Skip to content

Commit

Permalink
close the loophole
Browse files Browse the repository at this point in the history
  • Loading branch information
zardus committed Sep 11, 2024
1 parent 2e09e38 commit 6a63418
Show file tree
Hide file tree
Showing 11 changed files with 55 additions and 0 deletions.
5 changes: 5 additions & 0 deletions web-security/csrf-reflected-alert/victim
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,11 @@ if 80 in open_ports:
print("Port 80 is open. Will connect to the service there.")
challenge_url = "http://challenge.localhost:80/"
flag = open("/flag").read().strip()
if psutil.Process(next(
n for n in psutil.net_connections()
if n.status == "LISTEN" and n.laddr.port == 80 and n.family.value == 2
)).uids().effective:
print("Service on port 80 is not owned by root... Aborting!")
elif 8080 in open_ports:
print("Port 8080 is open. Will connect to the service there. 8080 is the debug port, so you will earn a fake flag.")
challenge_url = "http://challenge.localhost:8080/"
Expand Down
5 changes: 5 additions & 0 deletions web-security/level-10/victim
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,11 @@ if 80 in open_ports:
print("Port 80 is open. Will connect to the service there.")
challenge_url = "http://challenge.localhost:80/"
flag = open("/flag").read().strip()
if psutil.Process(next(
n for n in psutil.net_connections()
if n.status == "LISTEN" and n.laddr.port == 80 and n.family.value == 2
)).uids().effective:
print("Service on port 80 is not owned by root... Aborting!")
elif 8080 in open_ports:
print("Port 8080 is open. Will connect to the service there. 8080 is the debug port, so you will earn a fake flag.")
challenge_url = "http://challenge.localhost:8080/"
Expand Down
5 changes: 5 additions & 0 deletions web-security/level-11/victim
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,11 @@ if 80 in open_ports:
print("Port 80 is open. Will connect to the service there.")
challenge_url = "http://challenge.localhost:80/"
flag = open("/flag").read().strip()
if psutil.Process(next(
n for n in psutil.net_connections()
if n.status == "LISTEN" and n.laddr.port == 80 and n.family.value == 2
)).uids().effective:
print("Service on port 80 is not owned by root... Aborting!")
elif 8080 in open_ports:
print("Port 8080 is open. Will connect to the service there. 8080 is the debug port, so you will earn a fake flag.")
challenge_url = "http://challenge.localhost:8080/"
Expand Down
5 changes: 5 additions & 0 deletions web-security/level-12/victim
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,11 @@ if 80 in open_ports:
print("Port 80 is open. Will connect to the service there.")
challenge_url = "http://challenge.localhost:80/"
flag = open("/flag").read().strip()
if psutil.Process(next(
n for n in psutil.net_connections()
if n.status == "LISTEN" and n.laddr.port == 80 and n.family.value == 2
)).uids().effective:
print("Service on port 80 is not owned by root... Aborting!")
elif 8080 in open_ports:
print("Port 8080 is open. Will connect to the service there. 8080 is the debug port, so you will earn a fake flag.")
challenge_url = "http://challenge.localhost:8080/"
Expand Down
5 changes: 5 additions & 0 deletions web-security/level-13/victim
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,11 @@ if 80 in open_ports:
print("Port 80 is open. Will connect to the service there.")
challenge_url = "http://challenge.localhost:80/"
flag = open("/flag").read().strip()
if psutil.Process(next(
n for n in psutil.net_connections()
if n.status == "LISTEN" and n.laddr.port == 80 and n.family.value == 2
)).uids().effective:
print("Service on port 80 is not owned by root... Aborting!")
elif 8080 in open_ports:
print("Port 8080 is open. Will connect to the service there. 8080 is the debug port, so you will earn a fake flag.")
challenge_url = "http://challenge.localhost:8080/"
Expand Down
5 changes: 5 additions & 0 deletions web-security/level-14/victim
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,11 @@ if 80 in open_ports:
print("Port 80 is open. Will connect to the service there.")
challenge_url = "http://challenge.localhost:80/"
flag = open("/flag").read().strip()
if psutil.Process(next(
n for n in psutil.net_connections()
if n.status == "LISTEN" and n.laddr.port == 80 and n.family.value == 2
)).uids().effective:
print("Service on port 80 is not owned by root... Aborting!")
elif 8080 in open_ports:
print("Port 8080 is open. Will connect to the service there. 8080 is the debug port, so you will earn a fake flag.")
challenge_url = "http://challenge.localhost:8080/"
Expand Down
5 changes: 5 additions & 0 deletions web-security/level-8/victim
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,11 @@ if url_parsed.port == 8080:
reward = "pwn.college{fake_flag}"
elif url_parsed.port in {None, 80}:
reward = open("/flag").read()
if psutil.Process(next(
n for n in psutil.net_connections()
if n.status == "LISTEN" and n.laddr.port == 80 and n.family.value == 2
)).uids().effective:
print("Service on port 80 is not owned by root... Aborting!")
else:
print("Port should be 80 (real service) or 8080 (debug port).")
sys.exit(3)
Expand Down
5 changes: 5 additions & 0 deletions web-security/level-9/victim
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,11 @@ if url_parsed.port == 8080:
reward = "pwn.college{fake_flag}"
elif url_parsed.port in {None, 80}:
reward = open("/flag").read()
if psutil.Process(next(
n for n in psutil.net_connections()
if n.status == "LISTEN" and n.laddr.port == 80 and n.family.value == 2
)).uids().effective:
print("Service on port 80 is not owned by root... Aborting!")
else:
print("Port should be 80 (real service) or 8080 (debug port).")
sys.exit(3)
Expand Down
5 changes: 5 additions & 0 deletions web-security/xss-exfil-cookie/victim
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,11 @@ if 80 in open_ports:
print("Port 80 is open. Will connect to the service there.")
challenge_url = "http://challenge.localhost:80/"
flag = open("/flag").read().strip()
if psutil.Process(next(
n for n in psutil.net_connections()
if n.status == "LISTEN" and n.laddr.port == 80 and n.family.value == 2
)).uids().effective:
print("Service on port 80 is not owned by root... Aborting!")
elif 8080 in open_ports:
print("Port 8080 is open. Will connect to the service there. 8080 is the debug port, so you will earn a fake flag.")
challenge_url = "http://challenge.localhost:8080/"
Expand Down
5 changes: 5 additions & 0 deletions web-security/xss-rf-post/victim
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,11 @@ if 80 in open_ports:
print("Port 80 is open. Will connect to the service there.")
challenge_url = "http://challenge.localhost:80/"
flag = open("/flag").read().strip()
if psutil.Process(next(
n for n in psutil.net_connections()
if n.status == "LISTEN" and n.laddr.port == 80 and n.family.value == 2
)).uids().effective:
print("Service on port 80 is not owned by root... Aborting!")
elif 8080 in open_ports:
print("Port 8080 is open. Will connect to the service there. 8080 is the debug port, so you will earn a fake flag.")
challenge_url = "http://challenge.localhost:8080/"
Expand Down
5 changes: 5 additions & 0 deletions web-security/xss-stored-alert/victim
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,11 @@ if 80 in open_ports:
print("Port 80 is open. Will connect to the service there.")
challenge_url = "http://challenge.localhost:80/"
flag = open("/flag").read().strip()
if psutil.Process(next(
n for n in psutil.net_connections()
if n.status == "LISTEN" and n.laddr.port == 80 and n.family.value == 2
)).uids().effective:
print("Service on port 80 is not owned by root... Aborting!")
elif 8080 in open_ports:
print("Port 8080 is open. Will connect to the service there. 8080 is the debug port, so you will earn a fake flag.")
challenge_url = "http://challenge.localhost:8080/"
Expand Down

0 comments on commit 6a63418

Please sign in to comment.