-
Notifications
You must be signed in to change notification settings - Fork 1
/
app.py
108 lines (92 loc) · 3.46 KB
/
app.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
from flask import Flask, request, render_template, redirect, url_for, session
from sqlalchemy import create_engine
from sqlalchemy.engine.url import make_url
import pymysql.cursors
import time
import os
import socket
from flask_limiter import Limiter
from flask_limiter.util import get_remote_address
app = Flask(__name__)
app.secret_key = os.urandom(64)
# limiter = Limiter(
# app=app,
# key_func=get_remote_address, # 使用客户端IP作为限制的键
# default_limits=["5 per minute"] # 默认限制,每分钟最多5次请求
# )
# 等待数据库初始化上线
url = make_url("mysql+pymysql://root:sssctf2024_rootpassword@scr1wgpt-mysql/sssctf2024_db")
url.database = None
engine = create_engine(url)
print(f"等待数据库就绪。。。", end="", flush=True)
while True:
try:
engine.raw_connection()
break
except Exception:
print("。", end="", flush=True)
time.sleep(3)
print("", flush=True)
# MySQL 连接配置
conn = pymysql.connect(
host='scr1wgpt-mysql',
user='root',
password='sssctf2024_rootpassword',
database='sssctf2024_db',
cursorclass=pymysql.cursors.DictCursor
)
@app.route('/')
def index():
return redirect(url_for('login'))
@app.route('/login', methods=['GET', 'POST'])
# @limiter.limit("10 per minute") # Limits to 10 login attempts per minute
def login():
msg = ''
if request.method == 'POST':
username = request.form['username']
password = request.form['password']
waf = ['or', 'and', '/', '0x', '0b', '0o', ';', 'outfile', 'load_file', 'terminated', 'field']
ulow = username.lower()
plow = password.lower()
for waff in waf:
if waff in ulow or waff in plow:
msg = "Login failed!"
return render_template('login.html', msg=msg)
cur = conn.cursor()
query = f"SELECT * FROM sssctf2024_users WHERE username='{username}' AND password='{password}' LIMIT 0,1"
try:
cur.execute(query) # 执行SQL查询
result = cur.fetchall() # 获取所有结果
if result:
if not (username == 'Scr1w_admin' and password == 'sssctf2024_P@ssvv0rd'):
msg = 'Login failed!'
return render_template('login.html', msg=msg)
session['username'] = username # 将用户名存储在会话中
return redirect(url_for('options'))
else:
msg = 'Login failed!'
except Exception as error:
print(f"An error occurred: {error}", flush=True)
msg = 'Login failed!'
return render_template('login.html', msg=msg)
@app.route('/options')
def options():
if 'username' not in session:
return redirect(url_for('login'))
return render_template('options.html')
def get_scr1wgpt_ip():
try:
return socket.gethostbyname('scr1wgpt')
except socket.gaierror:
return None
@app.route('/generator')
def flag():
scr1wgpt_ip = get_scr1wgpt_ip()
if scr1wgpt_ip is None:
return 'Unable to resolve scr1wgpt domain'
if request.remote_addr != scr1wgpt_ip:
return render_template('generator.html', message='Remote test flag has been generated:\nSsS(tF{f@k3_f|4g_l-lAl-lA]')
flag_value = os.getenv('FLAG', 'Flag not set')
return render_template('generator.html', message="Local flag has been generated:\n" + flag_value)
if __name__ == '__main__':
app.run(host='0.0.0.0', port='80')