Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Decompilers online
- File Name: Examen.class, Done.
- Java decompilers
- APK decompiler
- ApkTool online
- Download Jad
- Decompilation Results
- Decompilation Results
- File Name: Examen.class
- Decompiler: JDCore
- Job status: Done.
- Save
- Twitter Facebook Google+ Stumbleupon LinkedIn
- Examen.class
- package org.owasp.webgoat.lessons;
- import java.io.IOException;
- import java.io.PrintStream;
- import java.sql.Connection;
- import java.sql.PreparedStatement;
- import java.sql.ResultSet;
- import java.sql.ResultSetMetaData;
- import java.sql.SQLException;
- import java.sql.Statement;
- import java.util.ArrayList;
- import java.util.List;
- import java.util.regex.Matcher;
- import java.util.regex.Pattern;
- import javax.servlet.http.Cookie;
- import javax.servlet.http.HttpServletResponse;
- import org.apache.ecs.Element;
- import org.apache.ecs.ElementContainer;
- import org.apache.ecs.StringElement;
- import org.apache.ecs.html.A;
- import org.apache.ecs.html.B;
- import org.apache.ecs.html.Div;
- import org.apache.ecs.html.HR;
- import org.apache.ecs.html.Input;
- import org.apache.ecs.html.P;
- import org.apache.ecs.html.TD;
- import org.apache.ecs.html.TR;
- import org.apache.ecs.html.Table;
- import org.apache.ecs.html.TextArea;
- import org.owasp.webgoat.session.DatabaseUtilities;
- import org.owasp.webgoat.session.ECSFactory;
- import org.owasp.webgoat.session.ParameterParser;
- import org.owasp.webgoat.session.WebSession;
- import org.owasp.webgoat.util.HtmlEncoder;
- import sun.misc.BASE64Decoder;
- import sun.misc.BASE64Encoder;
- public class Examen
- extends LessonAdapter
- {
- public static final A HOWEST_LOGO = new A().setHref("http://www.howest.be")
- .addElement("");
- private String accountName;
- private String accountPass;
- private String Credits;
- private String Smiley = null;
- private boolean isAuth = false;
- private boolean isPremium = false;
- private static String MESSAGE = "message";
- private static int MESSAGE_COL = 3;
- private static String NUMBER = "Num";
- private static int NUM_COL = 1;
- private static String TITLE = "title";
- private static int TITLE_COL = 2;
- private static int count = 1;
- private static int USER_COL = 4;
- private String regexdisabledaccounts = "student|prettige_vakantie";
- private Pattern patterndisabledaccounts;
- private int is_escalated_admin = -1;
- private int backdoor_count = 0;
- public static final String account_table = "pen_account_table";
- public static final String admin_pass = "w007-89";
- public static final String code1 = "L4s3R-07";
- public static final String code2 = "D0min4t10N-36";
- public static final String code3 = "G0Ld-47";
- public static final String code4 = "3xPL0re-22";
- public static final String code5 = "Dr.N0-01";
- public static final String code6 = "B0nD-07";
- public String success_code = "";
- private static BASE64Decoder base64decoder = new BASE64Decoder();
- private static BASE64Encoder base64encoder = new BASE64Encoder();
- private static int credits_threshold = -1;
- private static int credits_upgrade = 500;
- private static int leet_shop_credits = 654321;
- private static String leet_shop_item = "Huur Preben in als superman";
- private static boolean allow_script = false;
- private static boolean allow_sqli = false;
- private static int additional_accounts = 0;
- private static boolean check_empty_accounts = true;
- private static String[] ACCT = {
- "id", "gebruikerid", "gebruiker_id", "user_id", "userid",
- "login", "user", "name",
- "paswoord", "pass", "password", "passphrase", "secret",
- "admin_access", "is_admin", "has_admin", "is_root", "beheerder", "super", "is_super",
- "notitie", "note", "info",
- "email", "mail", "email_address", "address", "contact",
- "is_premium",
- "pen_accounts", "exam_data", "pen_exam", "tbl_account", "prism", "geheime_tabel", "defcon", "prettige_vakantie", "bijna_s3" };
- private static final int ACCT_ID = 4;
- private static final int ACCT_NAME = 7;
- private static final int ACCT_PASS = 9;
- private static final int ACCT_IS_ADMIN = 13;
- private static final int ACCT_IS_PREMIUM = 28;
- private static final int ACCT_NOTITIE = 22;
- private static final int ACCT_EMAIL = 23;
- private static final int ACCT_TABLE = 35;
- private static String[][] codes = {
- { "r00t", "K1dd13", "EeeV1ll", "N000bie", "H4XZ", "OOOwned", "W00T", "D3fC0n" },
- { "an0nym0us", "H4X0R", "N00b", "W00T", "K1dd1e", "R00T3d", "PWN3D", "BruC0n" },
- { "wh1teh4t", "3V1L", "r00T", "N00B", "1337", "sk1LLz", "0WN3D", "L4sV3g4z" },
- { "bl4CKh4t", "M1gh7y", "P0w3R", "4n4rchy", "31337", "n1md4", "H4xZ", "P4ss3d" },
- { "PWN3D", "R00T3d", "an0nym0us", "K1dd1e", "W00T", "N00b", "H4X0R", "Y0u Rul3" },
- { "0WN3D", "sk1LLz", "1337", "N00B", "r00T", "3V1L", "wh1teh4t", "D1ploma", "W0rlD+D0g" },
- { "4DM1N", "31337", "4n4rchy", "P0w3R", "r00t", "H4X0RZ", "GR3YH47", "D3fC0n" },
- { "r00t", "H4X0R", "N00b", "W00T", "K1dd1e", "R00T3d", "PWN3D", "BruC0n" },
- { "an0nyM0us", "3V1L", "r00T", "N00B", "1337", "sk1LLz", "0WN3D", "L4sV3g4z" },
- { "wh1teh4t", "M1gh7y", "P0w3R", "4n4rchy", "31337", "n1md4", "H4xZ", "Y0u Rul3" },
- { "bl4CKh4t", "R00T3d", "an0nym0us", "K1dd1e", "W00T", "N00b", "H4X0R", "W0rlD+D0g" },
- { "PWN3D", "sk1LLz", "1337", "N00B", "r00T", "3V1L", "wh1teh4t", "D3fC0n" },
- { "0WN3D", "31337", "4n4rchy", "P0w3R", "r00t", "H4X0RZ", "GR3YH47", "Y0u Rul3" },
- { "4DM1N", "K1dd13", "EeeV1ll", "N000bie", "H4XZ", "OOOwned", "W00T", "P4ss3d" },
- { "r00t", "K1dd13", "EeeV1ll", "H4XZ", "N000bie", "OOOwned", "W00T", "D3fC0n" },
- { "an0nym0us", "H4X0R", "N00b", "K1dd1e", "W00T", "R00T3d", "PWN3D", "BruC0n" },
- { "wh1teh4t", "3V1L", "r00T", "1337", "N00B", "sk1LLz", "0WN3D", "L4sV3g4z" },
- { "bl4CKh4t", "M1gh7y", "P0w3R", "31337", "4n4rchy", "n1md4", "H4xZ", "P4ss3d" },
- { "PWN3D", "R00T3d", "an0nym0us", "W00T", "K1dd1e", "N00b", "H4X0R", "Y0u Rul3" },
- { "0WN3D", "sk1LLz", "1337", "N00B", "3V1L", "r00T", "wh1teh4t", "D1ploma", "W0rlD+D0g" },
- { "4DM1N", "31337", "4n4rchy", "r00t", "P0w3R", "H4X0RZ", "GR3YH47", "D3fC0n" },
- { "r00t", "H4X0R", "N00b", "K1dd1e", "W00T", "R00T3d", "PWN3D", "BruC0n" },
- { "an0nyM0us", "3V1L", "r00T", "1337", "N00B", "sk1LLz", "0WN3D", "L4sV3g4z" },
- { "wh1teh4t", "M1gh7y", "P0w3R", "31337", "4n4rchy", "n1md4", "H4xZ", "Y0u Rul3" },
- { "bl4CKh4t", "R00T3d", "an0nym0us", "W00T", "K1dd1e", "N00b", "H4X0R", "W0rlD+D0g" },
- { "PWN3D", "sk1LLz", "1337", "r00T", "N00B", "3V1L", "wh1teh4t", "D3fC0n" },
- { "0WN3D", "31337", "4n4rchy", "r00t", "P0w3R", "H4X0RZ", "GR3YH47", "Y0u Rul3" },
- { "4DM1N", "K1dd13", "EeeV1ll", "H4XZ", "N000bie", "OOOwned", "W00T", "P4ss3d" } };
- private static final String ACCT_ADMIN = "lector";
- private static final String ACCT_USER = "student";
- private static final String ACCT_THIRD = "tweedezit";
- private static final String ACCT_BACKDOOR_USER = "disabled";
- private static final String ACCT_BACKDOOR_PASS = "wortel";
- private static final String BERICHT = "prettige_vakantie";
- public Examen() {}
- protected Element createContent(WebSession s)
- {
- ElementContainer ec = new ElementContainer();
- try
- {
- Connection connection = DatabaseUtilities.getConnection(s);
- Statement statement = connection.createStatement(1004,
- 1007);
- try
- {
- statement.executeQuery(Query("*", ACCT[35], ""));
- } catch (SQLException sqle) {
- createLoginDataTable(connection);
- createPremiumContents(connection);
- }
- patterndisabledaccounts = Pattern.compile(regexdisabledaccounts);
- is_escalated_admin = IsAdmin(connection, "student");
- backdoor_count = GetCountUser(connection, "disabled", "wortel");
- Solution(s);
- if (!isAuth) {
- accountName = s.getParser().getRawParameter(ACCT[7], "");
- accountPass = s.getParser().getRawParameter(ACCT[9], "");
- if (IsSQLi(accountName)) {
- s.setMessage("SQL injectie gedetecteerd! Probeer nog eens :-p");
- accountName = "";
- }
- if (IsSQLi(accountPass)) {
- s.setMessage("SQL injectie gedetecteerd! Probeer nog eens :-p");
- accountPass = "";
- }
- }
- Credits = Decode(s.getCookie("credits"));
- if ((Credits == null) || (Credits.isEmpty())) {
- Credits = "0";
- }
- Smiley = s.getCookie("smiley");
- if (isAuth)
- {
- String Action = s.getParser().getRawParameter("SUBMIT", "");
- if (Action.equals("Aanpassen"))
- {
- try {
- String is_admin = s.getParser().getRawParameter(ACCT[13], "");
- String email = s.getParser().getRawParameter(ACCT[23], "");
- String notitie = s.getParser().getRawParameter(ACCT[22], "");
- String SQL = "UPDATE " + ACCT[35] + " SET " + ACCT[9] + "='" + s.getParser().getRawParameter(ACCT[9], "") + "'";
- if (!notitie.equals("")) {
- SQL = SQL + ", " + ACCT[22] + "='" + notitie + "'";
- }
- if (!email.equals("")) {
- SQL = SQL + ", " + ACCT[23] + "='" + email + "'";
- }
- if (!is_admin.equals("")) {
- SQL = SQL + ", " + ACCT[13] + "=" + is_admin;
- }
- SQL = SQL + " WHERE " + ACCT[7] + "='" + accountName + "'";
- ResultSet results = statement.executeQuery(SQL);
- AddCredits(2);
- }
- catch (SQLException sqle) {
- ec.addElement(new P().addElement(sqle.getMessage()));
- sqle.printStackTrace();
- }
- }
- else if ((Action.equals("Upgrade")) && (credits_upgrade > 0)) {
- String SQL = "UPDATE " + ACCT[35] + " SET " + ACCT[28] + "=1";
- SQL = SQL + " WHERE " + ACCT[7] + "='" + accountName + "'";
- ResultSet results = statement.executeQuery(SQL);
- AddCredits(-1 * credits_upgrade);
- isPremium = true;
- s.setMessage("Tof! Je hebt nu een Premium account. Kijk gerust eens in onze Premium Shop.");
- }
- else if ((Action.equals("Koop")) && (credits_upgrade > 0)) {
- String item = s.getParser().getRawParameter("Koop", "");
- s.setMessage("Bedankt! U hebt een " + item + " aangekocht.");
- int bedrag = GetPremiumBedrag(item, s);
- AddCredits(-1 * bedrag);
- }
- else if (Action.equals("Uitloggen")) {
- isAuth = false;
- isPremium = false;
- accountName = "";
- accountPass = "";
- }
- }
- if ((!isAuth) && (accountName.equals("")))
- {
- ec.addElement(ToonLogin(s));
- }
- else
- {
- String query = Query("*", ACCT[35], ACCT[7] + " = '" + accountName + "' AND " + ACCT[9] + " = '" + accountPass + "'");
- try
- {
- ResultSet results = statement.executeQuery(query);
- if ((results != null) && (results.first()))
- {
- accountName = results.getString(ACCT[7]);
- accountPass = results.getString(ACCT[9]);
- isPremium = results.getBoolean(ACCT[28]);
- if ((!isAuth) && (patterndisabledaccounts.matcher(accountName).matches()))
- {
- s.setMessage("Proficiat! U bent nu ingelogd als gebruiker " + accountName + ".<br> Schrijf volgende code op het antwoordblad: " + GetCode(1));
- success_code = " L4s3R-07";
- }
- isAuth = true;
- if ((isPremium) && (Smiley != null)) {
- ec.addElement("<div align=\"center\" style=\"font-size: 20px;\">" + Smiley + "</div>");
- }
- if (isPremium) {
- ec.addElement("<h1>Premium Shop</h1>");
- ec.addElement("<form method=GET action=\"?\">");
- ec.addElement(ToonPremiumShop(s, GetTotalCredits()));
- ec.addElement("</form>");
- }
- addMessage(s);
- ec.addElement("<br/><br/>");
- ec.addElement("<h1>Berichten</h1>");
- ec.addElement(ShowMessages(s));
- ec.addElement(new HR());
- ec.addElement(makeCurrent(s));
- ec.addElement(new HR());
- ec.addElement(ShowAddMessage(s));
- ec.addElement(new HR());
- ec.addElement("</form>");
- ResultSetMetaData resultsMetaData = results.getMetaData();
- ec.addElement("<br/><br/>");
- ec.addElement("<h1>Uw profiel</h1>");
- ec.addElement("<form method=GET action=\"?\">");
- ec.addElement(ToonProfiel(s, results, resultsMetaData));
- Input b = (Input)ECSFactory.makeButton("Aanpassen");
- ec.addElement(b);
- b = (Input)ECSFactory.makeButton("Uitloggen");
- ec.addElement(b);
- ec.addElement(new HR());
- ec.addElement("<br/><br/>");
- ec.addElement("<h1>Uw krediet</h1>");
- ec.addElement(ToonCredits(s, Credits));
- Cookie k = new Cookie("credits", Encode(Credits));
- s.getResponse().addCookie(k);
- }
- else
- {
- isAuth = false;
- ec.addElement(ToonLogin(s));
- ec.addElement("<br><br>Ongeldige login. Probeer opnieuw.");
- }
- } catch (SQLException sqle) {
- ec.addElement(new P().addElement(sqle.getMessage()));
- sqle.printStackTrace();
- }
- }
- if (is_escalated_admin == 0) {
- is_escalated_admin = IsAdmin(connection, "student");
- if (is_escalated_admin == 1) {
- s.setMessage("De account 'student' is nu admin! Schrijf volgende code op het antwoordblad: " + GetCode(3));
- success_code = " G0Ld-47";
- }
- }
- if (check_empty_accounts) {
- int row_count = GetDBint(connection, Query("COUNT(*) AS rowcount", ACCT[35], ""));
- if (row_count == 0) {
- s.setMessage("Geen accounts gevonden! Schrijf volgende code op het antwoordblad: " + GetCode(5));
- success_code = " Dr.N0-01";
- }
- }
- if ((backdoor_count == 0) && (!"disabled".equals("disabled"))) {
- backdoor_count = GetCountUser(connection, "disabled", "wortel");
- if (backdoor_count == 1) {
- s.setMessage("Er is een account 'disabled' toegevoegd! Schrijf volgende code op het antwoordblad: " + GetCode(6));
- success_code = " 3xPL0re-22";
- }
- }
- }
- catch (Exception e)
- {
- s.setMessage("Error generating " + getClass().getName());
- e.printStackTrace();
- }
- return ec;
- }
- private Element ToonLogin(WebSession s)
- {
- ElementContainer ec = new ElementContainer();
- ec.addElement(new P().addElement("Gebruiker: "));
- Input user = new Input("TEXT", ACCT[7], accountName.toString());
- ec.addElement(user);
- ec.addElement(new P().addElement("Paswoord: "));
- Input pass = new Input("PASSWORD", ACCT[9], "");
- ec.addElement(pass);
- ec.addElement(new StringElement(GenerateLoginJS()));
- Input b = new Input();
- b.setType("BUTTON");
- b.setValue("Inloggen");
- b.addAttribute("onclick", "validate();");
- ec.addElement(b);
- return ec;
- }
- private String GenerateLoginJS()
- {
- String lineSep = System.getProperty("line.separator");
- String script = "<SCRIPT>" + lineSep +
- "function validate() { " + lineSep;
- script = script +
- ObfuscateJavaScript(new StringBuilder("regexdisabledaccounts=/").append(regexdisabledaccounts).append("/;").append(lineSep)
- .append("msg='Account niet toegelaten'; err=0; ").append(lineSep)
- .append("if (regexdisabledaccounts.test(document.form.").append(ACCT[7]).append(".value)) {err+=1; msg+='\\n Uw account heeft geen toegang tot deze site.';}").append(lineSep)
- .append("if ( err > 0 ) alert(msg);").append(lineSep).append("else document.form.submit();").toString());
- script = script + lineSep + "} " + lineSep;
- script = script + "</SCRIPT>" + lineSep;
- return script;
- }
- private Element ToonProfiel(WebSession s, ResultSet results, ResultSetMetaData resultsMetaData)
- throws IOException, SQLException
- {
- results.beforeFirst();
- if (results.next())
- {
- Table t = new Table(1);
- t.setCellPadding(2);
- TR row = new TR();
- TD cell = new TD();
- cell.addElement(new B(ACCT[4]));
- cell.addElement(new Input("HIDDEN", "Screen", s.getParser().getRawParameter("Screen", "")));
- cell.addElement(new Input("HIDDEN", "menu", s.getParser().getRawParameter("menu", "")));
- row.addElement(cell);
- row.addElement(new TD(ConvertNull(results.getString(ACCT[4])).replaceAll(" ", " ")));
- t.addElement(row);
- row = new TR();
- row.addElement(new TD(new B(ACCT[7])));
- row.addElement(new TD(ConvertNull(results.getString(ACCT[7])).replaceAll(" ", " ")));
- t.addElement(row);
- row = new TR();
- row.addElement(new TD(new B(ACCT[9])));
- Input pass = new Input("PASSWORD", ACCT[9], ConvertNull(results.getString(ACCT[9])).replaceAll(" ", " "));
- row.addElement(new TD(pass));
- t.addElement(row);
- row = new TR();
- row.addElement(new TD(new B(ACCT[23])));
- Input email = new Input("TEXT", ACCT[23], ConvertNull(results.getString(ACCT[23])).replaceAll(" ", " "));
- row.addElement(new TD(email));
- t.addElement(row);
- row = new TR();
- row.addElement(new TD(new B(ACCT[22])));
- Input titel = new Input("TEXT", ACCT[22], ConvertNull(results.getString(ACCT[22])).replaceAll(" ", " "));
- row.addElement(new TD(titel));
- t.addElement(row);
- row = new TR();
- row.addElement(new TD(new B(ACCT[13])));
- row.addElement(new TD(ConvertNull(results.getString(ACCT[13])).replaceAll(" ", " ")));
- t.addElement(row);
- return t;
- }
- return new B("Query Successful; however no data was returned from this query.");
- }
- private String ToonCredits(WebSession s, String credits)
- {
- try
- {
- String msg = "U krijgt credits toegekend voor uw acties op deze site.";
- boolean isoverflow = false;
- long l = Long.parseLong(credits);
- if ((l > 2147483647L) || (l < -2147483648L)) {
- msg = msg + "<br/>Ongeldig krediet.";
- isoverflow = true;
- } else {
- msg = msg + "<br/>U hebt momenteel <b>" + credits + "</b> credits.";
- }
- if ((credits_threshold != -1) && (((isoverflow) && (credits_threshold == 0)) || ((credits_threshold != 0) && (l == credits_threshold)))) {
- msg = msg + "<br/><b><font color=red>Proficiat, u hebt uw credits behaald! Schrijf volgende code op het antwoordblad: " + GetCode(7) + "</font></b>";
- success_code = " B0nD-07"; }
- String attribuut;
- String buttontext; if ((credits_upgrade > 0) && (!isPremium) && (l > 9L)) {
- attribuut = "disabled=\"\"";
- buttontext = "Upgrade naar Premium Account!";
- if (l >= credits_upgrade) {
- attribuut = "";
- } else
- buttontext = "Upgrade naar Premium Account (nog " + Long.toString(credits_upgrade - l) + " credits)";
- }
- return msg + "<button " + attribuut + " value=\"Upgrade\" name=\"SUBMIT\" type=\"SUBMIT\">" + buttontext + "</button>";
- }
- catch (Exception e) {}
- return "<br/>Ongeldig krediet.";
- }
- private long AddCredits(int credits)
- {
- try
- {
- long l = Long.parseLong(Credits);
- l += credits;
- Credits = String.valueOf(l);
- return l;
- } catch (Exception e) {
- Credits = "0"; }
- return 0L;
- }
- private long GetTotalCredits()
- {
- try
- {
- return Long.parseLong(Credits);
- }
- catch (Exception e) {}
- return 0L;
- }
- private Element ToonPremiumShop(WebSession s, long credits)
- {
- Div div = new Div();
- div.addElement("<style type=\"text/css\" scoped>.square-button { border: 2px outset blue; background-color: lightBlue; height:100px; width:100px; cursor:pointer; white-space:normal;} .square-button:hover:enabled { background-color: blue; color:white; white-space:normal;} </style>");
- Table t = new Table(0);
- t.setCellPadding(2);
- TR row = new TR();
- TD cell = new TD();
- cell.addElement(new Input("HIDDEN", "Screen", s.getParser().getRawParameter("Screen", "")));
- cell.addElement(new Input("HIDDEN", "menu", s.getParser().getRawParameter("menu", "")));
- cell.addElement(new Input("HIDDEN", "SUBMIT", "Koop"));
- row.addElement(cell);
- cell = new TD();
- String disabled = " disabled";
- if (credits >= 10L)
- disabled = "";
- cell.addElement("<input class=\"square-button\" type=\"submit\" name=\"Koop\"" + disabled + " value=\"Smiley\"/>");
- cell.addElement("<div align=\"center\"><br/>10 credits</div>");
- row.addElement(cell);
- cell = new TD();
- disabled = " disabled";
- if (credits >= 2000L)
- disabled = "";
- cell.addElement("<input class=\"square-button\" type=\"submit\" name=\"Koop\"" + disabled + " value=\"Ticket BruCON 2016\"/>");
- cell.addElement("<div align=\"center\"><br/>2.000 credits</div>");
- row.addElement(cell);
- cell = new TD();
- disabled = " disabled";
- if (credits >= 5000L)
- disabled = "";
- cell.addElement("<input class=\"square-button\" type=\"submit\" name=\"Koop\"" + disabled + " value=\"Howest T-Shirt\"/>");
- cell.addElement("<div align=\"center\"><br/>5.000 credits</div>");
- row.addElement(cell);
- cell = new TD();
- disabled = " disabled";
- if (credits >= 100000L)
- disabled = "";
- cell.addElement("<input class=\"square-button\" type=\"submit\" name=\"Koop\"" + disabled + " value=\"Howest Diploma\"/>");
- cell.addElement("<div align=\"center\"><br/>100.000 credits</div>");
- row.addElement(cell);
- cell = new TD();
- if ((leet_shop_credits > 0) && (credits >= leet_shop_credits)) {
- cell.addElement("<input class=\"square-button\" type=\"submit\" name=\"Koop\" disabled value=\"" + leet_shop_item + "\"/>");
- cell.addElement("<div align=\"center\">Bijna op VTM!<br/>H4x0r 5k1llz</div>");
- row.addElement(cell);
- cell = new TD();
- }
- t.addElement(row);
- div.addElement(t);
- return div;
- }
- private int GetPremiumBedrag(String item, WebSession s)
- {
- if (item.equals("Howest T-Shirt")) {
- s.setMessage("Uw bestelling wordt zo snel mogelijk verzonden.");
- return 5000;
- }
- if (item.equals("Ticket BruCON 2016")) {
- s.setMessage("Reserveer alvast 27 en 28 oktober in uw agenda voor BruCON Security Conference.");
- return 2000;
- }
- if (item.equals("Smiley")) {
- Smiley = RotateSmiley(Smiley);
- Cookie sk = new Cookie("smiley", Smiley);
- s.getResponse().addCookie(sk);
- return 10;
- }
- if (item.equals("Howest Diploma")) {
- s.setMessage("Helaas worden diploma's pas op het einde van de studies uitgedeeld.");
- s.setMessage("Tip: Zie je al vijf items om te bestellen in de Premium Shop?");
- return 100000;
- }
- if ((leet_shop_credits > 0) && (item.equals(leet_shop_item))) {
- s.setMessage("Nog een bekende vlaming erbij! Schrijf volgende code op het antwoordblad: " + GetCode(2));
- success_code = " D0min4t10N-36";
- return leet_shop_credits;
- }
- return 0;
- }
- private String RotateSmiley(String Smiley)
- {
- if (Smiley == null)
- return ":-)";
- if (Smiley.equals(":-)"))
- return ":-p";
- if (Smiley.equals(":-p")) {
- return "8-)";
- }
- return ":-)";
- }
- protected void addMessage(WebSession s)
- {
- try
- {
- String message = s.getParser().getRawParameter(MESSAGE, "");
- String title = HtmlEncoder.encode(s.getParser().getRawParameter(TITLE, ""));
- if ((!title.isEmpty()) && (!message.isEmpty())) {
- if (!IsScript(message)) {
- Connection connection = DatabaseUtilities.getConnection(s);
- String query = Insert("messages", "?, ?, ?, ?, ? ");
- PreparedStatement statement = connection.prepareStatement(query, 1004,
- 1007);
- statement.setInt(1, count++);
- statement.setString(2, title);
- statement.setString(3, message);
- statement.setString(4, s.getUserName());
- statement.setString(5, getClass().getName());
- statement.execute();
- AddCredits(5);
- } else {
- s.setMessage("Niet toegelaten inhoud gedetecteerd! Probeer opnieuw :-p");
- }
- }
- }
- catch (Exception e) {
- s.setMessage("Could not add message to database");
- }
- }
- protected Element ShowAddMessage(WebSession s)
- {
- Table t = new Table(0).setCellSpacing(0).setCellPadding(0).setBorder(0);
- TR row1 = new TR();
- TR row2 = new TR();
- row1.addElement(new TD(new StringElement("Titel: ")));
- Input inputTitle = new Input("TEXT", TITLE, "");
- row1.addElement(new TD(inputTitle));
- TD item1 = new TD();
- item1.setVAlign("TOP");
- item1.addElement(new StringElement("Bericht: "));
- row2.addElement(item1);
- TD item2 = new TD();
- TextArea ta = new TextArea(MESSAGE, 5, 60);
- item2.addElement(ta);
- row2.addElement(item2);
- t.addElement(row1);
- t.addElement(row2);
- Element b = ECSFactory.makeButton("Toevoegen");
- ElementContainer ec = new ElementContainer();
- ec.addElement(t);
- ec.addElement(new P().addElement(b));
- return ec;
- }
- public Element ShowMessages(WebSession s)
- {
- Table t = new Table(0).setCellSpacing(0).setCellPadding(0).setBorder(0);
- try
- {
- Connection connection = DatabaseUtilities.getConnection(s);
- String query = Query("*", "messages", "lesson_type = ?");
- PreparedStatement statement = connection.prepareStatement(query, 1004,
- 1007);
- statement.setString(1, getClass().getName());
- ResultSet results = statement.executeQuery();
- if ((results != null) && (results.first()))
- {
- results.beforeFirst();
- for (int i = 0; results.next(); i++)
- {
- String link = "<a href='" + getLink() + "&" + NUMBER + "=" + results.getInt(NUM_COL) +
- "' style='cursor:hand'>" + results.getString(TITLE_COL) + "</a>";
- TD td = new TD().addElement(link);
- TR tr = new TR().addElement(td);
- t.addElement(tr);
- }
- }
- }
- catch (Exception e) {
- s.setMessage("Error while getting message list.");
- }
- ElementContainer ec = new ElementContainer();
- ec.addElement(t);
- return ec;
- }
- protected Element makeCurrent(WebSession s)
- {
- ElementContainer ec = new ElementContainer();
- try
- {
- int messageNum = s.getParser().getIntParameter(NUMBER, 0);
- Connection connection = DatabaseUtilities.getConnection(s);
- String query = Query("*", "messages", "num = ? and lesson_type = ?");
- PreparedStatement statement = connection.prepareStatement(query, 1004,
- 1007);
- statement.setInt(1, messageNum);
- statement.setString(2, getClass().getName());
- ResultSet results = statement.executeQuery();
- if ((results != null) && (results.first()))
- {
- Table t = new Table(0).setCellSpacing(0).setCellPadding(0).setBorder(0);
- TR row1 = new TR(new TD(new B(new StringElement("Titel:"))));
- row1.addElement(new TD(new StringElement(results.getString(TITLE_COL))));
- t.addElement(row1);
- String messageData = results.getString(MESSAGE_COL);
- TR row2 = new TR(new TD(new B(new StringElement("Bericht:"))));
- row2.addElement(new TD(new StringElement(messageData)));
- t.addElement(row2);
- ec.addElement(t);
- }
- else if (messageNum != 0)
- {
- ec.addElement(new P().addElement("Could not find message " + messageNum));
- }
- }
- catch (Exception e)
- {
- s.setMessage("Error generating " + getClass().getName());
- e.printStackTrace();
- }
- return ec;
- }
- private int GetDBint(Connection connection, String SQL) {
- try {
- int ret = -1;
- Statement st = connection.createStatement();
- ResultSet r = st.executeQuery(SQL);
- r.next();
- ret = r.getInt(1);
- r.close();
- return ret;
- } catch (SQLException sqle) {}
- return -1;
- }
- private String ConvertNull(String data)
- {
- String str = data;
- if (str == null) str = "";
- return str;
- }
- private int GetCountUser(Connection connection, String accountname, String password)
- {
- return GetDBint(connection, Query("COUNT(*) AS rowcount", ACCT[35], ACCT[7] + "='" + accountname + "' AND " + ACCT[9] + "='" + password + "'"));
- }
- private int IsAdmin(Connection connection, String accountname)
- {
- return GetDBint(connection, Query(ACCT[13], ACCT[35], ACCT[7] + "='" + accountname + "'"));
- }
- private void createAccounts(Connection connection)
- throws SQLException
- {
- Statement statement = connection.createStatement();
- statement.executeUpdate("INSERT INTO pen_account_table VALUES (1,'lector','Beheerder','w007-89','lector@student.howest.be',0,1)");
- statement.executeUpdate("INSERT INTO pen_account_table VALUES (2,'student','Examen test account','student','student@student.howest.be',0,0)");
- statement.executeUpdate("INSERT INTO pen_account_table VALUES (3,'tweedezit','Another account','tweedezit','tweedezit@student.howest.be',0,0)");
- }
- private void createLoginDataTable(Connection connection)
- throws SQLException
- {
- Statement statement = connection.createStatement();
- try
- {
- statement.executeUpdate("DROP TABLE " + ACCT[35]);
- }
- catch (SQLException e) {
- System.out.println("Error dropping user database");
- }
- try
- {
- String createTableStatement = "CREATE TABLE " + ACCT[35] + " (" + ACCT[4] + " int not null primary key," +
- ACCT[7] + " varchar(20)," + ACCT[22] + " varchar(20)," + ACCT[9] + " varchar(30), " + ACCT[23] + " varchar(255), " + ACCT[28] + " bit, " + ACCT[13] + " bit" + ")";
- statement.executeUpdate(createTableStatement);
- }
- catch (SQLException e) {
- System.out.println("Error creating user database");
- e.printStackTrace();
- }
- statement.executeUpdate(Insert(ACCT[35], "1,'lector','Beheerder','" + GetCode(4) + "','" + "lector" + "@student.howest.be',0,1"));
- statement.executeUpdate(Insert(ACCT[35], "2,'student','Examen test account','student','student@student.howest.be',0,0"));
- statement.executeUpdate(Insert(ACCT[35], "3,'prettige_vakantie','Another account','prettige_vakantie','prettige_vakantie@student.howest.be',0,0"));
- if (additional_accounts > 0) {
- for (int i = 4; i < additional_accounts; i++)
- {
- statement.executeUpdate(Insert(ACCT[35], i + ",'account" + i + "','Another account','account" + i + "','account" + i + "@student.howest.be',0,0"));
- }
- }
- }
- private void createPremiumContents(Connection connection)
- throws SQLException
- {}
- protected Category getDefaultCategory()
- {
- return Category.CHALLENGE;
- }
- protected List<String> getHints(WebSession s)
- {
- List<String> hints = new ArrayList();
- hints.add("Je mag het cursusmateriaal gebruiken.");
- hints.add("Foutmeldingen geven soms interessante informatie.");
- hints.add("Het lesje 'Encoding Basics' kan handig zijn.");
- return hints;
- }
- private static final Integer DEFAULT_RANKING = new Integer(20);
- protected Integer getDefaultRanking()
- {
- return DEFAULT_RANKING;
- }
- public String getTitle()
- {
- return "Examen";
- }
- public Element getCredits()
- {
- return super.getCustomCredits("", HOWEST_LOGO);
- }
- private String Query(String S, String F, String W)
- {
- String q = "";
- if (!W.equals("")) {
- q = " WHERE " + W;
- }
- return "SELECT " + S + " FROM " + F + q;
- }
- private String Insert(String T, String V)
- {
- return "INSERT INTO " + T + " VALUES(" + V + ")";
- }
- private boolean IsSQLi(String text)
- {
- if (allow_sqli) {
- return false;
- }
- if ((text.contains(" OR '1'='1")) || (text.contains(" or '1'='1")) || (text.contains(" or 1=1")) || (text.contains(" OR 1=1"))) {
- return true;
- }
- return false;
- }
- private boolean IsScript(String text)
- {
- if (allow_script) {
- return false;
- }
- if ((text.contains("<script")) || (text.contains("<SCRIPT"))) {
- return true;
- }
- return false;
- }
- public static String Decode(String str)
- {
- try
- {
- return hexDecode(str);
- }
- catch (Exception e) {}
- return str;
- }
- public static String Encode(String str)
- {
- try
- {
- return hexEncode(str);
- }
- catch (Exception e) {}
- return str;
- }
- public static String base64Decode(String str)
- throws IOException
- {
- byte[] b = base64decoder.decodeBuffer(str);
- return new String(b);
- }
- public static String base64Encode(String str)
- {
- byte[] b = str.getBytes();
- return base64encoder.encode(b);
- }
- public static String hexDecode(String hexString)
- {
- try
- {
- if (hexString.length() % 3 != 0) {
- return hexString;
- }
- char[] chars = new char[hexString.length()];
- char[] convChars = new char[hexString.length() / 3];
- hexString.getChars(0, hexString.length(), chars, 0);
- for (int i = 1; i < hexString.length(); i += 3)
- {
- String hexToken = new String(chars, i, 2);
- convChars[(i / 3)] = ((char)Integer.parseInt(hexToken, 16));
- }
- return new String(convChars);
- } catch (NumberFormatException nfe) {}
- return hexString;
- }
- public static String hexEncode(String asciiString)
- {
- char[] ascii = new char[asciiString.length()];
- asciiString.getChars(0, asciiString.length(), ascii, 0);
- StringBuffer hexBuff = new StringBuffer();
- for (int i = 0; i < asciiString.length(); i++)
- {
- hexBuff.append("%");
- hexBuff.append(Integer.toHexString(ascii[i]));
- }
- return hexBuff.toString().toUpperCase();
- }
- private String ObfuscateRegex(String text)
- {
- String ret = "";
- for (char c : text.toCharArray()) {
- ret = ret + "[" + Character.toUpperCase(c) + Character.toLowerCase(c) + "]";
- }
- return ret;
- }
- private String ObfuscateJavaScript(String script)
- {
- return "eval(atob(\"" + base64Encode(script).replaceAll("\n", "").replaceAll("\r", "") + "\"));";
- }
- private int seed(int index)
- {
- int this_line = Thread.currentThread().getStackTrace()[index].getLineNumber();
- return this_line;
- }
- private String GetCode(int n)
- {
- String ret = "";
- int checksum = 97 - seed(3) % 97;
- if (seed(2) < 0)
- return codes[(seed(2) % 29)][n] + "-" + Integer.toString(checksum);
- ret = codes[(seed(2) % 28)][n] + "-" + Integer.toString(checksum);
- return ret;
- }
- private void Solution(WebSession s) {}
- }
- Choose File
- Upload and Decompile
- Twitter Facebook Google+ Stumbleupon LinkedIn
- Select a decompiler
- JDCore (very fast)
- CFR (very good and well-supported decompiler for Java 8)
- Jadx, fast and with Android support
- Procyon
- Fernflower
- JAD (very fast, but outdated)
- Need to know what traffic your competitors are generating? Check out my new service.
- Estimated traffic and alexa history for any website
- Privacy Policy
Add Comment
Please, Sign In to add comment