init htb

old htb folders

HTB/pollution/target/.index.php

@@ -0,0 +1,21 @@
+<?php
+
+require '../bootstrap.php';
+
+use app\classes\Routes;
+use app\classes\Uri;
+
+
+$routes = [
+    "/" => "controllers/index.php",
+    "/login" => "controllers/login.php",
+    "/register" => "controllers/register.php",
+    "/home" => "controllers/home.php",
+    "/admin" => "controllers/admin.php",
+    "/api" => "controllers/api.php",
+    "/set/role/admin" => "controllers/set_role_admin.php",
+    "/logout" => "controllers/logout.php"
+];
+
+$uri = Uri::load();
+require Routes::load($uri, $routes);

HTB/pollution/target/bootstrap.php

@@ -0,0 +1,7 @@
+<?php
+ini_set('session.save_handler','redis');
+ini_set('session.save_path','tcp://127.0.0.1:6379/?auth=COLLECTR3D1SPASS');
+
+session_start();
+
+require '../vendor/autoload.php';

HTB/pollution/target/collect.config.php

@@ -0,0 +1,12 @@
+<?php
+
+
+return [
+    "db" => [
+        "host" => "localhost",
+        "dbname" => "webapp",
+        "username" => "webapp_user",
+        "password" => "Str0ngP4ssw0rdB*12@1",
+        "charset" => "utf8"
+    ],
+];

HTB/pollution/target/config.php

@@ -0,0 +1,12 @@
+<?php
+
+
+return [
+    "db" => [
+        "host" => "localhost",
+        "dbname" => "webapp",
+        "username" => "webapp_user",
+        "password" => "Str0ngP4ssw0rdB*12@1",
+        "charset" => "utf8"
+    ],
+];

HTB/pollution/target/creds.txt

@@ -0,0 +1 @@
+developers_group:r0cket

HTB/pollution/target/developers..htaccess

@@ -0,0 +1 @@
+Options -Indexes

HTB/pollution/target/developers..htpasswd

@@ -0,0 +1 @@
+developers_group:$apr1$MzKA5yXY$DwEz.jxW9USWo8.goD7jY1

HTB/pollution/target/etc.hosts

@@ -0,0 +1,7 @@
+127.0.0.1	localhost pollution
+127.0.1.1	debian	collect.htb	developers.collect.htb	forum.collect.htb
+
+# The following lines are desirable for IPv6 capable hosts
+::1     localhost ip6-localhost ip6-loopback
+ff02::1 ip6-allnodes
+ff02::2 ip6-allrouters

HTB/pollution/target/etc.issue

@@ -0,0 +1,2 @@
+Debian GNU/Linux 11 \n \l
+

HTB/pollution/target/index.php

@@ -0,0 +1,21 @@
+<?php
+
+require '../bootstrap.php';
+
+use app\classes\Routes;
+use app\classes\Uri;
+
+
+$routes = [
+    "/" => "controllers/index.php",
+    "/login" => "controllers/login.php",
+    "/register" => "controllers/register.php",
+    "/home" => "controllers/home.php",
+    "/admin" => "controllers/admin.php",
+    "/api" => "controllers/api.php",
+    "/set/role/admin" => "controllers/set_role_admin.php",
+    "/logout" => "controllers/logout.php"
+];
+
+$uri = Uri::load();
+require Routes::load($uri, $routes);

HTB/pollution/target/search index.php

@@ -0,0 +1,21 @@
+<?php
+
+require '../bootstrap.php';
+
+use app\classes\Routes;
+use app\classes\Uri;
+
+
+$routes = [
+    "/" => "controllers/index.php",
+    "/login" => "controllers/login.php",
+    "/register" => "controllers/register.php",
+    "/home" => "controllers/home.php",
+    "/admin" => "controllers/admin.php",
+    "/api" => "controllers/api.php",
+    "/set/role/admin" => "controllers/set_role_admin.php",
+    "/logout" => "controllers/logout.php"
+];
+
+$uri = Uri::load();
+require Routes::load($uri, $routes);

HTB/pollution/target/var.www.collect.app.controllers.admin.php

@@ -0,0 +1,24 @@
+<?php
+
+use app\models\User;
+
+if(!is_admin())
+{
+    die(redirect('/home'));
+}
+
+$user = new User;
+$find = $user->all();
+
+if(isset($_POST['delete_user']) && !empty($_POST['delete_user']))
+{
+    $find = $user->find("username", $_POST['delete_user']);
+    if($find->role == "user"){
+        die(redirect('/admin'));
+	//$user->delete("username",$_POST['delete_user']);
+    }
+
+    die(redirect('/admin'));
+}
+
+require '../app/views/admin.php';

HTB/pollution/target/var.www.collect.app.controllers.api.php

@@ -0,0 +1,23 @@
+<?php
+
+if(!is_admin())
+{
+     die(redirect('/home'));
+}
+
+if(!isset($_POST['manage_api']) or empty($_POST['manage_api']))
+{
+    die(redirect('/home'));
+}
+
+
+libxml_disable_entity_loader(false);
+$dom = new DOMDocument();
+$dom->loadXML($_POST['manage_api'], LIBXML_NOENT | LIBXML_DTDLOAD);
+    
+$xml = simplexml_import_dom($dom);
+    
+header('Content-type: application/json');
+echo(curl_api($xml->method, "http://localhost:3000{$xml->uri}", $xml->user));
+    
+die();

HTB/pollution/target/var.www.collect.app.controllers.index.php

@@ -0,0 +1,8 @@
+<?php
+
+if(is_auth())
+{
+    die(redirect('/home'));
+}
+
+require '../app/views/index.php';

HTB/pollution/target/var.www.collect.app.controllers.login.php

@@ -0,0 +1,31 @@
+<?php
+use app\models\User;
+$user = new User;
+
+if(is_auth())
+{
+    die(redirect('/home'));
+}
+
+if(isset($_POST['username']) && !empty($_POST['username']) && isset($_POST['password']) && !empty($_POST['password']))
+{
+
+    if(!preg_match('/^[A-Za-z0-9]{1,20}$/',$_POST['username'])){
+        set_flash('User with invalid characters');
+        die(redirect('/login'));
+    }
+
+    $find = $user->find("username", $_POST['username']);
+
+    if($find->username == $_POST['username'] && $find->password == md5($_POST['password']))
+    {
+        set_session($find->username, $find->role);
+        die(redirect('/home'));
+    }
+
+    set_flash('Invalid credentials');
+
+    die(redirect('/login'));
+}
+
+require '../app/views/login.php';

HTB/pollution/target/var.www.collect.app.controllers.set_role_admin.php

@@ -0,0 +1,23 @@
+<?php
+
+use app\models\User;
+
+if(!is_auth())
+{
+    die(redirect('/home'));
+}
+
+if(!isset($_POST['token']) or empty($_POST['token']) or $_POST['token'] != "ddac62a28254561001277727cb397baf")
+{
+    die(redirect('/home'));
+}
+
+$user = new User;
+$find = $user->find("username", $_SESSION['username']);
+
+if($find)
+{
+    $user->update_role($find->username, "admin");
+    set_session($find->username, "admin");
+    die(redirect('/admin'));
+}