CTF-site-project/app.py

import werkzeug
from flask import Flask, render_template, request, url_for, session, redirect, g, abort, send_file, render_template_string
import sqlite3
from random import getrandbits
from func import *
import base64


connection = sqlite3.connect('database.db')
cursor = connection.cursor()
cursor.execute('''
    CREATE TABLE IF NOT EXISTS Users (
    id INTEGER PRIMARY KEY,
    login TEXT NOT NULL,
    password TEXT NOT NULL
    )
''')
cursor.execute('SELECT * FROM Users where login = "admin"')
if not cursor.fetchone():
    cursor.execute('INSERT INTO Users (login, password) VALUES (?, ?)', ('admin', '12345678'))
connection.commit()

app = Flask(__name__)
app.config['SECRET_KEY'] = 'ca4ac4ada05f91a5790d2132992bfaed86df15c4d08f2dfe'
DATABASE = 'database.db'

def get_db():
    db = getattr(g, '_database', None)
    if db is None:
        db = g._database = sqlite3.connect(DATABASE)
    return db

@app.teardown_appcontext
def close_connection(exception):
    db = getattr(g, '_database', None)
    if db:
        db.close()

@app.route("/")
def index():
    return render_template('index.html')

@app.route("/web")
def web():
    return render_template('web-main.html')

@app.route("/forensic")
def forensic():
    return render_template('forensic-main.html')

@app.route("/osint")
def osint():
    return render_template('osint-main.html')

@app.route("/web/sql-injection", methods=('GET', 'POST'))
def websql():
    if request.method == 'POST':
        login = request.form['login']
        password = request.form['pass']
        cursor = get_db().cursor()
        cursor.execute(f'SELECT * FROM Users WHERE login == "{login}" AND password == "{password}"')
        user = cursor.fetchone()
        if not user:
            return render_template('sql-injection.html', error='Ошибка: неверный логин или пароль')
        session['sql_flag'] = f'C4TchFl4g{{{hex(getrandbits(45))[2:]}}}'
        return redirect(url_for('success_login'), code=302)
    return render_template('sql-injection.html')

@app.route("/web/idor")
def webidor():
    return render_template('idor.html')

@app.route("/web/path-traversal")
def webpt():
    return render_template('path-traversal.html')

@app.route("/web/ssti", methods=('GET', 'POST'))
def webssti():
    id = session.get('ssti_id')
    flag = session.get('flag_ssti')
    if id not in comments.keys():
        session['ssti_id'] = id = hex(getrandbits(45))[2:]
        comments[id] = []
        session['flag_ssti'] = flag = f'C4TchFl4g{{{hex(getrandbits(45))[2:]}}}'

    if request.method == 'POST':
        if 'user_flag' in  request.form.keys():
            user_flag = request.form['user_flag']
            if user_flag == flag:
                return render_template('ssti.html', flag=flag, success_flag='.')
            return render_template('ssti.html', flag=flag, error='Ошибка: неверный флаг!')

        username = request.form['username']
        comment = request.form['user_comment']
        comments[id].append((username, comment))
    def render(x):
        try:
            return render_template_string(x, flag=flag)
        except:
            return x
    return render_template('ssti.html', render_template_string=render, comments=comments[id], flag=flag)


comments = {}


@app.route("/web/portswigger-guide")
def webpsguide():
    return render_template('portswigger-guide.html')

@app.route("/forensic/metadata", methods=('GET', 'POST'))
def fmetadata():
    flag_task1 = session.get('flag_task1')
    if request.method == 'POST':
        user_flag = request.form['user_flag']
        if user_flag == flag_task1:
            return render_template('task1-metadata.html', flag=flag_task1, success_flag='.')
        return render_template('task1-metadata.html', flag=flag_task1, error='Ошибка: неверный флаг!')

    if not flag_task1:
        session['task1_id'] = id = hex(getrandbits(45))[2:]
        session['flag_task1'] = flag_task1 = f'C4TchFl4g{{{hex(getrandbits(45))[2:]}}}'
        task1_flag(flag_task1, id)
    return render_template('task1-metadata.html', flag=flag_task1)

@app.route("/forensic/getimg")
def forensic_task1():
    if 'task1_id' not in session.keys():
        abort(404)
    return send_file(f'/tmp/task1/{session['task1_id']}.jpg')

@app.route("/forensic/base-guide", methods=('GET', 'POST'))
def fbase():
    flag_task4 = session.get('flag_task4')
    if request.method == 'POST':
        user_flag = request.form['user_flag']
        if user_flag == flag_task4:
            return render_template('base.html', flag=flag_task4, success_flag='.')
        return render_template('base.html', flag=flag_task4, error='Ошибка: неверный флаг!')
    if not flag_task4:
        session['flag_task4'] = flag_task4 = f'C4TchFl4g{{{hex(getrandbits(45))[2:]}}}'
    base32str = str(base64.b32encode(flag_task4.encode()))[2:-1]
    base64str = str(base64.b64encode(f"Ой-ой, похоже, что самое главное всё ещё зашифровано.. Сможешь расшифровать, ОП?  {base32str}".encode()))[2:-1]
    return render_template('base.html', base_task=base64str)


@app.route("/forensic/.docx_files", methods=('GET', 'POST'))
def fbinwalk():
    flag_task3 = 'C4TchFl4g{GT4_6_1eaks}'
    if request.method == 'POST':
        user_flag = request.form['user_flag']
        if user_flag == flag_task3:
            return render_template('binwalk.html', flag=flag_task3, success_flag='.')
        return render_template('binwalk.html', flag=flag_task3, error='Ошибка: неверный флаг!')
    return render_template('binwalk.html')

@app.route("/forensic/hex", methods=('GET', 'POST'))
def fhex():
    flag_task2 = "C4TchFl4g{I_hir3d_7his_c4r_t0_st4r3_4t_Y0u}"
    if request.method == 'POST':
        user_flag = request.form['user_flag']
        if user_flag == flag_task2:
            return render_template('hex.html', flag=flag_task2, success_flag='.')
        return render_template('hex.html', flag=flag_task2, error='Ошибка: неверный флаг!')
    return render_template('hex.html')

@app.route("/forensic/hash", methods=('GET', 'POST'))
def fhash():
    flag_task5 = "C4TchFl4g{superadmin}"
    if request.method == 'POST':
        user_flag = request.form['user_flag']
        if user_flag == flag_task5:
            return render_template('hash.html', flag=flag_task5, success_flag='.')
        return render_template('hash.html', flag=flag_task5, error='Ошибка: неверный флаг!')
    return render_template('hash.html')

@app.route("/osint/questions")
def osintquestions():
    return render_template('osint-questions.html')

@app.route("/osint/geoguessr")
def osintgeoguessr():
    return render_template('osint-geoguessr.html')

@app.route("/osint/really_hard_task")
def osintrht():
    return render_template('osint-hardtask.html')

@app.route("/web/success_login-sqltask", methods=('GET', 'POST'))
def success_login():
    flag = session.get('sql_flag')
    if request.method == 'POST':
        user_flag = request.form['user_flag']
        if user_flag == flag:
            return render_template('success-sql.html', flag=flag, success_flag='.')
        return render_template('success-sql.html', flag=flag, error='Ошибка: неверный флаг!')
    if flag:
        return render_template('success-sql.html', flag=flag)
    abort(404)

@app.errorhandler(werkzeug.exceptions.NotFound)
def handle_bad_request(e):
    return '<img src="https://http.cat/404.jpg">', 404

app.run(host="0.0.0.0", debug=False)
connection.close()
feat: sql-task profile 2025-02-02 20:43:16 +03:00			`import werkzeug`
feat(web): ssti back 2025-04-10 00:23:44 +03:00			`from flask import Flask, render_template, request, url_for, session, redirect, g, abort, send_file, render_template_string`
feat: Sql task window 2025-01-25 22:18:21 +03:00			`import sqlite3`
feat: sql-task get flag 2025-02-03 00:19:41 +03:00			`from random import getrandbits`
feat: regen forensic_task1 flag 2025-02-14 13:19:23 +03:00			`from func import *`
feat(forensic): base task and flag accept 2025-04-08 23:00:54 +03:00			`import base64`
feat: Sql task window 2025-01-25 22:18:21 +03:00
feat(web): ssti back 2025-04-10 00:23:44 +03:00
wip: Sql task error 2025-01-26 22:34:47 +03:00			`connection = sqlite3.connect('database.db')`
feat: Sql task window 2025-01-25 22:18:21 +03:00			`cursor = connection.cursor()`
			`cursor.execute('''`
			`CREATE TABLE IF NOT EXISTS Users (`
			`id INTEGER PRIMARY KEY,`
			`login TEXT NOT NULL,`
			`password TEXT NOT NULL`
			`)`
			`''')`
			`cursor.execute('SELECT * FROM Users where login = "admin"')`
wip: Sql task error 2025-01-26 22:34:47 +03:00			`if not cursor.fetchone():`
feat: Sql task window 2025-01-25 22:18:21 +03:00			`cursor.execute('INSERT INTO Users (login, password) VALUES (?, ?)', ('admin', '12345678'))`
			`connection.commit()`
init commit 2025-01-23 00:19:58 +03:00
			`app = Flask(__name__)`
feat: Sql task window 2025-01-25 22:18:21 +03:00			`app.config['SECRET_KEY'] = 'ca4ac4ada05f91a5790d2132992bfaed86df15c4d08f2dfe'`
wip: Sql task error 2025-01-26 22:34:47 +03:00			`DATABASE = 'database.db'`

			`def get_db():`
			`db = getattr(g, '_database', None)`
			`if db is None:`
			`db = g._database = sqlite3.connect(DATABASE)`
			`return db`

			`@app.teardown_appcontext`
			`def close_connection(exception):`
			`db = getattr(g, '_database', None)`
			`if db:`
			`db.close()`
init commit 2025-01-23 00:19:58 +03:00
			`@app.route("/")`
			`def index():`
			`return render_template('index.html')`

feat: section main files 2025-04-05 22:42:20 +03:00			`@app.route("/web")`
			`def web():`
			`return render_template('web-main.html')`

			`@app.route("/forensic")`
			`def forensic():`
			`return render_template('forensic-main.html')`

			`@app.route("/osint")`
			`def osint():`
			`return render_template('osint-main.html')`

fix: nav-div disign 2025-04-06 21:37:12 +03:00			`@app.route("/web/sql-injection", methods=('GET', 'POST'))`
feat: web main page 2025-04-07 12:23:56 +03:00			`def websql():`
feat: Sql task window 2025-01-25 22:18:21 +03:00			`if request.method == 'POST':`
			`login = request.form['login']`
			`password = request.form['pass']`
wip: Sql task error 2025-01-26 22:34:47 +03:00			`cursor = get_db().cursor()`
Smol change 2025-01-26 22:50:50 +03:00			`cursor.execute(f'SELECT * FROM Users WHERE login == "{login}" AND password == "{password}"')`
wip: Sql task error 2025-01-26 22:34:47 +03:00			`user = cursor.fetchone()`
			`if not user:`
wip: Sql task tmp disign 2025-01-27 00:20:55 +03:00			`return render_template('sql-injection.html', error='Ошибка: неверный логин или пароль')`
feat: sql-task get flag 2025-02-03 00:19:41 +03:00			`session['sql_flag'] = f'C4TchFl4g{{{hex(getrandbits(45))[2:]}}}'`
feat: sql-task profile 2025-02-02 20:43:16 +03:00			`return redirect(url_for('success_login'), code=302)`
init commit 2025-01-23 00:19:58 +03:00			`return render_template('sql-injection.html')`

feat: web main page 2025-04-07 12:23:56 +03:00			`@app.route("/web/idor")`
			`def webidor():`
			`return render_template('idor.html')`

			`@app.route("/web/path-traversal")`
			`def webpt():`
			`return render_template('path-traversal.html')`

feat(web): ssti back 2025-04-10 00:23:44 +03:00			`@app.route("/web/ssti", methods=('GET', 'POST'))`
feat: web main page 2025-04-07 12:23:56 +03:00			`def webssti():`
feat(web): ssti back 2025-04-10 00:23:44 +03:00			`id = session.get('ssti_id')`
			`flag = session.get('flag_ssti')`
			`if id not in comments.keys():`
			`session['ssti_id'] = id = hex(getrandbits(45))[2:]`
			`comments[id] = []`
			`session['flag_ssti'] = flag = f'C4TchFl4g{{{hex(getrandbits(45))[2:]}}}'`

			`if request.method == 'POST':`
			`if 'user_flag' in request.form.keys():`
			`user_flag = request.form['user_flag']`
			`if user_flag == flag:`
			`return render_template('ssti.html', flag=flag, success_flag='.')`
			`return render_template('ssti.html', flag=flag, error='Ошибка: неверный флаг!')`

			`username = request.form['username']`
			`comment = request.form['user_comment']`
			`comments[id].append((username, comment))`
			`def render(x):`
			`try:`
			`return render_template_string(x, flag=flag)`
			`except:`
			`return x`
			`return render_template('ssti.html', render_template_string=render, comments=comments[id], flag=flag)`


			`comments = {}`

feat: web main page 2025-04-07 12:23:56 +03:00
			`@app.route("/web/portswigger-guide")`
			`def webpsguide():`
			`return render_template('portswigger-guide.html')`

feat: forensic metadata task help 2025-04-08 14:43:15 +03:00			`@app.route("/forensic/metadata", methods=('GET', 'POST'))`
feat: forensic main page 2025-04-07 12:48:42 +03:00			`def fmetadata():`
feat(forensic): hash task and flag accept 2025-04-09 16:16:22 +03:00			`flag_task1 = session.get('flag_task1')`
fix: main-icon 2025-04-03 22:23:02 +03:00			`if request.method == 'POST':`
			`user_flag = request.form['user_flag']`
			`if user_flag == flag_task1:`
feat: section main files 2025-04-05 22:42:20 +03:00			`return render_template('task1-metadata.html', flag=flag_task1, success_flag='.')`
			`return render_template('task1-metadata.html', flag=flag_task1, error='Ошибка: неверный флаг!')`
fix(forensic): metadata task flag accept 2025-04-08 20:22:57 +03:00
			`if not flag_task1:`
			`session['task1_id'] = id = hex(getrandbits(45))[2:]`
			`session['flag_task1'] = flag_task1 = f'C4TchFl4g{{{hex(getrandbits(45))[2:]}}}'`
			`task1_flag(flag_task1, id)`
			`return render_template('task1-metadata.html', flag=flag_task1)`
init commit 2025-01-23 00:19:58 +03:00
fix: main help 2025-04-07 23:38:07 +03:00			`@app.route("/forensic/getimg")`
feat: regen forensic_task1 flag 2025-02-14 13:19:23 +03:00			`def forensic_task1():`
feat(forensic): hash task and flag accept 2025-04-09 16:16:22 +03:00			`if 'task1_id' not in session.keys():`
			`abort(404)`
feat: regen forensic_task1 flag 2025-02-14 13:19:23 +03:00			`return send_file(f'/tmp/task1/{session['task1_id']}.jpg')`

feat(forensic): base task and flag accept 2025-04-08 23:00:54 +03:00			`@app.route("/forensic/base-guide", methods=('GET', 'POST'))`
feat: forensic main page 2025-04-07 12:48:42 +03:00			`def fbase():`
feat(forensic): hash task and flag accept 2025-04-09 16:16:22 +03:00			`flag_task4 = session.get('flag_task4')`
feat(forensic): base task and flag accept 2025-04-08 23:00:54 +03:00			`if request.method == 'POST':`
			`user_flag = request.form['user_flag']`
feat(forensic): hex task and flag accept 2025-04-08 23:34:36 +03:00			`if user_flag == flag_task4:`
			`return render_template('base.html', flag=flag_task4, success_flag='.')`
			`return render_template('base.html', flag=flag_task4, error='Ошибка: неверный флаг!')`
			`if not flag_task4:`
feat(forensic): hash task and flag accept 2025-04-09 16:16:22 +03:00			`session['flag_task4'] = flag_task4 = f'C4TchFl4g{{{hex(getrandbits(45))[2:]}}}'`
feat(forensic): hex task and flag accept 2025-04-08 23:34:36 +03:00			`base32str = str(base64.b32encode(flag_task4.encode()))[2:-1]`
feat(forensic): base text 2025-04-09 21:43:43 +03:00			`base64str = str(base64.b64encode(f"Ой-ой, похоже, что самое главное всё ещё зашифровано.. Сможешь расшифровать, ОП? {base32str}".encode()))[2:-1]`
feat(forensic): base task and flag accept 2025-04-08 23:00:54 +03:00			`return render_template('base.html', base_task=base64str)`

feat: forensic main page 2025-04-07 12:48:42 +03:00
feat(forensic): binwalk task flag accept 2025-04-08 21:18:10 +03:00			`@app.route("/forensic/.docx_files", methods=('GET', 'POST'))`
feat: forensic main page 2025-04-07 12:48:42 +03:00			`def fbinwalk():`
feat(forensic): hex task and flag accept 2025-04-08 23:34:36 +03:00			`flag_task3 = 'C4TchFl4g{GT4_6_1eaks}'`
feat(forensic): binwalk task flag accept 2025-04-08 21:18:10 +03:00			`if request.method == 'POST':`
			`user_flag = request.form['user_flag']`
feat(forensic): hex task and flag accept 2025-04-08 23:34:36 +03:00			`if user_flag == flag_task3:`
			`return render_template('binwalk.html', flag=flag_task3, success_flag='.')`
			`return render_template('binwalk.html', flag=flag_task3, error='Ошибка: неверный флаг!')`
feat: forensic main page 2025-04-07 12:48:42 +03:00			`return render_template('binwalk.html')`

feat(forensic): hex task and flag accept 2025-04-08 23:34:36 +03:00			`@app.route("/forensic/hex", methods=('GET', 'POST'))`
feat: forensic main page 2025-04-07 12:48:42 +03:00			`def fhex():`
feat(forensic): hex task and flag accept 2025-04-08 23:34:36 +03:00			`flag_task2 = "C4TchFl4g{I_hir3d_7his_c4r_t0_st4r3_4t_Y0u}"`
			`if request.method == 'POST':`
			`user_flag = request.form['user_flag']`
			`if user_flag == flag_task2:`
			`return render_template('hex.html', flag=flag_task2, success_flag='.')`
			`return render_template('hex.html', flag=flag_task2, error='Ошибка: неверный флаг!')`
			`return render_template('hex.html')`
feat: forensic main page 2025-04-07 12:48:42 +03:00
feat(forensic): hash task and flag accept 2025-04-09 16:16:22 +03:00			`@app.route("/forensic/hash", methods=('GET', 'POST'))`
feat: forensic main page 2025-04-07 12:48:42 +03:00			`def fhash():`
feat(forensic): hash task and flag accept 2025-04-09 16:16:22 +03:00			`flag_task5 = "C4TchFl4g{superadmin}"`
			`if request.method == 'POST':`
			`user_flag = request.form['user_flag']`
			`if user_flag == flag_task5:`
			`return render_template('hash.html', flag=flag_task5, success_flag='.')`
			`return render_template('hash.html', flag=flag_task5, error='Ошибка: неверный флаг!')`
feat: forensic main page 2025-04-07 12:48:42 +03:00			`return render_template('hash.html')`

			`@app.route("/osint/questions")`
			`def osintquestions():`
			`return render_template('osint-questions.html')`

			`@app.route("/osint/geoguessr")`
			`def osintgeoguessr():`
			`return render_template('osint-geoguessr.html')`

			`@app.route("/osint/really_hard_task")`
			`def osintrht():`
			`return render_template('osint-hardtask.html')`

fix: success page 2025-04-07 22:13:31 +03:00			`@app.route("/web/success_login-sqltask", methods=('GET', 'POST'))`
feat: sql-task profile 2025-02-02 20:43:16 +03:00			`def success_login():`
fix: display flag sql-task 2025-02-05 00:17:09 +03:00			`flag = session.get('sql_flag')`
feat: sql-task get flag 2025-02-03 00:19:41 +03:00			`if request.method == 'POST':`
			`user_flag = request.form['user_flag']`
fix: display flag sql-task 2025-02-05 00:17:09 +03:00			`if user_flag == flag:`
feat: section main files 2025-04-05 22:42:20 +03:00			`return render_template('success-sql.html', flag=flag, success_flag='.')`
			`return render_template('success-sql.html', flag=flag, error='Ошибка: неверный флаг!')`
fix: display flag sql-task 2025-02-05 00:17:09 +03:00			`if flag:`
feat: section main files 2025-04-05 22:42:20 +03:00			`return render_template('success-sql.html', flag=flag)`
feat: sql-task profile 2025-02-02 20:43:16 +03:00			`abort(404)`
feat: Sql task window 2025-01-25 22:18:21 +03:00
feat: sql-task profile 2025-02-02 20:43:16 +03:00			`@app.errorhandler(werkzeug.exceptions.NotFound)`
			`def handle_bad_request(e):`
			`return '<img src="https://http.cat/404.jpg">', 404`
vse ploho 2025-01-24 21:21:41 +03:00
fix: run 2025-01-30 20:55:31 +03:00			`app.run(host="0.0.0.0", debug=False)`
Smol change 2025-01-26 22:50:50 +03:00			`connection.close()`