pid, _user.uid, tid, submission_path, correct) db.session.add(solve) db.session.add(submission) db.session.commit() if correct: # Wait until after the solve has been added to the database before adding bonus solves = problem.get_solves(pid=pid) solve.bonus = [-1, solves][solves < 3] db.session.add(solve) cache.invalidate_memoization(problem.get_solves, pid) if _user: activity = UserActivity(_user.uid, 3, tid=tid, pid=pid) db.session.add(activity) db.session.commit() new = { "psid": submission.psid, "title": _problem.title, "message": submission.message, "log": submission.log, "date": utils.isoformat(submission.date), "number": submission.number } shutil.rmtree(submission_folder) return { "success": message == "Correct!", "message": message , "new_submission": new }
def _do_user_auth(self): # Ask the server whether it supports doing SSH user auth msg = [] msg.append(generate_byte(SSH_MSG_NUMS['SSH_MSG_SERVICE_REQUEST'])) msg.append(generate_string(SSH_USERAUTH_STRING)) self._ssh_transport_connection.send(''.join(msg)) # Check that it says yes data = self._ssh_transport_connection.read() index, msg_type = parse_byte(data, 0) assert msg_type == SSH_MSG_NUMS['SSH_MSG_SERVICE_ACCEPT'], \ 'Unknown message type received: %d' % msg_type index, service_name = parse_string(data, index) assert service_name == SSH_USERAUTH_STRING print colors.cyan("Let's do ssh-userauth!") # Ask the server which authentication methods it supports msg = [] msg.append(generate_byte(SSH_MSG_NUMS['SSH_MSG_USERAUTH_REQUEST'])) msg.append(generate_string(self.username.encode('utf-8'))) msg.append(generate_string('ssh-connection')) msg.append(generate_string('none')) self._ssh_transport_connection.send(''.join(msg)) # Check that publickey is one of them data = self._ssh_transport_connection.read() index, msg_type = parse_byte(data, 0) index, supported_auth_methods = parse_name_list(data, index) index, partial_success_byte = parse_byte(data, index) partial_success = partial_success_byte != 0 assert msg_type == SSH_MSG_NUMS['SSH_MSG_USERAUTH_FAILURE'], \ 'Unknown message type: %d' % msg_type assert 'publickey' in supported_auth_methods, \ 'Server does not support public key authentication' assert not partial_success # Try to public key auth rsa_key = RSA.importKey(open(self.keyfile)) pkcs_key = PKCS1_v1_5.new(rsa_key) msg = [] msg.append(generate_byte(SSH_MSG_NUMS['SSH_MSG_USERAUTH_REQUEST'])) msg.append(generate_string(self.username.encode('utf-8'))) msg.append(generate_string('ssh-connection')) msg.append(generate_string('publickey')) msg.append(generate_byte(1)) # True: we really do want to authenticate msg.append(generate_string('ssh-rsa')) msg.append( generate_string( generate_string('ssh-rsa') + generate_mpint(rsa_key.e) + generate_mpint(rsa_key.n))) # Desperately try to figure out how signing works in this silly encapsulating protocol signed_data = generate_string( self._ssh_transport_connection.session_id) + ''.join(msg) # OMG Pycrypto, did it have to be *your* SHA1 implementation? signature = pkcs_key.sign(SHA.new(signed_data)) msg.append( generate_string( generate_string('ssh-rsa') + generate_string(signature))) # Send the public key auth message to the server self._ssh_transport_connection.send(''.join(msg)) data = self._ssh_transport_connection.read() index, msg_type = parse_byte(data, 0) assert msg_type == SSH_MSG_NUMS['SSH_MSG_USERAUTH_SUCCESS'], \ 'Unknown message type: %d' % msg_type print colors.cyan('Successfully user authed!')
def _create_ssh_connection(self): # Read the global request that SSH sends us - this is trying to let us know all host keys, but # it's OpenSSH-specific, and we don't need it data = self._ssh_transport_connection.read() index, msg_type = parse_byte(data, 0) index, request_name = parse_string(data, index) index, want_reply_byte = parse_byte(data, index) want_reply = want_reply_byte != 0 assert msg_type == SSH_MSG_NUMS['SSH_MSG_GLOBAL_REQUEST'] assert request_name == '*****@*****.**' assert not want_reply # Reply to let OpenSSH know that we don't know what they're talking about msg = [] msg.append(generate_byte(SSH_MSG_NUMS['SSH_MSG_REQUEST_FAILURE'])) self._ssh_transport_connection.send(''.join(msg)) # Actually get started with opening a channel for SSH communication window_size = 1048576 maximum_packet_size = 16384 # Request to open a session channel msg = [] msg.append(generate_byte(SSH_MSG_NUMS['SSH_MSG_CHANNEL_OPEN'])) msg.append(generate_string('session')) msg.append(generate_uint32(self._local_channel_number)) msg.append(generate_uint32(window_size)) msg.append(generate_uint32(maximum_packet_size)) self._ssh_transport_connection.send(''.join(msg)) # Check that a channel was opened successfully data = self._ssh_transport_connection.read() index, msg_type = parse_byte(data, 0) index, recipient_channel = parse_uint32(data, index) index, self._remote_channel_number = parse_uint32(data, index) index, initial_window_size = parse_uint32(data, index) index, maximum_packet_size = parse_uint32(data, index) print colors.cyan('Message type: %d' % msg_type) assert msg_type == SSH_MSG_NUMS['SSH_MSG_CHANNEL_OPEN_CONFIRMATION'] assert recipient_channel == self._local_channel_number print colors.cyan('Remote channel number: %d' % self._remote_channel_number) print colors.cyan('Initial window size: %d' % initial_window_size) print colors.cyan('Maximum window size: %d' % maximum_packet_size) # Ask to turn that session channel into a shell msg = [] msg.append(generate_byte(SSH_MSG_NUMS['SSH_MSG_CHANNEL_REQUEST'])) msg.append(generate_uint32(self._remote_channel_number)) msg.append(generate_string('shell')) msg.append(generate_byte(1)) # True, we do want a reply here self._ssh_transport_connection.send(''.join(msg)) # OpenSSH then asks to increase their window size, that's fine, do it data = self._ssh_transport_connection.read() index, msg_type = parse_byte(data, 0) index, recipient_channel = parse_uint32(data, index) index, bytes_to_add = parse_uint32(data, index) assert msg_type == SSH_MSG_NUMS['SSH_MSG_CHANNEL_WINDOW_ADJUST'] initial_window_size += bytes_to_add # Check that they tell us they've opened a channel successfully data = self._ssh_transport_connection.read() index, msg_type = parse_byte(data, 0) assert msg_type == SSH_MSG_NUMS['SSH_MSG_CHANNEL_SUCCESS'] assert recipient_channel == self._local_channel_number print colors.cyan('Successfully opened shell!')
def _run_diffie_hellman_group14_sha1_key_exchange(self, server_kex_init, client_kex_init): # q, g, and p from https://tools.ietf.org/html/rfc3526#section-3 q = 2 ** 2048 g = 2 p = int(''' 0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E34 04DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F4 06B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8 FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E 462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2 261898FA051015728E5A8AACAA68FFFFFFFFFFFFFFFF '''.replace(' ', '').replace('\n', ''), 16) x = random.SystemRandom().randint(2, q - 1) e = pow(g, x, p) # Send public key to server msg = [] msg.append(generate_byte(SSH_MSG_NUMS['SSH_MSG_KEXDH_INIT'])) msg.append(generate_mpint(e)) self.send(''.join(msg)) # Receive (K_S || f || s) from the server # i.e. host key blob, f, and the signature, from the server msg = self.read() index, ssh_msg_type = parse_byte(msg, 0) assert ssh_msg_type == SSH_MSG_NUMS['SSH_MSG_KEXDH_REPLY'] index, host_key_blob = parse_string(msg, index) index, f = parse_mpint(msg, index) index, signature = parse_string(msg, index) # Calculate a verifying key from the host key blob verifying_key = self._get_verifying_key(host_key_blob) # Also calculate the shared key, exchange hash, and session ID (this is the same as the exchange # hash) shared_key = pow(f, x, p) hashed_data = \ generate_string(self._client_id_string.strip('\r\n')) + \ generate_string(self._server_id_string.strip('\r\n')) + \ generate_string(client_kex_init) + \ generate_string(server_kex_init) + \ generate_string(host_key_blob) + \ generate_mpint(e) + \ generate_mpint(f) + \ generate_mpint(shared_key) exchange_hash = hashlib.sha1(hashed_data).digest() self.session_id = exchange_hash # Pull out the signature blob from the message index, ecdsa_identifier = parse_string(signature, 0) assert ecdsa_identifier == SERVER_HOST_KEY_ALGORITHM, \ 'Unknown signature type: %s' % ecdsa_identifier index, signature_blob = parse_string(signature, index) index, r = parse_mpint(signature_blob, 0) index, s = parse_mpint(signature_blob, index) # Verify that the signature on the message is correct assert verifying_key.verify( get_32_byte_repr(r) + get_32_byte_repr(s), exchange_hash, hashfunc=hashlib.sha256, sigdecode=ecdsa.util.sigdecode_string ) print colors.cyan('Signature validated correctly! OMG!') # Derive *all* the keys! key_derivation_options = { 'shared_key': shared_key, 'exchange_hash': exchange_hash, 'session_id': self.session_id, } # Client to server keys (these hard-coded ASCII letters brought to you by the RFC's key # derivation function: https://tools.ietf.org/html/rfc4253#section-7.2) initial_iv_client_to_server = _derive_encryption_key( key_derivation_options, 'A', AES_BLOCK_LEN) ctr = Counter.new( AES_BLOCK_LEN * 8, initial_value=int(initial_iv_client_to_server.encode('hex'), AES_BLOCK_LEN)) encryption_key_client_to_server = _derive_encryption_key( key_derivation_options, 'C', AES_BLOCK_LEN) self._aes_client_to_server = AES.new(encryption_key_client_to_server, AES.MODE_CTR, counter=ctr) self._integrity_key_client_to_server = _derive_encryption_key(key_derivation_options, 'E') # Server to client keys initial_iv_server_to_client = _derive_encryption_key( key_derivation_options, 'B', AES_BLOCK_LEN) ctr = Counter.new( AES_BLOCK_LEN * 8, initial_value=int(initial_iv_server_to_client.encode('hex'), AES_BLOCK_LEN)) encryption_key_server_to_client = _derive_encryption_key( key_derivation_options, 'D', AES_BLOCK_LEN) self._aes_server_to_client = AES.new(encryption_key_server_to_client, AES.MODE_CTR, counter=ctr) self._integrity_key_server_to_client = _derive_encryption_key(key_derivation_options, 'F')
n_row = len(s1) + 1 n_col = len(s2) + 1 edit_matrix = np.zeros((n_row, n_col)) for i in range(n_row): edit_matrix[i, 0] = i * gap_penalty for j in range(n_col): edit_matrix[0, j] = j * gap_penalty for i in range(1, n_row): for j in range(1, n_col): x_gap = edit_matrix[i - 1, j] + gap_penalty y_gap = edit_matrix[i, j - 1] + gap_penalty mut = edit_matrix[i - 1, j - 1] + edit_function( s1[i - 1], s2[j - 1]) edit_matrix[i, j] = max(x_gap, y_gap, mut) return -edit_matrix[len(s1), len(s2)] # Perform a quick test to see if the edit distance is ok! n_test = 100 for _ in range(n_test): s1 = utils.generate_string( random.randint(min_string_size, max_string_size), aminoacid_names) s2 = utils.generate_string( random.randint(min_string_size, max_string_size), aminoacid_names) assert edit_distance(s1, s2) == editdistance.eval( s1, s2), "Edit distance is wrong!"
return description def validate_grader(grader_contents, autogen=False): tmp_grader = "/tmp/grader.py" open(tmp_grader, "w").write(grader_contents) try: grader = imp.load_source("grader", tmp_grader) except Exception, e: raise WebException("There is a syntax error in the grader: %s" % e) if autogen: # Autogenerated try: seed1 = utils.generate_string() seed2 = utils.generate_string() while seed1 == seed2: seed2 = utils.generate_string() random.seed(seed1) data = grader.generate_problem(random, "pid") assert type(data) == dict random.seed(seed1) flag1 = grader.generate_flag(random) random.seed(seed2) flag2 = grader.generate_flag(random) assert flag1 != flag2, "generate_flag() has generated the same flag twice."
def _do_user_auth(self): # Ask the server whether it supports doing SSH user auth msg = [] msg.append(generate_byte(SSH_MSG_NUMS['SSH_MSG_SERVICE_REQUEST'])) msg.append(generate_string(SSH_USERAUTH_STRING)) self._ssh_transport_connection.send(''.join(msg)) # Check that it says yes data = self._ssh_transport_connection.read() index, msg_type = parse_byte(data, 0) assert msg_type == SSH_MSG_NUMS['SSH_MSG_SERVICE_ACCEPT'], \ 'Unknown message type received: %d' % msg_type index, service_name = parse_string(data, index) assert service_name == SSH_USERAUTH_STRING print colors.cyan("Let's do ssh-userauth!") # Ask the server which authentication methods it supports msg = [] msg.append(generate_byte(SSH_MSG_NUMS['SSH_MSG_USERAUTH_REQUEST'])) msg.append(generate_string(self.username.encode('utf-8'))) msg.append(generate_string('ssh-connection')) msg.append(generate_string('none')) self._ssh_transport_connection.send(''.join(msg)) # Check that publickey is one of them data = self._ssh_transport_connection.read() index, msg_type = parse_byte(data, 0) index, supported_auth_methods = parse_name_list(data, index) index, partial_success_byte = parse_byte(data, index) partial_success = partial_success_byte != 0 assert msg_type == SSH_MSG_NUMS['SSH_MSG_USERAUTH_FAILURE'], \ 'Unknown message type: %d' % msg_type assert 'publickey' in supported_auth_methods, \ 'Server does not support public key authentication' assert not partial_success # Try to public key auth rsa_key = RSA.importKey(open(self.keyfile)) pkcs_key = PKCS1_v1_5.new(rsa_key) msg = [] msg.append(generate_byte(SSH_MSG_NUMS['SSH_MSG_USERAUTH_REQUEST'])) msg.append(generate_string(self.username.encode('utf-8'))) msg.append(generate_string('ssh-connection')) msg.append(generate_string('publickey')) msg.append(generate_byte(1)) # True: we really do want to authenticate msg.append(generate_string('ssh-rsa')) msg.append(generate_string( generate_string('ssh-rsa') + generate_mpint(rsa_key.e) + generate_mpint(rsa_key.n) )) # Desperately try to figure out how signing works in this silly encapsulating protocol signed_data = generate_string(self._ssh_transport_connection.session_id) + ''.join(msg) # OMG Pycrypto, did it have to be *your* SHA1 implementation? signature = pkcs_key.sign(SHA.new(signed_data)) msg.append(generate_string(generate_string('ssh-rsa') + generate_string(signature))) # Send the public key auth message to the server self._ssh_transport_connection.send(''.join(msg)) data = self._ssh_transport_connection.read() index, msg_type = parse_byte(data, 0) assert msg_type == SSH_MSG_NUMS['SSH_MSG_USERAUTH_SUCCESS'], \ 'Unknown message type: %d' % msg_type print colors.cyan('Successfully user authed!')
hashmap.clear() while collisions_number <= MAX_COLLISIONS_NUMBER: virtual_memory = psutil.virtual_memory() virtual_memory = str(virtual_memory) virtual_memory = virtual_memory[55:57] virtual_memory = int(virtual_memory) test_number += 1 if SHOULD_TRACE and test_number % 100000 == 0: print_info(test_number, virtual_memory, collisions_number, len(hashmap), start_time) string1 = generate_string(STRING_LENGTH) string2 = generate_string(STRING_LENGTH) hash1 = hash_string(string1, LOOPS_TO_HASH) hash2 = hash_string(string2, LOOPS_TO_HASH) if control_or_store(hash1, string1) or control_or_store(hash2, string2): collisions_number += 1 if virtual_memory > MAX_RAM: print('Stopping... Too much RAM was used.') break end_time = time.time() execution_time = end_time - start_time
def validate_grader(grader_contents, autogen=False): tmp_grader = "/tmp/grader.py" open(tmp_grader, "w").write(grader_contents) try: grader = imp.load_source("grader", tmp_grader) except Exception, e: raise WebException("There is a syntax error in the grader: %s" % e) if autogen: # Autogenerated try: seed1 = utils.generate_string() seed2 = utils.generate_string() while seed1 == seed2: seed2 = utils.generate_string() random.seed(seed1) data = grader.generate_problem(random, "pid") assert type(data) == dict random.seed(seed1) flag1 = grader.generate_flag(random) random.seed(seed2) flag2 = grader.generate_flag(random) assert flag1 != flag2, "generate_flag() has generated the same flag twice."