Page Menu
Home
c4science
Search
Configure Global Search
Log In
Files
F102851303
pwcheck.py
No One
Temporary
Actions
Download File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Subscribers
None
File Metadata
Details
File Info
Storage
Attached
Created
Mon, Feb 24, 20:39
Size
3 KB
Mime Type
text/x-python
Expires
Wed, Feb 26, 20:39 (1 d, 23 h)
Engine
blob
Format
Raw Data
Handle
24440309
Attached To
R6092 InfoSec
pwcheck.py
View Options
import
base64
from
flask
import
Flask
from
flask
import
request
,
abort
app
=
Flask
(
__name__
)
@app.route
(
'/hw2/ex1'
,
methods
=
[
'POST'
])
def
login
():
if
request
.
method
==
'POST'
:
print
(
"post request received"
)
if
request
.
is_json
:
if
valid_login
(
request
.
get_json
()[
'user'
],
request
.
get_json
()[
'pass'
]):
#return log_the_user_in(request.form['username'])
return
'logged in'
else
:
abort
(
400
)
def
valid_login
(
user
,
passw
):
mySecureOneTimePad
=
"Never send a human to do a machine's job"
if
len
(
user
)
>
100
or
len
(
passw
)
>
100
:
return
False
enc
=
superencryption
(
user
,
mySecureOneTimePad
)
if
bytes
(
passw
,
'utf-8'
)
==
enc
:
return
True
else
:
return
False
def
superencryption
(
msg
,
key
):
if
len
(
key
)
<
len
(
msg
):
diff
=
len
(
msg
)
-
len
(
key
)
key
=
key
+
key
[
0
:
diff
]
amsg
=
[
ord
(
i
)
for
i
in
msg
]
akey
=
[
ord
(
i
)
for
i
in
key
]
bpassw
=
[(
amsg
[
i
]
^
akey
[
i
])
for
i
in
range
(
len
(
amsg
))]
password
=
[
chr
(
i
)
for
i
in
bpassw
]
#msg ^ key
return
base64
.
b64encode
(
bytes
(
''
.
join
(
password
),
'utf-8'
))
if
__name__
==
'__main__'
:
app
.
run
()
"""
<script>
function ascii (a) { return a.charCodeAt(0); }
function toChar(i) { return String.fromCharCode(i); }
function superencryption(msg,key) {
if (key.length < msg.length) {
var diff = msg.length - key.length;
key += key.substring(0,diff);
}
var amsg = msg.split("").map(ascii);
var akey = key.substring(0,msg.length).split("").map(ascii);
return btoa(amsg.map(function(v,i) {
return v ^ akey[i];
}).map(toChar).join(""));
}
$('#loginForm').submit(function(e) {
e.preventDefault();
var mySecureOneTimePad = "Never send a human to do a machine's job";
var username = $('#username').val();
var password = $('#password').val();
if (username.length > 100) {
alert("There's a difference between knowing the path and walking the path.");
return;
} else if (password.length > 100) {
alert("The best answer to anger is silence.");
return;
}
var enc = superencryption(username,mySecureOneTimePad) ;
if (enc != password) {
alert("I didn't say it would be easy, Neo. I just said it would be the truth.");
return;
}
postJSON = function(url,data){
return $.ajax({url:url,data:JSON.stringify(data),type:'POST', contentType:'application/json'});
};
postJSON("ex1",{"user":username,"pass":password})
.done(function(data) {
//if you get a 200 OK status, that means you successfully
// completed the challenge. The token is in the body.
///alert("Sucess! Token: " + data)
document.write("Sucess! Token: " + data);
}).fail(function(resp,status) {
alert("Pain is temporary. Quitting lasts forever.");
});
});
</script>
"""
Event Timeline
Log In to Comment