NullChapter · adikpb · Nov 17, 2023 · Nov 17, 2023 · Nov 17, 2023 · Nov 17, 2023
diff --git a/Broken Access Control/hard/wierd-securitatis/Dockerfile b/Broken Access Control/hard/wierd-securitatis/Dockerfile
@@ -1,12 +1,9 @@
 FROM node:slim
-WORKDIR /wierd-securitatis
+WORKDIR /app
 
 COPY package*.json ./
 RUN npm install 
 
 COPY . .
-EXPOSE 3555
 RUN node initDB.js
 CMD [ "node", "index.js" ]
-
-
diff --git a/Broken Access Control/hard/wierd-securitatis/bac-hard.yaml b/Broken Access Control/hard/wierd-securitatis/bac-hard.yaml
@@ -0,0 +1,48 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: my-ingress
+spec:
+  rules:
+  - host: chall.nullvitap.tech
+    http:
+      paths:
+      - path: /bac-hard
+        pathType: Prefix
+        backend:
+          service:
+            name: bac-hard-service
+            port:
+              number: 80
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: bac-hard-service
+spec:
+  selector:
+    app: bac-hard
+  ports:
+    - name: http
+      port: 80
+      targetPort: 3555
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: bac-hard-deployment
+spec:
+  replicas: 1  # Set the desired number of replicas for Docker 1
+  selector:
+    matchLabels:
+      app: bac-hard
+  template:
+    metadata:
+      labels:
+        app: bac-hard
+    spec:
+      containers:
+      - name: docker1-container
+        image: sanjay7178/hu-chall-23:bac-hard
+        ports:
+        - containerPort: 3555
diff --git a/Broken Access Control/hard/wierd-securitatis/dockerfile b/Broken Access Control/hard/wierd-securitatis/dockerfile
diff --git a/Identification and Authentication Failures (Broken Authentication)/easy/.env b/Identification and Authentication Failures (Broken Authentication)/easy/.env
@@ -0,0 +1,4 @@
+PORT = 2279
+
+# Docker
+COMPOSE_PROJECT_NAME = challenges2023owasp10-identification-and-authentication-failures-easy
diff --git a/Identification and Authentication Failures (Broken Authentication)/easy/Dockerfile b/Identification and Authentication Failures (Broken Authentication)/easy/Dockerfile
@@ -0,0 +1,3 @@
+FROM php:apache
+
+COPY . /var/www/html
diff --git a/Identification and Authentication Failures (Broken Authentication)/easy/compose.yaml b/Identification and Authentication Failures (Broken Authentication)/easy/compose.yaml
@@ -0,0 +1,6 @@
+services:
+  app:
+    build: .
+    ports: 
+      - ${PORT}:80
+
diff --git a/Identification and Authentication Failures (Broken Authentication)/hard/.env b/Identification and Authentication Failures (Broken Authentication)/hard/.env
@@ -0,0 +1,4 @@
+PORT = 2280
+
+# Docker
+COMPOSE_PROJECT_NAME = challenges2023owasp10-identification-and-authentication-failures-hard
diff --git a/Identification and Authentication Failures (Broken Authentication)/hard/Dockerfile b/Identification and Authentication Failures (Broken Authentication)/hard/Dockerfile
@@ -0,0 +1,5 @@
+FROM php:apache
+
+ARG src="./4uth Xrack Que\$t/"
+ARG dest="/var/www/html/"
+COPY ${src} ${dest}
diff --git a/Identification and Authentication Failures (Broken Authentication)/hard/compose.yaml b/Identification and Authentication Failures (Broken Authentication)/hard/compose.yaml
@@ -0,0 +1,6 @@
+services:
+  app:
+    build: .
+    ports: 
+      - ${PORT}:80
+
diff --git a/Injection (Cross-Site Scripting (XSS))/easy/.env b/Injection (Cross-Site Scripting (XSS))/easy/.env
@@ -0,0 +1,6 @@
+PORT = 3000
+COOKIE_KEY = "SECRET"
+FLAG = "NULL{C3rul3anSuns3t}"
+
+# Docker
+COMPOSE_PROJECT_NAME = challenges2023owasp10-injection-easy
diff --git a/Injection (Cross-Site Scripting (XSS))/easy/Dockerfile b/Injection (Cross-Site Scripting (XSS))/easy/Dockerfile
@@ -1,6 +1,8 @@
-FROM node:18
+FROM node:slim
 WORKDIR /app
-COPY package*.json .
-RUN npm install
+
+COPY package*.json ./
+RUN npm install 
+
 COPY . .
 CMD [ "node", "index.js" ]
diff --git a/Injection (Cross-Site Scripting (XSS))/easy/compose.yaml b/Injection (Cross-Site Scripting (XSS))/easy/compose.yaml
@@ -0,0 +1,6 @@
+services:
+  app:
+    build: .
+    ports: 
+      - ${PORT}:${PORT}
+
diff --git a/Injection (Cross-Site Scripting (XSS))/hard/.env b/Injection (Cross-Site Scripting (XSS))/hard/.env
@@ -0,0 +1,10 @@
+PORT = 3001
+COOKIE_KEY = "secret"
+BOT_USERNAME = "hi"
+BOT_PASSWORD = 123
+FLAG = "NULL{R0ogue3lephan1}"
+BOT_AUTH = "1234567890"
+DB_URI = "mongodb://localhost:27017"
+
+# Docker
+COMPOSE_PROJECT_NAME = challenges2023owasp10-injection-hard
diff --git a/Injection (Cross-Site Scripting (XSS))/hard/Dockerfile b/Injection (Cross-Site Scripting (XSS))/hard/Dockerfile
@@ -1,6 +1,8 @@
-FROM node:18
+FROM node:slim
 WORKDIR /app
-COPY package*.json .
-RUN npm install
+
+COPY package*.json ./
+RUN npm install 
+
 COPY . .
 CMD [ "node", "index.js", "&&", "node", "puppeteerBot.js" ]
diff --git a/Injection (Cross-Site Scripting (XSS))/hard/compose.yaml b/Injection (Cross-Site Scripting (XSS))/hard/compose.yaml
@@ -0,0 +1,13 @@
+services:
+  db:
+    image: mongo:latest
+    restart: always
+  app:
+    build: .
+    ports:
+      - ${PORT}:${PORT}
+    depends_on:
+      db:
+        condition: service_started
+    environment:
+      DB_URI: mongodb://db:27017
diff --git a/Insecure Design/easy/.env b/Insecure Design/easy/.env
@@ -0,0 +1,4 @@
+PORT = 2915
+
+# Docker
+COMPOSE_PROJECT_NAME = challenges2023owasp10-insecure-design-easy
diff --git a/Insecure Design/easy/Dockerfile b/Insecure Design/easy/Dockerfile
@@ -0,0 +1,4 @@
+FROM httpd:alpine
+WORKDIR /app
+
+COPY ./index.html /usr/local/apache2/htdocs/index.html
diff --git a/Insecure Design/easy/compose.yaml b/Insecure Design/easy/compose.yaml
@@ -0,0 +1,6 @@
+services:
+  app:
+    build: .
+    ports: 
+      - ${PORT}:80
+
diff --git a/Insecure Design/hard/et_tu/Dockerfile b/Insecure Design/hard/et_tu/Dockerfile
@@ -1,6 +1,5 @@
 FROM python:3.10-slim-buster
-
-WORKDIR /et_tu
+WORKDIR /app
 
 COPY requirements.txt ./
 RUN pip install --no-cache-dir -r requirements.txt

diff --git a/Security Logging and Monitoring Failures (Insufficient Logging and Monitoring)/easy/.env b/Security Logging and Monitoring Failures (Insufficient Logging and Monitoring)/easy/.env
@@ -0,0 +1,4 @@
+PORT = 3124
+
+# Docker
+COMPOSE_PROJECT_NAME = challenges2023owasp10-security-logging-and-monitoring-failures-easy
diff --git a/...ity Logging and Monitoring Failures (Insufficient Logging and Monitoring)/easy/Dockerfile b/...ity Logging and Monitoring Failures (Insufficient Logging and Monitoring)/easy/Dockerfile
@@ -0,0 +1,4 @@
+FROM httpd:alpine
+WORKDIR /app
+
+COPY ./ /usr/local/apache2/htdocs/
diff --git a/...y Logging and Monitoring Failures (Insufficient Logging and Monitoring)/easy/compose.yaml b/...y Logging and Monitoring Failures (Insufficient Logging and Monitoring)/easy/compose.yaml
@@ -0,0 +1,6 @@
+services:
+  app:
+    build: .
+    ports: 
+      - ${PORT}:80
+
diff --git a/...ity Logging and Monitoring Failures (Insufficient Logging and Monitoring)/easy/index.html b/...ity Logging and Monitoring Failures (Insufficient Logging and Monitoring)/easy/index.html
@@ -92,26 +92,6 @@ <h1>Find IP of Attacker?</h1>
         <input type="text" id="keyInput" placeholder="Enter IP of Target">
         <button id="checkButton">Check IP</button>
     </div>
-    <script>
-        document.getElementById('checkButton').addEventListener('click', function() {
-            // Get the value entered by the user
-            var userKey = document.getElementById('keyInput').value;
-
-            // Define the correct key
-            var correctKey = "50.96.12.14";
-
-            // Check if the entered key matches the correct key
-            if (userKey === correctKey) {
-                // If the keys match, display an alert with the message
-                alert("NULL{L$4884#}");
-            } else {
-                // If the keys do not match, display an error message
-                alert("IP is incorrect. Please try again.");
-            }
-        });
-        document.addEventListener('contextmenu', function(e) {
-        e.preventDefault();
-        });
-    </script>
+    <script src="./script.js"></script>
 </body>
 </html>