dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
fb2ff0177508fb08df5fbfffcf6430fead6fb274
WebGoat/src/main/resources/lessons/cryptography/html/Cryptography.html
René Zubcevic d1e44bbc98 Password reset link test condition more strict and move all WebWolf links to /WebWolf (#1645) 
* better check on host and port for password reset and make context roots more flexible

* spotless applied

* removed hardcoded /WebGoat from js

* removed hardcoded /WebGoat from js

* fix spotless

* fix scoreboard

* upgrade WebWolf bootstrap version and icons and templates - part 1

* fixed more bootstrap 5 style issues and context path issues

* organized WebSecurityConfig based on latest conventions and added basic support for oauth (more work needed)

* spotless applied

* added mock bean

* requires updates to properties - commented for now

* requires updates to properties - commented for now

* oauth secrets through env values

* user creation after oauth login

* integration test against non default context paths

* adjusted StartupMessage

* add global model element username

* conditionally show login oauth links

* fixed WebWolf login

---------

Co-authored-by: René Zubcevic <rene@Mac-mini-van-Rene.local>
2023-11-14 10:01:59 +01:00

130 lines
5.1 KiB
HTML
Raw Blame History

<!DOCTYPE html>
<html xmlns:th="http://www.thymeleaf.org">
<header>
<script>
/**
* JavaScript to load initial assignment tokens
*/
function initialise() {
$("#sha256token").load('crypto/hashing/sha256');
$("#md5token").load('crypto/hashing/md5');
$("#basicauthtoken").load('crypto/encoding/basic');
$("#privatekey").load('crypto/signing/getprivate');
}
$(document).ready(initialise);
</script>
</header>
<body>
<!-- 1. overview -->
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="~{doc:lessons/cryptography/documentation/Crypto_plan.adoc}"></div>
</div>
<!-- 2. encoding -->
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="~{doc:lessons/cryptography/documentation/encoding_plan.adoc}"></div>
<!-- 2. assignment -->
<div class="attack-container">
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
Now suppose you have intercepted the following header:<br/>
<div id="basicauthtoken" ></div><br/>
<form class="attack-form" method="POST" name="form" action="crypto/encoding/basic-auth">
Then what was the username
<input name="answer_user" value="" type="TEXT"/>
and what was the password:
<input name="answer_pwd" value="" type="TEXT"/>
<input name="SUBMIT" value="post the answer" type="SUBMIT"/>
</form>
<div class="attack-feedback"></div>
<div class="attack-output"></div>
</div>
</div>
<!-- 3. encoding xor -->
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="~{doc:lessons/cryptography/documentation/encoding_plan2.adoc}"></div>
<!-- 3. assignment xor -->
<div class="attack-container">
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
<form class="attack-form" method="POST" name="form" action="crypto/encoding/xor">
Suppose you found the database password encoded as {xor}Oz4rPj0+LDovPiwsKDAtOw==<br/>
What would be the actual password
<input name="answer_pwd1" value="" type="TEXT"/><br/>
<input name="SUBMIT" value="post the answer" type="SUBMIT"/>
</form>
<div class="attack-feedback"></div>
<div class="attack-output"></div>
</div>
</div>
<!-- 4. hashing -->
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="~{doc:lessons/cryptography/documentation/hashing_plan.adoc}"></div>
<!-- 4. weak hashing exercise -->
<div class="attack-container">
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
<form class="attack-form" method="POST" name="form" action="crypto/hashing">
Which password belongs to this hash: <div id="md5token" ></div>
<input name="answer_pwd1" value="" type="TEXT"/><br/>
Which password belongs to this hash: <div id="sha256token" ></div>
<input name="answer_pwd2" value="" type="TEXT"/>
<input name="SUBMIT" value="post the answer" type="SUBMIT"/>
</form>
<div class="attack-feedback"></div>
<div class="attack-output"></div>
</div>
</div>
<!-- 5. encryption -->
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="~{doc:lessons/cryptography/documentation/encryption.adoc}"></div>
</div>
<!-- 6. signing -->
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="~{doc:lessons/cryptography/documentation/signing.adoc}"></div>
<!-- 6. assignment -->
<div class="attack-container">
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
Now suppose you have the following private key:<br/>
<pre><div id="privatekey" ></div></pre><br/>
<form class="attack-form" method="POST" name="form" action="crypto/signing/verify">
Then what was the modulus of the public key
<input name="modulus" value="" type="TEXT"/>
and now provide a signature for us based on that modulus
<input name="signature" value="" type="TEXT"/>
<input name="SUBMIT" value="post the answer" type="SUBMIT"/>
</form>
<div class="attack-feedback"></div>
<div class="attack-output"></div>
</div>
</div>
<!-- 7. keystores -->
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="~{doc:lessons/cryptography/documentation/keystores.adoc}"></div>
</div>
<!-- 8. security defaults -->
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="~{doc:lessons/cryptography/documentation/defaults.adoc}"></div>
<!-- 8. assignment -->
<div class="attack-container">
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
<form class="attack-form" method="POST" name="form" action="crypto/secure/defaults">
What is the unencrypted message<br/>
<input name="secretText" value="" type="TEXT"/><br/>
and what is the name of the file that stored the password <br/>
<input name="secretFileName" value="" type="TEXT"/>
<input name="SUBMIT" value="post the answer" type="SUBMIT"/>
</form>
<div class="attack-feedback"></div>
<div class="attack-output"></div>
</div>
</div>
<!-- 9. postquantum -->
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="~{doc:lessons/cryptography/documentation/postquantum.adoc}"></div>
</div>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink