From 2c0ce0e1372faf388cfa7c4a3a9e52fd02b1ca79 Mon Sep 17 00:00:00 2001 From: joniumGit <52005121+joniumGit@users.noreply.github.com> Date: Fri, 16 Sep 2022 14:13:42 +0300 Subject: [PATCH 1/2] Adds Dockerfiles for weeks 1 and 2 and updates week 2 code --- Lab1_Fuzzing/Dockerfile | 49 ++++++++++++++++++ Lab1_Fuzzing/docker-compose.yml | 12 +++++ Lab2_Network/csrfserver/csrf.Dockerfile | 5 ++ Lab2_Network/csrfserver/main.py | 18 +++++++ Lab2_Network/docker-compose.yml | 32 ++++++++++++ Lab2_Network/misc/muumitalo/README.md | 33 ------------ .../misc/muumitalo/build_muumitalo.sh | 2 - Lab2_Network/misc/muumitalo/muumitalo.py | 51 ------------------- .../misc/muumitalo/templates/talo.html | 12 ----- Lab2_Network/muumitalo/muumitalo.Dockerfile | 6 +++ Lab2_Network/muumitalo/muumitalo.py | 44 ++++++++++++++++ Lab2_Network/webserver/index.html | 6 +++ 12 files changed, 172 insertions(+), 98 deletions(-) create mode 100644 Lab1_Fuzzing/Dockerfile create mode 100644 Lab1_Fuzzing/docker-compose.yml create mode 100644 Lab2_Network/csrfserver/csrf.Dockerfile create mode 100644 Lab2_Network/csrfserver/main.py create mode 100644 Lab2_Network/docker-compose.yml delete mode 100644 Lab2_Network/misc/muumitalo/README.md delete mode 100644 Lab2_Network/misc/muumitalo/build_muumitalo.sh delete mode 100644 Lab2_Network/misc/muumitalo/muumitalo.py delete mode 100644 Lab2_Network/misc/muumitalo/templates/talo.html create mode 100644 Lab2_Network/muumitalo/muumitalo.Dockerfile create mode 100644 Lab2_Network/muumitalo/muumitalo.py create mode 100644 Lab2_Network/webserver/index.html diff --git a/Lab1_Fuzzing/Dockerfile b/Lab1_Fuzzing/Dockerfile new file mode 100644 index 00000000..87d27401 --- /dev/null +++ b/Lab1_Fuzzing/Dockerfile @@ -0,0 +1,49 @@ +FROM debian:11 AS afl_builder +WORKDIR /opt +RUN apt-get update && apt-get --no-install-recommends -y install ca-certificates build-essential +RUN echo "LLVM Toolchain and GCC" \ + && apt-get install --no-install-recommends -y \ + llvm-13 llvm-13-dev lld-13 clang-13 +RUN echo "GCC dev deps" \ + && apt-get install --no-install-recommends -y \ + gcc-$(gcc --version|head -n1|sed 's/\..*//'|sed 's/.* //')-plugin-dev \ + libstdc++-$(gcc --version|head -n1|sed 's/\..*//'|sed 's/.* //')-dev +RUN echo "AFL++ Deps" \ + && apt-get install --no-install-recommends -y \ + build-essential python3-dev automake \ + cmake git flex bison libglib2.0-dev \ + libpixman-1-dev python3-setuptools cargo \ + libgtk-3-dev +RUN echo "Install AFL++" \ + && git clone https://github.com/AFLplusplus/AFLplusplus \ + && cd AFLplusplus \ + && export LLVM_CONFIG='llvm-config-13' \ + && make source-only + +FROM debian:11 AS radamsa_builder +WORKDIR /opt +RUN apt-get update && apt-get --no-install-recommends -y install ca-certificates build-essential +RUN echo "Radamsa Deps" \ + && apt-get --no-install-recommends -y \ + install wget make gcc git +RUN echo "Install Radamsa" \ + && git clone https://gitlab.com/akihe/radamsa.git \ + && cd radamsa \ + && make + +FROM debian:11 AS final_stage +COPY --from=afl_builder /opt/AFLplusplus /opt/AFLplusplus +COPY --from=radamsa_builder /opt/radamsa/bin/radamsa /usr/bin/radamsa +RUN apt-get update && apt-get --no-install-recommends -y install ca-certificates build-essential \ + python3-dev python3-setuptools llvm-13 llvm-13-dev lld-13 clang-13 \ + libglib2.0 valgrind \ + git cmake make wget curl nano python3-pip \ + && cd /opt/AFLplusplus \ + && make install \ + && rm -rf /opt/AFLplusplus \ + && ln /usr/bin/clang-13 /usr/bin/clang +RUN useradd -ms /bin/bash -G sudo -u 69 compsec \ + && mkdir -p /home/compsec/.local/bin +ENV PATH=/home/compsec/.local/bin:$PATH +USER compsec +WORKDIR /home/compsec \ No newline at end of file diff --git a/Lab1_Fuzzing/docker-compose.yml b/Lab1_Fuzzing/docker-compose.yml new file mode 100644 index 00000000..4151eec4 --- /dev/null +++ b/Lab1_Fuzzing/docker-compose.yml @@ -0,0 +1,12 @@ +version: "3" +services: + week1: + image: compsec/week1:latest + container_name: compsec-week1-fuzz + build: + context: . + dockerfile: Dockerfile + volumes: + - './shared:/home/compsec/shared' + - './misc:/home/compsec/misc:ro' + entrypoint: /bin/bash \ No newline at end of file diff --git a/Lab2_Network/csrfserver/csrf.Dockerfile b/Lab2_Network/csrfserver/csrf.Dockerfile new file mode 100644 index 00000000..8c664032 --- /dev/null +++ b/Lab2_Network/csrfserver/csrf.Dockerfile @@ -0,0 +1,5 @@ +FROM python:3.9-alpine +WORKDIR /opt/csrfserver +RUN pip3 install fastapi uvicorn +EXPOSE 80 +ENTRYPOINT python3 -m uvicorn app:app --host=0.0.0.0 --port=80 --reload \ No newline at end of file diff --git a/Lab2_Network/csrfserver/main.py b/Lab2_Network/csrfserver/main.py new file mode 100644 index 00000000..44053414 --- /dev/null +++ b/Lab2_Network/csrfserver/main.py @@ -0,0 +1,18 @@ +from fastapi import FastAPI, Request +from fastapi.responses import JSONResponse + +app = FastAPI(default_response_class=JSONResponse) + + +@app.get('/') +def example(): + return { + 'Hello': 'World', + 'guide': 'You can modify this server skeleton to receive your CSRF results. ' + 'The server will auto-reload on save.' + } + + +@app.post('/') +def post(r: Request): + return {**r.query_params} diff --git a/Lab2_Network/docker-compose.yml b/Lab2_Network/docker-compose.yml new file mode 100644 index 00000000..7351b953 --- /dev/null +++ b/Lab2_Network/docker-compose.yml @@ -0,0 +1,32 @@ +version: "3" +services: + juiceshop: + image: bkimminich/juice-shop:v8.7.2 + container_name: compsec-week2-juiceshop + ports: + - '127.0.0.1:3000:3000' + webserver: + image: nginx:latest + container_name: compsec-week2-webserver + ports: + - '127.0.0.1:3001:80' + volumes: + - './webserver:/usr/share/nginx/html' + muumitalo: + build: + context: muumitalo + dockerfile: muumitalo.Dockerfile + image: compsec/muumitalo:latest + container_name: compsec-week2-muumitalo + ports: + - '127.0.0.1:3002:80' + csrf: + build: + context: csrfserver + dockerfile: csrf.Dockerfile + image: compsec/csrfserver:latest + container_name: compsec-week2-csrfserver + ports: + - '127.0.0.1:3003:80' + volumes: + - './csrfserver/main.py:/opt/csrfserver/app.py' \ No newline at end of file diff --git a/Lab2_Network/misc/muumitalo/README.md b/Lab2_Network/misc/muumitalo/README.md deleted file mode 100644 index 33962bf6..00000000 --- a/Lab2_Network/misc/muumitalo/README.md +++ /dev/null @@ -1,33 +0,0 @@ -# Muumitalo - -Python based flask server for demonstrating brute force attacks. - -## What you need - -* python -* flask - -## How to start - -``` -sh build_muumitalo.sh -``` -Server is hosted at ```localhost:5000 ``` - - -## How to use - -You find Muumipappa at the endpoint ```localhost:5000/ovi/```. You have to answer his question correctly in order to get inside Muumitalo. The answering is done by sending a POST request to the endpoint. Content of the request should be in the following format: ```{"answer":""} ```. - -### Task - -After watching few too many hacker movies, Muumipappa became paranoid and started to think that Moominvalley's most infamous hacker, Haisuli, was trying to steal a draft of his precious memoirs, so he decided to lock himself inside the Muumitalo. Muumipappa said he will only open the door to people who know him well enough to guess his favourite drink. Luckily you know that the correct answer is ```vaapukkamehu```, but unfortunately the hacker film marathon also made Pappa obsessed with "l33t 5p34k". - -Your task is to get Muumipappa to open Muumitalo's door by sending him a POST request that contains the correct "l337 5p34ky" version of the word ```vaapukkamehu```. You have to guess the right spelling of the word by trying different mutations. - -Attempt the following mutations: - -* Change letters to lower/uppercase -* "l337 5p34k1fy" it. (The only characters you have to worry are a and e. A can potentially be 4 and e can be 3. The correct word could be for instance vA4PukKaM3hu). - -Server will return 404 if you guessed wrong, 200 if you guessed right and something else if it breaks down due to inproper input. \ No newline at end of file diff --git a/Lab2_Network/misc/muumitalo/build_muumitalo.sh b/Lab2_Network/misc/muumitalo/build_muumitalo.sh deleted file mode 100644 index 41f2d212..00000000 --- a/Lab2_Network/misc/muumitalo/build_muumitalo.sh +++ /dev/null @@ -1,2 +0,0 @@ -export FLASK_APP=muumitalo.py -python3 -m flask run diff --git a/Lab2_Network/misc/muumitalo/muumitalo.py b/Lab2_Network/misc/muumitalo/muumitalo.py deleted file mode 100644 index f6449182..00000000 --- a/Lab2_Network/misc/muumitalo/muumitalo.py +++ /dev/null @@ -1,51 +0,0 @@ -from flask import Flask, Response, request, json, render_template -import hashlib - -app = Flask(__name__) - -@app.route('/') -def portaat(): - data = { - 'Muumi' : 'Muumimamma', - 'answer': 'Muumipappa has gone crazy. He is blocking the door and won\'t let anyone inside unless you guess his favourite drink! I know he loves vaapukkamehu, but I guess after watching all those hacker movies he is expecting a little twist to the name of the drink. Go there and bombard him with answers until he comes out! He is located at localhost:5000/ovi/' - } - js = json.dumps(data) - - resp = Response(js, status=200, mimetype='application/json') - return resp - -@app.route('/ovi/', methods=["GET","POST"]) -def ovi(): - if request.method == 'POST': - data = request.data - dataDict = json.loads(data) - secret_token = dataDict['answer'].encode('utf-8') - hashed_pass = hashlib.sha1(secret_token).hexdigest() - print(dataDict) - if '171108b4c4ca0983911f6af233de18879ae96bbd' == hashed_pass: - data = { - 'Muumi' : 'MuumiPappa', - 'answer' : 'W0nd3rful! That\'s it!' - } - js = json.dumps(data) - print(request.data) - resp = Response(js, status=200, mimetype='application/json') - return resp - else: - data = { - 'Muumi' : 'MuumiPappa', - 'answer' : 'Th4t is n0t it!' - } - js = json.dumps(data) - print(request.data) - resp = Response(js, status=404, mimetype='application/json') - return resp - else: - data = { - 'Muumi' : 'MuumiPappa', - 'answer' : 'Wh4t 1s my f4v0ur1t3 dr1nk?' - } - js = json.dumps(data) - - resp = Response(js, status=200, mimetype='application/json') - return resp diff --git a/Lab2_Network/misc/muumitalo/templates/talo.html b/Lab2_Network/misc/muumitalo/templates/talo.html deleted file mode 100644 index b569b373..00000000 --- a/Lab2_Network/misc/muumitalo/templates/talo.html +++ /dev/null @@ -1,12 +0,0 @@ - - - -
- Your answer:
- -
- - -
- - diff --git a/Lab2_Network/muumitalo/muumitalo.Dockerfile b/Lab2_Network/muumitalo/muumitalo.Dockerfile new file mode 100644 index 00000000..a81fa303 --- /dev/null +++ b/Lab2_Network/muumitalo/muumitalo.Dockerfile @@ -0,0 +1,6 @@ +FROM python:3.9-alpine +WORKDIR /opt/muumitalo +RUN pip3 install fastapi uvicorn +COPY muumitalo.py muumitalo.py +EXPOSE 80 +ENTRYPOINT python3 -m uvicorn muumitalo:app --host=0.0.0.0 --port=80 \ No newline at end of file diff --git a/Lab2_Network/muumitalo/muumitalo.py b/Lab2_Network/muumitalo/muumitalo.py new file mode 100644 index 00000000..ca65cc74 --- /dev/null +++ b/Lab2_Network/muumitalo/muumitalo.py @@ -0,0 +1,44 @@ +import hashlib +import secrets + +from fastapi import FastAPI, Request +from fastapi.responses import JSONResponse + +app = FastAPI(default_response_class=JSONResponse) + + +@app.get('/') +def portaat(r: Request): + return { + 'Muumi': 'MuumiMamma', + 'answer': 'MuumiPappa has gone crazy.' + ' He is blocking the door and won\'t let anyone inside unless you guess his favourite drink!' + ' I know he loves vaapukkamehu,' + ' but I guess after watching all those hacker movies' + ' he is expecting a little twist to the name of the drink.' + ' Go there and bombard him with answers until he comes out! He is located at ' + f'{r.url_for("ovi_get")}' + } + + +@app.get('/ovi') +def ovi_get(): + return { + 'Muumi': 'MuumiPappa', + 'answer': 'C4n u P05T my f4v0ur1t3 dr1nk?' + } + + +@app.post('/ovi') +def ovi_post(answer: str): + hashed_pass = hashlib.sha1(answer.encode('utf-8')).hexdigest() + if secrets.compare_digest('171108b4c4ca0983911f6af233de18879ae96bbd', hashed_pass): + return JSONResponse(status_code=200, content={ + 'Muumi': 'MuumiPappa', + 'answer': 'W0nd3rful! That\'s it!' + }) + else: + return JSONResponse(status_code=404, content={ + 'Muumi': 'MuumiPappa', + 'answer': 'Th4t is n0t it!' + }) diff --git a/Lab2_Network/webserver/index.html b/Lab2_Network/webserver/index.html new file mode 100644 index 00000000..a4cef7a8 --- /dev/null +++ b/Lab2_Network/webserver/index.html @@ -0,0 +1,6 @@ + + + +Hello World + + \ No newline at end of file From c465fcfb701ba2263d1f012d108652ca358c14b9 Mon Sep 17 00:00:00 2001 From: joniumGit <52005121+joniumGit@users.noreply.github.com> Date: Fri, 16 Sep 2022 14:24:24 +0300 Subject: [PATCH 2/2] Adds back Muumitalo README --- Lab2_Network/muumitalo/README.md | 38 ++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) create mode 100644 Lab2_Network/muumitalo/README.md diff --git a/Lab2_Network/muumitalo/README.md b/Lab2_Network/muumitalo/README.md new file mode 100644 index 00000000..4fe8533f --- /dev/null +++ b/Lab2_Network/muumitalo/README.md @@ -0,0 +1,38 @@ +# Muumitalo + +## How to start + +Can be run with docker by using the compose file in the main directory + +## How to use + +You find Muumipappa at the endpoint `localhost:3002/ovi`. You have to answer his question correctly in order to get +inside Muumitalo. The answering is done by sending a POST request to the endpoint. Content of the request should be in +the following format: + +`method: POST, url: localhost:3002/ovi?answer=vaapukkamehu`. + +Example: + +> curl -G -X POST -d "answer=vaapukkamehu" http://localhost:3002/ovi + +### Task + +After watching few too many hacker movies, Muumipappa became paranoid and started to think that Moominvalley's most +infamous hacker, Haisuli, was trying to steal a draft of his precious memoirs, so he decided to lock himself inside the +Muumitalo. Muumipappa said he will only open the door to people who know him well enough to guess his favourite drink. +Luckily you know that the correct answer is `vaapukkamehu`, but unfortunately the hacker film marathon also made +Pappa obsessed with "l33t 5p34k". + +Your task is to get Muumipappa to open Muumitalo's door by sending him a POST request that contains the correct "l337 +5p34ky" version of the word `vaapukkamehu`. You have to guess the right spelling of the word by trying different +mutations. + +Attempt the following mutations: + +* Change letters to lower/uppercase +* "l337 5p34k1fy" it. (The only characters you have to worry are a and e. A can potentially be 4 and e can be 3. The + correct word could be for instance vA4PukKaM3hu). + +Server will return 404 if you guessed wrong, 200 if you guessed right and something else if it breaks down due to +improper input. \ No newline at end of file