2025-02-02 20:43:16 +03:00
|
|
|
import werkzeug
|
2025-02-14 13:19:23 +03:00
|
|
|
from flask import Flask, render_template, request, url_for, session, redirect, g, abort, send_file
|
2025-01-25 22:18:21 +03:00
|
|
|
import sqlite3
|
2025-02-03 00:19:41 +03:00
|
|
|
from random import getrandbits
|
2025-02-14 13:19:23 +03:00
|
|
|
from func import *
|
2025-01-25 22:18:21 +03:00
|
|
|
|
2025-01-26 22:34:47 +03:00
|
|
|
connection = sqlite3.connect('database.db')
|
2025-01-25 22:18:21 +03:00
|
|
|
cursor = connection.cursor()
|
|
|
|
|
cursor.execute('''
|
|
|
|
|
CREATE TABLE IF NOT EXISTS Users (
|
|
|
|
|
id INTEGER PRIMARY KEY,
|
|
|
|
|
login TEXT NOT NULL,
|
|
|
|
|
password TEXT NOT NULL
|
|
|
|
|
)
|
|
|
|
|
''')
|
|
|
|
|
cursor.execute('SELECT * FROM Users where login = "admin"')
|
2025-01-26 22:34:47 +03:00
|
|
|
if not cursor.fetchone():
|
2025-01-25 22:18:21 +03:00
|
|
|
cursor.execute('INSERT INTO Users (login, password) VALUES (?, ?)', ('admin', '12345678'))
|
|
|
|
|
connection.commit()
|
2025-01-23 00:19:58 +03:00
|
|
|
|
|
|
|
|
app = Flask(__name__)
|
2025-01-25 22:18:21 +03:00
|
|
|
app.config['SECRET_KEY'] = 'ca4ac4ada05f91a5790d2132992bfaed86df15c4d08f2dfe'
|
2025-01-26 22:34:47 +03:00
|
|
|
DATABASE = 'database.db'
|
|
|
|
|
|
|
|
|
|
def get_db():
|
|
|
|
|
db = getattr(g, '_database', None)
|
|
|
|
|
if db is None:
|
|
|
|
|
db = g._database = sqlite3.connect(DATABASE)
|
|
|
|
|
return db
|
|
|
|
|
|
|
|
|
|
@app.teardown_appcontext
|
|
|
|
|
def close_connection(exception):
|
|
|
|
|
db = getattr(g, '_database', None)
|
|
|
|
|
if db:
|
|
|
|
|
db.close()
|
2025-01-23 00:19:58 +03:00
|
|
|
|
|
|
|
|
@app.route("/")
|
|
|
|
|
def index():
|
|
|
|
|
return render_template('index.html')
|
|
|
|
|
|
2025-01-25 22:18:21 +03:00
|
|
|
@app.route("/sql-injection", methods=('GET', 'POST'))
|
2025-01-23 00:19:58 +03:00
|
|
|
def sql():
|
2025-01-25 22:18:21 +03:00
|
|
|
if request.method == 'POST':
|
|
|
|
|
login = request.form['login']
|
|
|
|
|
password = request.form['pass']
|
2025-01-26 22:34:47 +03:00
|
|
|
cursor = get_db().cursor()
|
2025-01-26 22:50:50 +03:00
|
|
|
cursor.execute(f'SELECT * FROM Users WHERE login == "{login}" AND password == "{password}"')
|
2025-01-26 22:34:47 +03:00
|
|
|
user = cursor.fetchone()
|
|
|
|
|
if not user:
|
2025-01-27 00:20:55 +03:00
|
|
|
return render_template('sql-injection.html', error='Ошибка: неверный логин или пароль')
|
2025-02-03 00:19:41 +03:00
|
|
|
session['sql_flag'] = f'C4TchFl4g{{{hex(getrandbits(45))[2:]}}}'
|
2025-02-02 20:43:16 +03:00
|
|
|
return redirect(url_for('success_login'), code=302)
|
2025-01-23 00:19:58 +03:00
|
|
|
return render_template('sql-injection.html')
|
|
|
|
|
|
|
|
|
|
@app.route("/found-me")
|
|
|
|
|
def found():
|
2025-02-14 13:19:23 +03:00
|
|
|
session['task1_id'] = id = hex(getrandbits(45))[2:]
|
|
|
|
|
session['task1_flag'] = flag_task1 = f'C4TchFl4g{{{hex(getrandbits(45))[2:]}}}'
|
|
|
|
|
task1_flag(flag_task1, id)
|
2025-04-03 22:23:02 +03:00
|
|
|
if request.method == 'POST':
|
|
|
|
|
user_flag = request.form['user_flag']
|
|
|
|
|
if user_flag == flag_task1:
|
|
|
|
|
return render_template('found.html', flag=flag_task1, success_flag='.')
|
|
|
|
|
return render_template('found.html', flag=flag_task1, error='Ошибка: неверный флаг!')
|
|
|
|
|
if flag_task1:
|
|
|
|
|
return render_template('found.html', flag=flag_task1)
|
|
|
|
|
abort(404)
|
2025-01-23 00:19:58 +03:00
|
|
|
return render_template('found.html')
|
|
|
|
|
|
2025-02-14 13:19:23 +03:00
|
|
|
@app.route("/found-me/task1")
|
|
|
|
|
def forensic_task1():
|
|
|
|
|
return send_file(f'/tmp/task1/{session['task1_id']}.jpg')
|
|
|
|
|
|
2025-01-23 00:19:58 +03:00
|
|
|
@app.route("/decode-me")
|
|
|
|
|
def decode():
|
|
|
|
|
return render_template('decode.html')
|
|
|
|
|
|
2025-02-03 00:19:41 +03:00
|
|
|
@app.route("/success_login", methods=('GET', 'POST'))
|
2025-02-02 20:43:16 +03:00
|
|
|
def success_login():
|
2025-02-05 00:17:09 +03:00
|
|
|
flag = session.get('sql_flag')
|
2025-02-03 00:19:41 +03:00
|
|
|
if request.method == 'POST':
|
|
|
|
|
user_flag = request.form['user_flag']
|
2025-02-05 00:17:09 +03:00
|
|
|
if user_flag == flag:
|
|
|
|
|
return render_template('success.html', flag=flag, success_flag='.')
|
|
|
|
|
return render_template('success.html', flag=flag, error='Ошибка: неверный флаг!')
|
|
|
|
|
if flag:
|
2025-02-03 00:19:41 +03:00
|
|
|
return render_template('success.html', flag=flag)
|
2025-02-02 20:43:16 +03:00
|
|
|
abort(404)
|
2025-01-25 22:18:21 +03:00
|
|
|
|
2025-02-02 20:43:16 +03:00
|
|
|
@app.errorhandler(werkzeug.exceptions.NotFound)
|
|
|
|
|
def handle_bad_request(e):
|
|
|
|
|
return '<img src="https://http.cat/404.jpg">', 404
|
2025-01-24 21:21:41 +03:00
|
|
|
|
2025-01-30 20:55:31 +03:00
|
|
|
app.run(host="0.0.0.0", debug=False)
|
2025-01-26 22:50:50 +03:00
|
|
|
connection.close()
|
