<?php
/*
* solution: add header X_FORWARDED_FOR: 192.168.102.123
*/
require_once '../../../../config/config.inc.php';
$challenge = new Challenge();
$challenge->startChallenge();
$pwd = $challenge->getDictionaryWord();
$token = $challenge->getToken();
$tmp = substr($token, strlen($token) - 8);
$ip = hexdec(substr($tmp, 0, 2)) . "." . hexdec(substr($tmp, 2, 2)) . "." . hexdec(substr($tmp, 4, 2)) . "." . hexdec(substr($tmp, 6, 2));
echo "<br/><br/><h3>Login information.</h3><br/>";
if (util::getIP() != $ip) {
CTF::error("Not allowed. Access only allowed from ipaddress <i><b>{$ip}</b></i>.");
} else {
$challenge->mark();
CTF::showAchieved();
}
$challenge->stopChallenge();
<?php
require_once '../../../../config/config.inc.php';
$challenge = new Challenge();
$challenge->startChallenge();
$pwd = $challenge->getDictionaryWord();
$token = $challenge->getToken();
if (isset($_POST['submit'])) {
$code = util::getPost('password');
if ($code == $pwd) {
$challenge->mark();
CTF::showAchieved();
} else {
CTF::error("Code is not correct");
}
}
$passphrase = "The password for this exercise is {$pwd}";
?>
<center><?php
echo Encode::brailleEncode($passphrase);
?>
</center><hr/>
<form autocomplete="off" method="post">
<input type="hidden" name="action" value="login" />
<table>
<tr><td>Code</td><td>:</td><td><input type="text" name="password" /></td></tr>
<tr><td colspan=2/><td><input type="submit" class="button" name="submit" value="Submit" /></td></tr>
</table>
</form>
<?php
/*
* sha1 => http://sha1.web-max.ca/
*/
require_once '../../../../config/config.inc.php';
$challenge = new Challenge();
$challenge->startChallenge();
$pwd = $challenge->getDictionaryWord();
$token = $challenge->getToken();
if (isset($_POST['submit'])) {
$uid = util::getPost('username');
$pwd = util::getPost('password');
if ($uid == "admin" && $pwd == $token) {
$challenge->mark();
CTF::showAchieved();
} else {
CTF::error("Username/password is not correct");
}
}
?>
Inlognaam = "admin"<br/><br/>
Wachtwoord = "<?php
echo sha1($token);
?>
"<br/><br/>
<form autocomplete="off" method="post">
<table>
<tr><td>Username</td><td>:</td><td><input type="text" name="username" /></td></tr>
<tr><td>Password</td><td>:</td><td><input type="password" name="password" /></td></tr>
<tr><td colspan=2/><td><input type="submit" class="button" name="submit" value="Submit" /> <?php
$challenge->nextButton();
if ($db->testTable("SELECT * FROM players LIMIT 0,1", $createSQL)) {
$db->query("INSERT INTO players(name,password) VALUES('admin','{$token}')");
}
if (isset($_GET['submit'])) {
$uid = htmlspecialchars(strip_tags($_GET['username']));
$passwd = htmlspecialchars(strip_tags($_GET['password']));
$sql = "SELECT password FROM players where name='admin'";
$result = $db->query($sql);
$tbl = $result->fetch();
$pwd = $tbl['password'];
if ($uid == "admin" && $passwd == $pwd) {
$challenge->mark();
CTF::showAchieved();
$db->query("DROP database " . 'webchallengedb' . $challenge->getUser());
} else {
CTF::error("To bad, please try again. Query: " . str_replace("-", "-", htmlentities($db->lastquery, ENT_QUOTES)) . " ");
}
}
?>
You have to log in as admin.
<br/><br/>
<?php
echo $error;
?>
<form autocomplete="off">
<table>
<tr><td>Username</td><td>:</td><td><input type="text" name="username" /></td></tr>
<tr><td>Password</td><td>:</td><td><input type="password" name="password" /></td></tr>
<tr><td colspan=2/><td><input type="submit" class="button" name="submit" value="Submit"/> <?php
$challenge->nextButton();
?>
