Page Menu
Home
c4science
Search
Configure Global Search
Log In
Files
F120751333
ex1.py
No One
Temporary
Actions
Download File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Subscribers
None
File Metadata
Details
File Info
Storage
Attached
Created
Sun, Jul 6, 18:57
Size
3 KB
Mime Type
text/x-python
Expires
Tue, Jul 8, 18:57 (2 d)
Engine
blob
Format
Raw Data
Handle
27226181
Attached To
R6092 InfoSec
ex1.py
View Options
import
base64
from
flask
import
Flask
from
flask
import
request
,
abort
app
=
Flask
(
__name__
)
@app.route
(
'/hw2/ex1'
,
methods
=
[
'POST'
])
def
login
():
if
request
.
method
==
'POST'
:
print
(
"post request received"
)
if
request
.
is_json
:
if
valid_login
(
request
.
get_json
()[
'user'
],
request
.
get_json
()[
'pass'
]):
return
'logged in'
else
:
abort
(
400
)
def
valid_login
(
user
,
passw
):
mySecureOneTimePad
=
"Never send a human to do a machine's job"
if
len
(
user
)
>
100
or
len
(
passw
)
>
100
:
return
False
enc
=
superencryption
(
user
,
mySecureOneTimePad
)
if
bytes
(
passw
,
'utf-8'
)
==
enc
:
return
True
else
:
return
False
def
superencryption
(
msg
,
key
):
if
len
(
key
)
<
len
(
msg
):
diff
=
len
(
msg
)
-
len
(
key
)
key
=
key
+
key
[
0
:
diff
]
amsg
=
[
ord
(
i
)
for
i
in
msg
]
akey
=
[
ord
(
i
)
for
i
in
key
]
bpassw
=
[(
amsg
[
i
]
^
akey
[
i
])
for
i
in
range
(
len
(
amsg
))]
password
=
[
chr
(
i
)
for
i
in
bpassw
]
#msg ^ key
return
base64
.
b64encode
(
bytes
(
''
.
join
(
password
),
'utf-8'
))
if
__name__
==
'__main__'
:
app
.
run
()
"""
java script from the website
<script>
function ascii (a) { return a.charCodeAt(0); }
function toChar(i) { return String.fromCharCode(i); }
function superencryption(msg,key) {
if (key.length < msg.length) {
var diff = msg.length - key.length;
key += key.substring(0,diff);
}
var amsg = msg.split("").map(ascii);
var akey = key.substring(0,msg.length).split("").map(ascii);
return btoa(amsg.map(function(v,i) {
return v ^ akey[i];
}).map(toChar).join(""));
}
$('#loginForm').submit(function(e) {
e.preventDefault();
var mySecureOneTimePad = "Never send a human to do a machine's job";
var username = $('#username').val();
var password = $('#password').val();
if (username.length > 100) {
alert("There's a difference between knowing the path and walking the path.");
return;
} else if (password.length > 100) {
alert("The best answer to anger is silence.");
return;
}
var enc = superencryption(username,mySecureOneTimePad) ;
if (enc != password) {
alert("I didn't say it would be easy, Neo. I just said it would be the truth.");
return;
}
postJSON = function(url,data){
return $.ajax({url:url,data:JSON.stringify(data),type:'POST', contentType:'application/json'});
};
postJSON("ex1",{"user":username,"pass":password})
.done(function(data) {
//if you get a 200 OK status, that means you successfully
// completed the challenge. The token is in the body.
///alert("Sucess! Token: " + data)
document.write("Sucess! Token: " + data);
}).fail(function(resp,status) {
alert("Pain is temporary. Quitting lasts forever.");
});
});
</script>
"""
Event Timeline
Log In to Comment