exotic-attacks: Fix session migration to match template structure

exotic-attacks/activities/breaking-hashes/README.md → chapters/web-application-security/exotic-attacks/drills/breaking-hashes/README.md

@@ -28,4 +28,4 @@ A possible payload in POST data is:
 
 `username[]="8"&password[]=8&submit=Login`
 
-Exploit in `../sol/solution.sh`.
+Exploit in `../solution/solution.sh`.

exotic-attacks/activities/breaking-hashes/src/index-template.php → chapters/web-application-security/exotic-attacks/drills/breaking-hashes/src/index-template.php

@@ -1,50 +1,50 @@
-<?php
-
-$flag = '__TEMPLATE__';
-$error = '';
-
-if (isset($_POST['submit'])) {
-	if (isset($_POST['username']) && isset($_POST['password'])) {
-		if ($_POST['username'] == $_POST['password']) {
-			$error = 'Your password can not be your username!';
-		} else if (hash('sha256', $_POST['username']) === hash('sha256', $_POST['password'])) {
-			die($flag);
-		} else {
-			$error = 'Invalid credentials!';
-		}
-	}
-}
-
-?>
-
-<html>
-	<head>
-		<title></title>
-		<link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.css">
-	</head>
-	<body>
-		<section>
-			<div class="card mt-5" style="width: 28rem; margin: auto;">
-				<div class="card-body">
-					<?php if ($error != ''): ?>
-						<div class="alert alert-danger" role="alert">
-							<?php echo $error; ?>
-						</div>
-					<?php endif; ?>
-					<form method="POST">
-						<div class="form-group">
-							<label for="username">Username</label>
-							<input type="text" name="username" class="form-control" id="username">
-							<!-- TODO: Remove source.phar -->
-						</div>
-						<div class="form-group">
-							<label for="password">Password</label>
-							<input type="password" name="password" class="form-control" id="password">
-						</div>
-						<input type="submit" class="btn btn-primary" name="submit" value="Login" />
-					</form>
-				</div>
-			</div>
-		</section>
-	</body>
-</html>
+<?php
+
+$flag = '__TEMPLATE__';
+$error = '';
+
+if (isset($_POST['submit'])) {
+	if (isset($_POST['username']) && isset($_POST['password'])) {
+		if ($_POST['username'] == $_POST['password']) {
+			$error = 'Your password can not be your username!';
+		} else if (hash('sha256', $_POST['username']) === hash('sha256', $_POST['password'])) {
+			die($flag);
+		} else {
+			$error = 'Invalid credentials!';
+		}
+	}
+}
+
+?>
+
+<html>
+	<head>
+		<title></title>
+		<link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.css">
+	</head>
+	<body>
+		<section>
+			<div class="card mt-5" style="width: 28rem; margin: auto;">
+				<div class="card-body">
+					<?php if ($error != ''): ?>
+						<div class="alert alert-danger" role="alert">
+							<?php echo $error; ?>
+						</div>
+					<?php endif; ?>
+					<form method="POST">
+						<div class="form-group">
+							<label for="username">Username</label>
+							<input type="text" name="username" class="form-control" id="username">
+							<!-- TODO: Remove source.phar -->
+						</div>
+						<div class="form-group">
+							<label for="password">Password</label>
+							<input type="password" name="password" class="form-control" id="password">
+						</div>
+						<input type="submit" class="btn btn-primary" name="submit" value="Login" />
+					</form>
+				</div>
+			</div>
+		</section>
+	</body>
+</html>

exotic-attacks/activities/breaking-hashes/src/source.bak → chapters/web-application-security/exotic-attacks/drills/breaking-hashes/src/source.bak

@@ -1,9 +1,9 @@
-if (isset($_POST['username']) && isset($_POST['password'])) {
-	if ($_POST['username'] == $_POST['password']) {
-		$error = 'Your password can not be your username!';
-	} else if (hash('sha256', $_POST['username']) === hash('sha256', $_POST['password'])) {
-		die($flag);
-	} else {
-		$error = 'Invalid credentials!';
-	}
-}
+if (isset($_POST['username']) && isset($_POST['password'])) {
+	if ($_POST['username'] == $_POST['password']) {
+		$error = 'Your password can not be your username!';
+	} else if (hash('sha256', $_POST['username']) === hash('sha256', $_POST['password'])) {
+		die($flag);
+	} else {
+		$error = 'Invalid credentials!';
+	}
+}

exotic-attacks/activities/defaced-website/README.md → chapters/web-application-security/exotic-attacks/drills/defaced-website/README.md

@@ -21,4 +21,4 @@ The final payload in POST data is:
 
 `username=QNKCDZO&password=&submit=Login`
 
-Exploit in `../sol/solution.sh`.
+Exploit in `../solution/solution.sh`.

exotic-attacks/activities/defaced-website/src/index-template.php → chapters/web-application-security/exotic-attacks/drills/defaced-website/src/index-template.php

@@ -1,53 +1,53 @@
-<?php
-
-$flag = '__TEMPLATE__';
-$sec_pass = '0e413229387827631581229643338212';
-$error = '';
-$message = '';
-
-if (isset($_POST['username']) && isset($_POST['password'])) {
-	if (md5($_POST['password'] . $_POST['username']) == $sec_pass) {
-		$message = $flag;
-	} else {
-		$error = 'You will never get your site back, haha!';
-	}
-}
-?>
-
-<html>
-	<head>
-		<title></title>
-		<link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.css">
-	</head>
-	<body>
-		<section>
-			<div class="card mt-5" style="width: 28rem; margin: auto;">
-				<div class="card-body">
-					<img src="img/d3f4c3d.png" style="height:1px;" />
-					<h1 class="mb-4">Defaced website :(</h1>
-					<?php if ($error != ''): ?>
-						<div class="alert alert-danger" role="alert">
-							<?php echo $error; ?>
-						</div>
-					<?php endif; ?>
-					<form method="POST">
-						<div class="form-group">
-							<label for="username">Username</label>
-							<input type="text" name="username" class="form-control" id="username">
-						</div>
-						<div class="form-group">
-							<label for="password">Password</label>
-							<input type="password" name="password" class="form-control" id="password">
-						</div>
-						<input type="submit" class="btn btn-primary" name="submit" value="Login" />
-					</form>
-				</div>
-			</div>
-		</section>
-		<?php if ($message != ''): ?>
-			<div class="alert alert-info mt-5 text-center" role="alert">
-				<?php echo $message; ?>
-			</div>
-		<?php endif; ?>
-	</body>
-</html>
+<?php
+
+$flag = '__TEMPLATE__';
+$sec_pass = '0e413229387827631581229643338212';
+$error = '';
+$message = '';
+
+if (isset($_POST['username']) && isset($_POST['password'])) {
+	if (md5($_POST['password'] . $_POST['username']) == $sec_pass) {
+		$message = $flag;
+	} else {
+		$error = 'You will never get your site back, haha!';
+	}
+}
+?>
+
+<html>
+	<head>
+		<title></title>
+		<link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.css">
+	</head>
+	<body>
+		<section>
+			<div class="card mt-5" style="width: 28rem; margin: auto;">
+				<div class="card-body">
+					<img src="img/d3f4c3d.png" style="height:1px;" />
+					<h1 class="mb-4">Defaced website :(</h1>
+					<?php if ($error != ''): ?>
+						<div class="alert alert-danger" role="alert">
+							<?php echo $error; ?>
+						</div>
+					<?php endif; ?>
+					<form method="POST">
+						<div class="form-group">
+							<label for="username">Username</label>
+							<input type="text" name="username" class="form-control" id="username">
+						</div>
+						<div class="form-group">
+							<label for="password">Password</label>
+							<input type="password" name="password" class="form-control" id="password">
+						</div>
+						<input type="submit" class="btn btn-primary" name="submit" value="Login" />
+					</form>
+				</div>
+			</div>
+		</section>
+		<?php if ($message != ''): ?>
+			<div class="alert alert-info mt-5 text-center" role="alert">
+				<?php echo $message; ?>
+			</div>
+		<?php endif; ?>
+	</body>
+</html>

exotic-attacks/activities/handy-tool/README.md → chapters/web-application-security/exotic-attacks/drills/handy-tool/README.md

@@ -7,6 +7,7 @@ LFI + PHP Object Injection / PHP Insecure Object Deserialization + RCE
 ## Exploit
 
 The exploit involves opening a reverse shell. You'll need to:
+
 1. Create an account on [ngrok](https://ngrok.com/) (also confirm your email address).
 2. Install `ngrok` on you machine.
 3. Forward your 1234 port using: `ngrok tcp 1234`. A ngrok host and IP will be forwarded to your local port.
@@ -26,8 +27,9 @@ You guessed it, the handy one is **Unserialize**.
 
 After inspecting the source code in the archive, you see what the serialized input object should look like.
 It has to be a PHP class with two attributes:
- * `$condition` - boolean with the value `true`
- * `$prop` - a string you can use for remote code execution on the server
+
+* `$condition` - boolean with the value `true`
+* `$prop` - a string you can use for remote code execution on the server
 
 Since the actual output of the command is not shown, only the unserialized string, you should try to create a reverse shell.
 
@@ -91,4 +93,4 @@ Now access `/backdoor.php` in the browser and you should have a shell in the `nc
 
 Find the flag file and perform a `cat` on it; it should be in `home/ctf/`: `cat /home/ctf/flag.txt`.
 
-Exploit in `../sol/solution.sh`.
+Exploit in `../solution/solution.sh`.

exotic-attacks/activities/jar-of-pickles/README.md → chapters/web-application-security/exotic-attacks/drills/jar-of-pickles/README.md

@@ -46,4 +46,4 @@ Make the request again.
 You should have a shell now in the `nc` terminal.
 Find the flag file and perform a `cat` on it; it should be in `home/ctf/`: `cat /home/ctf/flag.txt`.
 
-Exploit in `../sol/solution.sh`.
+Exploit in `../solution/solution.sh`.

exotic-attacks/activities/meme-uploader/README.md → chapters/web-application-security/exotic-attacks/drills/meme-uploader/README.md

@@ -23,4 +23,4 @@ Now navigate to: `/uploads/5c7dce216dceb5c1a61108e9db9fa835.php`.
 
 The flag should be in the page source (inspect it).
 
-Exploit in `../sol/solution.sh`.
+Exploit in `../solution/solution.sh`.