Not long ago I published a post about facial recognition and how to evade it, because I was working with it due to a CTF. I’m playing with the same library in order to create a 2nd login page that requires a picture of the administrator. I wanted a simple POC, so I used a simple Flask structure for it. First we need a basic login setup in python, for regular application you should probably use a decent DB managing, you guys know more about that. For know let’s see the scratch, first of all we are going to need a lot of things to make this work:
#app.py
from flask import Flask
from flask import Flask, flash, redirect, render_template, request, session, abort
from flask import redirect
import face_recognition
from PIL import Image, ImageDraw
import numpy as np
import os
...
Now let’s define routes:
@app.route('/')
def home():
if not session.get('logged_in'):
return render_template('login.html')
else:
#this is a dummy page for my trials :)
return render_template('dashboard.html')
@app.route('/login', methods=['POST'])
def do_admin_login():
#me: I work in security.
#also me:
if request.form['password'] == 'password' and request.form['username'] == 'user':
#this is going to be our first change,
#we are using an image-upload page in between
return render_template('showmethatprettyface.html')
else:
return home()
In showmethatprettyface.html
we are using a simple image upload setup:
<div class="container">
<div class="row">
<div class="col">
<h1>Upload an image</h1>
<hr>
<form action="/showmethatprettyface" method="POST" enctype="multipart/form-data">
<div class="form-group">
<label>Select image</label>
<div class="custom-file">
<input type="file" class="custom-file-input" name="image" id="image">
<label class="custom-file-label" for="image">Select image...</label>
</div>
</div>
<button type="submit" class="btn btn-primary">Upload</button>
</form>
</div>
</div>
</div>
This way back in our app.py
we can retrieve the uploaded picture using a new route:
@app.route("/showmethatprettyface", methods=["GET", "POST"])
def upload_image():
if request.method == "POST":
if request.files:
picture = request.files["image"]
Now, the funny part is using this picture
for face recognition. For that, we need known pictures, first.
import stuff blah blah
...
# Load a second sample picture and learn how to recognize it.
salita_image = face_recognition.load_image_file("salita.jpg")
salita_face_encoding = face_recognition.face_encodings(salita_image)[0]
# Create arrays of known face encodings and their names
known_face_encodings = [
salita_face_encoding
]
known_face_names = [
"Salita"
]
Salita’s gonna be our known user. Now again in our route we do the rest of the logic which, in fact, is explained here.
@app.route("/showmethatprettyface", methods=["GET", "POST"])
...
# Load an image with an unknown face
unknown_image = face_recognition.load_image_file(foto)
# Find all the faces and face encodings in the unknown image
face_locations = face_recognition.face_locations(unknown_image)
face_encodings = face_recognition.face_encodings(unknown_image, face_locations)
# Convert the image to a PIL-format image
pil_image = Image.fromarray(unknown_image)
# Create a Pillow ImageDraw Draw instance to draw with
draw = ImageDraw.Draw(pil_image)
# Loop through each face found in the unknown image
for (top, right, bottom, left), face_encoding in zip(face_locations, face_encodings):
# See if the face is a match for the known face(s)
matches = face_recognition.compare_faces(known_face_encodings, face_encoding)
if True in matches:
return render_template('successfulldummypage.html')
else:
return render_template('booodummypage.html')
So if in the picture the user uploads in the page appears Salita the successfulldummypage.html
will load and either way booodummypage.html
. If I was Salita I would be very careful of the pictures of me in social networks. Anyway very super disclaimer: This is for fun, don’t trust it for serious business! Also pretty insecure!
It’s a lot of fun to try, tho.
Also written in: https://dev.to/terceranexus6/hello-administrator-i-can-see-you-3h5c