API tools faq
paste
Advertisement
Guest User

Yummy

a guest
Nov 29th, 2017
906
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 12.76 KB | None | 0 0
raw download clone embed print report
  1. <!DOCTYPE html>
  2.  
  3. <html>
  4. <noscript>
  5. <style>html {
  6. display: none;
  7. }</style>
  8. <meta http-equiv="refresh" content="0;url=/no-javascript">
  9. </noscript>
  10. <head><script type="text/javascript">window.NREUM||(NREUM={}),__nr_require=function(e,n,t){function r(t){if(!n[t]){var o=n[t]={exports:{}};e[t][0].call(o.exports,function(n){var o=e[t][1][n];return r(o||n)},o,o.exports)}return n[t].exports}if("function"==typeof __nr_require)return __nr_require;for(var o=0;o<t.length;o++)r(t[o]);return r}({1:[function(e,n,t){function r(){}function o(e,n,t){return function(){return i(e,[c.now()].concat(u(arguments)),n?null:this,t),n?void 0:this}}var i=e("handle"),a=e(2),u=e(3),f=e("ee").get("tracer"),c=e("loader"),s=NREUM;"undefined"==typeof window.newrelic&&(newrelic=s);var p=["setPageViewName","setCustomAttribute","setErrorHandler","finished","addToTrace","inlineHit","addRelease"],d="api-",l=d+"ixn-";a(p,function(e,n){s[n]=o(d+n,!0,"api")}),s.addPageAction=o(d+"addPageAction",!0),s.setCurrentRouteName=o(d+"routeName",!0),n.exports=newrelic,s.interaction=function(){return(new r).get()};var m=r.prototype={createTracer:function(e,n){var t={},r=this,o="function"==typeof n;return i(l+"tracer",[c.now(),e,t],r),function(){if(f.emit((o?"":"no-")+"fn-start",[c.now(),r,o],t),o)try{return n.apply(this,arguments)}finally{f.emit("fn-end",[c.now()],t)}}}};a("setName,setAttribute,save,ignore,onEnd,getContext,end,get".split(","),function(e,n){m[n]=o(l+n)}),newrelic.noticeError=function(e){"string"==typeof e&&(e=new Error(e)),i("err",[e,c.now()])}},{}],2:[function(e,n,t){function r(e,n){var t=[],r="",i=0;for(r in e)o.call(e,r)&&(t[i]=n(r,e[r]),i+=1);return t}var o=Object.prototype.hasOwnProperty;n.exports=r},{}],3:[function(e,n,t){function r(e,n,t){n||(n=0),"undefined"==typeof t&&(t=e?e.length:0);for(var r=-1,o=t-n||0,i=Array(o<0?0:o);++r<o;)i[r]=e[n+r];return i}n.exports=r},{}],4:[function(e,n,t){n.exports={exists:"undefined"!=typeof window.performance&&window.performance.timing&&"undefined"!=typeof window.performance.timing.navigationStart}},{}],ee:[function(e,n,t){function r(){}function o(e){function n(e){return e&&e instanceof r?e:e?f(e,u,i):i()}function t(t,r,o,i){if(!d.aborted||i){e&&e(t,r,o);for(var a=n(o),u=m(t),f=u.length,c=0;c<f;c++)u[c].apply(a,r);var p=s[y[t]];return p&&p.push([b,t,r,a]),a}}function l(e,n){v[e]=m(e).concat(n)}function m(e){return v[e]||[]}function w(e){return p[e]=p[e]||o(t)}function g(e,n){c(e,function(e,t){n=n||"feature",y[t]=n,n in s||(s[n]=[])})}var v={},y={},b={on:l,emit:t,get:w,listeners:m,context:n,buffer:g,abort:a,aborted:!1};return b}function i(){return new r}function a(){(s.api||s.feature)&&(d.aborted=!0,s=d.backlog={})}var u="nr@context",f=e("gos"),c=e(2),s={},p={},d=n.exports=o();d.backlog=s},{}],gos:[function(e,n,t){function r(e,n,t){if(o.call(e,n))return e[n];var r=t();if(Object.defineProperty&&Object.keys)try{return Object.defineProperty(e,n,{value:r,writable:!0,enumerable:!1}),r}catch(i){}return e[n]=r,r}var o=Object.prototype.hasOwnProperty;n.exports=r},{}],handle:[function(e,n,t){function r(e,n,t,r){o.buffer([e],r),o.emit(e,n,t)}var o=e("ee").get("handle");n.exports=r,r.ee=o},{}],id:[function(e,n,t){function r(e){var n=typeof e;return!e||"object"!==n&&"function"!==n?-1:e===window?0:a(e,i,function(){return o++})}var o=1,i="nr@id",a=e("gos");n.exports=r},{}],loader:[function(e,n,t){function r(){if(!x++){var e=h.info=NREUM.info,n=d.getElementsByTagName("script")[0];if(setTimeout(s.abort,3e4),!(e&&e.licenseKey&&e.applicationID&&n))return s.abort();c(y,function(n,t){e[n]||(e[n]=t)}),f("mark",["onload",a()+h.offset],null,"api");var t=d.createElement("script");t.src="https://"+e.agent,n.parentNode.insertBefore(t,n)}}function o(){"complete"===d.readyState&&i()}function i(){f("mark",["domContent",a()+h.offset],null,"api")}function a(){return E.exists&&performance.now?Math.round(performance.now()):(u=Math.max((new Date).getTime(),u))-h.offset}var u=(new Date).getTime(),f=e("handle"),c=e(2),s=e("ee"),p=window,d=p.document,l="addEventListener",m="attachEvent",w=p.XMLHttpRequest,g=w&&w.prototype;NREUM.o={ST:setTimeout,SI:p.setImmediate,CT:clearTimeout,XHR:w,REQ:p.Request,EV:p.Event,PR:p.Promise,MO:p.MutationObserver};var v=""+location,y={beacon:"bam.nr-data.net",errorBeacon:"bam.nr-data.net",agent:"js-agent.newrelic.com/nr-1044.min.js"},b=w&&g&&g[l]&&!/CriOS/.test(navigator.userAgent),h=n.exports={offset:u,now:a,origin:v,features:{},xhrWrappable:b};e(1),d[l]?(d[l]("DOMContentLoaded",i,!1),p[l]("load",r,!1)):(d[m]("onreadystatechange",o),p[m]("onload",r)),f("mark",["firstbyte",u],null,"api");var x=0,E=e(4)},{}]},{},["loader"]);</script>
  11. <title>CyberStart Assess</title>
  12.  
  13. <link type="text/css" rel="stylesheet" media="all" href="/assets/css/styles.css?version=3.1.2">
  14.  
  15. <meta name="viewport" content="width=device-width, initial-scale=1.0, minimum-scale=1.0, maximum-scale=1.0">
  16.  
  17. <script src="/assets/js/site.js?version=3.1.2"></script>
  18. <script src="/assets/js/bodymovin.js?version=3.1.2"></script>
  19.  
  20. <link rel="apple-touch-icon-precomposed" href="/assets/images/apple-touch-icon.png?version=3.1.2">
  21. <link rel="icon" type="image/png" href="/assets/images/apple-touch-icon.png?version=3.1.2">
  22. <link rel="shortcut icon" href="/assets/images/favicon.ico?version=3.1.2">
  23. </head>
  24.  
  25. <body>
  26.  
  27. <div class="module-navbar">
  28. <div class="navbar">
  29. <a href="/" class="logo">
  30. <img src="/assets/images/logo-navbar.png?version=3.1.2" class="image"
  31. alt="CyberStart Assess logo">
  32. </a>
  33. </div>
  34. </div>
  35.  
  36. <div data-challengeid="5" data-bonus="14" data-userid="12389" data-timeoutafter="300000" data-incrementtime="30000" data-token="6d60c6eda4eceabcc3a73d2093d10d402bef37882ac20aac57b2f8b0cf980492" id="holder" class="page page-slim page-challenge-k">
  37. <div class="module-progress" id="progress-holder">
  38. <div class="progress progress-13"><a href="/challenge-01" class="step step-01 step-correct">01</a><a href="/challenge-02" class="step step-02 step-correct">02</a><a href="/challenge-03" class="step step-03 step-correct">03</a><a href="/challenge-04" class="step step-04 step-correct">04</a><a href="/challenge-05" class="step step-05 step-current">05</a><a href="/challenge-06" class="step step-06">06</a><a href="/challenge-07" class="step step-07">07</a><a href="/challenge-08" class="step step-08">08</a><a href="/challenge-09" class="step step-09">09</a><a href="/challenge-10" class="step step-10">10</a><a href="/challenge-11" class="step step-11 step-correct">11</a><a href="/challenge-12" class="step step-12">12</a><a href="/challenge-13" class="step step-13">13</a></div> </div>
  39.  
  40. <div class="module-illustration">
  41. <div id="bodymovin" class="bodymovin bodymovin-k" style="background-image: url('/assets/images/banner-11-a.png?version=3.1.2');" data-bm-renderer="svg"></div>
  42. <script>
  43. var anim;
  44. var elem = document.getElementById('bodymovin')
  45. var animData = {
  46. container: elem,
  47. renderer: 'svg',
  48. loop: true,
  49. autoplay: true,
  50. rendererSettings: {
  51. progressiveLoad: true
  52. },
  53. path: 'assets/json/data-ch-k.json?version=3.1.2'
  54. };
  55. anim = bodymovin.loadAnimation(animData);
  56. </script>
  57. </div>
  58.  
  59. <div class="module-challenge">
  60. <div class="paper paper-rounded-bottom">
  61. <div id="paper-stamp-difficulty" class="stamp stamp-difficulty stamp-easy">Easy</div>
  62.  
  63. <div class="stamp stamp-complete" id="completedStamp" style="display:none">Challenge completed!</div>
  64.  
  65. <p class="pretitle">Challenge 05</p>
  66.  
  67. <h1 class="heading heading-center heading-secondary">Lazy locked login</h1>
  68.  
  69. <p class="brief">The Internet of Things (IOT) is a big deal these days and we recently came across a hacker who loves hacking everyday household devices, like coffee machines and fridges. One fridge he hacked has a remotely accessible page allowing a technician to control it. The username and password were easy to find, but the form still has some very lazy extra protection. He managed to get around it, can you?</p>
  70.  
  71. <div class="fridge-window">
  72. <div class="fridge">
  73. <div class="badge">UBERFRIDGE</div>
  74.  
  75. <div class="handle"></div>
  76.  
  77. <div class="screen">
  78. <div class="success" id="successMessage" style="display: none"></div>
  79. <div class="browser" id="browser">
  80. <div class="name">UberFridge 1000</div>
  81.  
  82. <div class="details">Technician Access Only</div>
  83.  
  84. <form class="form" onsubmit="login(get('username').value,get('password').value,'6d60c6eda4eceabcc3a73d2093d10d402bef37882ac20aac57b2f8b0cf980492'); return false">
  85. <div class="field">
  86. <label class="label" for="username"></label>
  87.  
  88. <input class="input-text" type="text" name="username" autocomplete="off" value="admin" id="username">
  89. </div>
  90.  
  91. <div class="field">
  92. <label class="label" for="password"></label>
  93.  
  94. <input class="input-text" type="password" name="password" autocomplete="off" value="password" id="password">
  95. </div>
  96.  
  97. <div class="actions">
  98. <!-- Developer notes: This will be disabled if page not accessed from technician's laptop. -->
  99. <input type="submit" value="Enter" class="btn" disabled="true">
  100. </div>
  101. </form>
  102. </div>
  103. </div>
  104. </div>
  105. </div>
  106.  
  107. <div class="code">
  108. <form class="form form-code" onsubmit="attemptFlag(05, this.code.value, '6d60c6eda4eceabcc3a73d2093d10d402bef37882ac20aac57b2f8b0cf980492'); return false" id="flagForm">
  109. <div class="pop pop-success" id="pop-message"></div>
  110.  
  111. <input type="hidden" id="csrf" name="csrf" value="6d60c6eda4eceabcc3a73d2093d10d402bef37882ac20aac57b2f8b0cf980492">
  112.  
  113. <input class="input-text" type="text" name="code" id="codeAttempt" placeholder="Insert code here" autocomplete="off">
  114.  
  115. <div class="actions">
  116. <input type="submit" value="Submit code" class="btn">
  117. </div>
  118.  
  119. <div class="extras extras-center"><a id="skip-link" href="/challenge-06" class="link link-quiet-emphasis">Not sure? Go to Challenge 06</a></div>
  120. </form><a href="/challenge-06" class="btn btn-complete" id="completedButton" style="display: none">Correct! Well done. Go to challenge 06 &rarr;</a> </div> </div>
  121. </div>
  122. </div>
  123.  
  124. <script>runChallengeTimer();</script>
  125. <script>
  126. // Login attempt
  127. var login = function(username,password,csrf)
  128. {
  129. var xhr = xhrObj();
  130.  
  131. xhr.onreadystatechange=function() {
  132. // On successful response...
  133. if (xhr.readyState==4 && xhr.status==200) {
  134. var responseText = xhr.responseText;
  135. if (responseText != "Incorrect") {
  136. get('successMessage').innerHTML = responseText;
  137. get('successMessage').style.display = "block";
  138. get('browser').style.display = "none";
  139. }
  140. }
  141. }
  142.  
  143. xhr.open("POST","/challenge-05",true);
  144. xhr.setRequestHeader('Content-type', 'application/x-www-form-urlencoded');
  145. xhr.send("action=login&username="+encodeURIComponent(username)+"&password="+encodeURIComponent(password)+"&csrf="+csrf);
  146. }
  147. </script>
  148.  
  149. <div class="module-base">
  150. <div class="base">
  151. <div class="discovery"><a href="https://joincyberdiscovery.com" target="_blank" class="link">Back to Cyber Discovery &gt;</a></div>
  152. <div class="copyright">Copyright 2017 SANS. Version 3.1.2</div>
  153.  
  154. <div class="logout"><a href="/logout" class="link">Sign out</a></div>
  155. </div>
  156. </div>
  157. <!-- Google Analytics -->
  158. <script async src="https://www.googletagmanager.com/gtag/js?id=UA-109525775-3"></script>
  159. <script>
  160. window.dataLayer = window.dataLayer || [];
  161. function gtag(){dataLayer.push(arguments);}
  162. gtag('js', new Date());
  163. gtag('config', 'UA-109525775-3');
  164. </script>
  165. <script type="text/javascript">window.NREUM||(NREUM={});NREUM.info={"beacon":"bam.nr-data.net","licenseKey":"e8c65ea953","applicationID":"90369300","transactionName":"YFFQYkIDD0ZVAkcNVlkbZ0RZTRNaQRVWSklfRA==","queueTime":0,"applicationTime":21,"atts":"TBZTFAoZHEg=","errorBeacon":"bam.nr-data.net","agent":""}</script></body>
  166. </html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!