1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93
| from flask import Flask, request, abort from Crypto.Cipher import AES from Crypto.Random import get_random_bytes from Crypto.Util.Padding import pad, unpad from flask import Flask, request, Response from base64 import b64encode, b64decode
import json
default_session = '{"admin": 0, "username": "user1"}' key = get_random_bytes(AES.block_size)
def encrypt(session): iv = get_random_bytes(AES.block_size) cipher = AES.new(key, AES.MODE_CBC, iv) return b64encode(iv + cipher.encrypt(pad(session.encode('utf-8'), AES.block_size)))
def decrypt(session): raw = b64decode(session) cipher = AES.new(key, AES.MODE_CBC, raw[:AES.block_size]) try: res = unpad(cipher.decrypt(raw[AES.block_size:]), AES.block_size).decode('utf-8') return res except Exception as e: print(e)
app = Flask(__name__)
filename_blacklist = { 'self', 'cgroup', 'mountinfo', 'env', 'flag' }
@app.route("/") def index(): session = request.cookies.get('session') if session is None: res = Response( "welcome to the FlipPIN server try request /hint to get the hint") res.set_cookie('session', encrypt(default_session).decode()) return res else: return 'have a fun'
@app.route("/hint") def hint(): res = Response(open(__file__).read(), mimetype='text/plain') return res
@app.route("/read") def file():
session = request.cookies.get('session') if session is None: res = Response("you are not logged in") res.set_cookie('session', encrypt(default_session)) return res else: plain_session = decrypt(session) if plain_session is None: return 'don\'t hack me'
session_data = json.loads(plain_session)
if session_data['admin'] : filename = request.args.get('filename')
if any(blacklist_str in filename for blacklist_str in filename_blacklist): abort(403, description='Access to this file is forbidden.')
try: with open(filename, 'r') as f: return f.read() except FileNotFoundError: abort(404, description='File not found.') except Exception as e: abort(500, description=f'An error occurred: {str(e)}') else: return 'You are not an administrator'
if __name__ == "__main__": app.run(host="0.0.0.0", port=9091, debug=True)
|