Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
0 parents
commit 2321a35
Showing
137 changed files
with
14,188 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
.PHONY: views install submodule | ||
|
||
all: install | ||
|
||
run: install | ||
./babysfirst | ||
|
||
install: babysfirst submodule views | ||
|
||
babysfirst: | ||
@GOPATH=`pwd` go install | ||
|
||
views: views/index.html views/success.html | ||
|
||
views/%.html: views/%.haml | ||
haml $< $@ | ||
|
||
submodule: | ||
git submodule update --init |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
create table keys | ||
(value string); | ||
|
||
insert into keys | ||
(value) values | ||
('The key is: literally online lolling on line WucGesJi'); | ||
|
||
create table users | ||
(name string, | ||
password string); | ||
|
||
insert into users | ||
(name, password) values | ||
('root', 'barking up the wrong tree'), | ||
('user', 'password'); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,48 @@ | ||
package main | ||
|
||
import ( | ||
"net/http" | ||
"pat" | ||
"log" | ||
"phial" | ||
"views" | ||
) | ||
|
||
var port = ":8041" | ||
|
||
func Index(w http.ResponseWriter, req *http.Request) { | ||
views.WriteIndex(w) | ||
} | ||
|
||
|
||
func Login(w http.ResponseWriter, req *http.Request) { | ||
username := req.FormValue("username") | ||
password := req.FormValue("password") | ||
foundUsername, sql := phial.Login(username, password) | ||
|
||
w.Header().Set("X-SQL", sql) | ||
|
||
switch u := foundUsername.(type) { | ||
case string: | ||
w.WriteHeader(200) | ||
views.WriteSuccess(w, u) | ||
return | ||
case nil: | ||
w.WriteHeader(403) | ||
views.WriteIndex(w) | ||
return | ||
} | ||
} | ||
|
||
func main() { | ||
m := pat.New() | ||
m.Get("/", http.HandlerFunc(Index)) | ||
m.Post("/login", http.HandlerFunc(Login)) | ||
|
||
http.Handle("/", m) | ||
log.Printf("Listening on %s", port) | ||
err := http.ListenAndServe(port, nil) | ||
if err != nil { | ||
log.Fatal("ListenAndServe: ", err) | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,61 @@ | ||
package phial | ||
|
||
import ( | ||
"log" | ||
// "bytes" | ||
// "io/ioutil" | ||
"database/sql" | ||
_ "go-sqlite3" | ||
"fmt" | ||
) | ||
|
||
var db *sql.DB | ||
|
||
func init() { | ||
mydb, err := sql.Open("sqlite3", "/home/babysfirst/db") | ||
if err != nil { | ||
log.Fatal("sql.Open: ", err) | ||
} | ||
db = mydb | ||
|
||
// sqlBytes, err := ioutil.ReadFile("init.sql") | ||
// if err != nil { | ||
// log.Fatal("ioutil.ReadFile: ", err) | ||
// } | ||
// | ||
// sqlBuf := bytes.NewBuffer(sqlBytes) | ||
// | ||
// for { | ||
// stmt, err := sqlBuf.ReadString(';') | ||
// if err != nil { | ||
// break | ||
// } | ||
// db.Exec(stmt) | ||
// } | ||
} | ||
|
||
func GetKey() string { | ||
|
||
row := db.QueryRow("select value from keys;") | ||
var key string | ||
err := row.Scan(&key) | ||
if err != nil { | ||
log.Fatal("row.Scan: ", err) | ||
} | ||
return key | ||
} | ||
|
||
func Login(username string, password string) (interface{}, string) { | ||
query := fmt.Sprintf( | ||
"select name from users where name = '%s' and password = '%s' limit 1;", | ||
username, password) | ||
log.Print(query) | ||
row := db.QueryRow(query) | ||
|
||
var foundUsername string | ||
err := row.Scan(&foundUsername) | ||
if err != nil { | ||
return nil, query | ||
} | ||
return foundUsername, query | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,35 @@ | ||
package views | ||
|
||
import ( | ||
"io" | ||
"log" | ||
"html/template" | ||
) | ||
|
||
var index *template.Template | ||
var success *template.Template | ||
|
||
func init() { | ||
myIndex, err := template.ParseFiles("views/index.html") | ||
if err != nil { | ||
log.Fatal("template.ParseFiles: ", err) | ||
} | ||
index = myIndex | ||
|
||
mySuccess, err := template.ParseFiles("views/success.html") | ||
if err != nil { | ||
log.Fatal("template.ParseFiles: ", err) | ||
} | ||
success = mySuccess | ||
} | ||
|
||
func WriteIndex(w io.Writer) { | ||
index.Execute(w, map[string]interface{}{}) | ||
} | ||
|
||
func WriteSuccess(w io.Writer, username string) { | ||
model := map[string]interface{}{ | ||
"username": username, | ||
} | ||
success.Execute(w, model) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
!!! 5 | ||
%html | ||
%head | ||
%title babysfirst | ||
%body | ||
%h1 babysfirst | ||
%form{method: 'post', action: '/login'} | ||
%h2 login | ||
%p#username | ||
%label | ||
Username: | ||
%input{type: 'text', name: 'username'} | ||
%p#password | ||
%label | ||
Password: | ||
%input{type: 'password', name: 'password'} | ||
%p#submit | ||
%button{type: 'submit'} Log In |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
!!! 5 | ||
%html | ||
%head | ||
%title babysfirst | ||
%body | ||
%h1 babysfirst | ||
%h2 success! | ||
%p logged in as {{ .username }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,26 @@ | ||
.PHONY: views install submodule | ||
|
||
all: install | ||
|
||
run: install | ||
./badmedicine | ||
|
||
install: badmedicine views key iv | ||
|
||
badmedicine: | ||
@GOPATH=`pwd` go install | ||
|
||
views: views/index.html views/success.html | ||
|
||
views/%.html: views/%.haml | ||
haml $< $@ | ||
|
||
key: | ||
dd if=/dev/random of=key bs=32 count=1 | ||
|
||
iv: | ||
dd if=/dev/random of=iv bs=16 count=1 | ||
|
||
clean: | ||
rm -rf pkg | ||
rm -f badmedicine |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,77 @@ | ||
package main | ||
|
||
import ( | ||
"net/http" | ||
"io" | ||
"io/ioutil" | ||
"encoding/hex" | ||
"pat" | ||
"log" | ||
"views" | ||
"dimebag" | ||
) | ||
|
||
var port = ":8042" | ||
|
||
func Index(w http.ResponseWriter, req *http.Request) { | ||
views.WriteIndex(w) | ||
} | ||
|
||
|
||
func Login(w http.ResponseWriter, req *http.Request) { | ||
username := req.FormValue("username") | ||
|
||
if username == "admin" { | ||
views.WriteIndexFlash(w, "admin login disabled") | ||
return | ||
} | ||
encryptedUsername := []byte(dimebag.Encrypt(username)) | ||
hexUsername := hex.EncodeToString(encryptedUsername) | ||
|
||
cookie := &http.Cookie{ | ||
Name: "username", | ||
Value: hexUsername, | ||
} | ||
log.Printf("cookie %s", cookie.String()) | ||
http.SetCookie(w, cookie) | ||
|
||
http.Redirect(w, req, "/welcome", 303) | ||
} | ||
|
||
func Welcome(w http.ResponseWriter, req *http.Request) { | ||
cookie, err := req.Cookie("username") | ||
if err != nil { | ||
io.WriteString(w, "no cookie, get lost") | ||
return | ||
} | ||
|
||
dehexedUsername, err := hex.DecodeString(cookie.Value) | ||
if err != nil { | ||
io.WriteString(w, "mangled cookie, it should be hex, get lost") | ||
} | ||
decryptedUsername := dimebag.Encrypt(string(dehexedUsername)) | ||
|
||
flag := "only for the admin" | ||
|
||
if (decryptedUsername == "admin") { | ||
flagtmp, err := ioutil.ReadFile("/home/badmedicine/flag") | ||
if err != nil { panic(err) } | ||
flag = string(flagtmp) | ||
} | ||
|
||
views.WriteSuccess(w, decryptedUsername, flag) | ||
} | ||
|
||
func main() { | ||
m := pat.New() | ||
m.Get("/", http.HandlerFunc(Index)) | ||
m.Post("/login", http.HandlerFunc(Login)) | ||
m.Get("/welcome", http.HandlerFunc(Welcome)) | ||
|
||
http.Handle("/", m) | ||
log.Printf("Listening on %s", port) | ||
err := http.ListenAndServe(port, nil) | ||
if err != nil { | ||
log.Fatal("ListenAndServe: ", err) | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,53 @@ | ||
package dimebag | ||
|
||
import ( | ||
"io/ioutil" | ||
"log" | ||
"crypto/cipher" | ||
"crypto/aes" | ||
) | ||
|
||
var key []byte | ||
var iv []byte | ||
|
||
func init() { | ||
myKey, err := ioutil.ReadFile("key") | ||
if err != nil { | ||
log.Fatal("dimebag read key: ", err) | ||
} | ||
|
||
myIv, err := ioutil.ReadFile("iv") | ||
if err != nil { | ||
log.Fatal("dimebag read iv: ", err) | ||
} | ||
|
||
key = myKey | ||
iv = myIv | ||
|
||
log.Printf("key %x", key) | ||
log.Printf("iv %x", iv) | ||
log.Printf("expecting %x", Encrypt("admin")) | ||
} | ||
|
||
func Encrypt(username string) string { | ||
cipher := ctr() | ||
inBytes := []byte(username) | ||
outBytes := make([]byte, len(inBytes)) | ||
|
||
cipher.XORKeyStream(outBytes, inBytes) | ||
|
||
return string(outBytes) | ||
} | ||
|
||
func block() cipher.Block { | ||
block, err := aes.NewCipher(key) | ||
if err != nil { | ||
log.Fatal("couldn't create aes") | ||
} | ||
return block | ||
} | ||
|
||
func ctr() cipher.Stream { | ||
encryptor := cipher.NewCTR(block(), iv) | ||
return encryptor | ||
} |
Oops, something went wrong.