Merge branch 'feature/add-auth-to-ws-20241111' into development

webpwnized · webpwnized · commit d2207fcd132d · 2024-11-17T21:18:42.000-05:00
diff --git a/src/includes/main-menu.php b/src/includes/main-menu.php
@@ -716,6 +716,11 @@
 								Documentation
 							</a>
 						</li>
+						<li>
+							<a href="./webservices/rest/ws-login.php">
+								Login
+							</a>
+						</li>
 						<li>
 							<a href="./webservices/rest/ws-test-connectivity.php">
 								Test Connectivity
@@ -749,6 +754,11 @@
 								Documentation
 							</a>
 						</li>
+						<li>
+							<a href="./webservices/soap/ws-login.php">
+								Login
+							</a>
+						</li>
 						<li>
 							<a href="">Test Pages</a>
 							<ul>
diff --git a/src/set-up-database.php b/src/set-up-database.php
@@ -229,6 +229,7 @@ function format($pMessage, $pLevel) {
 			("CHook", "JollyRoger", "Gator-hater", false, "Captain", "Hook", "' . bin2hex(random_bytes(16)) . '", "' . bin2hex(random_bytes(32)) . '"),
 			("james", "i<3devs", "Occupation: Researcher", false, "James", "Jardine", "' . bin2hex(random_bytes(16)) . '", "' . bin2hex(random_bytes(32)) . '"),
 			("ed", "pentest", "Commandline KungFu anyone?", false, "Ed", "Skoudis", "' . bin2hex(random_bytes(16)) . '", "' . bin2hex(random_bytes(32)) . '"),
+			("joe", "holly", "Off by one error", false, "Joe", "Holly", "' . bin2hex(random_bytes(16)) . '", "' . bin2hex(random_bytes(32)) . '"),
 			("peter", "initech123", "I dont like my job", false, "Peter", "Gibbons", "' . bin2hex(random_bytes(16)) . '", "' . bin2hex(random_bytes(32)) . '"),
 			("milton", "stapler", "Wheres my stapler?", false, "Milton", "Waddams", "' . bin2hex(random_bytes(16)) . '", "' . bin2hex(random_bytes(32)) . '"),
 			("bill", "tpsreports", "Did you get the memo?", true, "Bill", "Lumbergh", "' . bin2hex(random_bytes(16)) . '", "' . bin2hex(random_bytes(32)) . '"),
diff --git a/src/webservices/soap/docs/soap-services.html b/src/webservices/soap/docs/soap-services.html
@@ -29,12 +29,22 @@
         a:hover {
             text-decoration: underline;
         }
-        .note {
+        .note, .auth-note {
             background-color: #e7f3fe;
             border-left: 6px solid #2196F3;
             margin: 1rem 0;
             padding: 1rem;
         }
+        code {
+            background-color: #f4f4f4;
+            padding: 0.2rem 0.4rem;
+            font-size: 0.9rem;
+        }
+        pre {
+            background-color: #f4f4f4;
+            padding: 1rem;
+            overflow-x: auto;
+        }
     </style>
 </head>
 <body>
@@ -52,17 +62,105 @@ <h2>Available SOAP Services</h2>
         <li><a href="ws-echo.html">WS Echo Service</a> - A simple echo service to test message transmission.</li>
         <li><a href="ws-test-connectivity.html">WS Test Connectivity Service</a> - Verifies connectivity with the API.</li>
         <li><a href="ws-user-account.html">WS User Account Service</a> - Manages user accounts (CRUD operations).</li>
+        <li><a href="ws-login.html">WS Login Service</a> - Authenticates clients and returns a JWT for further requests.</li>
+    </ul>
+
+    <h2>Understanding Security Levels and Authentication</h2>
+    <p>This system has multiple security levels that affect access to the web services:</p>
+    <ul>
+        <li><strong>Security Level 0</strong> - No authentication required. You can send requests without any additional headers or tokens.</li>
+        <li><strong>Security Level 1 or Higher</strong> - Authentication with a JWT token is required for all services except <code>ws-login</code>. You must obtain a JWT token by logging in through the <code>ws-login</code> endpoint using your <code>client_id</code> and <code>client_secret</code>.</li>
+    </ul>
+
+    <div class="auth-note">
+        <strong>Important:</strong> At security level 1 or higher, you must include a JWT token in the <code>Authorization</code> header for each request. Without a valid token, you will receive a <code>401 Unauthorized</code> error.
+    </div>
+
+    <h2>Step-by-Step Guide to Using JWT Authentication</h2>
+    <ol>
+        <li>
+            <strong>Log In to Obtain a JWT Token:</strong>
+            Send a POST request to the <a href="ws-login.html">WS Login Service</a> using your <code>client_id</code> and <code>client_secret</code> to authenticate. If successful, the response will include a JWT token.
+            <p><strong>Example (curl):</strong></p>
+            <pre><code>curl -X POST http://mutillidae.localhost/webservices/soap/ws-login.php \
+-H "Content-Type: text/xml" \
+--data "&lt;soapenv:Envelope xmlns:soapenv='http://schemas.xmlsoap.org/soap/envelope/' \
+xmlns:urn='urn:ws-login'&gt;
+   &lt;soapenv:Header/&gt;
+   &lt;soapenv:Body&gt;
+      &lt;urn:login&gt;
+         &lt;client_id&gt;your-client-id&lt;/client_id&gt;
+         &lt;client_secret&gt;your-client-secret&lt;/client_secret&gt;
+         &lt;audience&gt;target-audience-url&lt;/audience&gt;
+      &lt;/urn:login&gt;
+   &lt;/soapenv:Body&gt;
+&lt;/soapenv:Envelope&gt;"</code></pre>
+            <p>The response will include a token in the format:</p>
+            <pre><code>{
+  "access_token": "your-jwt-token-here",
+  "token_type": "bearer",
+  "expires_in": 3600,
+  "timestamp": "2024-11-17T19:30:00Z"
+}</code></pre>
+        </li>
+
+        <li>
+            <strong>Save the Token:</strong> Copy the JWT token from the response and store it securely. You will need to include it in the Authorization header of each authenticated request.
+        </li>
+
+        <li>
+            <strong>Include the Token in Requests:</strong> When calling any authenticated endpoint, include the token in the Authorization header using the format <code>Bearer &lt;your-token&gt;</code>.
+        </li>
+
+        <h3>Examples of Making Authenticated Requests</h3>
+        <h4>Using curl</h4>
+        <p>Below is an example of an authenticated request using <code>curl</code>:</p>
+        <pre><code>curl -X POST http://mutillidae.localhost/webservices/soap/ws-user-account.php \
+-H "Content-Type: text/xml" \
+-H "Authorization: Bearer &lt;your-token&gt;" \
+--data "&lt;soapenv:Envelope xmlns:soapenv='http://schemas.xmlsoap.org/soap/envelope/' \
+xmlns:urn='urn:ws-user-account'&gt;
+   &lt;soapenv:Header/&gt;
+   &lt;soapenv:Body&gt;
+      &lt;urn:getUser&gt;
+         &lt;username&gt;john&lt;/username&gt;
+      &lt;/urn:getUser&gt;
+   &lt;/soapenv:Body&gt;
+&lt;/soapenv:Envelope&gt;"</code></pre>
+
+        <h4>Using Burp Suite</h4>
+        <p>To send an authenticated request in Burp Suite:</p>
+        <ol>
+            <li>Open <strong>Burp Suite</strong> and navigate to the <strong>Repeater</strong> tab.</li>
+            <li>Enter the URL in the Request line, such as:
+                <pre><code>POST /webservices/soap/ws-user-account.php HTTP/1.1
+Host: mutillidae.localhost
+Content-Type: text/xml
+Authorization: Bearer your-jwt-token-here</code></pre>
+            </li>
+            <li>In the <strong>Headers</strong> section, ensure the Authorization header is included:
+                <pre><code>Authorization: Bearer your-jwt-token-here</code></pre>
+            </li>
+            <li>Click <strong>Send</strong> to submit the request. If the token is valid, you will receive a successful response from the server.</li>
+        </ol>
+    </ol>
+
+    <h2>How to Use the Services</h2>
+    <p>Each service page provides:</p>
+    <ul>
+        <li>An overview of the service functionality.</li>
+        <li>Examples of requests using Burp Repeater and <code>curl</code>.</li>
+        <li>Details about the expected response from the service.</li>
+        <li>Troubleshooting tips in case of issues.</li>
     </ul>
 
-    <h2>How to Use This Documentation</h2>
-    <p>Each service documentation page provides:</p>
+    <h2>Troubleshooting Common Issues</h2>
     <ul>
-        <li>A description of the service and its purpose.</li>
-        <li>Supported SOAP methods with example requests and responses.</li>
-        <li>Step-by-step guides for interacting with the service using Burp Repeater and <code>curl</code>.</li>
-        <li>Troubleshooting tips for common issues.</li>
+        <li><strong>401 Unauthorized:</strong> Make sure your request includes a valid JWT token in the <code>Authorization</code> header. If you haven't obtained a token yet, refer to the "Log In to Obtain a JWT Token" section.</li>
+        <li><strong>400 Bad Request:</strong> Verify that your request follows the correct SOAP structure and all required parameters are included. Missing or incorrectly formatted parameters can cause this error.</li>
+        <li><strong>500 Internal Server Error:</strong> This usually indicates a server-side issue. Check the SOAP response for detailed error messages and ensure the server is functioning correctly.</li>
     </ul>
 
-    <p>If you encounter any issues or have questions, feel free to reach out to your instructor or refer to the troubleshooting sections in the individual documentation pages.</p>
+    <p>If you encounter other issues, please consult the documentation or contact support for assistance.</p>
 </body>
 </html>
diff --git a/src/webservices/soap/docs/ws-login.html b/src/webservices/soap/docs/ws-login.html
@@ -0,0 +1,154 @@
+
+
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>SOAP WS Login Service Documentation</title>
+    <style>
+        body {
+            font-family: Arial, sans-serif;
+            background-color: #f5f5f5;
+            padding: 2rem;
+        }
+        h1, h2 {
+            color: #2c3e50;
+        }
+        pre {
+            background-color: #ecf0f1;
+            padding: 1rem;
+            border-radius: 5px;
+            overflow-x: auto;
+        }
+        code {
+            font-family: Consolas, "Courier New", monospace;
+        }
+        ul {
+            line-height: 1.8;
+        }
+        .note {
+            background-color: #e7f3fe;
+            border-left: 6px solid #2196F3;
+            margin: 1rem 0;
+            padding: 1rem;
+        }
+    </style>
+</head>
+<body>
+    <h1>SOAP WS Login Service Documentation</h1>
+    <p>The <strong>SOAP WS Login Service</strong> allows clients to authenticate using their <code>client_id</code> and <code>client_secret</code>, receiving a JSON Web Token (JWT) for further interaction with secured services.</p>
+
+    <h2>Endpoint</h2>
+    <pre><code>POST /webservices/soap/ws-login.php</code></pre>
+
+    <h2>Request Parameters</h2>
+    <ul>
+        <li><b>client_id</b> (string, required): A 32-character unique identifier for the client.</li>
+        <li><b>client_secret</b> (string, required): A 64-character secret associated with the client ID.</li>
+        <li><b>audience</b> (string, required): The intended audience for the token, typically the endpoint you want to access.</li>
+    </ul>
+
+    <h2>Example Request Using Burp Repeater</h2>
+    <p>Here’s how to send a SOAP request to the login service using Burp Repeater:</p>
+    <pre><code>POST /webservices/soap/ws-login.php HTTP/1.1
+Host: mutillidae.localhost
+Content-Type: text/xml; charset=utf-8
+SOAPAction: "urn:ws-login#login"
+Content-Length: [length]
+Connection: close
+
+&lt;soapenv:Envelope xmlns:soapenv=&quot;http://schemas.xmlsoap.org/soap/envelope/&quot;
+                   xmlns:urn=&quot;urn:ws-login&quot;&gt;
+   &lt;soapenv:Header/&gt;
+   &lt;soapenv:Body&gt;
+      &lt;urn:login&gt;
+         &lt;client_id&gt;fb975a0e0248994221b3a6e87ba92fe9&lt;/client_id&gt;
+         &lt;client_secret&gt;f1d10934f1525ebfdf0b08a2413a3a3f683eaae3913489c786e496e403ab7bff&lt;/client_secret&gt;
+         &lt;audience&gt;http://mutillidae.localhost/webservices/soap/ws-user-account.php&lt;/audience&gt;
+      &lt;/urn:login&gt;
+   &lt;/soapenv:Body&gt;
+&lt;/soapenv:Envelope&gt;</code></pre>
+
+    <p><strong>Instructions:</strong></p>
+    <ol>
+        <li>Open Burp Suite and navigate to the Repeater tab.</li>
+        <li>Copy the above request and paste it into the Repeater window.</li>
+        <li>Update the <code>Content-Length</code> header to match the byte size of the body.</li>
+        <li>Click <strong>Send</strong> to see the response.</li>
+    </ol>
+
+    <h2>Example Request Using <code>curl</code></h2>
+    <p>If you prefer using the command line, here’s how to send the same request with <code>curl</code>:</p>
+    <pre><code>
+        curl -X POST "http://mutillidae.localhost/webservices/soap/ws-login.php" \
+        -H "Content-Type: text/xml; charset=utf-8" \
+        -H "SOAPAction: "urn:ws-login#login"" \
+        --data '&lt;?xml version=&quot;1.0&quot; encoding=&quot;UTF-8&quot;?&gt;
+        &lt;soapenv:Envelope xmlns:soapenv=&quot;http://schemas.xmlsoap.org/soap/envelope/&quot; xmlns:urn=&quot;urn:ws-login&quot;&gt;
+           &lt;soapenv:Header/&gt;
+           &lt;soapenv:Body&gt;
+              &lt;urn:login&gt;
+                 &lt;client_id&gt;fb975a0e0248994221b3a6e87ba92fe9&lt;/client_id&gt;
+                 &lt;client_secret&gt;f1d10934f1525ebfdf0b08a2413a3a3f683eaae3913489c786e496e403ab7bff&lt;/client_secret&gt;
+                 &lt;audience&gt;http://mutillidae.localhost/webservices/soap/ws-user-account.php&lt;/audience&gt;
+              &lt;/urn:login&gt;
+           &lt;/soapenv:Body&gt;
+        &lt;/soapenv:Envelope&gt;'</code></pre>
+
+    <p><strong>Instructions:</strong></p>
+    <ol>
+        <li>Open a terminal or command prompt.</li>
+        <li>Copy and paste the above <code>curl</code> command.</li>
+        <li>Replace <code>fb975a0e0248994221b3a6e87ba92fe9</code> and <code>f1d10934f1525ebfdf0b08a2413a3a3f683eaae3913489c786e496e403ab7bff</code> with valid values.</li>
+        <li>Press <strong>Enter</strong> to send the request and view the response.</li>
+    </ol>
+
+    <h2>Expected Response</h2>
+    <p>Upon successful authentication, the server will respond with a JWT token:</p>
+    <pre><code>&lt;?xml version=&quot;1.0&quot;?&gt;
+&lt;response&gt;
+   &lt;access_token&gt;your-jwt-token&lt;/access_token&gt;
+   &lt;token_type&gt;bearer&lt;/token_type&gt;
+   &lt;expires_in&gt;3600&lt;/expires_in&gt;
+   &lt;timestamp&gt;2024-11-18T12:00:00Z&lt;/timestamp&gt;
+&lt;/response&gt;</code></pre>
+
+    <h2>Using the JWT Token in Subsequent Requests</h2>
+    <p>After obtaining the token, include it in the <code>Authorization</code> header for future SOAP or REST requests. For example:</p>
+
+    <h3>Example Using curl</h3>
+    <p>To call an authenticated endpoint, such as <code>ws-user-account</code>:</p>
+    <pre><code>
+        curl -X POST "http://mutillidae.localhost/webservices/soap/ws-user-account.php" \
+        -H "Content-Type: text/xml; charset=utf-8" \
+        -H "SOAPAction: "urn:ws-user-account#getUser"" \
+        -H "Authorization: Bearer your-jwt-token" \
+        --data '&lt;?xml version=&quot;1.0&quot; encoding=&quot;UTF-8&quot;?&gt;
+        &lt;soapenv:Envelope xmlns:soapenv=&quot;http://schemas.xmlsoap.org/soap/envelope/&quot; xmlns:urn=&quot;urn:ws-user-account&quot;&gt;
+           &lt;soapenv:Header/&gt;
+           &lt;soapenv:Body&gt;
+              &lt;urn:getUser&gt;
+                 &lt;username&gt;some-user&lt;/username&gt;
+              &lt;/urn:getUser&gt;
+           &lt;/soapenv:Body&gt;
+        &lt;/soapenv:Envelope&gt;'</code></pre>
+
+    <h3>Example Using Burp Repeater</h3>
+    <p>To include the token in Burp Suite:</p>
+    <ol>
+        <li>Paste the token in the <code>Authorization</code> header of your request:</li>
+        <pre><code>Authorization: Bearer your-jwt-token</code></pre>
+        <li>Send the request to a secured endpoint.</li>
+    </ol>
+
+    <div class="note">
+        <strong>Troubleshooting Tips:</strong>
+        <ul>
+            <li>Ensure the <code>SOAPAction</code> header matches the registered action for the service.</li>
+            <li>Check for proper XML formatting and valid <code>client_id</code> and <code>client_secret</code> values.</li>
+            <li>If authentication fails, verify the <code>audience</code> matches a valid endpoint.</li>
+        </ul>
+    </div>
+</body>
+</html>
diff --git a/src/webservices/soap/docs/ws-user-account.html b/src/webservices/soap/docs/ws-user-account.html
@@ -181,8 +181,8 @@ <h4>Burp Repeater Request:</h4>
    &lt;soapenv:Header/&gt;
    &lt;soapenv:Body&gt;
       &lt;urn:deleteUser&gt;
-         &lt;username&gt;Joe&lt;/username&gt;
-         &lt;password&gt;Holly&lt;/password&gt;
+         &lt;username&gt;joe&lt;/username&gt;
+         &lt;password&gt;holly&lt;/password&gt;
       &lt;/urn:deleteUser&gt;
    &lt;/soapenv:Body&gt;
 &lt;/soapenv:Envelope&gt;
@@ -197,8 +197,8 @@ <h4>curl Command:</h4>
    &lt;soapenv:Header/&gt;
    &lt;soapenv:Body&gt;
       &lt;urn:deleteUser&gt;
-         &lt;username&gt;Joe&lt;/username&gt;
-         &lt;password&gt;Holly&lt;/password&gt;
+         &lt;username&gt;joe&lt;/username&gt;
+         &lt;password&gt;holly&lt;/password&gt;
       &lt;/urn:deleteUser&gt;
    &lt;/soapenv:Body&gt;
 &lt;/soapenv:Envelope&gt;"
diff --git a/src/webservices/soap/ws-login.php b/src/webservices/soap/ws-login.php
