# Hello administrator, I can see you

## 28 de noviembre de 2019 ESCRITO POR Paula

Tiempo de lectura ~ 2 minutos

Not long ago I published a post about facial recognition and how to evade it, because I was working with it due to a CTF. I’m playing with the same library in order to create a 2nd login page that requires a picture of the administrator. I wanted a simple POC, so I used a simple Flask structure for it. First we need a basic login setup in python, for regular application you should probably use a decent DB managing, you guys know more about that. For know let’s see the scratch, first of all we are going to need a lot of things to make this work:

#app.py

import face_recognition
from PIL import Image, ImageDraw
import numpy as np

import os
...


Now let’s define routes:

@app.route('/')
def home():
if not session.get('logged_in'):
else:
#this is a dummy page for my trials :)
return render_template('dashboard.html')

#me: I work in security.
#also me:
#this is going to be our first change,
#we are using an image-upload page in between
return render_template('showmethatprettyface.html')
else:
return home()


In showmethatprettyface.html we are using a simple image upload setup:

<div class="container">
<div class="row">
<div class="col">

<hr>

<form action="/showmethatprettyface" method="POST" enctype="multipart/form-data">

<div class="form-group">
<label>Select image</label>
<div class="custom-file">
<input type="file" class="custom-file-input" name="image" id="image">
<label class="custom-file-label" for="image">Select image...</label>
</div>
</div>

</form>

</div>
</div>
</div>


This way back in our app.py we can retrieve the uploaded picture using a new route:

@app.route("/showmethatprettyface", methods=["GET", "POST"])

if request.method == "POST":

if request.files:

picture = request.files["image"]


Now, the funny part is using this picture for face recognition. For that, we need known pictures, first.

import stuff blah blah
...

# Load a second sample picture and learn how to recognize it.
salita_face_encoding = face_recognition.face_encodings(salita_image)[0]

# Create arrays of known face encodings and their names
known_face_encodings = [
salita_face_encoding
]
known_face_names = [
"Salita"
]


Salita’s gonna be our known user. Now again in our route we do the rest of the logic which, in fact, is explained here.

@app.route("/showmethatprettyface", methods=["GET", "POST"])
...

# Load an image with an unknown face

# Find all the faces and face encodings in the unknown image
face_locations = face_recognition.face_locations(unknown_image)
face_encodings = face_recognition.face_encodings(unknown_image, face_locations)

# Convert the image to a PIL-format image
pil_image = Image.fromarray(unknown_image)

# Create a Pillow ImageDraw Draw instance to draw with
draw = ImageDraw.Draw(pil_image)

# Loop through each face found in the unknown image
for (top, right, bottom, left), face_encoding in zip(face_locations, face_encodings):
# See if the face is a match for the known face(s)
matches = face_recognition.compare_faces(known_face_encodings, face_encoding)

if True in matches:
return render_template('successfulldummypage.html')
else:
return render_template('booodummypage.html')


So if in the picture the user uploads in the page appears Salita the successfulldummypage.html will load and either way booodummypage.html. If I was Salita I would be very careful of the pictures of me in social networks. Anyway very super disclaimer: This is for fun, don’t trust it for serious business! Also pretty insecure!

It’s a lot of fun to try, tho.