victim refactors

web-security/level-10/victim

@@ -30,18 +30,21 @@ open_ports = { s.laddr.port for s in psutil.net_connections(kind="inet") if s.st
 if 80 in open_ports:
     print("Port 80 is open. Will connect to the service there.")
     challenge_url = "http://challenge.localhost:80/"
-    password = open("/flag").read().strip()
+    flag = open("/flag").read().strip()
 elif 8080 in open_ports:
-    print("Port 8080 is open. Will connect to the service there.")
+    print("Port 8080 is open. Will connect to the service there. 8080 is the debug port, so you will earn a fake flag.")
     challenge_url = "http://challenge.localhost:8080/"
-    password = "pwn.college{fake_flag}"
+    flag = "pwn.college{fake_flag}"
+else:
+    print("Services don't seem to be running?")
+    sys.exit(1)
 
-print("Visiting http://challenge.localhost/")
-browser.get("http://challenge.localhost")
+print(f"Visiting {challenge_url}")
+browser.get(challenge_url)
 
 print("Logging in as admin...")
 browser.find_element(By.NAME, "username").send_keys("admin")
-browser.find_element(By.NAME, "password").send_keys(password)
+browser.find_element(By.NAME, "password").send_keys(flag)
 browser.find_element(By.NAME, "submit").submit()
 
 time.sleep(5)

web-security/level-11/victim

@@ -1,15 +1,16 @@
 #!/opt/pwn.college/python
 
-import contextlib
+import psutil
 import urllib
+import atexit
 import time
 import sys
 import os
 
 from selenium import webdriver
 from selenium.webdriver.firefox.options import Options as FirefoxOptions
 from selenium.webdriver.firefox.service import Service as FirefoxService
-from selenium.webdriver.common.by import By   
+from selenium.webdriver.common.by import By
 from selenium.webdriver.support.wait import WebDriverWait
 from selenium.webdriver.support import expected_conditions as EC
 from selenium.common.exceptions import TimeoutException, WebDriverException
@@ -18,60 +19,38 @@ os.setuid(os.geteuid())
 os.environ.clear()
 os.environ["PATH"] = "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
 
-@contextlib.contextmanager
-def run_browser():
-    options = FirefoxOptions()
-    options.add_argument("--headless")
-
-    # workaround for ubuntu
-    if os.path.exists("/snap/bin/geckodriver"):
-        service = FirefoxService(executable_path="/snap/bin/geckodriver", log_path="/dev/null")
-    else:
-        service = FirefoxService(log_path="/dev/null")
-    driver = webdriver.Firefox(service=service, options=options)
-
-    try:
-        yield driver
-    finally:
-        driver.quit()
-
-if len(sys.argv) <= 1:
-    print(f"Usage: {sys.argv[0]} URL")
+options = FirefoxOptions()
+options.add_argument("--headless")
+service = FirefoxService(log_path="/dev/null")
+
+browser = webdriver.Firefox(service=service, options=options)
+atexit.register(browser.quit)
+
+open_ports = { s.laddr.port for s in psutil.net_connections(kind="inet") if s.status == 'LISTEN' }
+if 80 in open_ports:
+    print("Port 80 is open. Will connect to the service there.")
+    challenge_url = "http://challenge.localhost:80/"
+    flag = open("/flag").read().strip()
+elif 8080 in open_ports:
+    print("Port 8080 is open. Will connect to the service there. 8080 is the debug port, so you will earn a fake flag.")
+    challenge_url = "http://challenge.localhost:8080/"
+    flag = "pwn.college{fake_flag}"
+else:
+    print("Services don't seem to be running?")
     sys.exit(1)
 
-with run_browser() as browser:
-    try:
-        print("First logging in as admin to http://challenge.localhost:80/")
-        try:
-            port = 80
-            browser.get("http://challenge.localhost:80")
-        except WebDriverException as e:
-            if "can%E2%80%99t%20establish%20a%20connection" not in str(e):
-                raise
-            print("Port 80 doesn't seem to be listening. Trying http://challenge.localhost:8080/")
-            port = 8080
-            browser.get("http://challenge.localhost:8080")
+print(f"Visiting {challenge_url}")
+browser.get(challenge_url)
 
-        print("pwnpost loaded!")
-        print("Logging in as admin...")
-        login = { "username": "admin", "password": open("/flag").read().strip() if port != 8080 else "pwn.college{fake_flag}" }
-        for name, value in login.items():
-            field = browser.find_element(By.NAME, name)
-            field.send_keys(value)
-        submit_field = browser.find_element(By.NAME, "submit")
-        submit_field.submit()
-        WebDriverWait(browser, 10).until(EC.staleness_of(submit_field))
-        time.sleep(3)
-        print("Logged in!")
+print("Logging in as admin...")
+browser.find_element(By.NAME, "username").send_keys("admin")
+browser.find_element(By.NAME, "password").send_keys(flag)
+browser.find_element(By.NAME, "submit").submit()
+time.sleep(3)
+print("Logged in!")
 
-        print("Visiting the attacker's website (http://hacker.localhost:1337/)...")
-        browser.get("http://hacker.localhost:1337/")
-        time.sleep(3)
+print("Visiting the attacker's website (http://hacker.localhost:1337/)...")
+browser.get("http://hacker.localhost:1337/")
+time.sleep(3)
 
-        print("Visited! Go check if the attack worked!")
-    except WebDriverException as e:
-        if "can%E2%80%99t%20establish%20a%20connection" in str(e):
-            print("Connection error! Is the server running?")
-        else:
-            print(f"Failure: {e}...")
-        sys.exit(4)
+print("Visited! Go check if the attack worked!")

web-security/level-8/victim

@@ -1,14 +1,16 @@
 #!/opt/pwn.college/python
 
-import contextlib
+import psutil
 import urllib
+import atexit
+import time
 import sys
 import os
 
 from selenium import webdriver
 from selenium.webdriver.firefox.options import Options as FirefoxOptions
 from selenium.webdriver.firefox.service import Service as FirefoxService
-from selenium.webdriver.common.by import By   
+from selenium.webdriver.common.by import By
 from selenium.webdriver.support.wait import WebDriverWait
 from selenium.webdriver.support import expected_conditions as EC
 from selenium.common.exceptions import TimeoutException, WebDriverException
@@ -17,55 +19,38 @@ os.setuid(os.geteuid())
 os.environ.clear()
 os.environ["PATH"] = "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
 
-@contextlib.contextmanager
-def run_browser():
-    options = FirefoxOptions()
-    options.add_argument("--headless")
+options = FirefoxOptions()
+options.add_argument("--headless")
+service = FirefoxService(log_path="/dev/null")
 
-    # workaround for ubuntu
-    if os.path.exists("/snap/bin/geckodriver"):
-        service = FirefoxService(executable_path="/snap/bin/geckodriver", log_path="/dev/null")
-    else:
-        service = FirefoxService(log_path="/dev/null")
-    driver = webdriver.Firefox(service=service, options=options)
+browser = webdriver.Firefox(service=service, options=options)
+atexit.register(browser.quit)
 
-    try:
-        yield driver
-    finally:
-        driver.quit()
-
-if len(sys.argv) <= 1:
+if len(sys.argv) == 1:
     print(f"Usage: {sys.argv[0]} URL")
     sys.exit(1)
 
-url = sys.argv[1]
-url_parsed = urllib.parse.urlparse(url)
-try:
-    assert url_parsed.hostname == "challenge.localhost", "hostname should be 'challenge.localhost'"
-    assert url_parsed.port in {None, 80, 8080}, "port should be 80 or 8080"
-except AssertionError as e:
-    print(f"Invalid URL: {e}")
+challenge_url = sys.argv[1]
+url_parsed = urllib.parse.urlparse(challenge_url)
+if url_parsed.hostname != "challenge.localhost":
+    print("Hostname should be 'challenge.localhost'.")
     sys.exit(2)
-
-
-print("Visiting the URL!")
-with run_browser() as browser:
-    try:
-        browser.get(url)
-        print("URL loaded...")
-        WebDriverWait(browser, 1).until(EC.alert_is_present())
-    except TimeoutException:
-        print("Failure: JavaScript alert did not trigger...")
-        sys.exit(3)
-    except WebDriverException as e:
-        if "can%E2%80%99t%20establish%20a%20connection" in str(e):
-            print("Connection error! Is the service running?")
-        else:
-            print(f"Failure: {e}...")
-        sys.exit(4)
-    else:
-        if url_parsed.port != 8080:
-            print("Alert triggered! Your flag:")
-            print(open("/flag").read())
-        else:
-            print("Alert triggered! Now do it on the real service (port 80)!")
+if url_parsed.port == 8080:
+    print("Will give fake flag for debug port (8080)...")
+    reward = "pwn.college{fake_flag}"
+elif url_parsed.port in {None, 80}:
+    reward = open("/flag").read()
+else:
+    print("Port should be 80 (real service) or 8080 (debug port).")
+    sys.exit(3)
+
+print(f"Visiting {challenge_url}")
+browser.get(challenge_url)
+try:
+    WebDriverWait(browser, 1).until(EC.alert_is_present())
+except TimeoutException:
+    print("Failure: JavaScript alert did not trigger...")
+    sys.exit(3)
+else:
+    print("Alert triggered! Your reward:")
+    print(reward)

web-security/level-9/victim

@@ -1,14 +1,16 @@
 #!/opt/pwn.college/python
 
-import contextlib
+import psutil
 import urllib
+import atexit
+import time
 import sys
 import os
 
 from selenium import webdriver
 from selenium.webdriver.firefox.options import Options as FirefoxOptions
 from selenium.webdriver.firefox.service import Service as FirefoxService
-from selenium.webdriver.common.by import By   
+from selenium.webdriver.common.by import By
 from selenium.webdriver.support.wait import WebDriverWait
 from selenium.webdriver.support import expected_conditions as EC
 from selenium.common.exceptions import TimeoutException, WebDriverException
@@ -17,50 +19,38 @@ os.setuid(os.geteuid())
 os.environ.clear()
 os.environ["PATH"] = "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
 
-@contextlib.contextmanager
-def run_browser():
-    options = FirefoxOptions()
-    options.add_argument("--headless")
-    service = FirefoxService(log_path="/dev/null")
-    driver = webdriver.Firefox(service=service, options=options)
+options = FirefoxOptions()
+options.add_argument("--headless")
+service = FirefoxService(log_path="/dev/null")
 
-    try:
-        yield driver
-    finally:
-        driver.quit()
+browser = webdriver.Firefox(service=service, options=options)
+atexit.register(browser.quit)
 
-if len(sys.argv) <= 1:
+if len(sys.argv) == 1:
     print(f"Usage: {sys.argv[0]} URL")
     sys.exit(1)
 
-url = sys.argv[1]
-url_parsed = urllib.parse.urlparse(url)
-try:
-    assert url_parsed.hostname == "challenge.localhost", "hostname should be 'challenge.localhost'"
-    assert url_parsed.port in {None, 80, 8080}, "port should be 80 or 8080"
-except AssertionError as e:
-    print(f"Invalid URL: {e}")
+challenge_url = sys.argv[1]
+url_parsed = urllib.parse.urlparse(challenge_url)
+if url_parsed.hostname != "challenge.localhost":
+    print("Hostname should be 'challenge.localhost'.")
     sys.exit(2)
-
-
-print("Visiting the URL!")
-with run_browser() as browser:
-    try:
-        browser.get(url)
-        print("URL loaded...")
-        WebDriverWait(browser, 1).until(EC.alert_is_present())
-    except TimeoutException:
-        print("Failure: JavaScript alert did not trigger...")
-        sys.exit(3)
-    except WebDriverException as e:
-        if "can%E2%80%99t%20establish%20a%20connection" in str(e):
-            print("Connection error! Is the service running?")
-        else:
-            print(f"Failure: {e}...")
-        sys.exit(4)
-    else:
-        if url_parsed.port != 8080:
-            print("Alert triggered! Your flag:")
-            print(open("/flag").read())
-        else:
-            print("Alert triggered! Now do it on the real service (port 80)!")
+if url_parsed.port == 8080:
+    print("Will give fake flag for debug port (8080)...")
+    reward = "pwn.college{fake_flag}"
+elif url_parsed.port in {None, 80}:
+    reward = open("/flag").read()
+else:
+    print("Port should be 80 (real service) or 8080 (debug port).")
+    sys.exit(3)
+
+print(f"Visiting {challenge_url}")
+browser.get(challenge_url)
+try:
+    WebDriverWait(browser, 1).until(EC.alert_is_present())
+except TimeoutException:
+    print("Failure: JavaScript alert did not trigger...")
+    sys.exit(3)
+else:
+    print("Alert triggered! Your reward:")
+    print(reward)