simplify the port situation in web-security

pwncollege · Sep 28, 2024 · 4e2e614 · 4e2e614
1 parent 989fb70
commit 4e2e614
Show file tree

Hide file tree

Showing 39 changed files with 58 additions and 131 deletions.
diff --git a/web-security/auth-bypass-cookie/server b/web-security/auth-bypass-cookie/server
@@ -61,6 +61,5 @@ def challenge_get():
     """
 
 app.secret_key = os.urandom(8)
-port = 8080 if os.geteuid() else 80
-app.config['SERVER_NAME'] = f"challenge.localhost:{port}"
-app.run("challenge.localhost", port)
+app.config['SERVER_NAME'] = f"challenge.localhost:80"
+app.run("challenge.localhost", 80)
diff --git a/web-security/cmdi-ls-filter/server b/web-security/cmdi-ls-filter/server
@@ -43,6 +43,5 @@ def challenge():
 os.setuid(os.geteuid())
 os.environ["PATH"] = "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
 app.secret_key = os.urandom(8)
-port = 8080 if os.geteuid() else 80
-app.config['SERVER_NAME'] = f"challenge.localhost:{port}"
-app.run("challenge.localhost", port)
+app.config['SERVER_NAME'] = f"challenge.localhost:80"
+app.run("challenge.localhost", 80)
diff --git a/web-security/cmdi-ls-pipe/server b/web-security/cmdi-ls-pipe/server
@@ -32,6 +32,5 @@ def challenge():
 os.setuid(os.geteuid())
 os.environ["PATH"] = "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
 app.secret_key = os.urandom(8)
-port = 8080 if os.geteuid() else 80
-app.config['SERVER_NAME'] = f"challenge.localhost:{port}"
-app.run("challenge.localhost", port)
+app.config['SERVER_NAME'] = f"challenge.localhost:80"
+app.run("challenge.localhost", 80)
diff --git a/web-security/cmdi-ls-quote/server b/web-security/cmdi-ls-quote/server
@@ -32,6 +32,5 @@ def challenge():
 os.setuid(os.geteuid())
 os.environ["PATH"] = "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
 app.secret_key = os.urandom(8)
-port = 8080 if os.geteuid() else 80
-app.config['SERVER_NAME'] = f"challenge.localhost:{port}"
-app.run("challenge.localhost", port)
+app.config['SERVER_NAME'] = f"challenge.localhost:80"
+app.run("challenge.localhost", 80)
diff --git a/web-security/cmdi-ls-semicolon/server b/web-security/cmdi-ls-semicolon/server
@@ -32,6 +32,5 @@ def challenge():
 os.setuid(os.geteuid())
 os.environ["PATH"] = "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
 app.secret_key = os.urandom(8)
-port = 8080 if os.geteuid() else 80
-app.config['SERVER_NAME'] = f"challenge.localhost:{port}"
-app.run("challenge.localhost", port)
+app.config['SERVER_NAME'] = f"challenge.localhost:80"
+app.run("challenge.localhost", 80)
diff --git a/web-security/cmdi-touch-blind/server b/web-security/cmdi-touch-blind/server
@@ -31,6 +31,5 @@ def challenge():
 os.setuid(os.geteuid())
 os.environ["PATH"] = "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
 app.secret_key = os.urandom(8)
-port = 8080 if os.geteuid() else 80
-app.config['SERVER_NAME'] = f"challenge.localhost:{port}"
-app.run("challenge.localhost", port)
+app.config['SERVER_NAME'] = f"challenge.localhost:80"
+app.run("challenge.localhost", 80)
diff --git a/web-security/csrf-reflected-alert/server b/web-security/csrf-reflected-alert/server
@@ -126,6 +126,5 @@ def challenge_get():
     return page + "</body></html>"
 
 app.secret_key = os.urandom(8)
-port = 8080 if os.geteuid() else 80
-app.config['SERVER_NAME'] = f"challenge.localhost:{port}"
-app.run("challenge.localhost", port)
+app.config['SERVER_NAME'] = f"challenge.localhost:80"
+app.run("challenge.localhost", 80)
diff --git a/web-security/csrf-reflected-alert/victim b/web-security/csrf-reflected-alert/victim
@@ -30,10 +30,6 @@ if 80 in open_ports:
     print("Port 80 is open. Will connect to the service there.")
     challenge_url = "http://challenge.localhost:80/"
     flag = open("/flag").read().strip()
-elif 8080 in open_ports:
-    print("Port 8080 is open. Will connect to the service there. 8080 is the debug port, so you will earn a fake flag.")
-    challenge_url = "http://challenge.localhost:8080/"
-    flag = "pwn.college{fake_flag}"
 else:
     print("Services don't seem to be running?")
     sys.exit(1)

diff --git a/web-security/level-1/server b/web-security/level-1/server
@@ -21,6 +21,5 @@ def challenge(path="index.html"):
         flask.abort(500, requested_path + ":" + str(e))
 
 app.secret_key = os.urandom(8)
-port = 8080 if os.geteuid() else 80
-app.config['SERVER_NAME'] = f"challenge.localhost:{port}"
-app.run("challenge.localhost", port)
+app.config['SERVER_NAME'] = f"challenge.localhost:80"
+app.run("challenge.localhost", 80)
diff --git a/web-security/level-10/server b/web-security/level-10/server
@@ -99,6 +99,5 @@ def challenge_get():
     return page + "</body></html>"
 
 app.secret_key = os.urandom(8)
-port = 8080 if os.geteuid() else 80
-app.config['SERVER_NAME'] = f"challenge.localhost:{port}"
-app.run("challenge.localhost", port)
+app.config['SERVER_NAME'] = f"challenge.localhost:80"
+app.run("challenge.localhost", 80)
diff --git a/web-security/level-10/victim b/web-security/level-10/victim
@@ -30,10 +30,6 @@ if 80 in open_ports:
     print("Port 80 is open. Will connect to the service there.")
     challenge_url = "http://challenge.localhost:80/"
     flag = open("/flag").read().strip()
-elif 8080 in open_ports:
-    print("Port 8080 is open. Will connect to the service there. 8080 is the debug port, so you will earn a fake flag.")
-    challenge_url = "http://challenge.localhost:8080/"
-    flag = "pwn.college{fake_flag}"
 else:
     print("Services don't seem to be running?")
     sys.exit(1)

diff --git a/web-security/level-11/server b/web-security/level-11/server
@@ -101,6 +101,5 @@ def challenge_get():
     return page + "</body></html>"
 
 app.secret_key = os.urandom(8)
-port = 8080 if os.geteuid() else 80
-app.config['SERVER_NAME'] = f"challenge.localhost:{port}"
-app.run("challenge.localhost", port)
+app.config['SERVER_NAME'] = f"challenge.localhost:80"
+app.run("challenge.localhost", 80)
diff --git a/web-security/level-11/victim b/web-security/level-11/victim
@@ -30,10 +30,6 @@ if 80 in open_ports:
     print("Port 80 is open. Will connect to the service there.")
     challenge_url = "http://challenge.localhost:80/"
     flag = open("/flag").read().strip()
-elif 8080 in open_ports:
-    print("Port 8080 is open. Will connect to the service there. 8080 is the debug port, so you will earn a fake flag.")
-    challenge_url = "http://challenge.localhost:8080/"
-    flag = "pwn.college{fake_flag}"
 else:
     print("Services don't seem to be running?")
     sys.exit(1)

diff --git a/web-security/level-12/server b/web-security/level-12/server
@@ -101,6 +101,5 @@ def challenge_get():
     return page + "</body></html>"
 
 app.secret_key = os.urandom(8)
-port = 8080 if os.geteuid() else 80
-app.config['SERVER_NAME'] = f"challenge.localhost:{port}"
-app.run("challenge.localhost", port)
+app.config['SERVER_NAME'] = f"challenge.localhost:80"
+app.run("challenge.localhost", 80)
diff --git a/web-security/level-12/victim b/web-security/level-12/victim
@@ -30,10 +30,6 @@ if 80 in open_ports:
     print("Port 80 is open. Will connect to the service there.")
     challenge_url = "http://challenge.localhost:80/"
     flag = open("/flag").read().strip()
-elif 8080 in open_ports:
-    print("Port 8080 is open. Will connect to the service there. 8080 is the debug port, so you will earn a fake flag.")
-    challenge_url = "http://challenge.localhost:8080/"
-    flag = "pwn.college{fake_flag}"
 else:
     print("Services don't seem to be running?")
     sys.exit(1)

diff --git a/web-security/level-13/server b/web-security/level-13/server
@@ -126,6 +126,5 @@ def challenge_get():
     return page + "</body></html>"
 
 app.secret_key = os.urandom(8)
-port = 8080 if os.geteuid() else 80
-app.config['SERVER_NAME'] = f"challenge.localhost:{port}"
-app.run("challenge.localhost", port)
+app.config['SERVER_NAME'] = f"challenge.localhost:80"
+app.run("challenge.localhost", 80)
diff --git a/web-security/level-13/victim b/web-security/level-13/victim
@@ -30,10 +30,6 @@ if 80 in open_ports:
     print("Port 80 is open. Will connect to the service there.")
     challenge_url = "http://challenge.localhost:80/"
     flag = open("/flag").read().strip()
-elif 8080 in open_ports:
-    print("Port 8080 is open. Will connect to the service there. 8080 is the debug port, so you will earn a fake flag.")
-    challenge_url = "http://challenge.localhost:8080/"
-    flag = "pwn.college{fake_flag}"
 else:
     print("Services don't seem to be running?")
     sys.exit(1)

diff --git a/web-security/level-14/server b/web-security/level-14/server
@@ -122,6 +122,5 @@ def challenge_get():
     return page + "</body></html>"
 
 app.secret_key = os.urandom(8)
-port = 8080 if os.geteuid() else 80
-app.config['SERVER_NAME'] = f"challenge.localhost:{port}"
-app.run("challenge.localhost", port)
+app.config['SERVER_NAME'] = f"challenge.localhost:80"
+app.run("challenge.localhost", 80)
diff --git a/web-security/level-14/victim b/web-security/level-14/victim
@@ -30,10 +30,6 @@ if 80 in open_ports:
     print("Port 80 is open. Will connect to the service there.")
     challenge_url = "http://challenge.localhost:80/"
     flag = open("/flag").read().strip()
-elif 8080 in open_ports:
-    print("Port 8080 is open. Will connect to the service there. 8080 is the debug port, so you will earn a fake flag.")
-    challenge_url = "http://challenge.localhost:8080/"
-    flag = "pwn.college{fake_flag}"
 else:
     print("Services don't seem to be running?")
     sys.exit(1)

diff --git a/web-security/level-2/server b/web-security/level-2/server
@@ -32,6 +32,5 @@ def challenge():
 os.setuid(os.geteuid())
 os.environ["PATH"] = "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
 app.secret_key = os.urandom(8)
-port = 8080 if os.geteuid() else 80
-app.config['SERVER_NAME'] = f"challenge.localhost:{port}"
-app.run("challenge.localhost", port)
+app.config['SERVER_NAME'] = f"challenge.localhost:80"
+app.run("challenge.localhost", 80)
diff --git a/web-security/level-3/server b/web-security/level-3/server
@@ -63,6 +63,5 @@ def challenge_get():
     """
 
 app.secret_key = os.urandom(8)
-port = 8080 if os.geteuid() else 80
-app.config['SERVER_NAME'] = f"challenge.localhost:{port}"
-app.run("challenge.localhost", port)
+app.config['SERVER_NAME'] = f"challenge.localhost:80"
+app.run("challenge.localhost", 80)
diff --git a/web-security/level-4/server b/web-security/level-4/server
@@ -66,6 +66,5 @@ def challenge_get():
     """
 
 app.secret_key = os.urandom(8)
-port = 8080 if os.geteuid() else 80
-app.config['SERVER_NAME'] = f"challenge.localhost:{port}"
-app.run("challenge.localhost", port)
+app.config['SERVER_NAME'] = f"challenge.localhost:80"
+app.run("challenge.localhost", 80)
diff --git a/web-security/level-5/server b/web-security/level-5/server
@@ -47,6 +47,5 @@ def challenge():
         """
 
 app.secret_key = os.urandom(8)
-port = 8080 if os.geteuid() else 80
-app.config['SERVER_NAME'] = f"challenge.localhost:{port}"
-app.run("challenge.localhost", port)
+app.config['SERVER_NAME'] = f"challenge.localhost:80"
+app.run("challenge.localhost", 80)
diff --git a/web-security/level-6/server b/web-security/level-6/server
@@ -50,6 +50,5 @@ def challenge():
         """
 
 app.secret_key = os.urandom(8)
-port = 8080 if os.geteuid() else 80
-app.config['SERVER_NAME'] = f"challenge.localhost:{port}"
-app.run("challenge.localhost", port)
+app.config['SERVER_NAME'] = f"challenge.localhost:80"
+app.run("challenge.localhost", 80)
diff --git a/web-security/level-7/server b/web-security/level-7/server
@@ -64,6 +64,5 @@ def challenge_get():
     """
 
 app.secret_key = os.urandom(8)
-port = 8080 if os.geteuid() else 80
-app.config['SERVER_NAME'] = f"challenge.localhost:{port}"
-app.run("challenge.localhost", port)
+app.config['SERVER_NAME'] = f"challenge.localhost:80"
+app.run("challenge.localhost", 80)
diff --git a/web-security/level-8/server b/web-security/level-8/server
@@ -16,6 +16,5 @@ def challenge_get():
     """
 
 app.secret_key = os.urandom(8)
-port = 8080 if os.geteuid() else 80
-app.config['SERVER_NAME'] = f"challenge.localhost:{port}"
-app.run("challenge.localhost", port)
+app.config['SERVER_NAME'] = f"challenge.localhost:80"
+app.run("challenge.localhost", 80)
diff --git a/web-security/level-8/victim b/web-security/level-8/victim
@@ -34,13 +34,10 @@ url_parsed = urllib.parse.urlparse(challenge_url)
 if url_parsed.hostname != "challenge.localhost":
     print("Hostname should be 'challenge.localhost'.")
     sys.exit(2)
-if url_parsed.port == 8080:
-    print("Will give fake flag for debug port (8080)...")
-    reward = "pwn.college{fake_flag}"
-elif url_parsed.port in {None, 80}:
+if url_parsed.port in {None, 80}:
     reward = open("/flag").read()
 else:
-    print("Port should be 80 (real service) or 8080 (debug port).")
+    print("Port should be 80.")
     sys.exit(3)
 
 print(f"Visiting {challenge_url}")

diff --git a/web-security/level-9/server b/web-security/level-9/server
@@ -19,6 +19,5 @@ def challenge_get():
     """
 
 app.secret_key = os.urandom(8)
-port = 8080 if os.geteuid() else 80
-app.config['SERVER_NAME'] = f"challenge.localhost:{port}"
-app.run("challenge.localhost", port)
+app.config['SERVER_NAME'] = f"challenge.localhost:80"
+app.run("challenge.localhost", 80)
diff --git a/web-security/level-9/victim b/web-security/level-9/victim
@@ -34,13 +34,10 @@ url_parsed = urllib.parse.urlparse(challenge_url)
 if url_parsed.hostname != "challenge.localhost":
     print("Hostname should be 'challenge.localhost'.")
     sys.exit(2)
-if url_parsed.port == 8080:
-    print("Will give fake flag for debug port (8080)...")
-    reward = "pwn.college{fake_flag}"
-elif url_parsed.port in {None, 80}:
+if url_parsed.port in {None, 80}:
     reward = open("/flag").read()
 else:
-    print("Port should be 80 (real service) or 8080 (debug port).")
+    print("Port should be 80 (real service).")
     sys.exit(3)
 
 print(f"Visiting {challenge_url}")

diff --git a/web-security/path-traversal-2/server b/web-security/path-traversal-2/server
@@ -21,6 +21,5 @@ def challenge(path="index.html"):
         flask.abort(500, requested_path + ":" + str(e))
 
 app.secret_key = os.urandom(8)
-port = 8080 if os.geteuid() else 80
-app.config['SERVER_NAME'] = f"challenge.localhost:{port}"
-app.run("challenge.localhost", port)
+app.config['SERVER_NAME'] = f"challenge.localhost:80"
+app.run("challenge.localhost", 80)
diff --git a/web-security/sqli-pin/server b/web-security/sqli-pin/server
@@ -70,6 +70,5 @@ def challenge_get():
     """
 
 app.secret_key = os.urandom(8)
-port = 8080 if os.geteuid() else 80
-app.config['SERVER_NAME'] = f"challenge.localhost:{port}"
-app.run("challenge.localhost", port)
+app.config['SERVER_NAME'] = f"challenge.localhost:80"
+app.run("challenge.localhost", 80)
diff --git a/web-security/xss-exfil-cookie/server b/web-security/xss-exfil-cookie/server
@@ -114,6 +114,5 @@ def challenge_get():
     return page + "</body></html>"
 
 app.secret_key = os.urandom(8)
-port = 8080 if os.geteuid() else 80
-app.config['SERVER_NAME'] = f"challenge.localhost:{port}"
-app.run("challenge.localhost", port)
+app.config['SERVER_NAME'] = f"challenge.localhost:80"
+app.run("challenge.localhost", 80)
diff --git a/web-security/xss-exfil-cookie/victim b/web-security/xss-exfil-cookie/victim
@@ -30,10 +30,6 @@ if 80 in open_ports:
     print("Port 80 is open. Will connect to the service there.")
     challenge_url = "http://challenge.localhost:80/"
     flag = open("/flag").read().strip()
-elif 8080 in open_ports:
-    print("Port 8080 is open. Will connect to the service there. 8080 is the debug port, so you will earn a fake flag.")
-    challenge_url = "http://challenge.localhost:8080/"
-    flag = "pwn.college{fake_flag}"
 else:
     print("Services don't seem to be running?")
     sys.exit(1)

diff --git a/web-security/xss-rf-post/server b/web-security/xss-rf-post/server
@@ -100,6 +100,5 @@ def challenge_get():
     return page + "</body></html>"
 
 app.secret_key = os.urandom(8)
-port = 8080 if os.geteuid() else 80
-app.config['SERVER_NAME'] = f"challenge.localhost:{port}"
-app.run("challenge.localhost", port)
+app.config['SERVER_NAME'] = f"challenge.localhost:80"
+app.run("challenge.localhost", 80)
diff --git a/web-security/xss-rf-post/victim b/web-security/xss-rf-post/victim
@@ -30,10 +30,6 @@ if 80 in open_ports:
     print("Port 80 is open. Will connect to the service there.")
     challenge_url = "http://challenge.localhost:80/"
     flag = open("/flag").read().strip()
-elif 8080 in open_ports:
-    print("Port 8080 is open. Will connect to the service there. 8080 is the debug port, so you will earn a fake flag.")
-    challenge_url = "http://challenge.localhost:8080/"
-    flag = "pwn.college{fake_flag}"
 else:
     print("Services don't seem to be running?")
     sys.exit(1)

diff --git a/web-security/xss-stored-alert/server b/web-security/xss-stored-alert/server
@@ -40,6 +40,5 @@ def challenge_get():
     return page + "</body></html>"
 
 app.secret_key = os.urandom(8)
-port = 8080 if os.geteuid() else 80
-app.config['SERVER_NAME'] = f"challenge.localhost:{port}"
-app.run("challenge.localhost", port)
+app.config['SERVER_NAME'] = f"challenge.localhost:80"
+app.run("challenge.localhost", 80)
diff --git a/web-security/xss-stored-alert/victim b/web-security/xss-stored-alert/victim
@@ -30,10 +30,6 @@ if 80 in open_ports:
     print("Port 80 is open. Will connect to the service there.")
     challenge_url = "http://challenge.localhost:80/"
     flag = open("/flag").read().strip()
-elif 8080 in open_ports:
-    print("Port 8080 is open. Will connect to the service there. 8080 is the debug port, so you will earn a fake flag.")
-    challenge_url = "http://challenge.localhost:8080/"
-    flag = "pwn.college{fake_flag}"
 else:
     print("Services don't seem to be running?")
     sys.exit(1)

diff --git a/web-security/xss-stored-html/server b/web-security/xss-stored-html/server
@@ -40,6 +40,5 @@ def challenge_get():
     return page + "</body></html>"
 
 app.secret_key = os.urandom(8)
-port = 8080 if os.geteuid() else 80
-app.config['SERVER_NAME'] = f"challenge.localhost:{port}"
-app.run("challenge.localhost", port)
+app.config['SERVER_NAME'] = f"challenge.localhost:80"
+app.run("challenge.localhost", 80)
diff --git a/web-security/xss-stored-html/victim b/web-security/xss-stored-html/victim
@@ -10,10 +10,6 @@ if 80 in open_ports:
     print("Port 80 is open. Will connect to the service there.")
     challenge_url = "http://challenge.localhost:80/"
     flag = open("/flag").read().strip()
-elif 8080 in open_ports:
-    print("Port 8080 is open. Will connect to the service there.")
-    challenge_url = "http://challenge.localhost:8080/"
-    flag = "pwn.college{fake_flag}"
 else:
     print("Services don't seem to be running?")
     sys.exit(1)