exploitable/app.js at master · TacticalLimit/exploitable · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
var createError = require('http-errors');
var express = require('express');
var path = require('path');
var cookieParser = require('cookie-parser');
var logger = require('morgan');
var session = require('express-session');
var sqlite3 = require('sqlite3');
var path = require('path');
var fs = require('fs');
var crypto = require('crypto');

var indexRouter = require('./routes/index');
var usersRouter = require('./routes/users');
var reflectedXSSRouter = require('./routes/reflected-xss');
var commandExecutionRouter = require('./routes/command-execution');
var xssRouter = require('./routes/xss');
var loginRouter = require('./routes/login');

async function createApp() {
  var app = express();

  const dbFile = './db/exploitable.db';
  var db;
  if (!fs.existsSync(dbFile)) {
    console.log('Creating database...');
    db = new sqlite3.Database(dbFile);
    db.serialize(() => {
      db.run('CREATE TABLE IF NOT EXISTS users (email TEXT PRIMARY KEY, password TEXT NOT NULL, username TEXT NOT NULL)');
      const passwordHashes = [
        crypto.createHash('md5').update('Welcome123!').digest('hex'),
        crypto.createHash('md5').update('chang3m3').digest('hex'),
      ];
      db.run(`INSERT INTO users VALUES ('admin@example.com', '${passwordHashes[0]}', 'The Administrator')`);
      db.run(`INSERT INTO users VALUES ('user1@example.com', '${passwordHashes[1]}', 'The First User')`);

      db.run('CREATE TABLE IF NOT EXISTS messages ( message_id INTEGER PRIMARY KEY AUTOINCREMENT, message_from TEXT NOT NULL, message TEXT NOT NULL, message_time VARCHAR(32) NOT NULL)');
      db.run(`INSERT INTO messages (message_from, message, message_time) VALUES ("System <system@example.com>", "Welcome to this exploitable message board!", "${new Date().toISOString()}")`);
    });
    console.log('Database created.');
  } else {
    db = new sqlite3.Database(dbFile);
  }

  app.locals.db = db;

  // view engine setup
  app.set('views', path.join(__dirname, 'views'));
  app.set('view engine', 'ejs');

  app.use(logger('dev'));
  app.use(express.json());
  app.use(express.urlencoded({ extended: false }));
  app.use(cookieParser());
  app.use(session({
    secret: 'yes it is',
    name: 'exposedSession',
    cookie: {
      httpOnly: false
    }
  }));
  app.use(express.static(path.join(__dirname, 'public')));

  app.use('/', indexRouter);
  app.use('/users', usersRouter);
  app.use('/reflected-xss', reflectedXSSRouter);
  app.use('/command-execution', commandExecutionRouter);
  app.use('/xss', xssRouter);
  app.use('/login', loginRouter);
  // catch 404 and forward to error handler
  app.use(function(req, res, next) {
    next(createError(404));
  });

  // error handler
  app.use(function(err, req, res, next) {
    // set locals, only providing error in development
    res.locals.message = err.message;
    res.locals.error = req.app.get('env') === 'development' ? err : {};

    // render the error page
    res.status(err.status || 500);
    res.render('error');
  });
  return app;
}


module.exports = createApp;