Ideone.com

fork download

copy

import java.io.IOException;
import java.io.OutputStream;
import java.io.UnsupportedEncodingException;
import java.net.InetSocketAddress;
import java.util.Random;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileReader;
import java.io.BufferedReader;
import java.io.InputStreamReader;
import java.util.Map;
import java.util.HashMap;
import java.util.Arrays;
import java.security.MessageDigest;
 
import com.sun.net.httpserver.HttpExchange;
import com.sun.net.httpserver.HttpHandler;
import com.sun.net.httpserver.HttpServer;
 
public class Challenge16 {
 
    static private String data = "";
    static private String adminPasswordHash = "";
 
    public static void main(String[] args) throws Exception {
        // hashing the password helps security
        // this hash corresponds to one of the commonly used passwords in 2018
        // just for testing purposes, please change when deploying in production!!!
        adminPasswordHash = "0571749e2ac330a7455809c6b0e7af90";
 
        // read the challenge file and store it in the data
        File file = new File("flag16.txt");
        BufferedReader br = new BufferedReader(new FileReader(file));
        String line = "";
        while ((line = br.readLine()) != null) data += line + "<br>";
        br.close();
 
        // run the HTTP server to listen for connections
        int port = 7006;
        HttpServer server = HttpServer.create(new InetSocketAddress(7006), 0);
        server.createContext("/login/", new LoginHandler());
        server.createContext("/", new IndexHandler());
        server.setExecutor(null);
        server.start();
        System.out.println("Started the server on port " + port + "...");
    }
 
    // this class takes care of the action when the user clicks on Login
    static class LoginHandler implements HttpHandler {
        @Override
        public void handle(HttpExchange t) throws IOException {
            String output = "";
            Map<String, String> GETRequestParams = queryToMap(t.getRequestURI().getQuery());
            if (GETRequestParams.containsKey("username") && GETRequestParams.containsKey("password")) {
                String username = GETRequestParams.get("username");
                String password = GETRequestParams.get("password");
 
                if (username.equals("admin") && md5hash(password).equals(adminPasswordHash)) {
                    output += data;
                }
                else {
                    output += "Username/password are not correct! Good luck next time.";
                }
            }
            else {
                output += "GET parameters are wrong, don't mess with us ;)";
            }
 
            generateResponse(t, output);
        }
    }
 
    // this class takes care of the action when the user navigates to this challenge
    static class IndexHandler implements HttpHandler {
        @Override
        public void handle(HttpExchange t) throws IOException {
            generateResponse(t, "Hash the cash, cash the hash");
        }
    }
 
    // a method for a generic response to the user
    static void generateResponse(HttpExchange t, String output) throws IOException {
        String line = "", response = "";
        try {
            File indexFile = new File("index.html").getCanonicalFile();
            BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(new FileInputStream(indexFile)));
            while ((line = bufferedReader.readLine()) != null) {
                response += line;
            }
            response = response.replaceAll("CONTENT_PLACEMENT", output);
            bufferedReader.close();
        } catch (IOException e) {
            e.printStackTrace();
        }
        t.getResponseHeaders().add("Content-Type", "text/html");
        t.sendResponseHeaders(200, response.length());
        OutputStream os = t.getResponseBody();
        os.write(response.getBytes());
        os.close();
    }
 
    // calculates MD5 hash of the input String
    static public String md5hash(String s) {
        try {
            byte[] bytesOfMessage = s.getBytes("UTF-8");
            MessageDigest md = MessageDigest.getInstance("MD5");
            StringBuffer sb = new StringBuffer();
            for (byte b : md.digest(bytesOfMessage)) {
                sb.append(String.format("%02x", b & 0xff));
            }
            return sb.toString();
        }
        catch(Exception e) {
            System.out.println(e.getMessage());
        }
        return null;
    }
 
    static public Map<String, String> queryToMap(String query) {
        Map<String, String> result = new HashMap<>();
        for (String param : query.split("&")) {
            String[] entry = param.split("=");
            if (entry.length > 1) { // proceed only when there is a pair of parameters
                result.put(entry[0], entry[1]);
            }
        }
        return result;
    }
 
}

aW1wb3J0IGphdmEuaW8uSU9FeGNlcHRpb247CmltcG9ydCBqYXZhLmlvLk91dHB1dFN0cmVhbTsKaW1wb3J0IGphdmEuaW8uVW5zdXBwb3J0ZWRFbmNvZGluZ0V4Y2VwdGlvbjsKaW1wb3J0IGphdmEubmV0LkluZXRTb2NrZXRBZGRyZXNzOwppbXBvcnQgamF2YS51dGlsLlJhbmRvbTsKaW1wb3J0IGphdmEuaW8uRmlsZTsKaW1wb3J0IGphdmEuaW8uRmlsZUlucHV0U3RyZWFtOwppbXBvcnQgamF2YS5pby5GaWxlUmVhZGVyOwppbXBvcnQgamF2YS5pby5CdWZmZXJlZFJlYWRlcjsKaW1wb3J0IGphdmEuaW8uSW5wdXRTdHJlYW1SZWFkZXI7CmltcG9ydCBqYXZhLnV0aWwuTWFwOwppbXBvcnQgamF2YS51dGlsLkhhc2hNYXA7CmltcG9ydCBqYXZhLnV0aWwuQXJyYXlzOwppbXBvcnQgamF2YS5zZWN1cml0eS5NZXNzYWdlRGlnZXN0OwoKaW1wb3J0IGNvbS5zdW4ubmV0Lmh0dHBzZXJ2ZXIuSHR0cEV4Y2hhbmdlOwppbXBvcnQgY29tLnN1bi5uZXQuaHR0cHNlcnZlci5IdHRwSGFuZGxlcjsKaW1wb3J0IGNvbS5zdW4ubmV0Lmh0dHBzZXJ2ZXIuSHR0cFNlcnZlcjsKCnB1YmxpYyBjbGFzcyBDaGFsbGVuZ2UxNiB7CgogICAgc3RhdGljIHByaXZhdGUgU3RyaW5nIGRhdGEgPSAiIjsKICAgIHN0YXRpYyBwcml2YXRlIFN0cmluZyBhZG1pblBhc3N3b3JkSGFzaCA9ICIiOwoKICAgIHB1YmxpYyBzdGF0aWMgdm9pZCBtYWluKFN0cmluZ1tdIGFyZ3MpIHRocm93cyBFeGNlcHRpb24gewogICAgICAgIC8vIGhhc2hpbmcgdGhlIHBhc3N3b3JkIGhlbHBzIHNlY3VyaXR5CiAgICAgICAgLy8gdGhpcyBoYXNoIGNvcnJlc3BvbmRzIHRvIG9uZSBvZiB0aGUgY29tbW9ubHkgdXNlZCBwYXNzd29yZHMgaW4gMjAxOAogICAgICAgIC8vIGp1c3QgZm9yIHRlc3RpbmcgcHVycG9zZXMsIHBsZWFzZSBjaGFuZ2Ugd2hlbiBkZXBsb3lpbmcgaW4gcHJvZHVjdGlvbiEhIQogICAgICAgIGFkbWluUGFzc3dvcmRIYXNoID0gIjA1NzE3NDllMmFjMzMwYTc0NTU4MDljNmIwZTdhZjkwIjsKICAgICAgICAKICAgICAgICAvLyByZWFkIHRoZSBjaGFsbGVuZ2UgZmlsZSBhbmQgc3RvcmUgaXQgaW4gdGhlIGRhdGEKICAgICAgICBGaWxlIGZpbGUgPSBuZXcgRmlsZSgiZmxhZzE2LnR4dCIpOwogICAgICAgIEJ1ZmZlcmVkUmVhZGVyIGJyID0gbmV3IEJ1ZmZlcmVkUmVhZGVyKG5ldyBGaWxlUmVhZGVyKGZpbGUpKTsKICAgICAgICBTdHJpbmcgbGluZSA9ICIiOwogICAgICAgIHdoaWxlICgobGluZSA9IGJyLnJlYWRMaW5lKCkpICE9IG51bGwpIGRhdGEgKz0gbGluZSArICI8YnI+IjsKICAgICAgICBici5jbG9zZSgpOwogICAgICAgIAogICAgICAgIC8vIHJ1biB0aGUgSFRUUCBzZXJ2ZXIgdG8gbGlzdGVuIGZvciBjb25uZWN0aW9ucwogICAgICAgIGludCBwb3J0ID0gNzAwNjsKICAgICAgICBIdHRwU2VydmVyIHNlcnZlciA9IEh0dHBTZXJ2ZXIuY3JlYXRlKG5ldyBJbmV0U29ja2V0QWRkcmVzcyg3MDA2KSwgMCk7CiAgICAgICAgc2VydmVyLmNyZWF0ZUNvbnRleHQoIi9sb2dpbi8iLCBuZXcgTG9naW5IYW5kbGVyKCkpOwogICAgICAgIHNlcnZlci5jcmVhdGVDb250ZXh0KCIvIiwgbmV3IEluZGV4SGFuZGxlcigpKTsKICAgICAgICBzZXJ2ZXIuc2V0RXhlY3V0b3IobnVsbCk7CiAgICAgICAgc2VydmVyLnN0YXJ0KCk7CiAgICAgICAgU3lzdGVtLm91dC5wcmludGxuKCJTdGFydGVkIHRoZSBzZXJ2ZXIgb24gcG9ydCAiICsgcG9ydCArICIuLi4iKTsKICAgIH0KCiAgICAvLyB0aGlzIGNsYXNzIHRha2VzIGNhcmUgb2YgdGhlIGFjdGlvbiB3aGVuIHRoZSB1c2VyIGNsaWNrcyBvbiBMb2dpbgogICAgc3RhdGljIGNsYXNzIExvZ2luSGFuZGxlciBpbXBsZW1lbnRzIEh0dHBIYW5kbGVyIHsKICAgICAgICBAT3ZlcnJpZGUKICAgICAgICBwdWJsaWMgdm9pZCBoYW5kbGUoSHR0cEV4Y2hhbmdlIHQpIHRocm93cyBJT0V4Y2VwdGlvbiB7CiAgICAgICAgICAgIFN0cmluZyBvdXRwdXQgPSAiIjsKICAgICAgICAgICAgTWFwPFN0cmluZywgU3RyaW5nPiBHRVRSZXF1ZXN0UGFyYW1zID0gcXVlcnlUb01hcCh0LmdldFJlcXVlc3RVUkkoKS5nZXRRdWVyeSgpKTsKICAgICAgICAgICAgaWYgKEdFVFJlcXVlc3RQYXJhbXMuY29udGFpbnNLZXkoInVzZXJuYW1lIikgJiYgR0VUUmVxdWVzdFBhcmFtcy5jb250YWluc0tleSgicGFzc3dvcmQiKSkgewogICAgICAgICAgICAgICAgU3RyaW5nIHVzZXJuYW1lID0gR0VUUmVxdWVzdFBhcmFtcy5nZXQoInVzZXJuYW1lIik7CiAgICAgICAgICAgICAgICBTdHJpbmcgcGFzc3dvcmQgPSBHRVRSZXF1ZXN0UGFyYW1zLmdldCgicGFzc3dvcmQiKTsKCiAgICAgICAgICAgICAgICBpZiAodXNlcm5hbWUuZXF1YWxzKCJhZG1pbiIpICYmIG1kNWhhc2gocGFzc3dvcmQpLmVxdWFscyhhZG1pblBhc3N3b3JkSGFzaCkpIHsKICAgICAgICAgICAgICAgICAgICBvdXRwdXQgKz0gZGF0YTsKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgICAgIGVsc2UgewogICAgICAgICAgICAgICAgICAgIG91dHB1dCArPSAiVXNlcm5hbWUvcGFzc3dvcmQgYXJlIG5vdCBjb3JyZWN0ISBHb29kIGx1Y2sgbmV4dCB0aW1lLiI7CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgIH0KICAgICAgICAgICAgZWxzZSB7CiAgICAgICAgICAgICAgICBvdXRwdXQgKz0gIkdFVCBwYXJhbWV0ZXJzIGFyZSB3cm9uZywgZG9uJ3QgbWVzcyB3aXRoIHVzIDspIjsKICAgICAgICAgICAgfQogICAgICAgICAgICAKICAgICAgICAgICAgZ2VuZXJhdGVSZXNwb25zZSh0LCBvdXRwdXQpOwogICAgICAgIH0KICAgIH0KICAgIAogICAgLy8gdGhpcyBjbGFzcyB0YWtlcyBjYXJlIG9mIHRoZSBhY3Rpb24gd2hlbiB0aGUgdXNlciBuYXZpZ2F0ZXMgdG8gdGhpcyBjaGFsbGVuZ2UKICAgIHN0YXRpYyBjbGFzcyBJbmRleEhhbmRsZXIgaW1wbGVtZW50cyBIdHRwSGFuZGxlciB7CiAgICAgICAgQE92ZXJyaWRlCiAgICAgICAgcHVibGljIHZvaWQgaGFuZGxlKEh0dHBFeGNoYW5nZSB0KSB0aHJvd3MgSU9FeGNlcHRpb24gewogICAgICAgICAgICBnZW5lcmF0ZVJlc3BvbnNlKHQsICJIYXNoIHRoZSBjYXNoLCBjYXNoIHRoZSBoYXNoIik7CiAgICAgICAgfQogICAgfQogICAgCiAgICAvLyBhIG1ldGhvZCBmb3IgYSBnZW5lcmljIHJlc3BvbnNlIHRvIHRoZSB1c2VyCiAgICBzdGF0aWMgdm9pZCBnZW5lcmF0ZVJlc3BvbnNlKEh0dHBFeGNoYW5nZSB0LCBTdHJpbmcgb3V0cHV0KSB0aHJvd3MgSU9FeGNlcHRpb24gewogICAgICAgIFN0cmluZyBsaW5lID0gIiIsIHJlc3BvbnNlID0gIiI7CiAgICAgICAgdHJ5IHsKICAgICAgICAgICAgRmlsZSBpbmRleEZpbGUgPSBuZXcgRmlsZSgiaW5kZXguaHRtbCIpLmdldENhbm9uaWNhbEZpbGUoKTsKICAgICAgICAgICAgQnVmZmVyZWRSZWFkZXIgYnVmZmVyZWRSZWFkZXIgPSBuZXcgQnVmZmVyZWRSZWFkZXIobmV3IElucHV0U3RyZWFtUmVhZGVyKG5ldyBGaWxlSW5wdXRTdHJlYW0oaW5kZXhGaWxlKSkpOwogICAgICAgICAgICB3aGlsZSAoKGxpbmUgPSBidWZmZXJlZFJlYWRlci5yZWFkTGluZSgpKSAhPSBudWxsKSB7CiAgICAgICAgICAgICAgICByZXNwb25zZSArPSBsaW5lOwogICAgICAgICAgICB9CiAgICAgICAgICAgIHJlc3BvbnNlID0gcmVzcG9uc2UucmVwbGFjZUFsbCgiQ09OVEVOVF9QTEFDRU1FTlQiLCBvdXRwdXQpOwogICAgICAgICAgICBidWZmZXJlZFJlYWRlci5jbG9zZSgpOwogICAgICAgIH0gY2F0Y2ggKElPRXhjZXB0aW9uIGUpIHsKICAgICAgICAgICAgZS5wcmludFN0YWNrVHJhY2UoKTsKICAgICAgICB9CiAgICAgICAgdC5nZXRSZXNwb25zZUhlYWRlcnMoKS5hZGQoIkNvbnRlbnQtVHlwZSIsICJ0ZXh0L2h0bWwiKTsKICAgICAgICB0LnNlbmRSZXNwb25zZUhlYWRlcnMoMjAwLCByZXNwb25zZS5sZW5ndGgoKSk7CiAgICAgICAgT3V0cHV0U3RyZWFtIG9zID0gdC5nZXRSZXNwb25zZUJvZHkoKTsKICAgICAgICBvcy53cml0ZShyZXNwb25zZS5nZXRCeXRlcygpKTsKICAgICAgICBvcy5jbG9zZSgpOwogICAgfQogICAgCiAgICAvLyBjYWxjdWxhdGVzIE1ENSBoYXNoIG9mIHRoZSBpbnB1dCBTdHJpbmcKICAgIHN0YXRpYyBwdWJsaWMgU3RyaW5nIG1kNWhhc2goU3RyaW5nIHMpIHsKICAgICAgICB0cnkgewogICAgICAgICAgICBieXRlW10gYnl0ZXNPZk1lc3NhZ2UgPSBzLmdldEJ5dGVzKCJVVEYtOCIpOwogICAgICAgICAgICBNZXNzYWdlRGlnZXN0IG1kID0gTWVzc2FnZURpZ2VzdC5nZXRJbnN0YW5jZSgiTUQ1Iik7CiAgICAgICAgICAgIFN0cmluZ0J1ZmZlciBzYiA9IG5ldyBTdHJpbmdCdWZmZXIoKTsKICAgICAgICAgICAgZm9yIChieXRlIGIgOiBtZC5kaWdlc3QoYnl0ZXNPZk1lc3NhZ2UpKSB7CiAgICAgICAgICAgICAgICBzYi5hcHBlbmQoU3RyaW5nLmZvcm1hdCgiJTAyeCIsIGIgJiAweGZmKSk7CiAgICAgICAgICAgIH0KICAgICAgICAgICAgcmV0dXJuIHNiLnRvU3RyaW5nKCk7CiAgICAgICAgfQogICAgICAgIGNhdGNoKEV4Y2VwdGlvbiBlKSB7CiAgICAgICAgICAgIFN5c3RlbS5vdXQucHJpbnRsbihlLmdldE1lc3NhZ2UoKSk7CiAgICAgICAgfQogICAgICAgIHJldHVybiBudWxsOwogICAgfQoKICAgIHN0YXRpYyBwdWJsaWMgTWFwPFN0cmluZywgU3RyaW5nPiBxdWVyeVRvTWFwKFN0cmluZyBxdWVyeSkgewogICAgICAgIE1hcDxTdHJpbmcsIFN0cmluZz4gcmVzdWx0ID0gbmV3IEhhc2hNYXA8PigpOwogICAgICAgIGZvciAoU3RyaW5nIHBhcmFtIDogcXVlcnkuc3BsaXQoIiYiKSkgewogICAgICAgICAgICBTdHJpbmdbXSBlbnRyeSA9IHBhcmFtLnNwbGl0KCI9Iik7CiAgICAgICAgICAgIGlmIChlbnRyeS5sZW5ndGggPiAxKSB7IC8vIHByb2NlZWQgb25seSB3aGVuIHRoZXJlIGlzIGEgcGFpciBvZiBwYXJhbWV0ZXJzCiAgICAgICAgICAgICAgICByZXN1bHQucHV0KGVudHJ5WzBdLCBlbnRyeVsxXSk7CiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICAgICAgcmV0dXJuIHJlc3VsdDsKICAgIH0KCn0=

Compilation error #stdin compilation error #stdout 0s 0KB

stdin

copy

Standard input is empty

compilation info

Main.java:20: error: class Challenge16 is public, should be declared in a file named Challenge16.java
public class Challenge16 {
       ^
1 error

stdout

copy

Standard output is empty

https://ideone.com/JRq6hA

language:

Java (HotSpot 12)

created:

visibility:

public

Share or Embed source code

Discover > Sphere Engine API

The brand new service which powers Ideone!

Discover > IDE Widget

Widget for compiling and running the source code in a web browser!

Discover > Sphere Engine API

Discover > IDE Widget

Choose your language