dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Changed the layout of the table

Browse Source
This commit is contained in:
nbaars 2014-09-16 22:09:50 +02:00
parent f69d512c1b
commit 8f2fc26aa1
2 changed files with 140 additions and 139 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

277
src/main/java/org/owasp/webgoat/lessons/PasswordStrength.java
View File

@ -59,153 +59,154 @@ import org.owasp.webgoat.session.WebSession;
public class PasswordStrength extends LessonAdapter public class PasswordStrength extends LessonAdapter
{ {
private Map<String, Password> passwords = new TreeMap<String, Password>() {{ private Map<String, Password> passwords = new TreeMap<String, Password>() {{
put("pass1", new Password("123456", "seconds", "0", "dictionary based, in top 10 most used passwords")); put("pass1", new Password("123456", "seconds", "0", "dictionary based, in top 10 most used passwords"));
put("pass2", new Password("abzfezd", "seconds", "2", "26 chars on 7 positions, 8 billion possible combinations")); put("pass2", new Password("abzfezd", "seconds", "2", "26 chars on 7 positions, 8 billion possible combinations"));
put("pass3", new Password("a9z1ezd", "seconds", "19", "26 + 10 chars on 7 positions = 78 billion possible combinations")); put("pass3", new Password("a9z1ezd", "seconds", "19", "26 + 10 chars on 7 positions = 78 billion possible combinations"));
put("pass4", new Password("aB8fEzDq", "hours", "15", "26 + 26 + 10 chars on 8 positions = 218 trillion possible combinations")); put("pass4", new Password("aB8fEzDq", "hours", "15", "26 + 26 + 10 chars on 8 positions = 218 trillion possible combinations"));
put("pass5", new Password("z8!E?7D$", "days", "20", "96 chars on 8 positions = 66 quintillion possible combinations")); put("pass5", new Password("z8!E?7D$", "days", "20", "96 chars on 8 positions = 66 quintillion possible combinations"));
put("pass6", new Password("My 1st Password!: Redd", "septillion years", "322", "96 chars on 22 positions = 40 tredecillion possible combinations")); put("pass6", new Password("My1stPassword!:Redd", "quintillion years", "364", "96 chars on 19 positions = 46 undecillion possible combinations"));
}}; }};
private class Password { private class Password {
String password; String password;
String timeUnit; String timeUnit;
String answer; String answer;
private String explanation; private String explanation;
public Password(String password, String timeUnit, String answer, String explanation) { public Password(String password, String timeUnit, String answer, String explanation) {
this.password = password; this.password = password;
this.timeUnit = timeUnit; this.timeUnit = timeUnit;
this.answer = answer; this.answer = answer;
this.explanation = explanation; this.explanation = explanation;
} }
} }
private boolean checkSolution(WebSession s) throws ParameterNotFoundException { private boolean checkSolution(WebSession s) throws ParameterNotFoundException {
boolean allCorrect = true; boolean allCorrect = true;
for ( int i = 1; i <= passwords.size(); i++ ) { for ( int i = 1; i <= passwords.size(); i++ ) {
String key = "pass" + i; String key = "pass" + i;
allCorrect = allCorrect && s.getParser().getStringParameter(key, "").equals(passwords.get(key).answer); allCorrect = allCorrect && s.getParser().getStringParameter(key, "").equals(passwords.get(key).answer);
} }
return allCorrect; return allCorrect;
} }
/** /**
* Description of the Method * Description of the Method
* *
* @param s * @param s
* Description of the Parameter * Description of the Parameter
* @return Description of the Return Value * @return Description of the Return Value
*/ */
protected Element createContent(WebSession s) protected Element createContent(WebSession s)
{ {
ElementContainer ec = new ElementContainer(); ElementContainer ec = new ElementContainer();
try try
{ {
if (checkSolution(s)) if (checkSolution(s))
{ {
makeSuccess(s); makeSuccess(s);
ec.addElement(new BR()); ec.addElement(new BR());
ec.addElement(new StringElement("As a guideline not bound to a single solution.")); ec.addElement(new StringElement("As a guideline not bound to a single solution."));
ec.addElement(new BR()); ec.addElement(new BR());
ec.addElement(new StringElement("Assuming the calculations per second 4 billion: ")); ec.addElement(new StringElement("Assuming the calculations per second 4 billion: "));
ec.addElement(new BR()); ec.addElement(new BR());
OL ol = new OL(); OL ol = new OL();
for ( Password password : passwords.values()) { for ( Password password : passwords.values()) {
ol.addElement(new LI(String.format("%s - %s %s (%s)", password.password, password.answer, password.timeUnit, password.explanation))); ol.addElement(new LI(String.format("%s - %s %s (%s)", password.password, password.answer, password.timeUnit, password.explanation)));
} }
ec.addElement(ol); ec.addElement(ol);
} else } else
{ {
ec.addElement(new BR()); ec.addElement(new BR());
ec.addElement(new StringElement("How much time would a desktop PC take to crack these passwords?")); ec.addElement(new StringElement("How much time would a desktop PC take to crack these passwords?"));
ec.addElement(new BR()); ec.addElement(new BR());
ec.addElement(new BR()); ec.addElement(new BR());
Table table = new Table(); Table table = new Table();
for ( Entry<String, Password> entry : passwords.entrySet()) { for ( Entry<String, Password> entry : passwords.entrySet()) {
TR tr = new TR(); TR tr = new TR();
TD td1 = new TD(); TD td1 = new TD();
TD td2 = new TD(); TD td2 = new TD();
Input input1 = new Input(Input.TEXT, entry.getKey(), ""); Input input1 = new Input(Input.TEXT, entry.getKey(), "");
td1.addElement(new StringElement("Password = " + entry.getValue().password)); td1.addElement(new StringElement("Password = " + entry.getValue().password));
td2.addElement(input1); td1.setWidth("50%");
td2.addElement(new StringElement(" " + entry.getValue().timeUnit)); td2.addElement(input1);
tr.addElement(td1); td2.addElement(new StringElement(" " + entry.getValue().timeUnit));
tr.addElement(td2); tr.addElement(td1);
table.addElement(tr); tr.addElement(td2);
} table.addElement(tr);
ec.addElement(table); }
ec.addElement(new BR()); ec.addElement(table);
ec.addElement(new BR()); ec.addElement(new BR());
Div div = new Div(); ec.addElement(new BR());
div.addAttribute("align", "center"); Div div = new Div();
Element b = ECSFactory.makeButton("Go!"); div.addAttribute("align", "center");
div.addElement(b); Element b = ECSFactory.makeButton("Go!");
ec.addElement(div); div.addElement(b);
} ec.addElement(div);
} catch (Exception e) }
{ } catch (Exception e)
s.setMessage("Error generating " + this.getClass().getName()); {
e.printStackTrace(); s.setMessage("Error generating " + this.getClass().getName());
} e.printStackTrace();
}
return (ec); return (ec);
} }
/** /**
* Gets the hints attribute of the HelloScreen object * Gets the hints attribute of the HelloScreen object
* *
* @return The hints value * @return The hints value
*/ */
public List<String> getHints(WebSession s) public List<String> getHints(WebSession s)
{ {
List<String> hints = new ArrayList<String>(); List<String> hints = new ArrayList<String>();
hints.add("Copy the passwords into the code checker."); hints.add("Copy the passwords into the code checker.");
return hints; return hints;
} }
/** /**
* Gets the ranking attribute of the HelloScreen object * Gets the ranking attribute of the HelloScreen object
* *
* @return The ranking value * @return The ranking value
*/ */
private final static Integer DEFAULT_RANKING = new Integer(6); private final static Integer DEFAULT_RANKING = new Integer(6);
protected Integer getDefaultRanking() protected Integer getDefaultRanking()
{ {
return DEFAULT_RANKING; return DEFAULT_RANKING;
} }
protected Category getDefaultCategory() protected Category getDefaultCategory()
{ {
return Category.AUTHENTICATION; return Category.AUTHENTICATION;
} }
public String getInstructions(WebSession s) public String getInstructions(WebSession s)
{ {
String instructions = "The accounts of your web application are only as save as the passwords. " String instructions = "The accounts of your web application are only as save as the passwords. "
+ "For this exercise, your job is to test several passwords on <a href=\"https://howsecureismypassword.net\" target=\"_blank\">https://howsecureismypassword.net</a>. " + "For this exercise, your job is to test several passwords on <a href=\"https://howsecureismypassword.net\" target=\"_blank\">https://howsecureismypassword.net</a>. "
+ " You must test all 6 passwords at the same time...<br>" + " You must test all 6 passwords at the same time...<br>"
+ "<b> On your applications you should set good password requirements! </b>"; + "<b> On your applications you should set good password requirements! </b>";
return (instructions); return (instructions);
} }
/** /**
* Gets the title attribute of the HelloScreen object * Gets the title attribute of the HelloScreen object
* *
* @return The title value * @return The title value
*/ */
public String getTitle() public String getTitle()
{ {
return ("Password Strength"); return ("Password Strength");
} }
public Element getCredits() public Element getCredits()
{ {
return super.getCustomCredits("Created by: Reto Lippuner, Marcel Wirth", new StringElement("")); return super.getCustomCredits("Created by: Reto Lippuner, Marcel Wirth", new StringElement(""));
} }
} }

2
src/main/webapp/lesson_solutions_1/PasswordStrength.html
View File

@ -31,7 +31,7 @@ Password = abzfezd: <font color="#ff0000">2</font> seconds<br>
Password = a9z1ezd: <font color="#ff0000">19</font> seconds<br> Password = a9z1ezd: <font color="#ff0000">19</font> seconds<br>
Password = aB8fEzDq: <font color="#ff0000">15</font> hours<br> Password = aB8fEzDq: <font color="#ff0000">15</font> hours<br>
Password = z8!E?7: <font color="#ff0000">20</font> days<br> Password = z8!E?7: <font color="#ff0000">20</font> days<br>
Password = My 1st Password!: Redd: <font color="#ff0000">322</font> septillion years<br> Password = My1stPassword!:Redd: <font color="#ff0000">364</font> quintillion years<br>
<br><br><br> <br><br><br>
</body> </body>
</html> </html>