Refactoring (#1201)

* Some initial refactoring * Make it one application * Got it working * Fix problem on Windows * Move WebWolf * Move first lesson * Moved all lessons * Fix pom.xml * Fix tests * Add option to initialize a lesson This way we can create content for each user inside a lesson. The initialize method will be called when a new user is created or when a lesson reset happens * Clean up pom.xml files * Remove fetching labels based on language. We only support English at the moment, all the lesson explanations are written in English which makes it very difficult to translate. If we only had labels it would make sense to support multiple languages * Fix SonarLint issues * And move it all to the main project * Fix for documentation paths * Fix pom warnings * Remove PMD as it does not work * Update release notes about refactoring Update release notes about refactoring Update release notes about refactoring * Fix lesson template * Update release notes * Keep it in the same repo in Dockerhub * Update documentation to show how the connection is obtained. Resolves: #1180 * Rename all integration tests * Remove command from Dockerfile * Simplify GitHub actions Currently, we use a separate actions for pull-requests and branch build. This is now consolidated in one action. The PR action triggers always, it now only trigger when the PR is opened and not in draft. Running all platforms on a branch build is a bit too much, it is better to only run all platforms when someone opens a PR. * Remove duplicate entry from release notes * Add explicit registry for base image * Lesson scanner not working when fat jar When running the fat jar we have to take into account we are reading from the jar file and not the filesystem. In this case you cannot use `getFile` for example. * added info in README and fixed release docker * changed base image and added ignore file Co-authored-by: Zubcevic.com <rene@zubcevic.com>
2022-04-09 14:56:12 +02:00
parent f3d8206a07
commit 711649924b
1130 changed files with 3540 additions and 7643 deletions
--- a/src/main/resources/lessons/challenges/challenge7/git.zip
+++ b/src/main/resources/lessons/challenges/challenge7/git.zip
--- a/src/main/resources/lessons/challenges/css/challenge6.css
+++ b/src/main/resources/lessons/challenges/css/challenge6.css
@ -0,0 +1,96 @@
+.panel-login {
+    border-color: #ccc;
+    -webkit-box-shadow: 0px 2px 3px 0px rgba(0,0,0,0.2);
+    -moz-box-shadow: 0px 2px 3px 0px rgba(0,0,0,0.2);
+    box-shadow: 0px 2px 3px 0px rgba(0,0,0,0.2);
+}
+.panel-login>.panel-heading {
+    color: #00415d;
+    background-color: #fff;
+    border-color: #fff;
+    text-align:center;
+}
+.panel-login>.panel-heading a{
+    text-decoration: none;
+    color: #666;
+    font-weight: bold;
+    font-size: 15px;
+    -webkit-transition: all 0.1s linear;
+    -moz-transition: all 0.1s linear;
+    transition: all 0.1s linear;
+}
+.panel-login>.panel-heading a.active{
+    color: #029f5b;
+    font-size: 18px;
+}
+.panel-login>.panel-heading hr{
+    margin-top: 10px;
+    margin-bottom: 0px;
+    clear: both;
+    border: 0;
+    height: 1px;
+    background-image: -webkit-linear-gradient(left,rgba(0, 0, 0, 0),rgba(0, 0, 0, 0.15),rgba(0, 0, 0, 0));
+    background-image: -moz-linear-gradient(left,rgba(0,0,0,0),rgba(0,0,0,0.15),rgba(0,0,0,0));
+    background-image: -ms-linear-gradient(left,rgba(0,0,0,0),rgba(0,0,0,0.15),rgba(0,0,0,0));
+    background-image: -o-linear-gradient(left,rgba(0,0,0,0),rgba(0,0,0,0.15),rgba(0,0,0,0));
+}
+.panel-login input[type="text"],.panel-login input[type="email"],.panel-login input[type="password"] {
+    height: 45px;
+    border: 1px solid #ddd;
+    font-size: 16px;
+    -webkit-transition: all 0.1s linear;
+    -moz-transition: all 0.1s linear;
+    transition: all 0.1s linear;
+}
+.panel-login input:hover,
+.panel-login input:focus {
+    outline:none;
+    -webkit-box-shadow: none;
+    -moz-box-shadow: none;
+    box-shadow: none;
+    border-color: #ccc;
+}
+.btn-login {
+    background-color: #59B2E0;
+    outline: none;
+    color: #fff;
+    font-size: 14px;
+    height: auto;
+    font-weight: normal;
+    padding: 14px 0;
+    text-transform: uppercase;
+    border-color: #59B2E6;
+}
+.btn-login:hover,
+.btn-login:focus {
+    color: #fff;
+    background-color: #53A3CD;
+    border-color: #53A3CD;
+}
+.forgot-password {
+    text-decoration: underline;
+    color: #888;
+}
+.forgot-password:hover,
+.forgot-password:focus {
+    text-decoration: underline;
+    color: #666;
+}
+
+.btn-register {
+    background-color: #1CB94E;
+    outline: none;
+    color: #fff;
+    font-size: 14px;
+    height: auto;
+    font-weight: normal;
+    padding: 14px 0;
+    text-transform: uppercase;
+    border-color: #1CB94A;
+}
+.btn-register:hover,
+.btn-register:focus {
+    color: #fff;
+    background-color: #1CA347;
+    border-color: #1CA347;
+}
--- a/src/main/resources/lessons/challenges/css/challenge8.css
+++ b/src/main/resources/lessons/challenges/css/challenge8.css
@ -0,0 +1,43 @@
+.btn-grey{
+    background-color:#D8D8D8;
+    color:#FFF;
+}
+.rating-block{
+    background-color:#FAFAFA;
+    border:1px solid #EFEFEF;
+    padding:15px 15px 20px 15px;
+    border-radius:3px;
+}
+.bold{
+    font-weight:700;
+}
+.padding-bottom-7{
+    padding-bottom:7px;
+}
+
+.review-block{
+    background-color:#FAFAFA;
+    border:1px solid #EFEFEF;
+    padding:15px;
+    border-radius:3px;
+    margin-bottom:15px;
+}
+.review-block-name{
+    font-size:12px;
+    margin:10px 0;
+}
+.review-block-date{
+    font-size:12px;
+}
+.review-block-rate{
+    font-size:13px;
+    margin-bottom:15px;
+}
+.review-block-title{
+    font-size:15px;
+    font-weight:700;
+    margin-bottom:10px;
+}
+.review-block-description{
+    font-size:13px;
+}
--- a/src/main/resources/lessons/challenges/db/migration/V2018_09_26_1__users.sql
+++ b/src/main/resources/lessons/challenges/db/migration/V2018_09_26_1__users.sql
@ -0,0 +1,11 @@
+--Challenge 5 - Creating tables for users
+CREATE TABLE challenge_users(
+  userid varchar(250),
+  email varchar(30),
+  password varchar(30)
+);
+
+INSERT INTO challenge_users VALUES ('larry', 'larry@webgoat.org', 'larryknows');
+INSERT INTO challenge_users VALUES ('tom', 'tom@webgoat.org', 'thisisasecretfortomonly');
+INSERT INTO challenge_users VALUES ('alice', 'alice@webgoat.org', 'rt*(KJ()LP())$#**');
+INSERT INTO challenge_users VALUES ('eve', 'eve@webgoat.org', '**********');
--- a/src/main/resources/lessons/challenges/documentation/Challenge_1.adoc
+++ b/src/main/resources/lessons/challenges/documentation/Challenge_1.adoc
@ -0,0 +1 @@
+The admin forgot where the password is stashed, can you help?
--- a/src/main/resources/lessons/challenges/documentation/Challenge_5.adoc
+++ b/src/main/resources/lessons/challenges/documentation/Challenge_5.adoc
@ -0,0 +1 @@
+Can you login as Larry?
--- a/src/main/resources/lessons/challenges/documentation/Challenge_6.adoc
+++ b/src/main/resources/lessons/challenges/documentation/Challenge_6.adoc
@ -0,0 +1 @@
+Can you login as Tom? It may be a little harder than it was for Larry.
--- a/src/main/resources/lessons/challenges/documentation/Challenge_7.adoc
+++ b/src/main/resources/lessons/challenges/documentation/Challenge_7.adoc
@ -0,0 +1 @@
+Try to reset the password for admin.
--- a/src/main/resources/lessons/challenges/documentation/Challenge_8.adoc
+++ b/src/main/resources/lessons/challenges/documentation/Challenge_8.adoc
@ -0,0 +1 @@
+Can you still vote?
--- a/src/main/resources/lessons/challenges/documentation/Challenge_introduction.adoc
+++ b/src/main/resources/lessons/challenges/documentation/Challenge_introduction.adoc
@ -0,0 +1,29 @@
+=== Welcome to the WebGoat challenge (CTF)
+
+==== Introduction
+
+The challenges contain more a CTF like lessons where we do not provide any explanations what you need to do, no hints
+will be provided. You can use these challenges in a CTF style where you can run WebGoat on one server and all
+participants can join and hack the challenges. A scoreboard is available at link:/WebGoat/scoreboard["/WebGoat/scoreboard",window=_blank]
+
+:hardbreaks:
+In this CTF you will need to solve a couple of challenges, each challenge will give you a flag which you will
+need to post in order to gain points.
+
+Flags have the following format: `a7179f89-906b-4fec-9d99-f15b796e7208`
+
+==== Rules
+
+- Do not try to hack the competition infrastructure. If you happen to find a bug or vulnerability please send us
+an e-mail.
+
+- Play fair, do not try sabotage other competing teams, or in any way hindering the progress of another team.
+
+- Brute forcing of challenges / flags is not allowed.
+
+:hardbreaks:
+*Have fun!!*
+Team WebGoat
+
+
+image::images/boss.jpg[]
--- a/src/main/resources/lessons/challenges/html/Challenge.html
+++ b/src/main/resources/lessons/challenges/html/Challenge.html
@ -0,0 +1,9 @@
+    <!DOCTYPE html>
+
+<html xmlns:th="http://www.thymeleaf.org">
+
+<div class="lesson-page-wrapper">
+    <div class="adoc-content" th:replace="doc:lessons/challenges/documentation/Challenge_introduction.adoc"></div>
+</div>
+
+</html>
--- a/src/main/resources/lessons/challenges/html/Challenge1.html
+++ b/src/main/resources/lessons/challenges/html/Challenge1.html
@ -0,0 +1,63 @@
+<!DOCTYPE html>
+
+<html xmlns:th="http://www.thymeleaf.org">
+
+<div class="lesson-page-wrapper">
+    <div class="adoc-content" th:replace="doc:lessons/challenges/documentation/Challenge_introduction.adoc"></div>
+</div>
+<div class="lesson-page-wrapper">
+    <div class="attack-container">
+        <div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
+
+        <div class="container-fluid">
+            <div class="panel panel-default">
+                <div class="panel-heading">
+                    <img th:src="@{/challenge/logo}" class="img-thumbnail"/>
+                </div>
+                <div class="panel-body">
+                    <form class="attack-form" accept-charset="UNKNOWN"
+                          method="POST" name="form"
+                          action="/WebGoat/challenge/1"
+                          style="width: 200px;">
+
+                        <div class="form-group">
+                            <label for="exampleInputEmail1" th:text="#{username}">Username</label>
+                            <input autofocus="dummy_for_thymeleaf_parser" type="text" class="form-control"
+                                   id="exampleInputEmail1" placeholder="Username" name='username' value="admin"/>
+                        </div>
+                        <div class="form-group">
+                            <label for="exampleInputPassword1" th:text="#{password}">Password</label>
+                            <input type="password" class="form-control" id="exampleInputPassword1"
+                                   placeholder="Password"
+                                   name='password'/>
+                        </div>
+                        <button class="btn btn-primary btn-block" type="submit" th:text="#{sign.in}">Sign in</button>
+                    </form>
+                </div>
+            </div>
+        </div>
+
+        <form class="attack-form" method="POST" name="form" action="/WebGoat/challenge/flag">
+            <div class="form-group">
+                <div class="input-group">
+                    <div class="input-group-addon"><i class="fa fa-flag-checkered" aria-hidden="true"
+                                                      style="font-size:20px"></i></div>
+                    <input type="text" class="form-control" id="flag" name="flag"
+                           placeholder="a7179f89-906b-4fec-9d99-f15b796e7208"/>
+                </div>
+                <div class="input-group" style="margin-top: 10px">
+                    <button type="submit" class="btn btn-primary">Submit flag</button>
+                </div>
+            </div>
+
+        </form>
+
+
+        <br/>
+        <div class="attack-feedback"></div>
+        <div class="attack-output"></div>
+    </div>
+</div>
+
+
+</html>
--- a/src/main/resources/lessons/challenges/html/Challenge5.html
+++ b/src/main/resources/lessons/challenges/html/Challenge5.html
@ -0,0 +1,90 @@
+<!DOCTYPE html>
+
+<html xmlns:th="http://www.thymeleaf.org">
+
+
+<div class="lesson-page-wrapper">
+    <div class="adoc-content" th:replace="doc:lessons/challenges/documentation/Challenge_5.adoc"></div>
+    <link rel="stylesheet" type="text/css" th:href="@{/lesson_css/challenge6.css}"/>
+    <div class="attack-container">
+        <div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
+        <div class="container-fluid">
+            <div class="row">
+                <div class="col-md-6">
+                    <div class="panel panel-login">
+                        <div class="panel-heading">
+                            <div class="row">
+                                <div class="col-xs-6">
+                                    <a href="#" class="active" id="login-form-link">Login</a>
+                                </div>
+                            </div>
+                            <hr/>
+                        </div>
+                        <div class="panel-body">
+                            <div class="row">
+                                <div class="col-lg-12">
+                                    <form id="login-form" class="attack-form" accept-charset="UNKNOWN"
+                                          method="POST" name="form"
+                                          action="/WebGoat/challenge/5" role="form">
+                                        <div class="form-group">
+                                            <input type="text" name="username_login" id="username4" tabindex="1"
+                                                   class="form-control" placeholder="Username" value=""/>
+                                        </div>
+                                        <div class="form-group">
+                                            <input type="password" name="password_login" id="password4" tabindex="2"
+                                                   class="form-control" placeholder="Password"/>
+                                        </div>
+                                        <div class="form-group text-center">
+                                            <input type="checkbox" tabindex="3" class="" name="remember" id="remember"/>
+                                            <label for="remember"> Remember me</label>
+                                        </div>
+                                        <div class="form-group">
+                                            <div class="row">
+                                                <div class="col-sm-6 col-sm-offset-3">
+                                                    <input type="submit" name="login-submit" id="login-submit"
+                                                           tabindex="4" class="form-control btn-primary"
+                                                           value="Log In"/>
+                                                </div>
+                                            </div>
+                                        </div>
+                                        <div class="form-group">
+                                            <div class="row">
+                                                <div class="col-lg-12">
+                                                    <div class="text-center">
+                                                        <a href="#" tabindex="5" class="forgot-password">Forgot
+                                                            Password?</a>
+                                                    </div>
+                                                </div>
+                                            </div>
+                                        </div>
+                                    </form>
+                                </div>
+                            </div>
+                        </div>
+                    </div>
+                </div>
+            </div>
+        </div>
+        <br/>
+        <form class="attack-form" method="POST" name="form" action="/WebGoat/challenge/flag">
+            <div class="form-group">
+                <div class="input-group">
+                    <div class="input-group-addon"><i class="fa fa-flag-checkered" aria-hidden="true"
+                                                      style="font-size:20px"></i></div>
+                    <input type="text" class="form-control" id="flag" name="flag"
+                           placeholder="a7179f89-906b-4fec-9d99-f15b796e7208"/>
+                </div>
+                <div class="input-group" style="margin-top: 10px">
+                    <button type="submit" class="btn btn-primary">Submit flag</button>
+                </div>
+            </div>
+
+        </form>
+
+        <br/>
+        <div class="attack-feedback"></div>
+        <div class="attack-output"></div>
+    </div>
+</div>
+
+</html>
--- a/src/main/resources/lessons/challenges/html/Challenge6.html
+++ b/src/main/resources/lessons/challenges/html/Challenge6.html
@ -0,0 +1,123 @@
+<!DOCTYPE html>
+
+<html xmlns:th="http://www.thymeleaf.org">
+
+
+<div class="lesson-page-wrapper">
+    <div class="adoc-content" th:replace="doc:lessons/challenges/documentation/Challenge_6.adoc"></div>
+    <link rel="stylesheet" type="text/css" th:href="@{/lesson_css/challenge6.css}"/>
+    <script th:src="@{/lesson_js/challenge6.js}" language="JavaScript"></script>
+    <div class="attack-container">
+        <div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
+        <div class="container-fluid">
+            <div class="row">
+                <div class="col-md-6">
+                    <div class="panel panel-login">
+                        <div class="panel-heading">
+                            <div class="row">
+                                <div class="col-xs-6">
+                                    <a href="#" class="active" id="login-form-link">Login</a>
+                                </div>
+                                <div class="col-xs-6">
+                                    <a href="#" id="register-form-link">Register</a>
+                                </div>
+                            </div>
+                            <hr/>
+                        </div>
+                        <div class="panel-body">
+                            <div class="row">
+                                <div class="col-lg-12">
+                                    <form id="login-form" class="attack-form" accept-charset="UNKNOWN"
+                                          method="POST" name="form"
+                                          action="/WebGoat/challenge/6" role="form">
+                                        <div class="form-group">
+                                            <input type="text" name="username_login" id="username4" tabindex="1"
+                                                   class="form-control" placeholder="Username" value=""/>
+                                        </div>
+                                        <div class="form-group">
+                                            <input type="password" name="password_login" id="password4" tabindex="2"
+                                                   class="form-control" placeholder="Password"/>
+                                        </div>
+                                        <div class="form-group text-center">
+                                            <input type="checkbox" tabindex="3" class="" name="remember" id="remember"/>
+                                            <label for="remember"> Remember me</label>
+                                        </div>
+                                        <div class="form-group">
+                                            <div class="row">
+                                                <div class="col-sm-6 col-sm-offset-3">
+                                                    <input type="submit" name="login-submit" id="login-submit"
+                                                           tabindex="4" class="form-control btn-primary"
+                                                           value="Log In"/>
+                                                </div>
+                                            </div>
+                                        </div>
+                                        <div class="form-group">
+                                            <div class="row">
+                                                <div class="col-lg-12">
+                                                    <div class="text-center">
+                                                        <a href="#" tabindex="5" class="forgot-password">Forgot
+                                                            Password?</a>
+                                                    </div>
+                                                </div>
+                                            </div>
+                                        </div>
+                                    </form>
+                                    <form id="register-form" class="attack-form" accept-charset="UNKNOWN"
+                                          method="PUT" name="form"
+                                          action="/WebGoat/challenge/6" style="display: none;" role="form">
+                                        <div class="form-group">
+                                            <input type="text" name="username_reg" id="username" tabindex="1"
+                                                   class="form-control" placeholder="Username" value=""/>
+                                        </div>
+                                        <div class="form-group">
+                                            <input type="email" name="email_reg" id="email" tabindex="1"
+                                                   class="form-control" placeholder="Email Address" value=""/>
+                                        </div>
+                                        <div class="form-group">
+                                            <input type="password" name="password_reg" id="password" tabindex="2"
+                                                   class="form-control" placeholder="Password"/>
+                                        </div>
+                                        <div class="form-group">
+                                            <input type="password" name="confirm_password_reg" id="confirm-password"
+                                                   tabindex="2" class="form-control" placeholder="Confirm Password"/>
+                                        </div>
+                                        <div class="form-group">
+                                            <div class="row">
+                                                <div class="col-sm-6 col-sm-offset-3">
+                                                    <input type="submit" name="register-submit" id="register-submit"
+                                                           tabindex="4" class="form-control btn btn-primary"
+                                                           value="Register Now"/>
+                                                </div>
+                                            </div>
+                                        </div>
+                                    </form>
+                                </div>
+                            </div>
+                        </div>
+                    </div>
+                </div>
+            </div>
+        </div>
+        <br/>
+        <form class="attack-form" method="POST" name="form" action="/WebGoat/challenge/flag">
+            <div class="form-group">
+                <div class="input-group">
+                    <div class="input-group-addon"><i class="fa fa-flag-checkered" aria-hidden="true"
+                                                      style="font-size:20px"></i></div>
+                    <input type="text" class="form-control" id="flag" name="flag"
+                           placeholder="a7179f89-906b-4fec-9d99-f15b796e7208"/>
+                </div>
+                <div class="input-group" style="margin-top: 10px">
+                    <button type="submit" class="btn btn-primary">Submit flag</button>
+                </div>
+            </div>
+
+        </form>
+
+        <br/>
+        <div class="attack-feedback"></div>
+        <div class="attack-output"></div>
+    </div>
+</div>
+
+</html>
--- a/src/main/resources/lessons/challenges/html/Challenge7.html
+++ b/src/main/resources/lessons/challenges/html/Challenge7.html
@ -0,0 +1,81 @@
+<!DOCTYPE html>
+
+<!--
+** Revision history (automatically added by: /challenge/7/.git/hooks)
+
+2e29cacb85ce5066b8d011bb9769b666812b2fd9 Updated copyright to 2017
+ac937c7aab89e042ca32efeb00d4ca08a95b50d6 Removed hardcoded key
+f94008f801fceb8833a30fe56a8b26976347edcf First version of WebGoat Cloud website
+
+-->
+<html xmlns:th="http://www.thymeleaf.org">
+
+
+<div class="lesson-page-wrapper">
+    <div class="adoc-content" th:replace="doc:lessons/challenges/documentation/Challenge_7.adoc"></div>
+    <div class="attack-container">
+        <div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
+        <div class="container-fluid">
+            <div class="row">
+                <div class="col-md-4">
+                    <div class="panel panel-default">
+                        <div class="panel-body">
+                            <div class="text-center">
+                                <h3><i class="fa fa-lock fa-4x"></i></h3>
+                                <h2 class="text-center">Forgot Password?</h2>
+                                <p>You can reset your password here.</p>
+                                <div class="panel-body">
+
+                                    <form id="login-form" class="attack-form" accept-charset="UNKNOWN"
+                                          method="POST" name="form"
+                                          action="/WebGoat/challenge/7" role="form">
+
+                                        <div class="form-group">
+                                            <div class="input-group">
+                                                <span class="input-group-addon"><i
+                                                        class="glyphicon glyphicon-envelope color-blue"></i></span>
+                                                <input id="email" name="email" placeholder="email address"
+                                                       class="form-control" type="email"/>
+                                            </div>
+                                        </div>
+                                        <div class="form-group">
+                                            <input name="recover-submit" class="btn btn-lg btn-primary btn-block"
+                                                   value="Reset Password" type="submit"/>
+                                        </div>
+                                        <div class="form-group">
+                                            <p>(c) 2017 WebGoat Cloud Platform</p>
+                                        </div>
+
+                                        <input type="hidden" class="hide" name="token" id="token" value=""/>
+                                    </form>
+
+                                </div>
+                            </div>
+                        </div>
+                    </div>
+                </div>
+            </div>
+        </div>
+        <br/>
+        <form class="attack-form" method="POST" name="form" action="/WebGoat/challenge/flag">
+            <div class="form-group">
+                <div class="input-group">
+                    <div class="input-group-addon"><i class="fa fa-flag-checkered" aria-hidden="true"
+                                                      style="font-size:20px"></i></div>
+                    <input type="text" class="form-control" id="flag" name="flag"
+                           placeholder="a7179f89-906b-4fec-9d99-f15b796e7208"/>
+                </div>
+                <div class="input-group" style="margin-top: 10px">
+                    <button type="submit" class="btn btn-primary">Submit flag</button>
+                </div>
+            </div>
+
+        </form>
+
+        <br/>
+        <div class="attack-feedback"></div>
+        <div class="attack-output"></div>
+    </div>
+</div>
+
+</html>
--- a/src/main/resources/lessons/challenges/html/Challenge8.html
+++ b/src/main/resources/lessons/challenges/html/Challenge8.html
@ -0,0 +1,255 @@
+<!DOCTYPE html>
+<html xmlns:th="http://www.thymeleaf.org">
+
+
+<div class="lesson-page-wrapper">
+    <div class="adoc-content" th:replace="doc:lessons/challenges/documentation/Challenge_8.adoc"></div>
+    <link rel="stylesheet" type="text/css" th:href="@{/lesson_css/challenge8.css}"/>
+    <script th:src="@{/lesson_js/challenge8.js}" language="JavaScript"></script>
+
+    <div class="attack-container">
+        <div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
+
+        <div class="container">
+
+            <div class="row">
+                <div class="col-sm-3">
+                    <div class="rating-block">
+                        <h4>Average user rating</h4>
+                        <h2 class="bold padding-bottom-7">4.3
+                            <small>/ 5</small>
+                        </h2>
+                        <button id="star1" onClick="doVote(1)" type="button" class="btn btn-warning btn-sm" aria-label="Left Align">
+                            <span class="glyphicon glyphicon-star" aria-hidden="true"></span>
+                        </button>
+                        <button id="star2" onClick="doVote(2)" type="button" class="btn btn-warning btn-sm" aria-label="Left Align">
+                            <span class="glyphicon glyphicon-star" aria-hidden="true"></span>
+                        </button>
+                        <button id="star3" onClick="doVote(3)" type="button" class="btn btn-warning btn-sm" aria-label="Left Align">
+                            <span class="glyphicon glyphicon-star" aria-hidden="true"></span>
+                        </button>
+                        <button id="star4" onClick="doVote(4)" type="button" class="btn btn-default btn-grey btn-sm" aria-label="Left Align">
+                            <span class="glyphicon glyphicon-star" aria-hidden="true"></span>
+                        </button>
+                        <button id="star5" onClick="doVote(5)" type="button" class="btn btn-default btn-grey btn-sm" aria-label="Left Align">
+                            <span class="glyphicon glyphicon-star" aria-hidden="true"></span>
+                        </button>
+                    </div>
+                </div>
+                <div class="col-sm-3">
+                    <h4>Rating breakdown</h4>
+                    <div class="pull-left">
+                        <div class="pull-left" style="width:35px; line-height:1;">
+                            <div style="height:9px; margin:5px 0;">5 <span class="glyphicon glyphicon-star"></span>
+                            </div>
+                        </div>
+                        <div class="pull-left" style="width:180px;">
+                            <div class="progress" style="height:9px; margin:8px 0;">
+                                <div id="progressBar5" class="progress-bar progress-bar-success" role="progressbar" aria-valuenow="5"
+                                     aria-valuemin="0" aria-valuemax="5">
+                                    <span class="sr-only">5</span>
+                                </div>
+                            </div>
+                        </div>
+                        <div id="nrOfVotes5" class="pull-right" style="margin-left:10px;">0</div>
+                    </div>
+                    <div class="pull-left">
+                        <div class="pull-left" style="width:35px; line-height:1;">
+                            <div style="height:9px; margin:5px 0;">4 <span class="glyphicon glyphicon-star"></span>
+                            </div>
+                        </div>
+                        <div class="pull-left" style="width:180px;">
+                            <div class="progress" style="height:9px; margin:8px 0;">
+                                <div id="progressBar4" class="progress-bar progress-bar-primary" role="progressbar" aria-valuenow="5"
+                                     aria-valuemin="0" aria-valuemax="5">
+                                    <span class="sr-only">4</span>
+                                </div>
+                            </div>
+                        </div>
+                        <div id="nrOfVotes4" class="pull-right" style="margin-left:10px;">0</div>
+                    </div>
+                    <div class="pull-left">
+                        <div class="pull-left" style="width:35px; line-height:1;">
+                            <div style="height:9px; margin:5px 0;">3 <span class="glyphicon glyphicon-star"></span>
+                            </div>
+                        </div>
+                        <div class="pull-left" style="width:180px;">
+                            <div class="progress" style="height:9px; margin:8px 0;">
+                                <div id="progressBar3" class="progress-bar progress-bar-info" role="progressbar" aria-valuenow="5"
+                                     aria-valuemin="0" aria-valuemax="5">
+                                    <span class="sr-only">4</span>
+                                </div>
+                            </div>
+                        </div>
+                        <div id="nrOfVotes3" class="pull-right" style="margin-left:10px;">0</div>
+                    </div>
+                    <div class="pull-left">
+                        <div class="pull-left" style="width:35px; line-height:1;">
+                            <div style="height:9px; margin:5px 0;">2 <span class="glyphicon glyphicon-star"></span>
+                            </div>
+                        </div>
+                        <div class="pull-left" style="width:180px;">
+                            <div class="progress" style="height:9px; margin:8px 0;">
+                                <div id="progressBar2" class="progress-bar progress-bar-warning" role="progressbar" aria-valuenow="5"
+                                     aria-valuemin="0" aria-valuemax="5">
+                                    <span class="sr-only">2</span>
+                                </div>
+                            </div>
+                        </div>
+                        <div id="nrOfVotes2" class="pull-right" style="margin-left:10px;">0</div>
+                    </div>
+                    <div class="pull-left">
+                        <div class="pull-left" style="width:35px; line-height:1;">
+                            <div style="height:9px; margin:5px 0;">1 <span class="glyphicon glyphicon-star"></span>
+                            </div>
+                        </div>
+
+                        <div class="pull-left" style="width:180px;">
+                            <div class="progress" style="height:9px; margin:8px 0;">
+                                <div id="progressBar1" class="progress-bar progress-bar-danger" role="progressbar" aria-valuenow="5"
+                                     aria-valuemin="0" aria-valuemax="5">
+                                    <span class="sr-only">4</span>
+                                </div>
+                            </div>
+                        </div>
+                        <div id="nrOfVotes1" class="pull-right" style="margin-left:10px;">0</div>
+                    </div>
+                </div>
+            </div>
+
+            <div class="row">
+                <div class="col-sm-7">
+                    <hr/>
+                    <div id = "voteResultMsg" class="alert alert-dismissable" style="display: none;">
+                    </div>
+                    <div class="alert alert-info">
+                        Please login or register in order to vote (comments are disabled)
+                    </div>
+                    <div class="review-block">
+                        <div class="row">
+                            <div class="col-sm-3">
+                                <img src="images/user1.png" class="img-rounded"/>
+                                <div class="review-block-name"><a href="#">nktailor</a></div>
+                                <div class="review-block-date">August 22, 2017<br/>1 day ago</div>
+                            </div>
+                            <div class="col-sm-9">
+                                <div class="review-block-rate">
+                                    <button type="button" class="btn btn-warning btn-xs" aria-label="Left Align">
+                                        <span class="glyphicon glyphicon-star" aria-hidden="true"></span>
+                                    </button>
+                                    <button type="button" class="btn btn-warning btn-xs" aria-label="Left Align">
+                                        <span class="glyphicon glyphicon-star" aria-hidden="true"></span>
+                                    </button>
+                                    <button type="button" class="btn btn-warning btn-xs" aria-label="Left Align">
+                                        <span class="glyphicon glyphicon-star" aria-hidden="true"></span>
+                                    </button>
+                                    <button type="button" class="btn btn-warning btn-xs"
+                                            aria-label="Left Align">
+                                        <span class="glyphicon glyphicon-star" aria-hidden="true"></span>
+                                    </button>
+                                    <button type="button" class="btn btn-warning btn-xs"
+                                            aria-label="Left Align">
+                                        <span class="glyphicon glyphicon-star" aria-hidden="true"></span>
+                                    </button>
+                                </div>
+                                <div class="review-block-title">WebGoat rocks!</div>
+                                <div class="review-block-description">This is a great tool to learn about security
+                                    and have some fun with a couple challenges.
+                                </div>
+                            </div>
+                        </div>
+                        <hr/>
+                        <div class="row">
+                            <div class="col-sm-3">
+                                <img src="images/user3.png" class="img-rounded"/>
+                                <div class="review-block-name"><a href="#">Sarah</a></div>
+                                <div class="review-block-date">July 29, 2017<br/>12 day ago</div>
+                            </div>
+                            <div class="col-sm-9">
+                                <div class="review-block-rate">
+                                    <button type="button" class="btn btn-warning btn-xs" aria-label="Left Align">
+                                        <span class="glyphicon glyphicon-star" aria-hidden="true"></span>
+                                    </button>
+                                    <button type="button" class="btn btn-warning btn-xs" aria-label="Left Align">
+                                        <span class="glyphicon glyphicon-star" aria-hidden="true"></span>
+                                    </button>
+                                    <button type="button" class="btn btn-warning btn-xs" aria-label="Left Align">
+                                        <span class="glyphicon glyphicon-star" aria-hidden="true"></span>
+                                    </button>
+                                    <button type="button" class="btn btn-warning btn-xs"
+                                            aria-label="Left Align">
+                                        <span class="glyphicon glyphicon-star" aria-hidden="true"></span>
+                                    </button>
+                                    <button type="button" class="btn btn-default btn-grey btn-xs"
+                                            aria-label="Left Align">
+                                        <span class="glyphicon glyphicon-star" aria-hidden="true"></span>
+                                    </button>
+                                </div>
+                                <div class="review-block-title">Nice</div>
+                                <div class="review-block-description">I liked it and learned a couple of things.
+                                    Still some bugs sometimes though.
+                                </div>
+                            </div>
+                        </div>
+                        <hr/>
+                        <div class="row">
+                            <div class="col-sm-3">
+                                <img src="images/user2.png" class="img-rounded"/>
+                                <div class="review-block-name"><a href="#">Tom</a></div>
+                                <div class="review-block-date">January 27, 2017<br/>100 days ago</div>
+                            </div>
+                            <div class="col-sm-9">
+                                <div class="review-block-rate">
+                                    <button type="button" class="btn btn-warning btn-xs" aria-label="Left Align">
+                                        <span class="glyphicon glyphicon-star" aria-hidden="true"></span>
+                                    </button>
+                                    <button type="button" class="btn btn-warning btn-xs" aria-label="Left Align">
+                                        <span class="glyphicon glyphicon-star" aria-hidden="true"></span>
+                                    </button>
+                                    <button type="button" class="btn btn-warning btn-xs" aria-label="Left Align">
+                                        <span class="glyphicon glyphicon-star" aria-hidden="true"></span>
+                                    </button>
+                                    <button type="button" class="btn btn-default btn-grey btn-xs"
+                                            aria-label="Left Align">
+                                        <span class="glyphicon glyphicon-star" aria-hidden="true"></span>
+                                    </button>
+                                    <button type="button" class="btn btn-default btn-grey btn-xs"
+                                            aria-label="Left Align">
+                                        <span class="glyphicon glyphicon-star" aria-hidden="true"></span>
+                                    </button>
+                                </div>
+                                <div class="review-block-title">WebGoat is great</div>
+                                <div class="review-block-description">WebGoat teaches you web security with some great
+                                    lessons
+                                </div>
+                            </div>
+                        </div>
+                    </div>
+                </div>
+            </div>
+
+        </div>
+
+        <br/>
+        <form class="attack-form" method="POST" name="form" action="/WebGoat/challenge/flag">
+            <div class="form-group">
+                <div class="input-group">
+                    <div class="input-group-addon"><i class="fa fa-flag-checkered" aria-hidden="true"
+                                                      style="font-size:20px"></i></div>
+                    <input type="text" class="form-control" id="flag" name="flag"
+                           placeholder="a7179f89-906b-4fec-9d99-f15b796e7208"/>
+                </div>
+                <div class="input-group" style="margin-top: 10px">
+                    <button type="submit" class="btn btn-primary">Submit flag</button>
+                </div>
+            </div>
+
+        </form>
+
+        <br/>
+        <div class="attack-feedback"></div>
+        <div class="attack-output"></div>
+    </div>
+</div>
+
+</html>
--- a/src/main/resources/lessons/challenges/i18n/WebGoatLabels.properties
+++ b/src/main/resources/lessons/challenges/i18n/WebGoatLabels.properties
@ -0,0 +1,27 @@
+challenge0.title=WebGoat Challenge
+challenge1.title=Admin lost password
+challenge2.title=Get it for free
+challenge3.title=Photo comments
+challenge5.title=Without password
+challenge6.title=Creating a new account
+challenge7.title=Admin password reset
+challenge8.title=Without account
+challenge9.title=Changing password
+challenge.solved=Congratulations, you solved the challenge. Here is your flag: {0}
+challenge.close=This is not the correct password for Larry, please try again.
+
+email.send=An e-mail has been send to {0}
+
+user.exists=User {0} already exists please try to register with a different username.
+user.created=User {0} created, please proceed to the login page.
+input.invalid=Input for user, email and/or password is empty or too long, please fill in all field and/or limit all fields to 30 characters.
+
+challenge.flag.correct=Congratulations you have solved the challenge!!
+challenge.flag.incorrect=Sorry this is not the correct flag, please try again.
+
+ip.address.unknown=IP address unknown, e-mail has been sent. 
+
+
+
+required4=Missing username or password, please specify both.
+user.not.larry=Please try to log in as Larry not {0}. 
--- a/src/main/resources/lessons/challenges/images/avatar1.png
+++ b/src/main/resources/lessons/challenges/images/avatar1.png
--- a/src/main/resources/lessons/challenges/images/boss.jpg
+++ b/src/main/resources/lessons/challenges/images/boss.jpg
--- a/src/main/resources/lessons/challenges/images/challenge1-small.png
+++ b/src/main/resources/lessons/challenges/images/challenge1-small.png
--- a/src/main/resources/lessons/challenges/images/challenge1.png
+++ b/src/main/resources/lessons/challenges/images/challenge1.png
--- a/src/main/resources/lessons/challenges/images/challenge2-small.png
+++ b/src/main/resources/lessons/challenges/images/challenge2-small.png
--- a/src/main/resources/lessons/challenges/images/challenge2.png
+++ b/src/main/resources/lessons/challenges/images/challenge2.png
--- a/src/main/resources/lessons/challenges/images/challenge3-small.png
+++ b/src/main/resources/lessons/challenges/images/challenge3-small.png
--- a/src/main/resources/lessons/challenges/images/challenge3.png
+++ b/src/main/resources/lessons/challenges/images/challenge3.png
--- a/src/main/resources/lessons/challenges/images/challenge4-small.png
+++ b/src/main/resources/lessons/challenges/images/challenge4-small.png
--- a/src/main/resources/lessons/challenges/images/challenge4.png
+++ b/src/main/resources/lessons/challenges/images/challenge4.png
--- a/src/main/resources/lessons/challenges/images/challenge5-small.png
+++ b/src/main/resources/lessons/challenges/images/challenge5-small.png
--- a/src/main/resources/lessons/challenges/images/challenge5.png
+++ b/src/main/resources/lessons/challenges/images/challenge5.png
--- a/src/main/resources/lessons/challenges/images/hi-five-cat.jpg
+++ b/src/main/resources/lessons/challenges/images/hi-five-cat.jpg
--- a/src/main/resources/lessons/challenges/images/user1.png
+++ b/src/main/resources/lessons/challenges/images/user1.png
--- a/src/main/resources/lessons/challenges/images/user2.png
+++ b/src/main/resources/lessons/challenges/images/user2.png
--- a/src/main/resources/lessons/challenges/images/user3.png
+++ b/src/main/resources/lessons/challenges/images/user3.png
--- a/src/main/resources/lessons/challenges/images/webgoat2.png
+++ b/src/main/resources/lessons/challenges/images/webgoat2.png
--- a/src/main/resources/lessons/challenges/js/bootstrap.min.js
+++ b/src/main/resources/lessons/challenges/js/bootstrap.min.js
--- a/src/main/resources/lessons/challenges/js/challenge6.js
+++ b/src/main/resources/lessons/challenges/js/challenge6.js
@ -0,0 +1,18 @@
+$(function() {
+
+    $('#login-form-link').click(function(e) {
+        $("#login-form").delay(100).fadeIn(100);
+        $("#register-form").fadeOut(100);
+        $('#register-form-link').removeClass('active');
+        $(this).addClass('active');
+        e.preventDefault();
+    });
+    $('#register-form-link').click(function(e) {
+        $("#register-form").delay(100).fadeIn(100);
+        $("#login-form").fadeOut(100);
+        $('#login-form-link').removeClass('active');
+        $(this).addClass('active');
+        e.preventDefault();
+    });
+
+});
--- a/src/main/resources/lessons/challenges/js/challenge8.js
+++ b/src/main/resources/lessons/challenges/js/challenge8.js
@ -0,0 +1,57 @@
+$(document).ready(function () {
+    loadVotes();
+    average();
+})
+
+function loadVotes() {
+    $.get("challenge/8/votes/", function (votes) {
+            var totalVotes = 0;
+            for (var i = 1; i <= 5; i++) {
+                totalVotes = totalVotes + votes[i];
+            }
+            console.log(totalVotes);
+            for (var i = 1; i <= 5; i++) {
+                var percent = votes[i] * 100 / totalVotes;
+                console.log(percent);
+                var progressBar = $('#progressBar' + i);
+                progressBar.width(Math.round(percent) * 2 + '%');
+                $("#nrOfVotes" + i).html(votes[i]);
+
+            }
+        }
+    );
+}
+
+function average() {
+    $.get("challenge/8/votes/average", function (average) {
+            for (var i = 1; i <= 5; i++) {
+                var number = average["average"];
+                $("#star" + i).removeClass('btn-warning');
+                $("#star" + i).removeClass('btn-default');
+                $("#star" + i).removeClass('btn-grey');
+
+                if (i <= number) {
+                    $("#star" + i).addClass('btn-warning');
+                } else {
+                    $("#star" + i).addClass('btn-grey');
+                }
+            }
+        }
+    );
+}
+
+
+function doVote(stars) {
+    $("#voteResultMsg").hide();
+    $.get("challenge/8/vote/" + stars, function (result) {
+        if (result["error"]) {
+            $("#voteResultMsg").addClass('alert-danger alert-dismissable');
+        } else {
+            $("#voteResultMsg").addClass('alert-success alert-dismissable');
+        }
+        $("#voteResultMsg").html(result["message"]);
+        $("#voteResultMsg").show();
+    })
+    loadVotes();
+    average();
+}
				`@ -0,0 +1 @@`
				`The admin forgot where the password is stashed, can you help?`
				`@ -0,0 +1 @@`
				`Can you login as Tom? It may be a little harder than it was for Larry.`