lab added on mitre 17 command injection

adeyosemanputra · Sep 1, 2022 · 5f19dd5 · 5f19dd5
1 parent 6c28080
commit 5f19dd5
Show file tree

Hide file tree

Showing 7 changed files with 87 additions and 2 deletions.
diff --git a/pygoat/db.sqlite3 b/pygoat/db.sqlite3
diff --git a/pygoat/introduction/__pycache__/views.cpython-38.pyc b/pygoat/introduction/__pycache__/views.cpython-38.pyc
diff --git a/pygoat/introduction/mitre.py b/pygoat/introduction/mitre.py
@@ -4,6 +4,8 @@
 from hashlib import md5
 import jwt
 import datetime
+import re
+import subprocess
 from .models import CSRF_user_tbl
 from django.views.decorators.csrf import csrf_exempt
 # import os
@@ -218,4 +220,25 @@ def mitre_lab_25_api(request):
 
 @authentication_decorator
 def mitre_lab_25(request):
-    return render(request, 'mitre/mitre_lab_25.html')
+    return render(request, 'mitre/mitre_lab_25.html')
+
+@authentication_decorator
+def mitre_lab_17(request):
+    return render(request, 'mitre/mitre_lab_17.html')
+
+def command_out(command):
+    process = subprocess.Popen(command, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
+    return process.communicate()
+
+
+@csrf_exempt
+def mitre_lab_17_api(request):
+    if request.method == "POST":
+        ip = request.POST.get('ip')
+        command = "nmap " + ip 
+        res, err = command_out(command)
+        res = res.decode()
+        err = err.decode()
+        pattern = "STATE SERVICE.*\\n\\n"
+        ports = re.findall(pattern, res,re.DOTALL)[0][14:-2].split('\n')
+        return JsonResponse({'raw_res': str(res), 'raw_err': str(err), 'ports': ports})
diff --git a/pygoat/introduction/templates/mitre/mitre_lab_17.html b/pygoat/introduction/templates/mitre/mitre_lab_17.html
@@ -0,0 +1,51 @@
+{% extends "introduction/base.html" %}
+{% load static %}
+{% block content %}
+{% block title %}
+<title> Code Injection </title>
+{% endblock %}
+<div class="jumbotron">
+    <h4 style="text-align:center"> PORT SCANNING SERVICE </h4>
+    <div class="login" style="display: flex;justify-content: center;flex-direction: column;">
+        <div>
+            <input type="textarea" id="input" style="width: 400px;height: 50px;">
+            <button id="btn" style="width: 100px;height: 50px;" onclick="apicall()"> SCAN </button>
+        </div><br>
+        <div id="output" style="width: 40%; border: 2px solid #777; border-radius: 5px; padding: 7px;">
+            output<br>
+        </div>
+    </div>
+    <div style= "position : fixed ; right : 7px; bottom : 7px"> <button class="btn btn-info" type="button" onclick="window.location.href='/mitre/17'">Back to Lab
+        Details</button></div>
+
+    <script>
+        var ports = [];
+        function apicall(){
+            var input = document.getElementById("input").value;
+            var output = document.getElementById("output");
+            var headers = new Headers();
+            var formdata = new FormData();
+            formdata.append("ip", input);
+            var requestOption = {
+                method: "POST",
+                body: formdata,
+                redirect: "follow",
+                headers: headers
+            };
+            output.innerHTML = "";
+            fetch("/mitre/17/lab/api",requestOption)
+                .then(response => response.text())
+                .then(result => {
+                    var data = JSON.parse(result);
+                    ports = data.ports;
+                    for (p in data.ports){
+                        output.innerHTML += "<span>" + ports[p] + "</span><br>";}
+                })
+                .catch(
+                    error => {console.log("error", error);
+                    output.innerHTML = "error";}
+                    );
+        }
+
+    </script>
+{% endblock %}
diff --git a/pygoat/introduction/templates/mitre/mitre_lab_25.html b/pygoat/introduction/templates/mitre/mitre_lab_25.html
@@ -6,7 +6,7 @@
 {% endblock %}
     <div class="jumbotron">
         <h4 style="text-align:center"> Calculator </h4>
-        <div class="login" style="display: flex;justify-content: center;flex-direction: column;}">
+        <div class="login" style="display: flex;justify-content: center;flex-direction: column;">
             <div>
                 <input type="textarea" id="input" style="width: 400px;height: 50px;">
                 <button id="btn" style="width: 100px;height: 50px;" onclick="calculate()"> Calculate </button>

diff --git a/pygoat/introduction/templates/mitre/mitre_top17.html b/pygoat/introduction/templates/mitre/mitre_top17.html
@@ -19,6 +19,15 @@ <h2 style="font-size:2.7rem">CWE-77: <span>Command Injection</span></h2>
         </ul>
         Many protocols and products have their own custom command language. While OS or shell command strings are frequently discovered and targeted, developers may not realize that these other command languages might also be vulnerable to attacks.
         Command injection is a common problem with wrapper programs.
+    </div><br>
+    <button class="coll btn btn-info">Lab 1 Details</button>
+    <div class="lab">
+        <p class="bp">
+        This is a web utility for scanning IP address for open ports.<br> 
+        Can you use this utility for something other than scanning ports?
+        <br>
+        <div align="right"> <button class="btn btn-info" type="button" onclick="window.location.href='/mitre/17/lab '">Access
+            Lab</button></div>
     </div>
 
 {% endblock %}
diff --git a/pygoat/introduction/urls.py b/pygoat/introduction/urls.py
@@ -114,4 +114,6 @@
     path("mitre/9/lab/api/<str:recipent>/<int:amount>",mitre.csrf_transfer_monei_api,name="csrf_lab_login_api"),
     path("mitre/25/lab/api", mitre.mitre_lab_25_api, name="mitre_lab_25_api"),
     path("mitre/25/lab", mitre.mitre_lab_25, name="mitre_lab_25"),
+    path("mitre/17/lab", mitre.mitre_lab_17, name="mitre_lab_17"),
+    path("mitre/17/lab/api",mitre.mitre_lab_17_api,name="mitre_lab_17_api"),
 ]