From 9981e43039f426dba710b9baff29c8dd69931059 Mon Sep 17 00:00:00 2001 From: Gabriel Mocanu Date: Tue, 4 Jul 2023 23:51:28 +0300 Subject: [PATCH 01/14] task: Add cockroach public source code and deployment Add cockroach public source code and deployment Signed-off-by: Gabriel Mocanu --- .../activities/cockroach/README.md | 19 +++++++++++++++++++ .../activities/cockroach/deploy/Dockerfile | 10 ++++++++++ .../activities/cockroach/deploy/Makefile | 6 ++++++ .../activities/cockroach/flag | 1 + .../activities/cockroach/src/main.template.py | 14 ++++++++++++++ .../activities/cockroach/src/requirements.txt | 6 ++++++ 6 files changed, 56 insertions(+) create mode 100644 web-basics-browser-security-model/activities/cockroach/README.md create mode 100644 web-basics-browser-security-model/activities/cockroach/deploy/Dockerfile create mode 100644 web-basics-browser-security-model/activities/cockroach/deploy/Makefile create mode 100644 web-basics-browser-security-model/activities/cockroach/flag create mode 100644 web-basics-browser-security-model/activities/cockroach/src/main.template.py create mode 100644 web-basics-browser-security-model/activities/cockroach/src/requirements.txt diff --git a/web-basics-browser-security-model/activities/cockroach/README.md b/web-basics-browser-security-model/activities/cockroach/README.md new file mode 100644 index 00000000..26b50938 --- /dev/null +++ b/web-basics-browser-security-model/activities/cockroach/README.md @@ -0,0 +1,19 @@ +# Name + +Web: Web basics and browser security model: Cockroach + +## Description + +Get the flag from [cockroach](http://141.85.224.157:8080/cockroach/). +What happened? +Get the flag! + +Score: 25 + +## Vulnerability + +The flag is displayed only if the `DELETE` method is called for the exposed route. + +## Exploit + +Solution in `./sol/solution`. diff --git a/web-basics-browser-security-model/activities/cockroach/deploy/Dockerfile b/web-basics-browser-security-model/activities/cockroach/deploy/Dockerfile new file mode 100644 index 00000000..dd3d62dd --- /dev/null +++ b/web-basics-browser-security-model/activities/cockroach/deploy/Dockerfile @@ -0,0 +1,10 @@ +FROM tiangolo/uwsgi-nginx-flask:python3.8 + +# copy over our requirements.txt file +COPY src/requirements.txt /tmp/ + +# upgrade pip and install required python packages +RUN pip3 install --no-cache-dir -r /tmp/requirements.txt && mkdir app + +# copy over our app code +COPY src/main.py /app diff --git a/web-basics-browser-security-model/activities/cockroach/deploy/Makefile b/web-basics-browser-security-model/activities/cockroach/deploy/Makefile new file mode 100644 index 00000000..a24f87e5 --- /dev/null +++ b/web-basics-browser-security-model/activities/cockroach/deploy/Makefile @@ -0,0 +1,6 @@ +EXTERNAL_PORT := 8080 +IMG_NAME := sss-web-01_cockroach +FILE_TEMPLATE := ../src/main.template.py +FILE_SRC := ../src/main.py + +include ../../../../common/activity.mk diff --git a/web-basics-browser-security-model/activities/cockroach/flag b/web-basics-browser-security-model/activities/cockroach/flag new file mode 100644 index 00000000..706d874a --- /dev/null +++ b/web-basics-browser-security-model/activities/cockroach/flag @@ -0,0 +1 @@ +SSS{You_smashed_it} diff --git a/web-basics-browser-security-model/activities/cockroach/src/main.template.py b/web-basics-browser-security-model/activities/cockroach/src/main.template.py new file mode 100644 index 00000000..89e8c8d7 --- /dev/null +++ b/web-basics-browser-security-model/activities/cockroach/src/main.template.py @@ -0,0 +1,14 @@ +# SPDX-License-Identifier: BSD-3-Clause + +from flask import Flask + +app = Flask(__name__) + + +@app.route("/cockroach", methods=["DELETE"]) +def delete_this_bastard(): + return "__TEMPLATE__" + + +if __name__ == "__main__": + app.run(host="127.0.0.1") diff --git a/web-basics-browser-security-model/activities/cockroach/src/requirements.txt b/web-basics-browser-security-model/activities/cockroach/src/requirements.txt new file mode 100644 index 00000000..37837a81 --- /dev/null +++ b/web-basics-browser-security-model/activities/cockroach/src/requirements.txt @@ -0,0 +1,6 @@ +click==8.0.1 +Flask==2.0.1 +itsdangerous==2.0.1 +Jinja2==3.0.1 +MarkupSafe==2.0.1 +Werkzeug==2.0.1 From a214e73fff4411999c7e88689490ff7eadc13311 Mon Sep 17 00:00:00 2001 From: Gabriel Mocanu Date: Wed, 5 Jul 2023 00:11:46 +0300 Subject: [PATCH 02/14] task: Add eyes source code and deployment Add eyes source code and deployment Signed-off-by: Gabriel Mocanu --- .../activities/eyes/README.md | 18 + .../activities/eyes/deploy/Dockerfile | 3 + .../activities/eyes/deploy/Makefile | 6 + .../activities/eyes/flag | 1 + .../activities/eyes/src/index.template.html | 369 ++++++++++++++++++ 5 files changed, 397 insertions(+) create mode 100644 web-basics-browser-security-model/activities/eyes/README.md create mode 100644 web-basics-browser-security-model/activities/eyes/deploy/Dockerfile create mode 100644 web-basics-browser-security-model/activities/eyes/deploy/Makefile create mode 100644 web-basics-browser-security-model/activities/eyes/flag create mode 100644 web-basics-browser-security-model/activities/eyes/src/index.template.html diff --git a/web-basics-browser-security-model/activities/eyes/README.md b/web-basics-browser-security-model/activities/eyes/README.md new file mode 100644 index 00000000..1d488a70 --- /dev/null +++ b/web-basics-browser-security-model/activities/eyes/README.md @@ -0,0 +1,18 @@ +# Name + +Web: Web basics and browser security model: Eyes + +## Description + +Get the flag from [eyes](http://141.85.224.118:8081/eyes). + +Score: 25 + +## Vulnerability + +The flag is hidden somewhere in the source code. +Check CSS style. + +## Exploit + +Script in `./sol/solution`. diff --git a/web-basics-browser-security-model/activities/eyes/deploy/Dockerfile b/web-basics-browser-security-model/activities/eyes/deploy/Dockerfile new file mode 100644 index 00000000..44e6fb5b --- /dev/null +++ b/web-basics-browser-security-model/activities/eyes/deploy/Dockerfile @@ -0,0 +1,3 @@ +FROM php:7.2-apache + +COPY /src/index.html /var/www/html/eyes/ diff --git a/web-basics-browser-security-model/activities/eyes/deploy/Makefile b/web-basics-browser-security-model/activities/eyes/deploy/Makefile new file mode 100644 index 00000000..4823df97 --- /dev/null +++ b/web-basics-browser-security-model/activities/eyes/deploy/Makefile @@ -0,0 +1,6 @@ +EXTERNAL_PORT := 8081 +IMG_NAME := sss-web-01_eyes +FILE_TEMPLATE := ../src/index.template.html +FILE_SRC := ../src/index.html + +include ../../../../common/activity.mk diff --git a/web-basics-browser-security-model/activities/eyes/flag b/web-basics-browser-security-model/activities/eyes/flag new file mode 100644 index 00000000..87fc87cc --- /dev/null +++ b/web-basics-browser-security-model/activities/eyes/flag @@ -0,0 +1 @@ +SSS{almost_in_plain_site} \ No newline at end of file diff --git a/web-basics-browser-security-model/activities/eyes/src/index.template.html b/web-basics-browser-security-model/activities/eyes/src/index.template.html new file mode 100644 index 00000000..fbac534d --- /dev/null +++ b/web-basics-browser-security-model/activities/eyes/src/index.template.html @@ -0,0 +1,369 @@ + + + + + + Apache2 Debian Default Page: It works + + + +
+
+ Debian Logo + + Apache2 Debian Default Page + +
+ +
+ + +
+
+ It works! +
+
+

+ This is the default welcome page used to test the correct + operation of the Apache2 server after installation on Debian systems. + If you can read this page, it means that the Apache HTTP server installed at + this site is working properly. You should replace this file (located at + /var/www/html/index.html) before continuing to operate your HTTP server. +

+ + +

+ If you are a normal user of this web site and don't know what this page is + about, this probably means that the site is currently unavailable due to + maintenance. + If the problem persists, please contact the site's administrator. +

+ +
+
+
+ Configuration Overview +
+
+

+ Debian's Apache2 default configuration is different from the + upstream default configuration, and split into several files optimized for + interaction with Debian tools. The configuration system is + fully documented in + /usr/share/doc/apache2/README.Debian.gz. Refer to this for the full + documentation. Documentation for the web server itself can be + found by accessing the manual if the apache2-doc + package was installed on this server. + +

+

+ The configuration layout for an Apache2 web server installation on Debian systems is as follows: +

+ 
+/etc/apache2/
+|-- apache2.conf
+|       `--  ports.conf
+|-- mods-enabled
+|       |-- *.load
+|       `-- *.conf
+|-- conf-enabled
+|       `-- *.conf
+|-- sites-enabled
+|       `-- *.conf
+
+
    +
  • + apache2.conf is the main configuration + file. It puts the pieces together by including all remaining configuration + files when starting up the web server. +
    • + +
  • + ports.conf is always included from the + main configuration file. It is used to determine the listening ports for + incoming connections, and this file can be customized anytime. +
    • + +
  • + Configuration files in the mods-enabled/, + conf-enabled/ and sites-enabled/ directories contain + particular configuration snippets which manage modules, global configuration + fragments, or virtual host configurations, respectively. +
    • + +
  • + They are activated by symlinking available + configuration files from their respective + *-available/ counterparts. These should be managed + by using our helpers + + a2enmod, + a2dismod, + + + a2ensite, + a2dissite, + + and + + a2enconf, + a2disconf + . See their respective man pages for detailed information. +
    • + +
  • + The binary is called apache2. Due to the use of + environment variables, in the default configuration, apache2 needs to be + started/stopped with /etc/init.d/apache2 or apache2ctl. + Calling /usr/bin/apache2 directly will not work with the + default configuration. +
    • +
+
+ +
+
+ Document Roots +
+ +
+

+ By default, Debian does not allow access through the web browser to + any file apart of those located in /var/www, + public_html + directories (when enabled) and /usr/share (for web + applications). If your site is using a web document root + located elsewhere (such as in /srv) you may need to whitelist your + document root directory in /etc/apache2/apache2.conf. +

+

+ The default Debian document root is /var/www/html. You + can make your own virtual hosts under /var/www. This is different + to previous releases which provides better security out of the box. +

+
+ +
+
+ Reporting Problems +
+
+

+ Please use the reportbug tool to report bugs in the + Apache2 package with Debian. However, check existing bug reports before reporting a new bug. +

+

+ Please report bugs specific to modules (such as PHP and others) + to respective packages, not to the web server itself. +

+
+ + + + +
+
+
+
+ + + From c8a04a03915015fecce742187260f23d127cc97c Mon Sep 17 00:00:00 2001 From: Gabriel Mocanu Date: Wed, 5 Jul 2023 00:55:52 +0300 Subject: [PATCH 03/14] task: Add gimme source code and deployment Add gimme source code and deployment Signed-off-by: Gabriel Mocanu --- .../activities/gimme/README.md | 18 +++++++++++++++ .../activities/gimme/deploy/Dockerfile | 10 ++++++++ .../activities/gimme/deploy/Makefile | 6 +++++ .../activities/gimme/flag | 1 + .../activities/gimme/src/main.template.py | 23 +++++++++++++++++++ .../activities/gimme/src/requirements.txt | 6 +++++ 6 files changed, 64 insertions(+) create mode 100644 web-basics-browser-security-model/activities/gimme/README.md create mode 100644 web-basics-browser-security-model/activities/gimme/deploy/Dockerfile create mode 100644 web-basics-browser-security-model/activities/gimme/deploy/Makefile create mode 100644 web-basics-browser-security-model/activities/gimme/flag create mode 100644 web-basics-browser-security-model/activities/gimme/src/main.template.py create mode 100644 web-basics-browser-security-model/activities/gimme/src/requirements.txt diff --git a/web-basics-browser-security-model/activities/gimme/README.md b/web-basics-browser-security-model/activities/gimme/README.md new file mode 100644 index 00000000..1d269f85 --- /dev/null +++ b/web-basics-browser-security-model/activities/gimme/README.md @@ -0,0 +1,18 @@ +# Name + +Web: Web basics and browser security model: Gimme + +## Description + +Get the flag from [gimme](http://141.85.224.157:8082/gimme) (now it’s safe! no more cockroaches :D). +Try to add a new resource. + +Score: 25 + +## Vulnerability + +The flag is displayed only if the `POST` method is called with a body of length equal to 35 for the exposed route. + +## Exploit + +Script in `./sol/solution`. diff --git a/web-basics-browser-security-model/activities/gimme/deploy/Dockerfile b/web-basics-browser-security-model/activities/gimme/deploy/Dockerfile new file mode 100644 index 00000000..dd3d62dd --- /dev/null +++ b/web-basics-browser-security-model/activities/gimme/deploy/Dockerfile @@ -0,0 +1,10 @@ +FROM tiangolo/uwsgi-nginx-flask:python3.8 + +# copy over our requirements.txt file +COPY src/requirements.txt /tmp/ + +# upgrade pip and install required python packages +RUN pip3 install --no-cache-dir -r /tmp/requirements.txt && mkdir app + +# copy over our app code +COPY src/main.py /app diff --git a/web-basics-browser-security-model/activities/gimme/deploy/Makefile b/web-basics-browser-security-model/activities/gimme/deploy/Makefile new file mode 100644 index 00000000..e7c3976f --- /dev/null +++ b/web-basics-browser-security-model/activities/gimme/deploy/Makefile @@ -0,0 +1,6 @@ +EXTERNAL_PORT := 8082 +IMG_NAME := sss-web-01_gimme +FILE_TEMPLATE := ../src/main.template.py +FILE_SRC := ../src/main.py + +include ../../../../common/activity.mk diff --git a/web-basics-browser-security-model/activities/gimme/flag b/web-basics-browser-security-model/activities/gimme/flag new file mode 100644 index 00000000..88d9e37d --- /dev/null +++ b/web-basics-browser-security-model/activities/gimme/flag @@ -0,0 +1 @@ +SSS{dont_forget_the_content_length} \ No newline at end of file diff --git a/web-basics-browser-security-model/activities/gimme/src/main.template.py b/web-basics-browser-security-model/activities/gimme/src/main.template.py new file mode 100644 index 00000000..974518e7 --- /dev/null +++ b/web-basics-browser-security-model/activities/gimme/src/main.template.py @@ -0,0 +1,23 @@ +# SPDX-License-Identifier: BSD-3-Clause + +from flask import Flask, request + +app = Flask(__name__) + + +@app.route("/gimme", methods=["POST"]) +def post_method_with_content_type(): + body = request.data + flag = "__TEMPLATE__" + + if not body: + return "Did you miss something?" + + if len(body) == len(flag): + return flag + + return "Not great, not terrible! You should try 35 :)" + + +if __name__ == "__main__": + app.run(host="127.0.0.1") diff --git a/web-basics-browser-security-model/activities/gimme/src/requirements.txt b/web-basics-browser-security-model/activities/gimme/src/requirements.txt new file mode 100644 index 00000000..e616642b --- /dev/null +++ b/web-basics-browser-security-model/activities/gimme/src/requirements.txt @@ -0,0 +1,6 @@ +click==8.0.1 +Flask==2.0.1 +itsdangerous==2.0.1 +Jinja2==3.0.1 +MarkupSafe==2.0.1 +Werkzeug==2.0.1 \ No newline at end of file From 5d5009939a13280ac756619075926bcb1e9f6438 Mon Sep 17 00:00:00 2001 From: Gabriel Mocanu Date: Wed, 5 Jul 2023 01:04:46 +0300 Subject: [PATCH 04/14] task: Add give-to-get source code and deployment Add give-to-get source code and deployment Signed-off-by: Gabriel Mocanu --- .../activities/give-to-get/README.md | 17 +++++++++++++++++ .../activities/give-to-get/deploy/Dockerfile | 3 +++ .../activities/give-to-get/deploy/Makefile | 6 ++++++ .../activities/give-to-get/flag | 1 + .../give-to-get/src/index.template.php | 17 +++++++++++++++++ 5 files changed, 44 insertions(+) create mode 100644 web-basics-browser-security-model/activities/give-to-get/README.md create mode 100644 web-basics-browser-security-model/activities/give-to-get/deploy/Dockerfile create mode 100644 web-basics-browser-security-model/activities/give-to-get/deploy/Makefile create mode 100644 web-basics-browser-security-model/activities/give-to-get/flag create mode 100644 web-basics-browser-security-model/activities/give-to-get/src/index.template.php diff --git a/web-basics-browser-security-model/activities/give-to-get/README.md b/web-basics-browser-security-model/activities/give-to-get/README.md new file mode 100644 index 00000000..b6fc3ae4 --- /dev/null +++ b/web-basics-browser-security-model/activities/give-to-get/README.md @@ -0,0 +1,17 @@ +# Name + +Web: Web basics and browser security model: Give to get + +## Description + +Get the flag from [give-to-get](http://141.85.224.118:8084/give-to-get/). + +Score: 50 + +## Vulnerability + +The flag is displayed only if you send a query parameter with `?ask=flag`. + +## Exploit + +Script in `./sol/solution`. diff --git a/web-basics-browser-security-model/activities/give-to-get/deploy/Dockerfile b/web-basics-browser-security-model/activities/give-to-get/deploy/Dockerfile new file mode 100644 index 00000000..6e68e606 --- /dev/null +++ b/web-basics-browser-security-model/activities/give-to-get/deploy/Dockerfile @@ -0,0 +1,3 @@ +FROM php:7.2-apache + +COPY /src/index.php /var/www/html/give-to-get/ diff --git a/web-basics-browser-security-model/activities/give-to-get/deploy/Makefile b/web-basics-browser-security-model/activities/give-to-get/deploy/Makefile new file mode 100644 index 00000000..85c76e40 --- /dev/null +++ b/web-basics-browser-security-model/activities/give-to-get/deploy/Makefile @@ -0,0 +1,6 @@ +EXTERNAL_PORT := 8084 +IMG_NAME := sss-web-01_give-to-get +FILE_TEMPLATE := ../src/index.template.php +FILE_SRC := ../src/index.php + +include ../../../../common/activity.mk diff --git a/web-basics-browser-security-model/activities/give-to-get/flag b/web-basics-browser-security-model/activities/give-to-get/flag new file mode 100644 index 00000000..0a43293f --- /dev/null +++ b/web-basics-browser-security-model/activities/give-to-get/flag @@ -0,0 +1 @@ +SSS{giving_is_receiving} \ No newline at end of file diff --git a/web-basics-browser-security-model/activities/give-to-get/src/index.template.php b/web-basics-browser-security-model/activities/give-to-get/src/index.template.php new file mode 100644 index 00000000..cd873322 --- /dev/null +++ b/web-basics-browser-security-model/activities/give-to-get/src/index.template.php @@ -0,0 +1,17 @@ + + + + This is the title of the webpage! + + + You have to ask for the flag to get it!

'; + if (isset($_GET['ask']) && !empty($_GET['ask'])) { + if ($_GET['ask'] == "flag") { + $message='

__TEMPLATE__

'; + } + } + echo $message; + ?> + + From f8c927a18d165c189806e8f5d87bc694e60ffd25 Mon Sep 17 00:00:00 2001 From: Gabriel Mocanu Date: Wed, 5 Jul 2023 01:16:01 +0300 Subject: [PATCH 05/14] task: Add give-to-post source code and deployment Add give-to-post source code and deployment Signed-off-by: Gabriel Mocanu --- .../activities/give-to-post/README.md | 17 +++++++++++++++++ .../activities/give-to-post/deploy/Dockerfile | 3 +++ .../activities/give-to-post/deploy/Makefile | 6 ++++++ .../activities/give-to-post/flag | 1 + .../give-to-post/src/index.template.php | 17 +++++++++++++++++ 5 files changed, 44 insertions(+) create mode 100644 web-basics-browser-security-model/activities/give-to-post/README.md create mode 100644 web-basics-browser-security-model/activities/give-to-post/deploy/Dockerfile create mode 100644 web-basics-browser-security-model/activities/give-to-post/deploy/Makefile create mode 100644 web-basics-browser-security-model/activities/give-to-post/flag create mode 100644 web-basics-browser-security-model/activities/give-to-post/src/index.template.php diff --git a/web-basics-browser-security-model/activities/give-to-post/README.md b/web-basics-browser-security-model/activities/give-to-post/README.md new file mode 100644 index 00000000..28b7ac53 --- /dev/null +++ b/web-basics-browser-security-model/activities/give-to-post/README.md @@ -0,0 +1,17 @@ +# Name + +Web: Web basics and browser security model: Give to post + +## Description + +Get the flag from [give-to-post](http://141.85.224.118:8085/give-to-post/). + +Score: 50 + +## Vulnerability + +The flag is displayed only if you send form data (application/x-www-form-urlencoded) with ask=flag. + +## Exploit + +Script in `./sol/solution`. diff --git a/web-basics-browser-security-model/activities/give-to-post/deploy/Dockerfile b/web-basics-browser-security-model/activities/give-to-post/deploy/Dockerfile new file mode 100644 index 00000000..372c12d4 --- /dev/null +++ b/web-basics-browser-security-model/activities/give-to-post/deploy/Dockerfile @@ -0,0 +1,3 @@ +FROM php:7.2-apache + +COPY /src/index.php /var/www/html/give-to-post/ diff --git a/web-basics-browser-security-model/activities/give-to-post/deploy/Makefile b/web-basics-browser-security-model/activities/give-to-post/deploy/Makefile new file mode 100644 index 00000000..a81ceaa4 --- /dev/null +++ b/web-basics-browser-security-model/activities/give-to-post/deploy/Makefile @@ -0,0 +1,6 @@ +EXTERNAL_PORT := 8085 +IMG_NAME := sss-web-01_give-to-post +FILE_TEMPLATE := ../src/index.template.php +FILE_SRC := ../src/index.php + +include ../../../../common/activity.mk diff --git a/web-basics-browser-security-model/activities/give-to-post/flag b/web-basics-browser-security-model/activities/give-to-post/flag new file mode 100644 index 00000000..ab8cf337 --- /dev/null +++ b/web-basics-browser-security-model/activities/give-to-post/flag @@ -0,0 +1 @@ +SSS{this_is_how_we_roll} diff --git a/web-basics-browser-security-model/activities/give-to-post/src/index.template.php b/web-basics-browser-security-model/activities/give-to-post/src/index.template.php new file mode 100644 index 00000000..8824852b --- /dev/null +++ b/web-basics-browser-security-model/activities/give-to-post/src/index.template.php @@ -0,0 +1,17 @@ + + + + This is the title of the webpage! + + + You have to ask for the flag to post it!

'; + if (isset($_POST['ask']) && !empty($_POST['ask'])) { + if ($_POST['ask'] == "flag") { + $message='

__TEMPLATE__

'; + } + } + echo $message . "\n"; + ?> + + From 8932c719a2bc598d15849a52b5b106333c6da2f6 Mon Sep 17 00:00:00 2001 From: Gabriel Mocanu Date: Wed, 5 Jul 2023 01:19:52 +0300 Subject: [PATCH 06/14] task: Add king-kong source code and deployment Add king-kong source code and deployment Signed-off-by: Gabriel Mocanu --- .../activities/king-kong/README.md | 17 +++++++++++++++++ .../activities/king-kong/deploy/Dockerfile | 3 +++ .../activities/king-kong/deploy/Makefile | 6 ++++++ .../activities/king-kong/flag | 1 + .../activities/king-kong/src/index.template.php | 17 +++++++++++++++++ 5 files changed, 44 insertions(+) create mode 100644 web-basics-browser-security-model/activities/king-kong/README.md create mode 100644 web-basics-browser-security-model/activities/king-kong/deploy/Dockerfile create mode 100644 web-basics-browser-security-model/activities/king-kong/deploy/Makefile create mode 100644 web-basics-browser-security-model/activities/king-kong/flag create mode 100644 web-basics-browser-security-model/activities/king-kong/src/index.template.php diff --git a/web-basics-browser-security-model/activities/king-kong/README.md b/web-basics-browser-security-model/activities/king-kong/README.md new file mode 100644 index 00000000..276be3b0 --- /dev/null +++ b/web-basics-browser-security-model/activities/king-kong/README.md @@ -0,0 +1,17 @@ +# Name + +Web: Web basics and browser security model: King-Kong + +## Description + +Get the flag from [king-kong](http://141.85.224.118:8086/king-kong/). + +Score: 25 + +## Vulnerability + +The flag is displayed only if you send a request with `User-Agent` changed to `King-Kong`. + +## Exploit + +Script in `./sol/solution`. diff --git a/web-basics-browser-security-model/activities/king-kong/deploy/Dockerfile b/web-basics-browser-security-model/activities/king-kong/deploy/Dockerfile new file mode 100644 index 00000000..dd41e1ea --- /dev/null +++ b/web-basics-browser-security-model/activities/king-kong/deploy/Dockerfile @@ -0,0 +1,3 @@ +FROM php:7.2-apache + +COPY /src/index.php /var/www/html/king-kong/ diff --git a/web-basics-browser-security-model/activities/king-kong/deploy/Makefile b/web-basics-browser-security-model/activities/king-kong/deploy/Makefile new file mode 100644 index 00000000..355c7a28 --- /dev/null +++ b/web-basics-browser-security-model/activities/king-kong/deploy/Makefile @@ -0,0 +1,6 @@ +EXTERNAL_PORT := 8086 +IMG_NAME := sss-web-01_king-kong +FILE_TEMPLATE := ../src/index.template.php +FILE_SRC := ../src/index.php + +include ../../../../common/activity.mk diff --git a/web-basics-browser-security-model/activities/king-kong/flag b/web-basics-browser-security-model/activities/king-kong/flag new file mode 100644 index 00000000..11fb6d40 --- /dev/null +++ b/web-basics-browser-security-model/activities/king-kong/flag @@ -0,0 +1 @@ +SSS{godzilla_got_nothing_on_me} diff --git a/web-basics-browser-security-model/activities/king-kong/src/index.template.php b/web-basics-browser-security-model/activities/king-kong/src/index.template.php new file mode 100644 index 00000000..61fbdfb1 --- /dev/null +++ b/web-basics-browser-security-model/activities/king-kong/src/index.template.php @@ -0,0 +1,17 @@ + + + + This is the title of the webpage! + + + I only answer to King-Kong!

'; + if (isset($_SERVER['HTTP_USER_AGENT'])) { + if ($_SERVER['HTTP_USER_AGENT'] == 'King-Kong') { + $message='

__TEMPLATE__

\n'; + } + } + echo $message . "\n"; + ?> + + From 243347e95237084979000ac0f423e375999e0fe4 Mon Sep 17 00:00:00 2001 From: Gabriel Mocanu Date: Wed, 5 Jul 2023 15:37:34 +0300 Subject: [PATCH 07/14] task: Add lame-login source code and deployment Add lame-login source code and deployment Signed-off-by: Gabriel Mocanu --- .../activities/lame-login/README.md | 21 ++++++++++++++++ .../activities/lame-login/deploy/Dockerfile | 10 ++++++++ .../activities/lame-login/deploy/Makefile | 6 +++++ .../activities/lame-login/flag | 1 + .../lame-login/src/main.template.py | 25 +++++++++++++++++++ .../lame-login/src/requirements.txt | 6 +++++ .../lame-login/src/templates/index.html | 19 ++++++++++++++ 7 files changed, 88 insertions(+) create mode 100644 web-basics-browser-security-model/activities/lame-login/README.md create mode 100644 web-basics-browser-security-model/activities/lame-login/deploy/Dockerfile create mode 100644 web-basics-browser-security-model/activities/lame-login/deploy/Makefile create mode 100644 web-basics-browser-security-model/activities/lame-login/flag create mode 100644 web-basics-browser-security-model/activities/lame-login/src/main.template.py create mode 100644 web-basics-browser-security-model/activities/lame-login/src/requirements.txt create mode 100644 web-basics-browser-security-model/activities/lame-login/src/templates/index.html diff --git a/web-basics-browser-security-model/activities/lame-login/README.md b/web-basics-browser-security-model/activities/lame-login/README.md new file mode 100644 index 00000000..30d536dd --- /dev/null +++ b/web-basics-browser-security-model/activities/lame-login/README.md @@ -0,0 +1,21 @@ +# Name + +Web: Web basics and browser security model: Lame Login + +## Description + +Get the flag from [lame-login](http://141.85.224.157:8087/lamelogin). + +Score: 50 + +## Vulnerability + +In the source you can observe two hashes: +username=d033e22ae348aeb5660fc2140aec35850c4da997(SHA)=admin +password=62d5a7eab7c13e99e355dd05b0377a6d01a8fa99(SHA)=Password123$ + +Then you can use the hashes to login. + +## Exploit + +Script in `./sol/solution`. diff --git a/web-basics-browser-security-model/activities/lame-login/deploy/Dockerfile b/web-basics-browser-security-model/activities/lame-login/deploy/Dockerfile new file mode 100644 index 00000000..10095d18 --- /dev/null +++ b/web-basics-browser-security-model/activities/lame-login/deploy/Dockerfile @@ -0,0 +1,10 @@ +FROM tiangolo/uwsgi-nginx-flask:python3.8 + +# copy over our requirements.txt file +COPY src/requirements.txt /tmp/ + +# upgrade pip and install required python packages +RUN pip3 install --no-cache-dir -r /tmp/requirements.txt && mkdir -p app/templates + +# copy over our app code +COPY src/ /app diff --git a/web-basics-browser-security-model/activities/lame-login/deploy/Makefile b/web-basics-browser-security-model/activities/lame-login/deploy/Makefile new file mode 100644 index 00000000..46206f75 --- /dev/null +++ b/web-basics-browser-security-model/activities/lame-login/deploy/Makefile @@ -0,0 +1,6 @@ +EXTERNAL_PORT := 8087 +IMG_NAME := sss-web-01_lame-login +FILE_TEMPLATE := ../src/main.template.py +FILE_SRC := ../src/main.py + +include ../../../../common/activity.mk diff --git a/web-basics-browser-security-model/activities/lame-login/flag b/web-basics-browser-security-model/activities/lame-login/flag new file mode 100644 index 00000000..60217519 --- /dev/null +++ b/web-basics-browser-security-model/activities/lame-login/flag @@ -0,0 +1 @@ +SSS{come_ooon_dude} \ No newline at end of file diff --git a/web-basics-browser-security-model/activities/lame-login/src/main.template.py b/web-basics-browser-security-model/activities/lame-login/src/main.template.py new file mode 100644 index 00000000..810b6562 --- /dev/null +++ b/web-basics-browser-security-model/activities/lame-login/src/main.template.py @@ -0,0 +1,25 @@ +# SPDX-License-Identifier: BSD-3-Clause + +from flask import Flask, request, render_template + +app = Flask(__name__) + + +@app.route("/login", methods=["GET"]) +def login(): + username = request.args.get("username") + password = request.args.get("password") + + if username == "admin" and password == "Password123$": + return "__TEMPLATE__" + + return "Neaahh" + + +@app.route("/lamelogin", methods=["GET"]) +def lamelogin(): + return render_template("index.html") + + +if __name__ == "__main__": + app.run(host="127.0.0.1") diff --git a/web-basics-browser-security-model/activities/lame-login/src/requirements.txt b/web-basics-browser-security-model/activities/lame-login/src/requirements.txt new file mode 100644 index 00000000..e616642b --- /dev/null +++ b/web-basics-browser-security-model/activities/lame-login/src/requirements.txt @@ -0,0 +1,6 @@ +click==8.0.1 +Flask==2.0.1 +itsdangerous==2.0.1 +Jinja2==3.0.1 +MarkupSafe==2.0.1 +Werkzeug==2.0.1 \ No newline at end of file diff --git a/web-basics-browser-security-model/activities/lame-login/src/templates/index.html b/web-basics-browser-security-model/activities/lame-login/src/templates/index.html new file mode 100644 index 00000000..7f72295b --- /dev/null +++ b/web-basics-browser-security-model/activities/lame-login/src/templates/index.html @@ -0,0 +1,19 @@ + + + + Lame Login + + +

This is the best login ever

+ + + +
+ Username:
+ Password:
+ +
+ + + From 6c51a0d5a9973c65acafaa3718b71630a2910ba8 Mon Sep 17 00:00:00 2001 From: Gabriel Mocanu Date: Wed, 5 Jul 2023 16:55:18 +0300 Subject: [PATCH 08/14] task: Add my-special-name source code and deployment Add my-special-name source code and deployment Signed-off-by: Gabriel Mocanu --- .../activities/my-special-name/README.md | 20 +++ .../my-special-name/deploy/Dockerfile | 10 ++ .../my-special-name/deploy/Makefile | 6 + .../activities/my-special-name/flag | 1 + .../my-special-name/src/main.template.py | 123 ++++++++++++++++++ .../my-special-name/src/requirements.txt | 6 + 6 files changed, 166 insertions(+) create mode 100644 web-basics-browser-security-model/activities/my-special-name/README.md create mode 100644 web-basics-browser-security-model/activities/my-special-name/deploy/Dockerfile create mode 100644 web-basics-browser-security-model/activities/my-special-name/deploy/Makefile create mode 100644 web-basics-browser-security-model/activities/my-special-name/flag create mode 100644 web-basics-browser-security-model/activities/my-special-name/src/main.template.py create mode 100644 web-basics-browser-security-model/activities/my-special-name/src/requirements.txt diff --git a/web-basics-browser-security-model/activities/my-special-name/README.md b/web-basics-browser-security-model/activities/my-special-name/README.md new file mode 100644 index 00000000..114457e0 --- /dev/null +++ b/web-basics-browser-security-model/activities/my-special-name/README.md @@ -0,0 +1,20 @@ +# Name + +Web: Web basics and browser security model: My Special Name + +## Description + +Get the flag from [special-name](http://141.85.224.157:80/my-special-name). +Retrieve all the names and you will get the flag. +Use the **name-id** parameter. + +Score: 50 + +## Vulnerability + +The flag is displayed only if the `GET` method with `name-id` as query parameter is called for the exposed route. +You must give it values between 0 and 100 to find the flag. + +## Exploit + +Script in `./sol/solution`. diff --git a/web-basics-browser-security-model/activities/my-special-name/deploy/Dockerfile b/web-basics-browser-security-model/activities/my-special-name/deploy/Dockerfile new file mode 100644 index 00000000..dd3d62dd --- /dev/null +++ b/web-basics-browser-security-model/activities/my-special-name/deploy/Dockerfile @@ -0,0 +1,10 @@ +FROM tiangolo/uwsgi-nginx-flask:python3.8 + +# copy over our requirements.txt file +COPY src/requirements.txt /tmp/ + +# upgrade pip and install required python packages +RUN pip3 install --no-cache-dir -r /tmp/requirements.txt && mkdir app + +# copy over our app code +COPY src/main.py /app diff --git a/web-basics-browser-security-model/activities/my-special-name/deploy/Makefile b/web-basics-browser-security-model/activities/my-special-name/deploy/Makefile new file mode 100644 index 00000000..bb055e7c --- /dev/null +++ b/web-basics-browser-security-model/activities/my-special-name/deploy/Makefile @@ -0,0 +1,6 @@ +EXTERNAL_PORT := 8088 +IMG_NAME := sss-web-01_my-special-name +FILE_TEMPLATE := ../src/main.template.py +FILE_SRC := ../src/main.py + +include ../../../../common/activity.mk diff --git a/web-basics-browser-security-model/activities/my-special-name/flag b/web-basics-browser-security-model/activities/my-special-name/flag new file mode 100644 index 00000000..75531921 --- /dev/null +++ b/web-basics-browser-security-model/activities/my-special-name/flag @@ -0,0 +1 @@ +SSS{th3_Intrud3r} \ No newline at end of file diff --git a/web-basics-browser-security-model/activities/my-special-name/src/main.template.py b/web-basics-browser-security-model/activities/my-special-name/src/main.template.py new file mode 100644 index 00000000..a056b0a3 --- /dev/null +++ b/web-basics-browser-security-model/activities/my-special-name/src/main.template.py @@ -0,0 +1,123 @@ +# SPDX-License-Identifier: BSD-3-Clause + +from flask import Flask, request + + +app = Flask(__name__) + + +NICE_NAMES = [ + "albattani", + "allen", + "almeida", + "antonelli", + "agnesi", + "archimedes", + "ardinghelli", + "aryabhata", + "austin", + "babbage", + "banach", + "banzai", + "bardeen", + "bartik", + "bassi", + "beaver", + "bell", + "benz", + "bhabha", + "black", + "blackburn", + "blackwell", + "bohr", + "booth", + "borg", + "bose", + "bouman", + "boyd", + "brahmagupta", + "brattain", + "brown", + "buck", + "burnell", + "cannon", + "carson", + "cartwright", + "carver", + "cerf", + "chandrasekhar", + "chaplygin", + "chatelet", + "chatterjee", + "chebyshev", + "cohen", + "clarke", + "colden", + "cori", + "cray", + "curran", + "curie", + "darwin", + "davinci", + "dewdney", + "dhawan", + "diffie", + "galileo", + "dijkstra", + "dirac", + "driscoll", + "dubinsky", + "easley", + "edison", + "einstein", + "elbakyan", + "elgamal", + "elion", + "ellis", + "engelbart", + "euclid", + "euler", + "faraday", + "feistel", + "fermat", + "fermi", + "feynman", + "franklin", + "gagarin", + "__TEMPLATE__", + "galois", + "ganguly", + "gates", + "gauss", + "germain", + "goldberg", + "goldstine", + "goldwasser", + "golick", + "goodall", + "gould", + "greider", + "grothendieck", + "haibt", + "hamilton", + "haslett", + "hawking", + "hellman", + "heisenberg", + "hermann", + "herschel", + "chaum", + "moore", +] + + +@app.route("/my-special-name", methods=["GET"]) +def my_special_name(): + name_id = int(request.args.get("name-id")) + if name_id >= 100: + return NICE_NAMES[name_id % 100] + return NICE_NAMES[name_id] + + +if __name__ == "__main__": + app.run(host="127.0.0.1") diff --git a/web-basics-browser-security-model/activities/my-special-name/src/requirements.txt b/web-basics-browser-security-model/activities/my-special-name/src/requirements.txt new file mode 100644 index 00000000..e616642b --- /dev/null +++ b/web-basics-browser-security-model/activities/my-special-name/src/requirements.txt @@ -0,0 +1,6 @@ +click==8.0.1 +Flask==2.0.1 +itsdangerous==2.0.1 +Jinja2==3.0.1 +MarkupSafe==2.0.1 +Werkzeug==2.0.1 \ No newline at end of file From 6d4736952b04b16f071fe08d08a1e46833a20c2e Mon Sep 17 00:00:00 2001 From: Gabriel Mocanu Date: Wed, 5 Jul 2023 17:11:06 +0300 Subject: [PATCH 09/14] task: Add name source code and deployment Add name source code and deployment Signed-off-by: Gabriel Mocanu --- .../activities/name/README.md | 17 +++++++++++++++++ .../activities/name/deploy/Dockerfile | 3 +++ .../activities/name/deploy/Makefile | 6 ++++++ .../activities/name/flag | 1 + .../activities/name/src/index.html | 10 ++++++++++ .../activities/name/src/the_flag.template.html | 9 +++++++++ 6 files changed, 46 insertions(+) create mode 100644 web-basics-browser-security-model/activities/name/README.md create mode 100644 web-basics-browser-security-model/activities/name/deploy/Dockerfile create mode 100644 web-basics-browser-security-model/activities/name/deploy/Makefile create mode 100644 web-basics-browser-security-model/activities/name/flag create mode 100644 web-basics-browser-security-model/activities/name/src/index.html create mode 100644 web-basics-browser-security-model/activities/name/src/the_flag.template.html diff --git a/web-basics-browser-security-model/activities/name/README.md b/web-basics-browser-security-model/activities/name/README.md new file mode 100644 index 00000000..20746215 --- /dev/null +++ b/web-basics-browser-security-model/activities/name/README.md @@ -0,0 +1,17 @@ +# Name + +Web: Web basics and browser security model: Name + +## Description + +Get the flag from [name](http://141.85.224.118:8089/name/). + +Score: 25 + +## Vulnerability + +The flag is displayed if you access `name/the_flag.html`. + +## Exploit + +Script in `./sol/solution`. diff --git a/web-basics-browser-security-model/activities/name/deploy/Dockerfile b/web-basics-browser-security-model/activities/name/deploy/Dockerfile new file mode 100644 index 00000000..6ca83a46 --- /dev/null +++ b/web-basics-browser-security-model/activities/name/deploy/Dockerfile @@ -0,0 +1,3 @@ +FROM php:7.2-apache + +COPY /src /var/www/html/name/ diff --git a/web-basics-browser-security-model/activities/name/deploy/Makefile b/web-basics-browser-security-model/activities/name/deploy/Makefile new file mode 100644 index 00000000..823c2ed2 --- /dev/null +++ b/web-basics-browser-security-model/activities/name/deploy/Makefile @@ -0,0 +1,6 @@ +EXTERNAL_PORT := 8089 +IMG_NAME := sss-web-01_name +FILE_TEMPLATE := ../src/the_flag.template.html +FILE_SRC := ../src/the_flag.html + +include ../../../../common/activity.mk diff --git a/web-basics-browser-security-model/activities/name/flag b/web-basics-browser-security-model/activities/name/flag new file mode 100644 index 00000000..14a92a2b --- /dev/null +++ b/web-basics-browser-security-model/activities/name/flag @@ -0,0 +1 @@ +SSS{my_name_is_who} diff --git a/web-basics-browser-security-model/activities/name/src/index.html b/web-basics-browser-security-model/activities/name/src/index.html new file mode 100644 index 00000000..37e443f1 --- /dev/null +++ b/web-basics-browser-security-model/activities/name/src/index.html @@ -0,0 +1,10 @@ + + + + This is the title of the webpage! + + +

This is an example paragraph. Anything in the body tag will appear on the page, just like this p tag and its contents.

+

It's not complicated. Get the_flag.

+ + diff --git a/web-basics-browser-security-model/activities/name/src/the_flag.template.html b/web-basics-browser-security-model/activities/name/src/the_flag.template.html new file mode 100644 index 00000000..405102cd --- /dev/null +++ b/web-basics-browser-security-model/activities/name/src/the_flag.template.html @@ -0,0 +1,9 @@ + + + + Flag! + + +

__TEMPLATE__

+ + From a8b4b165877d11cc262ded6b0d4a881d92b3a6dc Mon Sep 17 00:00:00 2001 From: Gabriel Mocanu Date: Wed, 5 Jul 2023 18:48:50 +0300 Subject: [PATCH 10/14] task: Add produce-consume source code and deployment Add produce-consume source code and deployment Signed-off-by: Gabriel Mocanu --- .../activities/produce-consume/README.md | 19 +++++++++++++++++++ .../produce-consume/deploy/Dockerfile | 3 +++ .../produce-consume/deploy/Makefile | 6 ++++++ .../activities/produce-consume/flag | 1 + .../consume.php => src/consume.template.php} | 0 .../produce-consume/{public => src}/index.php | 0 .../{public => src}/produce.php | 0 7 files changed, 29 insertions(+) create mode 100644 web-basics-browser-security-model/activities/produce-consume/README.md create mode 100644 web-basics-browser-security-model/activities/produce-consume/deploy/Dockerfile create mode 100644 web-basics-browser-security-model/activities/produce-consume/deploy/Makefile create mode 100644 web-basics-browser-security-model/activities/produce-consume/flag rename web-basics-browser-security-model/activities/produce-consume/{public/consume.php => src/consume.template.php} (100%) rename web-basics-browser-security-model/activities/produce-consume/{public => src}/index.php (100%) rename web-basics-browser-security-model/activities/produce-consume/{public => src}/produce.php (100%) diff --git a/web-basics-browser-security-model/activities/produce-consume/README.md b/web-basics-browser-security-model/activities/produce-consume/README.md new file mode 100644 index 00000000..e595546a --- /dev/null +++ b/web-basics-browser-security-model/activities/produce-consume/README.md @@ -0,0 +1,19 @@ +# Name + +Web: Web basics and browser security model: Produce-Consume + +## Description + +Get the flag from [produce-consume](http://141.85.224.118:8091/produce-consume/). + +See resource [files](https://github.com/security-summer-school/web/tree/master/web-basics-browser-security-model/activities/produce-consume). + +Score: 75 + +## Vulnerability + +The flag is displayed if you use the `PHPSESSID` cookie from `produce.php` to `consume.php`. + +## Exploit + +Script in `./sol/solution`. diff --git a/web-basics-browser-security-model/activities/produce-consume/deploy/Dockerfile b/web-basics-browser-security-model/activities/produce-consume/deploy/Dockerfile new file mode 100644 index 00000000..f619539b --- /dev/null +++ b/web-basics-browser-security-model/activities/produce-consume/deploy/Dockerfile @@ -0,0 +1,3 @@ +FROM php:7.2-apache + +COPY /src /var/www/html/produce-consume/ diff --git a/web-basics-browser-security-model/activities/produce-consume/deploy/Makefile b/web-basics-browser-security-model/activities/produce-consume/deploy/Makefile new file mode 100644 index 00000000..481f1647 --- /dev/null +++ b/web-basics-browser-security-model/activities/produce-consume/deploy/Makefile @@ -0,0 +1,6 @@ +EXTERNAL_PORT := 8091 +IMG_NAME := sss-web-01_produce-consume +FILE_TEMPLATE := ../src/consume.template.php +FILE_SRC := ../src/consume.php + +include ../../../../common/activity.mk diff --git a/web-basics-browser-security-model/activities/produce-consume/flag b/web-basics-browser-security-model/activities/produce-consume/flag new file mode 100644 index 00000000..11bcd1e4 --- /dev/null +++ b/web-basics-browser-security-model/activities/produce-consume/flag @@ -0,0 +1 @@ +SSS{seven_years_of_bad_luck} diff --git a/web-basics-browser-security-model/activities/produce-consume/public/consume.php b/web-basics-browser-security-model/activities/produce-consume/src/consume.template.php similarity index 100% rename from web-basics-browser-security-model/activities/produce-consume/public/consume.php rename to web-basics-browser-security-model/activities/produce-consume/src/consume.template.php diff --git a/web-basics-browser-security-model/activities/produce-consume/public/index.php b/web-basics-browser-security-model/activities/produce-consume/src/index.php similarity index 100% rename from web-basics-browser-security-model/activities/produce-consume/public/index.php rename to web-basics-browser-security-model/activities/produce-consume/src/index.php diff --git a/web-basics-browser-security-model/activities/produce-consume/public/produce.php b/web-basics-browser-security-model/activities/produce-consume/src/produce.php similarity index 100% rename from web-basics-browser-security-model/activities/produce-consume/public/produce.php rename to web-basics-browser-security-model/activities/produce-consume/src/produce.php From 7df25921fe0c84e03fd673a865b3ef18efa47fc0 Mon Sep 17 00:00:00 2001 From: Gabriel Mocanu Date: Wed, 5 Jul 2023 18:49:16 +0300 Subject: [PATCH 11/14] task: Add surprise source code and deployment Add surprise source code and deployment Signed-off-by: Gabriel Mocanu --- .../activities/surprise/README.md | 18 ++++++++++++ .../activities/surprise/deploy/Dockerfile | 10 +++++++ .../activities/surprise/deploy/Makefile | 6 ++++ .../activities/surprise/flag | 1 + .../activities/surprise/src/main.template.py | 28 +++++++++++++++++++ .../activities/surprise/src/requirements.txt | 6 ++++ 6 files changed, 69 insertions(+) create mode 100644 web-basics-browser-security-model/activities/surprise/README.md create mode 100644 web-basics-browser-security-model/activities/surprise/deploy/Dockerfile create mode 100644 web-basics-browser-security-model/activities/surprise/deploy/Makefile create mode 100644 web-basics-browser-security-model/activities/surprise/flag create mode 100644 web-basics-browser-security-model/activities/surprise/src/main.template.py create mode 100644 web-basics-browser-security-model/activities/surprise/src/requirements.txt diff --git a/web-basics-browser-security-model/activities/surprise/README.md b/web-basics-browser-security-model/activities/surprise/README.md new file mode 100644 index 00000000..941e6dd5 --- /dev/null +++ b/web-basics-browser-security-model/activities/surprise/README.md @@ -0,0 +1,18 @@ +# Name + +Web: Web basics and browser security model: Surprise + +## Description + +Get the flag from [surprise](http://141.85.224.157:8093/surprise/). +Try to modify an existing resource at this location. + +Score: 50 + +## Vulnerability + +The flag is displayed only if the `PUT` method is called with contenty-type `application/json` and a JSON body with the `name` key for the exposed route. + +## Exploit + +Script in `./sol/solution`. diff --git a/web-basics-browser-security-model/activities/surprise/deploy/Dockerfile b/web-basics-browser-security-model/activities/surprise/deploy/Dockerfile new file mode 100644 index 00000000..dd3d62dd --- /dev/null +++ b/web-basics-browser-security-model/activities/surprise/deploy/Dockerfile @@ -0,0 +1,10 @@ +FROM tiangolo/uwsgi-nginx-flask:python3.8 + +# copy over our requirements.txt file +COPY src/requirements.txt /tmp/ + +# upgrade pip and install required python packages +RUN pip3 install --no-cache-dir -r /tmp/requirements.txt && mkdir app + +# copy over our app code +COPY src/main.py /app diff --git a/web-basics-browser-security-model/activities/surprise/deploy/Makefile b/web-basics-browser-security-model/activities/surprise/deploy/Makefile new file mode 100644 index 00000000..136059ba --- /dev/null +++ b/web-basics-browser-security-model/activities/surprise/deploy/Makefile @@ -0,0 +1,6 @@ +EXTERNAL_PORT := 8093 +IMG_NAME := sss-web-01_surprise +FILE_TEMPLATE := ../src/main.template.py +FILE_SRC := ../src/main.py + +include ../../../../common/activity.mk diff --git a/web-basics-browser-security-model/activities/surprise/flag b/web-basics-browser-security-model/activities/surprise/flag new file mode 100644 index 00000000..97467565 --- /dev/null +++ b/web-basics-browser-security-model/activities/surprise/flag @@ -0,0 +1 @@ +SSS{valar_morghulis} diff --git a/web-basics-browser-security-model/activities/surprise/src/main.template.py b/web-basics-browser-security-model/activities/surprise/src/main.template.py new file mode 100644 index 00000000..445efa4e --- /dev/null +++ b/web-basics-browser-security-model/activities/surprise/src/main.template.py @@ -0,0 +1,28 @@ +# SPDX-License-Identifier: BSD-3-Clause + +from flask import Flask, request + + +app = Flask(__name__) + + +@app.route("/surprise", methods=["PUT"]) +def put_method_with_content_type(): + + flag = "__TEMPLATE__" + + if not request.content_type: + return "I don't understand you :(" + + if request.content_type == "application/json": + + if "name" in request.json: + name = request.json["name"] + return "\n".join( + [f"Well done my friend, {name}! Here is your surprise:", flag] + ) + + return "Better! Give me your 'name' in this format" + + else: + return "Good! But we should start using same language" diff --git a/web-basics-browser-security-model/activities/surprise/src/requirements.txt b/web-basics-browser-security-model/activities/surprise/src/requirements.txt new file mode 100644 index 00000000..e616642b --- /dev/null +++ b/web-basics-browser-security-model/activities/surprise/src/requirements.txt @@ -0,0 +1,6 @@ +click==8.0.1 +Flask==2.0.1 +itsdangerous==2.0.1 +Jinja2==3.0.1 +MarkupSafe==2.0.1 +Werkzeug==2.0.1 \ No newline at end of file From b4a0132777cfda6d7c99165951ed2800efab39d6 Mon Sep 17 00:00:00 2001 From: Gabriel Mocanu Date: Wed, 5 Jul 2023 18:49:42 +0300 Subject: [PATCH 12/14] task: Add readme source code and deployment Add readme source code and deployment Signed-off-by: Gabriel Mocanu --- .../activities/readme/README.md | 17 +++++++++++++++++ .../activities/readme/deploy/Dockerfile | 3 +++ .../activities/readme/deploy/Makefile | 6 ++++++ .../activities/readme/flag | 1 + .../activities/readme/src/index.template.html | 10 ++++++++++ .../activities/readme/src/readme.html | 9 +++++++++ 6 files changed, 46 insertions(+) create mode 100644 web-basics-browser-security-model/activities/readme/README.md create mode 100644 web-basics-browser-security-model/activities/readme/deploy/Dockerfile create mode 100644 web-basics-browser-security-model/activities/readme/deploy/Makefile create mode 100644 web-basics-browser-security-model/activities/readme/flag create mode 100644 web-basics-browser-security-model/activities/readme/src/index.template.html create mode 100644 web-basics-browser-security-model/activities/readme/src/readme.html diff --git a/web-basics-browser-security-model/activities/readme/README.md b/web-basics-browser-security-model/activities/readme/README.md new file mode 100644 index 00000000..8d460614 --- /dev/null +++ b/web-basics-browser-security-model/activities/readme/README.md @@ -0,0 +1,17 @@ +# Name + +Web: Web basics and browser security model: Readme + +## Description + +Get the flag from [readme](http://141.85.224.118:8092/readme/). + +Score: 25 + +## Vulnerability + +The flag is showing up in the URL after clicking on the hyperlink. + +## Exploit + +Script in `./sol/solution`. diff --git a/web-basics-browser-security-model/activities/readme/deploy/Dockerfile b/web-basics-browser-security-model/activities/readme/deploy/Dockerfile new file mode 100644 index 00000000..a7156c01 --- /dev/null +++ b/web-basics-browser-security-model/activities/readme/deploy/Dockerfile @@ -0,0 +1,3 @@ +FROM php:7.2-apache + +COPY /src /var/www/html/readme/ diff --git a/web-basics-browser-security-model/activities/readme/deploy/Makefile b/web-basics-browser-security-model/activities/readme/deploy/Makefile new file mode 100644 index 00000000..41acd944 --- /dev/null +++ b/web-basics-browser-security-model/activities/readme/deploy/Makefile @@ -0,0 +1,6 @@ +EXTERNAL_PORT := 8092 +IMG_NAME := sss-web-01_readme +FILE_TEMPLATE := ../src/index.template.html +FILE_SRC := ../src/index.html + +include ../../../../common/activity.mk diff --git a/web-basics-browser-security-model/activities/readme/flag b/web-basics-browser-security-model/activities/readme/flag new file mode 100644 index 00000000..6640a15a --- /dev/null +++ b/web-basics-browser-security-model/activities/readme/flag @@ -0,0 +1 @@ +SSS{do_not_kill_the_messenger} diff --git a/web-basics-browser-security-model/activities/readme/src/index.template.html b/web-basics-browser-security-model/activities/readme/src/index.template.html new file mode 100644 index 00000000..7b6f6fc7 --- /dev/null +++ b/web-basics-browser-security-model/activities/readme/src/index.template.html @@ -0,0 +1,10 @@ + + + + This is the title of the webpage! + + +

This is an example paragraph. Anything in the body tag will appear on the page, just like this p tag and its contents.

+

The flag is here

+ + diff --git a/web-basics-browser-security-model/activities/readme/src/readme.html b/web-basics-browser-security-model/activities/readme/src/readme.html new file mode 100644 index 00000000..a4204796 --- /dev/null +++ b/web-basics-browser-security-model/activities/readme/src/readme.html @@ -0,0 +1,9 @@ + + + + This is the title of the webpage! + + +

Look at this nice flag.

+ + From 5da76b21255929a5e7c30f1f54db0a7967bc5dd1 Mon Sep 17 00:00:00 2001 From: Gabriel Mocanu Date: Wed, 5 Jul 2023 18:50:05 +0300 Subject: [PATCH 13/14] task: Add one-by-one source code and deployment Add one-by-one source code and deployment Signed-off-by: Gabriel Mocanu --- .../activities/one-by-one/README.md | 17 +++++++++++++++++ .../activities/one-by-one/deploy/Dockerfile | 3 +++ .../activities/one-by-one/deploy/Makefile | 6 ++++++ .../activities/one-by-one/flag | 1 + .../one-by-one/src/index.template.php | 19 +++++++++++++++++++ 5 files changed, 46 insertions(+) create mode 100644 web-basics-browser-security-model/activities/one-by-one/README.md create mode 100644 web-basics-browser-security-model/activities/one-by-one/deploy/Dockerfile create mode 100644 web-basics-browser-security-model/activities/one-by-one/deploy/Makefile create mode 100644 web-basics-browser-security-model/activities/one-by-one/flag create mode 100644 web-basics-browser-security-model/activities/one-by-one/src/index.template.php diff --git a/web-basics-browser-security-model/activities/one-by-one/README.md b/web-basics-browser-security-model/activities/one-by-one/README.md new file mode 100644 index 00000000..1a83d854 --- /dev/null +++ b/web-basics-browser-security-model/activities/one-by-one/README.md @@ -0,0 +1,17 @@ +# Name + +Web: Web basics and browser security model: One-by-One + +## Description + +Get the flag from [one-by-one](http://141.85.224.118:8090/one-by-one/). + +Score: 50 + +## Vulnerability + +The flag is displayed character by character after a new request is sent. + +## Exploit + +Script in `./sol/solution`. diff --git a/web-basics-browser-security-model/activities/one-by-one/deploy/Dockerfile b/web-basics-browser-security-model/activities/one-by-one/deploy/Dockerfile new file mode 100644 index 00000000..378999de --- /dev/null +++ b/web-basics-browser-security-model/activities/one-by-one/deploy/Dockerfile @@ -0,0 +1,3 @@ +FROM php:7.2-apache + +COPY /src /var/www/html/one-by-one/ diff --git a/web-basics-browser-security-model/activities/one-by-one/deploy/Makefile b/web-basics-browser-security-model/activities/one-by-one/deploy/Makefile new file mode 100644 index 00000000..454b2d86 --- /dev/null +++ b/web-basics-browser-security-model/activities/one-by-one/deploy/Makefile @@ -0,0 +1,6 @@ +EXTERNAL_PORT := 8090 +IMG_NAME := sss-web-01_one-by-one +FILE_TEMPLATE := ../src/index.template.php +FILE_SRC := ../src/index.php + +include ../../../../common/activity.mk diff --git a/web-basics-browser-security-model/activities/one-by-one/flag b/web-basics-browser-security-model/activities/one-by-one/flag new file mode 100644 index 00000000..000fe027 --- /dev/null +++ b/web-basics-browser-security-model/activities/one-by-one/flag @@ -0,0 +1 @@ +SSS{this_is_a_very_long_flag_for_which_you_should_have_a_script_so_as_not_to_get_bored} \ No newline at end of file diff --git a/web-basics-browser-security-model/activities/one-by-one/src/index.template.php b/web-basics-browser-security-model/activities/one-by-one/src/index.template.php new file mode 100644 index 00000000..6f0e5d65 --- /dev/null +++ b/web-basics-browser-security-model/activities/one-by-one/src/index.template.php @@ -0,0 +1,19 @@ +" . $flag[$_SESSION['count']] . "

\n"; +?> + + + + + This is the title of the webpage! + + + + From c2edcd587803a65ce29ec96242cea7c2d91997f9 Mon Sep 17 00:00:00 2001 From: Gabriel Mocanu Date: Wed, 5 Jul 2023 19:14:53 +0300 Subject: [PATCH 14/14] task: Add common makefile Add common makefile Signed-off-by: Gabriel Mocanu --- common/activity.mk | 39 +++++++++++++++++++ .../activities/cockroach/deploy/Makefile | 2 +- .../activities/cockroach/deploy/activity.mk | 1 + .../activities/eyes/deploy/Makefile | 2 +- .../activities/eyes/deploy/activity.mk | 1 + .../activities/gimme/deploy/Makefile | 2 +- .../activities/gimme/deploy/activity.mk | 1 + .../activities/give-to-get/deploy/Makefile | 2 +- .../activities/give-to-get/deploy/activity.mk | 1 + .../activities/give-to-post/deploy/Makefile | 2 +- .../give-to-post/deploy/activity.mk | 1 + .../activities/king-kong/deploy/Makefile | 2 +- .../activities/king-kong/deploy/activity.mk | 1 + .../activities/lame-login/deploy/Makefile | 2 +- .../activities/lame-login/deploy/activity.mk | 1 + .../my-special-name/deploy/Makefile | 2 +- .../my-special-name/deploy/activity.mk | 1 + .../activities/name/deploy/Makefile | 2 +- .../activities/name/deploy/activity.mk | 1 + .../activities/one-by-one/deploy/Makefile | 2 +- .../activities/one-by-one/deploy/activity.mk | 1 + .../produce-consume/deploy/Makefile | 2 +- .../produce-consume/deploy/activity.mk | 1 + .../activities/readme/deploy/Makefile | 2 +- .../activities/readme/deploy/activity.mk | 1 + .../activities/surprise/deploy/Makefile | 2 +- .../activities/surprise/deploy/activity.mk | 1 + 27 files changed, 65 insertions(+), 13 deletions(-) create mode 100644 common/activity.mk create mode 120000 web-basics-browser-security-model/activities/cockroach/deploy/activity.mk create mode 120000 web-basics-browser-security-model/activities/eyes/deploy/activity.mk create mode 120000 web-basics-browser-security-model/activities/gimme/deploy/activity.mk create mode 120000 web-basics-browser-security-model/activities/give-to-get/deploy/activity.mk create mode 120000 web-basics-browser-security-model/activities/give-to-post/deploy/activity.mk create mode 120000 web-basics-browser-security-model/activities/king-kong/deploy/activity.mk create mode 120000 web-basics-browser-security-model/activities/lame-login/deploy/activity.mk create mode 120000 web-basics-browser-security-model/activities/my-special-name/deploy/activity.mk create mode 120000 web-basics-browser-security-model/activities/name/deploy/activity.mk create mode 120000 web-basics-browser-security-model/activities/one-by-one/deploy/activity.mk create mode 120000 web-basics-browser-security-model/activities/produce-consume/deploy/activity.mk create mode 120000 web-basics-browser-security-model/activities/readme/deploy/activity.mk create mode 120000 web-basics-browser-security-model/activities/surprise/deploy/activity.mk diff --git a/common/activity.mk b/common/activity.mk new file mode 100644 index 00000000..d6474816 --- /dev/null +++ b/common/activity.mk @@ -0,0 +1,39 @@ +INTERNAL_PORT := 80 +CONT_NAME := ${IMG_NAME} +FILE_FLAG := ../flag +FLAG := $(shell cat $(FILE_FLAG)) + +ifndef CONT_NAME +$(error You need to set a name for IMG_NAME variable(e.g. sss-web-01_activity-name).) +endif + +ifndef FILE_TEMPLATE +$(error You need to set a path for FILE_TEMPLATE.) +endif + +ifndef FILE_SRC +$(error You need to set a path for FILE_SRC.) +endif + +ifndef EXTERNAL_PORT +$(error You need to set EXTERNAL_PORT variable.) +endif + +run: generate build + docker run -d -p $(EXTERNAL_PORT):$(INTERNAL_PORT) --name $(CONT_NAME) -t $(IMG_NAME) + +build: generate + docker build -t $(IMG_NAME) -f Dockerfile .. + +generate: + sed 's/__TEMPLATE__/$(FLAG)/g' $(FILE_TEMPLATE) > $(FILE_SRC) + +stop: + docker stop $(CONT_NAME) + +clean: stop + docker rm $(IMG_NAME) + docker image rm $(IMG_NAME):latest + rm $(FILE_SRC) + +.PHONY: run build generate stop clean diff --git a/web-basics-browser-security-model/activities/cockroach/deploy/Makefile b/web-basics-browser-security-model/activities/cockroach/deploy/Makefile index a24f87e5..6c3ac8b9 100644 --- a/web-basics-browser-security-model/activities/cockroach/deploy/Makefile +++ b/web-basics-browser-security-model/activities/cockroach/deploy/Makefile @@ -3,4 +3,4 @@ IMG_NAME := sss-web-01_cockroach FILE_TEMPLATE := ../src/main.template.py FILE_SRC := ../src/main.py -include ../../../../common/activity.mk +include activity.mk diff --git a/web-basics-browser-security-model/activities/cockroach/deploy/activity.mk b/web-basics-browser-security-model/activities/cockroach/deploy/activity.mk new file mode 120000 index 00000000..ebadabe9 --- /dev/null +++ b/web-basics-browser-security-model/activities/cockroach/deploy/activity.mk @@ -0,0 +1 @@ +../../../../common/activity.mk \ No newline at end of file diff --git a/web-basics-browser-security-model/activities/eyes/deploy/Makefile b/web-basics-browser-security-model/activities/eyes/deploy/Makefile index 4823df97..82c4bb40 100644 --- a/web-basics-browser-security-model/activities/eyes/deploy/Makefile +++ b/web-basics-browser-security-model/activities/eyes/deploy/Makefile @@ -3,4 +3,4 @@ IMG_NAME := sss-web-01_eyes FILE_TEMPLATE := ../src/index.template.html FILE_SRC := ../src/index.html -include ../../../../common/activity.mk +include activity.mk diff --git a/web-basics-browser-security-model/activities/eyes/deploy/activity.mk b/web-basics-browser-security-model/activities/eyes/deploy/activity.mk new file mode 120000 index 00000000..ebadabe9 --- /dev/null +++ b/web-basics-browser-security-model/activities/eyes/deploy/activity.mk @@ -0,0 +1 @@ +../../../../common/activity.mk \ No newline at end of file diff --git a/web-basics-browser-security-model/activities/gimme/deploy/Makefile b/web-basics-browser-security-model/activities/gimme/deploy/Makefile index e7c3976f..c596252c 100644 --- a/web-basics-browser-security-model/activities/gimme/deploy/Makefile +++ b/web-basics-browser-security-model/activities/gimme/deploy/Makefile @@ -3,4 +3,4 @@ IMG_NAME := sss-web-01_gimme FILE_TEMPLATE := ../src/main.template.py FILE_SRC := ../src/main.py -include ../../../../common/activity.mk +include activity.mk diff --git a/web-basics-browser-security-model/activities/gimme/deploy/activity.mk b/web-basics-browser-security-model/activities/gimme/deploy/activity.mk new file mode 120000 index 00000000..ebadabe9 --- /dev/null +++ b/web-basics-browser-security-model/activities/gimme/deploy/activity.mk @@ -0,0 +1 @@ +../../../../common/activity.mk \ No newline at end of file diff --git a/web-basics-browser-security-model/activities/give-to-get/deploy/Makefile b/web-basics-browser-security-model/activities/give-to-get/deploy/Makefile index 85c76e40..820281b8 100644 --- a/web-basics-browser-security-model/activities/give-to-get/deploy/Makefile +++ b/web-basics-browser-security-model/activities/give-to-get/deploy/Makefile @@ -3,4 +3,4 @@ IMG_NAME := sss-web-01_give-to-get FILE_TEMPLATE := ../src/index.template.php FILE_SRC := ../src/index.php -include ../../../../common/activity.mk +include activity.mk diff --git a/web-basics-browser-security-model/activities/give-to-get/deploy/activity.mk b/web-basics-browser-security-model/activities/give-to-get/deploy/activity.mk new file mode 120000 index 00000000..ebadabe9 --- /dev/null +++ b/web-basics-browser-security-model/activities/give-to-get/deploy/activity.mk @@ -0,0 +1 @@ +../../../../common/activity.mk \ No newline at end of file diff --git a/web-basics-browser-security-model/activities/give-to-post/deploy/Makefile b/web-basics-browser-security-model/activities/give-to-post/deploy/Makefile index a81ceaa4..d9a46083 100644 --- a/web-basics-browser-security-model/activities/give-to-post/deploy/Makefile +++ b/web-basics-browser-security-model/activities/give-to-post/deploy/Makefile @@ -3,4 +3,4 @@ IMG_NAME := sss-web-01_give-to-post FILE_TEMPLATE := ../src/index.template.php FILE_SRC := ../src/index.php -include ../../../../common/activity.mk +include activity.mk diff --git a/web-basics-browser-security-model/activities/give-to-post/deploy/activity.mk b/web-basics-browser-security-model/activities/give-to-post/deploy/activity.mk new file mode 120000 index 00000000..ebadabe9 --- /dev/null +++ b/web-basics-browser-security-model/activities/give-to-post/deploy/activity.mk @@ -0,0 +1 @@ +../../../../common/activity.mk \ No newline at end of file diff --git a/web-basics-browser-security-model/activities/king-kong/deploy/Makefile b/web-basics-browser-security-model/activities/king-kong/deploy/Makefile index 355c7a28..fb29848e 100644 --- a/web-basics-browser-security-model/activities/king-kong/deploy/Makefile +++ b/web-basics-browser-security-model/activities/king-kong/deploy/Makefile @@ -3,4 +3,4 @@ IMG_NAME := sss-web-01_king-kong FILE_TEMPLATE := ../src/index.template.php FILE_SRC := ../src/index.php -include ../../../../common/activity.mk +include activity.mk diff --git a/web-basics-browser-security-model/activities/king-kong/deploy/activity.mk b/web-basics-browser-security-model/activities/king-kong/deploy/activity.mk new file mode 120000 index 00000000..ebadabe9 --- /dev/null +++ b/web-basics-browser-security-model/activities/king-kong/deploy/activity.mk @@ -0,0 +1 @@ +../../../../common/activity.mk \ No newline at end of file diff --git a/web-basics-browser-security-model/activities/lame-login/deploy/Makefile b/web-basics-browser-security-model/activities/lame-login/deploy/Makefile index 46206f75..d048448b 100644 --- a/web-basics-browser-security-model/activities/lame-login/deploy/Makefile +++ b/web-basics-browser-security-model/activities/lame-login/deploy/Makefile @@ -3,4 +3,4 @@ IMG_NAME := sss-web-01_lame-login FILE_TEMPLATE := ../src/main.template.py FILE_SRC := ../src/main.py -include ../../../../common/activity.mk +include activity.mk diff --git a/web-basics-browser-security-model/activities/lame-login/deploy/activity.mk b/web-basics-browser-security-model/activities/lame-login/deploy/activity.mk new file mode 120000 index 00000000..ebadabe9 --- /dev/null +++ b/web-basics-browser-security-model/activities/lame-login/deploy/activity.mk @@ -0,0 +1 @@ +../../../../common/activity.mk \ No newline at end of file diff --git a/web-basics-browser-security-model/activities/my-special-name/deploy/Makefile b/web-basics-browser-security-model/activities/my-special-name/deploy/Makefile index bb055e7c..55a439ed 100644 --- a/web-basics-browser-security-model/activities/my-special-name/deploy/Makefile +++ b/web-basics-browser-security-model/activities/my-special-name/deploy/Makefile @@ -3,4 +3,4 @@ IMG_NAME := sss-web-01_my-special-name FILE_TEMPLATE := ../src/main.template.py FILE_SRC := ../src/main.py -include ../../../../common/activity.mk +include activity.mk diff --git a/web-basics-browser-security-model/activities/my-special-name/deploy/activity.mk b/web-basics-browser-security-model/activities/my-special-name/deploy/activity.mk new file mode 120000 index 00000000..ebadabe9 --- /dev/null +++ b/web-basics-browser-security-model/activities/my-special-name/deploy/activity.mk @@ -0,0 +1 @@ +../../../../common/activity.mk \ No newline at end of file diff --git a/web-basics-browser-security-model/activities/name/deploy/Makefile b/web-basics-browser-security-model/activities/name/deploy/Makefile index 823c2ed2..b9809e40 100644 --- a/web-basics-browser-security-model/activities/name/deploy/Makefile +++ b/web-basics-browser-security-model/activities/name/deploy/Makefile @@ -3,4 +3,4 @@ IMG_NAME := sss-web-01_name FILE_TEMPLATE := ../src/the_flag.template.html FILE_SRC := ../src/the_flag.html -include ../../../../common/activity.mk +include activity.mk diff --git a/web-basics-browser-security-model/activities/name/deploy/activity.mk b/web-basics-browser-security-model/activities/name/deploy/activity.mk new file mode 120000 index 00000000..ebadabe9 --- /dev/null +++ b/web-basics-browser-security-model/activities/name/deploy/activity.mk @@ -0,0 +1 @@ +../../../../common/activity.mk \ No newline at end of file diff --git a/web-basics-browser-security-model/activities/one-by-one/deploy/Makefile b/web-basics-browser-security-model/activities/one-by-one/deploy/Makefile index 454b2d86..a65e7068 100644 --- a/web-basics-browser-security-model/activities/one-by-one/deploy/Makefile +++ b/web-basics-browser-security-model/activities/one-by-one/deploy/Makefile @@ -3,4 +3,4 @@ IMG_NAME := sss-web-01_one-by-one FILE_TEMPLATE := ../src/index.template.php FILE_SRC := ../src/index.php -include ../../../../common/activity.mk +include activity.mk diff --git a/web-basics-browser-security-model/activities/one-by-one/deploy/activity.mk b/web-basics-browser-security-model/activities/one-by-one/deploy/activity.mk new file mode 120000 index 00000000..ebadabe9 --- /dev/null +++ b/web-basics-browser-security-model/activities/one-by-one/deploy/activity.mk @@ -0,0 +1 @@ +../../../../common/activity.mk \ No newline at end of file diff --git a/web-basics-browser-security-model/activities/produce-consume/deploy/Makefile b/web-basics-browser-security-model/activities/produce-consume/deploy/Makefile index 481f1647..2b59ebf3 100644 --- a/web-basics-browser-security-model/activities/produce-consume/deploy/Makefile +++ b/web-basics-browser-security-model/activities/produce-consume/deploy/Makefile @@ -3,4 +3,4 @@ IMG_NAME := sss-web-01_produce-consume FILE_TEMPLATE := ../src/consume.template.php FILE_SRC := ../src/consume.php -include ../../../../common/activity.mk +include activity.mk diff --git a/web-basics-browser-security-model/activities/produce-consume/deploy/activity.mk b/web-basics-browser-security-model/activities/produce-consume/deploy/activity.mk new file mode 120000 index 00000000..ebadabe9 --- /dev/null +++ b/web-basics-browser-security-model/activities/produce-consume/deploy/activity.mk @@ -0,0 +1 @@ +../../../../common/activity.mk \ No newline at end of file diff --git a/web-basics-browser-security-model/activities/readme/deploy/Makefile b/web-basics-browser-security-model/activities/readme/deploy/Makefile index 41acd944..04dd69e2 100644 --- a/web-basics-browser-security-model/activities/readme/deploy/Makefile +++ b/web-basics-browser-security-model/activities/readme/deploy/Makefile @@ -3,4 +3,4 @@ IMG_NAME := sss-web-01_readme FILE_TEMPLATE := ../src/index.template.html FILE_SRC := ../src/index.html -include ../../../../common/activity.mk +include activity.mk diff --git a/web-basics-browser-security-model/activities/readme/deploy/activity.mk b/web-basics-browser-security-model/activities/readme/deploy/activity.mk new file mode 120000 index 00000000..ebadabe9 --- /dev/null +++ b/web-basics-browser-security-model/activities/readme/deploy/activity.mk @@ -0,0 +1 @@ +../../../../common/activity.mk \ No newline at end of file diff --git a/web-basics-browser-security-model/activities/surprise/deploy/Makefile b/web-basics-browser-security-model/activities/surprise/deploy/Makefile index 136059ba..3f2cce1b 100644 --- a/web-basics-browser-security-model/activities/surprise/deploy/Makefile +++ b/web-basics-browser-security-model/activities/surprise/deploy/Makefile @@ -3,4 +3,4 @@ IMG_NAME := sss-web-01_surprise FILE_TEMPLATE := ../src/main.template.py FILE_SRC := ../src/main.py -include ../../../../common/activity.mk +include activity.mk diff --git a/web-basics-browser-security-model/activities/surprise/deploy/activity.mk b/web-basics-browser-security-model/activities/surprise/deploy/activity.mk new file mode 120000 index 00000000..ebadabe9 --- /dev/null +++ b/web-basics-browser-security-model/activities/surprise/deploy/activity.mk @@ -0,0 +1 @@ +../../../../common/activity.mk \ No newline at end of file