Merge pull request #15 from tainguyenbp/feat/learning-hacking-with-python-20240706

feat/learning-hacking-with-python-20240706

Author: tainguyenbp

python-basic/Cross-Site-Request-Forgery-CSRF/csrf-main.py

@@ -0,0 +1,139 @@
+# from flask import Flask, render_template, request, redirect, url_for, flash
+# from flask_wtf.csrf import CSRFProtect
+
+# app = Flask(__name__)
+# app.secret_key = 'your_secret_key'  # Necessary for CSRF protection
+# csrf = CSRFProtect(app)
+
+# @app.route('/transfer', methods=['POST'])
+# def transfer():
+#     try:
+#         amount = float(request.form['amount'])
+#         destination_account = request.form['destination_account']
+#         # Logic to transfer funds...
+#         # Assuming transfer logic is implemented here.
+        
+#         flash('Transfer successful!', 'success')
+#     except ValueError:
+#         flash('Invalid amount. Please enter a valid number.', 'danger')
+#     except Exception as e:
+#         flash(f'An error occurred: {e}', 'danger')
+
+#     return redirect(url_for('dashboard'))
+
+# @app.route('/dashboard')
+# def dashboard():
+#     return render_template('dashboard.html')
+
+# if __name__ == '__main__':
+#     app.run()
+
+
+# from flask import Flask, render_template, request, redirect, url_for, flash, jsonify
+# from flask_wtf.csrf import CSRFProtect, generate_csrf
+
+# app = Flask(__name__)
+# app.secret_key = 'your_secret_key'  # Necessary for CSRF protection
+# csrf = CSRFProtect(app)
+
+# @app.route('/transfer', methods=['POST'])
+# def transfer():
+#     try:
+#         amount = float(request.form['amount'])
+#         destination_account = request.form['destination_account']
+#         # Logic to transfer funds...
+#         # Assuming transfer logic is implemented here.
+        
+#         flash('Transfer successful!', 'success')
+#     except ValueError:
+#         flash('Invalid amount. Please enter a valid number.', 'danger')
+#     except Exception as e:
+#         flash(f'An error occurred: {e}', 'danger')
+
+#     return redirect(url_for('dashboard'))
+
+# @app.route('/dashboard')
+# def dashboard():
+#     return render_template('dashboard.html')
+
+# @app.route('/get_csrf_token', methods=['GET'])
+# def get_csrf_token():
+#     return jsonify({'csrf_token': generate_csrf()})
+
+# if __name__ == '__main__':
+#     app.run()
+
+# from flask import Flask, render_template, request, redirect, url_for, flash, jsonify
+# from flask_wtf.csrf import CSRFProtect, generate_csrf
+
+# app = Flask(__name__)
+# app.secret_key = 'your_secret_key'  # Necessary for CSRF protection
+# csrf = CSRFProtect(app)
+
+# @app.route('/transfer', methods=['POST'])
+# def transfer():
+#     try:
+#         amount = float(request.form['amount'])
+#         destination_account = request.form['destination_account']
+#         # Logic to transfer funds...
+#         # Assuming transfer logic is implemented here.
+        
+#         flash('Transfer successful!', 'success')
+#     except ValueError:
+#         flash('Invalid amount. Please enter a valid number.', 'danger')
+#     except Exception as e:
+#         flash(f'An error occurred: {e}', 'danger')
+
+#     return redirect(url_for('dashboard'))
+
+# @app.route('/dashboard')
+# def dashboard():
+#     return render_template('dashboard.html')
+
+# @app.route('/get_csrf_token', methods=['GET'])
+# def get_csrf_token():
+#     return jsonify({'csrf_token': generate_csrf()})
+
+# if __name__ == '__main__':
+#     app.run()
+
+from flask import Flask, render_template, request, redirect, url_for, flash, jsonify, session
+from flask_wtf.csrf import CSRFProtect, generate_csrf
+from flask_session import Session
+
+app = Flask(__name__)
+app.secret_key = 'your_secret_key'  # Necessary for CSRF protection and session management
+
+# Session configuration
+app.config['SESSION_TYPE'] = 'filesystem'
+Session(app)
+csrf = CSRFProtect(app)
+
+@app.route('/transfer', methods=['POST'])
+def transfer():
+    try:
+        amount = float(request.form['amount'])
+        destination_account = request.form['destination_account']
+        # Logic to transfer funds...
+        # Assuming transfer logic is implemented here.
+        
+        flash('Transfer successful!', 'success')
+    except ValueError:
+        flash('Invalid amount. Please enter a valid number.', 'danger')
+    except Exception as e:
+        flash(f'An error occurred: {e}', 'danger')
+
+    return redirect(url_for('dashboard'))
+
+@app.route('/dashboard')
+def dashboard():
+    return render_template('dashboard.html')
+
+@app.route('/get_csrf_token', methods=['GET'])
+def get_csrf_token():
+    csrf_token = generate_csrf()
+    session['csrf_token'] = csrf_token
+    return jsonify({'csrf_token': csrf_token})
+
+if __name__ == '__main__':
+    app.run()

python-basic/Cross-Site-Request-Forgery-CSRF/dashboard.html

@@ -0,0 +1,28 @@
+<!doctype html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <title>Dashboard</title>
+</head>
+<body>
+    <h1>Dashboard</h1>
+    {% with messages = get_flashed_messages(with_categories=true) %}
+      {% if messages %}
+        <ul>
+          {% for category, message in messages %}
+            <li class="{{ category }}">{{ message }}</li>
+          {% endfor %}
+        </ul>
+      {% endif %}
+    {% endwith %}
+
+    <form action="{{ url_for('transfer') }}" method="POST">
+        {{ csrf_token() }}
+        <label for="amount">Amount:</label>
+        <input type="text" id="amount" name="amount" required>
+        <label for="destination_account">Destination Account:</label>
+        <input type="text" id="destination_account" name="destination_account" required>
+        <button type="submit">Transfer</button>
+    </form>
+</body>
+</html>

python-basic/Cross-Site-Request-Forgery-CSRF/readme.md

@@ -0,0 +1,12 @@
+```
+python3 -m venv path/to/venv
+source path/to/venv/bin/activate
+python3 -m pip install requests
+pip install Flask Flask-WTF Flask-Session
+
+# Step 1: Fetch the CSRF token and store the session cookie
+csrf_token=$(curl -s -c cookiefile http://127.0.0.1:5000/get_csrf_token | jq -r '.csrf_token')
+
+# Step 2: Use the CSRF token and the session cookie in the transfer request
+curl -X POST -b cookiefile http://127.0.0.1:5000/dashboard -d "amount=100&destination_account=123456&csrf_token=${csrf_token}"
+```

python-basic/broken-risky-crypto-algorithm/broken-risky-crypto-algorithm-compliant.py

@@ -0,0 +1,34 @@
+# Importing required libraries
+import base64, os
+
+# Importing required libraries from cryptography
+from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
+from cryptography.hazmat.backends import default_backend
+
+# Function to encrypt data using AES-GCM algorithm and return the encrypted data in string format
+def encrypt(data:str, key:str) -> str:
+    iv = os.urandom(12)
+    encryptor = Cipher(algorithms.AES(key.encode('utf-8')), modes.GCM(iv), backend=default_backend()).encryptor()
+    encrypted_data = encryptor.update(data.encode('utf-8')) + encryptor.finalize()
+    return base64.urlsafe_b64encode(iv + encryptor.tag + encrypted_data).decode('utf-8')
+
+# Function to decrypt data using AES-GCM algorithm and return the decrypted data in string format
+def decrypt(encrypted_data, key) -> str:
+    decoded_data = base64.urlsafe_b64decode(encrypted_data)
+    iv = decoded_data[:12]
+    tag = decoded_data[12:28]
+    encrypted_data = decoded_data[28:]
+    decryptor = Cipher(algorithms.AES(key.encode('utf-8')), modes.GCM(iv, tag), backend=default_backend()).decryptor()
+    return (decryptor.update(encrypted_data) + decryptor.finalize()).decode('utf-8')
+
+# Main function to test the above functions
+if __name__ == '__main__':
+    key = '689ef728d55342d9af07ed4194cf1d4C' # 32 bytes key for AES-256
+    data = 'Hello, World'                    # Data to be encrypted
+
+    # Encrypting and decrypting the data
+    encrypted_data = encrypt(data, key)
+    print('Encrypted data:', encrypted_data)
+
+    decrypted_data = decrypt(encrypted_data, key)
+    print('Decrypted data:', decrypted_data)

python-basic/broken-risky-crypto-algorithm/broken-risky-crypto-algorithm.py

@@ -0,0 +1,26 @@
+# You sould install pycryptodome before runing this code
+# pip install pycryptodome
+import base64
+from Crypto.Cipher import DES
+from Crypto.Util.Padding import pad, unpad
+
+def encrypt_data(data, key):
+    cipher = DES.new(key.encode(), DES.MODE_ECB)
+    padded_data = pad(data.encode(), DES.block_size)
+    encrypted_data = cipher.encrypt(padded_data)
+    return base64.b64encode(encrypted_data).decode('utf-8')
+
+def decrypt_data(encrypted_data, key):
+    cipher = DES.new(key.encode(), DES.MODE_ECB)
+    decrypted_data = cipher.decrypt(base64.b64decode(encrypted_data.encode()))
+    return unpad(decrypted_data, DES.block_size).decode('utf-8')
+
+if __name__ == '__main__':
+    key = 'abcdefgh'                 # 8 bytes key for DES
+    data = 'Hello, World'            # Data to be encrypted
+
+    encrypted_data = encrypt_data(data, key)
+    print('Encrypted data:', encrypted_data)
+
+    decrypted_data = decrypt_data(encrypted_data, key)
+    print('Decrypted data:', decrypted_data)

python-basic/broken-risky-crypto-algorithm/readme.md

@@ -0,0 +1,6 @@
+```
+python3 -m venv path/to/venv
+source path/to/venv/bin/activate
+python3 -m pip install Crypto
+
+```

python-basic/hard-coded-password/hard-coded-password.py

@@ -0,0 +1,134 @@
+# import os
+# from werkzeug.security import check_password_hash, generate_password_hash
+# from dotenv import load_dotenv
+
+# load_dotenv()
+
+# def login(username, password):
+#     admin_username = os.getenv('ADMIN_USERNAME')
+#     admin_password_hash = os.getenv('ADMIN_PASSWORD_HASH')
+
+#     if username == admin_username and check_password_hash(admin_password_hash, password):
+#         # Login successful
+#         return True
+#     else:
+#         # Login failed
+#         return False
+
+# # Example usage
+# if __name__ == "__main__":
+#     # For demonstration, let's generate a hash for a password
+#     password_to_hash = "password123"
+#     hashed_password = generate_password_hash(password_to_hash)
+#     print(f"Hashed password for '{password_to_hash}': {hashed_password}")
+
+#     # Simulate a login attempt
+#     username_input = "admin"
+#     password_input = "password123"
+
+#     if login(username_input, password_input):
+#         print("Login successful!")
+#     else:
+#         print("Login failed!")
+
+# import os
+# from werkzeug.security import check_password_hash, generate_password_hash
+# from dotenv import load_dotenv
+
+# load_dotenv()
+
+# def login(username, password):
+#     admin_username = os.getenv('ADMIN_USERNAME')
+#     admin_password_hash = os.getenv('ADMIN_PASSWORD_HASH')
+
+#     if username == admin_username and check_password_hash(admin_password_hash, password):
+#         # Login successful
+#         return True
+#     else:
+#         # Login failed
+#         return False
+
+# # Example usage
+# if __name__ == "__main__":
+#     # For demonstration, let's generate a hash for a password
+#     password_to_hash = "password123"
+#     hashed_password = generate_password_hash(password_to_hash)
+#     print("Hashed password for '{}': {}".format(password_to_hash, hashed_password))
+
+#     # Simulate a login attempt
+#     username_input = "admin"
+#     password_input = "password123"
+
+#     if login(username_input, password_input):
+#         print("Login successful!")
+#     else:
+#         print("Login failed!")
+
+# import os
+# import argparse
+# from werkzeug.security import check_password_hash, generate_password_hash
+# from dotenv import load_dotenv
+
+# def login(username, password):
+#     admin_username = os.getenv('ADMIN_USERNAME')
+#     admin_password_hash = os.getenv('ADMIN_PASSWORD_HASH')
+
+#     if username == admin_username and check_password_hash(admin_password_hash, password):
+#         # Login successful
+#         return True
+#     else:
+#         # Login failed
+#         return False
+
+# def main():
+#     # Set up argument parsing
+#     parser = argparse.ArgumentParser(description="Run the login script with environment variables.")
+#     parser.add_argument('-e', '--env', action='append', help="Environment variables in the form KEY=VALUE")
+    
+#     args = parser.parse_args()
+
+#     # Set environment variables from command line arguments
+#     if args.env:
+#         for env_var in args.env:
+#             key, value = env_var.split('=', 1)
+#             os.environ[key] = value
+
+#     # Load .env file if it exists
+#     load_dotenv()
+
+#     # Simulate a login attempt
+#     username_input = "admin"
+#     password_input = "password123"
+
+#     if login(username_input, password_input):
+#         print("Login successful!")
+#     else:
+#         print("Login failed!")
+
+# if __name__ == "__main__":
+#     main()
+
+import bcrypt
+
+# Example function to hash a password (this would be done during user registration)
+def hash_password(password):
+    salt = bcrypt.gensalt()
+    hashed = bcrypt.hashpw(password.encode(), salt)
+    return hashed
+
+# Example hashed password storage (in a real application, this would be stored in a database)
+stored_password_hash = hash_password('password123')
+
+# Function to verify login credentials
+def login(username, password):
+    # In a real application, retrieve the stored password hash from the database
+    if username == 'admin':
+        return bcrypt.checkpw(password.encode(), stored_password_hash)
+    else:
+        # Login failed
+        return False
+
+# Example usage
+print(login('admin', 'password123'))  # True
+print(login('admin', 'wrongpassword'))  # False
+print(login('user', 'password123'))  # False

python-basic/hard-coded-password/readme.md

@@ -0,0 +1,8 @@
+```
+python3 -m venv path/to/venv
+source path/to/venv/bin/activate
+python3 -m pip install bcrypt
+
+
+
+```