Skip to content

enowars/enowars8-service-WhatsScam

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Whatsscam

This service was played as part of the Enowars 8 tournament. The theme of this years Enowars was scamming so the website has a scam like touch with redirects, scammy logos and a scam feeling like atmosphere.

Whatsscam is an online messenger service that lets you "securely" text with people. The service contains vulnerabilities that can leak data. Inside the documentation folder a readme is contained that explains the exploits/vulnerabilities and possible fixes.

The main features of this service include a User system. This means you can login, logout and you have a profile page for your profile.

The first feature is on the homepage, it is a private messaging platform in which you have to use a publickey to broadcast a message. Only the person with the corresponding private key can decode it. To accommodate this there is a webpage which lists all the users with their publickeys (if they have a publickey).

The second feature is a groupchat that lets you create, join and text inside groups.

The third feature allows you to create a backup of your profile. The backup works via a token that verifies you then you can see a part of the profile.

The fourth feature is an adding friend function it allows you to add and reject friends. You can see a part of your friends profiles. This works as a bait for the players and is not a flagstore more details to flagstores inside the documentation/README.md.

The service also contains smaller features like redirects and some other features to include the scam theme besides the main features.

Running

git clone git@github.com:enowars/enowars8-service-WhatsScam.git
cd enowars8-service-WhatsScam
cd service
docker-compose up --build

The service listens to port: *:9696

Project structure

This is the Project structure the main parts are the service, checker and the documentation.

.
├── LICENSE
├── README.md
├── checker
   ├── Dockerfile
   ├── docker-compose.yaml     
   ├── requirements.txt        
   └── src
       ├── checker.py
       ├── checker_util_func.py
       ├── gunicorn.conf.py    
       └── scam_messages.py
├── documentation
   ├── README.md
   ├── fix.py
   ├── issues
      └── issues.txt      
   └── key_gen.c
└── service
    ├── Dockerfile
    ├── docker-compose.yml
    ├── entrypoint.sh
    ├── gunicorn.conf.py
    ├── instance
       └── database.db
    ├── main.py
    ├── requirements.txt
    └── src
        ├── __init__.py
        ├── aes_encryption.py
        ├── auth.py
        ├── call_c.py
        ├── cleanup.py
        ├── key_gen
        ├── models.py
        ├── rsa_encryption.py
        ├── static
           ├── Logo.PNG
           ├── index.js
           └── style.css
        ├── templates
           ├── add_friend.html
           ├── backup.html
           ├── base.html
           ├── flag.html
           ├── group_page.html
           ├── group_page_unauthorized.html
           ├── groups.html
           ├── home.html
           ├── login.html
           ├── profil.html
           ├── sign_up.html
           └── userlist.html
        └── views.py

About

No description, website, or topics provided.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published