Merge pull request #166 from RupakBiswas-2304/master

Code injection lab added for mitre 25
adeyosemanputra · Aug 27, 2022 · bf7a3cd · bf7a3cd
2 parents a03610e + fec9aa0
commit bf7a3cd
Show file tree

Hide file tree

Showing 7 changed files with 106 additions and 6 deletions.
diff --git a/pygoat/app.log b/pygoat/app.log
@@ -170,3 +170,20 @@ Traceback (most recent call last):
   File "/home/rupak/Desktop/GSoC/pygoat/env/lib/python3.10/site-packages/django/template/base.py", line 568, in invalid_block_tag
     raise self.error(
 django.template.exceptions.TemplateSyntaxError: Invalid block tag on line 28: 'endblock'. Did you forget to register or load this tag?
+INFO:django.utils.autoreload:/home/rupak/Desktop/GSoC/pygoat/pygoat/introduction/urls.py changed, reloading.
+INFO:django.utils.autoreload:/home/rupak/Desktop/GSoC/pygoat/pygoat/introduction/urls.py changed, reloading.
+INFO:django.utils.autoreload:/home/rupak/Desktop/GSoC/pygoat/pygoat/introduction/urls.py changed, reloading.
+INFO:django.utils.autoreload:/home/rupak/Desktop/GSoC/pygoat/pygoat/introduction/urls.py changed, reloading.
+INFO:django.utils.autoreload:/home/rupak/Desktop/GSoC/pygoat/pygoat/introduction/urls.py changed, reloading.
+INFO:django.utils.autoreload:/home/rupak/Desktop/GSoC/pygoat/pygoat/introduction/urls.py changed, reloading.
+INFO:django.utils.autoreload:/home/rupak/Desktop/GSoC/pygoat/pygoat/introduction/urls.py changed, reloading.
+INFO:django.utils.autoreload:/home/rupak/Desktop/GSoC/pygoat/pygoat/introduction/mitre.py changed, reloading.
+INFO:django.utils.autoreload:/home/rupak/Desktop/GSoC/pygoat/pygoat/introduction/mitre.py changed, reloading.
+INFO:django.utils.autoreload:/home/rupak/Desktop/GSoC/pygoat/pygoat/introduction/mitre.py changed, reloading.
+INFO:django.utils.autoreload:/home/rupak/Desktop/GSoC/pygoat/pygoat/introduction/mitre.py changed, reloading.
+INFO:django.utils.autoreload:/home/rupak/Desktop/GSoC/pygoat/pygoat/introduction/mitre.py changed, reloading.
+INFO:django.utils.autoreload:/home/rupak/Desktop/GSoC/pygoat/pygoat/introduction/mitre.py changed, reloading.
+INFO:django.utils.autoreload:/home/rupak/Desktop/GSoC/pygoat/pygoat/introduction/mitre.py changed, reloading.
+INFO:django.utils.autoreload:/home/rupak/Desktop/GSoC/pygoat/pygoat/introduction/mitre.py changed, reloading.
+INFO:django.utils.autoreload:/home/rupak/Desktop/GSoC/pygoat/pygoat/introduction/mitre.py changed, reloading.
+INFO:django.utils.autoreload:/home/rupak/Desktop/GSoC/pygoat/pygoat/introduction/mitre.py changed, reloading.
diff --git a/pygoat/db.sqlite3 b/pygoat/db.sqlite3
diff --git a/pygoat/introduction/mitre.py b/pygoat/introduction/mitre.py
@@ -6,9 +6,16 @@
 import datetime
 from .models import CSRF_user_tbl
 from django.views.decorators.csrf import csrf_exempt
+# import os
 
 ## Mitre top1 | CWE:787
 
+# target zone
+FLAG = "NOT_SUPPOSED_TO_BE_ACCESSED"
+
+# target zone end
+
+
 @authentication_decorator
 def mitre_top1(request):
     if request.method == 'GET':
@@ -195,4 +202,20 @@ def csrf_transfer_monei_api(request,recipent,amount):
                     User[0].save()
         return redirect('/mitre/9/lab/transaction') 
     else:
-        return redirect ('/mitre/9/lab/transaction')
+        return redirect ('/mitre/9/lab/transaction')
+
+
+# @authentication_decorator
+@csrf_exempt
+def mitre_lab_25_api(request):
+    if request.method == "POST":
+        expression = request.POST.get('expression')
+        result = eval(expression)
+        return JsonResponse({'result': result})
+    else:
+        return redirect('/mitre/25/lab/')
+
+
+@authentication_decorator
+def mitre_lab_25(request):
+    return render(request, 'mitre/mitre_lab_25.html')
diff --git a/pygoat/introduction/templates/mitre/mitre_lab_25.html b/pygoat/introduction/templates/mitre/mitre_lab_25.html
@@ -0,0 +1,47 @@
+{% extends "introduction/base.html" %}
+{% load static %}
+{% block content %}
+{% block title %}
+<title> Code Injection </title>
+{% endblock %}
+    <div class="jumbotron">
+        <h4 style="text-align:center"> Calculator </h4>
+        <div class="login" style="display: flex;justify-content: center;flex-direction: column;}">
+            <div>
+                <input type="textarea" id="input" style="width: 400px;height: 50px;">
+                <button id="btn" style="width: 100px;height: 50px;" onclick="calculate()"> Calculate </button>
+            </div>
+            <textarea id="output" style="width: 40%;height: 20px;"></textarea>
+        </div>
+    </div>
+    <div style= "position : fixed ; right : 7px; bottom : 7px"> <button class="btn btn-info" type="button" onclick="window.location.href='/mitre/25'">Back to Lab
+    Details</button></div>
+    <script>
+        function calculate(){
+            var input = document.getElementById("input").value;
+            var output = document.getElementById("output");
+            var headers = new Headers();
+            var formdata = new FormData();
+            formdata.append("expression", input);
+            var requestOption = {
+                method: "POST",
+                body: formdata,
+                redirect: "follow",
+                headers: headers
+            };
+
+            fetch("/mitre/25/lab/api",requestOption)
+                .then(response => response.text())
+                .then(result => {
+                    var data = JSON.parse(result);
+                    output.value = data.result;
+                    console.log(result);
+                })
+                .catch(
+                    error => {console.log("error", error);
+                    output.value = "error";}
+                    );
+        } 
+    </script>
+
+{% endblock %}
diff --git a/pygoat/introduction/templates/mitre/mitre_top25.html b/pygoat/introduction/templates/mitre/mitre_top25.html
@@ -1,7 +1,7 @@
 {% extends "introduction/base.html" %} 
 {% load static %} 
-{% block content %} 
-{% block title %}
+{% block content %}
+{%block title %}
 <title>Code Injection</title>
 {% endblock %}
 <div class="container">
@@ -25,6 +25,17 @@ <h2 style="font-size: 2.7rem">CWE-94: <span>Code Injection</span></h2>
   execution, whereas injection problems just require that the data be parsed.
   The most traditional examples of this category are SQL injection and format
   string vulnerabilities.
-</div>
-
+  <br><br>
+  <button class="coll btn btn-info">Lab Details</button>
+  <div class="lab">
+    <p class="bp">
+    This lab have a calculator with can compute simple arithmetic operations.
+    Try to exploit that</p> 
+    <div align="right">
+      <button class="btn btn-info" type="button" onclick="window.location.href='/mitre/25/lab'">
+        Access Lab
+      </button>
+    </div>
+  </div>
+</div><br>
 {% endblock %}
diff --git a/pygoat/introduction/urls.py b/pygoat/introduction/urls.py
@@ -112,4 +112,6 @@
     path("mitre/9/lab/login",mitre.csrf_lab_login,name="csrf_lab_login"),
     path("mitre/9/lab/transaction",mitre.csrf_transfer_monei,name="csrf_lab_login_api"),
     path("mitre/9/lab/api/<str:recipent>/<int:amount>",mitre.csrf_transfer_monei_api,name="csrf_lab_login_api"),
+    path("mitre/25/lab/api", mitre.mitre_lab_25_api, name="mitre_lab_25_api"),
+    path("mitre/25/lab", mitre.mitre_lab_25, name="mitre_lab_25"),
 ]
diff --git a/pygoat/pygoat/settings.py b/pygoat/pygoat/settings.py
@@ -165,4 +165,4 @@
 }
 
 SECRET_COOKIE_KEY = "PYGOAT"
-CSRF_TRUSTED_ORIGINS = ["http://127.0.0.1:8000","http://0.0.0.0:8000","http://172.16.188.81"]
+CSRF_TRUSTED_ORIGINS = ["http://127.0.0.1:8000","http://0.0.0.0:8000","http://172.16.189.10"]