variants for cmdi-ls

web-security/cmdi-ls-filter/server → web-security/cmdi-ls-filter/_0/server

@@ -7,10 +7,10 @@ import os
 app = flask.Flask(__name__)
 
 
-@app.route("/", methods=["GET"])
+@app.route("/assignment", methods=["GET"])
 def challenge():
     directory = (
-        flask.request.args.get("directory", "/challenge")
+        flask.request.args.get("root", "/challenge")
         .replace(";", "")
         .replace("&", "")
         .replace("|", "")
@@ -22,8 +22,9 @@ def challenge():
         .replace("$", "")
     )
     command = f"ls -l {directory}"
+
     print(f"DEBUG: {command=}")
-    listing = subprocess.run(
+    result = subprocess.run(
         command,  # the command to run
         shell=True,  # use the shell to run this command
         stdout=subprocess.PIPE,  # capture the standard output
@@ -36,8 +37,8 @@ def challenge():
         Welcome to the dirlister service! Please choose a directory to list the files of:
         <form><input type=text name=directory><input type=submit value=Submit></form>
         <hr>
-        <b>Output of: ls -l {directory}</b><br>
-        <pre>{listing}</pre>
+        <b>Output of {command}:</b><br>
+        <pre>{result}</pre>
         </body></html>
         """
 

web-security/cmdi-ls-filter/_1/server

@@ -0,0 +1,50 @@
+#!/opt/pwn.college/python
+
+import subprocess
+import flask
+import os
+
+app = flask.Flask(__name__)
+
+
+@app.route("/objective", methods=["GET"])
+def challenge():
+    directory = (
+        flask.request.args.get("root", "/challenge")
+        .replace(";", "")
+        .replace("&", "")
+        .replace("|", "")
+        .replace(">", "")
+        .replace("<", "")
+        .replace("(", "")
+        .replace(")", "")
+        .replace("`", "")
+        .replace("$", "")
+    )
+    command = f"ls -l {directory}"
+
+    print(f"DEBUG: {command=}")
+    result = subprocess.run(
+        command,  # the command to run
+        shell=True,  # use the shell to run this command
+        stdout=subprocess.PIPE,  # capture the standard output
+        stderr=subprocess.STDOUT,  # 2>&1
+        encoding="latin",  # capture the resulting output as text
+    ).stdout
+
+    return f"""
+        <html><body>
+        Welcome to the dirlister service! Please choose a directory to list the files of:
+        <form><input type=text name=directory><input type=submit value=Submit></form>
+        <hr>
+        <b>Output of {command}:</b><br>
+        <pre>{result}</pre>
+        </body></html>
+        """
+
+
+os.setuid(os.geteuid())
+os.environ["PATH"] = "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+app.secret_key = os.urandom(8)
+app.config["SERVER_NAME"] = f"challenge.localhost:80"
+app.run("challenge.localhost", 80)

web-security/cmdi-ls-filter/_10/server

@@ -0,0 +1,50 @@
+#!/opt/pwn.college/python
+
+import subprocess
+import flask
+import os
+
+app = flask.Flask(__name__)
+
+
+@app.route("/stage", methods=["GET"])
+def challenge():
+    directory = (
+        flask.request.args.get("output-path", "/challenge")
+        .replace(";", "")
+        .replace("&", "")
+        .replace("|", "")
+        .replace(">", "")
+        .replace("<", "")
+        .replace("(", "")
+        .replace(")", "")
+        .replace("`", "")
+        .replace("$", "")
+    )
+    command = f"ls -l {directory}"
+
+    print(f"DEBUG: {command=}")
+    result = subprocess.run(
+        command,  # the command to run
+        shell=True,  # use the shell to run this command
+        stdout=subprocess.PIPE,  # capture the standard output
+        stderr=subprocess.STDOUT,  # 2>&1
+        encoding="latin",  # capture the resulting output as text
+    ).stdout
+
+    return f"""
+        <html><body>
+        Welcome to the dirlister service! Please choose a directory to list the files of:
+        <form><input type=text name=directory><input type=submit value=Submit></form>
+        <hr>
+        <b>Output of {command}:</b><br>
+        <pre>{result}</pre>
+        </body></html>
+        """
+
+
+os.setuid(os.geteuid())
+os.environ["PATH"] = "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+app.secret_key = os.urandom(8)
+app.config["SERVER_NAME"] = f"challenge.localhost:80"
+app.run("challenge.localhost", 80)

web-security/cmdi-ls-filter/_11/server

@@ -0,0 +1,50 @@
+#!/opt/pwn.college/python
+
+import subprocess
+import flask
+import os
+
+app = flask.Flask(__name__)
+
+
+@app.route("/checkpoint", methods=["GET"])
+def challenge():
+    directory = (
+        flask.request.args.get("top-path", "/challenge")
+        .replace(";", "")
+        .replace("&", "")
+        .replace("|", "")
+        .replace(">", "")
+        .replace("<", "")
+        .replace("(", "")
+        .replace(")", "")
+        .replace("`", "")
+        .replace("$", "")
+    )
+    command = f"ls -l {directory}"
+
+    print(f"DEBUG: {command=}")
+    result = subprocess.run(
+        command,  # the command to run
+        shell=True,  # use the shell to run this command
+        stdout=subprocess.PIPE,  # capture the standard output
+        stderr=subprocess.STDOUT,  # 2>&1
+        encoding="latin",  # capture the resulting output as text
+    ).stdout
+
+    return f"""
+        <html><body>
+        Welcome to the dirlister service! Please choose a directory to list the files of:
+        <form><input type=text name=directory><input type=submit value=Submit></form>
+        <hr>
+        <b>Output of {command}:</b><br>
+        <pre>{result}</pre>
+        </body></html>
+        """
+
+
+os.setuid(os.geteuid())
+os.environ["PATH"] = "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+app.secret_key = os.urandom(8)
+app.config["SERVER_NAME"] = f"challenge.localhost:80"
+app.run("challenge.localhost", 80)

web-security/cmdi-ls-filter/_12/server

@@ -0,0 +1,50 @@
+#!/opt/pwn.college/python
+
+import subprocess
+import flask
+import os
+
+app = flask.Flask(__name__)
+
+
+@app.route("/quest", methods=["GET"])
+def challenge():
+    directory = (
+        flask.request.args.get("location", "/challenge")
+        .replace(";", "")
+        .replace("&", "")
+        .replace("|", "")
+        .replace(">", "")
+        .replace("<", "")
+        .replace("(", "")
+        .replace(")", "")
+        .replace("`", "")
+        .replace("$", "")
+    )
+    command = f"ls -l {directory}"
+
+    print(f"DEBUG: {command=}")
+    result = subprocess.run(
+        command,  # the command to run
+        shell=True,  # use the shell to run this command
+        stdout=subprocess.PIPE,  # capture the standard output
+        stderr=subprocess.STDOUT,  # 2>&1
+        encoding="latin",  # capture the resulting output as text
+    ).stdout
+
+    return f"""
+        <html><body>
+        Welcome to the dirlister service! Please choose a directory to list the files of:
+        <form><input type=text name=directory><input type=submit value=Submit></form>
+        <hr>
+        <b>Output of {command}:</b><br>
+        <pre>{result}</pre>
+        </body></html>
+        """
+
+
+os.setuid(os.geteuid())
+os.environ["PATH"] = "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+app.secret_key = os.urandom(8)
+app.config["SERVER_NAME"] = f"challenge.localhost:80"
+app.run("challenge.localhost", 80)

web-security/cmdi-ls-filter/_13/server

@@ -0,0 +1,50 @@
+#!/opt/pwn.college/python
+
+import subprocess
+import flask
+import os
+
+app = flask.Flask(__name__)
+
+
+@app.route("/test", methods=["GET"])
+def challenge():
+    directory = (
+        flask.request.args.get("subdirectory", "/challenge")
+        .replace(";", "")
+        .replace("&", "")
+        .replace("|", "")
+        .replace(">", "")
+        .replace("<", "")
+        .replace("(", "")
+        .replace(")", "")
+        .replace("`", "")
+        .replace("$", "")
+    )
+    command = f"ls -l {directory}"
+
+    print(f"DEBUG: {command=}")
+    result = subprocess.run(
+        command,  # the command to run
+        shell=True,  # use the shell to run this command
+        stdout=subprocess.PIPE,  # capture the standard output
+        stderr=subprocess.STDOUT,  # 2>&1
+        encoding="latin",  # capture the resulting output as text
+    ).stdout
+
+    return f"""
+        <html><body>
+        Welcome to the dirlister service! Please choose a directory to list the files of:
+        <form><input type=text name=directory><input type=submit value=Submit></form>
+        <hr>
+        <b>Output of {command}:</b><br>
+        <pre>{result}</pre>
+        </body></html>
+        """
+
+
+os.setuid(os.geteuid())
+os.environ["PATH"] = "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+app.secret_key = os.urandom(8)
+app.config["SERVER_NAME"] = f"challenge.localhost:80"
+app.run("challenge.localhost", 80)

web-security/cmdi-ls-filter/_14/server

@@ -0,0 +1,50 @@
+#!/opt/pwn.college/python
+
+import subprocess
+import flask
+import os
+
+app = flask.Flask(__name__)
+
+
+@app.route("/task", methods=["GET"])
+def challenge():
+    directory = (
+        flask.request.args.get("root", "/challenge")
+        .replace(";", "")
+        .replace("&", "")
+        .replace("|", "")
+        .replace(">", "")
+        .replace("<", "")
+        .replace("(", "")
+        .replace(")", "")
+        .replace("`", "")
+        .replace("$", "")
+    )
+    command = f"ls -l {directory}"
+
+    print(f"DEBUG: {command=}")
+    result = subprocess.run(
+        command,  # the command to run
+        shell=True,  # use the shell to run this command
+        stdout=subprocess.PIPE,  # capture the standard output
+        stderr=subprocess.STDOUT,  # 2>&1
+        encoding="latin",  # capture the resulting output as text
+    ).stdout
+
+    return f"""
+        <html><body>
+        Welcome to the dirlister service! Please choose a directory to list the files of:
+        <form><input type=text name=directory><input type=submit value=Submit></form>
+        <hr>
+        <b>Output of {command}:</b><br>
+        <pre>{result}</pre>
+        </body></html>
+        """
+
+
+os.setuid(os.geteuid())
+os.environ["PATH"] = "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+app.secret_key = os.urandom(8)
+app.config["SERVER_NAME"] = f"challenge.localhost:80"
+app.run("challenge.localhost", 80)

web-security/cmdi-ls-filter/_15/server

@@ -0,0 +1,50 @@
+#!/opt/pwn.college/python
+
+import subprocess
+import flask
+import os
+
+app = flask.Flask(__name__)
+
+
+@app.route("/challenge", methods=["GET"])
+def challenge():
+    directory = (
+        flask.request.args.get("path", "/challenge")
+        .replace(";", "")
+        .replace("&", "")
+        .replace("|", "")
+        .replace(">", "")
+        .replace("<", "")
+        .replace("(", "")
+        .replace(")", "")
+        .replace("`", "")
+        .replace("$", "")
+    )
+    command = f"ls -l {directory}"
+
+    print(f"DEBUG: {command=}")
+    result = subprocess.run(
+        command,  # the command to run
+        shell=True,  # use the shell to run this command
+        stdout=subprocess.PIPE,  # capture the standard output
+        stderr=subprocess.STDOUT,  # 2>&1
+        encoding="latin",  # capture the resulting output as text
+    ).stdout
+
+    return f"""
+        <html><body>
+        Welcome to the dirlister service! Please choose a directory to list the files of:
+        <form><input type=text name=directory><input type=submit value=Submit></form>
+        <hr>
+        <b>Output of {command}:</b><br>
+        <pre>{result}</pre>
+        </body></html>
+        """
+
+
+os.setuid(os.geteuid())
+os.environ["PATH"] = "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+app.secret_key = os.urandom(8)
+app.config["SERVER_NAME"] = f"challenge.localhost:80"
+app.run("challenge.localhost", 80)