enforce hostname

pwncollege · Sep 2, 2024 · 90a5658 · 90a5658
1 parent 7a15f0f
commit 90a5658
Show file tree

Hide file tree

Showing 25 changed files with 75 additions and 25 deletions.
diff --git a/web-security/auth-bypass-cookie/server b/web-security/auth-bypass-cookie/server
@@ -61,4 +61,6 @@ def challenge_get():
     """
 
 app.secret_key = os.urandom(8)
-app.run("challenge.localhost", 8080 if os.geteuid() else 80)
+port = 8080 if os.geteuid() else 80
+app.config['SERVER_NAME'] = f"challenge.localhost:{port}"
+app.run("challenge.localhost", port)
diff --git a/web-security/cmdi-ls-filter/server b/web-security/cmdi-ls-filter/server
@@ -41,4 +41,6 @@ def challenge():
 os.setuid(os.geteuid())
 os.environ["PATH"] = "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
 app.secret_key = os.urandom(8)
-app.run("challenge.localhost", 8080 if os.geteuid() else 80)
+port = 8080 if os.geteuid() else 80
+app.config['SERVER_NAME'] = f"challenge.localhost:{port}"
+app.run("challenge.localhost", port)
diff --git a/web-security/cmdi-ls-pipe/server b/web-security/cmdi-ls-pipe/server
@@ -30,4 +30,6 @@ def challenge():
 os.setuid(os.geteuid())
 os.environ["PATH"] = "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
 app.secret_key = os.urandom(8)
-app.run("challenge.localhost", 8080 if os.geteuid() else 80)
+port = 8080 if os.geteuid() else 80
+app.config['SERVER_NAME'] = f"challenge.localhost:{port}"
+app.run("challenge.localhost", port)
diff --git a/web-security/cmdi-ls-quote/server b/web-security/cmdi-ls-quote/server
@@ -30,4 +30,6 @@ def challenge():
 os.setuid(os.geteuid())
 os.environ["PATH"] = "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
 app.secret_key = os.urandom(8)
-app.run("challenge.localhost", 8080 if os.geteuid() else 80)
+port = 8080 if os.geteuid() else 80
+app.config['SERVER_NAME'] = f"challenge.localhost:{port}"
+app.run("challenge.localhost", port)
diff --git a/web-security/cmdi-ls-semicolon/server b/web-security/cmdi-ls-semicolon/server
@@ -30,4 +30,6 @@ def challenge():
 os.setuid(os.geteuid())
 os.environ["PATH"] = "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
 app.secret_key = os.urandom(8)
-app.run("challenge.localhost", 8080 if os.geteuid() else 80)
+port = 8080 if os.geteuid() else 80
+app.config['SERVER_NAME'] = f"challenge.localhost:{port}"
+app.run("challenge.localhost", port)
diff --git a/web-security/cmdi-touch-blind/server b/web-security/cmdi-touch-blind/server
@@ -29,4 +29,6 @@ def challenge():
 os.setuid(os.geteuid())
 os.environ["PATH"] = "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
 app.secret_key = os.urandom(8)
-app.run("challenge.localhost", 8080 if os.geteuid() else 80)
+port = 8080 if os.geteuid() else 80
+app.config['SERVER_NAME'] = f"challenge.localhost:{port}"
+app.run("challenge.localhost", port)
diff --git a/web-security/csrf-reflected-alert/server b/web-security/csrf-reflected-alert/server
@@ -126,4 +126,6 @@ def challenge_get():
     return page + "</body></html>"
 
 app.secret_key = os.urandom(8)
-app.run("challenge.localhost", 8080 if os.geteuid() else 80)
+port = 8080 if os.geteuid() else 80
+app.config['SERVER_NAME'] = f"challenge.localhost:{port}"
+app.run("challenge.localhost", port)
diff --git a/web-security/level-1/server b/web-security/level-1/server
@@ -20,4 +20,6 @@ def challenge(path="index.html"):
         flask.abort(500, requested_path + ":" + str(e))
 
 app.secret_key = os.urandom(8)
-app.run("challenge.localhost", 8080 if os.geteuid() else 80)
+port = 8080 if os.geteuid() else 80
+app.config['SERVER_NAME'] = f"challenge.localhost:{port}"
+app.run("challenge.localhost", port)
diff --git a/web-security/level-10/server b/web-security/level-10/server
@@ -99,4 +99,6 @@ def challenge_get():
     return page + "</body></html>"
 
 app.secret_key = os.urandom(8)
-app.run("challenge.localhost", 8080 if os.geteuid() else 80)
+port = 8080 if os.geteuid() else 80
+app.config['SERVER_NAME'] = f"challenge.localhost:{port}"
+app.run("challenge.localhost", port)
diff --git a/web-security/level-11/server b/web-security/level-11/server
@@ -101,4 +101,6 @@ def challenge_get():
     return page + "</body></html>"
 
 app.secret_key = os.urandom(8)
-app.run("challenge.localhost", 8080 if os.geteuid() else 80)
+port = 8080 if os.geteuid() else 80
+app.config['SERVER_NAME'] = f"challenge.localhost:{port}"
+app.run("challenge.localhost", port)
diff --git a/web-security/level-12/server b/web-security/level-12/server
@@ -101,4 +101,6 @@ def challenge_get():
     return page + "</body></html>"
 
 app.secret_key = os.urandom(8)
-app.run("challenge.localhost", 8080 if os.geteuid() else 80)
+port = 8080 if os.geteuid() else 80
+app.config['SERVER_NAME'] = f"challenge.localhost:{port}"
+app.run("challenge.localhost", port)
diff --git a/web-security/level-2/server b/web-security/level-2/server
@@ -30,4 +30,6 @@ def challenge():
 os.setuid(os.geteuid())
 os.environ["PATH"] = "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
 app.secret_key = os.urandom(8)
-app.run("challenge.localhost", 8080 if os.geteuid() else 80)
+port = 8080 if os.geteuid() else 80
+app.config['SERVER_NAME'] = f"challenge.localhost:{port}"
+app.run("challenge.localhost", port)
diff --git a/web-security/level-3/server b/web-security/level-3/server
@@ -63,4 +63,6 @@ def challenge_get():
     """
 
 app.secret_key = os.urandom(8)
-app.run("challenge.localhost", 8080 if os.geteuid() else 80)
+port = 8080 if os.geteuid() else 80
+app.config['SERVER_NAME'] = f"challenge.localhost:{port}"
+app.run("challenge.localhost", port)
diff --git a/web-security/level-4/server b/web-security/level-4/server
@@ -65,4 +65,6 @@ def challenge_get():
     """
 
 app.secret_key = os.urandom(8)
-app.run("challenge.localhost", 8080 if os.geteuid() else 80)
+port = 8080 if os.geteuid() else 80
+app.config['SERVER_NAME'] = f"challenge.localhost:{port}"
+app.run("challenge.localhost", port)
diff --git a/web-security/level-5/server b/web-security/level-5/server
@@ -46,4 +46,6 @@ def challenge():
         """
 
 app.secret_key = os.urandom(8)
-app.run("challenge.localhost", 8080 if os.geteuid() else 80)
+port = 8080 if os.geteuid() else 80
+app.config['SERVER_NAME'] = f"challenge.localhost:{port}"
+app.run("challenge.localhost", port)
diff --git a/web-security/level-6/server b/web-security/level-6/server
@@ -49,4 +49,6 @@ def challenge():
         """
 
 app.secret_key = os.urandom(8)
-app.run("challenge.localhost", 8080 if os.geteuid() else 80)
+port = 8080 if os.geteuid() else 80
+app.config['SERVER_NAME'] = f"challenge.localhost:{port}"
+app.run("challenge.localhost", port)
diff --git a/web-security/level-7/server b/web-security/level-7/server
@@ -63,4 +63,6 @@ def challenge_get():
     """
 
 app.secret_key = os.urandom(8)
-app.run("challenge.localhost", 8080 if os.geteuid() else 80)
+port = 8080 if os.geteuid() else 80
+app.config['SERVER_NAME'] = f"challenge.localhost:{port}"
+app.run("challenge.localhost", port)
diff --git a/web-security/level-8/server b/web-security/level-8/server
@@ -16,4 +16,6 @@ def challenge_get():
     """
 
 app.secret_key = os.urandom(8)
-app.run("challenge.localhost", 8080 if os.geteuid() else 80)
+port = 8080 if os.geteuid() else 80
+app.config['SERVER_NAME'] = f"challenge.localhost:{port}"
+app.run("challenge.localhost", port)
diff --git a/web-security/level-9/server b/web-security/level-9/server
@@ -19,4 +19,6 @@ def challenge_get():
     """
 
 app.secret_key = os.urandom(8)
-app.run("challenge.localhost", 8080 if os.geteuid() else 80)
+port = 8080 if os.geteuid() else 80
+app.config['SERVER_NAME'] = f"challenge.localhost:{port}"
+app.run("challenge.localhost", port)
diff --git a/web-security/path-traversal-2/server b/web-security/path-traversal-2/server
@@ -20,4 +20,6 @@ def challenge(path="index.html"):
         flask.abort(500, requested_path + ":" + str(e))
 
 app.secret_key = os.urandom(8)
-app.run("challenge.localhost", 8080 if os.geteuid() else 80)
+port = 8080 if os.geteuid() else 80
+app.config['SERVER_NAME'] = f"challenge.localhost:{port}"
+app.run("challenge.localhost", port)
diff --git a/web-security/sqli-pin/server b/web-security/sqli-pin/server
@@ -66,4 +66,6 @@ def challenge_get():
     """
 
 app.secret_key = os.urandom(8)
-app.run("challenge.localhost", 8080 if os.geteuid() else 80)
+port = 8080 if os.geteuid() else 80
+app.config['SERVER_NAME'] = f"challenge.localhost:{port}"
+app.run("challenge.localhost", port)
diff --git a/web-security/xss-exfil-cookie/server b/web-security/xss-exfil-cookie/server
@@ -114,4 +114,6 @@ def challenge_get():
     return page + "</body></html>"
 
 app.secret_key = os.urandom(8)
-app.run("challenge.localhost", 8080 if os.geteuid() else 80)
+port = 8080 if os.geteuid() else 80
+app.config['SERVER_NAME'] = f"challenge.localhost:{port}"
+app.run("challenge.localhost", port)
diff --git a/web-security/xss-rf-post/server b/web-security/xss-rf-post/server
@@ -100,4 +100,6 @@ def challenge_get():
     return page + "</body></html>"
 
 app.secret_key = os.urandom(8)
-app.run("challenge.localhost", 8080 if os.geteuid() else 80)
+port = 8080 if os.geteuid() else 80
+app.config['SERVER_NAME'] = f"challenge.localhost:{port}"
+app.run("challenge.localhost", port)
diff --git a/web-security/xss-stored-alert/server b/web-security/xss-stored-alert/server
@@ -40,4 +40,6 @@ def challenge_get():
     return page + "</body></html>"
 
 app.secret_key = os.urandom(8)
-app.run("challenge.localhost", 8080 if os.geteuid() else 80)
+port = 8080 if os.geteuid() else 80
+app.config['SERVER_NAME'] = f"challenge.localhost:{port}"
+app.run("challenge.localhost", port)
diff --git a/web-security/xss-stored-html/server b/web-security/xss-stored-html/server
@@ -40,4 +40,6 @@ def challenge_get():
     return page + "</body></html>"
 
 app.secret_key = os.urandom(8)
-app.run("challenge.localhost", 8080 if os.geteuid() else 80)
+port = 8080 if os.geteuid() else 80
+app.config['SERVER_NAME'] = f"challenge.localhost:{port}"
+app.run("challenge.localhost", port)