<?php /* * solution: add header X_FORWARDED_FOR: 192.168.102.123 */ require_once '../../../../config/config.inc.php'; $challenge = new Challenge(); $challenge->startChallenge(); $pwd = $challenge->getDictionaryWord(); $token = $challenge->getToken(); $tmp = substr($token, strlen($token) - 8); $ip = hexdec(substr($tmp, 0, 2)) . "." . hexdec(substr($tmp, 2, 2)) . "." . hexdec(substr($tmp, 4, 2)) . "." . hexdec(substr($tmp, 6, 2)); echo "<br/><br/><h3>Login information.</h3><br/>"; if (util::getIP() != $ip) { CTF::error("Not allowed. Access only allowed from ipaddress <i><b>{$ip}</b></i>."); } else { $challenge->mark(); CTF::showAchieved(); } $challenge->stopChallenge();
<?php require_once '../../../../config/config.inc.php'; $challenge = new Challenge(); $challenge->startChallenge(); $pwd = $challenge->getDictionaryWord(); $token = $challenge->getToken(); if (isset($_POST['submit'])) { $code = util::getPost('password'); if ($code == $pwd) { $challenge->mark(); CTF::showAchieved(); } else { CTF::error("Code is not correct"); } } $passphrase = "The password for this exercise is {$pwd}"; ?> <center><?php echo Encode::brailleEncode($passphrase); ?> </center><hr/> <form autocomplete="off" method="post"> <input type="hidden" name="action" value="login" /> <table> <tr><td>Code</td><td>:</td><td><input type="text" name="password" /></td></tr> <tr><td colspan=2/><td><input type="submit" class="button" name="submit" value="Submit" /></td></tr> </table> </form> <?php
/* * sha1 => http://sha1.web-max.ca/ */ require_once '../../../../config/config.inc.php'; $challenge = new Challenge(); $challenge->startChallenge(); $pwd = $challenge->getDictionaryWord(); $token = $challenge->getToken(); if (isset($_POST['submit'])) { $uid = util::getPost('username'); $pwd = util::getPost('password'); if ($uid == "admin" && $pwd == $token) { $challenge->mark(); CTF::showAchieved(); } else { CTF::error("Username/password is not correct"); } } ?> Inlognaam = "admin"<br/><br/> Wachtwoord = "<?php echo sha1($token); ?> "<br/><br/> <form autocomplete="off" method="post"> <table> <tr><td>Username</td><td>:</td><td><input type="text" name="username" /></td></tr> <tr><td>Password</td><td>:</td><td><input type="password" name="password" /></td></tr> <tr><td colspan=2/><td><input type="submit" class="button" name="submit" value="Submit" /> <?php $challenge->nextButton();
if ($db->testTable("SELECT * FROM players LIMIT 0,1", $createSQL)) { $db->query("INSERT INTO players(name,password) VALUES('admin','{$token}')"); } if (isset($_GET['submit'])) { $uid = htmlspecialchars(strip_tags($_GET['username'])); $passwd = htmlspecialchars(strip_tags($_GET['password'])); $sql = "SELECT password FROM players where name='admin'"; $result = $db->query($sql); $tbl = $result->fetch(); $pwd = $tbl['password']; if ($uid == "admin" && $passwd == $pwd) { $challenge->mark(); CTF::showAchieved(); $db->query("DROP database " . 'webchallengedb' . $challenge->getUser()); } else { CTF::error("To bad, please try again. Query: " . str_replace("-", "-", htmlentities($db->lastquery, ENT_QUOTES)) . " "); } } ?> You have to log in as admin. <br/><br/> <?php echo $error; ?> <form autocomplete="off"> <table> <tr><td>Username</td><td>:</td><td><input type="text" name="username" /></td></tr> <tr><td>Password</td><td>:</td><td><input type="password" name="password" /></td></tr> <tr><td colspan=2/><td><input type="submit" class="button" name="submit" value="Submit"/> <?php $challenge->nextButton(); ?>