From 7c2d38a09537746fe78e323a2236010d635d4696 Mon Sep 17 00:00:00 2001 From: B3nac Date: Sun, 26 Jul 2020 00:18:26 -0700 Subject: [PATCH] Flag Testing after fix completed --- .../ExportedProtectedIntent.java | 3 - .../injuredandroid/FlagOneLoginActivity.kt | 1 + .../java/b3nac/injuredandroid/RCEActivity.kt | 2 +- flutter_module/lib/auth-bypass.dart | 175 +++++++++++++++++ flutter_module/lib/login-xss.dart | 181 ++++++++++++++++++ flutter_module/lib/main.dart | 90 ++------- 6 files changed, 379 insertions(+), 73 deletions(-) create mode 100644 flutter_module/lib/auth-bypass.dart create mode 100644 flutter_module/lib/login-xss.dart diff --git a/InjuredAndroid/app/src/main/java/b3nac/injuredandroid/ExportedProtectedIntent.java b/InjuredAndroid/app/src/main/java/b3nac/injuredandroid/ExportedProtectedIntent.java index 47be18d..01c71aa 100644 --- a/InjuredAndroid/app/src/main/java/b3nac/injuredandroid/ExportedProtectedIntent.java +++ b/InjuredAndroid/app/src/main/java/b3nac/injuredandroid/ExportedProtectedIntent.java @@ -1,7 +1,6 @@ package b3nac.injuredandroid; import android.content.Intent; -import android.net.Uri; import android.os.Bundle; import com.google.android.material.floatingactionbutton.FloatingActionButton; @@ -10,8 +9,6 @@ import androidx.appcompat.app.AppCompatActivity; import androidx.appcompat.widget.Toolbar; -import android.view.View; - public class ExportedProtectedIntent extends AppCompatActivity { @Override diff --git a/InjuredAndroid/app/src/main/java/b3nac/injuredandroid/FlagOneLoginActivity.kt b/InjuredAndroid/app/src/main/java/b3nac/injuredandroid/FlagOneLoginActivity.kt index bd09692..29aad52 100644 --- a/InjuredAndroid/app/src/main/java/b3nac/injuredandroid/FlagOneLoginActivity.kt +++ b/InjuredAndroid/app/src/main/java/b3nac/injuredandroid/FlagOneLoginActivity.kt @@ -14,6 +14,7 @@ class FlagOneLoginActivity : AppCompatActivity() { override fun onCreate(savedInstanceState: Bundle?) { super.onCreate(savedInstanceState) setContentView(R.layout.activity_flag_one_login) + SecureSharedPrefs.setContext(this) val toolbar = findViewById(R.id.toolbar) setSupportActionBar(toolbar) val fab = findViewById(R.id.fab) diff --git a/InjuredAndroid/app/src/main/java/b3nac/injuredandroid/RCEActivity.kt b/InjuredAndroid/app/src/main/java/b3nac/injuredandroid/RCEActivity.kt index 84752f9..b1bac3a 100644 --- a/InjuredAndroid/app/src/main/java/b3nac/injuredandroid/RCEActivity.kt +++ b/InjuredAndroid/app/src/main/java/b3nac/injuredandroid/RCEActivity.kt @@ -53,7 +53,7 @@ class RCEActivity : AppCompatActivity() { copyAssets() val data = intent.data try { - val intentParam = data.getQueryParameter("binary") + val intentParam = data!!.getQueryParameter("binary") val binaryParam = data.getQueryParameter("param") val combinedParam = data.getQueryParameter("combined") childRef.addListenerForSingleValueEvent(object : ValueEventListener { diff --git a/flutter_module/lib/auth-bypass.dart b/flutter_module/lib/auth-bypass.dart new file mode 100644 index 0000000..888a34b --- /dev/null +++ b/flutter_module/lib/auth-bypass.dart @@ -0,0 +1,175 @@ +import 'package:flutter/material.dart'; +import 'package:flutterxssmodule/run_javascript.dart'; + +void main() => runApp(AuthBypass()); + +const PrimaryColor = const Color(0xFF008577); + +class AuthBypass extends StatelessWidget { + + @override + Widget build(BuildContext context) { + final appTitle = 'Flutter XSS'; + + return MaterialApp( + title: appTitle, + debugShowCheckedModeBanner: false, + theme: ThemeData( + primaryColor: PrimaryColor, + ), + home: Scaffold( + appBar: AppBar( + title: Text(appTitle), + ), + body: MyCustomForm(), + ), + ); + } +} + +// Create a Form widget. +class MyCustomForm extends StatefulWidget { + @override + MyCustomFormState createState() { + return MyCustomFormState(); + } +} + +// Create a corresponding State class. +// This class holds data related to the form. +class MyCustomFormState extends State { + // Create a global key that uniquely identifies the Form widget + // and allows validation of the form. + // + // Note: This is a GlobalKey, + // not a GlobalKey. + final _formKey = GlobalKey(); + var usernameKey = GlobalKey(); + + @override + Widget build(BuildContext context) { + // Build a Form widget using the _formKey created above. + + return Form( + key: _formKey, + child: Padding( + padding: EdgeInsets.only( + left: 25.0, right: 25.0, top: 2.0), + child: Column( + crossAxisAlignment: CrossAxisAlignment.center, + mainAxisAlignment: MainAxisAlignment.center, + children: [ + Flexible( + child: new Container( + padding: new EdgeInsets.only(right: 15.0), + child: new Text( + 'Register a user', + overflow: TextOverflow.ellipsis, + style: new TextStyle( + fontSize: 18.0, + fontFamily: 'Roboto', + color: new Color(0xFF212121), + fontWeight: FontWeight.bold, + ), + ), + ), + ), + Padding( + padding: EdgeInsets.only( + left: 25.0, right: 25.0, top: 25.0), + child: new Row( + mainAxisSize: MainAxisSize.max, + children: [ + new Column( + mainAxisAlignment: MainAxisAlignment.start, + mainAxisSize: MainAxisSize.min, + ), + ], + )), + TextFormField( + decoration: InputDecoration( + focusedBorder: OutlineInputBorder( + borderSide: BorderSide(color: Colors.greenAccent, width: 5.0), + ), + enabledBorder: OutlineInputBorder( + borderSide: BorderSide(color: PrimaryColor, width: 5.0), + ), + //border: InputBorder.none, + hintText: 'Enter a username.', contentPadding: const EdgeInsets.all(20.0) + ), + key: usernameKey, + validator: (username) { + if (username.isEmpty) { + return 'Please enter a username.'; + } + Navigator.push( + context, + MaterialPageRoute( + builder: (context) => MyHomePage(test: usernameKey.currentState.value,), + )); + return null; + }, + ), + Padding( + padding: EdgeInsets.only( + left: 25.0, right: 25.0, top: 25.0), + child: new Row( + mainAxisSize: MainAxisSize.max, + children: [ + new Column( + mainAxisAlignment: MainAxisAlignment.start, + mainAxisSize: MainAxisSize.min, + ), + ], + )), + TextFormField( + decoration: InputDecoration( + focusedBorder: OutlineInputBorder( + borderSide: BorderSide(color: Colors.greenAccent, width: 5.0), + ), + enabledBorder: OutlineInputBorder( + borderSide: BorderSide(color: PrimaryColor, width: 5.0), + ), + //border: InputBorder.none, + hintText: 'Enter a password.', contentPadding: const EdgeInsets.all(20.0) + ), + validator: (password) { + if (password.isEmpty) { + return 'Please enter a password.'; + } + return null; + }, + ), + Padding( + padding: EdgeInsets.only( + left: 25.0, right: 25.0, top: 25.0), + child: new Row( + mainAxisSize: MainAxisSize.max, + children: [ + new Column( + mainAxisAlignment: MainAxisAlignment.start, + mainAxisSize: MainAxisSize.min, + ), + ], + )), + Padding( + padding: EdgeInsets.only( + left: 25.0, right: 25.0, top: 2.0), + child: RaisedButton( + onPressed: () { + // Validate returns true if the form is valid, or false + // otherwise. + if (_formKey.currentState.validate()) { + // If the form is valid, display a Snackbar. + Scaffold.of(context) + .showSnackBar(SnackBar(content: Text('Processing Data'))); + } + }, + child: Text('Sign up'), + ), + ), + ], + ), + )); + } +} \ No newline at end of file diff --git a/flutter_module/lib/login-xss.dart b/flutter_module/lib/login-xss.dart new file mode 100644 index 0000000..599798b --- /dev/null +++ b/flutter_module/lib/login-xss.dart @@ -0,0 +1,181 @@ +import 'package:flutter/material.dart'; +import 'package:flutterxssmodule/run_javascript.dart'; +import 'package:shared_preferences/shared_preferences.dart'; + +void main() => runApp(LoginXSS()); + +const PrimaryColor = const Color(0xFF008577); + +class LoginXSS extends StatelessWidget { + + @override + Widget build(BuildContext context) { + final appTitle = 'Flutter XSS'; + + return MaterialApp( + title: appTitle, + debugShowCheckedModeBanner: false, + theme: ThemeData( + primaryColor: PrimaryColor, + ), + home: Scaffold( + appBar: AppBar( + title: Text(appTitle), + ), + body: MyCustomForm(), + ), + ); + } +} + +// Create a Form widget. +class MyCustomForm extends StatefulWidget { + @override + MyCustomFormState createState() { + return MyCustomFormState(); + } +} + +// Create a corresponding State class. +// This class holds data related to the form. +class MyCustomFormState extends State { + // Create a global key that uniquely identifies the Form widget + // and allows validation of the form. + // + // Note: This is a GlobalKey, + // not a GlobalKey. + final _formKey = GlobalKey(); + var usernameKey = GlobalKey(); + + @override + Widget build(BuildContext context) { + // Build a Form widget using the _formKey created above. + + return Form( + key: _formKey, + child: Padding( + padding: EdgeInsets.only( + left: 25.0, right: 25.0, top: 2.0), + child: Column( + crossAxisAlignment: CrossAxisAlignment.center, + mainAxisAlignment: MainAxisAlignment.center, + children: [ + Flexible( + child: new Container( + padding: new EdgeInsets.only(right: 15.0), + child: new Text( + 'Register a user', + overflow: TextOverflow.ellipsis, + style: new TextStyle( + fontSize: 18.0, + fontFamily: 'Roboto', + color: new Color(0xFF212121), + fontWeight: FontWeight.bold, + ), + ), + ), + ), + Padding( + padding: EdgeInsets.only( + left: 25.0, right: 25.0, top: 25.0), + child: new Row( + mainAxisSize: MainAxisSize.max, + children: [ + new Column( + mainAxisAlignment: MainAxisAlignment.start, + mainAxisSize: MainAxisSize.min, + ), + ], + )), + TextFormField( + decoration: InputDecoration( + focusedBorder: OutlineInputBorder( + borderSide: BorderSide(color: Colors.greenAccent, width: 5.0), + ), + enabledBorder: OutlineInputBorder( + borderSide: BorderSide(color: PrimaryColor, width: 5.0), + ), + //border: InputBorder.none, + hintText: 'Enter a username.', contentPadding: const EdgeInsets.all(20.0) + ), + key: usernameKey, + validator: (username) { + if (username.isEmpty) { + return 'Please enter a username.'; + } + storeFlagState() async { + SharedPreferences prefs = await SharedPreferences.getInstance(); + prefs.setString('username', username); + } + storeFlagState(); + return null; + }, + ), + Padding( + padding: EdgeInsets.only( + left: 25.0, right: 25.0, top: 25.0), + child: new Row( + mainAxisSize: MainAxisSize.max, + children: [ + new Column( + mainAxisAlignment: MainAxisAlignment.start, + mainAxisSize: MainAxisSize.min, + ), + ], + )), + TextFormField( + decoration: InputDecoration( + focusedBorder: OutlineInputBorder( + borderSide: BorderSide(color: Colors.greenAccent, width: 5.0), + ), + enabledBorder: OutlineInputBorder( + borderSide: BorderSide(color: PrimaryColor, width: 5.0), + ), + //border: InputBorder.none, + hintText: 'Enter a password.', contentPadding: const EdgeInsets.all(20.0) + ), + validator: (password) { + if (password.isEmpty) { + return 'Please enter a password.'; + } + return null; + }, + ), + Padding( + padding: EdgeInsets.only( + left: 25.0, right: 25.0, top: 25.0), + child: new Row( + mainAxisSize: MainAxisSize.max, + children: [ + new Column( + mainAxisAlignment: MainAxisAlignment.start, + mainAxisSize: MainAxisSize.min, + ), + ], + )), + Padding( + padding: EdgeInsets.only( + left: 25.0, right: 25.0, top: 2.0), + child: RaisedButton( + onPressed: () { + // Validate returns true if the form is valid, or false + // otherwise. + if (_formKey.currentState.validate()) { + // If the form is valid, display a Snackbar. + Scaffold.of(context) + .showSnackBar(SnackBar(content: Text('Processing Data'))); + Navigator.push( + context, + MaterialPageRoute( + builder: (context) => MyHomePage(test: usernameKey.currentState.value,), + )); + } + }, + child: Text('Sign up'), + ), + ), + ], + ), + )); + } +} diff --git a/flutter_module/lib/main.dart b/flutter_module/lib/main.dart index cfb37ae..ecfb791 100644 --- a/flutter_module/lib/main.dart +++ b/flutter_module/lib/main.dart @@ -1,6 +1,7 @@ import 'package:flutter/material.dart'; import 'package:flutterxssmodule/run_javascript.dart'; -import 'package:shared_preferences/shared_preferences.dart'; +import 'login-xss.dart'; +import 'auth-bypass.dart'; void main() => runApp(MyApp()); @@ -10,7 +11,7 @@ class MyApp extends StatelessWidget { @override Widget build(BuildContext context) { - final appTitle = 'Flutter XSS'; + final appTitle = 'Flutter Main'; return MaterialApp( title: appTitle, @@ -36,14 +37,8 @@ class MyCustomForm extends StatefulWidget { } } -// Create a corresponding State class. -// This class holds data related to the form. class MyCustomFormState extends State { - // Create a global key that uniquely identifies the Form widget - // and allows validation of the form. - // - // Note: This is a GlobalKey, - // not a GlobalKey. + final _formKey = GlobalKey(); var usernameKey = GlobalKey(); @@ -64,7 +59,7 @@ class MyCustomFormState extends State { child: new Container( padding: new EdgeInsets.only(right: 15.0), child: new Text( - 'Register a user', + 'Flutter based CTF exercises', overflow: TextOverflow.ellipsis, style: new TextStyle( fontSize: 18.0, @@ -87,59 +82,21 @@ class MyCustomFormState extends State { ), ], )), - TextFormField( - decoration: InputDecoration( - focusedBorder: OutlineInputBorder( - borderSide: BorderSide(color: Colors.greenAccent, width: 5.0), - ), - enabledBorder: OutlineInputBorder( - borderSide: BorderSide(color: PrimaryColor, width: 5.0), - ), - //border: InputBorder.none, - hintText: 'Enter a username.', contentPadding: const EdgeInsets.all(20.0) - ), - key: usernameKey, - validator: (username) { - if (username.isEmpty) { - return 'Please enter a username.'; - } - storeFlagState() async { - SharedPreferences prefs = await SharedPreferences.getInstance(); - prefs.setString('username', username); - } - storeFlagState(); - return null; - }, - ), Padding( - padding: EdgeInsets.only( - left: 25.0, right: 25.0, top: 25.0), - child: new Row( - mainAxisSize: MainAxisSize.max, - children: [ - new Column( - mainAxisAlignment: MainAxisAlignment.start, - mainAxisSize: MainAxisSize.min, - ), - ], - )), - TextFormField( - decoration: InputDecoration( - focusedBorder: OutlineInputBorder( - borderSide: BorderSide(color: Colors.greenAccent, width: 5.0), - ), - enabledBorder: OutlineInputBorder( - borderSide: BorderSide(color: PrimaryColor, width: 5.0), - ), - //border: InputBorder.none, - hintText: 'Enter a password.', contentPadding: const EdgeInsets.all(20.0) + padding: EdgeInsets.only( + left: 25.0, right: 25.0, top: 2.0), + child: RaisedButton( + onPressed: () { + Scaffold.of(context) + .showSnackBar(SnackBar(content: Text('Processing Data'))); + Navigator.push( + context, + MaterialPageRoute( + builder: (context) => LoginXSS(), + )); + }, + child: Text('Flutter XSS'), ), - validator: (password) { - if (password.isEmpty) { - return 'Please enter a password.'; - } - return null; - }, ), Padding( padding: EdgeInsets.only( @@ -158,20 +115,15 @@ class MyCustomFormState extends State { left: 25.0, right: 25.0, top: 2.0), child: RaisedButton( onPressed: () { - // Validate returns true if the form is valid, or false - // otherwise. - if (_formKey.currentState.validate()) { - // If the form is valid, display a Snackbar. Scaffold.of(context) .showSnackBar(SnackBar(content: Text('Processing Data'))); Navigator.push( context, MaterialPageRoute( - builder: (context) => MyHomePage(test: usernameKey.currentState.value,), + builder: (context) => AuthBypass(), )); - } - }, - child: Text('Sign up'), + }, + child: Text('Flutter Auth Bypass'), ), ), ],