function www_basic_go(WC_Challenge $chall, $url, $content) { if (false === ($response = GWF_HTTP::getFromURL($url))) { echo GWF_HTML::error('WWW Basics', $chall->lang('err_file_not_found')); } elseif ($response !== $content) { echo GWF_HTML::error('WWW Basics', $chall->lang('err_wrong', array(htmlspecialchars($response), htmlspecialchars($content), strlen($response), strlen($content)))); } else { $chall->onChallengeSolved(GWF_Session::getUserID()); } }
function wcc_ip6_check_answer(WC_Challenge $chall, $answer, $level) { require_once 'solutions.php'; if ($level === count($solutions)) { $ip = $_SERVER['REMOTE_ADDR']; if (GWF_IP6::isV6($ip)) { $chall->onChallengeSolved(GWF_Session::getUserID()); } return false; } return in_array(strtolower($answer), $solutions[$level], true); }
function www_rewrite_go(WC_Challenge $chall, $url) { $n1 = rand(1000000, 1000000000) . rand(1000000, 1000000000); $n2 = rand(1000000, 1000000000) . rand(1000000, 1000000000); $solution = bcmul($n1, $n2); $url .= $n1 . '_mul_' . $n2 . '.html'; if (false === ($response = GWF_HTTP::getFromURL($url))) { echo GWF_HTML::error('WWW Rewrite', $chall->lang('err_file_not_found')); } elseif ($response !== $solution) { echo GWF_HTML::error('WWW Rewrite', $chall->lang('err_wrong', array(htmlspecialchars($response), htmlspecialchars($solution), strlen($response), strlen($solution)))); } else { $chall->onChallengeSolved(GWF_Session::getUserID()); } }
function shadowlamb3solver(WC_Challenge $chall, $answer) { if (!GWF_Session::isLoggedIn()) { echo GWF_HTML::error('Shadowlamb', 'Better login first!'); return; } $code = WC5Lamb_Solution::validateSolution3($answer, GWF_Session::getUserID()); switch ($code) { case 1: echo GWF_HTML::message('Shadowlamb', $chall->lang('msg_right')); $chall->onChallengeSolved(GWF_Session::getUserID()); break; default: echo GWF_HTML::error('Shadowlamb', $chall->lang('err_wrong_' . $code)); break; } }
/** * Exploit this! * @param WC_Challenge $chall * @param unknown_type $username * @param unknown_type $password * @return boolean */ function auth1_onLogin(WC_Challenge $chall, $username, $password) { $db = auth1_db(); $password = md5($password); $query = "SELECT * FROM users WHERE username='******' AND password='******'"; if (false === ($result = $db->queryFirst($query))) { echo GWF_HTML::error('Auth1', $chall->lang('err_unknown'), false); # Unknown user return false; } # Welcome back! echo GWF_HTML::message('Auth1', $chall->lang('msg_welcome_back', htmlspecialchars($result['username'])), false); # Challenge solved? if (strtolower($result['username']) === 'admin') { $chall->onChallengeSolved(GWF_Session::getUserID()); } return true; }
function sidologyRemixCheckAnswer(WC_Challenge $chall, $answer) { if (false !== ($error = $chall->isAnswerBlocked(GWF_User::getStaticOrGuest()))) { echo $error; return; } $solution = '726f3a30c8ae485b4f34d5ff0fed05552d3da60b'; # :) HappyCracking! $hash = $answer; for ($i = 0; $i < 100000; $i++) { $hash = sha1($hash); } // echo "$hash<br/>\n"; if ($hash === $solution) { $chall->onChallengeSolved(); } else { echo WC_HTML::error('err_wrong'); } }
function crackcha_answer(WC_Challenge $chall) { if ('' === ($answer = Common::getGetString('answer', ''))) { echo $chall->lang('err_no_answer'); return; } if (false === ($solution = GWF_Session::getOrDefault('WCC_CRACKCHA_CHARS', false))) { echo $chall->lang('err_no_problem'); return; } if ($answer === $solution) { crackcha_increase_solved(); echo $chall->lang('msg_success', array(GWF_Session::getOrDefault('WCC_CRACKCHA_SOLVED', 0), WCC_CRACKCHA_NEED)); if (crackcha_solved()) { GWF_Module::loadModuleDB('Forum', true, true); Module_WeChall::includeForums(); $chall->onChallengeSolved(GWF_Session::getUserID()); } } else { echo $chall->lang('msg_failed', array($answer, $solution)); } GWF_Session::remove('WCC_CRACKCHA_CHARS'); }
/** * Exploit this! It is the same as MySQL-I, but with an additional check, marked with ### * @param WC_Challenge $chall * @param unknown_type $username * @param unknown_type $password * @return boolean */ function auth2_onLogin(WC_Challenge $chall, $username, $password) { $db = auth2_db(); $password = md5($password); $query = "SELECT * FROM users WHERE username='******'"; if (false === ($result = $db->queryFirst($query))) { echo GWF_HTML::error('Auth2', $chall->lang('err_unknown'), false); return false; } ############################# ### This is the new check ### if ($result['password'] !== $password) { echo GWF_HTML::error('Auth2', $chall->lang('err_password'), false); return false; } # End of the new code ### ############################# echo GWF_HTML::message('Auth2', $chall->lang('msg_welcome_back', array(htmlspecialchars($result['username']))), false); if (strtolower($result['username']) === 'admin') { $chall->onChallengeSolved(GWF_Session::getUserID()); } return true; }
function hashgame_check_answer(WC_Challenge $chall, $answer, array $list1, array $list2) { $solutions = array_merge(hashgame_longest_two($list1), hashgame_longest_two($list2)); $answers = explode(',', $answer); if (count($answers) !== 4) { echo GWF_HTML::error('HashGame', $chall->lang('err_answer_count', array(count($answers))), false); // return false; } if (count($answers) > 4) { echo GWF_HTML::error('HashGame', $chall->lang('err_answer_count_high', array(count($answers))), false); $answers = array_slice($answers, 0, 4); } $correct = 0; foreach ($answers as $word) { $word = trim($word); foreach ($solutions as $i => $solution) { if ($word === $solution) { unset($solutions[$i]); $correct++; break; } } } if ($correct === 4) { $chall->onChallengeSolved(GWF_Session::getUserID()); } else { echo GWF_HTML::error('HashGame', $chall->lang('err_some_good', array($correct)), false); } }