#!/usr/bin/env python3
"""
HackMe - Your First Hack Lab
The Hacker's Arsenal - Lesson 1
A simple vulnerable web application demonstrating Cross-Site Scripting (XSS).
Run this script and open http://localhost:8888 in your browser.
WARNING: This code is INTENTIONALLY VULNERABLE for educational purposes.
Do not use in production!
"""
from http.server import HTTPServer, BaseHTTPRequestHandler
from urllib.parse import urlparse, parse_qs
HTML_TEMPLATE = '''<!DOCTYPE html>
<html>
<head>
<title>HackMe Search</title>
<style>
body {{
font-family: Arial, sans-serif;
max-width: 600px;
margin: 50px auto;
padding: 20px;
background: #1a1a1a;
color: #e0e0e0;
}}
h1 {{ color: #6EFF24; }}
input[type="text"] {{
width: 70%;
padding: 10px;
font-size: 16px;
background: #333;
border: 1px solid #6EFF24;
color: white;
}}
button {{
padding: 10px 20px;
font-size: 16px;
cursor: pointer;
background: #6EFF24;
border: none;
color: black;
font-weight: bold;
}}
.results {{
margin-top: 20px;
padding: 15px;
background: #333;
border-radius: 5px;
}}
.hint {{
margin-top: 30px;
padding: 10px;
background: #2a2a2a;
border-left: 3px solid #6EFF24;
font-size: 14px;
}}
</style>
</head>
<body>
<h1>HackMe Search</h1>
<form method="GET" action="/search">
<input type="text" name="q" placeholder="Search for something...">
<button type="submit">Search</button>
</form>
{results}
<div class="hint">
<strong>Hint:</strong> What happens if you search for something
that isn't just plain text?
</div>
</body>
</html>'''
class VulnerableHandler(BaseHTTPRequestHandler):
def do_GET(self):
parsed = urlparse(self.path)
if parsed.path == '/search':
params = parse_qs(parsed.query)
query = params.get('q', [''])[0]
# VULNERABLE: User input is directly inserted into HTML
# without any sanitization!
results = f'<div class="results">You searched for: {query}</div>'
else:
results = ''
self.send_response(200)
self.send_header('Content-type', 'text/html')
self.end_headers()
page = HTML_TEMPLATE.format(results=results)
self.wfile.write(page.encode())
def log_message(self, format, *args):
print(f"[REQUEST] {args[0]}")
if __name__ == '__main__':
server = HTTPServer(('localhost', 8888), VulnerableHandler)
print("=" * 50)
print(" HACKME SERVER RUNNING")
print(" Open http://localhost:8888 in your browser")
print("=" * 50)
print("\nWaiting for connections...\n")
server.serve_forever()