diff --git a/Lab1_Fuzzing/Dockerfile b/Lab1_Fuzzing/Dockerfile new file mode 100644 index 00000000..87d27401 --- /dev/null +++ b/Lab1_Fuzzing/Dockerfile @@ -0,0 +1,49 @@ +FROM debian:11 AS afl_builder +WORKDIR /opt +RUN apt-get update && apt-get --no-install-recommends -y install ca-certificates build-essential +RUN echo "LLVM Toolchain and GCC" \ + && apt-get install --no-install-recommends -y \ + llvm-13 llvm-13-dev lld-13 clang-13 +RUN echo "GCC dev deps" \ + && apt-get install --no-install-recommends -y \ + gcc-$(gcc --version|head -n1|sed 's/\..*//'|sed 's/.* //')-plugin-dev \ + libstdc++-$(gcc --version|head -n1|sed 's/\..*//'|sed 's/.* //')-dev +RUN echo "AFL++ Deps" \ + && apt-get install --no-install-recommends -y \ + build-essential python3-dev automake \ + cmake git flex bison libglib2.0-dev \ + libpixman-1-dev python3-setuptools cargo \ + libgtk-3-dev +RUN echo "Install AFL++" \ + && git clone https://github.com/AFLplusplus/AFLplusplus \ + && cd AFLplusplus \ + && export LLVM_CONFIG='llvm-config-13' \ + && make source-only + +FROM debian:11 AS radamsa_builder +WORKDIR /opt +RUN apt-get update && apt-get --no-install-recommends -y install ca-certificates build-essential +RUN echo "Radamsa Deps" \ + && apt-get --no-install-recommends -y \ + install wget make gcc git +RUN echo "Install Radamsa" \ + && git clone https://gitlab.com/akihe/radamsa.git \ + && cd radamsa \ + && make + +FROM debian:11 AS final_stage +COPY --from=afl_builder /opt/AFLplusplus /opt/AFLplusplus +COPY --from=radamsa_builder /opt/radamsa/bin/radamsa /usr/bin/radamsa +RUN apt-get update && apt-get --no-install-recommends -y install ca-certificates build-essential \ + python3-dev python3-setuptools llvm-13 llvm-13-dev lld-13 clang-13 \ + libglib2.0 valgrind \ + git cmake make wget curl nano python3-pip \ + && cd /opt/AFLplusplus \ + && make install \ + && rm -rf /opt/AFLplusplus \ + && ln /usr/bin/clang-13 /usr/bin/clang +RUN useradd -ms /bin/bash -G sudo -u 69 compsec \ + && mkdir -p /home/compsec/.local/bin +ENV PATH=/home/compsec/.local/bin:$PATH +USER compsec +WORKDIR /home/compsec \ No newline at end of file diff --git a/Lab1_Fuzzing/docker-compose.yml b/Lab1_Fuzzing/docker-compose.yml new file mode 100644 index 00000000..4151eec4 --- /dev/null +++ b/Lab1_Fuzzing/docker-compose.yml @@ -0,0 +1,12 @@ +version: "3" +services: + week1: + image: compsec/week1:latest + container_name: compsec-week1-fuzz + build: + context: . + dockerfile: Dockerfile + volumes: + - './shared:/home/compsec/shared' + - './misc:/home/compsec/misc:ro' + entrypoint: /bin/bash \ No newline at end of file diff --git a/Lab2_Network/csrfserver/csrf.Dockerfile b/Lab2_Network/csrfserver/csrf.Dockerfile new file mode 100644 index 00000000..8c664032 --- /dev/null +++ b/Lab2_Network/csrfserver/csrf.Dockerfile @@ -0,0 +1,5 @@ +FROM python:3.9-alpine +WORKDIR /opt/csrfserver +RUN pip3 install fastapi uvicorn +EXPOSE 80 +ENTRYPOINT python3 -m uvicorn app:app --host=0.0.0.0 --port=80 --reload \ No newline at end of file diff --git a/Lab2_Network/csrfserver/main.py b/Lab2_Network/csrfserver/main.py new file mode 100644 index 00000000..44053414 --- /dev/null +++ b/Lab2_Network/csrfserver/main.py @@ -0,0 +1,18 @@ +from fastapi import FastAPI, Request +from fastapi.responses import JSONResponse + +app = FastAPI(default_response_class=JSONResponse) + + +@app.get('/') +def example(): + return { + 'Hello': 'World', + 'guide': 'You can modify this server skeleton to receive your CSRF results. ' + 'The server will auto-reload on save.' + } + + +@app.post('/') +def post(r: Request): + return {**r.query_params} diff --git a/Lab2_Network/docker-compose.yml b/Lab2_Network/docker-compose.yml new file mode 100644 index 00000000..7351b953 --- /dev/null +++ b/Lab2_Network/docker-compose.yml @@ -0,0 +1,32 @@ +version: "3" +services: + juiceshop: + image: bkimminich/juice-shop:v8.7.2 + container_name: compsec-week2-juiceshop + ports: + - '127.0.0.1:3000:3000' + webserver: + image: nginx:latest + container_name: compsec-week2-webserver + ports: + - '127.0.0.1:3001:80' + volumes: + - './webserver:/usr/share/nginx/html' + muumitalo: + build: + context: muumitalo + dockerfile: muumitalo.Dockerfile + image: compsec/muumitalo:latest + container_name: compsec-week2-muumitalo + ports: + - '127.0.0.1:3002:80' + csrf: + build: + context: csrfserver + dockerfile: csrf.Dockerfile + image: compsec/csrfserver:latest + container_name: compsec-week2-csrfserver + ports: + - '127.0.0.1:3003:80' + volumes: + - './csrfserver/main.py:/opt/csrfserver/app.py' \ No newline at end of file diff --git a/Lab2_Network/misc/muumitalo/README.md b/Lab2_Network/misc/muumitalo/README.md deleted file mode 100644 index 33962bf6..00000000 --- a/Lab2_Network/misc/muumitalo/README.md +++ /dev/null @@ -1,33 +0,0 @@ -# Muumitalo - -Python based flask server for demonstrating brute force attacks. - -## What you need - -* python -* flask - -## How to start - -``` -sh build_muumitalo.sh -``` -Server is hosted at ```localhost:5000 ``` - - -## How to use - -You find Muumipappa at the endpoint ```localhost:5000/ovi/```. You have to answer his question correctly in order to get inside Muumitalo. The answering is done by sending a POST request to the endpoint. Content of the request should be in the following format: ```{"answer":""} ```. - -### Task - -After watching few too many hacker movies, Muumipappa became paranoid and started to think that Moominvalley's most infamous hacker, Haisuli, was trying to steal a draft of his precious memoirs, so he decided to lock himself inside the Muumitalo. Muumipappa said he will only open the door to people who know him well enough to guess his favourite drink. Luckily you know that the correct answer is ```vaapukkamehu```, but unfortunately the hacker film marathon also made Pappa obsessed with "l33t 5p34k". - -Your task is to get Muumipappa to open Muumitalo's door by sending him a POST request that contains the correct "l337 5p34ky" version of the word ```vaapukkamehu```. You have to guess the right spelling of the word by trying different mutations. - -Attempt the following mutations: - -* Change letters to lower/uppercase -* "l337 5p34k1fy" it. (The only characters you have to worry are a and e. A can potentially be 4 and e can be 3. The correct word could be for instance vA4PukKaM3hu). - -Server will return 404 if you guessed wrong, 200 if you guessed right and something else if it breaks down due to inproper input. \ No newline at end of file diff --git a/Lab2_Network/misc/muumitalo/build_muumitalo.sh b/Lab2_Network/misc/muumitalo/build_muumitalo.sh deleted file mode 100644 index 41f2d212..00000000 --- a/Lab2_Network/misc/muumitalo/build_muumitalo.sh +++ /dev/null @@ -1,2 +0,0 @@ -export FLASK_APP=muumitalo.py -python3 -m flask run diff --git a/Lab2_Network/misc/muumitalo/muumitalo.py b/Lab2_Network/misc/muumitalo/muumitalo.py deleted file mode 100644 index f6449182..00000000 --- a/Lab2_Network/misc/muumitalo/muumitalo.py +++ /dev/null @@ -1,51 +0,0 @@ -from flask import Flask, Response, request, json, render_template -import hashlib - -app = Flask(__name__) - -@app.route('/') -def portaat(): - data = { - 'Muumi' : 'Muumimamma', - 'answer': 'Muumipappa has gone crazy. He is blocking the door and won\'t let anyone inside unless you guess his favourite drink! I know he loves vaapukkamehu, but I guess after watching all those hacker movies he is expecting a little twist to the name of the drink. Go there and bombard him with answers until he comes out! He is located at localhost:5000/ovi/' - } - js = json.dumps(data) - - resp = Response(js, status=200, mimetype='application/json') - return resp - -@app.route('/ovi/', methods=["GET","POST"]) -def ovi(): - if request.method == 'POST': - data = request.data - dataDict = json.loads(data) - secret_token = dataDict['answer'].encode('utf-8') - hashed_pass = hashlib.sha1(secret_token).hexdigest() - print(dataDict) - if '171108b4c4ca0983911f6af233de18879ae96bbd' == hashed_pass: - data = { - 'Muumi' : 'MuumiPappa', - 'answer' : 'W0nd3rful! That\'s it!' - } - js = json.dumps(data) - print(request.data) - resp = Response(js, status=200, mimetype='application/json') - return resp - else: - data = { - 'Muumi' : 'MuumiPappa', - 'answer' : 'Th4t is n0t it!' - } - js = json.dumps(data) - print(request.data) - resp = Response(js, status=404, mimetype='application/json') - return resp - else: - data = { - 'Muumi' : 'MuumiPappa', - 'answer' : 'Wh4t 1s my f4v0ur1t3 dr1nk?' - } - js = json.dumps(data) - - resp = Response(js, status=200, mimetype='application/json') - return resp diff --git a/Lab2_Network/misc/muumitalo/templates/talo.html b/Lab2_Network/misc/muumitalo/templates/talo.html deleted file mode 100644 index b569b373..00000000 --- a/Lab2_Network/misc/muumitalo/templates/talo.html +++ /dev/null @@ -1,12 +0,0 @@ - - - -
- Your answer:
- -
- - -
- - diff --git a/Lab2_Network/muumitalo/README.md b/Lab2_Network/muumitalo/README.md new file mode 100644 index 00000000..4fe8533f --- /dev/null +++ b/Lab2_Network/muumitalo/README.md @@ -0,0 +1,38 @@ +# Muumitalo + +## How to start + +Can be run with docker by using the compose file in the main directory + +## How to use + +You find Muumipappa at the endpoint `localhost:3002/ovi`. You have to answer his question correctly in order to get +inside Muumitalo. The answering is done by sending a POST request to the endpoint. Content of the request should be in +the following format: + +`method: POST, url: localhost:3002/ovi?answer=vaapukkamehu`. + +Example: + +> curl -G -X POST -d "answer=vaapukkamehu" http://localhost:3002/ovi + +### Task + +After watching few too many hacker movies, Muumipappa became paranoid and started to think that Moominvalley's most +infamous hacker, Haisuli, was trying to steal a draft of his precious memoirs, so he decided to lock himself inside the +Muumitalo. Muumipappa said he will only open the door to people who know him well enough to guess his favourite drink. +Luckily you know that the correct answer is `vaapukkamehu`, but unfortunately the hacker film marathon also made +Pappa obsessed with "l33t 5p34k". + +Your task is to get Muumipappa to open Muumitalo's door by sending him a POST request that contains the correct "l337 +5p34ky" version of the word `vaapukkamehu`. You have to guess the right spelling of the word by trying different +mutations. + +Attempt the following mutations: + +* Change letters to lower/uppercase +* "l337 5p34k1fy" it. (The only characters you have to worry are a and e. A can potentially be 4 and e can be 3. The + correct word could be for instance vA4PukKaM3hu). + +Server will return 404 if you guessed wrong, 200 if you guessed right and something else if it breaks down due to +improper input. \ No newline at end of file diff --git a/Lab2_Network/muumitalo/muumitalo.Dockerfile b/Lab2_Network/muumitalo/muumitalo.Dockerfile new file mode 100644 index 00000000..a81fa303 --- /dev/null +++ b/Lab2_Network/muumitalo/muumitalo.Dockerfile @@ -0,0 +1,6 @@ +FROM python:3.9-alpine +WORKDIR /opt/muumitalo +RUN pip3 install fastapi uvicorn +COPY muumitalo.py muumitalo.py +EXPOSE 80 +ENTRYPOINT python3 -m uvicorn muumitalo:app --host=0.0.0.0 --port=80 \ No newline at end of file diff --git a/Lab2_Network/muumitalo/muumitalo.py b/Lab2_Network/muumitalo/muumitalo.py new file mode 100644 index 00000000..ca65cc74 --- /dev/null +++ b/Lab2_Network/muumitalo/muumitalo.py @@ -0,0 +1,44 @@ +import hashlib +import secrets + +from fastapi import FastAPI, Request +from fastapi.responses import JSONResponse + +app = FastAPI(default_response_class=JSONResponse) + + +@app.get('/') +def portaat(r: Request): + return { + 'Muumi': 'MuumiMamma', + 'answer': 'MuumiPappa has gone crazy.' + ' He is blocking the door and won\'t let anyone inside unless you guess his favourite drink!' + ' I know he loves vaapukkamehu,' + ' but I guess after watching all those hacker movies' + ' he is expecting a little twist to the name of the drink.' + ' Go there and bombard him with answers until he comes out! He is located at ' + f'{r.url_for("ovi_get")}' + } + + +@app.get('/ovi') +def ovi_get(): + return { + 'Muumi': 'MuumiPappa', + 'answer': 'C4n u P05T my f4v0ur1t3 dr1nk?' + } + + +@app.post('/ovi') +def ovi_post(answer: str): + hashed_pass = hashlib.sha1(answer.encode('utf-8')).hexdigest() + if secrets.compare_digest('171108b4c4ca0983911f6af233de18879ae96bbd', hashed_pass): + return JSONResponse(status_code=200, content={ + 'Muumi': 'MuumiPappa', + 'answer': 'W0nd3rful! That\'s it!' + }) + else: + return JSONResponse(status_code=404, content={ + 'Muumi': 'MuumiPappa', + 'answer': 'Th4t is n0t it!' + }) diff --git a/Lab2_Network/webserver/index.html b/Lab2_Network/webserver/index.html new file mode 100644 index 00000000..a4cef7a8 --- /dev/null +++ b/Lab2_Network/webserver/index.html @@ -0,0 +1,6 @@ + + + +Hello World + + \ No newline at end of file