Chest/CTF-site-project
Chest/CTF-site-project
1
1
Fork 0
Code Issues Pull Requests Activity

feat(web): idor task and flag accept

Browse Source
This commit is contained in:
chest 2025-04-17 00:12:02 +03:00
parent 648e98dcd1
commit 9b0220bdf6
4 changed files with 125 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

65
app.py
View File

@ -66,8 +66,6 @@ def osint():
@app.route("/web/sql-injection", methods=('GET', 'POST')) @app.route("/web/sql-injection", methods=('GET', 'POST'))
def websql(): def websql():
if request.method == 'POST': if request.method == 'POST':
if 'login' not in (keys := request.form.keys()) or 'pass' not in keys:
abort(400)
login = request.form['login'] login = request.form['login']
password = request.form['pass'] password = request.form['pass']
cursor = get_db().cursor() cursor = get_db().cursor()
@ -79,11 +77,58 @@ def websql():
return redirect(url_for('success_login'), code=302) return redirect(url_for('success_login'), code=302)
return render_template('sql-injection.html') return render_template('sql-injection.html')
@app.route("/web/idor") @app.route("/web/success_login-sqltask", methods=('GET', 'POST'))
def success_login():
flag = session.get('sql_flag')
if request.method == 'POST':
user_flag = request.form['user_flag']
if user_flag == flag:
return render_template('success-sql.html', flag=flag, success_flag='.')
return render_template('success-sql.html', flag=flag, error='Ошибка: неверный флаг!')
if flag:
return render_template('success-sql.html', flag=flag)
abort(404)
idor_main_users = {}
@app.route("/web/idor", methods=('GET', 'POST'))
def webidor(): def webidor():
if request.method == 'POST':
if 'user_flag' in request.form.keys():
flag = session.get('idor_flag')
user_flag = request.form['user_flag']
if user_flag == flag and 'idor_id' in session.keys() and session['idor_id'] in idor_main_users.keys():
del idor_main_users[session['idor_id']]
return render_template('idor.html', flag=flag, success_flag='.')
return render_template('idor.html', flag=flag, error='Ошибка: неверный флаг!')
login = request.form['login']
mail = request.form['mail']
password = request.form['pass']
if not login:
return render_template('idor.html', error='Ошибка: не оставляйте себя без имени!')
if not password:
return render_template('idor.html', error='Ошибка: Пароль важен, заполните поле!')
session['idor_flag'] = f'C4TchFl4g{{{hex(getrandbits(45))[2:]}}}'
session['idor_id'] = id = getrandbits(8)
idor_main_users[id] = {'login': login,'mail': mail}
return redirect(url_for('webidor_user', id=session['idor_id']), code=302)
return render_template('idor.html') return render_template('idor.html')
@app.route("/web/idor/user_id<int:id>", methods=('GET', 'POST'))
def webidor_user(id):
if 'idor_id' not in session.keys():
abort(404)
if id <= 32:
idor_users = {0: ('admin', 'popa'), 1: ('an', 'fffff'), 2: ('adm', 'qweqewqeqweqwe'), 3: ('admin', session['idor_flag']), 4: ('admin', ''), 5: ('admin', ''), 6: ('admin', ''), 7: ('admin', ''), 8: ('admin', ''), 9: ('admin', ''), 10: ('admin', ''), 11: ('admin', ''), 12: ('admin', ''), 13: ('admin', ''), 14: ('admin', ''), 15: ('admin', '')}
return render_template('idor_user.html', user=idor_users[id])
if id not in idor_main_users.keys():
abort(404)
return render_template('idor-main-user.html', login=idor_main_users[id]['login'], mail=idor_main_users[id]['mail'])
@app.route("/web/path-traversal", methods=('GET', 'POST')) @app.route("/web/path-traversal", methods=('GET', 'POST'))
def webpt(): def webpt():
flag_task3 = 'С4Tch_Fl4g{Y0u_Find_4_littl3_kitty}' flag_task3 = 'С4Tch_Fl4g{Y0u_Find_4_littl3_kitty}'
@ -99,8 +144,6 @@ def webpt():
return send_file(filename) return send_file(filename)
except FileNotFoundError: except FileNotFoundError:
abort(404) abort(404)
@app.route("/web/ssti", methods=('GET', 'POST')) @app.route("/web/ssti", methods=('GET', 'POST'))
def webssti(): def webssti():
@ -224,17 +267,7 @@ def osintrht():
return render_template('osint-hardtask.html', flag=flag_task7, error='Ошибка: неверный флаг!') return render_template('osint-hardtask.html', flag=flag_task7, error='Ошибка: неверный флаг!')
return render_template('osint-hardtask.html') return render_template('osint-hardtask.html')
@app.route("/web/success_login-sqltask", methods=('GET', 'POST'))
def success_login():
flag = session.get('sql_flag')
if request.method == 'POST':
user_flag = request.form['user_flag']
if user_flag == flag:
return render_template('success-sql.html', flag=flag, success_flag='.')
return render_template('success-sql.html', flag=flag, error='Ошибка: неверный флаг!')
if flag:
return render_template('success-sql.html', flag=flag)
abort(404)
@app.errorhandler(werkzeug.exceptions.HTTPException) @app.errorhandler(werkzeug.exceptions.HTTPException)
def error_handler(e): def error_handler(e):

18
templates/idor-main-user.html Normal file
View File

@ -0,0 +1,18 @@
<!DOCTYPE html>
<html lang="ru">
{% include 'utils/_head.html' %}
<body>
{% include 'utils/_header.html' %}
<div class="container" style="max-width:70%; justify-content: space-between;min-width: 40rem; flex-wrap: nowrap">
<div class="profile">
<h2 class="header" style="text-align:left">Ваш Профиль:</h2>
<p class="simpletext" style="text-align:left">Логин: <span class="context">{{ login }}</span></p>
<p class="simpletext" style="text-align:left">Почта: <span class="context">{{ mail }}</span></p>
</div>
</div>
{% include 'utils/_websidenav.html' %}
<div id="success"> <p>Вход произведён успешно!</p> </div>
</body>
</html>

40
templates/idor.html Normal file
View File

@ -0,0 +1,40 @@
{% extends 'utils/_task.html' %}
{% block content %}
{% include 'utils/_forensicsidenav.html' %}
<div id="popup" class="sql-guide capsule-window">
<span class="close-btn usable-context" onclick="hidePopup()">скрыть</span>
</div>
<div class="container">
<div class="small capsule-window info1" style="height: auto;">
<form action="/web/idor" method="post" class="simpletext">
<p class="simpletext">Блин, я потерял страничку пользователя с почтой <abbr class="hltext" title="Смотри подсказку(кнопка снизу слева)">supercat@codrs.ru</abbr>. Можешь поискать? Для начала войди на сайт.</p>
<div class="small-container" ><p>Логин: <p class="hidden">.</p> </p> <input type="text" name="login" class="inpt" /></div>
<div class="small-container" ><p>Почта: <p class="hidden">.</p> </p> <input type="text" name="mail" class="inpt" /></div>
<div class="small-container"><p>Пароль:</p> <input type="password" name="pass" class="inpt"/></div>
<input type="submit" value="Войти" class="btn1">
</form>
</div>
</div>
<div class="flag-input">
<h3 class="header" style="text-align:left">Введите ответ:</h3>
<form action="/web/idor" method="post" class="simpletext">
<input class="inpt" type="text" name="user_flag" style="width: 100%; height: 1.25rem; margin: 0">
<input type="submit" value="Submit" class="btn1" style="margin-top: 1.25rem">
</form>
</div>
</div>
{% if error %}
<div id="error"> <p>{{ error }}</p> </div>
{% elif success_flag %}
<div class="task-done">
<h1 class="header">Вы прошли задание!</h1>
<img class="done" src="{{ url_for('static', filename='imgs/done_icon.png') }}">
<a href="{{ url_for('web') }}" class="usable-context" style="text-align: canter; margin: 1rem; padding: 1rem;"> < Вернуться к заданиям > </a>
</div>
{% endif %}
{% endblock %}

18
templates/idor_user.html Normal file
View File

@ -0,0 +1,18 @@
<!DOCTYPE html>
<html lang="ru">
{% include 'utils/_head.html' %}
<body>
{% include 'utils/_header.html' %}
<div class="container" style="max-width:70%; justify-content: space-between;min-width: 40rem; flex-wrap: nowrap">
<div class="profile">
<h2 class="header" style="text-align:left">Ваш Профиль:</h2>
<p class="simpletext" style="text-align:left">Логин: <span class="context">{{ user[0] }}</span></p>
<p class="simpletext" style="text-align:left">Почта: <span class="context">{{ user[1] }}</span></p>
</div>
</div>
{% include 'utils/_websidenav.html' %}
<div id="success"> <p>Вход произведён успешно!</p> </div>
</body>
</html>