robyfirnandoyusuf · November 3, 2022 06:18
diff --git a/app.py b/app.py
 import mimetypes
 from flask import Flask, render_template, request, Response, send_file, stream_with_context
 from random import randint
 import time

 # Flask constructor takes the name of
 # current module (__name__) as argument.
 app = Flask(__name__, template_folder='template')
 approvals = []

 arrApproves = []
 arrVerifications = []

 script = open('assets/script.js','r').read()
 test = open('assets/test.js','r').read()


 def random_with_N_digits(n):
    range_start = 10**(n-1)
    range_end = (10**n)-1
    return randint(range_start, range_end)

 _id = random_with_N_digits(17)
 # arrApprove.append(_id)

 @app.route('/')
 def index():
    isChrome = "Chrome" in request.headers.get('user-agent')

    def g():
        yield """<!doctype html>
        <title>Inspect Me</title>
        <link rel="stylesheet" href="style.css">

        <style>
          #data {
            text-align: center;
          }
          body {
            background-image: url('background.jpg');
            min-height: 100%;
            background-repeat: no-repeat;
            background-attachment: fixed;
            # background-position: center;
            background-size: cover;
          }
        </style>
        <script>
            window.addEventListener('contextmenu', (e) => {
                e.preventDefault();
                e.stopPropagation();
            });
            window.addEventListener('keydown', (e) => {
                if (e.ctrlKey || e.metaKey) {
                e.preventDefault();
                e.stopPropagation();
                }
            });
        </script>
        <script src="https://code.jquery.com/jquery-3.6.0.min.js" integrity="sha256-/xUj+3OJU5yExlq6GSYGSHk7tPXikynS7ogEvDej/m4=" crossorigin="anonymous"></script>
        <div id="data"></div>
        """

        if isChrome == False:
            yield '''
                <div class="auah"><a href="#">sorry, only chrome is supported!</a></div>
            '''
            return Response(g(), mimetype='text/html')

        # print(arrApprove)
        for i, c in enumerate("h"):
            print(c)
            yield """
            <script>
              / *$("#data").text("{i} {c}")*/
            </script>
            """.format(i=i, c=c)
            time.sleep(1.5)  # an artificial delay

        print(str(_id))
        print(arrApproves)

        if _id not in arrApproves:
            print('kgak approve')
            yield '''
                <body>
                    <div class="auah"><a href="#">No, Cheating</a></div>
                </body>
                </html>
            '''
            return Response(g(), mimetype='text/html')
        
        yield '''
            <script> %s </script>
        ''' % test
        print('load test')

        for i, c in enumerate("h"):
            print(c)
            yield """
            <script>
              / *$("#data").text("{i} {c}")*/
            </script>
            """.format(i=i, c=c)
            time.sleep(.12)

        if _id in arrVerifications:
            yield '''
            <body>
                <div class="auah"><a href="#">Ngehek demi ayank</a></div>
                <p style="margin-top:200px;color:black;">
                    <form>
                        <center>
                            <strong>Password hardcoded in js, try to reveal the password !</strong>
                            <br>
                            <input type="text" placeholder="Password..."/>
                            <input type="submit" value="Check!" />
                        </center>
                    </form>
                </p>
            </body>
            <script>%s</script>
            </html>
            ''' % script
        
    del arrApproves[:]
    del arrVerifications[:]

    return Response(g(), mimetype='text/html')

    
 @app.route('/background.jpg', methods=["GET", "POST"])
 def bg():
    arrApproves.append(_id)
    cookie = request.cookies.get('c')
    print('masuk bg')
    print(cookie)
    
    return send_file('assets/background.jpg', mimetype='image/jpg')
    
 @app.route('/style.css', methods=["GET", "POST"])
 def style():
    css = '''
        
        a, .auah {
            -webkit-box-sizing: content-box;
            -moz-box-sizing: content-box;
            box-sizing: content-box;
            padding: 20px;
            border: none;
            font: normal 60px/1 "electrolize", Helvetica, sans-serif;
            color: red;
            text-align: center;
            -o-text-overflow: ellipsis;
            text-overflow: ellipsis;
            text-shadow: 0 0 10px rgb(255,255,255) , 0 0 20px rgb(255,255,255) , 0 0 30px rgb(255,255,255) , 0 0 24px rgba(188,10,211,1) , 0 0 30px rgba(239,17,255,1) , 0 0 80px rgb(255,17,119) , 0 0 90px rgb(255,17,119) , 0 0 122px rgb(255,17,119) ;
            -webkit-transition: all 200ms cubic-bezier(0.42, 0, 0.58, 1) 10ms;
            -moz-transition: all 200ms cubic-bezier(0.42, 0, 0.58, 1) 10ms;
            -o-transition: all 200ms cubic-bezier(0.42, 0, 0.58, 1) 10ms;
            transition: all 200ms cubic-bezier(0.42, 0, 0.58, 1) 10ms;
            text-decoration: none;
        }
        p{
            text-align: center;
        }

        a:hover, .auah:hover {
            text-shadow: 0 0 5px rgb(255,255,255) , 0 0 10px rgb(255,255,255) , 0 0 15px rgb(255,255,255) , 0 0 20px rgba(178,32,163,1) , 0 0 35px rgba(216,19,193,1) , 0 0 40px rgb(255,17,119) , 0 0 50px rgb(255,17,119) , 0 0 75px rgb(255,17,119) ;
            text-decoration: none;
        }
       

        .incorrect {
            animation: shake 0.25s;
        }
        @keyframes shake {
            0% { transform: rotate(0deg); }
            25% { transform: rotate(5deg); }
            50% { transform: rotate(0eg); }
            75% { transform: rotate(-5deg); }
            100% { transform: rotate(0deg); }
        }
    '''
    return Response(css, mimetype='text/css')
 # routes.set('/load', (req, res) => {
 #   const id = req.headers.cookie?.split('=')[1];
 #   verifications.get(id)?.(true);
 #   res.end();
 # });

 @app.route('/load', methods=["POST"])
 def load():
    arrVerifications.append(_id)
    cookie = request.cookies.get('c')
    return Response('')

 if __name__ == '__main__':
    # on the local development server.
    app.run(debug=True, host='0.0.0.0', port=3000)
	import mimetypes
	from flask import Flask, render_template, request, Response, send_file, stream_with_context
	from random import randint
	import time

	# Flask constructor takes the name of
	# current module (__name__) as argument.
	app = Flask(__name__, template_folder='template')
	approvals = []

	arrApproves = []
	arrVerifications = []

	script = open('assets/script.js','r').read()
	test = open('assets/test.js','r').read()


	def random_with_N_digits(n):
	range_start = 10**(n-1)
	range_end = (10**n)-1
	return randint(range_start, range_end)

	_id = random_with_N_digits(17)
	# arrApprove.append(_id)

	@app.route('/')
	def index():
	isChrome = "Chrome" in request.headers.get('user-agent')

	def g():
	yield """<!doctype html>
	<title>Inspect Me</title>
	<link rel="stylesheet" href="style.css">

	<style>
	#data {
	text-align: center;
	}
	body {
	background-image: url('background.jpg');
	min-height: 100%;
	background-repeat: no-repeat;
	background-attachment: fixed;
	# background-position: center;
	background-size: cover;
	}
	</style>
	<script>
	window.addEventListener('contextmenu', (e) => {
	e.preventDefault();
	e.stopPropagation();
	});
	window.addEventListener('keydown', (e) => {
	if (e.ctrlKey \|\| e.metaKey) {
	e.preventDefault();
	e.stopPropagation();
	}
	});
	</script>
	<script src="https://code.jquery.com/jquery-3.6.0.min.js" integrity="sha256-/xUj+3OJU5yExlq6GSYGSHk7tPXikynS7ogEvDej/m4=" crossorigin="anonymous"></script>
	<div id="data"></div>
	"""

	if isChrome == False:
	yield '''
	<div class="auah"><a href="#">sorry, only chrome is supported!</a></div>
	'''
	return Response(g(), mimetype='text/html')

	# print(arrApprove)
	for i, c in enumerate("h"):
	print(c)
	yield """
	<script>
	/ $("#data").text("{i} {c}")/
	</script>
	""".format(i=i, c=c)
	time.sleep(1.5) # an artificial delay

	print(str(_id))
	print(arrApproves)

	if _id not in arrApproves:
	print('kgak approve')
	yield '''
	<body>
	<div class="auah"><a href="#">No, Cheating</a></div>
	</body>
	</html>
	'''
	return Response(g(), mimetype='text/html')

	yield '''
	<script> %s </script>
	''' % test
	print('load test')

	for i, c in enumerate("h"):
	print(c)
	yield """
	<script>
	/ $("#data").text("{i} {c}")/
	</script>
	""".format(i=i, c=c)
	time.sleep(.12)

	if _id in arrVerifications:
	yield '''
	<body>
	<div class="auah"><a href="#">Ngehek demi ayank</a></div>
	<p style="margin-top:200px;color:black;">
	<form>
	<center>
	<strong>Password hardcoded in js, try to reveal the password !</strong>
	<br>
	<input type="text" placeholder="Password..."/>
	<input type="submit" value="Check!" />
	</center>
	</form>
	</p>
	</body>
	<script>%s</script>
	</html>
	''' % script

	del arrApproves[:]
	del arrVerifications[:]

	return Response(g(), mimetype='text/html')


	@app.route('/background.jpg', methods=["GET", "POST"])
	def bg():
	arrApproves.append(_id)
	cookie = request.cookies.get('c')
	print('masuk bg')
	print(cookie)

	return send_file('assets/background.jpg', mimetype='image/jpg')

	@app.route('/style.css', methods=["GET", "POST"])
	def style():
	css = '''

	a, .auah {
	-webkit-box-sizing: content-box;
	-moz-box-sizing: content-box;
	box-sizing: content-box;
	padding: 20px;
	border: none;
	font: normal 60px/1 "electrolize", Helvetica, sans-serif;
	color: red;
	text-align: center;
	-o-text-overflow: ellipsis;
	text-overflow: ellipsis;
	text-shadow: 0 0 10px rgb(255,255,255) , 0 0 20px rgb(255,255,255) , 0 0 30px rgb(255,255,255) , 0 0 24px rgba(188,10,211,1) , 0 0 30px rgba(239,17,255,1) , 0 0 80px rgb(255,17,119) , 0 0 90px rgb(255,17,119) , 0 0 122px rgb(255,17,119) ;
	-webkit-transition: all 200ms cubic-bezier(0.42, 0, 0.58, 1) 10ms;
	-moz-transition: all 200ms cubic-bezier(0.42, 0, 0.58, 1) 10ms;
	-o-transition: all 200ms cubic-bezier(0.42, 0, 0.58, 1) 10ms;
	transition: all 200ms cubic-bezier(0.42, 0, 0.58, 1) 10ms;
	text-decoration: none;
	}
	p{
	text-align: center;
	}

	a:hover, .auah:hover {
	text-shadow: 0 0 5px rgb(255,255,255) , 0 0 10px rgb(255,255,255) , 0 0 15px rgb(255,255,255) , 0 0 20px rgba(178,32,163,1) , 0 0 35px rgba(216,19,193,1) , 0 0 40px rgb(255,17,119) , 0 0 50px rgb(255,17,119) , 0 0 75px rgb(255,17,119) ;
	text-decoration: none;
	}


	.incorrect {
	animation: shake 0.25s;
	}
	@keyframes shake {
	0% { transform: rotate(0deg); }
	25% { transform: rotate(5deg); }
	50% { transform: rotate(0eg); }
	75% { transform: rotate(-5deg); }
	100% { transform: rotate(0deg); }
	}
	'''
	return Response(css, mimetype='text/css')
	# routes.set('/load', (req, res) => {
	# const id = req.headers.cookie?.split('=')[1];
	# verifications.get(id)?.(true);
	# res.end();
	# });

	@app.route('/load', methods=["POST"])
	def load():
	arrVerifications.append(_id)
	cookie = request.cookies.get('c')
	return Response('')

	if __name__ == '__main__':
	# on the local development server.
	app.run(debug=True, host='0.0.0.0', port=3000)