Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
30 changes: 23 additions & 7 deletions introduction/mitre.py
Original file line number Diff line number Diff line change
Expand Up @@ -152,13 +152,28 @@ def mitre_top25(request):
return render(request, 'mitre/mitre_top25.html')

@authentication_decorator
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC
from cryptography.hazmat.backends import default_backend

import os


def csrf_lab_login(request):
if request.method == 'GET':
return render(request, 'mitre/csrf_lab_login.html')
elif request.method == 'POST':
password = request.POST.get('password')
username = request.POST.get('username')
password = md5(password.encode()).hexdigest()
salt = os.urandom(16)
kdf = PBKDF2HMAC(
algorithm=hashes.SHA384(),
length=32,
salt=salt,
iterations=100000,
backend=default_backend()
)
password = kdf.derive(password.encode())
User = CSRF_user_tbl.objects.filter(username=username, password=password)
if User:
payload ={
Expand All @@ -172,7 +187,6 @@ def csrf_lab_login(request):
return response
else :
return redirect('/mitre/9/lab/login')

@authentication_decorator
@csrf_exempt
def csrf_transfer_monei(request):
Expand Down Expand Up @@ -215,12 +229,15 @@ def csrf_transfer_monei_api(request,recipent,amount):
def mitre_lab_25_api(request):
if request.method == "POST":
expression = request.POST.get('expression')
result = eval(expression)
# Replace eval with a safer alternative
try:
result = json.loads(expression)
except (ValueError, TypeError) as e:
return JsonResponse({'error': str(e)}, status=400)
return JsonResponse({'result': result})
else:
return redirect('/mitre/25/lab/')


@authentication_decorator
def mitre_lab_25(request):
return render(request, 'mitre/mitre_lab_25.html')
Expand All @@ -230,9 +247,8 @@ def mitre_lab_17(request):
return render(request, 'mitre/mitre_lab_17.html')

def command_out(command):
process = subprocess.Popen(command, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
return process.communicate()

process = subprocess.Popen(command, shell=False, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
return process.communicate()

@csrf_exempt
def mitre_lab_17_api(request):
Expand Down
4 changes: 2 additions & 2 deletions introduction/playground/A6/soln.py
Original file line number Diff line number Diff line change
Expand Up @@ -6,10 +6,10 @@ def check_vuln(list_of_modules)->list:
for i in list_of_modules:
k = i.split("==")
url = f"https://pypi.org/pypi/{k[0]}/{k[1]}/json"
response = requests.get(url)
response = requests.get(url, timeout=10)
response.raise_for_status()
info = response.json()
existing_vuln = info['vulnerabilities']
if len(existing_vuln) > 0:
vulns.append(existing_vuln)
vulns.append(existing_vuln)
return vulns
4 changes: 2 additions & 2 deletions introduction/playground/A6/utility.py
Original file line number Diff line number Diff line change
Expand Up @@ -6,10 +6,10 @@ def check_vuln(list_of_modules)->list:
for i in list_of_modules:
k = i.split("==")
url = f"https://pypi.org/pypi/{k[0]}/{k[1]}/json"
response = requests.get(url)
response = requests.get(url, timeout=10)
response.raise_for_status()
info = response.json()
existing_vuln = info['vulnerabilities']
if len(existing_vuln) > 0:
vulns.append(existing_vuln)
return vulns
return vulns
56 changes: 29 additions & 27 deletions introduction/views.py
Original file line number Diff line number Diff line change
Expand Up @@ -202,6 +202,9 @@ class TestUser:
encoded_user = base64.b64encode(pickled_user)

def insec_des_lab(request):
from jsonschema import validate, ValidationError
import json

if request.user.is_authenticated:
response = render(request,'Lab/insec_des/insec_des_lab.html', {"message":"Only Admins can see this page"})
token = request.COOKIES.get('token')
Expand All @@ -210,15 +213,27 @@ def insec_des_lab(request):
response.set_cookie(key='token',value=token.decode('utf-8'))
else:
token = base64.b64decode(token)
admin = pickle.loads(token)
if admin.admin == 1:
response = render(request,'Lab/insec_des/insec_des_lab.html', {"message":"Welcome Admin, SECRETKEY:ADMIN123"})
return response
intermediary_schema = {
"type": "object",
"properties": {
"admin": {"type": "integer"}
},
"required": ["admin"],
"additionalProperties": False,
}
try:
intermediary_object = json.loads(token)
validate(instance=intermediary_object, schema=intermediary_schema)
if intermediary_object['admin'] == 1:
response = render(request,'Lab/insec_des/insec_des_lab.html', {"message":"Welcome Admin, SECRETKEY:ADMIN123"})
return response
except (ValidationError, json.JSONDecodeError):
# Handle validation errors gracefully
# ...

return response
else:
return redirect('login')

#****************************************************XXE********************************************************#


Expand Down Expand Up @@ -248,21 +263,14 @@ def xxe_see(request):

@csrf_exempt
def xxe_parse(request):

parser = make_parser()
parser.setFeature(feature_external_ges, True)
doc = parseString(request.body.decode('utf-8'), parser=parser)
for event, node in doc:
if event == START_ELEMENT and node.tagName == 'text':
doc.expandNode(node)
text = node.toxml()
startInd = text.find('>')
endInd = text.find('<', startInd)
text = text[startInd + 1:endInd:]
from defusedxml.ElementTree import fromstring
xml_data = request.body.decode('utf-8')
doc = fromstring(xml_data)
text = ''
for node in doc.getElementsByTagName('text'):
text = node.firstChild.nodeValue if node.firstChild else ''
p=comments.objects.filter(id=1).update(comment=text)

return render(request, 'Lab/XXE/xxe_lab.html')

def auth_home(request):
return render(request,'Lab/AUTH/auth_home.html')

Expand Down Expand Up @@ -414,22 +422,18 @@ def cmd_lab(request):
os=request.POST.get('os')
print(os)
if(os=='win'):
command="nslookup {}".format(domain)
command=["nslookup", domain]
else:
command = "dig {}".format(domain)
command = ["dig", domain]

try:
# output=subprocess.check_output(command,shell=True,encoding="UTF-8")
process = subprocess.Popen(
command,
shell=True,
stdout=subprocess.PIPE,
stderr=subprocess.PIPE)
stdout, stderr = process.communicate()
data = stdout.decode('utf-8')
stderr = stderr.decode('utf-8')
# res = json.loads(data)
# print("Stdout\n" + data)
output = data + stderr
print(data + stderr)
except:
Expand All @@ -441,7 +445,6 @@ def cmd_lab(request):
return render(request, 'Lab/CMD/cmd_lab.html')
else:
return redirect('login')

@csrf_exempt
def cmd_lab2(request):
if request.user.is_authenticated:
Expand All @@ -450,7 +453,7 @@ def cmd_lab2(request):

print(val)
try:
output = eval(val)
output = json.loads(val)
except:
output = "Something went wrong"
return render(request,'Lab/CMD/cmd_lab2.html',{"output":output})
Expand All @@ -460,7 +463,6 @@ def cmd_lab2(request):
return render(request, 'Lab/CMD/cmd_lab2.html')
else:
return redirect('login')

#******************************************Broken Authentication**************************************************#

def bau(request):
Expand Down