/
cracked_flask.py
77 lines (63 loc) · 2.83 KB
/
cracked_flask.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
from flask import Flask, session
from waitress import serve
app = Flask(__name__)
# This is very important, keep this really secret!
app.config['SECRET_KEY'] = 'monkey'
@app.route('/')
def index():
session['hello'] = "world"
if not 'username' in session:
session['username'] = "robin"
return '''
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>Cracked Flask Lab</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<link rel="shortcut icon" type="image/png" href="https://digi.ninja/favicon.ico" />
<meta name="Description" content="A lab to learn about Python Flask sessions." />
<meta name="Keywords" content="flask,python,crack,session,site,security,ethical,hacking,penetration,testing,website,application,ninja,digininja" />
<meta property="og:title" content="DigiNinja - Cracked Flask Lab" />
<meta property="og:description" content="A lab to learn about Python Flask sessions." />
<meta property="og:url" content="/index.php" />
<meta property="og:image" content="https://digi.ninja/graphics/twittercards/cracked_flask_twittercard.png" />
<meta property="og:type" content="website" />
<meta property="og:sitename" content="DigiNinja" />
<meta name="twitter:card" content="summary" />
<meta name="twitter:title" content="DigiNinja - Cracked Flask Lab" />
<meta name="twitter:description" content="A lab to learn about Python Flask sessions." />
<meta name="twitter:site" content="@digininja" />
<meta name="twitter:creator" content="@digininja" />
<meta name="twitter:domain" content="digi.ninja" />
<meta name="twitter:site" content="@digininja" />
<meta name="twitter:image" content="https://digi.ninja/graphics/twittercards/cracked_flask_twittercard.png" />
</head>
<body>
<h1>Cracked Flask Lab</h1>
<p>Welcome to the Cracked Flask Lab.</p>
<p>The challenge is easy, crack the Flask session and become an administrator.</p>
<p><a href="/user">Enter the lab</a></p>
<p>For more information, see the <a href="https://digi.ninja/blog/cracked_flask.php">Cracked Flask Lab</a> blog post.</p>
<hr />
<p>
Lab created by Robin Wood - <a href="https://digi.ninja">DigiNinja</a>
</p>
</body>
</html>
'''
@app.route('/user')
def user():
session['hello'] = "world"
if not 'username' in session:
session['username'] = "robin"
if session['username'] == "admin":
ret_str = "Welcome back administrator"
else:
ret_str = "Welcome back "+ session["username"]
return ret_str + "\n"
def create_app():
return app
if __name__ == "__main__":
# serve(app, host="127.0.0.1", port=5000)
serve(app, port=5000)