package org.owasp.webgoat.plugin;

import com.sun.jna.platform.win32.WinError;
import java.io.BufferedReader;
import java.io.File;
import java.io.FileReader;
import java.io.FileWriter;
import java.io.OutputStreamWriter;
import java.net.DatagramPacket;
import java.net.DatagramSocket;
import java.net.InetAddress;
import java.net.Socket;
import java.net.URLDecoder;
import java.sql.ResultSet;
import java.sql.Statement;
import java.util.ArrayList;
import java.util.List;
import java.util.StringTokenizer;
import java.util.Vector;
import javax.servlet.http.Cookie;
import net.sourceforge.jtds.jdbc.DefaultProperties;
import org.apache.commons.cli.HelpFormatter;
import org.apache.ecs.Element;
import org.apache.ecs.ElementContainer;
import org.apache.ecs.StringElement;
import org.apache.ecs.html.B;
import org.apache.ecs.html.BR;
import org.apache.ecs.html.Center;
import org.apache.ecs.html.H1;
import org.apache.ecs.html.HR;
import org.apache.ecs.html.IFrame;
import org.apache.ecs.html.Input;
import org.apache.ecs.html.P;
import org.apache.ecs.html.TD;
import org.apache.ecs.html.TH;
import org.apache.ecs.html.TR;
import org.apache.ecs.html.Table;
import org.owasp.webgoat.lessons.Category;
import org.owasp.webgoat.lessons.SequentialLessonAdapter;
import org.owasp.webgoat.plugin.GoatHillsFinancial.GoatHillsFinancial;
import org.owasp.webgoat.session.DatabaseUtilities;
import org.owasp.webgoat.session.ECSFactory;
import org.owasp.webgoat.session.WebSession;

/* loaded from: input_file:WebGoat.war:plugin_lessons/challenge-1.0.jar:org/owasp/webgoat/plugin/ChallengeScreen.class */
public class ChallengeScreen extends SequentialLessonAdapter {
    private static final String USER_COOKIE = "user";
    private static final String JSP = ".jsp";
    private static final String WEBGOAT_CHALLENGE = "webgoat_challenge";
    private static final String WEBGOAT_CHALLENGE_JSP = "webgoat_challenge.jsp";
    private static final String PROCEED_TO_NEXT_STAGE = "Proceed to the next stage...";
    protected static final String CREDIT = "Credit";
    protected static final String PROTOCOL = "File";
    protected static final String MESSAGE = "Message";
    protected static final String PARAM = "p";
    protected static final String PASSWORD = "Password";
    protected static final String USER = "user";
    protected static final String USERNAME = "Username";
    private String pass = "goodbye";
    private String user = "youaretheweakestlink";

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.session.Screen
    public Element createContent(WebSession webSession) {
        return super.createStagedContent(webSession);
    }

    @Override // org.owasp.webgoat.lessons.SequentialLessonAdapter
    protected Element doStage1(WebSession webSession) throws Exception {
        setStage(webSession, 1);
        String rawParameter = webSession.getParser().getRawParameter(USERNAME, "");
        String rawParameter2 = webSession.getParser().getRawParameter("Password", "");
        if (rawParameter.equals(this.user) && rawParameter2.equals(this.pass)) {
            webSession.setMessage("Welcome to stage 2 -- get credit card numbers!");
            setStage(webSession, 2);
            return doStage2(webSession);
        }
        webSession.setMessage("Invalid login");
        ElementContainer elementContainer = new ElementContainer();
        elementContainer.addElement(makeLogin(webSession));
        elementContainer.addElement(new Input(Input.HIDDEN, "user", this.user));
        webSession.getResponse().addCookie(new Cookie("user", Encoding.base64Encode(this.user)));
        phoneHome(webSession, "User: " + rawParameter + " --> Pass: " + rawParameter2);
        return elementContainer;
    }

    @Override // org.owasp.webgoat.lessons.SequentialLessonAdapter
    protected Element doStage2(WebSession webSession) throws Exception {
        webSession.getResponse().addCookie(new Cookie("user", Encoding.base64Encode(this.user)));
        ElementContainer elementContainer = new ElementContainer();
        if (webSession.getParser().getStringParameter(Input.SUBMIT, "").equals("Proceed to the next stage...(3)")) {
            webSession.setMessage("Welcome to stage 3 -- deface the site");
            setStage(webSession, 3);
            resetWebPage(webSession);
            return doStage3(webSession);
        }
        Statement createStatement = DatabaseUtilities.getConnection(webSession).createStatement(1004, 1007);
        String cookie = getCookie(webSession);
        String base64Decode = Encoding.base64Decode(null == cookie ? "" : URLDecoder.decode(cookie, "utf-8"));
        String str = "SELECT * FROM user_data WHERE last_name = '" + base64Decode + "'";
        Vector vector = new Vector();
        try {
            ResultSet executeQuery = createStatement.executeQuery(str);
            while (executeQuery.next()) {
                vector.addElement(executeQuery.getString("cc_type") + HelpFormatter.DEFAULT_OPT_PREFIX + executeQuery.getString(WsSqlInjection.ccNumber));
            }
            if (vector.size() != 13) {
                webSession.setMessage("Try to get all the credit card numbers");
            }
            elementContainer.addElement(buildCart(webSession));
            Table align = new Table().setCellSpacing(0).setCellPadding(2).setBorder(0).setWidth("90%").setAlign("center");
            elementContainer.addElement(new BR());
            TR tr = new TR();
            tr.addElement(new TD().addElement("Please select credit card for this purchase: "));
            tr.addElement(new TD().addElement(ECSFactory.makePulldown(CREDIT, vector)).setAlign("right"));
            align.addElement(tr);
            TR tr2 = new TR();
            tr2.addElement(new TD().addElement(ECSFactory.makeButton("Buy Now!")));
            align.addElement(tr2);
            elementContainer.addElement(align);
            elementContainer.addElement(new BR());
            elementContainer.addElement(new Input(Input.HIDDEN, "user", base64Decode));
            if (vector.size() == 13) {
                webSession.setMessage("Congratulations! You stole all the credit cards, proceed to stage 3!");
                webSession.setMessage("  - Look in the credit card pull down to see the numbers.");
                elementContainer.addElement(new BR());
                Center center = new Center();
                center.addElement(ECSFactory.makeButton("Proceed to the next stage...(3)"));
                elementContainer.addElement(center);
            }
        } catch (Exception e) {
            webSession.setMessage("An error occurred in the woods");
        }
        return elementContainer;
    }

    @Override // org.owasp.webgoat.lessons.SequentialLessonAdapter
    protected Element doStage3(WebSession webSession) throws Exception {
        ElementContainer elementContainer = new ElementContainer();
        if (webSession.getParser().getStringParameter(Input.SUBMIT, "").equals("Proceed to the next stage...(4)")) {
            setStage(webSession, 4);
            resetWebPage(webSession);
            return doStage4(webSession);
        }
        Element netstatResults = getNetstatResults(webSession);
        if (isDefaced(webSession)) {
            elementContainer.addElement(new HR());
            webSession.setMessage("CONGRATULATIONS - You have defaced the site!");
            Table align = new Table().setCellSpacing(0).setCellPadding(2).setWidth("90%").setAlign("center");
            if (webSession.isColor()) {
                align.setBorder(1);
            }
            TR tr = new TR();
            tr.addElement(new TD().setAlign("center").addElement(ECSFactory.makeButton("Proceed to the next stage...(4)")));
            align.addElement(tr);
            TR tr2 = new TR();
            tr2.addElement(new TD().addElement(showDefaceAttempt(webSession)));
            align.addElement(tr2);
            elementContainer.addElement(align);
            return elementContainer;
        }
        try {
            elementContainer.addElement(new H1("Current Network Status:"));
            elementContainer.addElement(netstatResults);
            Table align2 = new Table().setCellSpacing(0).setCellPadding(2).setWidth("90%").setAlign("center");
            if (webSession.isColor()) {
                align2.setBorder(1);
            }
            TR tr3 = new TR();
            tr3.addElement(new TD().addElement(ECSFactory.makeButton("View Network")));
            tr3.addElement(new TD().setWidth("35%").addElement(ECSFactory.makePulldown(PROTOCOL, new String[]{"tcp", "tcpv6", "ip", "ipv6", "udp", "udpv6"}, "", 5)));
            align2.addElement(tr3);
            elementContainer.addElement(align2);
        } catch (Exception e) {
            elementContainer.addElement(new P().addElement("Error in obtaining network status"));
        }
        elementContainer.addElement(new HR());
        Table align3 = new Table().setCellSpacing(0).setCellPadding(2).setWidth("90%").setAlign("center");
        if (webSession.isColor()) {
            align3.setBorder(1);
        }
        TR tr4 = new TR();
        tr4.addElement(new TD().addElement(showDefaceAttempt(webSession)));
        align3.addElement(tr4);
        elementContainer.addElement(align3);
        return elementContainer;
    }

    private boolean isDefaced(WebSession webSession) {
        boolean z = false;
        try {
            z = !getFileText(new BufferedReader(new FileReader(webSession.getContext().getRealPath(WEBGOAT_CHALLENGE_JSP))), false).equals(getFileText(new BufferedReader(new FileReader(webSession.getContext().getRealPath(new StringBuilder().append("webgoat_challenge_").append(webSession.getUserName()).append(JSP).toString()))), false));
        } catch (Exception e) {
            e.printStackTrace();
        }
        return z;
    }

    private Element showDefaceAttempt(WebSession webSession) throws Exception {
        ElementContainer elementContainer = new ElementContainer();
        elementContainer.addElement(new H1().addElement("Original Website Text"));
        elementContainer.addElement(new IFrame().setHeight(DefaultProperties.MAX_STATEMENTS).setWidth("100%").setSrc(webSession.getRequest().getContextPath() + "/" + WEBGOAT_CHALLENGE_JSP));
        elementContainer.addElement(new HR());
        elementContainer.addElement(new H1().addElement("Defaced Website Text"));
        elementContainer.addElement(new IFrame().setHeight(DefaultProperties.MAX_STATEMENTS).setWidth("100%").setSrc(webSession.getRequest().getContextPath() + "/" + WEBGOAT_CHALLENGE + "_" + webSession.getUserName() + JSP));
        elementContainer.addElement(new HR());
        return elementContainer;
    }

    private void resetWebPage(WebSession webSession) {
        try {
            String realPath = webSession.getContext().getRealPath("webgoat_challenge_" + webSession.getUserName() + JSP);
            String realPath2 = webSession.getContext().getRealPath(WEBGOAT_CHALLENGE_JSP);
            FileWriter fileWriter = new FileWriter(new File(realPath));
            fileWriter.write(getFileText(new BufferedReader(new FileReader(realPath2)), false));
            fileWriter.close();
        } catch (Exception e) {
            e.printStackTrace();
        }
    }

    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.lessons.AbstractLesson
    protected Category getDefaultCategory() {
        return Category.CHALLENGE;
    }

    @Override // org.owasp.webgoat.lessons.SequentialLessonAdapter
    protected Element doStage4(WebSession webSession) throws Exception {
        makeSuccess(webSession);
        ElementContainer elementContainer = new ElementContainer();
        elementContainer.addElement(new H1().addElement("Thanks for coming!"));
        elementContainer.addElement(new BR());
        elementContainer.addElement(new H1().addElement("Please remember that you will be caught and fired if you use these techniques for evil."));
        return elementContainer;
    }

    @Override // org.owasp.webgoat.lessons.SequentialLessonAdapter
    protected Element doStage5(WebSession webSession) throws Exception {
        return new ElementContainer();
    }

    @Override // org.owasp.webgoat.lessons.SequentialLessonAdapter
    protected Element doStage6(WebSession webSession) throws Exception {
        return new StringElement("not yet");
    }

    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.lessons.AbstractLesson
    protected List<String> getHints(WebSession webSession) {
        ArrayList arrayList = new ArrayList();
        arrayList.add("You need to gain access to the Java source code for this lesson.");
        arrayList.add("Seriously, no more hints -- it's a CHALLENGE!");
        arrayList.add("Come on -- give it a rest!");
        if (getStage(webSession) != 1) {
        }
        arrayList.add("Persistance is always rewarded");
        return arrayList;
    }

    protected Element makeLogin(WebSession webSession) {
        ElementContainer elementContainer = new ElementContainer();
        elementContainer.addElement(new H1().addElement("Sign In "));
        Table align = new Table().setCellSpacing(0).setCellPadding(2).setBorder(0).setWidth("90%").setAlign("center");
        if (webSession.isColor()) {
            align.setBorder(1);
        }
        TR tr = new TR();
        tr.addElement(new TH().addElement("Please sign in to your account.  See the OWASP admin if you do not have an account.").setColSpan(2).setAlign("left"));
        align.addElement(tr);
        TR tr2 = new TR();
        tr2.addElement(new TD().addElement("*Required Fields").setWidth("30%"));
        align.addElement(tr2);
        TR tr3 = new TR();
        tr3.addElement(new TD().addElement("&nbsp;").setColSpan(2));
        align.addElement(tr3);
        TR tr4 = new TR();
        TR tr5 = new TR();
        tr4.addElement(new TD(new B(new StringElement("*User Name: "))));
        tr5.addElement(new TD(new B(new StringElement("*Password: "))));
        Input input = new Input("TEXT", USERNAME, "");
        Input input2 = new Input(Input.PASSWORD, "Password", "");
        tr4.addElement(new TD(input));
        tr5.addElement(new TD(input2));
        align.addElement(tr4);
        align.addElement(tr5);
        align.addElement(new TR(new TD(ECSFactory.makeButton(GoatHillsFinancial.LOGIN_ACTION))));
        elementContainer.addElement(align);
        return elementContainer;
    }

    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.lessons.AbstractLesson
    public String getInstructions(WebSession webSession) {
        return "Your mission is to break the authentication scheme, steal all the credit cards from the database, and then deface the website. You will have to use many of the techniques you have learned in the other lessons. The main webpage to deface for this site is 'webgoat_challenge_" + webSession.getUserName() + ".jsp'";
    }

    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.lessons.AbstractLesson
    protected Integer getDefaultRanking() {
        return new Integer(130);
    }

    protected void phoneHome(WebSession webSession, String str) {
        try {
            InetAddress byName = InetAddress.getByName(webSession.getRequest().getRemoteHost());
            DatagramPacket datagramPacket = new DatagramPacket(str.getBytes(), str.length());
            DatagramSocket datagramSocket = new DatagramSocket();
            datagramSocket.connect(byName, WinError.ERROR_PORT_UNREACHABLE);
            datagramSocket.send(datagramPacket);
            datagramSocket.close();
        } catch (Exception e) {
            System.out.println("Couldn't phone home");
            e.printStackTrace();
        }
    }

    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.lessons.AbstractLesson, org.owasp.webgoat.session.Screen
    public String getTitle() {
        return "The CHALLENGE";
    }

    protected ElementContainer getNetstatResults(WebSession webSession) {
        ElementContainer elementContainer = new ElementContainer();
        Table align = new Table().setCellSpacing(0).setCellPadding(2).setBorder(1).setWidth("80%").setAlign("center");
        if (webSession.isColor()) {
            align.setBorder(1);
        }
        String[] strArr = {"55", "110", "260", "70", "50"};
        TR tr = new TR();
        tr.addElement(new TH().addElement("Protocol").setWidth(strArr[0]));
        tr.addElement(new TH().addElement("Local Address").setWidth(strArr[1]));
        tr.addElement(new TH().addElement("Foreign Address").setWidth(strArr[2]));
        tr.addElement(new TH().addElement("State").setWidth(strArr[3]));
        tr.addElement(new TH().addElement("Offload State").setWidth(strArr[4]));
        align.addElement(tr);
        String rawParameter = webSession.getParser().getRawParameter(PROTOCOL, "tcp");
        boolean z = System.getProperty("os.name").indexOf("Windows") != -1;
        StringTokenizer stringTokenizer = new StringTokenizer((z ? Exec.execSimple("cmd.exe /c netstat -ant -p " + rawParameter) : Exec.execSimple(new String[]{"/bin/sh", "-c", "netstat -ant -p " + rawParameter})).getOutput(), "\n");
        String nextToken = stringTokenizer.nextToken();
        int i = 0;
        int i2 = 0;
        while (i == 0 && stringTokenizer.hasMoreTokens()) {
            if (nextToken.indexOf("Proto") != -1 || (z && i2 >= 3)) {
                i++;
            } else {
                nextToken = stringTokenizer.nextToken();
            }
            i2++;
        }
        while (i > 0 && stringTokenizer.hasMoreTokens()) {
            int i3 = 0;
            TR tr2 = new TR();
            StringTokenizer stringTokenizer2 = new StringTokenizer(stringTokenizer.nextToken(), "\t ");
            while (stringTokenizer2.hasMoreTokens() && i3 < 5) {
                int i4 = i3;
                i3++;
                tr2.addElement(new TD().setWidth(strArr[i4]).addElement(stringTokenizer2.nextToken()));
            }
            align.addElement(tr2);
        }
        elementContainer.addElement(align);
        return elementContainer;
    }

    protected Element makeClues(WebSession webSession) {
        return new StringElement("Clues not Available :)");
    }

    protected Element makeHints(WebSession webSession) {
        return new StringElement("Hint: Find the hints");
    }

    protected void sendMessage(Socket socket, String str) {
        try {
            new OutputStreamWriter(socket.getOutputStream()).write(str);
        } catch (Exception e) {
            e.printStackTrace();
        }
    }

    protected Element buildCart(WebSession webSession) {
        ElementContainer elementContainer = new ElementContainer();
        elementContainer.addElement(new HR().setWidth("90%"));
        elementContainer.addElement(new Center().addElement(new H1().addElement("Shopping Cart ")));
        Table align = new Table().setCellSpacing(0).setCellPadding(2).setBorder(1).setWidth("90%").setAlign("center");
        if (webSession.isColor()) {
            align.setBorder(1);
        }
        TR tr = new TR();
        tr.addElement(new TH().addElement("Shopping Cart Items -- To Buy Now").setWidth("80%"));
        tr.addElement(new TH().addElement("Price:").setWidth("10%"));
        tr.addElement(new TH().addElement("Quantity:").setWidth("3%"));
        tr.addElement(new TH().addElement("Total").setWidth("7%"));
        align.addElement(tr);
        TR tr2 = new TR();
        tr2.addElement(new TD().addElement("Sympathy Bouquet"));
        tr2.addElement(new TD().addElement("59.99").setAlign("right"));
        tr2.addElement(new TD().addElement(" 1 ").setAlign("right"));
        tr2.addElement(new TD().addElement("59.99"));
        align.addElement(tr2);
        elementContainer.addElement(align);
        Table align2 = new Table().setCellSpacing(0).setCellPadding(2).setBorder(0).setWidth("90%").setAlign("center");
        if (webSession.isColor()) {
            align2.setBorder(1);
        }
        elementContainer.addElement(new BR());
        TR tr3 = new TR();
        tr3.addElement(new TD().addElement("The total charged to your credit card:"));
        tr3.addElement(new TD().addElement("59.99"));
        align2.addElement(tr3);
        elementContainer.addElement(align2);
        return elementContainer;
    }

    public boolean canHaveClues() {
        return false;
    }

    protected String getCookie(WebSession webSession) {
        Cookie[] cookies = webSession.getRequest().getCookies();
        for (int i = 0; i < cookies.length; i++) {
            if (cookies[i].getName().equalsIgnoreCase("user")) {
                return cookies[i].getValue();
            }
        }
        return null;
    }
}
