diff --git a/web-security/auth-bypass-cookie/server b/web-security/auth-bypass-cookie/server index 27e56fc5..70b986d3 100755 --- a/web-security/auth-bypass-cookie/server +++ b/web-security/auth-bypass-cookie/server @@ -61,6 +61,5 @@ def challenge_get(): """ app.secret_key = os.urandom(8) -port = 8080 if os.geteuid() else 80 -app.config['SERVER_NAME'] = f"challenge.localhost:{port}" -app.run("challenge.localhost", port) +app.config['SERVER_NAME'] = f"challenge.localhost:80" +app.run("challenge.localhost", 80) diff --git a/web-security/cmdi-ls-filter/server b/web-security/cmdi-ls-filter/server index d6085e0b..bc9146d5 100755 --- a/web-security/cmdi-ls-filter/server +++ b/web-security/cmdi-ls-filter/server @@ -43,6 +43,5 @@ def challenge(): os.setuid(os.geteuid()) os.environ["PATH"] = "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" app.secret_key = os.urandom(8) -port = 8080 if os.geteuid() else 80 -app.config['SERVER_NAME'] = f"challenge.localhost:{port}" -app.run("challenge.localhost", port) +app.config['SERVER_NAME'] = f"challenge.localhost:80" +app.run("challenge.localhost", 80) diff --git a/web-security/cmdi-ls-pipe/server b/web-security/cmdi-ls-pipe/server index 5a590ede..f8f4a0d8 100755 --- a/web-security/cmdi-ls-pipe/server +++ b/web-security/cmdi-ls-pipe/server @@ -32,6 +32,5 @@ def challenge(): os.setuid(os.geteuid()) os.environ["PATH"] = "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" app.secret_key = os.urandom(8) -port = 8080 if os.geteuid() else 80 -app.config['SERVER_NAME'] = f"challenge.localhost:{port}" -app.run("challenge.localhost", port) +app.config['SERVER_NAME'] = f"challenge.localhost:80" +app.run("challenge.localhost", 80) diff --git a/web-security/cmdi-ls-quote/server b/web-security/cmdi-ls-quote/server index 8dda96b6..79c09076 100755 --- a/web-security/cmdi-ls-quote/server +++ b/web-security/cmdi-ls-quote/server @@ -32,6 +32,5 @@ def challenge(): os.setuid(os.geteuid()) os.environ["PATH"] = "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" app.secret_key = os.urandom(8) -port = 8080 if os.geteuid() else 80 -app.config['SERVER_NAME'] = f"challenge.localhost:{port}" -app.run("challenge.localhost", port) +app.config['SERVER_NAME'] = f"challenge.localhost:80" +app.run("challenge.localhost", 80) diff --git a/web-security/cmdi-ls-semicolon/server b/web-security/cmdi-ls-semicolon/server index 8a12fbe5..7e23bdff 100755 --- a/web-security/cmdi-ls-semicolon/server +++ b/web-security/cmdi-ls-semicolon/server @@ -32,6 +32,5 @@ def challenge(): os.setuid(os.geteuid()) os.environ["PATH"] = "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" app.secret_key = os.urandom(8) -port = 8080 if os.geteuid() else 80 -app.config['SERVER_NAME'] = f"challenge.localhost:{port}" -app.run("challenge.localhost", port) +app.config['SERVER_NAME'] = f"challenge.localhost:80" +app.run("challenge.localhost", 80) diff --git a/web-security/cmdi-touch-blind/server b/web-security/cmdi-touch-blind/server index 729f3ce2..6c3547a3 100755 --- a/web-security/cmdi-touch-blind/server +++ b/web-security/cmdi-touch-blind/server @@ -31,6 +31,5 @@ def challenge(): os.setuid(os.geteuid()) os.environ["PATH"] = "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" app.secret_key = os.urandom(8) -port = 8080 if os.geteuid() else 80 -app.config['SERVER_NAME'] = f"challenge.localhost:{port}" -app.run("challenge.localhost", port) +app.config['SERVER_NAME'] = f"challenge.localhost:80" +app.run("challenge.localhost", 80) diff --git a/web-security/csrf-reflected-alert/server b/web-security/csrf-reflected-alert/server index ee5b37a4..8e564b3b 100755 --- a/web-security/csrf-reflected-alert/server +++ b/web-security/csrf-reflected-alert/server @@ -126,6 +126,5 @@ def challenge_get(): return page + "" app.secret_key = os.urandom(8) -port = 8080 if os.geteuid() else 80 -app.config['SERVER_NAME'] = f"challenge.localhost:{port}" -app.run("challenge.localhost", port) +app.config['SERVER_NAME'] = f"challenge.localhost:80" +app.run("challenge.localhost", 80) diff --git a/web-security/csrf-reflected-alert/victim b/web-security/csrf-reflected-alert/victim index 3d6107f7..4249f4c2 100755 --- a/web-security/csrf-reflected-alert/victim +++ b/web-security/csrf-reflected-alert/victim @@ -30,10 +30,6 @@ if 80 in open_ports: print("Port 80 is open. Will connect to the service there.") challenge_url = "http://challenge.localhost:80/" flag = open("/flag").read().strip() -elif 8080 in open_ports: - print("Port 8080 is open. Will connect to the service there. 8080 is the debug port, so you will earn a fake flag.") - challenge_url = "http://challenge.localhost:8080/" - flag = "pwn.college{fake_flag}" else: print("Services don't seem to be running?") sys.exit(1) diff --git a/web-security/level-1/server b/web-security/level-1/server index 0b515a7b..d46e83b0 100755 --- a/web-security/level-1/server +++ b/web-security/level-1/server @@ -21,6 +21,5 @@ def challenge(path="index.html"): flask.abort(500, requested_path + ":" + str(e)) app.secret_key = os.urandom(8) -port = 8080 if os.geteuid() else 80 -app.config['SERVER_NAME'] = f"challenge.localhost:{port}" -app.run("challenge.localhost", port) +app.config['SERVER_NAME'] = f"challenge.localhost:80" +app.run("challenge.localhost", 80) diff --git a/web-security/level-10/server b/web-security/level-10/server index 5617f6c2..bf523888 100755 --- a/web-security/level-10/server +++ b/web-security/level-10/server @@ -99,6 +99,5 @@ def challenge_get(): return page + "" app.secret_key = os.urandom(8) -port = 8080 if os.geteuid() else 80 -app.config['SERVER_NAME'] = f"challenge.localhost:{port}" -app.run("challenge.localhost", port) +app.config['SERVER_NAME'] = f"challenge.localhost:80" +app.run("challenge.localhost", 80) diff --git a/web-security/level-10/victim b/web-security/level-10/victim index ceb3f51d..4eb1de26 100755 --- a/web-security/level-10/victim +++ b/web-security/level-10/victim @@ -30,10 +30,6 @@ if 80 in open_ports: print("Port 80 is open. Will connect to the service there.") challenge_url = "http://challenge.localhost:80/" flag = open("/flag").read().strip() -elif 8080 in open_ports: - print("Port 8080 is open. Will connect to the service there. 8080 is the debug port, so you will earn a fake flag.") - challenge_url = "http://challenge.localhost:8080/" - flag = "pwn.college{fake_flag}" else: print("Services don't seem to be running?") sys.exit(1) diff --git a/web-security/level-11/server b/web-security/level-11/server index 35c27029..0f1dd5b7 100755 --- a/web-security/level-11/server +++ b/web-security/level-11/server @@ -101,6 +101,5 @@ def challenge_get(): return page + "" app.secret_key = os.urandom(8) -port = 8080 if os.geteuid() else 80 -app.config['SERVER_NAME'] = f"challenge.localhost:{port}" -app.run("challenge.localhost", port) +app.config['SERVER_NAME'] = f"challenge.localhost:80" +app.run("challenge.localhost", 80) diff --git a/web-security/level-11/victim b/web-security/level-11/victim index d196f924..a73e199c 100755 --- a/web-security/level-11/victim +++ b/web-security/level-11/victim @@ -30,10 +30,6 @@ if 80 in open_ports: print("Port 80 is open. Will connect to the service there.") challenge_url = "http://challenge.localhost:80/" flag = open("/flag").read().strip() -elif 8080 in open_ports: - print("Port 8080 is open. Will connect to the service there. 8080 is the debug port, so you will earn a fake flag.") - challenge_url = "http://challenge.localhost:8080/" - flag = "pwn.college{fake_flag}" else: print("Services don't seem to be running?") sys.exit(1) diff --git a/web-security/level-12/server b/web-security/level-12/server index 29c72174..285ee727 100755 --- a/web-security/level-12/server +++ b/web-security/level-12/server @@ -101,6 +101,5 @@ def challenge_get(): return page + "" app.secret_key = os.urandom(8) -port = 8080 if os.geteuid() else 80 -app.config['SERVER_NAME'] = f"challenge.localhost:{port}" -app.run("challenge.localhost", port) +app.config['SERVER_NAME'] = f"challenge.localhost:80" +app.run("challenge.localhost", 80) diff --git a/web-security/level-12/victim b/web-security/level-12/victim index d196f924..a73e199c 100755 --- a/web-security/level-12/victim +++ b/web-security/level-12/victim @@ -30,10 +30,6 @@ if 80 in open_ports: print("Port 80 is open. Will connect to the service there.") challenge_url = "http://challenge.localhost:80/" flag = open("/flag").read().strip() -elif 8080 in open_ports: - print("Port 8080 is open. Will connect to the service there. 8080 is the debug port, so you will earn a fake flag.") - challenge_url = "http://challenge.localhost:8080/" - flag = "pwn.college{fake_flag}" else: print("Services don't seem to be running?") sys.exit(1) diff --git a/web-security/level-13/server b/web-security/level-13/server index ee5b37a4..8e564b3b 100755 --- a/web-security/level-13/server +++ b/web-security/level-13/server @@ -126,6 +126,5 @@ def challenge_get(): return page + "" app.secret_key = os.urandom(8) -port = 8080 if os.geteuid() else 80 -app.config['SERVER_NAME'] = f"challenge.localhost:{port}" -app.run("challenge.localhost", port) +app.config['SERVER_NAME'] = f"challenge.localhost:80" +app.run("challenge.localhost", 80) diff --git a/web-security/level-13/victim b/web-security/level-13/victim index f1092aea..38b2f3f0 100755 --- a/web-security/level-13/victim +++ b/web-security/level-13/victim @@ -30,10 +30,6 @@ if 80 in open_ports: print("Port 80 is open. Will connect to the service there.") challenge_url = "http://challenge.localhost:80/" flag = open("/flag").read().strip() -elif 8080 in open_ports: - print("Port 8080 is open. Will connect to the service there. 8080 is the debug port, so you will earn a fake flag.") - challenge_url = "http://challenge.localhost:8080/" - flag = "pwn.college{fake_flag}" else: print("Services don't seem to be running?") sys.exit(1) diff --git a/web-security/level-14/server b/web-security/level-14/server index 3751f4f3..e5cb257b 100755 --- a/web-security/level-14/server +++ b/web-security/level-14/server @@ -122,6 +122,5 @@ def challenge_get(): return page + "" app.secret_key = os.urandom(8) -port = 8080 if os.geteuid() else 80 -app.config['SERVER_NAME'] = f"challenge.localhost:{port}" -app.run("challenge.localhost", port) +app.config['SERVER_NAME'] = f"challenge.localhost:80" +app.run("challenge.localhost", 80) diff --git a/web-security/level-14/victim b/web-security/level-14/victim index f1092aea..38b2f3f0 100755 --- a/web-security/level-14/victim +++ b/web-security/level-14/victim @@ -30,10 +30,6 @@ if 80 in open_ports: print("Port 80 is open. Will connect to the service there.") challenge_url = "http://challenge.localhost:80/" flag = open("/flag").read().strip() -elif 8080 in open_ports: - print("Port 8080 is open. Will connect to the service there. 8080 is the debug port, so you will earn a fake flag.") - challenge_url = "http://challenge.localhost:8080/" - flag = "pwn.college{fake_flag}" else: print("Services don't seem to be running?") sys.exit(1) diff --git a/web-security/level-2/server b/web-security/level-2/server index ae845b50..79d4db3e 100755 --- a/web-security/level-2/server +++ b/web-security/level-2/server @@ -32,6 +32,5 @@ def challenge(): os.setuid(os.geteuid()) os.environ["PATH"] = "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" app.secret_key = os.urandom(8) -port = 8080 if os.geteuid() else 80 -app.config['SERVER_NAME'] = f"challenge.localhost:{port}" -app.run("challenge.localhost", port) +app.config['SERVER_NAME'] = f"challenge.localhost:80" +app.run("challenge.localhost", 80) diff --git a/web-security/level-3/server b/web-security/level-3/server index a98d27e0..d216da0c 100755 --- a/web-security/level-3/server +++ b/web-security/level-3/server @@ -63,6 +63,5 @@ def challenge_get(): """ app.secret_key = os.urandom(8) -port = 8080 if os.geteuid() else 80 -app.config['SERVER_NAME'] = f"challenge.localhost:{port}" -app.run("challenge.localhost", port) +app.config['SERVER_NAME'] = f"challenge.localhost:80" +app.run("challenge.localhost", 80) diff --git a/web-security/level-4/server b/web-security/level-4/server index 3a1daafc..5821d4c5 100755 --- a/web-security/level-4/server +++ b/web-security/level-4/server @@ -66,6 +66,5 @@ def challenge_get(): """ app.secret_key = os.urandom(8) -port = 8080 if os.geteuid() else 80 -app.config['SERVER_NAME'] = f"challenge.localhost:{port}" -app.run("challenge.localhost", port) +app.config['SERVER_NAME'] = f"challenge.localhost:80" +app.run("challenge.localhost", 80) diff --git a/web-security/level-5/server b/web-security/level-5/server index e815336f..2792ee47 100755 --- a/web-security/level-5/server +++ b/web-security/level-5/server @@ -47,6 +47,5 @@ def challenge(): """ app.secret_key = os.urandom(8) -port = 8080 if os.geteuid() else 80 -app.config['SERVER_NAME'] = f"challenge.localhost:{port}" -app.run("challenge.localhost", port) +app.config['SERVER_NAME'] = f"challenge.localhost:80" +app.run("challenge.localhost", 80) diff --git a/web-security/level-6/server b/web-security/level-6/server index c421f323..aa0f71ca 100755 --- a/web-security/level-6/server +++ b/web-security/level-6/server @@ -50,6 +50,5 @@ def challenge(): """ app.secret_key = os.urandom(8) -port = 8080 if os.geteuid() else 80 -app.config['SERVER_NAME'] = f"challenge.localhost:{port}" -app.run("challenge.localhost", port) +app.config['SERVER_NAME'] = f"challenge.localhost:80" +app.run("challenge.localhost", 80) diff --git a/web-security/level-7/server b/web-security/level-7/server index 2ab184e6..d9eb786f 100755 --- a/web-security/level-7/server +++ b/web-security/level-7/server @@ -64,6 +64,5 @@ def challenge_get(): """ app.secret_key = os.urandom(8) -port = 8080 if os.geteuid() else 80 -app.config['SERVER_NAME'] = f"challenge.localhost:{port}" -app.run("challenge.localhost", port) +app.config['SERVER_NAME'] = f"challenge.localhost:80" +app.run("challenge.localhost", 80) diff --git a/web-security/level-8/server b/web-security/level-8/server index a2462960..b94a4a9b 100755 --- a/web-security/level-8/server +++ b/web-security/level-8/server @@ -16,6 +16,5 @@ def challenge_get(): """ app.secret_key = os.urandom(8) -port = 8080 if os.geteuid() else 80 -app.config['SERVER_NAME'] = f"challenge.localhost:{port}" -app.run("challenge.localhost", port) +app.config['SERVER_NAME'] = f"challenge.localhost:80" +app.run("challenge.localhost", 80) diff --git a/web-security/level-8/victim b/web-security/level-8/victim index 1863a483..eadb1425 100755 --- a/web-security/level-8/victim +++ b/web-security/level-8/victim @@ -34,13 +34,10 @@ url_parsed = urllib.parse.urlparse(challenge_url) if url_parsed.hostname != "challenge.localhost": print("Hostname should be 'challenge.localhost'.") sys.exit(2) -if url_parsed.port == 8080: - print("Will give fake flag for debug port (8080)...") - reward = "pwn.college{fake_flag}" -elif url_parsed.port in {None, 80}: +if url_parsed.port in {None, 80}: reward = open("/flag").read() else: - print("Port should be 80 (real service) or 8080 (debug port).") + print("Port should be 80.") sys.exit(3) print(f"Visiting {challenge_url}") diff --git a/web-security/level-9/server b/web-security/level-9/server index ea594d50..ba793c44 100755 --- a/web-security/level-9/server +++ b/web-security/level-9/server @@ -19,6 +19,5 @@ def challenge_get(): """ app.secret_key = os.urandom(8) -port = 8080 if os.geteuid() else 80 -app.config['SERVER_NAME'] = f"challenge.localhost:{port}" -app.run("challenge.localhost", port) +app.config['SERVER_NAME'] = f"challenge.localhost:80" +app.run("challenge.localhost", 80) diff --git a/web-security/level-9/victim b/web-security/level-9/victim index 1863a483..29f58d83 100755 --- a/web-security/level-9/victim +++ b/web-security/level-9/victim @@ -34,13 +34,10 @@ url_parsed = urllib.parse.urlparse(challenge_url) if url_parsed.hostname != "challenge.localhost": print("Hostname should be 'challenge.localhost'.") sys.exit(2) -if url_parsed.port == 8080: - print("Will give fake flag for debug port (8080)...") - reward = "pwn.college{fake_flag}" -elif url_parsed.port in {None, 80}: +if url_parsed.port in {None, 80}: reward = open("/flag").read() else: - print("Port should be 80 (real service) or 8080 (debug port).") + print("Port should be 80 (real service).") sys.exit(3) print(f"Visiting {challenge_url}") diff --git a/web-security/path-traversal-2/server b/web-security/path-traversal-2/server index 146ba125..d1c05aa5 100755 --- a/web-security/path-traversal-2/server +++ b/web-security/path-traversal-2/server @@ -21,6 +21,5 @@ def challenge(path="index.html"): flask.abort(500, requested_path + ":" + str(e)) app.secret_key = os.urandom(8) -port = 8080 if os.geteuid() else 80 -app.config['SERVER_NAME'] = f"challenge.localhost:{port}" -app.run("challenge.localhost", port) +app.config['SERVER_NAME'] = f"challenge.localhost:80" +app.run("challenge.localhost", 80) diff --git a/web-security/sqli-pin/server b/web-security/sqli-pin/server index f2ace7a5..4678272b 100755 --- a/web-security/sqli-pin/server +++ b/web-security/sqli-pin/server @@ -70,6 +70,5 @@ def challenge_get(): """ app.secret_key = os.urandom(8) -port = 8080 if os.geteuid() else 80 -app.config['SERVER_NAME'] = f"challenge.localhost:{port}" -app.run("challenge.localhost", port) +app.config['SERVER_NAME'] = f"challenge.localhost:80" +app.run("challenge.localhost", 80) diff --git a/web-security/xss-exfil-cookie/server b/web-security/xss-exfil-cookie/server index df3d45fe..a3887f9b 100755 --- a/web-security/xss-exfil-cookie/server +++ b/web-security/xss-exfil-cookie/server @@ -114,6 +114,5 @@ def challenge_get(): return page + "" app.secret_key = os.urandom(8) -port = 8080 if os.geteuid() else 80 -app.config['SERVER_NAME'] = f"challenge.localhost:{port}" -app.run("challenge.localhost", port) +app.config['SERVER_NAME'] = f"challenge.localhost:80" +app.run("challenge.localhost", 80) diff --git a/web-security/xss-exfil-cookie/victim b/web-security/xss-exfil-cookie/victim index 7d391c3c..abf9986d 100755 --- a/web-security/xss-exfil-cookie/victim +++ b/web-security/xss-exfil-cookie/victim @@ -30,10 +30,6 @@ if 80 in open_ports: print("Port 80 is open. Will connect to the service there.") challenge_url = "http://challenge.localhost:80/" flag = open("/flag").read().strip() -elif 8080 in open_ports: - print("Port 8080 is open. Will connect to the service there. 8080 is the debug port, so you will earn a fake flag.") - challenge_url = "http://challenge.localhost:8080/" - flag = "pwn.college{fake_flag}" else: print("Services don't seem to be running?") sys.exit(1) diff --git a/web-security/xss-rf-post/server b/web-security/xss-rf-post/server index 29050fa2..dc1805ce 100755 --- a/web-security/xss-rf-post/server +++ b/web-security/xss-rf-post/server @@ -100,6 +100,5 @@ def challenge_get(): return page + "" app.secret_key = os.urandom(8) -port = 8080 if os.geteuid() else 80 -app.config['SERVER_NAME'] = f"challenge.localhost:{port}" -app.run("challenge.localhost", port) +app.config['SERVER_NAME'] = f"challenge.localhost:80" +app.run("challenge.localhost", 80) diff --git a/web-security/xss-rf-post/victim b/web-security/xss-rf-post/victim index ceb3f51d..4eb1de26 100755 --- a/web-security/xss-rf-post/victim +++ b/web-security/xss-rf-post/victim @@ -30,10 +30,6 @@ if 80 in open_ports: print("Port 80 is open. Will connect to the service there.") challenge_url = "http://challenge.localhost:80/" flag = open("/flag").read().strip() -elif 8080 in open_ports: - print("Port 8080 is open. Will connect to the service there. 8080 is the debug port, so you will earn a fake flag.") - challenge_url = "http://challenge.localhost:8080/" - flag = "pwn.college{fake_flag}" else: print("Services don't seem to be running?") sys.exit(1) diff --git a/web-security/xss-stored-alert/server b/web-security/xss-stored-alert/server index 79a2be3c..12df4272 100755 --- a/web-security/xss-stored-alert/server +++ b/web-security/xss-stored-alert/server @@ -40,6 +40,5 @@ def challenge_get(): return page + "" app.secret_key = os.urandom(8) -port = 8080 if os.geteuid() else 80 -app.config['SERVER_NAME'] = f"challenge.localhost:{port}" -app.run("challenge.localhost", port) +app.config['SERVER_NAME'] = f"challenge.localhost:80" +app.run("challenge.localhost", 80) diff --git a/web-security/xss-stored-alert/victim b/web-security/xss-stored-alert/victim index 570c4b6c..41e58e3b 100755 --- a/web-security/xss-stored-alert/victim +++ b/web-security/xss-stored-alert/victim @@ -30,10 +30,6 @@ if 80 in open_ports: print("Port 80 is open. Will connect to the service there.") challenge_url = "http://challenge.localhost:80/" flag = open("/flag").read().strip() -elif 8080 in open_ports: - print("Port 8080 is open. Will connect to the service there. 8080 is the debug port, so you will earn a fake flag.") - challenge_url = "http://challenge.localhost:8080/" - flag = "pwn.college{fake_flag}" else: print("Services don't seem to be running?") sys.exit(1) diff --git a/web-security/xss-stored-html/server b/web-security/xss-stored-html/server index 655c8a65..8cb5bee5 100755 --- a/web-security/xss-stored-html/server +++ b/web-security/xss-stored-html/server @@ -40,6 +40,5 @@ def challenge_get(): return page + "" app.secret_key = os.urandom(8) -port = 8080 if os.geteuid() else 80 -app.config['SERVER_NAME'] = f"challenge.localhost:{port}" -app.run("challenge.localhost", port) +app.config['SERVER_NAME'] = f"challenge.localhost:80" +app.run("challenge.localhost", 80) diff --git a/web-security/xss-stored-html/victim b/web-security/xss-stored-html/victim index 134af342..1df95c68 100755 --- a/web-security/xss-stored-html/victim +++ b/web-security/xss-stored-html/victim @@ -10,10 +10,6 @@ if 80 in open_ports: print("Port 80 is open. Will connect to the service there.") challenge_url = "http://challenge.localhost:80/" flag = open("/flag").read().strip() -elif 8080 in open_ports: - print("Port 8080 is open. Will connect to the service there.") - challenge_url = "http://challenge.localhost:8080/" - flag = "pwn.college{fake_flag}" else: print("Services don't seem to be running?") sys.exit(1)