cmdi-touch variants

web-security/cmdi-touch-blind/_0/server

@@ -0,0 +1,39 @@
+#!/opt/pwn.college/python
+
+import subprocess
+import flask
+import os
+
+app = flask.Flask(__name__)
+
+
+@app.route("/task", methods=["GET"])
+def challenge():
+    arg = flask.request.args.get("full-path", "/challenge/PWN")
+    command = f"touch {arg}"
+
+    print(f"DEBUG: {command=}")
+    result = subprocess.run(
+        command,  # the command to run
+        shell=True,  # use the shell to run this command
+        stdout=subprocess.PIPE,  # capture the standard output
+        stderr=subprocess.STDOUT,  # 2>&1
+        encoding="latin",  # capture the resulting output as text
+    ).stdout
+
+    return f"""
+        <html><body>
+        Welcome to the touch service! Please choose a file to touch:
+        <form><input type=text name=full-path><input type=submit value=Submit></form>
+        <hr>
+                <b>Output of {command}:</b><br>
+        <pre>{result}</pre>
+                </body></html>
+        """
+
+
+os.setuid(os.geteuid())
+os.environ["PATH"] = "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+app.secret_key = os.urandom(8)
+app.config["SERVER_NAME"] = f"challenge.localhost:80"
+app.run("challenge.localhost", 80)

web-security/cmdi-touch-blind/_1/server

@@ -0,0 +1,39 @@
+#!/opt/pwn.college/python
+
+import subprocess
+import flask
+import os
+
+app = flask.Flask(__name__)
+
+
+@app.route("/initiative", methods=["GET"])
+def challenge():
+    arg = flask.request.args.get("file-dest", "/challenge/PWN")
+    command = f"touch {arg}"
+
+    print(f"DEBUG: {command=}")
+    result = subprocess.run(
+        command,  # the command to run
+        shell=True,  # use the shell to run this command
+        stdout=subprocess.PIPE,  # capture the standard output
+        stderr=subprocess.STDOUT,  # 2>&1
+        encoding="latin",  # capture the resulting output as text
+    ).stdout
+
+    return f"""
+        <html><body>
+        Welcome to the touch service! Please choose a file to touch:
+        <form><input type=text name=file-dest><input type=submit value=Submit></form>
+        <hr>
+                <b>Output of {command}:</b><br>
+        <pre>{result}</pre>
+                </body></html>
+        """
+
+
+os.setuid(os.geteuid())
+os.environ["PATH"] = "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+app.secret_key = os.urandom(8)
+app.config["SERVER_NAME"] = f"challenge.localhost:80"
+app.run("challenge.localhost", 80)

web-security/cmdi-touch-blind/_10/server

@@ -0,0 +1,39 @@
+#!/opt/pwn.college/python
+
+import subprocess
+import flask
+import os
+
+app = flask.Flask(__name__)
+
+
+@app.route("/exercise", methods=["GET"])
+def challenge():
+    arg = flask.request.args.get("file-pathname", "/challenge/PWN")
+    command = f"touch {arg}"
+
+    print(f"DEBUG: {command=}")
+    result = subprocess.run(
+        command,  # the command to run
+        shell=True,  # use the shell to run this command
+        stdout=subprocess.PIPE,  # capture the standard output
+        stderr=subprocess.STDOUT,  # 2>&1
+        encoding="latin",  # capture the resulting output as text
+    ).stdout
+
+    return f"""
+        <html><body>
+        Welcome to the touch service! Please choose a file to touch:
+        <form><input type=text name=file-pathname><input type=submit value=Submit></form>
+        <hr>
+                <b>Output of {command}:</b><br>
+        <pre>{result}</pre>
+                </body></html>
+        """
+
+
+os.setuid(os.geteuid())
+os.environ["PATH"] = "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+app.secret_key = os.urandom(8)
+app.config["SERVER_NAME"] = f"challenge.localhost:80"
+app.run("challenge.localhost", 80)

web-security/cmdi-touch-blind/_11/server

@@ -0,0 +1,39 @@
+#!/opt/pwn.college/python
+
+import subprocess
+import flask
+import os
+
+app = flask.Flask(__name__)
+
+
+@app.route("/competition", methods=["GET"])
+def challenge():
+    arg = flask.request.args.get("file-name", "/challenge/PWN")
+    command = f"touch {arg}"
+
+    print(f"DEBUG: {command=}")
+    result = subprocess.run(
+        command,  # the command to run
+        shell=True,  # use the shell to run this command
+        stdout=subprocess.PIPE,  # capture the standard output
+        stderr=subprocess.STDOUT,  # 2>&1
+        encoding="latin",  # capture the resulting output as text
+    ).stdout
+
+    return f"""
+        <html><body>
+        Welcome to the touch service! Please choose a file to touch:
+        <form><input type=text name=file-name><input type=submit value=Submit></form>
+        <hr>
+                <b>Output of {command}:</b><br>
+        <pre>{result}</pre>
+                </body></html>
+        """
+
+
+os.setuid(os.geteuid())
+os.environ["PATH"] = "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+app.secret_key = os.urandom(8)
+app.config["SERVER_NAME"] = f"challenge.localhost:80"
+app.run("challenge.localhost", 80)

web-security/cmdi-touch-blind/_12/server

@@ -0,0 +1,39 @@
+#!/opt/pwn.college/python
+
+import subprocess
+import flask
+import os
+
+app = flask.Flask(__name__)
+
+
+@app.route("/goal", methods=["GET"])
+def challenge():
+    arg = flask.request.args.get("file-or-directory", "/challenge/PWN")
+    command = f"touch {arg}"
+
+    print(f"DEBUG: {command=}")
+    result = subprocess.run(
+        command,  # the command to run
+        shell=True,  # use the shell to run this command
+        stdout=subprocess.PIPE,  # capture the standard output
+        stderr=subprocess.STDOUT,  # 2>&1
+        encoding="latin",  # capture the resulting output as text
+    ).stdout
+
+    return f"""
+        <html><body>
+        Welcome to the touch service! Please choose a file to touch:
+        <form><input type=text name=file-or-directory><input type=submit value=Submit></form>
+        <hr>
+                <b>Output of {command}:</b><br>
+        <pre>{result}</pre>
+                </body></html>
+        """
+
+
+os.setuid(os.geteuid())
+os.environ["PATH"] = "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+app.secret_key = os.urandom(8)
+app.config["SERVER_NAME"] = f"challenge.localhost:80"
+app.run("challenge.localhost", 80)

web-security/cmdi-touch-blind/_13/server

@@ -0,0 +1,39 @@
+#!/opt/pwn.college/python
+
+import subprocess
+import flask
+import os
+
+app = flask.Flask(__name__)
+
+
+@app.route("/quest", methods=["GET"])
+def challenge():
+    arg = flask.request.args.get("file-name", "/challenge/PWN")
+    command = f"touch {arg}"
+
+    print(f"DEBUG: {command=}")
+    result = subprocess.run(
+        command,  # the command to run
+        shell=True,  # use the shell to run this command
+        stdout=subprocess.PIPE,  # capture the standard output
+        stderr=subprocess.STDOUT,  # 2>&1
+        encoding="latin",  # capture the resulting output as text
+    ).stdout
+
+    return f"""
+        <html><body>
+        Welcome to the touch service! Please choose a file to touch:
+        <form><input type=text name=file-name><input type=submit value=Submit></form>
+        <hr>
+                <b>Output of {command}:</b><br>
+        <pre>{result}</pre>
+                </body></html>
+        """
+
+
+os.setuid(os.geteuid())
+os.environ["PATH"] = "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+app.secret_key = os.urandom(8)
+app.config["SERVER_NAME"] = f"challenge.localhost:80"
+app.run("challenge.localhost", 80)

web-security/cmdi-touch-blind/_14/server

@@ -0,0 +1,39 @@
+#!/opt/pwn.college/python
+
+import subprocess
+import flask
+import os
+
+app = flask.Flask(__name__)
+
+
+@app.route("/task", methods=["GET"])
+def challenge():
+    arg = flask.request.args.get("file-or-dir", "/challenge/PWN")
+    command = f"touch {arg}"
+
+    print(f"DEBUG: {command=}")
+    result = subprocess.run(
+        command,  # the command to run
+        shell=True,  # use the shell to run this command
+        stdout=subprocess.PIPE,  # capture the standard output
+        stderr=subprocess.STDOUT,  # 2>&1
+        encoding="latin",  # capture the resulting output as text
+    ).stdout
+
+    return f"""
+        <html><body>
+        Welcome to the touch service! Please choose a file to touch:
+        <form><input type=text name=file-or-dir><input type=submit value=Submit></form>
+        <hr>
+                <b>Output of {command}:</b><br>
+        <pre>{result}</pre>
+                </body></html>
+        """
+
+
+os.setuid(os.geteuid())
+os.environ["PATH"] = "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+app.secret_key = os.urandom(8)
+app.config["SERVER_NAME"] = f"challenge.localhost:80"
+app.run("challenge.localhost", 80)

web-security/cmdi-touch-blind/_15/server

@@ -0,0 +1,39 @@
+#!/opt/pwn.college/python
+
+import subprocess
+import flask
+import os
+
+app = flask.Flask(__name__)
+
+
+@app.route("/mission", methods=["GET"])
+def challenge():
+    arg = flask.request.args.get("file-dest", "/challenge/PWN")
+    command = f"touch {arg}"
+
+    print(f"DEBUG: {command=}")
+    result = subprocess.run(
+        command,  # the command to run
+        shell=True,  # use the shell to run this command
+        stdout=subprocess.PIPE,  # capture the standard output
+        stderr=subprocess.STDOUT,  # 2>&1
+        encoding="latin",  # capture the resulting output as text
+    ).stdout
+
+    return f"""
+        <html><body>
+        Welcome to the touch service! Please choose a file to touch:
+        <form><input type=text name=file-dest><input type=submit value=Submit></form>
+        <hr>
+                <b>Output of {command}:</b><br>
+        <pre>{result}</pre>
+                </body></html>
+        """
+
+
+os.setuid(os.geteuid())
+os.environ["PATH"] = "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+app.secret_key = os.urandom(8)
+app.config["SERVER_NAME"] = f"challenge.localhost:80"
+app.run("challenge.localhost", 80)

web-security/cmdi-touch-blind/_2/server

@@ -0,0 +1,39 @@
+#!/opt/pwn.college/python
+
+import subprocess
+import flask
+import os
+
+app = flask.Flask(__name__)
+
+
+@app.route("/level", methods=["GET"])
+def challenge():
+    arg = flask.request.args.get("filename", "/challenge/PWN")
+    command = f"touch {arg}"
+
+    print(f"DEBUG: {command=}")
+    result = subprocess.run(
+        command,  # the command to run
+        shell=True,  # use the shell to run this command
+        stdout=subprocess.PIPE,  # capture the standard output
+        stderr=subprocess.STDOUT,  # 2>&1
+        encoding="latin",  # capture the resulting output as text
+    ).stdout
+
+    return f"""
+        <html><body>
+        Welcome to the touch service! Please choose a file to touch:
+        <form><input type=text name=filename><input type=submit value=Submit></form>
+        <hr>
+                <b>Output of {command}:</b><br>
+        <pre>{result}</pre>
+                </body></html>
+        """
+
+
+os.setuid(os.geteuid())
+os.environ["PATH"] = "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+app.secret_key = os.urandom(8)
+app.config["SERVER_NAME"] = f"challenge.localhost:80"
+app.run("challenge.localhost", 80)

web-security/cmdi-touch-blind/_3/server

@@ -0,0 +1,39 @@
+#!/opt/pwn.college/python
+
+import subprocess
+import flask
+import os
+
+app = flask.Flask(__name__)
+
+
+@app.route("/test", methods=["GET"])
+def challenge():
+    arg = flask.request.args.get("file-or-dir", "/challenge/PWN")
+    command = f"touch {arg}"
+
+    print(f"DEBUG: {command=}")
+    result = subprocess.run(
+        command,  # the command to run
+        shell=True,  # use the shell to run this command
+        stdout=subprocess.PIPE,  # capture the standard output
+        stderr=subprocess.STDOUT,  # 2>&1
+        encoding="latin",  # capture the resulting output as text
+    ).stdout
+
+    return f"""
+        <html><body>
+        Welcome to the touch service! Please choose a file to touch:
+        <form><input type=text name=file-or-dir><input type=submit value=Submit></form>
+        <hr>
+                <b>Output of {command}:</b><br>
+        <pre>{result}</pre>
+                </body></html>
+        """
+
+
+os.setuid(os.geteuid())
+os.environ["PATH"] = "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+app.secret_key = os.urandom(8)
+app.config["SERVER_NAME"] = f"challenge.localhost:80"
+app.run("challenge.localhost", 80)