tristandostaler · June 16, 2021 00:39
diff --git a/nsec2021-hymn-backup_app.py b/nsec2021-hymn-backup_app.py
 from flask import Flask
 from flask import g
 from flask import redirect, render_template, request, send_file, make_response, session, url_for
 from captcha.image import ImageCaptcha
 from io import BytesIO
 from Crypto.Cipher import ARC4
 from Crypto.Hash import SHA
 from Crypto.Random import get_random_bytes
 import base64
 import string
 import random



 app = Flask(__name__)
 cache = {}
 cache['foo'] = 1


 @app.after_request
 def add_header(response):
    response.headers['Cache-Control'] = 'no-store, public, max-age=0'
    return response



 @app.route('/',methods=['GET','POST'])
 def index():
    if request.method == "POST":
        if ('CT' not in request.cookies):
            return redirect('/')
        else:
            if (int(request.cookies.get('CT').split("|")[1]) != int(cache['foo']-1)):
                
                resp = make_response(render_template('index.html', tries=0))
                resp.set_cookie('CT',make_struct(get_random_string(),0,cache['foo']))
                cache['foo'] = cache['foo'] +1
                return resp
            gh = parse_struct(request.cookies.get('CT'))
            verse = request.form.get('verse')
            original_verse = gh.split('|')[0]
            current_tries = int(gh.split('|')[1])
            # SUCCESsS
            if (current_tries > 10000000000000000):
                return "THE FLAG IS XXXXXXXXXXXXX" #TODO: Add real flag
            if (verse == original_verse):
                letters = get_random_string()
                tries = current_tries + 1
                struct = make_struct(letters,tries,cache['foo'])
                resp = make_response(render_template('index.html',tries=tries,msg='Good job. You still have a few more to do'))
                resp.set_cookie('CT',struct)
                cache['foo'] = cache['foo'] + 1
                return resp
            else:
                letters = get_random_string()
                struct = make_struct(letters,0,cache['foo'])
                resp = make_response(render_template('index.html',tries=0, msg='Sorry, you said your hymn wrong. I was expecting : ' + original_verse))
                resp.set_cookie('CT',struct)
                cache['foo'] = cache['foo'] + 1
                return resp
    if request.method == "GET":
        if ( 'CT' not in request.cookies):
            letters = get_random_string()
            struct = make_struct(letters,0,cache['foo'])
            resp = make_response(render_template('index.html',tries=0))
            resp.set_cookie('CT',struct)
            cache['foo'] = cache['foo'] +1
            return resp
        else:
            gh = parse_struct(request.cookies.get('CT'))
            letters = get_random_string()
            tries = int(gh.split('|')[1])
            struct = make_struct(letters,tries,cache['foo'])
            resp = make_response(render_template('index.html',tries=tries))
            resp.set_cookie('CT',struct)
            cache['foo'] = cache['foo'] + 1
            return resp




 @app.route('/captcha')
 def captcha():
    if ('CT' not in request.cookies):
    # Value | num tries | ctr
        return redirect('/')
    else:
        try:
            z = parse_struct(request.cookies.get('CT'))
        except:
            z = get_random_string() + "|0000000000000000000000000|"+str(cache['foo'])
        image = ImageCaptcha(fonts=['x.ttf'],  height=300, width=600, font_sizes=[70])
        letters = z.split('|')[0]
        data = image.generate(letters)
        resp =  make_response(send_file(data, cache_timeout=-1, mimetype='image/png', as_attachment=False))
        return resp

 def get_random_string():
    letters = string.ascii_lowercase
    result_str = ''.join(random.choice(letters) for i in range(10))
    return result_str

 def make_struct(letters, tries, ctr):
    x = letters + "|" + str(tries).zfill(24) + "|" + str(ctr)
    y = base64.b64encode(encrypt(ctr,x)).decode('UTF-8')+"|" + str(ctr)
    return y

 def parse_struct(ct):
    ctr = ct.split("|")[1]
    try:
        zz = base64.b64decode(ct.split("|")[0])
    except:
        zz= make_struct(get_random_string,0,cache['foo']).split('|')[0]
    if (ctr != cache['foo']-1):
        rr = decrypt(cache['foo']-1,zz).decode('UTF-8')
        if (int(rr.split('|')[2]) != int(cache['foo']-1)):
            print(rr.split('|')[2])
            raise ValueError

        if (int(rr.split('|')[2]) != int(ctr)):
            raise ValueError
            return False
        return rr
    else: 
        return get_random_strings + "|" + str(0).zfill(24) + "|" + cache['foo']


 def decrypt(ctr, msg):
    x = int(cache['foo']-1)
    key = b'BRING YOUR OWN KEY'
    nonce = str(x%2048).encode('UTF-8')
    tempkey = SHA.new(key+nonce).digest()
    cipher = ARC4.new(tempkey)
    msg =cipher.decrypt(msg)
    return msg

 def encrypt(ctr, msg):
    key = b'BRING YOUR OWN KEY'
    nonce = str(ctr%2048).encode('UTF-8')
    tempkey = SHA.new(key+nonce).digest()
    cipher = ARC4.new(tempkey)
    msg = cipher.encrypt(msg.encode('UTF-8'))
    return msg
	from flask import Flask
	from flask import g
	from flask import redirect, render_template, request, send_file, make_response, session, url_for
	from captcha.image import ImageCaptcha
	from io import BytesIO
	from Crypto.Cipher import ARC4
	from Crypto.Hash import SHA
	from Crypto.Random import get_random_bytes
	import base64
	import string
	import random



	app = Flask(__name__)
	cache = {}
	cache['foo'] = 1


	@app.after_request
	def add_header(response):
	response.headers['Cache-Control'] = 'no-store, public, max-age=0'
	return response



	@app.route('/',methods=['GET','POST'])
	def index():
	if request.method == "POST":
	if ('CT' not in request.cookies):
	return redirect('/')
	else:
	if (int(request.cookies.get('CT').split("\|")[1]) != int(cache['foo']-1)):

	resp = make_response(render_template('index.html', tries=0))
	resp.set_cookie('CT',make_struct(get_random_string(),0,cache['foo']))
	cache['foo'] = cache['foo'] +1
	return resp
	gh = parse_struct(request.cookies.get('CT'))
	verse = request.form.get('verse')
	original_verse = gh.split('\|')[0]
	current_tries = int(gh.split('\|')[1])
	# SUCCESsS
	if (current_tries > 10000000000000000):
	return "THE FLAG IS XXXXXXXXXXXXX" #TODO: Add real flag
	if (verse == original_verse):
	letters = get_random_string()
	tries = current_tries + 1
	struct = make_struct(letters,tries,cache['foo'])
	resp = make_response(render_template('index.html',tries=tries,msg='Good job. You still have a few more to do'))
	resp.set_cookie('CT',struct)
	cache['foo'] = cache['foo'] + 1
	return resp
	else:
	letters = get_random_string()
	struct = make_struct(letters,0,cache['foo'])
	resp = make_response(render_template('index.html',tries=0, msg='Sorry, you said your hymn wrong. I was expecting : ' + original_verse))
	resp.set_cookie('CT',struct)
	cache['foo'] = cache['foo'] + 1
	return resp
	if request.method == "GET":
	if ( 'CT' not in request.cookies):
	letters = get_random_string()
	struct = make_struct(letters,0,cache['foo'])
	resp = make_response(render_template('index.html',tries=0))
	resp.set_cookie('CT',struct)
	cache['foo'] = cache['foo'] +1
	return resp
	else:
	gh = parse_struct(request.cookies.get('CT'))
	letters = get_random_string()
	tries = int(gh.split('\|')[1])
	struct = make_struct(letters,tries,cache['foo'])
	resp = make_response(render_template('index.html',tries=tries))
	resp.set_cookie('CT',struct)
	cache['foo'] = cache['foo'] + 1
	return resp




	@app.route('/captcha')
	def captcha():
	if ('CT' not in request.cookies):
	# Value \| num tries \| ctr
	return redirect('/')
	else:
	try:
	z = parse_struct(request.cookies.get('CT'))
	except:
	z = get_random_string() + "\|0000000000000000000000000\|"+str(cache['foo'])
	image = ImageCaptcha(fonts=['x.ttf'], height=300, width=600, font_sizes=[70])
	letters = z.split('\|')[0]
	data = image.generate(letters)
	resp = make_response(send_file(data, cache_timeout=-1, mimetype='image/png', as_attachment=False))
	return resp

	def get_random_string():
	letters = string.ascii_lowercase
	result_str = ''.join(random.choice(letters) for i in range(10))
	return result_str

	def make_struct(letters, tries, ctr):
	x = letters + "\|" + str(tries).zfill(24) + "\|" + str(ctr)
	y = base64.b64encode(encrypt(ctr,x)).decode('UTF-8')+"\|" + str(ctr)
	return y

	def parse_struct(ct):
	ctr = ct.split("\|")[1]
	try:
	zz = base64.b64decode(ct.split("\|")[0])
	except:
	zz= make_struct(get_random_string,0,cache['foo']).split('\|')[0]
	if (ctr != cache['foo']-1):
	rr = decrypt(cache['foo']-1,zz).decode('UTF-8')
	if (int(rr.split('\|')[2]) != int(cache['foo']-1)):
	print(rr.split('\|')[2])
	raise ValueError

	if (int(rr.split('\|')[2]) != int(ctr)):
	raise ValueError
	return False
	return rr
	else:
	return get_random_strings + "\|" + str(0).zfill(24) + "\|" + cache['foo']


	def decrypt(ctr, msg):
	x = int(cache['foo']-1)
	key = b'BRING YOUR OWN KEY'
	nonce = str(x%2048).encode('UTF-8')
	tempkey = SHA.new(key+nonce).digest()
	cipher = ARC4.new(tempkey)
	msg =cipher.decrypt(msg)
	return msg

	def encrypt(ctr, msg):
	key = b'BRING YOUR OWN KEY'
	nonce = str(ctr%2048).encode('UTF-8')
	tempkey = SHA.new(key+nonce).digest()
	cipher = ARC4.new(tempkey)
	msg = cipher.encrypt(msg.encode('UTF-8'))
	return msg