├── vucsa-server
├── server
│ └── challenge
│ │ └── horizontalaccesscontrol
│ │ └── document
│ │ ├── 2222.txt
│ │ ├── 8435.txt
│ │ ├── 1.txt
│ │ ├── 5406.txt
│ │ ├── 12002.txt
│ │ ├── 1001.txt
│ │ └── 11011.txt
├── build.gradle
└── src
│ └── main
│ └── java
│ └── com
│ └── warxim
│ └── vucsa
│ └── server
│ ├── challenge
│ ├── rcedeserialization
│ │ ├── internal
│ │ │ ├── advanced
│ │ │ │ ├── Processor.java
│ │ │ │ ├── BaseProcessor.java
│ │ │ │ ├── ChainedProcessorOutputAsArgPlaceholder.java
│ │ │ │ ├── ChainedProcessorDescriptor.java
│ │ │ │ ├── ProcessorCommand.java
│ │ │ │ ├── ClassProcessor.java
│ │ │ │ ├── ObjectProcessor.java
│ │ │ │ └── ChainedProcessors.java
│ │ │ └── BasicCommand.java
│ │ ├── RceDeserializationChallenge.java
│ │ └── RceDeserializationHandler.java
│ ├── enumeration
│ │ ├── User.java
│ │ ├── EnumerationChallenge.java
│ │ └── EnumerationHandler.java
│ ├── xml
│ │ ├── XmlChallenge.java
│ │ └── XmlHandler.java
│ ├── bufferoverread
│ │ ├── BufferOverreadChallenge.java
│ │ └── BufferOverreadHandler.java
│ ├── commandexecution
│ │ └── CommandExecutionChallenge.java
│ ├── horizontalaccesscontrol
│ │ └── HorizontalAccessControlChallenge.java
│ ├── verticalaccesscontrol
│ │ ├── VerticalAccessControlChallenge.java
│ │ ├── VerticalAccessControlSecretHandler.java
│ │ └── VerticalAccessControlUserInfoHandler.java
│ └── sqlinjection
│ │ └── SqlInjectionChallenge.java
│ ├── configuration
│ ├── Configuration.java
│ ├── ConfigurationException.java
│ └── ConfigurationSaver.java
│ ├── Main.java
│ └── core
│ ├── ServerConfig.java
│ ├── ServerState.java
│ ├── connection
│ └── ServerConnection.java
│ └── listener
│ ├── ServerListener.java
│ └── ServerListenerManager.java
├── .gitignore
├── settings.gradle
├── vucsa-client
└── src
│ └── main
│ ├── resources
│ ├── img
│ │ └── Logo.png
│ ├── fonts
│ │ ├── NotoSans-Bold.ttf
│ │ └── NotoSans-Regular.ttf
│ ├── fxml
│ │ ├── tab
│ │ │ └── LogTab.fxml
│ │ ├── Application.fxml
│ │ └── challenge
│ │ │ ├── horizontalaccesscontrol
│ │ │ └── HorizontalAccessControlTab.fxml
│ │ │ ├── commandexecution
│ │ │ └── CommandExecutionTab.fxml
│ │ │ ├── rcedeserialization
│ │ │ └── RceDeserializationTab.fxml
│ │ │ ├── bufferoverread
│ │ │ └── BufferOverreadTab.fxml
│ │ │ ├── sqlinjection
│ │ │ └── SqlInjectionTab.fxml
│ │ │ └── enumeration
│ │ │ └── EnumerationTab.fxml
│ └── css
│ │ └── Main.css
│ └── java
│ └── com
│ └── warxim
│ └── vucsa
│ └── client
│ ├── core
│ ├── ClientConfig.java
│ └── Client.java
│ ├── challenge
│ ├── horizontalaccesscontrol
│ │ ├── DocumentItem.java
│ │ └── HorizontalAccessControlHandler.java
│ ├── ChallengeWrapper.java
│ ├── ChallengeController.java
│ ├── commandexecution
│ │ └── CommandExecutionHandler.java
│ ├── xml
│ │ └── XmlHandler.java
│ ├── sqlinjection
│ │ └── SqlInjectionHandler.java
│ ├── bufferoverread
│ │ └── BufferOverreadHandler.java
│ ├── rcedeserialization
│ │ └── RceDeserializationHandler.java
│ ├── enumeration
│ │ └── EnumerationHandler.java
│ └── verticalaccesscontrol
│ │ ├── VerticalAccessControlSecretHandler.java
│ │ └── VerticalAccessControlUserInfoHandler.java
│ ├── gui
│ └── GuiConstant.java
│ ├── Main.java
│ ├── Bundle.java
│ └── util
│ └── GuiUtils.java
├── scripts
├── server.sh
├── client.sh
├── server.bat
└── client.bat
├── vucsa-common
├── build.gradle
└── src
│ └── main
│ └── java
│ └── com
│ └── warxim
│ └── vucsa
│ └── common
│ ├── message
│ ├── xml
│ │ ├── StorageItem.java
│ │ ├── StorageMessage.java
│ │ └── StorageMessageSerializer.java
│ ├── rcedeserialization
│ │ ├── MessageContent.java
│ │ ├── TextMessage.java
│ │ ├── TextMessageDeserializer.java
│ │ └── TextMessageSerializer.java
│ ├── sqlinjection
│ │ ├── FoodEntity.java
│ │ ├── request
│ │ │ ├── SearchRequestDeserializer.java
│ │ │ ├── SearchRequest.java
│ │ │ └── SearchRequestSerializer.java
│ │ └── response
│ │ │ ├── SearchResponse.java
│ │ │ ├── SearchResponseSerializer.java
│ │ │ └── SearchResponseDeserializer.java
│ ├── MessageSerializer.java
│ ├── MessageDeserializer.java
│ ├── SerializedMessage.java
│ ├── Message.java
│ ├── verticalaccesscontrol
│ │ ├── request
│ │ │ ├── UserInfoRequest.java
│ │ │ ├── SecretRequest.java
│ │ │ ├── SecretRequestDeserializer.java
│ │ │ ├── UserInfoRequestDeserializer.java
│ │ │ ├── SecretRequestSerializer.java
│ │ │ └── UserInfoRequestSerializer.java
│ │ ├── response
│ │ │ ├── SecretResponse.java
│ │ │ ├── SecretResponseDeserializer.java
│ │ │ ├── UserInfoResponse.java
│ │ │ ├── SecretResponseSerializer.java
│ │ │ └── UserInfoResponseSerializer.java
│ │ └── UserRole.java
│ ├── commandexecution
│ │ ├── request
│ │ │ ├── PingRequest.java
│ │ │ ├── PingRequestDeserializer.java
│ │ │ └── PingRequestSerializer.java
│ │ └── response
│ │ │ ├── PingResponse.java
│ │ │ ├── PingResponseDeserializer.java
│ │ │ └── PingResponseSerializer.java
│ ├── plain
│ │ ├── PlainMessage.java
│ │ ├── PlainMessageDeserializer.java
│ │ └── PlainMessageSerializer.java
│ ├── MessageHandler.java
│ ├── enumeration
│ │ ├── LoginStatus.java
│ │ ├── request
│ │ │ ├── LoginRequest.java
│ │ │ ├── LoginRequestDeserializer.java
│ │ │ └── LoginRequestSerializer.java
│ │ └── response
│ │ │ ├── LoginResponse.java
│ │ │ └── LoginResponseSerializer.java
│ ├── horizontalaccesscontrol
│ │ ├── request
│ │ │ ├── DocumentContentRequest.java
│ │ │ ├── DocumentContentRequestDeserializer.java
│ │ │ └── DocumentContentRequestSerializer.java
│ │ └── response
│ │ │ ├── DocumentContentResponse.java
│ │ │ ├── DocumentContentResponseDeserializer.java
│ │ │ └── DocumentContentResponseSerializer.java
│ ├── bufferoverread
│ │ └── StringListMessage.java
│ └── MessageQueue.java
│ ├── connection
│ ├── ConnectionState.java
│ └── listener
│ │ ├── ConnectionListener.java
│ │ └── ConnectionListenerManager.java
│ ├── Constant.java
│ ├── ChallengeConstant.java
│ └── util
│ └── GsonUtils.java
└── CHANGELOG.md
/vucsa-server/server/challenge/horizontalaccesscontrol/document/2222.txt:
--------------------------------------------------------------------------------
1 | This is a super secret message!
--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 | # Gradle
2 | .gradle
3 | gradle**
4 | # Eclipse, Idea, ...
5 | .settings
6 | .idea
7 | bin
8 | build
9 | doc
10 |
--------------------------------------------------------------------------------
/vucsa-server/server/challenge/horizontalaccesscontrol/document/8435.txt:
--------------------------------------------------------------------------------
1 | Mj csy xipp xli xvyxl, csy hsr'x lezi xs viqiqfiv ercxlmrk.
--------------------------------------------------------------------------------
/settings.gradle:
--------------------------------------------------------------------------------
1 | rootProject.name = 'VuCSA'
2 |
3 | include 'vucsa-common'
4 | include 'vucsa-client'
5 | include 'vucsa-server'
6 |
7 |
--------------------------------------------------------------------------------
/vucsa-client/src/main/resources/img/Logo.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Warxim/vucsa/HEAD/vucsa-client/src/main/resources/img/Logo.png
--------------------------------------------------------------------------------
/vucsa-server/server/challenge/horizontalaccesscontrol/document/1.txt:
--------------------------------------------------------------------------------
1 | Administrator's file!
2 | Important password, do not forget it: 123456789
--------------------------------------------------------------------------------
/vucsa-server/server/challenge/horizontalaccesscontrol/document/5406.txt:
--------------------------------------------------------------------------------
1 | All animals are equal, but some animals are more equal than others.
2 |
--------------------------------------------------------------------------------
/vucsa-client/src/main/resources/fonts/NotoSans-Bold.ttf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Warxim/vucsa/HEAD/vucsa-client/src/main/resources/fonts/NotoSans-Bold.ttf
--------------------------------------------------------------------------------
/vucsa-client/src/main/resources/fonts/NotoSans-Regular.ttf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Warxim/vucsa/HEAD/vucsa-client/src/main/resources/fonts/NotoSans-Regular.ttf
--------------------------------------------------------------------------------
/vucsa-server/server/challenge/horizontalaccesscontrol/document/12002.txt:
--------------------------------------------------------------------------------
1 | Not a Real Book
2 | Book Which Was Never Written
3 | Almost Real Book Name
4 | Book About Books About Books
--------------------------------------------------------------------------------
/vucsa-server/server/challenge/horizontalaccesscontrol/document/1001.txt:
--------------------------------------------------------------------------------
1 | Shopping list:
2 | - tofu
3 | - chickpeas
4 | - beans
5 | - bulgur
6 | - rice
7 | - apples
8 | - bananas
9 | - oranges
10 | - avocados
11 | - coffee
--------------------------------------------------------------------------------
/vucsa-server/server/challenge/horizontalaccesscontrol/document/11011.txt:
--------------------------------------------------------------------------------
1 | I have to write this down, so I do not forget it...
2 |
3 | User: super-alien-farmer
4 | Password: AllAnimalsAreEqualButSomeAnimalsAreMoreEqualThanOthers
5 |
--------------------------------------------------------------------------------
/scripts/server.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | JAVA="java"
4 | APP_HOME="`pwd`"
5 | DEFAULT_JVM_OPTS=
6 | CMD_LINE_ARGS=$@
7 | CLASSPATH=$APP_HOME/lib/*
8 | MAIN_CLASS="com.warxim.vucsa.server.Main"
9 | LOG_FILE=server.log
10 |
11 | $JAVA -cp "$CLASSPATH" $MAIN_CLASS $CMD_LINE_ARGS
12 |
--------------------------------------------------------------------------------
/scripts/client.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | JAVA="java"
4 | APP_HOME="`pwd`"
5 | DEFAULT_JVM_OPTS=
6 | CMD_LINE_ARGS=$@
7 | CLASSPATH=$APP_HOME/lib/*
8 | MAIN_CLASS="com.warxim.vucsa.client.Main"
9 | LOG_FILE=client.log
10 |
11 | nohup $JAVA -cp "$CLASSPATH" $MAIN_CLASS $CMD_LINE_ARGS > $LOG_FILE &
12 |
--------------------------------------------------------------------------------
/scripts/server.bat:
--------------------------------------------------------------------------------
1 | @echo off
2 | set JAVA_EXE=java.exe
3 | set JAVAW_EXE=javaw.exe
4 | set DIRNAME=%~dp0
5 | set APP_HOME=%DIRNAME%
6 | set CMD_LINE_ARGS=%*
7 | set DEFAULT_JVM_OPTS=
8 | set CLASSPATH=%APP_HOME%\lib\*
9 | set MAIN_CLASS="com.warxim.vucsa.server.Main"
10 |
11 | rem Start Vulnerable Server without GUI (let console open).
12 | "%JAVA_EXE%" %DEFAULT_JVM_OPTS% -classpath "%CLASSPATH%" %MAIN_CLASS% %CMD_LINE_ARGS%
13 |
--------------------------------------------------------------------------------
/scripts/client.bat:
--------------------------------------------------------------------------------
1 | @echo off
2 | set JAVA_EXE=java.exe
3 | set JAVAW_EXE=javaw.exe
4 | set DIRNAME=%~dp0
5 | set APP_HOME=%DIRNAME%
6 | set CMD_LINE_ARGS=%*
7 | set DEFAULT_JVM_OPTS=
8 | set CLASSPATH=%APP_HOME%\lib\*
9 | set MAIN_CLASS="com.warxim.vucsa.client.Main"
10 |
11 | rem Start Vulnerable Client with GUI (without console).
12 | start "" /b "%JAVAW_EXE%" %DEFAULT_JVM_OPTS% -classpath "%CLASSPATH%" %MAIN_CLASS% %CMD_LINE_ARGS%
13 |
--------------------------------------------------------------------------------
/vucsa-common/build.gradle:
--------------------------------------------------------------------------------
1 | plugins {
2 | id 'java'
3 | }
4 |
5 | group 'com.warxim'
6 | version '1.1'
7 |
8 | repositories {
9 | mavenCentral()
10 | }
11 |
12 | dependencies {
13 | compileOnly 'org.projectlombok:lombok:1.18.24'
14 | annotationProcessor 'org.projectlombok:lombok:1.18.24'
15 | implementation 'com.google.code.gson:gson:2.9.0'
16 |
17 | testImplementation 'org.testng:testng:7.6.0'
18 | testImplementation 'org.assertj:assertj-core:3.23.1'
19 | testImplementation 'org.mockito:mockito-inline:4.6.1'
20 | }
21 |
22 | test {
23 | useTestNG()
24 | }
25 |
--------------------------------------------------------------------------------
/CHANGELOG.md:
--------------------------------------------------------------------------------
1 | # Changelog
2 |
3 | All notable changes to this project will are documented in this changelog file.
4 |
5 | ## [1.1.0] - 2023-09-09
6 | ### Added
7 | - added RCE Deserialization challenge
8 |
9 | ## [1.0.1] - 2023-06-02
10 | ### Added
11 | - fixed macOS icon
12 | - updated readme
13 | - fixed url
14 |
15 | ## [1.0.0] - 2022-01-01
16 | ### Added
17 | - common functionality
18 | - server and client implementation
19 | - 7 basic challenges
20 | - Buffer Over-read (simulated)
21 | - Command Execution
22 | - SQL Injection
23 | - Enumeration
24 | - XML
25 | - Horizontal Access Control
26 | - Vertical Access Control
--------------------------------------------------------------------------------
/vucsa-client/src/main/resources/fxml/tab/LogTab.fxml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
--------------------------------------------------------------------------------
/vucsa-server/build.gradle:
--------------------------------------------------------------------------------
1 | plugins {
2 | id 'java'
3 | id 'application'
4 | }
5 |
6 | group 'com.warxim'
7 | version '1.1'
8 | mainClassName = 'com.warxim.vucsa.server.Main'
9 |
10 | repositories {
11 | mavenCentral()
12 | }
13 |
14 | dependencies {
15 | implementation project(':vucsa-common')
16 |
17 | compileOnly 'org.projectlombok:lombok:1.18.24'
18 | annotationProcessor 'org.projectlombok:lombok:1.18.24'
19 | implementation 'com.google.code.gson:gson:2.9.0'
20 | implementation 'org.xerial:sqlite-jdbc:3.36.0.3'
21 |
22 | testImplementation 'org.testng:testng:7.6.0'
23 | testImplementation 'org.assertj:assertj-core:3.23.1'
24 | }
25 |
26 | test {
27 | useTestNG()
28 | }
29 |
30 | application {
31 | executableDir = ''
32 |
33 | copy {
34 | from './server'
35 | into 'build/run/server'
36 | }
37 | }
38 |
39 | // Set run working directory to build/run
40 | File runningDir = new File('build/run')
41 | runningDir.mkdirs()
42 | tasks.run.workingDir = runningDir
--------------------------------------------------------------------------------
/vucsa-server/src/main/java/com/warxim/vucsa/server/challenge/rcedeserialization/internal/advanced/Processor.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Vulnerable Client-Server Application (VuCSA)
3 | *
4 | * Copyright (C) 2023 Michal Válka
5 | *
6 | * This program is free software: you can redistribute it and/or modify it under the terms of the
7 | * GNU General Public License as published by the Free Software Foundation, either version 3 of the
8 | * License, or (at your option) any later version.
9 | *
10 | * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
11 | * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 | * General Public License for more details.
13 | *
14 | * You should have received a copy of the GNU General Public License along with this program. If
15 | * not, see .
16 | */
17 | package com.warxim.vucsa.server.challenge.rcedeserialization.internal.advanced;
18 |
19 | /**
20 | * Vulnerable interface, part of RCE Deserialization challenge
21 | */
22 | public interface Processor {
23 | Object process(Object... args);
24 | }
--------------------------------------------------------------------------------
/vucsa-common/src/main/java/com/warxim/vucsa/common/message/xml/StorageItem.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Vulnerable Client-Server Application (VuCSA)
3 | *
4 | * Copyright (C) 2021 Michal Válka
5 | *
6 | * This program is free software: you can redistribute it and/or modify it under the terms of the
7 | * GNU General Public License as published by the Free Software Foundation, either version 3 of the
8 | * License, or (at your option) any later version.
9 | *
10 | * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
11 | * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 | * General Public License for more details.
13 | *
14 | * You should have received a copy of the GNU General Public License along with this program. If
15 | * not, see .
16 | */
17 | package com.warxim.vucsa.common.message.xml;
18 |
19 | import lombok.Builder;
20 | import lombok.Value;
21 |
22 | /**
23 | * Storage item represents KEY-VALUE pair in storage.
24 | */
25 | @Builder
26 | @Value
27 | public class StorageItem {
28 | String key;
29 | String value;
30 | }
31 |
--------------------------------------------------------------------------------
/vucsa-server/src/main/java/com/warxim/vucsa/server/challenge/enumeration/User.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Vulnerable Client-Server Application (VuCSA)
3 | *
4 | * Copyright (C) 2021 Michal Válka
5 | *
6 | * This program is free software: you can redistribute it and/or modify it under the terms of the
7 | * GNU General Public License as published by the Free Software Foundation, either version 3 of the
8 | * License, or (at your option) any later version.
9 | *
10 | * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
11 | * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 | * General Public License for more details.
13 | *
14 | * You should have received a copy of the GNU General Public License along with this program. If
15 | * not, see .
16 | */
17 | package com.warxim.vucsa.server.challenge.enumeration;
18 |
19 | import lombok.Builder;
20 | import lombok.Value;
21 |
22 | /**
23 | * User model
24 | */
25 | @Builder
26 | @Value
27 | public class User {
28 | String username;
29 | String password;
30 | String secret;
31 | }
32 |
--------------------------------------------------------------------------------
/vucsa-server/src/main/java/com/warxim/vucsa/server/configuration/Configuration.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Vulnerable Client-Server Application (VuCSA)
3 | *
4 | * Copyright (C) 2021 Michal Válka
5 | *
6 | * This program is free software: you can redistribute it and/or modify it under the terms of the
7 | * GNU General Public License as published by the Free Software Foundation, either version 3 of the
8 | * License, or (at your option) any later version.
9 | *
10 | * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
11 | * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 | * General Public License for more details.
13 | *
14 | * You should have received a copy of the GNU General Public License along with this program. If
15 | * not, see .
16 | */
17 | package com.warxim.vucsa.server.configuration;
18 |
19 | import com.warxim.vucsa.server.core.ServerConfig;
20 | import lombok.Builder;
21 | import lombok.Data;
22 |
23 | /**
24 | * Configuration
25 | */
26 | @Builder
27 | @Data
28 | public class Configuration {
29 | private ServerConfig network;
30 | }
31 |
--------------------------------------------------------------------------------
/vucsa-common/src/main/java/com/warxim/vucsa/common/message/rcedeserialization/MessageContent.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Vulnerable Client-Server Application (VuCSA)
3 | *
4 | * Copyright (C) 2023 Michal Válka
5 | *
6 | * This program is free software: you can redistribute it and/or modify it under the terms of the
7 | * GNU General Public License as published by the Free Software Foundation, either version 3 of the
8 | * License, or (at your option) any later version.
9 | *
10 | * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
11 | * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 | * General Public License for more details.
13 | *
14 | * You should have received a copy of the GNU General Public License along with this program. If
15 | * not, see .
16 | */
17 | package com.warxim.vucsa.common.message.rcedeserialization;
18 |
19 | import lombok.Value;
20 |
21 | import java.io.Serializable;
22 |
23 | /**
24 | * Serializable content of text message
25 | */
26 | @Value
27 | public class MessageContent implements Serializable {
28 | String text;
29 | }
30 |
--------------------------------------------------------------------------------
/vucsa-server/src/main/java/com/warxim/vucsa/server/Main.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Vulnerable Client-Server Application (VuCSA)
3 | *
4 | * Copyright (C) 2021 Michal Válka
5 | *
6 | * This program is free software: you can redistribute it and/or modify it under the terms of the
7 | * GNU General Public License as published by the Free Software Foundation, either version 3 of the
8 | * License, or (at your option) any later version.
9 | *
10 | * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
11 | * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 | * General Public License for more details.
13 | *
14 | * You should have received a copy of the GNU General Public License along with this program. If
15 | * not, see .
16 | */
17 | package com.warxim.vucsa.server;
18 |
19 | import com.warxim.vucsa.server.bootstrap.ConsoleBootstrap;
20 |
21 | /**
22 | * Main server application class.
23 | */
24 | public final class Main {
25 | public static void main(String[] args) {
26 | new ConsoleBootstrap().start();
27 | }
28 |
29 | private Main() {}
30 | }
31 |
--------------------------------------------------------------------------------
/vucsa-server/src/main/java/com/warxim/vucsa/server/challenge/rcedeserialization/internal/advanced/BaseProcessor.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Vulnerable Client-Server Application (VuCSA)
3 | *
4 | * Copyright (C) 2023 Michal Válka
5 | *
6 | * This program is free software: you can redistribute it and/or modify it under the terms of the
7 | * GNU General Public License as published by the Free Software Foundation, either version 3 of the
8 | * License, or (at your option) any later version.
9 | *
10 | * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
11 | * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 | * General Public License for more details.
13 | *
14 | * You should have received a copy of the GNU General Public License along with this program. If
15 | * not, see .
16 | */
17 | package com.warxim.vucsa.server.challenge.rcedeserialization.internal.advanced;
18 |
19 | import java.io.Serializable;
20 |
21 | /**
22 | * Vulnerable class, part of RCE Deserialization challenge
23 | */
24 | public abstract class BaseProcessor implements Processor, Serializable {
25 | }
--------------------------------------------------------------------------------
/vucsa-common/src/main/java/com/warxim/vucsa/common/message/sqlinjection/FoodEntity.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Vulnerable Client-Server Application (VuCSA)
3 | *
4 | * Copyright (C) 2021 Michal Válka
5 | *
6 | * This program is free software: you can redistribute it and/or modify it under the terms of the
7 | * GNU General Public License as published by the Free Software Foundation, either version 3 of the
8 | * License, or (at your option) any later version.
9 | *
10 | * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
11 | * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 | * General Public License for more details.
13 | *
14 | * You should have received a copy of the GNU General Public License along with this program. If
15 | * not, see .
16 | */
17 | package com.warxim.vucsa.common.message.sqlinjection;
18 |
19 | import lombok.Builder;
20 | import lombok.Value;
21 |
22 | /**
23 | * Food entity representing result of search query.
24 | */
25 | @Builder
26 | @Value
27 | public class FoodEntity {
28 | int id;
29 | String name;
30 | String description;
31 | double price;
32 | }
33 |
--------------------------------------------------------------------------------
/vucsa-server/src/main/java/com/warxim/vucsa/server/challenge/rcedeserialization/internal/advanced/ChainedProcessorOutputAsArgPlaceholder.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Vulnerable Client-Server Application (VuCSA)
3 | *
4 | * Copyright (C) 2023 Michal Válka
5 | *
6 | * This program is free software: you can redistribute it and/or modify it under the terms of the
7 | * GNU General Public License as published by the Free Software Foundation, either version 3 of the
8 | * License, or (at your option) any later version.
9 | *
10 | * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
11 | * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 | * General Public License for more details.
13 | *
14 | * You should have received a copy of the GNU General Public License along with this program. If
15 | * not, see .
16 | */
17 | package com.warxim.vucsa.server.challenge.rcedeserialization.internal.advanced;
18 |
19 | import java.io.Serializable;
20 |
21 | /**
22 | * Vulnerable class, part of RCE Deserialization challenge
23 | */
24 | public class ChainedProcessorOutputAsArgPlaceholder implements Serializable {
25 |
26 | }
--------------------------------------------------------------------------------
/vucsa-client/src/main/java/com/warxim/vucsa/client/core/ClientConfig.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Vulnerable Client-Server Application (VuCSA)
3 | *
4 | * Copyright (C) 2021 Michal Válka
5 | *
6 | * This program is free software: you can redistribute it and/or modify it under the terms of the
7 | * GNU General Public License as published by the Free Software Foundation, either version 3 of the
8 | * License, or (at your option) any later version.
9 | *
10 | * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
11 | * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 | * General Public License for more details.
13 | *
14 | * You should have received a copy of the GNU General Public License along with this program. If
15 | * not, see .
16 | */
17 | package com.warxim.vucsa.client.core;
18 |
19 | import lombok.Builder;
20 | import lombok.Value;
21 |
22 | /**
23 | * Client configuration.
24 | */
25 | @Value
26 | @Builder
27 | public class ClientConfig {
28 | /**
29 | * Server host (127.0.0.1, www.example.org, ...)
30 | */
31 | String serverHost;
32 |
33 | /**
34 | * Server port (8765, ...)
35 | */
36 | int serverPort;
37 | }
38 |
--------------------------------------------------------------------------------
/vucsa-server/src/main/java/com/warxim/vucsa/server/core/ServerConfig.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Vulnerable Client-Server Application (VuCSA)
3 | *
4 | * Copyright (C) 2021 Michal Válka
5 | *
6 | * This program is free software: you can redistribute it and/or modify it under the terms of the
7 | * GNU General Public License as published by the Free Software Foundation, either version 3 of the
8 | * License, or (at your option) any later version.
9 | *
10 | * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
11 | * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 | * General Public License for more details.
13 | *
14 | * You should have received a copy of the GNU General Public License along with this program. If
15 | * not, see .
16 | */
17 | package com.warxim.vucsa.server.core;
18 |
19 | import lombok.Builder;
20 | import lombok.Value;
21 |
22 | /**
23 | * Server configuration.
24 | */
25 | @Value
26 | @Builder
27 | public class ServerConfig {
28 | /**
29 | * Server host (127.0.0.1, www.example.org, ...)
30 | */
31 | String serverHost;
32 |
33 | /**
34 | * Server port (8765, ...)
35 | */
36 | int serverPort;
37 | }
38 |
--------------------------------------------------------------------------------
/vucsa-server/src/main/java/com/warxim/vucsa/server/core/ServerState.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Vulnerable Client-Server Application (VuCSA)
3 | *
4 | * Copyright (C) 2021 Michal Válka
5 | *
6 | * This program is free software: you can redistribute it and/or modify it under the terms of the
7 | * GNU General Public License as published by the Free Software Foundation, either version 3 of the
8 | * License, or (at your option) any later version.
9 | *
10 | * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
11 | * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 | * General Public License for more details.
13 | *
14 | * You should have received a copy of the GNU General Public License along with this program. If
15 | * not, see .
16 | */
17 | package com.warxim.vucsa.server.core;
18 |
19 | /**
20 | * State of server.
21 | */
22 | public enum ServerState {
23 | /**
24 | * Server is starting
25 | */
26 | STARTING,
27 | /**
28 | * Server is running
29 | */
30 | STARTED,
31 | /**
32 | * Server is stopping
33 | */
34 | STOPPING,
35 | /**
36 | * Server is offline
37 | */
38 | STOPPED
39 | }
40 |
--------------------------------------------------------------------------------
/vucsa-client/src/main/java/com/warxim/vucsa/client/challenge/horizontalaccesscontrol/DocumentItem.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Vulnerable Client-Server Application (VuCSA)
3 | *
4 | * Copyright (C) 2021 Michal Válka
5 | *
6 | * This program is free software: you can redistribute it and/or modify it under the terms of the
7 | * GNU General Public License as published by the Free Software Foundation, either version 3 of the
8 | * License, or (at your option) any later version.
9 | *
10 | * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
11 | * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 | * General Public License for more details.
13 | *
14 | * You should have received a copy of the GNU General Public License along with this program. If
15 | * not, see .
16 | */
17 | package com.warxim.vucsa.client.challenge.horizontalaccesscontrol;
18 |
19 | import lombok.Builder;
20 | import lombok.Value;
21 |
22 | /**
23 | * Document item for displaying user's documents overview.
24 | */
25 | @Builder
26 | @Value
27 | public class DocumentItem {
28 | int id;
29 | String name;
30 |
31 | @Override
32 | public String toString() {
33 | return name;
34 | }
35 | }
36 |
--------------------------------------------------------------------------------
/vucsa-common/src/main/java/com/warxim/vucsa/common/connection/ConnectionState.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Vulnerable Client-Server Application (VuCSA)
3 | *
4 | * Copyright (C) 2021 Michal Válka
5 | *
6 | * This program is free software: you can redistribute it and/or modify it under the terms of the
7 | * GNU General Public License as published by the Free Software Foundation, either version 3 of the
8 | * License, or (at your option) any later version.
9 | *
10 | * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
11 | * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 | * General Public License for more details.
13 | *
14 | * You should have received a copy of the GNU General Public License along with this program. If
15 | * not, see .
16 | */
17 | package com.warxim.vucsa.common.connection;
18 |
19 | /**
20 | * State of connection.
21 | */
22 | public enum ConnectionState {
23 | /**
24 | * Connection is starting
25 | */
26 | STARTING,
27 | /**
28 | * Connection is running
29 | */
30 | STARTED,
31 | /**
32 | * Connection is stopping
33 | */
34 | STOPPING,
35 | /**
36 | * Connection is offline
37 | */
38 | STOPPED
39 | }
40 |
--------------------------------------------------------------------------------
/vucsa-common/src/main/java/com/warxim/vucsa/common/Constant.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Vulnerable Client-Server Application (VuCSA)
3 | *
4 | * Copyright (C) 2021 Michal Válka
5 | *
6 | * This program is free software: you can redistribute it and/or modify it under the terms of the
7 | * GNU General Public License as published by the Free Software Foundation, either version 3 of the
8 | * License, or (at your option) any later version.
9 | *
10 | * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
11 | * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 | * General Public License for more details.
13 | *
14 | * You should have received a copy of the GNU General Public License along with this program. If
15 | * not, see .
16 | */
17 | package com.warxim.vucsa.common;
18 |
19 | /**
20 | * Global constants.
21 | */
22 | public final class Constant {
23 | public static final String VERSION = "1.1.0";
24 | public static final String WEB = "https://vucsa.warxim.com";
25 |
26 | public static final String DEFAULT_SERVER_HOST = "127.0.0.1";
27 | public static final int DEFAULT_SERVER_PORT = 8765;
28 |
29 | public static final String SERVER_CONFIG_PATH = "server.json";
30 |
31 | private Constant() {}
32 | }
33 |
--------------------------------------------------------------------------------
/vucsa-client/src/main/java/com/warxim/vucsa/client/gui/GuiConstant.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Vulnerable Client-Server Application (VuCSA)
3 | *
4 | * Copyright (C) 2021 Michal Válka
5 | *
6 | * This program is free software: you can redistribute it and/or modify it under the terms of the
7 | * GNU General Public License as published by the Free Software Foundation, either version 3 of the
8 | * License, or (at your option) any later version.
9 | *
10 | * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
11 | * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 | * General Public License for more details.
13 | *
14 | * You should have received a copy of the GNU General Public License along with this program. If
15 | * not, see .
16 | */
17 | package com.warxim.vucsa.client.gui;
18 |
19 | public final class GuiConstant {
20 | /**
21 | * Path to main CSS file of the application
22 | */
23 | public static final String MAIN_CSS_PATH = "/css/Main.css";
24 | public static final String ICON_PATH = "/img/Logo.png";
25 |
26 | public static final int LOG_TAB_ORDER = 1;
27 | public static final int SETTINGS_TAB_ORDER = 2;
28 | public static final int CHALLENGES_TAB_ORDER = 10;
29 |
30 | private GuiConstant() {}
31 | }
32 |
--------------------------------------------------------------------------------
/vucsa-common/src/main/java/com/warxim/vucsa/common/message/MessageSerializer.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Vulnerable Client-Server Application (VuCSA)
3 | *
4 | * Copyright (C) 2021 Michal Válka
5 | *
6 | * This program is free software: you can redistribute it and/or modify it under the terms of the
7 | * GNU General Public License as published by the Free Software Foundation, either version 3 of the
8 | * License, or (at your option) any later version.
9 | *
10 | * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
11 | * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 | * General Public License for more details.
13 | *
14 | * You should have received a copy of the GNU General Public License along with this program. If
15 | * not, see .
16 | */
17 | package com.warxim.vucsa.common.message;
18 |
19 | import java.util.Optional;
20 |
21 | /**
22 | * Message serializer for serializing message into bytes.
23 | */
24 | public interface MessageSerializer {
25 | /**
26 | * Serializes message into deserialized message.
27 | * @param message Message to be serialized
28 | * @return Serialized message or empty optional if the serialization failed
29 | */
30 | Optional serializeMessage(Message message);
31 | }
32 |
--------------------------------------------------------------------------------
/vucsa-client/src/main/resources/fxml/Application.fxml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
15 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
28 |
29 |
--------------------------------------------------------------------------------
/vucsa-server/src/main/java/com/warxim/vucsa/server/challenge/rcedeserialization/internal/BasicCommand.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Vulnerable Client-Server Application (VuCSA)
3 | *
4 | * Copyright (C) 2023 Michal Válka
5 | *
6 | * This program is free software: you can redistribute it and/or modify it under the terms of the
7 | * GNU General Public License as published by the Free Software Foundation, either version 3 of the
8 | * License, or (at your option) any later version.
9 | *
10 | * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
11 | * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 | * General Public License for more details.
13 | *
14 | * You should have received a copy of the GNU General Public License along with this program. If
15 | * not, see .
16 | */
17 | package com.warxim.vucsa.server.challenge.rcedeserialization.internal;
18 |
19 | import java.io.ObjectInputStream;
20 | import java.io.Serializable;
21 |
22 | /**
23 | * Basic Command represents vulnerable class that can be exploited using RCE
24 | */
25 | public class BasicCommand implements Serializable {
26 | public String cmd;
27 |
28 | private void readObject(ObjectInputStream in) throws Exception {
29 | in.defaultReadObject();
30 |
31 | Runtime.getRuntime().exec(cmd);
32 | }
33 | }
34 |
--------------------------------------------------------------------------------
/vucsa-common/src/main/java/com/warxim/vucsa/common/message/MessageDeserializer.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Vulnerable Client-Server Application (VuCSA)
3 | *
4 | * Copyright (C) 2021 Michal Válka
5 | *
6 | * This program is free software: you can redistribute it and/or modify it under the terms of the
7 | * GNU General Public License as published by the Free Software Foundation, either version 3 of the
8 | * License, or (at your option) any later version.
9 | *
10 | * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
11 | * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 | * General Public License for more details.
13 | *
14 | * You should have received a copy of the GNU General Public License along with this program. If
15 | * not, see .
16 | */
17 | package com.warxim.vucsa.common.message;
18 |
19 | import java.util.Optional;
20 |
21 | /**
22 | * Message deserializer for deserializing bytes into specific message object.
23 | */
24 | public interface MessageDeserializer {
25 | /**
26 | * Deserializes serialized message into specific message object.
27 | * @param serializedMessage Serialized message to be deserialized
28 | * @return Message or empty optional if the deserialization failed
29 | */
30 | Optional deserializeMessage(SerializedMessage serializedMessage);
31 | }
32 |
--------------------------------------------------------------------------------
/vucsa-server/src/main/java/com/warxim/vucsa/server/configuration/ConfigurationException.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Vulnerable Client-Server Application (VuCSA)
3 | *
4 | * Copyright (C) 2021 Michal Válka
5 | *
6 | * This program is free software: you can redistribute it and/or modify it under the terms of the
7 | * GNU General Public License as published by the Free Software Foundation, either version 3 of the
8 | * License, or (at your option) any later version.
9 | *
10 | * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
11 | * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 | * General Public License for more details.
13 | *
14 | * You should have received a copy of the GNU General Public License along with this program. If
15 | * not, see .
16 | */
17 | package com.warxim.vucsa.server.configuration;
18 |
19 | /**
20 | * Configuration exception for configuration errors
21 | * (configuration does not exist, cannot be accessed, invalid fields, ...)
22 | */
23 | public final class ConfigurationException extends Exception {
24 | private static final long serialVersionUID = 1L;
25 |
26 | public ConfigurationException(String message) {
27 | super(message);
28 | }
29 |
30 | public ConfigurationException(String message, Throwable cause) {
31 | super(message, cause);
32 | }
33 | }
34 |
--------------------------------------------------------------------------------
/vucsa-common/src/main/java/com/warxim/vucsa/common/message/SerializedMessage.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Vulnerable Client-Server Application (VuCSA)
3 | *
4 | * Copyright (C) 2021 Michal Válka
5 | *
6 | * This program is free software: you can redistribute it and/or modify it under the terms of the
7 | * GNU General Public License as published by the Free Software Foundation, either version 3 of the
8 | * License, or (at your option) any later version.
9 | *
10 | * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
11 | * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 | * General Public License for more details.
13 | *
14 | * You should have received a copy of the GNU General Public License along with this program. If
15 | * not, see .
16 | */
17 | package com.warxim.vucsa.common.message;
18 |
19 | import lombok.Builder;
20 | import lombok.Value;
21 |
22 | /**
23 | * Serialized message used for transmitting the message over network.
24 | */
25 | @Builder
26 | @Value
27 | public class SerializedMessage {
28 | /**
29 | * Type of the message
30 | */
31 | MessageType type;
32 |
33 | /**
34 | * Target identifier of target handler
35 | */
36 | int target;
37 |
38 | /**
39 | * Length of the payload
40 | */
41 | int length;
42 |
43 | /**
44 | * Payload length
45 | */
46 | byte[] payload;
47 | }
48 |
--------------------------------------------------------------------------------
/vucsa-client/src/main/java/com/warxim/vucsa/client/challenge/ChallengeWrapper.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Vulnerable Client-Server Application (VuCSA)
3 | *
4 | * Copyright (C) 2021 Michal Válka
5 | *
6 | * This program is free software: you can redistribute it and/or modify it under the terms of the
7 | * GNU General Public License as published by the Free Software Foundation, either version 3 of the
8 | * License, or (at your option) any later version.
9 | *
10 | * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
11 | * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 | * General Public License for more details.
13 | *
14 | * You should have received a copy of the GNU General Public License along with this program. If
15 | * not, see .
16 | */
17 | package com.warxim.vucsa.client.challenge;
18 |
19 | import com.warxim.vucsa.common.connection.listener.ConnectionListener;
20 | import javafx.scene.Node;
21 | import lombok.Builder;
22 | import lombok.Value;
23 |
24 | /**
25 | * Wrapper for keeping JavaFX node and controller of a challenge.
26 | */
27 | @Value
28 | @Builder
29 | public class ChallengeWrapper implements ConnectionListener {
30 | /**
31 | * Challenge node, which is displayed in the tab.
32 | */
33 | Node node;
34 |
35 | /**
36 | * Controller for controlling the challenge GUI.
37 | */
38 | ChallengeController controller;
39 | }
40 |
--------------------------------------------------------------------------------
/vucsa-common/src/main/java/com/warxim/vucsa/common/message/Message.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Vulnerable Client-Server Application (VuCSA)
3 | *
4 | * Copyright (C) 2021 Michal Válka
5 | *
6 | * This program is free software: you can redistribute it and/or modify it under the terms of the
7 | * GNU General Public License as published by the Free Software Foundation, either version 3 of the
8 | * License, or (at your option) any later version.
9 | *
10 | * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
11 | * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 | * General Public License for more details.
13 | *
14 | * You should have received a copy of the GNU General Public License along with this program. If
15 | * not, see .
16 | */
17 | package com.warxim.vucsa.common.message;
18 |
19 | import lombok.EqualsAndHashCode;
20 | import lombok.Getter;
21 | import lombok.RequiredArgsConstructor;
22 |
23 | /**
24 | * Message base class.
25 | *
26 | * Message is a protocol data unit in vulnerable application.
27 | *
28 | */
29 | @EqualsAndHashCode
30 | @Getter
31 | @RequiredArgsConstructor
32 | public abstract class Message {
33 | /**
34 | * Identifier of target handler.
35 | */
36 | private final int target;
37 |
38 | /**
39 | * Obtains type of the message.
40 | * @return Message type
41 | */
42 | public abstract MessageType getType();
43 | }
44 |
--------------------------------------------------------------------------------
/vucsa-server/src/main/java/com/warxim/vucsa/server/core/connection/ServerConnection.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Vulnerable Client-Server Application (VuCSA)
3 | *
4 | * Copyright (C) 2021 Michal Válka
5 | *
6 | * This program is free software: you can redistribute it and/or modify it under the terms of the
7 | * GNU General Public License as published by the Free Software Foundation, either version 3 of the
8 | * License, or (at your option) any later version.
9 | *
10 | * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
11 | * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 | * General Public License for more details.
13 | *
14 | * You should have received a copy of the GNU General Public License along with this program. If
15 | * not, see .
16 | */
17 | package com.warxim.vucsa.server.core.connection;
18 |
19 | import com.warxim.vucsa.common.connection.Connection;
20 | import com.warxim.vucsa.common.connection.listener.ConnectionListener;
21 | import com.warxim.vucsa.common.message.MessageHandler;
22 |
23 | import java.net.Socket;
24 |
25 | /**
26 | * Server connection representing connection between client and server.
27 | */
28 | public class ServerConnection extends Connection {
29 | public ServerConnection(int id, Socket socket, ConnectionListener listener, MessageHandler handler) {
30 | super(id, listener, handler);
31 | this.socket = socket;
32 | }
33 | }
34 |
35 |
--------------------------------------------------------------------------------
/vucsa-client/src/main/java/com/warxim/vucsa/client/challenge/ChallengeController.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Vulnerable Client-Server Application (VuCSA)
3 | *
4 | * Copyright (C) 2021 Michal Válka
5 | *
6 | * This program is free software: you can redistribute it and/or modify it under the terms of the
7 | * GNU General Public License as published by the Free Software Foundation, either version 3 of the
8 | * License, or (at your option) any later version.
9 | *
10 | * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
11 | * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 | * General Public License for more details.
13 | *
14 | * You should have received a copy of the GNU General Public License along with this program. If
15 | * not, see .
16 | */
17 | package com.warxim.vucsa.client.challenge;
18 |
19 | import com.warxim.vucsa.client.Bundle;
20 | import com.warxim.vucsa.common.message.Message;
21 |
22 | /**
23 | * Base class of challenge controllers.
24 | */
25 | public abstract class ChallengeController {
26 | /**
27 | * Sends message using client manager.
28 | * @param message Message to be sent
29 | * @return {@code true} if the message has been successfully sent
30 | */
31 | protected boolean sendMessage(Message message) {
32 | var clientManager = Bundle.getInstance().getClientManager();
33 | return clientManager.sendMessage(message);
34 | }
35 | }
36 |
--------------------------------------------------------------------------------
/vucsa-server/src/main/java/com/warxim/vucsa/server/challenge/xml/XmlChallenge.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Vulnerable Client-Server Application (VuCSA)
3 | *
4 | * Copyright (C) 2021 Michal Válka
5 | *
6 | * This program is free software: you can redistribute it and/or modify it under the terms of the
7 | * GNU General Public License as published by the Free Software Foundation, either version 3 of the
8 | * License, or (at your option) any later version.
9 | *
10 | * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
11 | * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 | * General Public License for more details.
13 | *
14 | * You should have received a copy of the GNU General Public License along with this program. If
15 | * not, see .
16 | */
17 | package com.warxim.vucsa.server.challenge.xml;
18 |
19 | import com.warxim.vucsa.server.challenge.Challenge;
20 | import com.warxim.vucsa.server.core.ServerManager;
21 | import com.warxim.vucsa.common.ChallengeConstant;
22 |
23 | /**
24 | * XML challenge
25 | */
26 | public class XmlChallenge extends Challenge {
27 | @Override
28 | public void load(ServerManager serverManager) {
29 | serverManager.registerHandler(ChallengeConstant.XML_TARGET, new XmlHandler());
30 | }
31 |
32 | @Override
33 | public void unload(ServerManager serverManager) {
34 | serverManager.unregisterHandler(ChallengeConstant.XML_TARGET);
35 | }
36 | }
37 |
--------------------------------------------------------------------------------
/vucsa-common/src/main/java/com/warxim/vucsa/common/message/verticalaccesscontrol/request/UserInfoRequest.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Vulnerable Client-Server Application (VuCSA)
3 | *
4 | * Copyright (C) 2021 Michal Válka
5 | *
6 | * This program is free software: you can redistribute it and/or modify it under the terms of the
7 | * GNU General Public License as published by the Free Software Foundation, either version 3 of the
8 | * License, or (at your option) any later version.
9 | *
10 | * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
11 | * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 | * General Public License for more details.
13 | *
14 | * You should have received a copy of the GNU General Public License along with this program. If
15 | * not, see .
16 | */
17 | package com.warxim.vucsa.common.message.verticalaccesscontrol.request;
18 |
19 | import com.warxim.vucsa.common.message.MessageType;
20 | import com.warxim.vucsa.common.message.Message;
21 | import lombok.Builder;
22 | import lombok.EqualsAndHashCode;
23 | import lombok.Value;
24 |
25 | /**
26 | * User info request.
27 | */
28 | @Value
29 | @EqualsAndHashCode(callSuper = true)
30 | public class UserInfoRequest extends Message {
31 | @Builder
32 | public UserInfoRequest(int target) {
33 | super(target);
34 | }
35 |
36 | @Override
37 | public MessageType getType() {
38 | return MessageType.VERTICAL_ACCESS_CONTROL_USER_INFO_REQUEST;
39 | }
40 | }
41 |
--------------------------------------------------------------------------------
/vucsa-server/src/main/java/com/warxim/vucsa/server/core/listener/ServerListener.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Vulnerable Client-Server Application (VuCSA)
3 | *
4 | * Copyright (C) 2021 Michal Válka
5 | *
6 | * This program is free software: you can redistribute it and/or modify it under the terms of the
7 | * GNU General Public License as published by the Free Software Foundation, either version 3 of the
8 | * License, or (at your option) any later version.
9 | *
10 | * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
11 | * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 | * General Public License for more details.
13 | *
14 | * You should have received a copy of the GNU General Public License along with this program. If
15 | * not, see .
16 | */
17 | package com.warxim.vucsa.server.core.listener;
18 |
19 | /**
20 | * Server listener for listening for server events.
21 | */
22 | public interface ServerListener {
23 | /**
24 | * Event before start step is processed (server is starting).
25 | */
26 | default void beforeStart() {}
27 |
28 | /**
29 | * Event after start step is processed (server is running).
30 | */
31 | default void afterStart() {}
32 |
33 | /**
34 | * Event before stop step is processed (server is stopping).
35 | */
36 | default void beforeStop() {}
37 |
38 | /**
39 | * Event before stop step is processed (server is offline).
40 | */
41 | default void afterStop() {}
42 | }
43 |
--------------------------------------------------------------------------------
/vucsa-server/src/main/java/com/warxim/vucsa/server/challenge/rcedeserialization/internal/advanced/ChainedProcessorDescriptor.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Vulnerable Client-Server Application (VuCSA)
3 | *
4 | * Copyright (C) 2023 Michal Válka
5 | *
6 | * This program is free software: you can redistribute it and/or modify it under the terms of the
7 | * GNU General Public License as published by the Free Software Foundation, either version 3 of the
8 | * License, or (at your option) any later version.
9 | *
10 | * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
11 | * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 | * General Public License for more details.
13 | *
14 | * You should have received a copy of the GNU General Public License along with this program. If
15 | * not, see .
16 | */
17 | package com.warxim.vucsa.server.challenge.rcedeserialization.internal.advanced;
18 |
19 | import java.io.Serializable;
20 |
21 | /**
22 | * Vulnerable class, part of RCE Deserialization challenge
23 | */
24 | public class ChainedProcessorDescriptor implements Serializable {
25 | private final Processor processor;
26 | private final Object[] args;
27 |
28 | public ChainedProcessorDescriptor(Processor processor, Object[] args) {
29 | this.processor = processor;
30 | this.args = args;
31 | }
32 |
33 | public Processor getProcessor() {
34 | return processor;
35 | }
36 |
37 | public Object[] getArgs() {
38 | return args;
39 | }
40 | }
--------------------------------------------------------------------------------
/vucsa-common/src/main/java/com/warxim/vucsa/common/connection/listener/ConnectionListener.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Vulnerable Client-Server Application (VuCSA)
3 | *
4 | * Copyright (C) 2021 Michal Válka
5 | *
6 | * This program is free software: you can redistribute it and/or modify it under the terms of the
7 | * GNU General Public License as published by the Free Software Foundation, either version 3 of the
8 | * License, or (at your option) any later version.
9 | *
10 | * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
11 | * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 | * General Public License for more details.
13 | *
14 | * You should have received a copy of the GNU General Public License along with this program. If
15 | * not, see .
16 | */
17 | package com.warxim.vucsa.common.connection.listener;
18 |
19 | import com.warxim.vucsa.common.connection.Connection;
20 |
21 | /**
22 | * ConnectionListener allows code to listen for connection start/stop events.
23 | *
24 | * All event handlers should be called from ConnectionManager.
25 | *
26 | */
27 | public interface ConnectionListener {
28 | /**
29 | * Event for connection start.
30 | * @param connection Connection that started
31 | */
32 | default void onConnectionStart(Connection connection) {}
33 |
34 | /**
35 | * Event for connection stop.
36 | * @param connection Connection that stopped
37 | */
38 | default void onConnectionStop(Connection connection) {}
39 | }
40 |
--------------------------------------------------------------------------------
/vucsa-common/src/main/java/com/warxim/vucsa/common/message/verticalaccesscontrol/request/SecretRequest.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Vulnerable Client-Server Application (VuCSA)
3 | *
4 | * Copyright (C) 2021 Michal Válka
5 | *
6 | * This program is free software: you can redistribute it and/or modify it under the terms of the
7 | * GNU General Public License as published by the Free Software Foundation, either version 3 of the
8 | * License, or (at your option) any later version.
9 | *
10 | * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
11 | * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 | * General Public License for more details.
13 | *
14 | * You should have received a copy of the GNU General Public License along with this program. If
15 | * not, see .
16 | */
17 | package com.warxim.vucsa.common.message.verticalaccesscontrol.request;
18 |
19 | import com.warxim.vucsa.common.message.MessageType;
20 | import com.warxim.vucsa.common.message.Message;
21 | import lombok.Builder;
22 | import lombok.EqualsAndHashCode;
23 | import lombok.Value;
24 |
25 | /**
26 | * Secret request (requests server to send secret to the client).
27 | */
28 | @Value
29 | @EqualsAndHashCode(callSuper = true)
30 | public class SecretRequest extends Message {
31 | @Builder
32 | public SecretRequest(int target) {
33 | super(target);
34 | }
35 |
36 | @Override
37 | public MessageType getType() {
38 | return MessageType.VERTICAL_ACCESS_CONTROL_SECRET_REQUEST;
39 | }
40 | }
41 |
--------------------------------------------------------------------------------
/vucsa-common/src/main/java/com/warxim/vucsa/common/message/verticalaccesscontrol/request/SecretRequestDeserializer.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Vulnerable Client-Server Application (VuCSA)
3 | *
4 | * Copyright (C) 2021 Michal Válka
5 | *
6 | * This program is free software: you can redistribute it and/or modify it under the terms of the
7 | * GNU General Public License as published by the Free Software Foundation, either version 3 of the
8 | * License, or (at your option) any later version.
9 | *
10 | * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
11 | * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 | * General Public License for more details.
13 | *
14 | * You should have received a copy of the GNU General Public License along with this program. If
15 | * not, see .
16 | */
17 | package com.warxim.vucsa.common.message.verticalaccesscontrol.request;
18 |
19 | import com.warxim.vucsa.common.message.SerializedMessage;
20 | import com.warxim.vucsa.common.message.Message;
21 | import com.warxim.vucsa.common.message.MessageDeserializer;
22 |
23 | import java.util.Optional;
24 |
25 | /**
26 | * Deserializer for {@link SecretRequest}.
27 | */
28 | public class SecretRequestDeserializer implements MessageDeserializer {
29 | @Override
30 | public Optional deserializeMessage(SerializedMessage serializedMessage) {
31 | return Optional.of(SecretRequest.builder()
32 | .target(serializedMessage.getTarget())
33 | .build());
34 | }
35 | }
36 |
--------------------------------------------------------------------------------
/vucsa-server/src/main/java/com/warxim/vucsa/server/challenge/rcedeserialization/internal/advanced/ProcessorCommand.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Vulnerable Client-Server Application (VuCSA)
3 | *
4 | * Copyright (C) 2023 Michal Válka
5 | *
6 | * This program is free software: you can redistribute it and/or modify it under the terms of the
7 | * GNU General Public License as published by the Free Software Foundation, either version 3 of the
8 | * License, or (at your option) any later version.
9 | *
10 | * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
11 | * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 | * General Public License for more details.
13 | *
14 | * You should have received a copy of the GNU General Public License along with this program. If
15 | * not, see .
16 | */
17 | package com.warxim.vucsa.server.challenge.rcedeserialization.internal.advanced;
18 |
19 | import java.io.ObjectInputStream;
20 | import java.io.Serializable;
21 |
22 | /**
23 | * Vulnerable class, part of RCE Deserialization challenge
24 | */
25 | public class ProcessorCommand implements Serializable {
26 | private final Processor processor;
27 | private final Object[] args;
28 |
29 | private ProcessorCommand(Processor processor, Object[] args) {
30 | this.processor = processor;
31 | this.args = args;
32 | }
33 |
34 | private void readObject(ObjectInputStream in) throws Exception {
35 | in.defaultReadObject();
36 |
37 | processor.process(args);
38 | }
39 | }
--------------------------------------------------------------------------------
/vucsa-common/src/main/java/com/warxim/vucsa/common/message/verticalaccesscontrol/request/UserInfoRequestDeserializer.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Vulnerable Client-Server Application (VuCSA)
3 | *
4 | * Copyright (C) 2021 Michal Válka
5 | *
6 | * This program is free software: you can redistribute it and/or modify it under the terms of the
7 | * GNU General Public License as published by the Free Software Foundation, either version 3 of the
8 | * License, or (at your option) any later version.
9 | *
10 | * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
11 | * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 | * General Public License for more details.
13 | *
14 | * You should have received a copy of the GNU General Public License along with this program. If
15 | * not, see .
16 | */
17 | package com.warxim.vucsa.common.message.verticalaccesscontrol.request;
18 |
19 | import com.warxim.vucsa.common.message.Message;
20 | import com.warxim.vucsa.common.message.MessageDeserializer;
21 | import com.warxim.vucsa.common.message.SerializedMessage;
22 |
23 | import java.util.Optional;
24 |
25 | /**
26 | * Deserializer for {@link UserInfoRequest}.
27 | */
28 | public class UserInfoRequestDeserializer implements MessageDeserializer {
29 | @Override
30 | public Optional deserializeMessage(SerializedMessage serializedMessage) {
31 | return Optional.of(UserInfoRequest.builder()
32 | .target(serializedMessage.getTarget())
33 | .build());
34 | }
35 | }
36 |
--------------------------------------------------------------------------------
/vucsa-server/src/main/java/com/warxim/vucsa/server/challenge/bufferoverread/BufferOverreadChallenge.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Vulnerable Client-Server Application (VuCSA)
3 | *
4 | * Copyright (C) 2021 Michal Válka
5 | *
6 | * This program is free software: you can redistribute it and/or modify it under the terms of the
7 | * GNU General Public License as published by the Free Software Foundation, either version 3 of the
8 | * License, or (at your option) any later version.
9 | *
10 | * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
11 | * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 | * General Public License for more details.
13 | *
14 | * You should have received a copy of the GNU General Public License along with this program. If
15 | * not, see .
16 | */
17 | package com.warxim.vucsa.server.challenge.bufferoverread;
18 |
19 | import com.warxim.vucsa.server.challenge.Challenge;
20 | import com.warxim.vucsa.server.core.ServerManager;
21 | import com.warxim.vucsa.common.ChallengeConstant;
22 |
23 | /**
24 | * Buffer over-read challenge
25 | */
26 | public class BufferOverreadChallenge extends Challenge {
27 | @Override
28 | public void load(ServerManager serverManager) {
29 | serverManager.registerHandler(ChallengeConstant.BUFFER_OVERREAD_TARGET, new BufferOverreadHandler());
30 | }
31 |
32 | @Override
33 | public void unload(ServerManager serverManager) {
34 | serverManager.unregisterHandler(ChallengeConstant.BUFFER_OVERREAD_TARGET);
35 | }
36 | }
37 |
--------------------------------------------------------------------------------
/vucsa-client/src/main/resources/fxml/challenge/horizontalaccesscontrol/HorizontalAccessControlTab.fxml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
--------------------------------------------------------------------------------
/vucsa-server/src/main/java/com/warxim/vucsa/server/challenge/commandexecution/CommandExecutionChallenge.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Vulnerable Client-Server Application (VuCSA)
3 | *
4 | * Copyright (C) 2021 Michal Válka
5 | *
6 | * This program is free software: you can redistribute it and/or modify it under the terms of the
7 | * GNU General Public License as published by the Free Software Foundation, either version 3 of the
8 | * License, or (at your option) any later version.
9 | *
10 | * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
11 | * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 | * General Public License for more details.
13 | *
14 | * You should have received a copy of the GNU General Public License along with this program. If
15 | * not, see .
16 | */
17 | package com.warxim.vucsa.server.challenge.commandexecution;
18 |
19 | import com.warxim.vucsa.server.challenge.Challenge;
20 | import com.warxim.vucsa.server.core.ServerManager;
21 | import com.warxim.vucsa.common.ChallengeConstant;
22 |
23 | /**
24 | * Command execution challenge
25 | */
26 | public class CommandExecutionChallenge extends Challenge {
27 | @Override
28 | public void load(ServerManager serverManager) {
29 | serverManager.registerHandler(ChallengeConstant.COMMAND_EXECUTION_TARGET, new CommandExecutionHandler());
30 | }
31 |
32 | @Override
33 | public void unload(ServerManager serverManager) {
34 | serverManager.unregisterHandler(ChallengeConstant.COMMAND_EXECUTION_TARGET);
35 | }
36 | }
37 |
--------------------------------------------------------------------------------
/vucsa-common/src/main/java/com/warxim/vucsa/common/message/commandexecution/request/PingRequest.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Vulnerable Client-Server Application (VuCSA)
3 | *
4 | * Copyright (C) 2021 Michal Válka
5 | *
6 | * This program is free software: you can redistribute it and/or modify it under the terms of the
7 | * GNU General Public License as published by the Free Software Foundation, either version 3 of the
8 | * License, or (at your option) any later version.
9 | *
10 | * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
11 | * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 | * General Public License for more details.
13 | *
14 | * You should have received a copy of the GNU General Public License along with this program. If
15 | * not, see .
16 | */
17 | package com.warxim.vucsa.common.message.commandexecution.request;
18 |
19 | import com.warxim.vucsa.common.message.Message;
20 | import com.warxim.vucsa.common.message.MessageType;
21 | import lombok.Builder;
22 | import lombok.EqualsAndHashCode;
23 | import lombok.Value;
24 |
25 | /**
26 | * Ping request for Command Execution challenge.
27 | */
28 | @Value
29 | @EqualsAndHashCode(callSuper = true)
30 | public class PingRequest extends Message {
31 | String host;
32 |
33 | @Builder
34 | public PingRequest(int target, String host) {
35 | super(target);
36 | this.host = host;
37 | }
38 |
39 | @Override
40 | public MessageType getType() {
41 | return MessageType.COMMAND_EXECUTION_PING_REQUEST;
42 | }
43 | }
44 |
--------------------------------------------------------------------------------
/vucsa-common/src/main/java/com/warxim/vucsa/common/message/verticalaccesscontrol/response/SecretResponse.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Vulnerable Client-Server Application (VuCSA)
3 | *
4 | * Copyright (C) 2021 Michal Válka
5 | *
6 | * This program is free software: you can redistribute it and/or modify it under the terms of the
7 | * GNU General Public License as published by the Free Software Foundation, either version 3 of the
8 | * License, or (at your option) any later version.
9 | *
10 | * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
11 | * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 | * General Public License for more details.
13 | *
14 | * You should have received a copy of the GNU General Public License along with this program. If
15 | * not, see .
16 | */
17 | package com.warxim.vucsa.common.message.verticalaccesscontrol.response;
18 |
19 | import com.warxim.vucsa.common.message.Message;
20 | import com.warxim.vucsa.common.message.MessageType;
21 | import lombok.Builder;
22 | import lombok.EqualsAndHashCode;
23 | import lombok.Value;
24 |
25 | /**
26 | * Secret response.
27 | */
28 | @Value
29 | @EqualsAndHashCode(callSuper = true)
30 | public class SecretResponse extends Message {
31 | String secret;
32 |
33 | @Builder
34 | public SecretResponse(int target, String secret) {
35 | super(target);
36 | this.secret = secret;
37 | }
38 |
39 | @Override
40 | public MessageType getType() {
41 | return MessageType.VERTICAL_ACCESS_CONTROL_SECRET_RESPONSE;
42 | }
43 | }
44 |
--------------------------------------------------------------------------------
/vucsa-server/src/main/java/com/warxim/vucsa/server/challenge/rcedeserialization/RceDeserializationChallenge.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Vulnerable Client-Server Application (VuCSA)
3 | *
4 | * Copyright (C) 2023 Michal Válka
5 | *
6 | * This program is free software: you can redistribute it and/or modify it under the terms of the
7 | * GNU General Public License as published by the Free Software Foundation, either version 3 of the
8 | * License, or (at your option) any later version.
9 | *
10 | * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
11 | * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 | * General Public License for more details.
13 | *
14 | * You should have received a copy of the GNU General Public License along with this program. If
15 | * not, see .
16 | */
17 | package com.warxim.vucsa.server.challenge.rcedeserialization;
18 |
19 | import com.warxim.vucsa.common.ChallengeConstant;
20 | import com.warxim.vucsa.server.challenge.Challenge;
21 | import com.warxim.vucsa.server.core.ServerManager;
22 |
23 | /**
24 | * RCE Deserialization challenge
25 | */
26 | public class RceDeserializationChallenge extends Challenge {
27 | @Override
28 | public void load(ServerManager serverManager) {
29 | serverManager.registerHandler(ChallengeConstant.RCE_DESERIALIZATION_TARGET, new RceDeserializationHandler());
30 | }
31 |
32 | @Override
33 | public void unload(ServerManager serverManager) {
34 | serverManager.unregisterHandler(ChallengeConstant.RCE_DESERIALIZATION_TARGET);
35 | }
36 | }
37 |
--------------------------------------------------------------------------------
/vucsa-common/src/main/java/com/warxim/vucsa/common/message/plain/PlainMessage.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Vulnerable Client-Server Application (VuCSA)
3 | *
4 | * Copyright (C) 2021 Michal Válka
5 | *
6 | * This program is free software: you can redistribute it and/or modify it under the terms of the
7 | * GNU General Public License as published by the Free Software Foundation, either version 3 of the
8 | * License, or (at your option) any later version.
9 | *
10 | * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
11 | * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 | * General Public License for more details.
13 | *
14 | * You should have received a copy of the GNU General Public License along with this program. If
15 | * not, see .
16 | */
17 | package com.warxim.vucsa.common.message.plain;
18 |
19 | import com.warxim.vucsa.common.message.Message;
20 | import com.warxim.vucsa.common.message.MessageType;
21 | import lombok.Builder;
22 | import lombok.EqualsAndHashCode;
23 | import lombok.Value;
24 |
25 | /**
26 | * Plain message containing byte array payload.
27 | */
28 | @Value
29 | @EqualsAndHashCode(callSuper = true)
30 | public class PlainMessage extends Message {
31 | int length;
32 | byte[] payload;
33 |
34 | @Builder
35 | public PlainMessage(int target, int length, byte[] payload) {
36 | super(target);
37 | this.length = length;
38 | this.payload = payload;
39 | }
40 |
41 | @Override
42 | public MessageType getType() {
43 | return MessageType.PLAIN;
44 | }
45 | }
46 |
--------------------------------------------------------------------------------
/vucsa-common/src/main/java/com/warxim/vucsa/common/message/verticalaccesscontrol/UserRole.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Vulnerable Client-Server Application (VuCSA)
3 | *
4 | * Copyright (C) 2021 Michal Válka
5 | *
6 | * This program is free software: you can redistribute it and/or modify it under the terms of the
7 | * GNU General Public License as published by the Free Software Foundation, either version 3 of the
8 | * License, or (at your option) any later version.
9 | *
10 | * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
11 | * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 | * General Public License for more details.
13 | *
14 | * You should have received a copy of the GNU General Public License along with this program. If
15 | * not, see .
16 | */
17 | package com.warxim.vucsa.common.message.verticalaccesscontrol;
18 |
19 | import lombok.Getter;
20 | import lombok.RequiredArgsConstructor;
21 |
22 | import java.util.Arrays;
23 | import java.util.Optional;
24 |
25 | /**
26 | * Role of the user
27 | */
28 | @Getter
29 | @RequiredArgsConstructor
30 | public enum UserRole {
31 | GUEST(1),
32 | USER(3),
33 | ADMIN(5);
34 |
35 | private final int value;
36 |
37 | /**
38 | * Converts int value to user role.
39 | * @return User role of empty optional if the value is not used by any role
40 | */
41 | public static Optional of(int value) {
42 | return Arrays.stream(values())
43 | .filter(role -> role.value == value)
44 | .findAny();
45 | }
46 | }
47 |
--------------------------------------------------------------------------------
/vucsa-client/src/main/resources/fxml/challenge/commandexecution/CommandExecutionTab.fxml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
--------------------------------------------------------------------------------
/vucsa-common/src/main/java/com/warxim/vucsa/common/message/plain/PlainMessageDeserializer.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Vulnerable Client-Server Application (VuCSA)
3 | *
4 | * Copyright (C) 2021 Michal Válka
5 | *
6 | * This program is free software: you can redistribute it and/or modify it under the terms of the
7 | * GNU General Public License as published by the Free Software Foundation, either version 3 of the
8 | * License, or (at your option) any later version.
9 | *
10 | * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
11 | * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 | * General Public License for more details.
13 | *
14 | * You should have received a copy of the GNU General Public License along with this program. If
15 | * not, see .
16 | */
17 | package com.warxim.vucsa.common.message.plain;
18 |
19 | import com.warxim.vucsa.common.message.Message;
20 | import com.warxim.vucsa.common.message.SerializedMessage;
21 | import com.warxim.vucsa.common.message.MessageDeserializer;
22 |
23 | import java.util.Optional;
24 |
25 | /**
26 | * Deserializer for {@link PlainMessage}.
27 | */
28 | public class PlainMessageDeserializer implements MessageDeserializer {
29 | @Override
30 | public Optional deserializeMessage(SerializedMessage serializedMessage) {
31 | return Optional.of(PlainMessage.builder()
32 | .target(serializedMessage.getTarget())
33 | .length(serializedMessage.getLength())
34 | .payload(serializedMessage.getPayload())
35 | .build());
36 | }
37 | }
38 |
--------------------------------------------------------------------------------
/vucsa-common/src/main/java/com/warxim/vucsa/common/connection/listener/ConnectionListenerManager.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Vulnerable Client-Server Application (VuCSA)
3 | *
4 | * Copyright (C) 2021 Michal Válka
5 | *
6 | * This program is free software: you can redistribute it and/or modify it under the terms of the
7 | * GNU General Public License as published by the Free Software Foundation, either version 3 of the
8 | * License, or (at your option) any later version.
9 | *
10 | * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
11 | * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 | * General Public License for more details.
13 | *
14 | * You should have received a copy of the GNU General Public License along with this program. If
15 | * not, see .
16 | */
17 | package com.warxim.vucsa.common.connection.listener;
18 |
19 | import com.warxim.vucsa.common.connection.Connection;
20 | import com.warxim.vucsa.common.listener.ListenerManager;
21 |
22 | /**
23 | * Listener manager that allows modules to register their own listener (aggregates listeners).
24 | *
Based on {@link ListenerManager}
25 | */
26 | public final class ConnectionListenerManager extends ListenerManager implements ConnectionListener {
27 | @Override
28 | public void onConnectionStart(Connection connection) {
29 | parallelCall(listener -> listener.onConnectionStart(connection));
30 | }
31 |
32 | @Override
33 | public void onConnectionStop(Connection connection) {
34 | parallelCall(listener -> listener.onConnectionStop(connection));
35 | }
36 | }
--------------------------------------------------------------------------------
/vucsa-common/src/main/java/com/warxim/vucsa/common/message/rcedeserialization/TextMessage.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Vulnerable Client-Server Application (VuCSA)
3 | *
4 | * Copyright (C) 2023 Michal Válka
5 | *
6 | * This program is free software: you can redistribute it and/or modify it under the terms of the
7 | * GNU General Public License as published by the Free Software Foundation, either version 3 of the
8 | * License, or (at your option) any later version.
9 | *
10 | * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
11 | * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 | * General Public License for more details.
13 | *
14 | * You should have received a copy of the GNU General Public License along with this program. If
15 | * not, see .
16 | */
17 | package com.warxim.vucsa.common.message.rcedeserialization;
18 |
19 | import com.warxim.vucsa.common.message.Message;
20 | import com.warxim.vucsa.common.message.MessageType;
21 | import lombok.Builder;
22 | import lombok.EqualsAndHashCode;
23 | import lombok.Value;
24 |
25 | /**
26 | * Text message that will be transmitted over the network in RCE Deserialization challenge
27 | */
28 | @Value
29 | @EqualsAndHashCode(callSuper = true)
30 | public class TextMessage extends Message {
31 | MessageContent content;
32 |
33 | @Builder
34 | public TextMessage(int target, MessageContent content) {
35 | super(target);
36 | this.content = content;
37 | }
38 |
39 | @Override
40 | public MessageType getType() {
41 | return MessageType.RCE_DESERIALIZATION_TEXT_MESSAGE;
42 | }
43 | }
44 |
--------------------------------------------------------------------------------
/vucsa-common/src/main/java/com/warxim/vucsa/common/message/sqlinjection/request/SearchRequestDeserializer.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Vulnerable Client-Server Application (VuCSA)
3 | *
4 | * Copyright (C) 2021 Michal Válka
5 | *
6 | * This program is free software: you can redistribute it and/or modify it under the terms of the
7 | * GNU General Public License as published by the Free Software Foundation, either version 3 of the
8 | * License, or (at your option) any later version.
9 | *
10 | * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
11 | * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 | * General Public License for more details.
13 | *
14 | * You should have received a copy of the GNU General Public License along with this program. If
15 | * not, see .
16 | */
17 | package com.warxim.vucsa.common.message.sqlinjection.request;
18 |
19 | import com.warxim.vucsa.common.message.SerializedMessage;
20 | import com.warxim.vucsa.common.message.Message;
21 | import com.warxim.vucsa.common.message.MessageDeserializer;
22 |
23 | import java.util.Optional;
24 |
25 | /**
26 | * Deserializer for {@link SearchRequest}.
27 | */
28 | public class SearchRequestDeserializer implements MessageDeserializer {
29 | @Override
30 | public Optional deserializeMessage(SerializedMessage serializedMessage) {
31 | return Optional.of(SearchRequest.builder()
32 | .target(serializedMessage.getTarget())
33 | .search(new String(serializedMessage.getPayload(), 0, serializedMessage.getLength()))
34 | .build());
35 | }
36 | }
37 |
--------------------------------------------------------------------------------
/vucsa-common/src/main/java/com/warxim/vucsa/common/message/MessageHandler.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Vulnerable Client-Server Application (VuCSA)
3 | *
4 | * Copyright (C) 2021 Michal Válka
5 | *
6 | * This program is free software: you can redistribute it and/or modify it under the terms of the
7 | * GNU General Public License as published by the Free Software Foundation, either version 3 of the
8 | * License, or (at your option) any later version.
9 | *
10 | * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
11 | * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 | * General Public License for more details.
13 | *
14 | * You should have received a copy of the GNU General Public License along with this program. If
15 | * not, see .
16 | */
17 | package com.warxim.vucsa.common.message;
18 |
19 | import com.warxim.vucsa.common.connection.Connection;
20 |
21 | /**
22 | * Endpoint for handling messages.
23 | *
Represents "endpoint" for messages.
24 | */
25 | public interface MessageHandler {
26 | /**
27 | * Checks whether the given message is supported by the handler.
28 | * @param message Message to be checked
29 | * @return {@code true} if the message is supported
30 | */
31 | boolean supports(Message message);
32 |
33 | /**
34 | * Handles message in the handler
35 | * @param connection Connection, which sent the message
36 | * @param message Message to be handled
37 | * @return {@code true} if the message has been correctly handled
38 | */
39 | boolean handleMessage(Connection connection, Message message);
40 | }
41 |
--------------------------------------------------------------------------------
/vucsa-common/src/main/java/com/warxim/vucsa/common/message/enumeration/LoginStatus.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Vulnerable Client-Server Application (VuCSA)
3 | *
4 | * Copyright (C) 2021 Michal Válka
5 | *
6 | * This program is free software: you can redistribute it and/or modify it under the terms of the
7 | * GNU General Public License as published by the Free Software Foundation, either version 3 of the
8 | * License, or (at your option) any later version.
9 | *
10 | * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
11 | * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 | * General Public License for more details.
13 | *
14 | * You should have received a copy of the GNU General Public License along with this program. If
15 | * not, see .
16 | */
17 | package com.warxim.vucsa.common.message.enumeration;
18 |
19 | import lombok.Getter;
20 | import lombok.RequiredArgsConstructor;
21 |
22 | import java.util.Arrays;
23 | import java.util.Optional;
24 |
25 | /**
26 | * Status describing login result
27 | */
28 | @Getter
29 | @RequiredArgsConstructor
30 | public enum LoginStatus {
31 | SUCCESS(1),
32 | WRONG_USERNAME(2),
33 | WRONG_PASSWORD(3);
34 |
35 | private final int value;
36 |
37 | /**
38 | * Converts int value to login status.
39 | * @return Login status or empty optional if the value is not representing any status
40 | */
41 | public static Optional of(int value) {
42 | return Arrays.stream(values())
43 | .filter(loginStatus -> loginStatus.value == value)
44 | .findAny();
45 | }
46 | }
--------------------------------------------------------------------------------
/vucsa-common/src/main/java/com/warxim/vucsa/common/message/sqlinjection/request/SearchRequest.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Vulnerable Client-Server Application (VuCSA)
3 | *
4 | * Copyright (C) 2021 Michal Válka
5 | *
6 | * This program is free software: you can redistribute it and/or modify it under the terms of the
7 | * GNU General Public License as published by the Free Software Foundation, either version 3 of the
8 | * License, or (at your option) any later version.
9 | *
10 | * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
11 | * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 | * General Public License for more details.
13 | *
14 | * You should have received a copy of the GNU General Public License along with this program. If
15 | * not, see .
16 | */
17 | package com.warxim.vucsa.common.message.sqlinjection.request;
18 |
19 | import com.warxim.vucsa.common.message.Message;
20 | import com.warxim.vucsa.common.message.MessageType;
21 | import lombok.Builder;
22 | import lombok.EqualsAndHashCode;
23 | import lombok.Value;
24 |
25 | /**
26 | * Request in SQL Injection challenge for searching data.
27 | */
28 | @Value
29 | @EqualsAndHashCode(callSuper = true)
30 | public class SearchRequest extends Message {
31 | /**
32 | * Search query
33 | */
34 | String search;
35 |
36 | @Builder
37 | public SearchRequest(int target, String search) {
38 | super(target);
39 | this.search = search;
40 | }
41 |
42 | @Override
43 | public MessageType getType() {
44 | return MessageType.SQL_INJECTION_SEARCH_REQUEST;
45 | }
46 | }
47 |
--------------------------------------------------------------------------------
/vucsa-client/src/main/resources/css/Main.css:
--------------------------------------------------------------------------------
1 | @font-face {
2 | src: url('../fonts/NotoSans-Regular.ttf');
3 | }
4 |
5 | @font-face {
6 | font-weight: bold;
7 | src: url('../fonts/NotoSans-Bold.ttf');
8 | }
9 |
10 | {
11 | -fx-font-family: 'Noto Sans', 'sans-serif';
12 | -fx-font-size: 12px;
13 | -fx-color-background-light: #fff;
14 | -fx-color-text-primary: #000;
15 | -fx-fill: -fx-color-text-primary;
16 | }
17 |
18 | .h1,
19 | .h1 .text {
20 | -fx-font-size: 15px;
21 | -fx-font-weight: 700;
22 | }
23 |
24 | .h2,
25 | .h2 .text {
26 | -fx-font-size: 14px;
27 | -fx-font-weight: 700;
28 | }
29 |
30 | .h3,
31 | .h3 .text {
32 | -fx-font-size: 13px;
33 | -fx-font-weight: 700;
34 | }
35 |
36 | .input-label {
37 | -fx-font-weight: 700;
38 | }
39 |
40 |
41 | /*
42 | LOG FLOW
43 | */
44 |
45 | .log-flow {
46 | -fx-padding: 5px;
47 | -fx-border-style: solid;
48 | -fx-border-width: 1;
49 | -fx-background-color: -fx-color-background-light;
50 | }
51 |
52 | .log-flow .log-record:info {
53 | -fx-fill: -fx-color-text-primary;
54 | }
55 |
56 | .log-flow .log-record:severe {
57 | -fx-fill: #a93226;
58 | }
59 |
60 | .log-flow .log-record:warning {
61 | -fx-fill: #CA6F1E;
62 | }
63 |
64 | .log-flow .log-record:fine {
65 | -fx-fill: #229954;
66 | }
67 |
68 | .log-flow .log-record:other {
69 | -fx-fill: #344051;
70 | }
71 |
72 | .log-flow .log-record:config {
73 | -fx-fill: #2471A3;
74 | }
75 |
76 |
77 | /*
78 | STATUS LABEL
79 | */
80 |
81 | .status-connected,
82 | .status-connected .text {
83 | -fx-fill: #048b04;
84 | }
85 |
86 | .status-disconnected,
87 | .status-disconnected .text {
88 | -fx-fill: #970202;
89 | }
--------------------------------------------------------------------------------
/vucsa-client/src/main/java/com/warxim/vucsa/client/Main.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Vulnerable Client-Server Application (VuCSA)
3 | *
4 | * Copyright (C) 2021 Michal Válka
5 | *
6 | * This program is free software: you can redistribute it and/or modify it under the terms of the
7 | * GNU General Public License as published by the Free Software Foundation, either version 3 of the
8 | * License, or (at your option) any later version.
9 | *
10 | * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
11 | * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 | * General Public License for more details.
13 | *
14 | * You should have received a copy of the GNU General Public License along with this program. If
15 | * not, see .
16 | */
17 | package com.warxim.vucsa.client;
18 |
19 | import com.warxim.vucsa.client.gui.GuiApplication;
20 | import com.warxim.vucsa.client.gui.GuiBundle;
21 | import com.warxim.vucsa.client.gui.dialog.Dialogs;
22 | import javafx.application.Application;
23 |
24 | /**
25 | * Main client application class.
26 | */
27 | public final class Main {
28 | public static void main(String... args) {
29 | init();
30 | launch();
31 | }
32 |
33 | /**
34 | * Initializes GUI bundle.
35 | */
36 | private static void init() {
37 | var guiBundle = GuiBundle.getInstance();
38 | Dialogs.setDefaultIcon(guiBundle.getLogo());
39 | }
40 |
41 | /**
42 | * Launches GUI application.
43 | */
44 | private static void launch() {
45 | Application.launch(GuiApplication.class);
46 | }
47 |
48 | private Main() {}
49 | }
50 |
--------------------------------------------------------------------------------
/vucsa-common/src/main/java/com/warxim/vucsa/common/message/commandexecution/response/PingResponse.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Vulnerable Client-Server Application (VuCSA)
3 | *
4 | * Copyright (C) 2021 Michal Válka
5 | *
6 | * This program is free software: you can redistribute it and/or modify it under the terms of the
7 | * GNU General Public License as published by the Free Software Foundation, either version 3 of the
8 | * License, or (at your option) any later version.
9 | *
10 | * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
11 | * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 | * General Public License for more details.
13 | *
14 | * You should have received a copy of the GNU General Public License along with this program. If
15 | * not, see .
16 | */
17 | package com.warxim.vucsa.common.message.commandexecution.response;
18 |
19 | import com.warxim.vucsa.common.message.Message;
20 | import com.warxim.vucsa.common.message.MessageType;
21 | import lombok.Builder;
22 | import lombok.EqualsAndHashCode;
23 | import lombok.Value;
24 |
25 | /**
26 | * Ping response for Command Execution challenge.
27 | */
28 | @Value
29 | @EqualsAndHashCode(callSuper = true)
30 | public class PingResponse extends Message {
31 | /**
32 | * Output for ping command
33 | */
34 | String output;
35 |
36 | @Builder
37 | public PingResponse(int target, String output) {
38 | super(target);
39 | this.output = output;
40 | }
41 |
42 | @Override
43 | public MessageType getType() {
44 | return MessageType.COMMAND_EXECUTION_PING_RESPONSE;
45 | }
46 | }
47 |
--------------------------------------------------------------------------------
/vucsa-server/src/main/java/com/warxim/vucsa/server/challenge/enumeration/EnumerationChallenge.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Vulnerable Client-Server Application (VuCSA)
3 | *
4 | * Copyright (C) 2021 Michal Válka
5 | *
6 | * This program is free software: you can redistribute it and/or modify it under the terms of the
7 | * GNU General Public License as published by the Free Software Foundation, either version 3 of the
8 | * License, or (at your option) any later version.
9 | *
10 | * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
11 | * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 | * General Public License for more details.
13 | *
14 | * You should have received a copy of the GNU General Public License along with this program. If
15 | * not, see .
16 | */
17 | package com.warxim.vucsa.server.challenge.enumeration;
18 |
19 | import com.warxim.vucsa.common.ChallengeConstant;
20 | import com.warxim.vucsa.server.challenge.Challenge;
21 | import com.warxim.vucsa.server.core.ServerManager;
22 |
23 | /**
24 | * Enumeration challenge
25 | */
26 | public class EnumerationChallenge extends Challenge {
27 | private AuthService authService;
28 |
29 | @Override
30 | public void load(ServerManager serverManager) {
31 | authService = new AuthService();
32 | serverManager.registerHandler(ChallengeConstant.ENUMERATION_TARGET, new EnumerationHandler(authService));
33 | }
34 |
35 | @Override
36 | public void unload(ServerManager serverManager) {
37 | serverManager.unregisterHandler(ChallengeConstant.ENUMERATION_TARGET);
38 | authService = null;
39 | }
40 | }
41 |
--------------------------------------------------------------------------------
/vucsa-common/src/main/java/com/warxim/vucsa/common/message/commandexecution/request/PingRequestDeserializer.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Vulnerable Client-Server Application (VuCSA)
3 | *
4 | * Copyright (C) 2021 Michal Válka
5 | *
6 | * This program is free software: you can redistribute it and/or modify it under the terms of the
7 | * GNU General Public License as published by the Free Software Foundation, either version 3 of the
8 | * License, or (at your option) any later version.
9 | *
10 | * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
11 | * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 | * General Public License for more details.
13 | *
14 | * You should have received a copy of the GNU General Public License along with this program. If
15 | * not, see .
16 | */
17 | package com.warxim.vucsa.common.message.commandexecution.request;
18 |
19 | import com.warxim.vucsa.common.message.SerializedMessage;
20 | import com.warxim.vucsa.common.message.Message;
21 | import com.warxim.vucsa.common.message.MessageDeserializer;
22 |
23 | import java.util.Optional;
24 |
25 | /**
26 | * Deserializer for {@link PingRequest}.
27 | */
28 | public class PingRequestDeserializer implements MessageDeserializer {
29 | @Override
30 | public Optional deserializeMessage(SerializedMessage serializedMessage) {
31 | var host = new String(serializedMessage.getPayload(), 0, serializedMessage.getLength());
32 |
33 | return Optional.of(PingRequest.builder()
34 | .target(serializedMessage.getTarget())
35 | .host(host)
36 | .build());
37 | }
38 | }
39 |
--------------------------------------------------------------------------------
/vucsa-common/src/main/java/com/warxim/vucsa/common/message/enumeration/request/LoginRequest.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Vulnerable Client-Server Application (VuCSA)
3 | *
4 | * Copyright (C) 2021 Michal Válka
5 | *
6 | * This program is free software: you can redistribute it and/or modify it under the terms of the
7 | * GNU General Public License as published by the Free Software Foundation, either version 3 of the
8 | * License, or (at your option) any later version.
9 | *
10 | * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
11 | * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 | * General Public License for more details.
13 | *
14 | * You should have received a copy of the GNU General Public License along with this program. If
15 | * not, see .
16 | */
17 | package com.warxim.vucsa.common.message.enumeration.request;
18 |
19 | import com.warxim.vucsa.common.message.Message;
20 | import com.warxim.vucsa.common.message.MessageType;
21 | import lombok.Builder;
22 | import lombok.EqualsAndHashCode;
23 | import lombok.Value;
24 |
25 | /**
26 | * Login request for Enumeration challenge.
27 | */
28 | @Value
29 | @EqualsAndHashCode(callSuper = true)
30 | public class LoginRequest extends Message {
31 | String username;
32 | String password;
33 |
34 | @Builder
35 | public LoginRequest(int target, String username, String password) {
36 | super(target);
37 | this.username = username;
38 | this.password = password;
39 | }
40 |
41 | @Override
42 | public MessageType getType() {
43 | return MessageType.ENUMERATION_CHALLENGE_LOGIN_REQUEST;
44 | }
45 | }
46 |
--------------------------------------------------------------------------------
/vucsa-common/src/main/java/com/warxim/vucsa/common/message/xml/StorageMessage.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Vulnerable Client-Server Application (VuCSA)
3 | *
4 | * Copyright (C) 2021 Michal Válka
5 | *
6 | * This program is free software: you can redistribute it and/or modify it under the terms of the
7 | * GNU General Public License as published by the Free Software Foundation, either version 3 of the
8 | * License, or (at your option) any later version.
9 | *
10 | * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
11 | * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 | * General Public License for more details.
13 | *
14 | * You should have received a copy of the GNU General Public License along with this program. If
15 | * not, see .
16 | */
17 | package com.warxim.vucsa.common.message.xml;
18 |
19 | import com.warxim.vucsa.common.message.Message;
20 | import com.warxim.vucsa.common.message.MessageType;
21 | import lombok.Builder;
22 | import lombok.EqualsAndHashCode;
23 | import lombok.Value;
24 |
25 | import java.util.Collections;
26 | import java.util.List;
27 |
28 | /**
29 | * Message for XML challenge containing list of storage items.
30 | */
31 | @Value
32 | @EqualsAndHashCode(callSuper = true)
33 | public class StorageMessage extends Message {
34 | List items;
35 |
36 | @Builder
37 | public StorageMessage(int target, List items) {
38 | super(target);
39 | this.items = Collections.unmodifiableList(items);
40 | }
41 |
42 | @Override
43 | public MessageType getType() {
44 | return MessageType.XML_STORAGE_MESSAGE;
45 | }
46 | }
47 |
--------------------------------------------------------------------------------
/vucsa-common/src/main/java/com/warxim/vucsa/common/ChallengeConstant.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Vulnerable Client-Server Application (VuCSA)
3 | *
4 | * Copyright (C) 2021 Michal Válka
5 | *
6 | * This program is free software: you can redistribute it and/or modify it under the terms of the
7 | * GNU General Public License as published by the Free Software Foundation, either version 3 of the
8 | * License, or (at your option) any later version.
9 | *
10 | * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
11 | * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 | * General Public License for more details.
13 | *
14 | * You should have received a copy of the GNU General Public License along with this program. If
15 | * not, see .
16 | */
17 | package com.warxim.vucsa.common;
18 |
19 | /**
20 | * Constants for challenges.
21 | */
22 | public final class ChallengeConstant {
23 | public static final int BUFFER_OVERREAD_TARGET = 1001;
24 | public static final int SQL_INJECTION_TARGET = 1002;
25 | public static final int ENUMERATION_TARGET = 1003;
26 | public static final int COMMAND_EXECUTION_TARGET = 1004;
27 | public static final int XML_TARGET = 1005;
28 | public static final int VERTICAL_ACCESS_CONTROL_USER_INFO_TARGET = 1006;
29 | public static final int VERTICAL_ACCESS_CONTROL_SECRET_TARGET = 1007;
30 | public static final int HORIZONTAL_ACCESS_CONTROL_DOCUMENT_CONTENT_TARGET = 1008;
31 | public static final int RCE_DESERIALIZATION_TARGET = 1009;
32 |
33 | public static final String CHALLENGES_DIRECTORY = "server/challenge/";
34 |
35 | private ChallengeConstant() {}
36 | }
37 |
--------------------------------------------------------------------------------
/vucsa-common/src/main/java/com/warxim/vucsa/common/message/verticalaccesscontrol/request/SecretRequestSerializer.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Vulnerable Client-Server Application (VuCSA)
3 | *
4 | * Copyright (C) 2021 Michal Válka
5 | *
6 | * This program is free software: you can redistribute it and/or modify it under the terms of the
7 | * GNU General Public License as published by the Free Software Foundation, either version 3 of the
8 | * License, or (at your option) any later version.
9 | *
10 | * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
11 | * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 | * General Public License for more details.
13 | *
14 | * You should have received a copy of the GNU General Public License along with this program. If
15 | * not, see .
16 | */
17 | package com.warxim.vucsa.common.message.verticalaccesscontrol.request;
18 |
19 | import com.warxim.vucsa.common.message.MessageSerializer;
20 | import com.warxim.vucsa.common.message.SerializedMessage;
21 | import com.warxim.vucsa.common.message.Message;
22 |
23 | import java.util.Optional;
24 |
25 | /**
26 | * Serializer for {@link SecretRequest}.
27 | */
28 | public class SecretRequestSerializer implements MessageSerializer {
29 | @Override
30 | public Optional serializeMessage(Message message) {
31 | if (!(message instanceof SecretRequest)) {
32 | return Optional.empty();
33 | }
34 | return Optional.of(SerializedMessage.builder()
35 | .type(message.getType())
36 | .target(message.getTarget())
37 | .build());
38 | }
39 | }
40 |
--------------------------------------------------------------------------------
/vucsa-server/src/main/java/com/warxim/vucsa/server/challenge/xml/XmlHandler.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Vulnerable Client-Server Application (VuCSA)
3 | *
4 | * Copyright (C) 2021 Michal Válka
5 | *
6 | * This program is free software: you can redistribute it and/or modify it under the terms of the
7 | * GNU General Public License as published by the Free Software Foundation, either version 3 of the
8 | * License, or (at your option) any later version.
9 | *
10 | * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
11 | * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 | * General Public License for more details.
13 | *
14 | * You should have received a copy of the GNU General Public License along with this program. If
15 | * not, see .
16 | */
17 | package com.warxim.vucsa.server.challenge.xml;
18 |
19 | import com.warxim.vucsa.common.connection.Connection;
20 | import com.warxim.vucsa.common.message.Message;
21 | import com.warxim.vucsa.common.message.MessageHandler;
22 | import com.warxim.vucsa.common.message.xml.StorageMessage;
23 |
24 | /**
25 | * Handler for XML challenge
26 | *
Acts as ECHO server, since the vulnerability is present in deserializer.
27 | */
28 | public class XmlHandler implements MessageHandler {
29 | @Override
30 | public boolean supports(Message message) {
31 | return message instanceof StorageMessage;
32 | }
33 |
34 | @Override
35 | public boolean handleMessage(Connection connection, Message message) {
36 | // Echo, vulnerability is implemented in deserializer
37 | connection.sendMessage(message);
38 | return true;
39 | }
40 | }
41 |
--------------------------------------------------------------------------------
/vucsa-common/src/main/java/com/warxim/vucsa/common/message/commandexecution/response/PingResponseDeserializer.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Vulnerable Client-Server Application (VuCSA)
3 | *
4 | * Copyright (C) 2021 Michal Válka
5 | *
6 | * This program is free software: you can redistribute it and/or modify it under the terms of the
7 | * GNU General Public License as published by the Free Software Foundation, either version 3 of the
8 | * License, or (at your option) any later version.
9 | *
10 | * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
11 | * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 | * General Public License for more details.
13 | *
14 | * You should have received a copy of the GNU General Public License along with this program. If
15 | * not, see .
16 | */
17 | package com.warxim.vucsa.common.message.commandexecution.response;
18 |
19 | import com.warxim.vucsa.common.message.SerializedMessage;
20 | import com.warxim.vucsa.common.message.Message;
21 | import com.warxim.vucsa.common.message.MessageDeserializer;
22 |
23 | import java.util.Optional;
24 |
25 | /**
26 | * Deserializer for {@link PingResponse}.
27 | */
28 | public class PingResponseDeserializer implements MessageDeserializer {
29 | @Override
30 | public Optional deserializeMessage(SerializedMessage serializedMessage) {
31 | var output = new String(serializedMessage.getPayload(), 0, serializedMessage.getLength());
32 |
33 | return Optional.of(PingResponse.builder()
34 | .target(serializedMessage.getTarget())
35 | .output(output)
36 | .build());
37 | }
38 | }
39 |
--------------------------------------------------------------------------------
/vucsa-common/src/main/java/com/warxim/vucsa/common/message/horizontalaccesscontrol/request/DocumentContentRequest.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Vulnerable Client-Server Application (VuCSA)
3 | *
4 | * Copyright (C) 2021 Michal Válka
5 | *
6 | * This program is free software: you can redistribute it and/or modify it under the terms of the
7 | * GNU General Public License as published by the Free Software Foundation, either version 3 of the
8 | * License, or (at your option) any later version.
9 | *
10 | * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
11 | * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 | * General Public License for more details.
13 | *
14 | * You should have received a copy of the GNU General Public License along with this program. If
15 | * not, see .
16 | */
17 | package com.warxim.vucsa.common.message.horizontalaccesscontrol.request;
18 |
19 | import com.warxim.vucsa.common.message.Message;
20 | import com.warxim.vucsa.common.message.MessageType;
21 | import lombok.Builder;
22 | import lombok.EqualsAndHashCode;
23 | import lombok.Value;
24 |
25 | /**
26 | * Document content request for Horizontal Access Control challenge.
27 | */
28 | @Value
29 | @EqualsAndHashCode(callSuper = true)
30 | public class DocumentContentRequest extends Message {
31 | int documentId;
32 |
33 | @Builder
34 | public DocumentContentRequest(int target, int documentId) {
35 | super(target);
36 | this.documentId = documentId;
37 | }
38 |
39 | @Override
40 | public MessageType getType() {
41 | return MessageType.HORIZONTAL_ACCESS_CONTROL_DOCUMENT_CONTENT_REQUEST;
42 | }
43 | }
44 |
--------------------------------------------------------------------------------
/vucsa-common/src/main/java/com/warxim/vucsa/common/message/horizontalaccesscontrol/response/DocumentContentResponse.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Vulnerable Client-Server Application (VuCSA)
3 | *
4 | * Copyright (C) 2021 Michal Válka
5 | *
6 | * This program is free software: you can redistribute it and/or modify it under the terms of the
7 | * GNU General Public License as published by the Free Software Foundation, either version 3 of the
8 | * License, or (at your option) any later version.
9 | *
10 | * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
11 | * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 | * General Public License for more details.
13 | *
14 | * You should have received a copy of the GNU General Public License along with this program. If
15 | * not, see .
16 | */
17 | package com.warxim.vucsa.common.message.horizontalaccesscontrol.response;
18 |
19 | import com.warxim.vucsa.common.message.Message;
20 | import com.warxim.vucsa.common.message.MessageType;
21 | import lombok.Builder;
22 | import lombok.EqualsAndHashCode;
23 | import lombok.Value;
24 |
25 | /**
26 | * Document content response for Horizontal Access Control challenge.
27 | */
28 | @Value
29 | @EqualsAndHashCode(callSuper = true)
30 | public class DocumentContentResponse extends Message {
31 | String content;
32 |
33 | @Builder
34 | public DocumentContentResponse(int target, String content) {
35 | super(target);
36 | this.content = content;
37 | }
38 |
39 | @Override
40 | public MessageType getType() {
41 | return MessageType.HORIZONTAL_ACCESS_CONTROL_DOCUMENT_CONTENT_RESPONSE;
42 | }
43 | }
44 |
--------------------------------------------------------------------------------
/vucsa-common/src/main/java/com/warxim/vucsa/common/message/verticalaccesscontrol/request/UserInfoRequestSerializer.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Vulnerable Client-Server Application (VuCSA)
3 | *
4 | * Copyright (C) 2021 Michal Válka
5 | *
6 | * This program is free software: you can redistribute it and/or modify it under the terms of the
7 | * GNU General Public License as published by the Free Software Foundation, either version 3 of the
8 | * License, or (at your option) any later version.
9 | *
10 | * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
11 | * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 | * General Public License for more details.
13 | *
14 | * You should have received a copy of the GNU General Public License along with this program. If
15 | * not, see .
16 | */
17 | package com.warxim.vucsa.common.message.verticalaccesscontrol.request;
18 |
19 | import com.warxim.vucsa.common.message.MessageSerializer;
20 | import com.warxim.vucsa.common.message.SerializedMessage;
21 | import com.warxim.vucsa.common.message.Message;
22 |
23 | import java.util.Optional;
24 |
25 | /**
26 | * Serializer for {@link UserInfoRequest}.
27 | */
28 | public class UserInfoRequestSerializer implements MessageSerializer {
29 | @Override
30 | public Optional serializeMessage(Message message) {
31 | if (!(message instanceof UserInfoRequest)) {
32 | return Optional.empty();
33 | }
34 | return Optional.of(SerializedMessage.builder()
35 | .type(message.getType())
36 | .target(message.getTarget())
37 | .build());
38 | }
39 | }
40 |
--------------------------------------------------------------------------------
/vucsa-client/src/main/resources/fxml/challenge/rcedeserialization/RceDeserializationTab.fxml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
--------------------------------------------------------------------------------
/vucsa-common/src/main/java/com/warxim/vucsa/common/message/verticalaccesscontrol/response/SecretResponseDeserializer.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Vulnerable Client-Server Application (VuCSA)
3 | *
4 | * Copyright (C) 2021 Michal Válka
5 | *
6 | * This program is free software: you can redistribute it and/or modify it under the terms of the
7 | * GNU General Public License as published by the Free Software Foundation, either version 3 of the
8 | * License, or (at your option) any later version.
9 | *
10 | * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
11 | * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 | * General Public License for more details.
13 | *
14 | * You should have received a copy of the GNU General Public License along with this program. If
15 | * not, see .
16 | */
17 | package com.warxim.vucsa.common.message.verticalaccesscontrol.response;
18 |
19 | import com.warxim.vucsa.common.message.Message;
20 | import com.warxim.vucsa.common.message.MessageDeserializer;
21 | import com.warxim.vucsa.common.message.SerializedMessage;
22 |
23 | import java.util.Optional;
24 |
25 | /**
26 | * Deserializer for {@link SecretResponse}.
27 | */
28 | public class SecretResponseDeserializer implements MessageDeserializer {
29 | @Override
30 | public Optional deserializeMessage(SerializedMessage serializedMessage) {
31 | var secret = new String(serializedMessage.getPayload(), 0, serializedMessage.getLength());
32 | return Optional.of(SecretResponse.builder()
33 | .target(serializedMessage.getTarget())
34 | .secret(secret)
35 | .build());
36 | }
37 | }
38 |
--------------------------------------------------------------------------------
/vucsa-server/src/main/java/com/warxim/vucsa/server/core/listener/ServerListenerManager.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Vulnerable Client-Server Application (VuCSA)
3 | *
4 | * Copyright (C) 2021 Michal Válka
5 | *
6 | * This program is free software: you can redistribute it and/or modify it under the terms of the
7 | * GNU General Public License as published by the Free Software Foundation, either version 3 of the
8 | * License, or (at your option) any later version.
9 | *
10 | * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
11 | * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 | * General Public License for more details.
13 | *
14 | * You should have received a copy of the GNU General Public License along with this program. If
15 | * not, see .
16 | */
17 | package com.warxim.vucsa.server.core.listener;
18 |
19 | import com.warxim.vucsa.common.listener.ListenerManager;
20 |
21 | /**
22 | * Listener manager that allows modules to register their own listener (aggregates listeners).
23 | *
Based on {@link ListenerManager}
24 | */
25 | public class ServerListenerManager extends ListenerManager implements ServerListener {
26 | @Override
27 | public void beforeStart() {
28 | parallelCall(ServerListener::beforeStart);
29 | }
30 |
31 | @Override
32 | public void afterStart() {
33 | parallelCall(ServerListener::afterStart);
34 | }
35 |
36 | @Override
37 | public void beforeStop() {
38 | parallelCall(ServerListener::beforeStop);
39 | }
40 |
41 | @Override
42 | public void afterStop() {
43 | parallelCall(ServerListener::afterStop);
44 | }
45 | }
46 |
--------------------------------------------------------------------------------
/vucsa-client/src/main/java/com/warxim/vucsa/client/challenge/commandexecution/CommandExecutionHandler.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Vulnerable Client-Server Application (VuCSA)
3 | *
4 | * Copyright (C) 2021 Michal Válka
5 | *
6 | * This program is free software: you can redistribute it and/or modify it under the terms of the
7 | * GNU General Public License as published by the Free Software Foundation, either version 3 of the
8 | * License, or (at your option) any later version.
9 | *
10 | * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
11 | * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 | * General Public License for more details.
13 | *
14 | * You should have received a copy of the GNU General Public License along with this program. If
15 | * not, see .
16 | */
17 | package com.warxim.vucsa.client.challenge.commandexecution;
18 |
19 | import com.warxim.vucsa.common.connection.Connection;
20 | import com.warxim.vucsa.common.message.Message;
21 | import com.warxim.vucsa.common.message.MessageHandler;
22 | import com.warxim.vucsa.common.message.commandexecution.response.PingResponse;
23 | import lombok.RequiredArgsConstructor;
24 |
25 | @RequiredArgsConstructor
26 | public class CommandExecutionHandler implements MessageHandler {
27 | private final CommandExecutionController controller;
28 |
29 | @Override
30 | public boolean supports(Message message) {
31 | return message instanceof PingResponse;
32 | }
33 |
34 | @Override
35 | public boolean handleMessage(Connection connection, Message message) {
36 | controller.setOutput(((PingResponse) message).getOutput());
37 | return true;
38 | }
39 | }
40 |
--------------------------------------------------------------------------------
/vucsa-client/src/main/java/com/warxim/vucsa/client/challenge/xml/XmlHandler.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Vulnerable Client-Server Application (VuCSA)
3 | *
4 | * Copyright (C) 2021 Michal Válka
5 | *
6 | * This program is free software: you can redistribute it and/or modify it under the terms of the
7 | * GNU General Public License as published by the Free Software Foundation, either version 3 of the
8 | * License, or (at your option) any later version.
9 | *
10 | * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
11 | * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 | * General Public License for more details.
13 | *
14 | * You should have received a copy of the GNU General Public License along with this program. If
15 | * not, see .
16 | */
17 | package com.warxim.vucsa.client.challenge.xml;
18 |
19 | import com.warxim.vucsa.common.connection.Connection;
20 | import com.warxim.vucsa.common.message.Message;
21 | import com.warxim.vucsa.common.message.MessageHandler;
22 | import com.warxim.vucsa.common.message.xml.StorageMessage;
23 | import lombok.RequiredArgsConstructor;
24 |
25 | /**
26 | * Handler for storage messages from server for XML challenge.
27 | */
28 | @RequiredArgsConstructor
29 | public class XmlHandler implements MessageHandler {
30 | private final XmlController controller;
31 |
32 | @Override
33 | public boolean supports(Message message) {
34 | return message instanceof StorageMessage;
35 | }
36 |
37 | @Override
38 | public boolean handleMessage(Connection connection, Message message) {
39 | controller.setItems(((StorageMessage) message).getItems());
40 | return true;
41 | }
42 | }
43 |
--------------------------------------------------------------------------------
/vucsa-server/src/main/java/com/warxim/vucsa/server/challenge/horizontalaccesscontrol/HorizontalAccessControlChallenge.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Vulnerable Client-Server Application (VuCSA)
3 | *
4 | * Copyright (C) 2021 Michal Válka
5 | *
6 | * This program is free software: you can redistribute it and/or modify it under the terms of the
7 | * GNU General Public License as published by the Free Software Foundation, either version 3 of the
8 | * License, or (at your option) any later version.
9 | *
10 | * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
11 | * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 | * General Public License for more details.
13 | *
14 | * You should have received a copy of the GNU General Public License along with this program. If
15 | * not, see .
16 | */
17 | package com.warxim.vucsa.server.challenge.horizontalaccesscontrol;
18 |
19 | import com.warxim.vucsa.common.ChallengeConstant;
20 | import com.warxim.vucsa.server.challenge.Challenge;
21 | import com.warxim.vucsa.server.core.ServerManager;
22 |
23 | /**
24 | * Horizontal access control challenge
25 | */
26 | public class HorizontalAccessControlChallenge extends Challenge {
27 | @Override
28 | public void load(ServerManager serverManager) {
29 | serverManager.registerHandler(
30 | ChallengeConstant.HORIZONTAL_ACCESS_CONTROL_DOCUMENT_CONTENT_TARGET,
31 | new HorizontalAccessControlHandler(getChallengeDirectory()));
32 | }
33 |
34 | @Override
35 | public void unload(ServerManager serverManager) {
36 | serverManager.unregisterHandler(ChallengeConstant.HORIZONTAL_ACCESS_CONTROL_DOCUMENT_CONTENT_TARGET);
37 | }
38 | }
39 |
--------------------------------------------------------------------------------
/vucsa-common/src/main/java/com/warxim/vucsa/common/message/sqlinjection/response/SearchResponse.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Vulnerable Client-Server Application (VuCSA)
3 | *
4 | * Copyright (C) 2021 Michal Válka
5 | *
6 | * This program is free software: you can redistribute it and/or modify it under the terms of the
7 | * GNU General Public License as published by the Free Software Foundation, either version 3 of the
8 | * License, or (at your option) any later version.
9 | *
10 | * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
11 | * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 | * General Public License for more details.
13 | *
14 | * You should have received a copy of the GNU General Public License along with this program. If
15 | * not, see .
16 | */
17 | package com.warxim.vucsa.common.message.sqlinjection.response;
18 |
19 | import com.warxim.vucsa.common.message.Message;
20 | import com.warxim.vucsa.common.message.MessageType;
21 | import com.warxim.vucsa.common.message.sqlinjection.FoodEntity;
22 | import lombok.Builder;
23 | import lombok.EqualsAndHashCode;
24 | import lombok.Value;
25 |
26 | import java.util.List;
27 |
28 | /**
29 | * Response in SQL Injection challenge with list of food entities.
30 | */
31 | @Value
32 | @EqualsAndHashCode(callSuper = true)
33 | public class SearchResponse extends Message {
34 | List entities;
35 |
36 | @Builder
37 | public SearchResponse(int target, List entities) {
38 | super(target);
39 | this.entities = entities;
40 | }
41 |
42 | @Override
43 | public MessageType getType() {
44 | return MessageType.SQL_INJECTION_SEARCH_RESPONSE;
45 | }
46 | }
47 |
--------------------------------------------------------------------------------
/vucsa-common/src/main/java/com/warxim/vucsa/common/message/horizontalaccesscontrol/response/DocumentContentResponseDeserializer.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Vulnerable Client-Server Application (VuCSA)
3 | *
4 | * Copyright (C) 2021 Michal Válka
5 | *
6 | * This program is free software: you can redistribute it and/or modify it under the terms of the
7 | * GNU General Public License as published by the Free Software Foundation, either version 3 of the
8 | * License, or (at your option) any later version.
9 | *
10 | * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
11 | * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 | * General Public License for more details.
13 | *
14 | * You should have received a copy of the GNU General Public License along with this program. If
15 | * not, see .
16 | */
17 | package com.warxim.vucsa.common.message.horizontalaccesscontrol.response;
18 |
19 | import com.warxim.vucsa.common.message.Message;
20 | import com.warxim.vucsa.common.message.MessageDeserializer;
21 | import com.warxim.vucsa.common.message.SerializedMessage;
22 |
23 | import java.util.Optional;
24 |
25 | /**
26 | * Deserializer for {@link DocumentContentResponse}.
27 | */
28 | public class DocumentContentResponseDeserializer implements MessageDeserializer {
29 | @Override
30 | public Optional deserializeMessage(SerializedMessage serializedMessage) {
31 | var content = new String(serializedMessage.getPayload(), 0, serializedMessage.getLength());
32 |
33 | return Optional.of(DocumentContentResponse.builder()
34 | .target(serializedMessage.getTarget())
35 | .content(content)
36 | .build());
37 | }
38 | }
39 |
--------------------------------------------------------------------------------
/vucsa-client/src/main/java/com/warxim/vucsa/client/challenge/sqlinjection/SqlInjectionHandler.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Vulnerable Client-Server Application (VuCSA)
3 | *
4 | * Copyright (C) 2021 Michal Válka
5 | *
6 | * This program is free software: you can redistribute it and/or modify it under the terms of the
7 | * GNU General Public License as published by the Free Software Foundation, either version 3 of the
8 | * License, or (at your option) any later version.
9 | *
10 | * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
11 | * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 | * General Public License for more details.
13 | *
14 | * You should have received a copy of the GNU General Public License along with this program. If
15 | * not, see .
16 | */
17 | package com.warxim.vucsa.client.challenge.sqlinjection;
18 |
19 | import com.warxim.vucsa.common.connection.Connection;
20 | import com.warxim.vucsa.common.message.Message;
21 | import com.warxim.vucsa.common.message.MessageHandler;
22 | import com.warxim.vucsa.common.message.sqlinjection.response.SearchResponse;
23 | import lombok.RequiredArgsConstructor;
24 |
25 | /**
26 | * Handler for search responses for SQL injection challenge.
27 | */
28 | @RequiredArgsConstructor
29 | public class SqlInjectionHandler implements MessageHandler {
30 | private final SqlInjectionController controller;
31 |
32 | @Override
33 | public boolean supports(Message message) {
34 | return message instanceof SearchResponse;
35 | }
36 |
37 | @Override
38 | public boolean handleMessage(Connection connection, Message message) {
39 | controller.setItems(((SearchResponse) message).getEntities());
40 | return true;
41 | }
42 | }
--------------------------------------------------------------------------------
/vucsa-client/src/main/resources/fxml/challenge/bufferoverread/BufferOverreadTab.fxml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
--------------------------------------------------------------------------------
/vucsa-common/src/main/java/com/warxim/vucsa/common/message/plain/PlainMessageSerializer.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Vulnerable Client-Server Application (VuCSA)
3 | *
4 | * Copyright (C) 2021 Michal Válka
5 | *
6 | * This program is free software: you can redistribute it and/or modify it under the terms of the
7 | * GNU General Public License as published by the Free Software Foundation, either version 3 of the
8 | * License, or (at your option) any later version.
9 | *
10 | * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
11 | * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 | * General Public License for more details.
13 | *
14 | * You should have received a copy of the GNU General Public License along with this program. If
15 | * not, see .
16 | */
17 | package com.warxim.vucsa.common.message.plain;
18 |
19 | import com.warxim.vucsa.common.message.Message;
20 | import com.warxim.vucsa.common.message.MessageSerializer;
21 | import com.warxim.vucsa.common.message.SerializedMessage;
22 |
23 | import java.util.Optional;
24 |
25 | /**
26 | * Serializer for {@link PlainMessage}.
27 | */
28 | public class PlainMessageSerializer implements MessageSerializer {
29 | @Override
30 | public Optional serializeMessage(Message message) {
31 | if (!(message instanceof PlainMessage)) {
32 | return Optional.empty();
33 | }
34 | var plain = (PlainMessage) message;
35 | return Optional.of(SerializedMessage.builder()
36 | .type(message.getType())
37 | .target(message.getTarget())
38 | .length(plain.getLength())
39 | .payload(plain.getPayload())
40 | .build());
41 | }
42 | }
43 |
--------------------------------------------------------------------------------
/vucsa-client/src/main/java/com/warxim/vucsa/client/challenge/bufferoverread/BufferOverreadHandler.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Vulnerable Client-Server Application (VuCSA)
3 | *
4 | * Copyright (C) 2021 Michal Válka
5 | *
6 | * This program is free software: you can redistribute it and/or modify it under the terms of the
7 | * GNU General Public License as published by the Free Software Foundation, either version 3 of the
8 | * License, or (at your option) any later version.
9 | *
10 | * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
11 | * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 | * General Public License for more details.
13 | *
14 | * You should have received a copy of the GNU General Public License along with this program. If
15 | * not, see .
16 | */
17 | package com.warxim.vucsa.client.challenge.bufferoverread;
18 |
19 | import com.warxim.vucsa.common.connection.Connection;
20 | import com.warxim.vucsa.common.message.Message;
21 | import com.warxim.vucsa.common.message.MessageHandler;
22 | import com.warxim.vucsa.common.message.bufferoverread.StringListMessage;
23 | import lombok.RequiredArgsConstructor;
24 |
25 | /**
26 | * Handler for handling messages for buffer over-read challenge.
27 | */
28 | @RequiredArgsConstructor
29 | public class BufferOverreadHandler implements MessageHandler {
30 | private final BufferOverreadController controller;
31 |
32 | @Override
33 | public boolean supports(Message message) {
34 | return message instanceof StringListMessage;
35 | }
36 |
37 | @Override
38 | public boolean handleMessage(Connection connection, Message message) {
39 | controller.setItems(((StringListMessage) message).getItems());
40 | return true;
41 | }
42 | }
43 |
--------------------------------------------------------------------------------
/vucsa-common/src/main/java/com/warxim/vucsa/common/message/bufferoverread/StringListMessage.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Vulnerable Client-Server Application (VuCSA)
3 | *
4 | * Copyright (C) 2021 Michal Válka
5 | *
6 | * This program is free software: you can redistribute it and/or modify it under the terms of the
7 | * GNU General Public License as published by the Free Software Foundation, either version 3 of the
8 | * License, or (at your option) any later version.
9 | *
10 | * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
11 | * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 | * General Public License for more details.
13 | *
14 | * You should have received a copy of the GNU General Public License along with this program. If
15 | * not, see .
16 | */
17 | package com.warxim.vucsa.common.message.bufferoverread;
18 |
19 | import com.warxim.vucsa.common.message.Message;
20 | import com.warxim.vucsa.common.message.MessageType;
21 | import lombok.Builder;
22 | import lombok.EqualsAndHashCode;
23 | import lombok.Value;
24 |
25 | import java.util.Collections;
26 | import java.util.List;
27 |
28 | /**
29 | * Message for buffer over-read challenge containing list of items.
30 | */
31 | @Value
32 | @EqualsAndHashCode(callSuper = true)
33 | public class StringListMessage extends Message {
34 | /**
35 | * List of strings for buffer overread challenge.
36 | */
37 | List items;
38 |
39 | @Builder
40 | public StringListMessage(int target, List items) {
41 | super(target);
42 | this.items = Collections.unmodifiableList(items);
43 | }
44 |
45 | @Override
46 | public MessageType getType() {
47 | return MessageType.BUFFER_OVERREAD_STRING_LIST_MESSAGE;
48 | }
49 | }
50 |
--------------------------------------------------------------------------------
/vucsa-common/src/main/java/com/warxim/vucsa/common/message/verticalaccesscontrol/response/UserInfoResponse.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Vulnerable Client-Server Application (VuCSA)
3 | *
4 | * Copyright (C) 2021 Michal Válka
5 | *
6 | * This program is free software: you can redistribute it and/or modify it under the terms of the
7 | * GNU General Public License as published by the Free Software Foundation, either version 3 of the
8 | * License, or (at your option) any later version.
9 | *
10 | * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
11 | * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 | * General Public License for more details.
13 | *
14 | * You should have received a copy of the GNU General Public License along with this program. If
15 | * not, see .
16 | */
17 | package com.warxim.vucsa.common.message.verticalaccesscontrol.response;
18 |
19 | import com.warxim.vucsa.common.message.MessageType;
20 | import com.warxim.vucsa.common.message.Message;
21 | import com.warxim.vucsa.common.message.verticalaccesscontrol.UserRole;
22 | import lombok.Builder;
23 | import lombok.EqualsAndHashCode;
24 | import lombok.Value;
25 |
26 | /**
27 | * User info response.
28 | */
29 | @Value
30 | @EqualsAndHashCode(callSuper = true)
31 | public class UserInfoResponse extends Message {
32 | int id;
33 | UserRole role;
34 | String username;
35 |
36 | @Builder
37 | public UserInfoResponse(int target, int id, UserRole role, String username) {
38 | super(target);
39 | this.id = id;
40 | this.role = role;
41 | this.username = username;
42 | }
43 |
44 | @Override
45 | public MessageType getType() {
46 | return MessageType.VERTICAL_ACCESS_CONTROL_USER_INFO_RESPONSE;
47 | }
48 | }
49 |
--------------------------------------------------------------------------------
/vucsa-client/src/main/java/com/warxim/vucsa/client/challenge/rcedeserialization/RceDeserializationHandler.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Vulnerable Client-Server Application (VuCSA)
3 | *
4 | * Copyright (C) 2023 Michal Válka
5 | *
6 | * This program is free software: you can redistribute it and/or modify it under the terms of the
7 | * GNU General Public License as published by the Free Software Foundation, either version 3 of the
8 | * License, or (at your option) any later version.
9 | *
10 | * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
11 | * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 | * General Public License for more details.
13 | *
14 | * You should have received a copy of the GNU General Public License along with this program. If
15 | * not, see .
16 | */
17 | package com.warxim.vucsa.client.challenge.rcedeserialization;
18 |
19 | import com.warxim.vucsa.common.connection.Connection;
20 | import com.warxim.vucsa.common.message.Message;
21 | import com.warxim.vucsa.common.message.MessageHandler;
22 | import com.warxim.vucsa.common.message.rcedeserialization.TextMessage;
23 | import lombok.RequiredArgsConstructor;
24 |
25 | /**
26 | * Handler for handling messages for RCE Deserialization challenge.
27 | */
28 | @RequiredArgsConstructor
29 | public class RceDeserializationHandler implements MessageHandler {
30 | private final RceDeserializationController controller;
31 |
32 | @Override
33 | public boolean supports(Message message) {
34 | return message instanceof TextMessage;
35 | }
36 |
37 | @Override
38 | public boolean handleMessage(Connection connection, Message message) {
39 | controller.setOutput(((TextMessage) message).getContent().getText());
40 | return true;
41 | }
42 | }
43 |
--------------------------------------------------------------------------------
/vucsa-client/src/main/java/com/warxim/vucsa/client/challenge/enumeration/EnumerationHandler.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Vulnerable Client-Server Application (VuCSA)
3 | *
4 | * Copyright (C) 2021 Michal Válka
5 | *
6 | * This program is free software: you can redistribute it and/or modify it under the terms of the
7 | * GNU General Public License as published by the Free Software Foundation, either version 3 of the
8 | * License, or (at your option) any later version.
9 | *
10 | * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
11 | * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 | * General Public License for more details.
13 | *
14 | * You should have received a copy of the GNU General Public License along with this program. If
15 | * not, see .
16 | */
17 | package com.warxim.vucsa.client.challenge.enumeration;
18 |
19 | import com.warxim.vucsa.common.connection.Connection;
20 | import com.warxim.vucsa.common.message.Message;
21 | import com.warxim.vucsa.common.message.MessageHandler;
22 | import com.warxim.vucsa.common.message.enumeration.response.LoginResponse;
23 | import lombok.RequiredArgsConstructor;
24 |
25 | /**
26 | * Handler for login response messages for enumeration challenge.
27 | */
28 | @RequiredArgsConstructor
29 | public class EnumerationHandler implements MessageHandler {
30 | private final EnumerationController controller;
31 |
32 | @Override
33 | public boolean supports(Message message) {
34 | return message instanceof LoginResponse;
35 | }
36 |
37 | @Override
38 | public boolean handleMessage(Connection connection, Message message) {
39 | var loginResponse = ((LoginResponse) message);
40 | controller.setResult(loginResponse.getStatus(), loginResponse.getUserSecret());
41 | return true;
42 | }
43 | }
44 |
--------------------------------------------------------------------------------
/vucsa-common/src/main/java/com/warxim/vucsa/common/message/commandexecution/request/PingRequestSerializer.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Vulnerable Client-Server Application (VuCSA)
3 | *
4 | * Copyright (C) 2021 Michal Válka
5 | *
6 | * This program is free software: you can redistribute it and/or modify it under the terms of the
7 | * GNU General Public License as published by the Free Software Foundation, either version 3 of the
8 | * License, or (at your option) any later version.
9 | *
10 | * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
11 | * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 | * General Public License for more details.
13 | *
14 | * You should have received a copy of the GNU General Public License along with this program. If
15 | * not, see .
16 | */
17 | package com.warxim.vucsa.common.message.commandexecution.request;
18 |
19 | import com.warxim.vucsa.common.message.MessageSerializer;
20 | import com.warxim.vucsa.common.message.SerializedMessage;
21 | import com.warxim.vucsa.common.message.Message;
22 |
23 | import java.util.Optional;
24 |
25 | /**
26 | * Serializer for {@link PingRequest}.
27 | */
28 | public class PingRequestSerializer implements MessageSerializer {
29 | @Override
30 | public Optional serializeMessage(Message message) {
31 | if (!(message instanceof PingRequest)) {
32 | return Optional.empty();
33 | }
34 | var pingRequest = (PingRequest) message;
35 | var bytes = pingRequest.getHost().getBytes();
36 |
37 | return Optional.of(SerializedMessage.builder()
38 | .type(message.getType())
39 | .target(message.getTarget())
40 | .length(bytes.length)
41 | .payload(bytes)
42 | .build());
43 | }
44 | }
45 |
--------------------------------------------------------------------------------
/vucsa-common/src/main/java/com/warxim/vucsa/common/message/sqlinjection/request/SearchRequestSerializer.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Vulnerable Client-Server Application (VuCSA)
3 | *
4 | * Copyright (C) 2021 Michal Válka
5 | *
6 | * This program is free software: you can redistribute it and/or modify it under the terms of the
7 | * GNU General Public License as published by the Free Software Foundation, either version 3 of the
8 | * License, or (at your option) any later version.
9 | *
10 | * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
11 | * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 | * General Public License for more details.
13 | *
14 | * You should have received a copy of the GNU General Public License along with this program. If
15 | * not, see .
16 | */
17 | package com.warxim.vucsa.common.message.sqlinjection.request;
18 |
19 | import com.warxim.vucsa.common.message.MessageSerializer;
20 | import com.warxim.vucsa.common.message.SerializedMessage;
21 | import com.warxim.vucsa.common.message.Message;
22 |
23 | import java.util.Optional;
24 |
25 | /**
26 | * Serializer for {@link SearchRequest}.
27 | */
28 | public class SearchRequestSerializer implements MessageSerializer {
29 | @Override
30 | public Optional serializeMessage(Message message) {
31 | if (!(message instanceof SearchRequest)) {
32 | return Optional.empty();
33 | }
34 | var searchRequest = (SearchRequest) message;
35 | var bytes = searchRequest.getSearch().getBytes();
36 | return Optional.of(SerializedMessage.builder()
37 | .type(message.getType())
38 | .target(message.getTarget())
39 | .length(bytes.length)
40 | .payload(bytes)
41 | .build());
42 | }
43 | }
44 |
--------------------------------------------------------------------------------
/vucsa-common/src/main/java/com/warxim/vucsa/common/message/commandexecution/response/PingResponseSerializer.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Vulnerable Client-Server Application (VuCSA)
3 | *
4 | * Copyright (C) 2021 Michal Válka
5 | *
6 | * This program is free software: you can redistribute it and/or modify it under the terms of the
7 | * GNU General Public License as published by the Free Software Foundation, either version 3 of the
8 | * License, or (at your option) any later version.
9 | *
10 | * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
11 | * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 | * General Public License for more details.
13 | *
14 | * You should have received a copy of the GNU General Public License along with this program. If
15 | * not, see .
16 | */
17 | package com.warxim.vucsa.common.message.commandexecution.response;
18 |
19 | import com.warxim.vucsa.common.message.MessageSerializer;
20 | import com.warxim.vucsa.common.message.SerializedMessage;
21 | import com.warxim.vucsa.common.message.Message;
22 |
23 | import java.util.Optional;
24 |
25 | /**
26 | * Serializer for {@link PingResponse}.
27 | */
28 | public class PingResponseSerializer implements MessageSerializer {
29 | @Override
30 | public Optional serializeMessage(Message message) {
31 | if (!(message instanceof PingResponse)) {
32 | return Optional.empty();
33 | }
34 | var pingResponse = (PingResponse) message;
35 | var bytes = pingResponse.getOutput().getBytes();
36 |
37 | return Optional.of(SerializedMessage.builder()
38 | .type(message.getType())
39 | .target(message.getTarget())
40 | .length(bytes.length)
41 | .payload(bytes)
42 | .build());
43 | }
44 | }
45 |
--------------------------------------------------------------------------------
/vucsa-common/src/main/java/com/warxim/vucsa/common/message/verticalaccesscontrol/response/SecretResponseSerializer.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Vulnerable Client-Server Application (VuCSA)
3 | *
4 | * Copyright (C) 2021 Michal Válka
5 | *
6 | * This program is free software: you can redistribute it and/or modify it under the terms of the
7 | * GNU General Public License as published by the Free Software Foundation, either version 3 of the
8 | * License, or (at your option) any later version.
9 | *
10 | * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
11 | * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 | * General Public License for more details.
13 | *
14 | * You should have received a copy of the GNU General Public License along with this program. If
15 | * not, see .
16 | */
17 | package com.warxim.vucsa.common.message.verticalaccesscontrol.response;
18 |
19 | import com.warxim.vucsa.common.message.MessageSerializer;
20 | import com.warxim.vucsa.common.message.Message;
21 | import com.warxim.vucsa.common.message.SerializedMessage;
22 |
23 | import java.util.Optional;
24 |
25 | /**
26 | * Serializer for {@link SecretResponse}.
27 | */
28 | public class SecretResponseSerializer implements MessageSerializer {
29 | @Override
30 | public Optional serializeMessage(Message message) {
31 | if (!(message instanceof SecretResponse)) {
32 | return Optional.empty();
33 | }
34 | var secretResponse = (SecretResponse) message;
35 | var bytes = secretResponse.getSecret().getBytes();
36 | return Optional.of(SerializedMessage.builder()
37 | .type(message.getType())
38 | .target(message.getTarget())
39 | .length(bytes.length)
40 | .payload(bytes)
41 | .build());
42 | }
43 | }
44 |
--------------------------------------------------------------------------------
/vucsa-server/src/main/java/com/warxim/vucsa/server/challenge/verticalaccesscontrol/VerticalAccessControlChallenge.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Vulnerable Client-Server Application (VuCSA)
3 | *
4 | * Copyright (C) 2021 Michal Válka
5 | *
6 | * This program is free software: you can redistribute it and/or modify it under the terms of the
7 | * GNU General Public License as published by the Free Software Foundation, either version 3 of the
8 | * License, or (at your option) any later version.
9 | *
10 | * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
11 | * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 | * General Public License for more details.
13 | *
14 | * You should have received a copy of the GNU General Public License along with this program. If
15 | * not, see .
16 | */
17 | package com.warxim.vucsa.server.challenge.verticalaccesscontrol;
18 |
19 | import com.warxim.vucsa.common.ChallengeConstant;
20 | import com.warxim.vucsa.server.challenge.Challenge;
21 | import com.warxim.vucsa.server.core.ServerManager;
22 |
23 | /**
24 | * Vertical access control challenge
25 | */
26 | public class VerticalAccessControlChallenge extends Challenge {
27 | @Override
28 | public void load(ServerManager serverManager) {
29 | serverManager.registerHandler(ChallengeConstant.VERTICAL_ACCESS_CONTROL_USER_INFO_TARGET, new VerticalAccessControlUserInfoHandler());
30 | serverManager.registerHandler(ChallengeConstant.VERTICAL_ACCESS_CONTROL_SECRET_TARGET, new VerticalAccessControlSecretHandler());
31 | }
32 |
33 | @Override
34 | public void unload(ServerManager serverManager) {
35 | serverManager.unregisterHandler(ChallengeConstant.VERTICAL_ACCESS_CONTROL_SECRET_TARGET);
36 | serverManager.unregisterHandler(ChallengeConstant.VERTICAL_ACCESS_CONTROL_USER_INFO_TARGET);
37 | }
38 | }
39 |
--------------------------------------------------------------------------------
/vucsa-client/src/main/java/com/warxim/vucsa/client/challenge/verticalaccesscontrol/VerticalAccessControlSecretHandler.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Vulnerable Client-Server Application (VuCSA)
3 | *
4 | * Copyright (C) 2021 Michal Válka
5 | *
6 | * This program is free software: you can redistribute it and/or modify it under the terms of the
7 | * GNU General Public License as published by the Free Software Foundation, either version 3 of the
8 | * License, or (at your option) any later version.
9 | *
10 | * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
11 | * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 | * General Public License for more details.
13 | *
14 | * You should have received a copy of the GNU General Public License along with this program. If
15 | * not, see .
16 | */
17 | package com.warxim.vucsa.client.challenge.verticalaccesscontrol;
18 |
19 | import com.warxim.vucsa.common.connection.Connection;
20 | import com.warxim.vucsa.common.message.Message;
21 | import com.warxim.vucsa.common.message.MessageHandler;
22 | import com.warxim.vucsa.common.message.verticalaccesscontrol.response.SecretResponse;
23 | import lombok.RequiredArgsConstructor;
24 |
25 | /**
26 | * Handler for secret response for vertical access control challenge.
27 | */
28 | @RequiredArgsConstructor
29 | public class VerticalAccessControlSecretHandler implements MessageHandler {
30 | private final VerticalAccessControlController controller;
31 |
32 | @Override
33 | public boolean supports(Message message) {
34 | return message instanceof SecretResponse;
35 | }
36 |
37 | @Override
38 | public boolean handleMessage(Connection connection, Message message) {
39 | var secretResponse = ((SecretResponse) message);
40 | controller.setSecret(secretResponse.getSecret());
41 | return true;
42 | }
43 | }
--------------------------------------------------------------------------------
/vucsa-common/src/main/java/com/warxim/vucsa/common/message/enumeration/response/LoginResponse.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Vulnerable Client-Server Application (VuCSA)
3 | *
4 | * Copyright (C) 2021 Michal Válka
5 | *
6 | * This program is free software: you can redistribute it and/or modify it under the terms of the
7 | * GNU General Public License as published by the Free Software Foundation, either version 3 of the
8 | * License, or (at your option) any later version.
9 | *
10 | * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
11 | * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 | * General Public License for more details.
13 | *
14 | * You should have received a copy of the GNU General Public License along with this program. If
15 | * not, see .
16 | */
17 | package com.warxim.vucsa.common.message.enumeration.response;
18 |
19 | import com.warxim.vucsa.common.message.Message;
20 | import com.warxim.vucsa.common.message.MessageType;
21 | import com.warxim.vucsa.common.message.enumeration.LoginStatus;
22 | import lombok.Builder;
23 | import lombok.EqualsAndHashCode;
24 | import lombok.Value;
25 |
26 | /**
27 | * Login response for Enumeration challenge.
28 | */
29 | @Value
30 | @EqualsAndHashCode(callSuper = true)
31 | public class LoginResponse extends Message {
32 | /**
33 | * Status of user login
34 | */
35 | LoginStatus status;
36 |
37 | /**
38 | * User's secret (null if login failed)
39 | */
40 | String userSecret;
41 |
42 | @Builder
43 | public LoginResponse(int target, LoginStatus status, String userSecret) {
44 | super(target);
45 | this.status = status;
46 | this.userSecret = userSecret;
47 | }
48 |
49 | @Override
50 | public MessageType getType() {
51 | return MessageType.ENUMERATION_CHALLENGE_LOGIN_RESPONSE;
52 | }
53 | }
54 |
--------------------------------------------------------------------------------
/vucsa-client/src/main/java/com/warxim/vucsa/client/challenge/verticalaccesscontrol/VerticalAccessControlUserInfoHandler.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Vulnerable Client-Server Application (VuCSA)
3 | *
4 | * Copyright (C) 2021 Michal Válka
5 | *
6 | * This program is free software: you can redistribute it and/or modify it under the terms of the
7 | * GNU General Public License as published by the Free Software Foundation, either version 3 of the
8 | * License, or (at your option) any later version.
9 | *
10 | * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
11 | * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 | * General Public License for more details.
13 | *
14 | * You should have received a copy of the GNU General Public License along with this program. If
15 | * not, see .
16 | */
17 | package com.warxim.vucsa.client.challenge.verticalaccesscontrol;
18 |
19 | import com.warxim.vucsa.common.connection.Connection;
20 | import com.warxim.vucsa.common.message.Message;
21 | import com.warxim.vucsa.common.message.MessageHandler;
22 | import com.warxim.vucsa.common.message.verticalaccesscontrol.response.UserInfoResponse;
23 | import lombok.RequiredArgsConstructor;
24 |
25 | /**
26 | * Handler for user info response for vertical access control challenge.
27 | */
28 | @RequiredArgsConstructor
29 | public class VerticalAccessControlUserInfoHandler implements MessageHandler {
30 | private final VerticalAccessControlController controller;
31 |
32 | @Override
33 | public boolean supports(Message message) {
34 | return message instanceof UserInfoResponse;
35 | }
36 |
37 | @Override
38 | public boolean handleMessage(Connection connection, Message message) {
39 | var info = ((UserInfoResponse) message);
40 | controller.setUser(info.getUsername(), info.getRole());
41 | return true;
42 | }
43 | }
--------------------------------------------------------------------------------
/vucsa-server/src/main/java/com/warxim/vucsa/server/challenge/rcedeserialization/internal/advanced/ClassProcessor.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Vulnerable Client-Server Application (VuCSA)
3 | *
4 | * Copyright (C) 2023 Michal Válka
5 | *
6 | * This program is free software: you can redistribute it and/or modify it under the terms of the
7 | * GNU General Public License as published by the Free Software Foundation, either version 3 of the
8 | * License, or (at your option) any later version.
9 | *
10 | * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
11 | * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 | * General Public License for more details.
13 | *
14 | * You should have received a copy of the GNU General Public License along with this program. If
15 | * not, see .
16 | */
17 | package com.warxim.vucsa.server.challenge.rcedeserialization.internal.advanced;
18 |
19 | import java.util.Arrays;
20 | import java.util.logging.Level;
21 | import java.util.logging.Logger;
22 | import java.util.stream.Stream;
23 |
24 | /**
25 | * Vulnerable class, part of RCE Deserialization challenge
26 | */
27 | public class ClassProcessor extends BaseProcessor {
28 | @Override
29 | public Object process(Object... args) {
30 | var clazz = (Class) args[0];
31 | var methodName = (String) args[1];
32 | var methodArgs = Arrays.copyOfRange(args, 2, args.length);
33 | var methodArgTypes = Stream.of(methodArgs)
34 | .map(Object::getClass)
35 | .toArray(Class[]::new);
36 | try {
37 | var method = clazz.getMethod(methodName, methodArgTypes);
38 | return method.invoke(null, methodArgs);
39 | } catch (Exception e) {
40 | Logger.getGlobal().log(Level.SEVERE, "Could not execute the method in class!", e);
41 | }
42 | return null;
43 | }
44 | }
--------------------------------------------------------------------------------
/vucsa-server/src/main/java/com/warxim/vucsa/server/challenge/rcedeserialization/internal/advanced/ObjectProcessor.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Vulnerable Client-Server Application (VuCSA)
3 | *
4 | * Copyright (C) 2023 Michal Válka
5 | *
6 | * This program is free software: you can redistribute it and/or modify it under the terms of the
7 | * GNU General Public License as published by the Free Software Foundation, either version 3 of the
8 | * License, or (at your option) any later version.
9 | *
10 | * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
11 | * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 | * General Public License for more details.
13 | *
14 | * You should have received a copy of the GNU General Public License along with this program. If
15 | * not, see .
16 | */
17 | package com.warxim.vucsa.server.challenge.rcedeserialization.internal.advanced;
18 |
19 | import java.util.Arrays;
20 | import java.util.logging.Level;
21 | import java.util.logging.Logger;
22 | import java.util.stream.Stream;
23 |
24 | /**
25 | * Vulnerable class, part of RCE Deserialization challenge
26 | */
27 | public class ObjectProcessor extends BaseProcessor {
28 | @Override
29 | public Object process(Object... args) {
30 | var object = (Object) args[0];
31 | var methodName = (String) args[1];
32 | var methodArgs = Arrays.copyOfRange(args, 2, args.length);
33 | var methodArgTypes = Stream.of(methodArgs)
34 | .map(Object::getClass)
35 | .toArray(Class[]::new);
36 | try {
37 | var method = object.getClass().getMethod(methodName, methodArgTypes);
38 | return method.invoke(object, methodArgs);
39 | } catch (Exception e) {
40 | Logger.getGlobal().log(Level.SEVERE, "Could not execute the method in object!", e);
41 | }
42 | return null;
43 | }
44 | }
--------------------------------------------------------------------------------
/vucsa-client/src/main/java/com/warxim/vucsa/client/Bundle.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Vulnerable Client-Server Application (VuCSA)
3 | *
4 | * Copyright (C) 2021 Michal Válka
5 | *
6 | * This program is free software: you can redistribute it and/or modify it under the terms of the
7 | * GNU General Public License as published by the Free Software Foundation, either version 3 of the
8 | * License, or (at your option) any later version.
9 | *
10 | * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
11 | * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 | * General Public License for more details.
13 | *
14 | * You should have received a copy of the GNU General Public License along with this program. If
15 | * not, see .
16 | */
17 | package com.warxim.vucsa.client;
18 |
19 | import com.warxim.vucsa.client.core.ClientManager;
20 | import lombok.Getter;
21 |
22 | /**
23 | * Singleton for client assets.
24 | */
25 | @Getter
26 | public final class Bundle {
27 | /**
28 | * Singleton instance.
29 | */
30 | private static volatile Bundle instance;
31 |
32 | /**
33 | * Client manager
34 | */
35 | private final ClientManager clientManager;
36 |
37 | private Bundle() {
38 | clientManager = new ClientManager();
39 | }
40 |
41 | /**
42 | * Creates instance of bundle or returns existing instance if it exists.
43 | * @return Bundle instance
44 | */
45 | public static Bundle getInstance() {
46 | if (instance == null) {
47 | synchronized(Bundle.class) {
48 | if (instance == null) {
49 | instance = new Bundle();
50 | }
51 | }
52 | }
53 |
54 | return instance;
55 | }
56 |
57 | /**
58 | * Destroys the bundle.
59 | */
60 | public void destroy() {
61 | // nothing to destroy
62 | }
63 | }
--------------------------------------------------------------------------------
/vucsa-client/src/main/java/com/warxim/vucsa/client/challenge/horizontalaccesscontrol/HorizontalAccessControlHandler.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Vulnerable Client-Server Application (VuCSA)
3 | *
4 | * Copyright (C) 2021 Michal Válka
5 | *
6 | * This program is free software: you can redistribute it and/or modify it under the terms of the
7 | * GNU General Public License as published by the Free Software Foundation, either version 3 of the
8 | * License, or (at your option) any later version.
9 | *
10 | * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
11 | * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 | * General Public License for more details.
13 | *
14 | * You should have received a copy of the GNU General Public License along with this program. If
15 | * not, see .
16 | */
17 | package com.warxim.vucsa.client.challenge.horizontalaccesscontrol;
18 |
19 | import com.warxim.vucsa.common.connection.Connection;
20 | import com.warxim.vucsa.common.message.Message;
21 | import com.warxim.vucsa.common.message.MessageHandler;
22 | import com.warxim.vucsa.common.message.horizontalaccesscontrol.response.DocumentContentResponse;
23 | import lombok.RequiredArgsConstructor;
24 |
25 | /**
26 | * Handler for document content response for horizontal access control challenge.
27 | */
28 | @RequiredArgsConstructor
29 | public class HorizontalAccessControlHandler implements MessageHandler {
30 | private final HorizontalAccessControlController controller;
31 |
32 | @Override
33 | public boolean supports(Message message) {
34 | return message instanceof DocumentContentResponse;
35 | }
36 |
37 | @Override
38 | public boolean handleMessage(Connection connection, Message message) {
39 | var documentContentResponse = ((DocumentContentResponse) message);
40 | controller.setDocument(documentContentResponse.getContent());
41 | return true;
42 | }
43 | }
--------------------------------------------------------------------------------
/vucsa-common/src/main/java/com/warxim/vucsa/common/message/horizontalaccesscontrol/response/DocumentContentResponseSerializer.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Vulnerable Client-Server Application (VuCSA)
3 | *
4 | * Copyright (C) 2021 Michal Válka
5 | *
6 | * This program is free software: you can redistribute it and/or modify it under the terms of the
7 | * GNU General Public License as published by the Free Software Foundation, either version 3 of the
8 | * License, or (at your option) any later version.
9 | *
10 | * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
11 | * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 | * General Public License for more details.
13 | *
14 | * You should have received a copy of the GNU General Public License along with this program. If
15 | * not, see .
16 | */
17 | package com.warxim.vucsa.common.message.horizontalaccesscontrol.response;
18 |
19 | import com.warxim.vucsa.common.message.Message;
20 | import com.warxim.vucsa.common.message.MessageSerializer;
21 | import com.warxim.vucsa.common.message.SerializedMessage;
22 |
23 | import java.util.Optional;
24 |
25 | /**
26 | * Serializer for {@link DocumentContentResponse}.
27 | */
28 | public class DocumentContentResponseSerializer implements MessageSerializer {
29 | @Override
30 | public Optional serializeMessage(Message message) {
31 | if (!(message instanceof DocumentContentResponse)) {
32 | return Optional.empty();
33 | }
34 | var documentContentResponse = (DocumentContentResponse) message;
35 | var bytes = documentContentResponse.getContent().getBytes();
36 |
37 | return Optional.of(SerializedMessage.builder()
38 | .type(message.getType())
39 | .target(message.getTarget())
40 | .length(bytes.length)
41 | .payload(bytes)
42 | .build());
43 | }
44 | }
45 |
--------------------------------------------------------------------------------
/vucsa-server/src/main/java/com/warxim/vucsa/server/configuration/ConfigurationSaver.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Vulnerable Client-Server Application (VuCSA)
3 | *
4 | * Copyright (C) 2021 Michal Válka
5 | *
6 | * This program is free software: you can redistribute it and/or modify it under the terms of the
7 | * GNU General Public License as published by the Free Software Foundation, either version 3 of the
8 | * License, or (at your option) any later version.
9 | *
10 | * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
11 | * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 | * General Public License for more details.
13 | *
14 | * You should have received a copy of the GNU General Public License along with this program. If
15 | * not, see .
16 | */
17 | package com.warxim.vucsa.server.configuration;
18 |
19 | import com.warxim.vucsa.common.util.GsonUtils;
20 |
21 | import java.io.FileWriter;
22 | import java.io.IOException;
23 | import java.nio.file.NoSuchFileException;
24 |
25 | /**
26 | * Static class for configuration saving.
27 | */
28 | public class ConfigurationSaver {
29 | private ConfigurationSaver() { }
30 |
31 | /**
32 | * Saves configuration to specified path.
33 | * @param path Path to configuration file
34 | * @param configuration Configuration to be stored
35 | */
36 | public static void save(String path, Configuration configuration) throws ConfigurationException {
37 | var gson = GsonUtils.getGson();
38 |
39 | try (var writer = gson.newJsonWriter(new FileWriter(path))) {
40 | gson.toJson(gson.toJsonTree(configuration), writer);
41 | } catch (NoSuchFileException e) {
42 | throw new ConfigurationException("Could not found configuration!", e);
43 | } catch (IOException e) {
44 | throw new ConfigurationException("Could not save configuration!", e);
45 | }
46 | }
47 | }
48 |
--------------------------------------------------------------------------------
/vucsa-common/src/main/java/com/warxim/vucsa/common/message/enumeration/request/LoginRequestDeserializer.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Vulnerable Client-Server Application (VuCSA)
3 | *
4 | * Copyright (C) 2021 Michal Válka
5 | *
6 | * This program is free software: you can redistribute it and/or modify it under the terms of the
7 | * GNU General Public License as published by the Free Software Foundation, either version 3 of the
8 | * License, or (at your option) any later version.
9 | *
10 | * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
11 | * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 | * General Public License for more details.
13 | *
14 | * You should have received a copy of the GNU General Public License along with this program. If
15 | * not, see .
16 | */
17 | package com.warxim.vucsa.common.message.enumeration.request;
18 |
19 | import com.warxim.vucsa.common.message.SerializedMessage;
20 | import com.warxim.vucsa.common.message.Message;
21 | import com.warxim.vucsa.common.message.MessageDeserializer;
22 |
23 | import java.util.Optional;
24 | import java.util.logging.Logger;
25 |
26 | /**
27 | * Deserializer for {@link LoginRequest}.
28 | */
29 | public class LoginRequestDeserializer implements MessageDeserializer {
30 | @Override
31 | public Optional deserializeMessage(SerializedMessage serializedMessage) {
32 | var string = new String(serializedMessage.getPayload(), 0, serializedMessage.getLength());
33 | var data = string.split(":", 2);
34 | if (data.length != 2) {
35 | Logger.getGlobal().severe("Serialized message does not contain username and password.");
36 | return Optional.empty();
37 | }
38 |
39 | return Optional.of(LoginRequest.builder()
40 | .target(serializedMessage.getTarget())
41 | .username(data[0])
42 | .password(data[1])
43 | .build());
44 | }
45 | }
46 |
--------------------------------------------------------------------------------
/vucsa-common/src/main/java/com/warxim/vucsa/common/util/GsonUtils.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Vulnerable Client-Server Application (VuCSA)
3 | *
4 | * Copyright (C) 2021 Michal Válka
5 | *
6 | * This program is free software: you can redistribute it and/or modify it under the terms of the
7 | * GNU General Public License as published by the Free Software Foundation, either version 3 of the
8 | * License, or (at your option) any later version.
9 | *
10 | * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
11 | * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 | * General Public License for more details.
13 | *
14 | * You should have received a copy of the GNU General Public License along with this program. If
15 | * not, see .
16 | */
17 | package com.warxim.vucsa.common.util;
18 |
19 | import com.google.gson.Gson;
20 | import com.google.gson.GsonBuilder;
21 |
22 | /**
23 | * Utils for using GSON library.
24 | */
25 | public final class GsonUtils {
26 | /**
27 | * GSON instance for serializing/deserializing in the application.
28 | */
29 | private static final Gson GSON = new GsonBuilder()
30 | .setPrettyPrinting()
31 | .create();
32 |
33 | /**
34 | * GSON instance for serializing/deserializing in the application (for light purposes, e.g. network communication).
35 | */
36 | private static final Gson GSON_LIGHT = new GsonBuilder()
37 | .create();
38 |
39 | /**
40 | * Obtains GSON instance.
41 | * @return GSON instance used throughout the whole application
42 | */
43 | public static Gson getGson() {
44 | return GSON;
45 | }
46 |
47 | /**
48 | * Obtains GSON instance for light JSON creation (without pretty printing).
49 | * @return GSON instance used throughout the whole application
50 | */
51 | public static Gson getGsonLight() {
52 | return GSON_LIGHT;
53 | }
54 |
55 | private GsonUtils() {}
56 | }
57 |
--------------------------------------------------------------------------------
/vucsa-common/src/main/java/com/warxim/vucsa/common/message/horizontalaccesscontrol/request/DocumentContentRequestDeserializer.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Vulnerable Client-Server Application (VuCSA)
3 | *
4 | * Copyright (C) 2021 Michal Válka
5 | *
6 | * This program is free software: you can redistribute it and/or modify it under the terms of the
7 | * GNU General Public License as published by the Free Software Foundation, either version 3 of the
8 | * License, or (at your option) any later version.
9 | *
10 | * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
11 | * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 | * General Public License for more details.
13 | *
14 | * You should have received a copy of the GNU General Public License along with this program. If
15 | * not, see .
16 | */
17 | package com.warxim.vucsa.common.message.horizontalaccesscontrol.request;
18 |
19 | import com.warxim.vucsa.common.message.Message;
20 | import com.warxim.vucsa.common.message.MessageDeserializer;
21 | import com.warxim.vucsa.common.message.SerializedMessage;
22 |
23 | import java.nio.ByteBuffer;
24 | import java.util.Optional;
25 | import java.util.logging.Logger;
26 |
27 | /**
28 | * Deserializer for {@link DocumentContentRequest}.
29 | */
30 | public class DocumentContentRequestDeserializer implements MessageDeserializer {
31 | @Override
32 | public Optional deserializeMessage(SerializedMessage serializedMessage) {
33 | if (serializedMessage.getLength() != 4) {
34 | Logger.getGlobal().severe("Serialized message does not contain expected number of bytes.");
35 | return Optional.empty();
36 | }
37 | var documentId = ByteBuffer.wrap(serializedMessage.getPayload(), 0, 4).getInt();
38 |
39 | return Optional.of(DocumentContentRequest.builder()
40 | .target(serializedMessage.getTarget())
41 | .documentId(documentId)
42 | .build());
43 | }
44 | }
45 |
--------------------------------------------------------------------------------
/vucsa-common/src/main/java/com/warxim/vucsa/common/message/enumeration/request/LoginRequestSerializer.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Vulnerable Client-Server Application (VuCSA)
3 | *
4 | * Copyright (C) 2021 Michal Válka
5 | *
6 | * This program is free software: you can redistribute it and/or modify it under the terms of the
7 | * GNU General Public License as published by the Free Software Foundation, either version 3 of the
8 | * License, or (at your option) any later version.
9 | *
10 | * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
11 | * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 | * General Public License for more details.
13 | *
14 | * You should have received a copy of the GNU General Public License along with this program. If
15 | * not, see .
16 | */
17 | package com.warxim.vucsa.common.message.enumeration.request;
18 |
19 | import com.warxim.vucsa.common.message.MessageSerializer;
20 | import com.warxim.vucsa.common.message.SerializedMessage;
21 | import com.warxim.vucsa.common.message.Message;
22 |
23 | import java.util.Optional;
24 |
25 | /**
26 | * Serializer for {@link LoginRequest}.
27 | */
28 | public class LoginRequestSerializer implements MessageSerializer {
29 | @Override
30 | public Optional serializeMessage(Message message) {
31 | if (!(message instanceof LoginRequest)) {
32 | return Optional.empty();
33 | }
34 | var loginRequest = (LoginRequest) message;
35 | var username = loginRequest.getUsername().replaceAll("[^a-zA-Z0-9-_.]","");
36 | var password = loginRequest.getPassword();
37 | var data = username + ':' + password;
38 | var bytes = data.getBytes();
39 |
40 | return Optional.of(SerializedMessage.builder()
41 | .type(message.getType())
42 | .target(message.getTarget())
43 | .length(bytes.length)
44 | .payload(bytes)
45 | .build());
46 | }
47 | }
48 |
--------------------------------------------------------------------------------
/vucsa-server/src/main/java/com/warxim/vucsa/server/challenge/rcedeserialization/RceDeserializationHandler.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Vulnerable Client-Server Application (VuCSA)
3 | *
4 | * Copyright (C) 2023 Michal Válka
5 | *
6 | * This program is free software: you can redistribute it and/or modify it under the terms of the
7 | * GNU General Public License as published by the Free Software Foundation, either version 3 of the
8 | * License, or (at your option) any later version.
9 | *
10 | * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
11 | * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 | * General Public License for more details.
13 | *
14 | * You should have received a copy of the GNU General Public License along with this program. If
15 | * not, see .
16 | */
17 | package com.warxim.vucsa.server.challenge.rcedeserialization;
18 |
19 | import com.warxim.vucsa.common.connection.Connection;
20 | import com.warxim.vucsa.common.message.Message;
21 | import com.warxim.vucsa.common.message.MessageHandler;
22 | import com.warxim.vucsa.common.message.rcedeserialization.MessageContent;
23 | import com.warxim.vucsa.common.message.rcedeserialization.TextMessage;
24 |
25 | /**
26 | * Handler for RCE Deserialization challenge
27 | */
28 | public class RceDeserializationHandler implements MessageHandler {
29 | @Override
30 | public boolean supports(Message message) {
31 | return message instanceof TextMessage;
32 | }
33 |
34 | @Override
35 | public boolean handleMessage(Connection connection, Message message) {
36 | var textMessage = (TextMessage) message;
37 | var text = textMessage.getContent().getText();
38 | var transformedText = new StringBuilder(text).reverse().toString();
39 | connection.sendMessage(TextMessage.builder()
40 | .target(textMessage.getTarget())
41 | .content(new MessageContent(transformedText))
42 | .build());
43 | return true;
44 | }
45 | }
46 |
--------------------------------------------------------------------------------
/vucsa-common/src/main/java/com/warxim/vucsa/common/message/horizontalaccesscontrol/request/DocumentContentRequestSerializer.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Vulnerable Client-Server Application (VuCSA)
3 | *
4 | * Copyright (C) 2021 Michal Válka
5 | *
6 | * This program is free software: you can redistribute it and/or modify it under the terms of the
7 | * GNU General Public License as published by the Free Software Foundation, either version 3 of the
8 | * License, or (at your option) any later version.
9 | *
10 | * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
11 | * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 | * General Public License for more details.
13 | *
14 | * You should have received a copy of the GNU General Public License along with this program. If
15 | * not, see .
16 | */
17 | package com.warxim.vucsa.common.message.horizontalaccesscontrol.request;
18 |
19 | import com.warxim.vucsa.common.message.Message;
20 | import com.warxim.vucsa.common.message.MessageSerializer;
21 | import com.warxim.vucsa.common.message.SerializedMessage;
22 |
23 | import java.nio.ByteBuffer;
24 | import java.util.Optional;
25 |
26 | /**
27 | * Serializer for {@link DocumentContentRequest}.
28 | */
29 | public class DocumentContentRequestSerializer implements MessageSerializer {
30 | @Override
31 | public Optional serializeMessage(Message message) {
32 | if (!(message instanceof DocumentContentRequest)) {
33 | return Optional.empty();
34 | }
35 | var documentContentResponse = (DocumentContentRequest) message;
36 | var bytes = ByteBuffer.allocate(4)
37 | .putInt(documentContentResponse.getDocumentId())
38 | .array();
39 |
40 | return Optional.of(SerializedMessage.builder()
41 | .type(message.getType())
42 | .target(message.getTarget())
43 | .length(bytes.length)
44 | .payload(bytes)
45 | .build());
46 | }
47 | }
48 |
--------------------------------------------------------------------------------
/vucsa-common/src/main/java/com/warxim/vucsa/common/message/sqlinjection/response/SearchResponseSerializer.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Vulnerable Client-Server Application (VuCSA)
3 | *
4 | * Copyright (C) 2021 Michal Válka
5 | *
6 | * This program is free software: you can redistribute it and/or modify it under the terms of the
7 | * GNU General Public License as published by the Free Software Foundation, either version 3 of the
8 | * License, or (at your option) any later version.
9 | *
10 | * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
11 | * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 | * General Public License for more details.
13 | *
14 | * You should have received a copy of the GNU General Public License along with this program. If
15 | * not, see .
16 | */
17 | package com.warxim.vucsa.common.message.sqlinjection.response;
18 |
19 | import com.warxim.vucsa.common.message.MessageSerializer;
20 | import com.warxim.vucsa.common.message.SerializedMessage;
21 | import com.warxim.vucsa.common.message.Message;
22 | import com.warxim.vucsa.common.util.GsonUtils;
23 |
24 | import java.util.Optional;
25 |
26 | /**
27 | * Serializer for {@link SearchResponse}.
28 | */
29 | public class SearchResponseSerializer implements MessageSerializer {
30 | @Override
31 | public Optional serializeMessage(Message message) {
32 | if (!(message instanceof SearchResponse)) {
33 | return Optional.empty();
34 | }
35 | var gson = GsonUtils.getGsonLight();
36 |
37 | var searchResponse = (SearchResponse) message;
38 | var entities = searchResponse.getEntities();
39 | var json = gson.toJson(entities);
40 | var bytes = json.getBytes();
41 | return Optional.of(SerializedMessage.builder()
42 | .type(message.getType())
43 | .target(message.getTarget())
44 | .length(bytes.length)
45 | .payload(bytes)
46 | .build());
47 | }
48 | }
49 |
--------------------------------------------------------------------------------
/vucsa-server/src/main/java/com/warxim/vucsa/server/challenge/sqlinjection/SqlInjectionChallenge.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Vulnerable Client-Server Application (VuCSA)
3 | *
4 | * Copyright (C) 2021 Michal Válka
5 | *
6 | * This program is free software: you can redistribute it and/or modify it under the terms of the
7 | * GNU General Public License as published by the Free Software Foundation, either version 3 of the
8 | * License, or (at your option) any later version.
9 | *
10 | * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
11 | * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 | * General Public License for more details.
13 | *
14 | * You should have received a copy of the GNU General Public License along with this program. If
15 | * not, see .
16 | */
17 | package com.warxim.vucsa.server.challenge.sqlinjection;
18 |
19 | import com.warxim.vucsa.server.challenge.Challenge;
20 | import com.warxim.vucsa.server.core.ServerManager;
21 | import com.warxim.vucsa.common.ChallengeConstant;
22 |
23 | import java.sql.SQLException;
24 | import java.util.logging.Level;
25 | import java.util.logging.Logger;
26 |
27 | /**
28 | * SQL injection challenge
29 | */
30 | public class SqlInjectionChallenge extends Challenge {
31 | private SqlDatabase database;
32 |
33 | @Override
34 | public void load(ServerManager serverManager) {
35 | initChallengeDirectory();
36 | try {
37 | database = new SqlDatabase("jdbc:sqlite:" + getChallengeDirectory() + "database.db");
38 | serverManager.registerHandler(ChallengeConstant.SQL_INJECTION_TARGET, new SqlInjectionHandler(database));
39 | } catch (SQLException e) {
40 | Logger.getGlobal().log(Level.SEVERE, "Could not create database for SQL Injection challenge!", e);
41 | }
42 | }
43 |
44 | @Override
45 | public void unload(ServerManager serverManager) {
46 | serverManager.unregisterHandler(ChallengeConstant.SQL_INJECTION_TARGET);
47 | database.close();
48 | }
49 | }
50 |
--------------------------------------------------------------------------------
/vucsa-server/src/main/java/com/warxim/vucsa/server/challenge/verticalaccesscontrol/VerticalAccessControlSecretHandler.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Vulnerable Client-Server Application (VuCSA)
3 | *
4 | * Copyright (C) 2021 Michal Válka
5 | *
6 | * This program is free software: you can redistribute it and/or modify it under the terms of the
7 | * GNU General Public License as published by the Free Software Foundation, either version 3 of the
8 | * License, or (at your option) any later version.
9 | *
10 | * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
11 | * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 | * General Public License for more details.
13 | *
14 | * You should have received a copy of the GNU General Public License along with this program. If
15 | * not, see .
16 | */
17 | package com.warxim.vucsa.server.challenge.verticalaccesscontrol;
18 |
19 | import com.warxim.vucsa.common.ChallengeConstant;
20 | import com.warxim.vucsa.common.connection.Connection;
21 | import com.warxim.vucsa.common.message.Message;
22 | import com.warxim.vucsa.common.message.MessageHandler;
23 | import com.warxim.vucsa.common.message.verticalaccesscontrol.request.SecretRequest;
24 | import com.warxim.vucsa.common.message.verticalaccesscontrol.response.SecretResponse;
25 |
26 | /**
27 | * Handler for secret for vertical access control challenge
28 | *
Sends secret response to user that requested it.
29 | */
30 | public class VerticalAccessControlSecretHandler implements MessageHandler {
31 | @Override
32 | public boolean supports(Message message) {
33 | return message instanceof SecretRequest;
34 | }
35 |
36 | @Override
37 | public boolean handleMessage(Connection connection, Message message) {
38 | connection.sendMessage(SecretResponse.builder()
39 | .target(ChallengeConstant.VERTICAL_ACCESS_CONTROL_SECRET_TARGET)
40 | .secret("Congratulations! Now you know that the secret message is: 42!")
41 | .build());
42 | return true;
43 | }
44 | }
45 |
--------------------------------------------------------------------------------
/vucsa-common/src/main/java/com/warxim/vucsa/common/message/sqlinjection/response/SearchResponseDeserializer.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Vulnerable Client-Server Application (VuCSA)
3 | *
4 | * Copyright (C) 2021 Michal Válka
5 | *
6 | * This program is free software: you can redistribute it and/or modify it under the terms of the
7 | * GNU General Public License as published by the Free Software Foundation, either version 3 of the
8 | * License, or (at your option) any later version.
9 | *
10 | * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
11 | * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 | * General Public License for more details.
13 | *
14 | * You should have received a copy of the GNU General Public License along with this program. If
15 | * not, see .
16 | */
17 | package com.warxim.vucsa.common.message.sqlinjection.response;
18 |
19 | import com.google.gson.reflect.TypeToken;
20 | import com.warxim.vucsa.common.message.SerializedMessage;
21 | import com.warxim.vucsa.common.message.Message;
22 | import com.warxim.vucsa.common.message.MessageDeserializer;
23 | import com.warxim.vucsa.common.message.sqlinjection.FoodEntity;
24 | import com.warxim.vucsa.common.util.GsonUtils;
25 |
26 | import java.util.ArrayList;
27 | import java.util.List;
28 | import java.util.Optional;
29 |
30 | /**
31 | * Deserializer for {@link SearchResponse}.
32 | */
33 | public class SearchResponseDeserializer implements MessageDeserializer {
34 | @Override
35 | public Optional deserializeMessage(SerializedMessage serializedMessage) {
36 | var gson = GsonUtils.getGson();
37 | var json = new String(serializedMessage.getPayload(), 0, serializedMessage.getLength());
38 | var entitiesType = new TypeToken>() {}.getType();
39 | List entities = gson.fromJson(json, entitiesType);
40 | return Optional.of(SearchResponse.builder()
41 | .target(serializedMessage.getTarget())
42 | .entities(entities)
43 | .build());
44 | }
45 | }
46 |
--------------------------------------------------------------------------------
/vucsa-server/src/main/java/com/warxim/vucsa/server/challenge/verticalaccesscontrol/VerticalAccessControlUserInfoHandler.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Vulnerable Client-Server Application (VuCSA)
3 | *
4 | * Copyright (C) 2021 Michal Válka
5 | *
6 | * This program is free software: you can redistribute it and/or modify it under the terms of the
7 | * GNU General Public License as published by the Free Software Foundation, either version 3 of the
8 | * License, or (at your option) any later version.
9 | *
10 | * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
11 | * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 | * General Public License for more details.
13 | *
14 | * You should have received a copy of the GNU General Public License along with this program. If
15 | * not, see .
16 | */
17 | package com.warxim.vucsa.server.challenge.verticalaccesscontrol;
18 |
19 | import com.warxim.vucsa.common.ChallengeConstant;
20 | import com.warxim.vucsa.common.connection.Connection;
21 | import com.warxim.vucsa.common.message.Message;
22 | import com.warxim.vucsa.common.message.MessageHandler;
23 | import com.warxim.vucsa.common.message.verticalaccesscontrol.UserRole;
24 | import com.warxim.vucsa.common.message.verticalaccesscontrol.request.UserInfoRequest;
25 | import com.warxim.vucsa.common.message.verticalaccesscontrol.response.UserInfoResponse;
26 |
27 | /**
28 | * Handler for user info for vertical access control challenge
29 | *
Sends user info response to user that requested it.
30 | */
31 | public class VerticalAccessControlUserInfoHandler implements MessageHandler {
32 | @Override
33 | public boolean supports(Message message) {
34 | return message instanceof UserInfoRequest;
35 | }
36 |
37 | @Override
38 | public boolean handleMessage(Connection connection, Message message) {
39 | connection.sendMessage(UserInfoResponse.builder()
40 | .target(ChallengeConstant.VERTICAL_ACCESS_CONTROL_USER_INFO_TARGET)
41 | .id(1)
42 | .username("Guest")
43 | .role(UserRole.GUEST)
44 | .build());
45 | return true;
46 | }
47 | }
48 |
--------------------------------------------------------------------------------
/vucsa-client/src/main/java/com/warxim/vucsa/client/core/Client.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Vulnerable Client-Server Application (VuCSA)
3 | *
4 | * Copyright (C) 2021 Michal Válka
5 | *
6 | * This program is free software: you can redistribute it and/or modify it under the terms of the
7 | * GNU General Public License as published by the Free Software Foundation, either version 3 of the
8 | * License, or (at your option) any later version.
9 | *
10 | * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
11 | * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 | * General Public License for more details.
13 | *
14 | * You should have received a copy of the GNU General Public License along with this program. If
15 | * not, see .
16 | */
17 | package com.warxim.vucsa.client.core;
18 |
19 | import com.warxim.vucsa.common.connection.Connection;
20 | import com.warxim.vucsa.common.connection.listener.ConnectionListener;
21 | import com.warxim.vucsa.common.message.MessageHandler;
22 |
23 | import java.io.IOException;
24 | import java.net.Socket;
25 | import java.util.logging.Level;
26 | import java.util.logging.Logger;
27 |
28 | /**
29 | * Client, which is used to communicate with the server.
30 | *
The client is created through ClientManager, when user starts it in the Settings tab.
31 | */
32 | public class Client extends Connection {
33 | private final ClientConfig config;
34 |
35 | public Client(
36 | ClientConfig config,
37 | ConnectionListener connectionListener,
38 | MessageHandler messageHandler) {
39 | super(1, connectionListener, messageHandler);
40 | this.config = config;
41 | }
42 |
43 | @Override
44 | protected boolean handleBeforeStart() {
45 | if (!super.handleBeforeStart()) {
46 | return false;
47 | }
48 |
49 | try {
50 | socket = new Socket(config.getServerHost(), config.getServerPort());
51 | } catch (IOException e) {
52 | Logger.getGlobal().log(Level.SEVERE, "Could not start client socket!", e);
53 | return false;
54 | }
55 |
56 | return true;
57 | }
58 | }
59 |
--------------------------------------------------------------------------------
/vucsa-server/src/main/java/com/warxim/vucsa/server/challenge/rcedeserialization/internal/advanced/ChainedProcessors.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Vulnerable Client-Server Application (VuCSA)
3 | *
4 | * Copyright (C) 2023 Michal Válka
5 | *
6 | * This program is free software: you can redistribute it and/or modify it under the terms of the
7 | * GNU General Public License as published by the Free Software Foundation, either version 3 of the
8 | * License, or (at your option) any later version.
9 | *
10 | * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
11 | * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 | * General Public License for more details.
13 | *
14 | * You should have received a copy of the GNU General Public License along with this program. If
15 | * not, see .
16 | */
17 | package com.warxim.vucsa.server.challenge.rcedeserialization.internal.advanced;
18 |
19 | import java.util.ArrayList;
20 | import java.util.Arrays;
21 |
22 | /**
23 | * Vulnerable class, part of RCE Deserialization challenge
24 | */
25 | public class ChainedProcessors extends BaseProcessor {
26 | private final ArrayList processors;
27 |
28 | public ChainedProcessors(ArrayList processors) {
29 | this.processors = processors;
30 | }
31 |
32 | public Object process(Object... args) {
33 | if (processors.isEmpty()) {
34 | return null;
35 | }
36 |
37 | var first = processors.get(0);
38 | var previousOutput = first.getProcessor().process(first.getArgs());
39 |
40 | for (var i = 1; i < processors.size(); ++i) {
41 | var processor = processors.get(i);
42 | var argsCopy = Arrays.copyOf(processor.getArgs(), processor.getArgs().length);
43 | for (var j = 0; j < argsCopy.length; ++j) {
44 | if (argsCopy[j] instanceof ChainedProcessorOutputAsArgPlaceholder) {
45 | argsCopy[j] = previousOutput;
46 | }
47 | }
48 | previousOutput = processor.getProcessor().process(argsCopy);
49 | }
50 |
51 | return previousOutput;
52 | }
53 | }
--------------------------------------------------------------------------------
/vucsa-client/src/main/resources/fxml/challenge/sqlinjection/SqlInjectionTab.fxml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
28 |
29 |
30 |
--------------------------------------------------------------------------------
/vucsa-common/src/main/java/com/warxim/vucsa/common/message/rcedeserialization/TextMessageDeserializer.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Vulnerable Client-Server Application (VuCSA)
3 | *
4 | * Copyright (C) 2023 Michal Válka
5 | *
6 | * This program is free software: you can redistribute it and/or modify it under the terms of the
7 | * GNU General Public License as published by the Free Software Foundation, either version 3 of the
8 | * License, or (at your option) any later version.
9 | *
10 | * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
11 | * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 | * General Public License for more details.
13 | *
14 | * You should have received a copy of the GNU General Public License along with this program. If
15 | * not, see .
16 | */
17 | package com.warxim.vucsa.common.message.rcedeserialization;
18 |
19 | import com.warxim.vucsa.common.message.Message;
20 | import com.warxim.vucsa.common.message.MessageDeserializer;
21 | import com.warxim.vucsa.common.message.SerializedMessage;
22 |
23 | import java.io.ByteArrayInputStream;
24 | import java.io.IOException;
25 | import java.io.ObjectInputStream;
26 | import java.util.Optional;
27 | import java.util.logging.Level;
28 | import java.util.logging.Logger;
29 |
30 | /**
31 | * Deserializer for {@link TextMessage}.
32 | */
33 | public class TextMessageDeserializer implements MessageDeserializer {
34 | @Override
35 | public Optional deserializeMessage(SerializedMessage serializedMessage) {
36 | try (var byteInputStream = new ByteArrayInputStream(serializedMessage.getPayload());
37 | var objectInputStream = new ObjectInputStream(byteInputStream)) {
38 | var messageContent = (MessageContent) objectInputStream.readObject();
39 | return Optional.of(TextMessage.builder()
40 | .target(serializedMessage.getTarget())
41 | .content(messageContent)
42 | .build());
43 | } catch (IOException | ClassNotFoundException e) {
44 | Logger.getGlobal().log(Level.SEVERE, "Could not deserialize text message!", e);
45 | return Optional.empty();
46 | }
47 | }
48 | }
49 |
--------------------------------------------------------------------------------
/vucsa-common/src/main/java/com/warxim/vucsa/common/message/verticalaccesscontrol/response/UserInfoResponseSerializer.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Vulnerable Client-Server Application (VuCSA)
3 | *
4 | * Copyright (C) 2021 Michal Válka
5 | *
6 | * This program is free software: you can redistribute it and/or modify it under the terms of the
7 | * GNU General Public License as published by the Free Software Foundation, either version 3 of the
8 | * License, or (at your option) any later version.
9 | *
10 | * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
11 | * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 | * General Public License for more details.
13 | *
14 | * You should have received a copy of the GNU General Public License along with this program. If
15 | * not, see .
16 | */
17 | package com.warxim.vucsa.common.message.verticalaccesscontrol.response;
18 |
19 | import com.warxim.vucsa.common.message.Message;
20 | import com.warxim.vucsa.common.message.MessageSerializer;
21 | import com.warxim.vucsa.common.message.SerializedMessage;
22 |
23 | import java.nio.ByteBuffer;
24 | import java.util.Optional;
25 |
26 | /**
27 | * Serializer for {@link UserInfoResponse}.
28 | */
29 | public class UserInfoResponseSerializer implements MessageSerializer {
30 | @Override
31 | public Optional serializeMessage(Message message) {
32 | if (!(message instanceof UserInfoResponse)) {
33 | return Optional.empty();
34 | }
35 | var userInfoResponse = (UserInfoResponse) message;
36 | var id = userInfoResponse.getId();
37 | var role = userInfoResponse.getRole().getValue();
38 |
39 | var usernameBytes = userInfoResponse.getUsername().getBytes();
40 | var bytes = ByteBuffer.allocate(4 + 4 + usernameBytes.length)
41 | .putInt(id)
42 | .putInt(role)
43 | .put(usernameBytes)
44 | .array();
45 |
46 | return Optional.of(SerializedMessage.builder()
47 | .type(message.getType())
48 | .target(message.getTarget())
49 | .length(bytes.length)
50 | .payload(bytes)
51 | .build());
52 | }
53 | }
54 |
--------------------------------------------------------------------------------
/vucsa-server/src/main/java/com/warxim/vucsa/server/challenge/enumeration/EnumerationHandler.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Vulnerable Client-Server Application (VuCSA)
3 | *
4 | * Copyright (C) 2021 Michal Válka
5 | *
6 | * This program is free software: you can redistribute it and/or modify it under the terms of the
7 | * GNU General Public License as published by the Free Software Foundation, either version 3 of the
8 | * License, or (at your option) any later version.
9 | *
10 | * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
11 | * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 | * General Public License for more details.
13 | *
14 | * You should have received a copy of the GNU General Public License along with this program. If
15 | * not, see .
16 | */
17 | package com.warxim.vucsa.server.challenge.enumeration;
18 |
19 | import com.warxim.vucsa.common.ChallengeConstant;
20 | import com.warxim.vucsa.common.connection.Connection;
21 | import com.warxim.vucsa.common.message.Message;
22 | import com.warxim.vucsa.common.message.MessageHandler;
23 | import com.warxim.vucsa.common.message.enumeration.request.LoginRequest;
24 | import com.warxim.vucsa.common.message.enumeration.response.LoginResponse;
25 | import lombok.RequiredArgsConstructor;
26 |
27 | /**
28 | * Handler for enumeration challenge
29 | *
Simulates user authentication using {@link AuthService}.
30 | */
31 | @RequiredArgsConstructor
32 | public class EnumerationHandler implements MessageHandler {
33 | private final AuthService authService;
34 |
35 | @Override
36 | public boolean supports(Message message) {
37 | return message instanceof LoginRequest;
38 | }
39 |
40 | @Override
41 | public boolean handleMessage(Connection connection, Message message) {
42 | var loginRequest = (LoginRequest) message;
43 | var result = authService.login(loginRequest.getUsername(), loginRequest.getPassword());
44 | connection.sendMessage(LoginResponse.builder()
45 | .target(ChallengeConstant.ENUMERATION_TARGET)
46 | .status(result.getStatus())
47 | .userSecret(result.getUser() == null ? null : result.getUser().getSecret())
48 | .build());
49 | return true;
50 | }
51 | }
52 |
--------------------------------------------------------------------------------
/vucsa-client/src/main/java/com/warxim/vucsa/client/util/GuiUtils.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Vulnerable Client-Server Application (VuCSA)
3 | *
4 | * Copyright (C) 2021 Michal Válka
5 | *
6 | * This program is free software: you can redistribute it and/or modify it under the terms of the
7 | * GNU General Public License as published by the Free Software Foundation, either version 3 of the
8 | * License, or (at your option) any later version.
9 | *
10 | * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
11 | * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 | * General Public License for more details.
13 | *
14 | * You should have received a copy of the GNU General Public License along with this program. If
15 | * not, see .
16 | */
17 | package com.warxim.vucsa.client.util;
18 |
19 | import javafx.scene.Node;
20 | import javafx.scene.control.ScrollPane;
21 | import javafx.scene.control.Tab;
22 | import javafx.scene.control.TabPane;
23 |
24 | /**
25 | * GUI utils.
26 | */
27 | public final class GuiUtils {
28 | private GuiUtils() {
29 | }
30 |
31 | /**
32 | * Adds tab(node) to specified tab pane using the specified order.
33 | * (Wraps the node to a scroll pane, creates new tab and adds it to the tabPane.)
34 | * @param tabPane Tab pane to which to add the tab
35 | * @param title Text of the tab title
36 | * @param node Content node, which will be a content of the tab
37 | * @param order Order to use when adding the tab
38 | * @return Created tab
39 | */
40 | public static Tab addTabToTabPane(TabPane tabPane, String title, Node node, Integer order) {
41 | var scrollPane = new ScrollPane(node);
42 |
43 | scrollPane.setFitToHeight(true);
44 | scrollPane.setFitToWidth(true);
45 | var tab = new Tab(title, scrollPane);
46 | tab.setUserData(order);
47 |
48 | var tabs = tabPane.getTabs();
49 | var index = 0;
50 | for (; index < tabs.size(); ++index) {
51 | var currentOrder = tabs.get(index).getUserData();
52 | if (currentOrder == null || (Integer) currentOrder > order) {
53 | break;
54 | }
55 | }
56 | tabPane.getTabs().add(index, tab);
57 | return tab;
58 | }
59 |
60 | }
61 |
--------------------------------------------------------------------------------
/vucsa-server/src/main/java/com/warxim/vucsa/server/challenge/bufferoverread/BufferOverreadHandler.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Vulnerable Client-Server Application (VuCSA)
3 | *
4 | * Copyright (C) 2021 Michal Válka
5 | *
6 | * This program is free software: you can redistribute it and/or modify it under the terms of the
7 | * GNU General Public License as published by the Free Software Foundation, either version 3 of the
8 | * License, or (at your option) any later version.
9 | *
10 | * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
11 | * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 | * General Public License for more details.
13 | *
14 | * You should have received a copy of the GNU General Public License along with this program. If
15 | * not, see .
16 | */
17 | package com.warxim.vucsa.server.challenge.bufferoverread;
18 |
19 | import com.warxim.vucsa.common.connection.Connection;
20 | import com.warxim.vucsa.common.message.Message;
21 | import com.warxim.vucsa.common.message.MessageHandler;
22 | import com.warxim.vucsa.common.message.bufferoverread.StringListMessage;
23 |
24 | import java.util.ArrayList;
25 | import java.util.Collections;
26 | import java.util.stream.Collectors;
27 |
28 | /**
29 | * Handler for buffer over-read challenge
30 | *
Transforms string list:
31 | *
32 | *
reverses item order,
33 | *
converts items to upper case.
34 | *
35 | */
36 | public class BufferOverreadHandler implements MessageHandler {
37 | @Override
38 | public boolean supports(Message message) {
39 | return message instanceof StringListMessage;
40 | }
41 |
42 | @Override
43 | public boolean handleMessage(Connection connection, Message message) {
44 | var bufferOverreadMessage = (StringListMessage) message;
45 | var items = bufferOverreadMessage.getItems()
46 | .stream()
47 | .map(String::toUpperCase)
48 | .collect(Collectors.toCollection(ArrayList::new));
49 | Collections.reverse(items);
50 | connection.sendMessage(StringListMessage.builder()
51 | .target(bufferOverreadMessage.getTarget())
52 | .items(items)
53 | .build());
54 | return true;
55 | }
56 | }
57 |
--------------------------------------------------------------------------------
/vucsa-common/src/main/java/com/warxim/vucsa/common/message/xml/StorageMessageSerializer.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Vulnerable Client-Server Application (VuCSA)
3 | *
4 | * Copyright (C) 2021 Michal Válka
5 | *
6 | * This program is free software: you can redistribute it and/or modify it under the terms of the
7 | * GNU General Public License as published by the Free Software Foundation, either version 3 of the
8 | * License, or (at your option) any later version.
9 | *
10 | * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
11 | * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 | * General Public License for more details.
13 | *
14 | * You should have received a copy of the GNU General Public License along with this program. If
15 | * not, see .
16 | */
17 | package com.warxim.vucsa.common.message.xml;
18 |
19 | import com.warxim.vucsa.common.message.Message;
20 | import com.warxim.vucsa.common.message.MessageSerializer;
21 | import com.warxim.vucsa.common.message.SerializedMessage;
22 |
23 | import java.util.Optional;
24 |
25 | /**
26 | * Serializer for {@link StorageMessage}.
27 | */
28 | public class StorageMessageSerializer implements MessageSerializer {
29 | @Override
30 | public Optional serializeMessage(Message message) {
31 | if (!(message instanceof StorageMessage)) {
32 | return Optional.empty();
33 | }
34 |
35 | var storageMessage = (StorageMessage) message;
36 | var items = storageMessage.getItems();
37 |
38 | var builder = new StringBuilder("");
39 | for (var item : items) {
40 | builder
41 | .append("")
42 | .append("").append(item.getKey()).append("")
43 | .append("").append(item.getValue()).append("")
44 | .append("");
45 | }
46 | builder.append("");
47 |
48 | var xml = builder.toString();
49 | var bytes = xml.getBytes();
50 |
51 | return Optional.of(SerializedMessage.builder()
52 | .type(message.getType())
53 | .target(message.getTarget())
54 | .length(bytes.length)
55 | .payload(bytes)
56 | .build());
57 | }
58 | }
59 |
--------------------------------------------------------------------------------
/vucsa-common/src/main/java/com/warxim/vucsa/common/message/enumeration/response/LoginResponseSerializer.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Vulnerable Client-Server Application (VuCSA)
3 | *
4 | * Copyright (C) 2021 Michal Válka
5 | *
6 | * This program is free software: you can redistribute it and/or modify it under the terms of the
7 | * GNU General Public License as published by the Free Software Foundation, either version 3 of the
8 | * License, or (at your option) any later version.
9 | *
10 | * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
11 | * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 | * General Public License for more details.
13 | *
14 | * You should have received a copy of the GNU General Public License along with this program. If
15 | * not, see .
16 | */
17 | package com.warxim.vucsa.common.message.enumeration.response;
18 |
19 | import com.warxim.vucsa.common.message.MessageSerializer;
20 | import com.warxim.vucsa.common.message.SerializedMessage;
21 | import com.warxim.vucsa.common.message.Message;
22 |
23 | import java.nio.ByteBuffer;
24 | import java.util.Optional;
25 |
26 | /**
27 | * Serializer for {@link LoginResponse}.
28 | */
29 | public class LoginResponseSerializer implements MessageSerializer {
30 | @Override
31 | public Optional serializeMessage(Message message) {
32 | if (!(message instanceof LoginResponse)) {
33 | return Optional.empty();
34 | }
35 | var loginResponse = (LoginResponse) message;
36 | var value = loginResponse.getStatus().getValue();
37 |
38 | byte[] bytes;
39 | if (loginResponse.getUserSecret() == null) {
40 | bytes = ByteBuffer.allocate(4)
41 | .putInt(value)
42 | .array();
43 | } else {
44 | var secretBytes = loginResponse.getUserSecret().getBytes();
45 | bytes = ByteBuffer.allocate(4 + secretBytes.length)
46 | .putInt(value)
47 | .put(secretBytes)
48 | .array();
49 | }
50 |
51 | return Optional.of(SerializedMessage.builder()
52 | .type(message.getType())
53 | .target(message.getTarget())
54 | .length(bytes.length)
55 | .payload(bytes)
56 | .build());
57 | }
58 | }
59 |
--------------------------------------------------------------------------------
/vucsa-common/src/main/java/com/warxim/vucsa/common/message/MessageQueue.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Vulnerable Client-Server Application (VuCSA)
3 | *
4 | * Copyright (C) 2021 Michal Válka
5 | *
6 | * This program is free software: you can redistribute it and/or modify it under the terms of the
7 | * GNU General Public License as published by the Free Software Foundation, either version 3 of the
8 | * License, or (at your option) any later version.
9 | *
10 | * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
11 | * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 | * General Public License for more details.
13 | *
14 | * You should have received a copy of the GNU General Public License along with this program. If
15 | * not, see .
16 | */
17 | package com.warxim.vucsa.common.message;
18 |
19 | import java.util.Optional;
20 | import java.util.concurrent.BlockingQueue;
21 | import java.util.concurrent.LinkedBlockingQueue;
22 |
23 | /**
24 | * Queue of messages.
25 | */
26 | public class MessageQueue {
27 | private final BlockingQueue queue;
28 |
29 | public MessageQueue() {
30 | queue = new LinkedBlockingQueue<>();
31 | }
32 |
33 | /**
34 | * Add message to queue.
35 | * @param message Message to be added to the queue
36 | */
37 | public void add(Message message) {
38 | queue.add(message);
39 | }
40 |
41 | /**
42 | * Returns message from queue (blocks until there is message).
43 | * @return Message from queue
44 | */
45 | public Message take() throws InterruptedException {
46 | return queue.take();
47 | }
48 |
49 | /**
50 | * Retrieves and removes the head of the queue.
51 | * @return Message from queue or empty optional if the queue is empty
52 | */
53 | public Optional poll() {
54 | return Optional.ofNullable(queue.poll());
55 | }
56 |
57 | /**
58 | * Get queue size.
59 | * @return Size of the queue
60 | */
61 | public int size() {
62 | return queue.size();
63 | }
64 |
65 | /**
66 | * Clears queue.
67 | */
68 | public void clear() {
69 | queue.clear();
70 | }
71 |
72 | /**
73 | * Checks if the queue is empty.
74 | * @return {@code true} if the queue is empty
75 | */
76 | public boolean isEmpty() {
77 | return queue.isEmpty();
78 | }
79 | }
80 |
--------------------------------------------------------------------------------
/vucsa-common/src/main/java/com/warxim/vucsa/common/message/rcedeserialization/TextMessageSerializer.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Vulnerable Client-Server Application (VuCSA)
3 | *
4 | * Copyright (C) 2023 Michal Válka
5 | *
6 | * This program is free software: you can redistribute it and/or modify it under the terms of the
7 | * GNU General Public License as published by the Free Software Foundation, either version 3 of the
8 | * License, or (at your option) any later version.
9 | *
10 | * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
11 | * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 | * General Public License for more details.
13 | *
14 | * You should have received a copy of the GNU General Public License along with this program. If
15 | * not, see .
16 | */
17 | package com.warxim.vucsa.common.message.rcedeserialization;
18 |
19 | import com.warxim.vucsa.common.message.Message;
20 | import com.warxim.vucsa.common.message.MessageSerializer;
21 | import com.warxim.vucsa.common.message.SerializedMessage;
22 |
23 | import java.io.ByteArrayOutputStream;
24 | import java.io.IOException;
25 | import java.io.ObjectOutputStream;
26 | import java.util.Optional;
27 | import java.util.logging.Level;
28 | import java.util.logging.Logger;
29 |
30 | /**
31 | * Serializer for {@link TextMessage}.
32 | */
33 | public class TextMessageSerializer implements MessageSerializer {
34 | @Override
35 | public Optional serializeMessage(Message message) {
36 | if (!(message instanceof TextMessage)) {
37 | return Optional.empty();
38 | }
39 | var textMessage = (TextMessage) message;
40 |
41 | try (var byteStream = new ByteArrayOutputStream();
42 | var objectOutputStream = new ObjectOutputStream(byteStream)) {
43 | objectOutputStream.writeObject(textMessage.getContent());
44 | var payload = byteStream.toByteArray();
45 | return Optional.of(SerializedMessage.builder()
46 | .type(message.getType())
47 | .target(message.getTarget())
48 | .length(payload.length)
49 | .payload(payload)
50 | .build());
51 | } catch (IOException e) {
52 | Logger.getGlobal().log(Level.SEVERE, "Could not serialize text message!", e);
53 | return Optional.empty();
54 | }
55 | }
56 | }
57 |
--------------------------------------------------------------------------------
/vucsa-client/src/main/resources/fxml/challenge/enumeration/EnumerationTab.fxml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
--------------------------------------------------------------------------------