dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

XXE last assignment completely working

Browse Source
This commit is contained in:
Nanne Baars 2016-11-23 09:47:35 +01:00
parent c80bfcbc2f
commit 5347311319
9 changed files with 8 additions and 228 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
webgoat-lessons/xxe/src/main/java/org/owasp/webgoat/plugin/BlindSendFileAssignment.java
View File

@ -1,5 +1,6 @@
package org.owasp.webgoat.plugin;
import com.google.common.base.Joiner;
import org.apache.commons.lang.exception.ExceptionUtils;
import org.owasp.webgoat.lessons.Assignment;
import org.owasp.webgoat.lessons.model.AttackResult;
@ -55,18 +56,19 @@ public class BlindSendFileAssignment extends Assignment {
@RequestMapping(method = RequestMethod.POST, consumes = MediaType.ALL_VALUE, produces = MediaType.APPLICATION_JSON_VALUE)
@ResponseBody
public AttackResult createNewUser(@RequestBody String userInfo) throws Exception {
String error = "";
String error = "Parsing successful contents not send to server";
try {
parseXml(userInfo);
} catch (Exception e) {
error = ExceptionUtils.getFullStackTrace(e);
}
File logFile = new File(getPluginDirectory(), "plugin/XXE/");
File logFile = new File(getPluginDirectory(), "/XXE/log.txt");
List<String> lines = Files.readAllLines(Paths.get(logFile.toURI()));
boolean solved = lines.stream().filter(l -> l.contains("WebGoat 8 rocks...")).findFirst().isPresent();
logFile.delete();
if (solved) {
return AttackResult.success();
return AttackResult.success(String.format("Contents of the file is: %s", Joiner.on('\n').join(lines)));
} else {
return AttackResult.failed("Try again...", error);
}

2
webgoat-lessons/xxe/src/main/java/org/owasp/webgoat/plugin/Ping.java
View File

@ -54,7 +54,7 @@ public class Ping extends Endpoint {
public String logRequest(@RequestHeader("User-Agent") String userAgent, @RequestParam(required = false) String text) {
String logLine = String.format("%s %s %s", "GET", userAgent, text);
log.debug(logLine);
File logFile = new File(getPluginDirectory(), "plugin/XXE/");
File logFile = new File(getPluginDirectory(), "/XXE/log.txt");
try {
try (PrintWriter pw = new PrintWriter(logFile)) {
pw.println(logLine);

2
webgoat-lessons/xxe/src/main/resources/plugin/XXE/html/XXE.html
View File

@ -132,7 +132,7 @@
<!-- you can write your own custom forms, but standard form submission will take you to your endpoint and outside of the WebGoat framework -->
<!-- of course, you can write your own ajax submission /handling in your own javascript if you like -->
<form class="attack-form" accept-charset="UNKNOWN" prepareData="registerJson" method="POST" name="form"
action="/WebGoat/XXE/content-type" contentType="application/json">
action="/WebGoat/XXE/blind" contentType="application/json">
<script th:src="@{/plugin_lessons/plugin/XXE/js/xxe.js}"
language="JavaScript"></script>
<div id="lessonContent">

2
webgoat-lessons/xxe/src/main/resources/plugin/XXE/lessonPlans/en/XXE_blind_assignment.adoc
View File

@ -4,4 +4,4 @@ In the previous page we showed you how you can ping a server with a XXE attack,
contents of ~/.webgoat/plugin/XXE/secret.txt to our server. For Linux: `/home/USER/.webgoat/plugin/XXE/secret.txt`, for Windows
this would be `c:/Users/USER/.webgoat/plugin/XXE/secret.txt`
Try to upload this file using the following endpoint: `http://localhost:8080/WebGoat/XXE/ping?text=[contents_file]`
Try to upload this file using the following endpoint: `http://localhost:8080/WebGoat/XXE/ping?text=[contents_file]` (NOTE: this endpoint is under your full control)

8
webgoat-standalone/.gitignore vendored
View File

@ -1,8 +0,0 @@
target/
.idea/
*.iml
/src/main/webapp/plugin_lessons/*.jar
/src/main/webapp/plugin_extracted/*
dependency-reduced-pom.xml
src/main/webapp/users/guest.org.owasp.webgoat.lessons.BackDoors.props
/src/main/webapp/WEB-INF/lib/*.jar

31
webgoat-standalone/README.MD
View File

@ -1,31 +0,0 @@
# WebGoat standalone runner
## Introduction
This project is aimed to be the replacement for the exec-war, it contains
a simple Main.class which will start an embedded Tomcat server.
This makes it easier to change the server address and the portnumber for example.
It kind of works in the same way Spring Boot starts an embedded Tomcat server.
## Usage
For the first time make sure you run a complete build:
```Shell
mvn clean install
```
Open up your favourite IDE and run the Main.class which will start the
embedded Tomcat server.
Or in a shell:
```Shell
java -jar webgoat-standalone-<<version>>-exec.jar
```
The following command line options are available:
```
-a, --address Specify the server address, like 192.168.0.1 (default localhost)
-p, --port Specify on which port the server should run (default 6047)
```

102
webgoat-standalone/pom.xml
View File

@ -1,102 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<name>webgoat-standalone</name>
<modelVersion>4.0.0</modelVersion>
<artifactId>webgoat-standalone</artifactId>
<parent>
<groupId>org.owasp.webgoat</groupId>
<artifactId>webgoat-parent</artifactId>
<version>7.2-SNAPSHOT</version>
</parent>
<dependencies>
<dependency>
<groupId>com.github.ryenus</groupId>
<artifactId>rop</artifactId>
<version>1.1.1</version>
</dependency>
<dependency>
<groupId>org.owasp.webgoat</groupId>
<artifactId>webgoat-container</artifactId>
<version>${project.version}</version>
</dependency>
<!--************* Tomcat dependencies **************-->
<dependency>
<groupId>org.apache.tomcat.embed</groupId>
<artifactId>tomcat-embed-core</artifactId>
<version>${tomcat-catalina.version}</version>
</dependency>
<dependency>
<groupId>org.apache.tomcat.embed</groupId>
<artifactId>tomcat-embed-logging-juli</artifactId>
<version>${tomcat-catalina.version}</version>
</dependency>
<dependency>
<groupId>org.apache.tomcat.embed</groupId>
<artifactId>tomcat-embed-jasper</artifactId>
<version>${tomcat-catalina.version}</version>
</dependency>
<dependency>
<groupId>org.apache.tomcat</groupId>
<artifactId>tomcat-jasper</artifactId>
<version>${tomcat-catalina.version}</version>
</dependency>
<dependency>
<groupId>org.apache.tomcat</groupId>
<artifactId>tomcat-jasper-el</artifactId>
<version>${tomcat-catalina.version}</version>
</dependency>
<dependency>
<groupId>org.apache.tomcat</groupId>
<artifactId>tomcat-jsp-api</artifactId>
<version>${tomcat-catalina.version}</version>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<version>${maven-compiler-plugin.version}</version>
<configuration>
<source>1.7</source>
<target>1.7</target>
<encoding>ISO-8859-1</encoding>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-shade-plugin</artifactId>
<version>2.3</version>
<executions>
<!-- Run shade goal on package phase -->
<execution>
<phase>package</phase>
<goals>
<goal>shade</goal>
</goals>
<configuration>
<transformers>
<transformer implementation="org.apache.maven.plugins.shade.resource.AppendingTransformer">
<resource>META-INF/spring.handlers</resource>
</transformer>
<transformer implementation="org.apache.maven.plugins.shade.resource.AppendingTransformer">
<resource>META-INF/spring.schemas</resource>
</transformer>
<transformer implementation="org.apache.maven.plugins.shade.resource.ManifestResourceTransformer">
<mainClass>org.owasp.webgoat.Main</mainClass>
</transformer>
</transformers>
<shadedArtifactAttached>true</shadedArtifactAttached>
<shadedClassifierName>exec</shadedClassifierName>
</configuration>
</execution>
</executions>
</plugin>
</plugins>
</build>
</project>

80
webgoat-standalone/src/main/java/org/owasp/webgoat/Main.java
View File

@ -1,80 +0,0 @@
package org.owasp.webgoat;
import com.github.ryenus.rop.OptionParser;
import com.github.ryenus.rop.OptionParser.Option;
import org.apache.catalina.connector.Connector;
import org.apache.catalina.core.StandardContext;
import org.apache.catalina.startup.Tomcat;
import org.apache.coyote.AbstractProtocol;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import java.io.File;
import java.net.InetAddress;
import static com.github.ryenus.rop.OptionParser.Command;
/**
* ************************************************************************************************
* This file is part of WebGoat, an Open Web Application Security Project utility. For details,
* please see http://www.owasp.org/
* <p>
* Copyright (c) 2002 - 20014 Bruce Mayhew
* <p>
* This program is free software; you can redistribute it and/or modify it under the terms of the
* GNU General Public License as published by the Free Software Foundation; either version 2 of the
* License, or (at your option) any later version.
* <p>
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
* even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
* <p>
* You should have received a copy of the GNU General Public License along with this program; if
* not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
* 02111-1307, USA.
* <p>
* Getting Source ==============
* <p>
* Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software
* projects.
* <p>
*
* @author WebGoat
* @version $Id: $Id
* @since July 24, 2016
*/
@Command(name = "webgoat", descriptions = "Starting WebGoat")
public class Main {
private final Logger logger = LoggerFactory.getLogger(Main.class);
@Option(opt = {"-p", "--port"}, description = "HTTP port to use")
int port = 6047;
@Option(opt = {"-a", "--address"}, description = "Server address to use")
String address = "localhost";
void run() throws Exception {
String webappDirLocation = "webgoat-container/src/main/webapp/";
Tomcat tomcat = new Tomcat();
StandardContext ctx = (StandardContext) tomcat.addWebapp("/WebGoat", new File(webappDirLocation).getAbsolutePath());
Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol");
connector.setPort(port);
if (connector.getProtocolHandler() instanceof AbstractProtocol) {
AbstractProtocol<?> protocol = (AbstractProtocol<?>) connector.getProtocolHandler();
protocol.setAddress(InetAddress.getByName(address));
protocol.setPort(port);
}
tomcat.getService().addConnector(connector);
tomcat.start();
logger.info("Browse to http://{}:{}/WebGoat and happy hacking!", address, port);
tomcat.getServer().await();
}
public static void main(String[] args) throws Exception {
OptionParser parser = new OptionParser(Main.class);
parser.parse(args);
}
}

1
webgoat-standalone/src/main/standalone.properties
View File

@ -1 +0,0 @@
# Dummy property file to figure out whether we started as a war or as a standalone jar