pierre/gns3-docker-appliances
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add unsafe login docker image

Browse Source
This commit is contained in:
Pierre HUBERT
2025-01-30 12:32:06 +01:00
parent 6b38c46be9
commit c47cbeef38
7 changed files with 240 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@@ -2,4 +2,4 @@
Appliances used to build GNS3 labs. Appliances used to build GNS3 labs.
This images are freely inspired from [Chewie's](https://github.com/Chewie/gns3-docker-appliances) ones These images are freely inspired from [Chewie's](https://github.com/Chewie/gns3-docker-appliances) ones

4
unsafe_login/Dockerfile Normal file
View File

@@ -0,0 +1,4 @@
FROM php:8.3-apache
COPY src/ /var/www/html/
ENV FLAG=CHANGEME

8
unsafe_login/README.md Normal file
View File

@@ -0,0 +1,8 @@
# Unsafe login challenge
You need to set the `FLAG` environment variable for this challenge to work!
## Run the image
```bash
docker run --rm --name unsafe_login --env FLAG='FLAG{EASYINJECTION}' -p 3565:80 -it pierre42100/gns3-appliance-unsafe-login
```

1
unsafe_login/build.sh Normal file
View File

@@ -0,0 +1 @@
sudo docker build -t pierre42100/gns3-appliance-unsafe-login .

6
unsafe_login/src/bootstrap.min.css vendored Normal file
View File

File diff suppressed because one or more lines are too long

BIN
unsafe_login/src/database.db Normal file
View File

Binary file not shown.

220
unsafe_login/src/index.php Normal file
View File

@@ -0,0 +1,220 @@
<?php
session_start();
$user = NULL;
// First, connect to database
try
{
$db = new PDO('sqlite:'.__DIR__.'/database.db');
}
catch (PDOException $e)
{
echo 'Connection to database failed: ' . $e->getMessage();
}
// Check if user requested to be signed out
if(isset($_GET['sign_out']))
{
unset($_SESSION["user"]);
}
// Check for authentication
if(isset($_POST["user"]) && isset($_POST["password"]))
{
$username = $_POST["user"];
$password_hash = hash("sha512", $_POST["password"]);
$query = "SELECT * FROM users WHERE user = '$username' AND password = '$password_hash'";
$stmt = $db->prepare($query);
$stmt->execute(array());
$res = $stmt->fetchAll();
if(count($res) === 0)
$error = "The specified credentials are invalid!";
else {
$_SESSION["user"] = $res[0]["id"];
}
}
if(isset($_SESSION["user"]))
{
// Extract current user information
$stmt = $db->prepare("SELECT * FROM users WHERE id = ?");
$stmt->execute(array($_SESSION["user"]));
$user = $stmt->fetchAll()[0];
}
?><!doctype html>
<html lang="en" data-bs-theme="auto">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Safesys</title>
<link href="/bootstrap.min.css" rel="stylesheet" integrity="sha384-QWTKZyjpPEjISv5WaRU9OFeRpok6YctnYmDr5pNlyT2bRjXh0JMhjY6hW+ALEwIH" crossorigin="anonymous">
<style>
html,
body {
height: 100%;
}
.form-signin {
max-width: 330px;
padding: 1rem;
}
.form-signin .form-floating:focus-within {
z-index: 2;
}
.form-signin input[type="email"] {
margin-bottom: -1px;
border-bottom-right-radius: 0;
border-bottom-left-radius: 0;
}
.form-signin input[type="password"] {
margin-bottom: 10px;
border-top-left-radius: 0;
border-top-right-radius: 0;
}
.bd-placeholder-img {
font-size: 1.125rem;
text-anchor: middle;
-webkit-user-select: none;
-moz-user-select: none;
user-select: none;
}
@media (min-width: 768px) {
.bd-placeholder-img-lg {
font-size: 3.5rem;
}
}
.b-example-divider {
width: 100%;
height: 3rem;
background-color: rgba(0, 0, 0, .1);
border: solid rgba(0, 0, 0, .15);
border-width: 1px 0;
box-shadow: inset 0 .5em 1.5em rgba(0, 0, 0, .1), inset 0 .125em .5em rgba(0, 0, 0, .15);
}
.b-example-vr {
flex-shrink: 0;
width: 1.5rem;
height: 100vh;
}
.bi {
vertical-align: -.125em;
fill: currentColor;
}
.nav-scroller {
position: relative;
z-index: 2;
height: 2.75rem;
overflow-y: hidden;
}
.nav-scroller .nav {
display: flex;
flex-wrap: nowrap;
padding-bottom: 1rem;
margin-top: -1px;
overflow-x: auto;
text-align: center;
white-space: nowrap;
-webkit-overflow-scrolling: touch;
}
.btn-bd-primary {
--bd-violet-bg: #712cf9;
--bd-violet-rgb: 112.520718, 44.062154, 249.437846;
--bs-btn-font-weight: 600;
--bs-btn-color: var(--bs-white);
--bs-btn-bg: var(--bd-violet-bg);
--bs-btn-border-color: var(--bd-violet-bg);
--bs-btn-hover-color: var(--bs-white);
--bs-btn-hover-bg: #6528e0;
--bs-btn-hover-border-color: #6528e0;
--bs-btn-focus-shadow-rgb: var(--bd-violet-rgb);
--bs-btn-active-color: var(--bs-btn-hover-color);
--bs-btn-active-bg: #5a23c8;
--bs-btn-active-border-color: #5a23c8;
}
.bd-mode-toggle {
z-index: 1500;
}
.bd-mode-toggle .dropdown-menu .active .bi {
display: block !important;
}
</style>
</head>
<body class="d-flex align-items-center py-4 bg-body-tertiary">
<main class="form-signin w-100 m-auto">
<?php
if($user === NULL) {
?><form method="POST" action="/">
<?php
if(isset($error))
{
?><div class="alert alert-danger">
<?=$error?>
</div><?php
}
?>
<h1 class="h3 mb-3 fw-normal">Please sign in</h1>
<div class="form-floating">
<input type="user" class="form-control" id="floatingInput" placeholder="user" name="user" required />
<label for="floatingInput">Username</label>
</div>
<div class="form-floating">
<input type="password" class="form-control" id="floatingPassword" placeholder="Password" name="password" required />
<label for="floatingPassword">Password</label>
</div>
<div class="form-check text-start my-3">
<input class="form-check-input" type="checkbox" value="remember-me" id="flexCheckDefault">
<label class="form-check-label" for="flexCheckDefault">
Remember me
</label>
</div>
<button class="btn btn-primary w-100 py-2" type="submit">Sign in</button>
<p class="mt-5 mb-3 text-body-secondary">&copy; 2025 Safesys</p>
</form><?php
}
else {
?><h3>Welcome <?=$user['user']?>! <a href='/?sign_out=1'>Sign out</a></h3><?php
if($user["is_admin"]) {
?><div class="alert alert-success">
Hey admin ! You can access the secret value: <?=getenv("FLAG")?>
</div><?php
}
else {
?><div class="alert alert-light">
You are not an administrator, you cannot access privileged information!
</div><?php
}
}
?></main>
</body>
</html>