/**
  * Instance of the plugin
  *
  * @since 1.0.0
  * @static
  * @staticvar array $instance
  * @return Instance
  */
 public static function instance()
 {
     if (!isset(self::$instance) && !self::$instance instanceof CTF) {
         self::$instance = new CTF();
         self::$instance->define_constants();
         add_action('plugins_loaded', array(self::$instance, 'load_textdomain'));
         self::$instance->includes();
         self::$instance->init = new CTF_Init();
     }
     return self::$instance;
 }
Ejemplo n.º 2
0
                        } else {
                            $output = showRegister("User already exists");
                        }
                    }
                } else {
                    $output = showRegister("Name can't be empty");
                }
            }
            break;
        default:
            break;
    }
}
$challenge = new Challenge();
$array = $BASE_ARRAY;
$array['title'] = "CTF Login";
if (isset($_SESSION[Challenge::PLAYER])) {
    $array['ranking'] = $challenge->getRank();
    $array['login'] = '******';
} else {
    $array['ranking'] = "You have to login to have a rank";
    $array['login'] = '******';
}
echo CTF::header($array);
echo '<div id="content">';
echo '<div id="multi-logo">';
echo "<div id=\"login\">";
echo join('', $output);
echo "</div></div></div>";
echo CTF::footer();
Ejemplo n.º 3
0
<?php

require_once '../config/config.inc.php';
$challenge = new Challenge();
$array = $BASE_ARRAY;
$array['title'] = "OWASP Capture the Flag";
$loginpage = "https://" . $_SERVER['SERVER_NAME'] . $_SERVER['SCRIPT_NAME'];
$loginpage = str_replace("index", "login", $loginpage);
if (isset($_SESSION[Challenge::PLAYER])) {
    $array['ranking'] = $challenge->getRank();
    $array['login'] = '******' . $loginpage . '?action=logout">Logout</a>';
} else {
    $array['ranking'] = "You have to login to show your rank";
    $array['login'] = '******' . $loginpage . '">Login</a>';
}
$challenge->header($array);
?>
<div id="content">
	<div id="big-logo">
		<div id="challenges">
		<?php 
$challenge->buildChallenges();
?>
		</div>
	</div>
</div>


<?php 
CTF::footer();
Ejemplo n.º 4
0
<?php

require_once '../config/config.inc.php';
$challenge = new Challenge();
$array = $BASE_ARRAY;
$array['otherpage'] = '<a class="white" href="/mailbox.php">Mailbox</a>';
$challenge->header($array);
CTF::showAllMail($challenge->getUser());
?>
</div></div>
<div id="main-footer">
		<table width="100%">
			<tr>
				<td>This site is partly made possible by me :)</td>
				<td align="right">OWASP - CTF 2010</td>
			</tr>
			<tr>
				<td>Thanks to my wife, <a href="http://www.securityskills.nl" class="white">securityskills.nl</a> and other sites of which I copied stuff :)</td>
			</tr>
		</table>
	</div>
<!-- mail starts here -->
<div id="overlay" style="display:none;"></div>
<div id="mail" style="display:none;">
    <div class="closing"><a href="javascript:closeMail()">X</a></div>
    <div id="mailmessage">
        
    </div>
</div>
</body>
</html>
Ejemplo n.º 5
0
<?php

/*
 * solution: add header X_FORWARDED_FOR: 192.168.102.123
 */
require_once '../../../../config/config.inc.php';
$challenge = new Challenge();
$challenge->startChallenge();
$pwd = $challenge->getDictionaryWord();
$token = $challenge->getToken();
$tmp = substr($token, strlen($token) - 8);
$ip = hexdec(substr($tmp, 0, 2)) . "." . hexdec(substr($tmp, 2, 2)) . "." . hexdec(substr($tmp, 4, 2)) . "." . hexdec(substr($tmp, 6, 2));
echo "<br/><br/><h3>Login information.</h3><br/>";
if (util::getIP() != $ip) {
    CTF::error("Not allowed. Access only allowed from ipaddress <i><b>{$ip}</b></i>.");
} else {
    $challenge->mark();
    CTF::showAchieved();
}
$challenge->stopChallenge();
Ejemplo n.º 6
0
/*
 * sha1 => http://sha1.web-max.ca/
 */
require_once '../../../../config/config.inc.php';
$challenge = new Challenge();
$challenge->startChallenge();
$pwd = $challenge->getDictionaryWord();
$token = $challenge->getToken();
if (isset($_POST['submit'])) {
    $uid = util::getPost('username');
    $pwd = util::getPost('password');
    if ($uid == "admin" && $pwd == $token) {
        $challenge->mark();
        CTF::showAchieved();
    } else {
        CTF::error("Username/password is not correct");
    }
}
?>
Inlognaam = "admin"<br/><br/>
Wachtwoord = "<?php 
echo sha1($token);
?>
"<br/><br/>

<form autocomplete="off" method="post">
    <table>
        <tr><td>Username</td><td>:</td><td><input type="text" name="username" /></td></tr>
        <tr><td>Password</td><td>:</td><td><input type="password" name="password" /></td></tr>
        <tr><td colspan=2/><td><input type="submit" class="button" name="submit" value="Submit" /> <?php 
$challenge->nextButton();
Ejemplo n.º 7
0
 function footer($array = array())
 {
     CTF::footer($array);
 }
Ejemplo n.º 8
0
<?php

require_once '../../../../config/config.inc.php';
$challenge = new Challenge();
$challenge->startChallenge();
$pwd = $challenge->getDictionaryWord();
$token = $challenge->getToken();
if (isset($_POST['submit'])) {
    $code = util::getPost('password');
    if ($code == $pwd) {
        $challenge->mark();
        CTF::showAchieved();
    } else {
        CTF::error("Code is not correct");
    }
}
$passphrase = "The password for this exercise is {$pwd}";
?>

<center><?php 
echo Encode::brailleEncode($passphrase);
?>
</center><hr/>
<form autocomplete="off" method="post">
    <input type="hidden" name="action" value="login" />
    <table>
        <tr><td>Code</td><td>:</td><td><input type="text" name="password" /></td></tr>
        <tr><td colspan=2/><td><input type="submit" class="button" name="submit" value="Submit" /></td></tr>
    </table>
</form>
<?php 
Ejemplo n.º 9
0
 static function error($message)
 {
     CTF::message($message, "error");
 }
Ejemplo n.º 10
0
if ($db->testTable("SELECT * FROM players LIMIT 0,1", $createSQL)) {
    $db->query("INSERT INTO players(name,password) VALUES('admin','{$token}')");
}
if (isset($_GET['submit'])) {
    $uid = htmlspecialchars(strip_tags($_GET['username']));
    $passwd = htmlspecialchars(strip_tags($_GET['password']));
    $sql = "SELECT password FROM players where name='admin'";
    $result = $db->query($sql);
    $tbl = $result->fetch();
    $pwd = $tbl['password'];
    if ($uid == "admin" && $passwd == $pwd) {
        $challenge->mark();
        CTF::showAchieved();
        $db->query("DROP database " . 'webchallengedb' . $challenge->getUser());
    } else {
        CTF::error("To bad, please try again. Query: " . str_replace("-", "&#45;", htmlentities($db->lastquery, ENT_QUOTES)) . " ");
    }
}
?>
You have to log in as admin.
<br/><br/>
<?php 
echo $error;
?>
<form autocomplete="off">
    <table>
        <tr><td>Username</td><td>:</td><td><input type="text" name="username" /></td></tr>
        <tr><td>Password</td><td>:</td><td><input type="password" name="password" /></td></tr>
        <tr><td colspan=2/><td><input type="submit" class="button" name="submit" value="Submit"/> <?php 
$challenge->nextButton();
?>