Working last password assignment
This commit is contained in:
		| @ -22,8 +22,7 @@ challenge.flag.incorrect=Sorry this is not the correct flag, please try again. | ||||
|  | ||||
| ip.address.unknown=IP address unknown, e-mail has been sent.  | ||||
|  | ||||
| login_failed=Login failed | ||||
| login_failed.tom=Sorry only Tom can login at the moment | ||||
|  | ||||
|  | ||||
| required4=Missing username or password, please specify both. | ||||
| user.not.larry=Please try to log in as Larry not {0}.  | ||||
| @ -6,7 +6,7 @@ import org.owasp.webgoat.lessons.NewLesson; | ||||
| import java.util.ArrayList; | ||||
| import java.util.List; | ||||
|  | ||||
| public class PasswordReset  extends NewLesson { | ||||
| public class PasswordReset extends NewLesson { | ||||
|     @Override | ||||
|     public Category getDefaultCategory() { | ||||
|         return Category.AUTHENTICATION; | ||||
|  | ||||
| @ -1,4 +1,4 @@ | ||||
| package org.owasp.webgoat.plugin.questions; | ||||
| package org.owasp.webgoat.plugin; | ||||
| 
 | ||||
| import org.apache.commons.lang3.StringUtils; | ||||
| import org.owasp.webgoat.assignments.AssignmentEndpoint; | ||||
| @ -1,11 +1,13 @@ | ||||
| package org.owasp.webgoat.plugin.resetlink; | ||||
| package org.owasp.webgoat.plugin; | ||||
| 
 | ||||
| import com.google.common.collect.EvictingQueue; | ||||
| import com.google.common.collect.Maps; | ||||
| import org.owasp.webgoat.assignments.AssignmentEndpoint; | ||||
| import org.owasp.webgoat.assignments.AssignmentHints; | ||||
| import org.owasp.webgoat.assignments.AssignmentPath; | ||||
| import org.owasp.webgoat.assignments.AttackResult; | ||||
| import org.owasp.webgoat.plugin.PasswordResetEmail; | ||||
| import org.owasp.webgoat.plugin.resetlink.PasswordChangeForm; | ||||
| import org.springframework.beans.factory.annotation.Value; | ||||
| import org.springframework.http.HttpEntity; | ||||
| import org.springframework.http.HttpHeaders; | ||||
| @ -27,6 +29,7 @@ import static org.springframework.web.bind.annotation.RequestMethod.POST; | ||||
|  * @since 8/20/17. | ||||
|  */ | ||||
| @AssignmentPath("/PasswordReset/reset") | ||||
| @AssignmentHints({"password-reset-hint1", "password-reset-hint2", "password-reset-hint3", "password-reset-hint4", "password-reset-hint5"}) | ||||
| public class ResetLinkAssignment extends AssignmentEndpoint { | ||||
| 
 | ||||
|     private static final String PASSWORD_TOM_9 = "somethingVeryRandomWhichNoOneWillEverTypeInAsPasswordForTom"; | ||||
| @ -46,12 +49,10 @@ public class ResetLinkAssignment extends AssignmentEndpoint { | ||||
| 
 | ||||
|     private final RestTemplate restTemplate; | ||||
|     private final String webWolfMailURL; | ||||
|     private final String webwolfLandingURL; | ||||
| 
 | ||||
|     public ResetLinkAssignment(RestTemplate restTemplate, @Value("${webwolf.url.mail}") String webWolfMailURL, @Value("${webwolf.url.landingpage}") String webwolfLandingURL) { | ||||
|     public ResetLinkAssignment(RestTemplate restTemplate, @Value("${webwolf.url.mail}") String webWolfMailURL) { | ||||
|         this.restTemplate = restTemplate; | ||||
|         this.webWolfMailURL = webWolfMailURL; | ||||
|         this.webwolfLandingURL = webwolfLandingURL; | ||||
|     } | ||||
| 
 | ||||
|     @RequestMapping(method = POST, value = "/create-password-reset-link") | ||||
| @ -63,7 +64,7 @@ public class ResetLinkAssignment extends AssignmentEndpoint { | ||||
|         if (org.springframework.util.StringUtils.hasText(email)) { | ||||
|             if (email.equals(TOM_EMAIL) && host.contains("8081")) { //User indeed changed the host header. | ||||
|                 userToTomResetLink.put(getWebSession().getUserName(), resetLink); | ||||
|                 fakeClickingLinkEmail(cookie, host, resetLink); | ||||
|                 fakeClickingLinkEmail(host, resetLink); | ||||
|             } else { | ||||
|                 sendMailToUser(email, host, resetLink); | ||||
|             } | ||||
| @ -88,7 +89,7 @@ public class ResetLinkAssignment extends AssignmentEndpoint { | ||||
|      * which user we need to trace the incoming request. In normal situation this HOST will be in your | ||||
|      * full control so every incoming request would be valid. | ||||
|      */ | ||||
|     private void fakeClickingLinkEmail(String cookie, String host, String resetLink) { | ||||
|     private void fakeClickingLinkEmail(String host, String resetLink) { | ||||
|         try { | ||||
|             HttpHeaders httpHeaders = new HttpHeaders(); | ||||
|             HttpEntity httpEntity = new HttpEntity(httpHeaders); | ||||
| @ -104,12 +105,12 @@ public class ResetLinkAssignment extends AssignmentEndpoint { | ||||
|         if (TOM_EMAIL.equals(email)) { | ||||
|             String passwordTom = usersToTomPassword.getOrDefault(getWebSession().getUserName(), PASSWORD_TOM_9); | ||||
|             if (passwordTom.equals(PASSWORD_TOM_9)) { | ||||
|                 return failed().feedback("login_failed").build(); | ||||
|                 return trackProgress(failed().feedback("login_failed").build()); | ||||
|             } else if (passwordTom.equals(password)) { | ||||
|                 return success().feedback("challenge.solved").feedbackArgs("test").build(); | ||||
|                 return trackProgress(success().build()); | ||||
|             } | ||||
|         } | ||||
|         return failed().feedback("login_failed.tom").build(); | ||||
|         return trackProgress(failed().feedback("login_failed.tom").build()); | ||||
|     } | ||||
| 
 | ||||
|     @GetMapping("/reset-password/{link}") | ||||
| @ -124,7 +125,6 @@ public class ResetLinkAssignment extends AssignmentEndpoint { | ||||
|         } | ||||
|     } | ||||
| 
 | ||||
| 
 | ||||
|     @PostMapping("/change-password") | ||||
|     public String changePassword(@ModelAttribute("form") PasswordChangeForm form, BindingResult bindingResult) { | ||||
|         if (!org.springframework.util.StringUtils.hasText(form.getPassword())) { | ||||
| @ -1,4 +1,4 @@ | ||||
| package org.owasp.webgoat.plugin.simple; | ||||
| package org.owasp.webgoat.plugin; | ||||
| 
 | ||||
| import org.apache.commons.lang3.StringUtils; | ||||
| import org.owasp.webgoat.assignments.AssignmentEndpoint; | ||||
| @ -24,6 +24,7 @@ import static java.util.Optional.ofNullable; | ||||
|  * @since 8/20/17. | ||||
|  */ | ||||
| @AssignmentPath("/PasswordReset/simple-mail") | ||||
| 
 | ||||
| public class SimpleMailAssignment extends AssignmentEndpoint { | ||||
| 
 | ||||
|     private final String webWolfURL; | ||||
| @ -137,95 +137,85 @@ | ||||
|         <img th:src="@{/images/wolf-enabled.png}" class="webwolf-enabled"/> | ||||
|         <div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div> | ||||
|  | ||||
|         <div class="container-fluid"> | ||||
|             <div class="row"> | ||||
|                 <div class="col-md-3"> | ||||
|                     <h4 style="border-bottom: 1px solid #c5c5c5;"> | ||||
|                         <i class="glyphicon glyphicon-user"></i> | ||||
|                         Account Access | ||||
|                     </h4> | ||||
|                     <div style="padding: 20px;" id="password-login"> | ||||
|                         <form id="login-form" class="attack-form" accept-charset="UNKNOWN" | ||||
|                               method="POST" name="form" | ||||
|                               action="/WebGoat/PasswordReset/reset/login" | ||||
|                               enctype="application/json;charset=UTF-8" role="form"> | ||||
|                             <fieldset> | ||||
|                                 <div class="form-group input-group"> | ||||
|                                     <span class="input-group-addon"> @ </span> | ||||
|                                     <input class="form-control" placeholder="Email" name="email" type="email" | ||||
|                                            required="" autofocus=""/> | ||||
|                                 </div> | ||||
|                                 <div class="form-group input-group"> | ||||
|         <form class="attack-form" accept-charset="UNKNOWN" | ||||
|               method="POST" | ||||
|               action="/WebGoat/PasswordReset/reset/login" | ||||
|               enctype="application/json;charset=UTF-8"> | ||||
|             <div class="container-fluid"> | ||||
|                 <div class="row"> | ||||
|                     <div class="col-md-3"> | ||||
|                         <h4 style="border-bottom: 1px solid #c5c5c5;"> | ||||
|                             <i class="glyphicon glyphicon-user"></i> | ||||
|                             Account Access | ||||
|                         </h4> | ||||
|                         <div style="padding: 20px;" id="password-login"> | ||||
|                             <form id="login-form" class="attack-form" accept-charset="UNKNOWN" | ||||
|                                   method="POST" name="form" | ||||
|                                   action="/WebGoat/PasswordReset/reset/login" | ||||
|                                   enctype="application/json;charset=UTF-8" role="form"> | ||||
|                                 <fieldset> | ||||
|                                     <div class="form-group input-group"> | ||||
|                                         <span class="input-group-addon"> @ </span> | ||||
|                                         <input class="form-control" placeholder="Email" name="email" type="email" | ||||
|                                                required="" autofocus=""/> | ||||
|                                     </div> | ||||
|                                     <div class="form-group input-group"> | ||||
|           <span class="input-group-addon"> | ||||
|             <i class="glyphicon glyphicon-lock"> | ||||
|             </i> | ||||
|           </span> | ||||
|                                     <input class="form-control" placeholder="Password" name="password" type="password" | ||||
|                                            value="" required=""/> | ||||
|                                 </div> | ||||
|                                 <div class="form-group"> | ||||
|                                     <button type="submit" class="btn btn-primary btn-block"> | ||||
|                                         Access | ||||
|                                     </button> | ||||
|                                     <p class="help-block"> | ||||
|                                         <a class="pull-right text-muted" href="#" onclick="showPasswordReset()"> | ||||
|                                             <small>Forgot your password?</small> | ||||
|                                         </a> | ||||
|                                     </p> | ||||
|                                 </div> | ||||
|                             </fieldset> | ||||
|                         </form> | ||||
|                     </div> | ||||
|                     <div style="display: none;" id="password-reset"> | ||||
|                         <h4 class=""> | ||||
|                             Forgot your password? | ||||
|                         </h4> | ||||
|                         <form  class="attack-form" accept-charset="UNKNOWN" | ||||
|                               method="POST" name="form" | ||||
|                               action="/WebGoat/PasswordReset/reset/create-password-reset-link" | ||||
|                               enctype="application/json;charset=UTF-8" role="form"> | ||||
|                             <fieldset> | ||||
|                                         <input class="form-control" placeholder="Password" name="password" | ||||
|                                                type="password" | ||||
|                                                value="" required=""/> | ||||
|                                     </div> | ||||
|                                     <div class="form-group"> | ||||
|                                         <button type="submit" class="btn btn-primary btn-block"> | ||||
|                                             Access | ||||
|                                         </button> | ||||
|                                         <p class="help-block"> | ||||
|                                             <a class="pull-right text-muted" href="#" onclick="showPasswordReset()"> | ||||
|                                                 <small>Forgot your password?</small> | ||||
|                                             </a> | ||||
|                                         </p> | ||||
|                                     </div> | ||||
|                                 </fieldset> | ||||
|                             </form> | ||||
|                         </div> | ||||
|                         <div style="display: none;" id="password-reset"> | ||||
|                             <h4 class=""> | ||||
|                                 Forgot your password? | ||||
|                             </h4> | ||||
|                             <form class="attack-form" accept-charset="UNKNOWN" | ||||
|                                   method="POST" name="form" | ||||
|                                   action="/WebGoat/PasswordReset/reset/create-password-reset-link" | ||||
|                                   enctype="application/json;charset=UTF-8" role="form"> | ||||
|                                 <fieldset> | ||||
|         <span class="help-block"> | ||||
|           Email address you use to log in to your account | ||||
|           <br/> | ||||
|           We'll send you an email with instructions to choose a new password. | ||||
|         </span> | ||||
|                                 <div class="form-group input-group"> | ||||
|                                     <div class="form-group input-group"> | ||||
|           <span class="input-group-addon"> | ||||
|             @ | ||||
|           </span> | ||||
|                                     <input class="form-control" placeholder="Email" name="email" type="email" | ||||
|                                            required=""/> | ||||
|                                 </div> | ||||
|                                 <button type="submit" class="btn btn-primary btn-block" id="btn-login"> | ||||
|                                     Continue | ||||
|                                 </button> | ||||
|                                 <p class="help-block"> | ||||
|                                     <a class="text-muted" href="#" onclick="showPassword()"> | ||||
|                                         <small>Account Access</small> | ||||
|                                     </a> | ||||
|                                 </p> | ||||
|                             </fieldset> | ||||
|                         </form> | ||||
|                                         <input class="form-control" placeholder="Email" name="email" type="email" | ||||
|                                                required=""/> | ||||
|                                     </div> | ||||
|                                     <button type="submit" class="btn btn-primary btn-block" id="btn-login"> | ||||
|                                         Continue | ||||
|                                     </button> | ||||
|                                     <p class="help-block"> | ||||
|                                         <a class="text-muted" href="#" onclick="showPassword()"> | ||||
|                                             <small>Account Access</small> | ||||
|                                         </a> | ||||
|                                     </p> | ||||
|                                 </fieldset> | ||||
|                             </form> | ||||
|                         </div> | ||||
|                     </div> | ||||
|                 </div> | ||||
|             </div> | ||||
|         </div> | ||||
|  | ||||
|         <br/> | ||||
|         <form class="attack-form" method="POST" name="form" action="/WebGoat/challenge/flag"> | ||||
|             <div class="form-group"> | ||||
|                 <div class="input-group"> | ||||
|                     <div class="input-group-addon"><i class="fa fa-flag-checkered" aria-hidden="true" | ||||
|                                                       style="font-size:20px"></i></div> | ||||
|                     <input type="text" class="form-control" id="flag" name="flag" | ||||
|                            placeholder="a7179f89-906b-4fec-9d99-f15b796e7208"/> | ||||
|                 </div> | ||||
|                 <div class="input-group" style="margin-top: 10px"> | ||||
|                     <button type="submit" class="btn btn-primary">Submit flag</button> | ||||
|                 </div> | ||||
|             </div> | ||||
|  | ||||
|         </form> | ||||
|  | ||||
|         <br/> | ||||
|  | ||||
| @ -16,4 +16,6 @@ password-reset-hint1=Try to send a password reset link to your own account at {u | ||||
| password-reset-hint2=Look at the link, can you think how the server creates this link? | ||||
| password-reset-hint3=Tom clicks all the links he receives in his mailbox, you can use the landing page in WebWolf to get the reset link... | ||||
| password-reset-hint4=The link points to localhost:8080/PasswordReset/.... can you change the host to localhost:8081 | ||||
| password-reset-hint5=Intercept the request and change the host header | ||||
| password-reset-hint5=Intercept the request and change the host header | ||||
| login_failed=Login failed | ||||
| login_failed.tom=Sorry only Tom can login at the moment | ||||
| @ -14,5 +14,5 @@ The time out is necessary to restrict the attack window, having a link opens up | ||||
|  | ||||
| Tom always resets his password immediately after receiving the email with the link. | ||||
| Try to reset the password of Tom (tom@webgoat-cloud.org) to your own choice and login as Tom with | ||||
| that password. If you did submit is in the e-mail address and submit again. | ||||
| that password. | ||||
|  | ||||
|  | ||||
| @ -21,7 +21,7 @@ import java.net.URISyntaxException; | ||||
| @AssignmentPath("/WebWolf/landing") | ||||
| public class LandingAssignment extends AssignmentEndpoint { | ||||
|  | ||||
|     @Value("${webworf.url.landingpage}") | ||||
|     @Value("${webwolf.url.landingpage}") | ||||
|     private String landingPageUrl; | ||||
|  | ||||
|     @PostMapping | ||||
|  | ||||
		Reference in New Issue
	
	Block a user