diff --git a/java/org/owasp/webgoat/lessons/ChallengeSonatypeScreen.java b/java/org/owasp/webgoat/lessons/ChallengeSonatypeScreen.java
deleted file mode 100644
index 384f5610f..000000000
--- a/java/org/owasp/webgoat/lessons/ChallengeSonatypeScreen.java
+++ /dev/null
@@ -1,932 +0,0 @@
-
-package org.owasp.webgoat.lessons;
-
-import java.io.BufferedReader;
-import java.io.File;
-import java.io.FileReader;
-import java.io.FileWriter;
-import java.io.OutputStreamWriter;
-import java.net.DatagramPacket;
-import java.net.DatagramSocket;
-import java.net.InetAddress;
-import java.net.Socket;
-import java.net.URLDecoder;
-import java.sql.Connection;
-import java.sql.ResultSet;
-import java.sql.Statement;
-import java.util.ArrayList;
-import java.util.List;
-import java.util.StringTokenizer;
-import java.util.Vector;
-import javax.servlet.http.Cookie;
-import org.apache.ecs.Element;
-import org.apache.ecs.ElementContainer;
-import org.apache.ecs.StringElement;
-import org.apache.ecs.html.B;
-import org.apache.ecs.html.BR;
-import org.apache.ecs.html.Center;
-import org.apache.ecs.html.H1;
-import org.apache.ecs.html.HR;
-import org.apache.ecs.html.IFrame;
-import org.apache.ecs.html.IMG;
-import org.apache.ecs.html.Input;
-import org.apache.ecs.html.P;
-import org.apache.ecs.html.TD;
-import org.apache.ecs.html.TH;
-import org.apache.ecs.html.TR;
-import org.apache.ecs.html.Table;
-import org.owasp.webgoat.session.DatabaseUtilities;
-import org.owasp.webgoat.session.ECSFactory;
-import org.owasp.webgoat.session.WebSession;
-import org.owasp.webgoat.util.Exec;
-import org.owasp.webgoat.util.ExecResults;
-
-
-/***************************************************************************************************
- *
- *
- * This file is part of WebGoat, an Open Web Application Security Project utility. For details,
- * please see http://www.owasp.org/
- *
- * Copyright (c) 2002 - 2007 Bruce Mayhew
- *
- * This program is free software; you can redistribute it and/or modify it under the terms of the
- * GNU General Public License as published by the Free Software Foundation; either version 2 of the
- * License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
- * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along with this program; if
- * not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
- * 02111-1307, USA.
- *
- * Getting Source ==============
- *
- * Source for this application is maintained at code.google.com, a repository for free software
- * projects.
- *
- * For details, please see http://code.google.com/p/webgoat/
- *
- * @author Bruce Mayhew WebGoat
- * @created October 28, 2003
- */
-public class ChallengeSonatypeScreen extends SequentialLessonAdapter
-{
- private static final String USER_COOKIE = "user";
-
- private static final String JSP = ".jsp";
-
- private static final String WEBGOAT_CHALLENGE = "webgoat_challenge";
-
- private static final String WEBGOAT_CHALLENGE_JSP = WEBGOAT_CHALLENGE + JSP;
-
- private static final String PROCEED_TO_NEXT_STAGE = "Proceed to the next stage...";
-
- /**
- * Description of the Field
- */
- protected final static String CREDIT = "Credit";
-
- /**
- * Description of the Field
- */
- protected final static String PROTOCOL = "File";
-
- /**
- * Description of the Field
- */
- protected final static String MESSAGE = "Message";
-
- /**
- * Description of the Field
- */
- protected final static String PARAM = "p";
-
- /**
- * Description of the Field
- */
- protected final static String PASSWORD = "Password";
-
- /**
- * Description of the Field
- */
- protected final static String USER = "user";
-
- /**
- * Description of the Field
- */
- protected final static String USERNAME = "Username";
-
- private String pass = "CLM-NP-makesyoustrong";
-
- private String user = "youaretheweakestlink";
-
- private String instructions = "";
-
- /**
- * Description of the Method
- *
- * @param s
- * Description of the Parameter
- * @return Description of the Return Value
- */
- protected Element createContent(WebSession s)
- {
- return super.createStagedContent(s);
- }
-
- /**
- * Determine the username and password
- *
- * @param s
- * Description of the Parameter
- * @return Description of the Return Value
- * @exception Exception
- * Description of the Exception
- */
- protected Element doStage1(WebSession s) throws Exception
- {
-
- instructions = "Your mission is to get the username and password from the WebGoat source code in order to authenticate.";
-
- setStage(s, 1);
-
- String username = s.getParser().getRawParameter(USERNAME, "");
- String password = s.getParser().getRawParameter(PASSWORD, "");
-
- if (username.equals(user) && password.equals("goodbye"))
- {
- s.setMessage("I think you are cheating and looking at the repository source code...");
- }
- else if (username.equals(user) && password.equals(pass))
- {
- s.setMessage("Welcome to stage 2 -- get credit card numbers!");
- setStage(s, 2);
-
- return (doStage2(s));
- }
-
- s.setMessage("Invalid login");
-
- ElementContainer ec = new ElementContainer();
- ec.addElement(makeLogin(s));
-
- //
- // these are red herrings for the first stage
- Input input = new Input(Input.HIDDEN, USER, user);
- ec.addElement(input);
-
- // This is another red herring
- Cookie newCookie = new Cookie(USER_COOKIE, Encoding.base64Encode(user));
- s.getResponse().addCookie(newCookie);
-
-
- Cookie newCookie2 = new Cookie(USER_COOKIE, Encoding.base64Encode(user));
- s.getResponse().addCookie(newCookie2);
-
- // if someone has a sniffer - give it to them
- phoneHome(s, "User: " + username + " --> " + "Pass: " + password);
- //
-
- return (ec);
- }
-
- // get creditcards from database
-
- /**
- * Description of the Method
- *
- * @param s
- * Description of the Parameter
- * @return Description of the Return Value
- * @exception Exception
- * Description of the Exception
- */
- protected Element doStage2(WebSession s) throws Exception
- {
-
- instructions = "Your mission is to steal all the credit cards from the database. ";
-
- //
-
- Cookie newCookie = new Cookie(USER_COOKIE, Encoding.base64Encode(user));
- s.getResponse().addCookie(newCookie);
-
- ElementContainer ec = new ElementContainer();
- if (s.getParser().getStringParameter(Input.SUBMIT, "").equals(PROCEED_TO_NEXT_STAGE + "(3)"))
- {
- s.setMessage("Welcome to stage 3 -- deface the site");
- setStage(s, 3);
- // Reset the defaced webpage so the lesson can start over
- resetWebPage(s);
- return doStage3(s);
- }
-
- Connection connection = DatabaseUtilities.getConnection(s);
-
- Statement statement3 = connection
- .createStatement(ResultSet.TYPE_SCROLL_INSENSITIVE, ResultSet.CONCUR_READ_ONLY);
-
- // pull the USER_COOKIE_UID from the cookies
- String cookie = URLDecoder.decode(getCookie(s),"utf-8");
-
- String user = Encoding.base64Decode(cookie);
- String query = "SELECT * FROM user_data WHERE last_name = '" + user + "'";
- Vector v = new Vector();
-
- try
- {
- ResultSet results = statement3.executeQuery(query);
-
- while (results.next())
- {
- String type = results.getString("cc_type");
- String num = results.getString("cc_number");
- v.addElement(type + "-" + num);
- }
- if (v.size() != 13)
- {
- s.setMessage("Try to get all the credit card numbers");
- }
-
- ec.addElement(buildCart(s));
-
- Table t = new Table().setCellSpacing(0).setCellPadding(2).setBorder(0).setWidth("90%").setAlign("center");
-
- ec.addElement(new BR());
- TR tr = new TR();
- tr.addElement(new TD().addElement("Please select credit card for this purchase: "));
- Element p = ECSFactory.makePulldown(CREDIT, v);
- tr.addElement(new TD().addElement(p).setAlign("right"));
- t.addElement(tr);
-
- tr = new TR();
- Element b = ECSFactory.makeButton("Buy Now!");
- tr.addElement(new TD().addElement(b));
- t.addElement(tr);
- ec.addElement(t);
-
- ec.addElement(new BR());
- Input input = new Input(Input.HIDDEN, USER, user);
- ec.addElement(input);
-
- // STAGE 3 BUTTON
- if (v.size() == 13)
- {
- s.setMessage("Congratulations! You stole all the credit cards, proceed to stage 3!");
- s.setMessage(" - Look in the credit card pull down to see the numbers.");
- ec.addElement(new BR());
- // TR inf = new TR();
- Center center = new Center();
- Element proceed = ECSFactory.makeButton(PROCEED_TO_NEXT_STAGE + "(3)");
- center.addElement(proceed);
- // inf.addElement(new TD().addElement(proceed).setAlign("center"));
- ec.addElement(center);
- }
-
- } catch (Exception e)
- {
- s.setMessage("An error occurred in the woods");
- }
-
- return (ec);
- //
- }
-
- /**
- * Description of the Method
- *
- * @param s
- * Description of the Parameter
- * @return Description of the Return Value
- * @exception Exception
- * Description of the Exception
- */
- /*
- * (non-Javadoc)
- * @see lessons.LessonAdapter#doStage3(session.WebSession)
- */
- protected Element doStage3(WebSession s) throws Exception
- {
- instructions = "Your mission is to deface this website. Your main website jsp, which is rendered below, is contained in "
- + "'webgoat_challenge_" + s.getUserName() + JSP + "'. To overwrite 'webgoat_challenge_" + s.getUserName() + JSP
- + "' you will need to use many of the techniques you have learned in the other lessons. ";
-
- //
-
- ElementContainer ec = new ElementContainer();
- if (s.getParser().getStringParameter(Input.SUBMIT, "").equals(PROCEED_TO_NEXT_STAGE + "(4)"))
- {
- setStage(s, 4);
- // Reset the defaced webpage so the lesson can start over
- resetWebPage(s);
- return doStage4(s);
- }
-
- // execute the possible attack first to determine if site is defaced.
- ElementContainer netstatResults = getNetstatResults(s);
- if (isDefaced(s))
- {
- ec.addElement(new HR());
- s.setMessage("CONGRATULATIONS - You have defaced the site!");
- Table t = new Table().setCellSpacing(0).setCellPadding(2).setWidth("90%").setAlign("center");
- if (s.isColor())
- {
- t.setBorder(1);
- }
- TR tr = new TR();
- tr.addElement(new TD().setAlign("center").addElement(ECSFactory.makeButton(PROCEED_TO_NEXT_STAGE + "(4)")));
- t.addElement(tr);
- tr = new TR();
- tr.addElement(new TD().addElement(showDefaceAttempt(s)));
- t.addElement(tr);
- ec.addElement(t);
- return ec;
- }
- else
- {
- // Setup the screen content
- try
- {
- ec.addElement(new H1("Current Network Status (limited to 10 rows):"));
- ec.addElement(netstatResults);
-
- Table t = new Table().setCellSpacing(0).setCellPadding(2).setWidth("90%").setAlign("center");
- if (s.isColor())
- {
- t.setBorder(1);
- }
- String[] list = { "tcp", "udp" };
- //String[] list = { "inet", "inet6", "ax25", "netrom", "ipx", "ddp", "x25" };
-
- TR tr = new TR();
- tr.addElement(new TD().addElement(ECSFactory.makeButton("View Network")));
- tr.addElement(new TD().setWidth("35%").addElement(ECSFactory.makePulldown(PROTOCOL, list, "", 2)));
- t.addElement(tr);
-
- ec.addElement(t);
- } catch (Exception e)
- {
- ec.addElement(new P().addElement("Error in obtaining network status"));
- }
-
- ec.addElement(new HR());
- Table t = new Table().setCellSpacing(0).setCellPadding(2).setWidth("90%").setAlign("center");
- if (s.isColor())
- {
- t.setBorder(1);
- }
- TR tr = new TR();
- tr.addElement(new TD().addElement(showDefaceAttempt(s)));
- t.addElement(tr);
- ec.addElement(t);
- }
- return (ec);
- //
- }
-
- private boolean isDefaced(WebSession s)
- {
- //
- boolean defaced = false;
- try
- {
- // get current text and compare to the new text
- String origpath = s.getContext().getRealPath(WEBGOAT_CHALLENGE + "_" + s.getUserName() + JSP);
- String masterFilePath = s.getContext().getRealPath(WEBGOAT_CHALLENGE_JSP);
- String defacedText = getFileText(new BufferedReader(new FileReader(origpath)), false);
- String origText = getFileText(new BufferedReader(new FileReader(masterFilePath)), false);
-
- defaced = (!origText.equals(defacedText));
- } catch (Exception e)
- {
- e.printStackTrace();
- }
- return defaced;
- //
- }
-
- private Element showDefaceAttempt(WebSession s) throws Exception
- {
- ElementContainer ec = new ElementContainer();
-
- // show webgoat.jsp text
- ec.addElement(new H1().addElement("Original Website Text"));
- ec.addElement(new IFrame().setHeight("500").setWidth("100%").setSrc(s.getRequest().getContextPath() + "/" + WEBGOAT_CHALLENGE_JSP));
- ec.addElement(new HR());
- ec.addElement(new H1().addElement("Defaced Website Text"));
- ec.addElement(new IFrame().setHeight("500").setWidth("100%").setSrc(
- s.getRequest().getContextPath() + "/" + WEBGOAT_CHALLENGE + "_"
- + s.getUserName() + JSP));
- ec.addElement(new HR());
-
- return ec;
- }
-
- private void resetWebPage(WebSession s)
- {
- try
- {
- // get current text and overwrite the potential defaced file
- String defacedpath = s.getContext().getRealPath(WEBGOAT_CHALLENGE + "_" + s.getUserName() + JSP);
- String masterFilePath = s.getContext().getRealPath(WEBGOAT_CHALLENGE_JSP);
-
- // replace the defaced text with the original
- File usersFile = new File(defacedpath);
- FileWriter fw = new FileWriter(usersFile);
- fw.write(getFileText(new BufferedReader(new FileReader(masterFilePath)), false));
- fw.close();
- // System.out.println("webgoat_guest replaced: " + getFileText( new
- // BufferedReader( new FileReader( defacedpath ) ), false ) );
-
- } catch (Exception e)
- {
- e.printStackTrace();
- }
- }
-
- protected Category getDefaultCategory()
- {
- return Category.CHALLENGE;
- }
-
- /**
- * Description of the Method
- *
- * @param s
- * Description of the Parameter
- * @return Description of the Return Value
- * @exception Exception
- * Description of the Exception
- */
- protected Element doStage4(WebSession s) throws Exception
- {
- makeSuccess(s);
- ElementContainer ec = new ElementContainer();
- ec.addElement(new H1().addElement("Thanks for coming!"));
- ec.addElement(new BR());
- ec.addElement(new H1()
- .addElement("Please remember that you will be caught and fired if you use these techniques for evil."));
- ec.addElement(new BR());
- ec.addElement(new H1()
- .addElement("Team " + s.getUserName() + " this is your flag. Protect it!"));
- ec.addElement(new BR());
- ec.addElement(new IMG("images/CTF/" + s.getUserName() + ".png").setAlt(s.getUserName()).setBorder(0).setHspace(0).setVspace(0));
-
- String port = "0";
- if (s.getUserName().equals("snowwhite"))
- {
- port = "7613";
- }
- else if (s.getUserName().equals("rapunzel"))
- {
- port = "6389";
- }
- else if (s.getUserName().equals("ariel"))
- {
- port = "8722";
- }
- else if (s.getUserName().equals("jasmine"))
- {
- port = "8634";
- }
- else if (s.getUserName().equals("maleficent"))
- {
- port = "7342";
- }
- else if (s.getUserName().equals("pocahontas"))
- {
- port = "8899";
- }
- else if (s.getUserName().equals("mulan"))
- {
- port = "9837";
- }
- else if (s.getUserName().equals("ursula"))
- {
- port = "8793";
- }
- else if (s.getUserName().equals("tinkerbell"))
- {
- port = "8383";
- }
- else if (s.getUserName().equals("cinderella"))
- {
- port = "8666";
- }
- //ServerInfo("7613","snowwhite","/home/snowwhite/web/apache-tomcat-7.0.32","8007","8021","8445");
- //ServerInfo("6389","rapunzel","/home/rapunzel/tomcat/apache-tomcat-7.0.32","8008","8022","8446");
- //ServerInfo("8722","ariel","/home/ariel/stuff/apache-tomcat-7.0.32","8006","8020","8444");
- //ServerInfo("8634","jasmine","/home/jasmine/root/apache-tomcat-7.0.32","8010","8023","8447");
- //ServerInfo("7342","maleficent","/home/maleficent/repos/apache-tomcat-7.0.32","8011","8024","8448");
- //ServerInfo("8899","pocahontas","/home/pocahontas/samples/apache-tomcat-7.0.32","8012","8025","8449");
- //ServerInfo("9837","mulan","/home/mulan/webroot/apache-tomcat-7.0.32","8013","8026","8050");
- //ServerInfo("8793","ursula","/home/ursula/test/apache-tomcat-7.0.32","8014","8027","8051");
- //ServerInfo("8383","tinkerbell","/home/tinkerbell/apps/apache-tomcat-7.0.32","8015","8028","8052");
- //ServerInfo("8666","cinderella","/home/cinderella/webapps/apache-tomcat-7.0.32","8016","8029","8053");
- ec.addElement(new BR());
- ec.addElement(new H1()
- .addElement("Team " + s.getUserName() + " your CTF port is: " + port + ". Exploit it!"));
-
- return (ec);
- }
-
- /**
- * Description of the Method
- *
- * @param s
- * Description of the Parameter
- * @return Description of the Return Value
- * @exception Exception
- * Description of the Exception
- */
- protected Element doStage5(WebSession s) throws Exception
- {
- //
- ElementContainer ec = new ElementContainer();
- return (ec);
- //
- }
-
- /**
- * Description of the Method
- *
- * @param s
- * Description of the Parameter
- * @return Description of the Return Value
- * @exception Exception
- * Description of the Exception
- */
- protected Element doStage6(WebSession s) throws Exception
- {
- return (new StringElement("not yet"));
- }
-
- /**
- * Gets the hints attribute of the ChallengeScreen object
- *
- * @return The hints value
- */
- protected List getHints(WebSession s)
- {
- //
-
- List hints = new ArrayList();
- hints.add("Seriously, no hints -- it's a CHALLENGE! Hints will cost you CTF Points");
- hints.add("Really, you want a hint -- The next hint will cost you 1 CTF point");
- hints.add("You need to gain access to the Java source code for this lesson. Use the Show Java button.");
- hints.add("OK, you're struggling... -- The next hint will cost you 3 CTF points");
- hints.add("Use SQL Injection, the cookie is base64 encoded.");
- hints.add("Wow!, keep your day job. You are not a hacker... -- The next hint will cost you 6 CTF points");
- hints.add("Use Command Injection on the protocol. pwd, find are useful commands. The output only returns 10 rows. Be Clever");
- hints.add("Seriously, no more hints -- it's a CHALLENGE!");
- hints.add("Come on -- give it a rest!");
-
- return hints;
-
- //
- }
-
- protected Element makeLogin(WebSession s)
- {
- ElementContainer ec = new ElementContainer();
-
- ec.addElement(new H1().addElement("Sign In "));
- Table t = new Table().setCellSpacing(0).setCellPadding(2).setBorder(0).setWidth("90%").setAlign("center");
-
- if (s.isColor())
- {
- t.setBorder(1);
- }
-
- TR tr = new TR();
- tr.addElement(new TH()
- .addElement("Please sign in to your account. See the OWASP admin if you do not have an account.")
- .setColSpan(2).setAlign("left"));
- t.addElement(tr);
-
- tr = new TR();
- tr.addElement(new TD().addElement("*Required Fields").setWidth("30%"));
- t.addElement(tr);
-
- tr = new TR();
- tr.addElement(new TD().addElement(" ").setColSpan(2));
- t.addElement(tr);
-
- TR row1 = new TR();
- TR row2 = new TR();
- row1.addElement(new TD(new B(new StringElement("*User Name: "))));
- row2.addElement(new TD(new B(new StringElement("*Password: "))));
-
- Input input1 = new Input(Input.TEXT, USERNAME, "");
- Input input2 = new Input(Input.PASSWORD, PASSWORD, "");
- row1.addElement(new TD(input1));
- row2.addElement(new TD(input2));
- t.addElement(row1);
- t.addElement(row2);
-
- Element b = ECSFactory.makeButton("Login");
- t.addElement(new TR(new TD(b)));
- ec.addElement(t);
-
- return (ec);
- }
-
- /**
- * Gets the instructions attribute of the ChallengeScreen object
- *
- * @return The instructions value
- */
- public String getInstructions(WebSession s)
- {
- // each stage will load it's instructions
-
- return (instructions);
- }
-
- /**
- * Gets the ranking attribute of the ChallengeScreen object
- *
- * @return The ranking value
- */
- protected Integer getDefaultRanking()
- {
- return new Integer(135);
- }
-
- /**
- * This is a deliberate 'backdoor' that would send user name and password back to the remote
- * host. Obviously, sending the password back to the remote host isn't that useful but... you
- * get the idea
- *
- * @param s
- * Description of the Parameter
- * @param message
- * Description of the Parameter
- */
- protected void phoneHome(WebSession s, String message)
- {
- try
- {
- InetAddress addr = InetAddress.getByName(s.getRequest().getRemoteHost());
- DatagramPacket dp = new DatagramPacket(message.getBytes(), message.length());
- DatagramSocket sock = new DatagramSocket();
- sock.connect(addr, 1234);
- sock.send(dp);
- sock.close();
- } catch (Exception e)
- {
- System.out.println("Couldn't phone home");
- e.printStackTrace();
- }
- }
-
- /**
- * Gets the title attribute of the ChallengeScreen object
- *
- * @return The title value
- */
- public String getTitle()
- {
- return ("The Sonatype CHALLENGE!");
- }
-
- /**
- * Description of the Method
- *
- * @param text
- * Description of the Parameter
- * @return Description of the Return Value
- */
- protected ElementContainer getNetstatResults(WebSession s)
- {
- //
-
- ElementContainer ec = new ElementContainer();
-
- Table t = new Table().setCellSpacing(0).setCellPadding(2).setBorder(1).setWidth("80%").setAlign("center");
-
- if (s.isColor())
- {
- t.setBorder(1);
- }
-
- String[] colWidths = new String[] { "55", "110", "260", "70" };
- TR tr = new TR();
- tr.addElement(new TH().addElement("Protocol").setWidth(colWidths[0]));
- tr.addElement(new TH().addElement("Local Address").setWidth(colWidths[1]));
- tr.addElement(new TH().addElement("Foreign Address").setWidth(colWidths[2]));
- tr.addElement(new TH().addElement("State").setWidth(colWidths[3]));
- t.addElement(tr);
-
- String protocol = s.getParser().getRawParameter(PROTOCOL, "tcp");
-
- String osName = System.getProperty("os.name");
- // System.out.println("os.name= " + osName);
-
- if (protocol.indexOf("rm") != -1 || protocol.indexOf("webgoat_challenge.jsp") != -1)
- {
- s.setMessage("Play nice - please don't try to hack the environment");
- protocol = "tcp";
- }
-
- ExecResults er = null;
- if (osName.indexOf("Windows") != -1)
- {
- String cmd = "cmd.exe /c netstat -ant -p " + protocol;
- er = Exec.execSimple(cmd);
- }
- else if (osName.indexOf("Mac OS X") != -1)
- {
- String[] macCmd = { "/bin/sh", "-c", "netstat -an -p " + protocol };
- er = Exec.execSimple(macCmd);
- }
- else
- {
- // allows for command injection by defaulting to user input
- if ( protocol.startsWith("tcp"))
- {
- protocol = protocol.replace("tcp", "-t");
- }
- else if (protocol.startsWith("udp"))
- {
- protocol = protocol.replace("udp", "-u");
- }
-
- String[] cmd = { "/bin/sh", "-c", "netstat -an " + protocol };
- er = Exec.execSimple(cmd);
- }
-
- String results = er.getOutput();
- StringTokenizer lines = new StringTokenizer(results, "\n");
- String line = lines.nextToken();
- // System.out.println(line);
- int start = 0;
- while (start == 0 && lines.hasMoreTokens())
- {
- if ((line.indexOf("Proto") != -1))
- {
- start++;
- }
- else
- {
- line = lines.nextToken();
- }
- }
-
- // This is what is being parsed
- //
- // Active Internet connections (servers and established)
- // Proto Recv-Q Send-Q Local Address Foreign Address State
- // tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
- // tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
-
- int read10 = 10;
- while (start > 0 && lines.hasMoreTokens() && read10-- > 0)
- {
- // in order to avoid a ill-rendered screen when the user performs
- // command injection, we will wrap the screen at 4 columns
- int columnCount = 0;
- tr = new TR();
- TD td;
- StringTokenizer tokens = new StringTokenizer(lines.nextToken(), "\t ");
- while (tokens.hasMoreTokens() && columnCount < 5)
- {
- td = new TD().setWidth(colWidths[columnCount++]);
- tr.addElement(td.addElement(tokens.nextToken()));
- // throw away token 1 and 2
- if (columnCount == 1)
- {
- if (tokens.hasMoreTokens() ) tokens.nextToken();
- if (tokens.hasMoreTokens() ) tokens.nextToken();
- }
- }
- t.addElement(tr);
- }
- // parse the results
- ec.addElement(t);
- return (ec);
- //
-
- }
-
- /**
- * Description of the Method
- *
- * @param s
- * Description of the Parameter
- * @return Description of the Return Value
- */
- protected Element makeClues(WebSession s)
- {
- return new StringElement("Clues not Available :)");
- }
-
- protected Element makeHints(WebSession s)
- {
- return new StringElement("Hint: Find the hints");
- }
-
- /**
- * Description of the Method
- *
- * @param s
- * Description of the Parameter
- * @param message
- * Description of the Parameter
- */
- protected void sendMessage(Socket s, String message)
- {
- try
- {
- OutputStreamWriter osw = new OutputStreamWriter(s.getOutputStream());
- osw.write(message);
- } catch (Exception e)
- {
- // System.out.println("Couldn't write " + message + " to " + s);
- e.printStackTrace();
- }
- }
-
- protected Element buildCart(WebSession s)
- {
- ElementContainer ec = new ElementContainer();
-
- ec.addElement(new HR().setWidth("90%"));
- ec.addElement(new Center().addElement(new H1().addElement("Shopping Cart ")));
- Table t = new Table().setCellSpacing(0).setCellPadding(2).setBorder(1).setWidth("90%").setAlign("center");
-
- if (s.isColor())
- {
- t.setBorder(1);
- }
-
- TR tr = new TR();
- tr.addElement(new TH().addElement("Shopping Cart Items -- To Buy Now").setWidth("80%"));
- tr.addElement(new TH().addElement("Price:").setWidth("10%"));
- tr.addElement(new TH().addElement("Quantity:").setWidth("3%"));
- tr.addElement(new TH().addElement("Total").setWidth("7%"));
- t.addElement(tr);
-
- tr = new TR();
- tr.addElement(new TD().addElement("Sympathy Bouquet"));
- tr.addElement(new TD().addElement("59.99").setAlign("right"));
- tr.addElement(new TD().addElement(" 1 ").setAlign("right"));
- tr.addElement(new TD().addElement("59.99"));
- t.addElement(tr);
-
- ec.addElement(t);
-
- t = new Table().setCellSpacing(0).setCellPadding(2).setBorder(0).setWidth("90%").setAlign("center");
-
- if (s.isColor())
- {
- t.setBorder(1);
- }
-
- ec.addElement(new BR());
- tr = new TR();
- tr.addElement(new TD().addElement("The total charged to your credit card:"));
- tr.addElement(new TD().addElement("59.99"));
- t.addElement(tr);
-
- ec.addElement(t);
-
- return (ec);
- }
-
- /**
- * Gets the credits attribute of the AbstractLesson object
- *
- * @return The credits value
- */
- public Element getCredits()
- {
- IMG ctf_logo = new IMG("images/CTF/ctf_samurai.png");
- ctf_logo.setHeight(65);
- ctf_logo.setWidth(93);
- ctf_logo.setAlt("CTF");
- return super.getCustomCredits(" ", ctf_logo);
- }
-
- /**
- * Gets the cookie attribute of the CookieScreen object
- *
- * @param s
- * Description of the Parameter
- * @return The cookie value
- */
- protected String getCookie(WebSession s)
- {
- Cookie[] cookies = s.getRequest().getCookies();
-
- for (int i = 0; i < cookies.length; i++)
- {
- if (cookies[i].getName().equalsIgnoreCase(USER_COOKIE)) { return (cookies[i].getValue()); }
- }
-
- return (null);
- }
-}