<?php require_once 'settings.php'; require_once 'vuln.php'; chdir("../../../"); require_once "challenge/html_head.php"; $title = 'Light in the Darkness'; html_head("Install: {$title}"); if (!GWF_User::isAdminS()) { return htmlSendToLogin("Better be admin !"); } $solution = false; $score = 6; $url = "challenge/Mawekl/light_in_the_darkness/index.php"; $creators = "Mawekl"; $tags = 'MySQL,Exploit'; if (false === blightInstall()) { die('DB ERROR!'); } WC_Challenge::installChallenge($title, $solution, $score, $url, $creators, $tags, true); require_once "challenge/html_foot.php";
<?php chdir("../../"); require_once "challenge/html_head.php"; if (!GWF_User::isAdminS()) { echo GWF_HTML::err('ERR_NO_PERMISSION'); return; } $title = "Can you read me"; $solution = false; $score = 5; $url = "challenge/can_you_readme/index.php"; $creators = "Gizmore"; $tags = 'Coding,Image'; htmlDisplayError(WC_Challenge::installChallenge($title, $solution, $score, $url, $creators, $tags, true)); require_once "challenge/html_foot.php";
<?php $solution = (require 'solution.php'); chdir("../../../"); require_once "challenge/html_head.php"; $title = 'The BrownOS'; html_head("Install: {$title}"); if (!GWF_User::isAdminS()) { return htmlSendToLogin("Better be admin !"); } $score = 7; $url = "challenge/dloser/brownos/index.php"; $creators = "dloser"; $tags = 'Unknown'; WC_Challenge::installChallenge($title, $solution, $score, $url, $creators, $tags, true, WC_Challenge::CHALL_CASE_I); require_once "challenge/html_foot.php";
$solution = (require 'solution.php'); require_once 'expdb.php'; chdir('../../../../'); require_once "challenge/html_head.php"; //html_head("Install Addslashes"); if (!GWF_User::isAdminS()) { echo GWF_HTML::err('ERR_NO_PERMISSION'); return; } // $title = GWF_PAGE_TITLE; $solution = $solution; $score = 4; $url = "challenge/training/php/experience/index.php"; $creators = "Gizmore"; $tags = 'MySQL,PHP,Exploit'; WC_Challenge::installChallenge(GWF_PAGE_TITLE, $solution, $score, $url, $creators, $tags); if (!($db = gdo_db_instance(EXP_DB_HOST, EXP_DB_USER, EXP_DB_PASS, EXP_DB_NAME))) { die(GWF_HTML::err('ERR_DATABASE', array(__FILE__, __LINE__))); } $db->truncateTable('items'); $db->truncateTable('flags'); foreach ($data as $title) { $title = $db->escape($title); $db->queryWrite("INSERT INTO items VALUES(0, '{$title}', NOW())"); } $challenges = GDO::table('WC_Challenge')->selectObjects('*'); foreach ($challenges as $challenge) { $challenge instanceof WC_Challenge; $random_solution = GWF_Random::randomKey(32); $db->queryWrite("INSERT INTO flags VALUES({$challenge->getID()}, '{$random_solution}')"); }
$secret_user = (require 'secrets.php'); chdir("../../../"); require_once "challenge/html_head.php"; $title = 'Disclosures'; html_head("Install: {$title}"); if (!GWF_User::isAdminS()) { return htmlSendToLogin("Better be admin !"); } ### Create challenge table and stuff require 'www/user.php'; require 'www/db.php'; $users = array('aaaaaron' => array('Aaronson', 'Aaron A.', '*****@*****.**', 'Sonnenblume2014'), 'administrator' => $secret_user, 'dloser' => array('Winner', 'BigRichardDick', '*****@*****.**', 'pwnedgizagain'), 'benja' => array('Barneby-Smith', 'Benjamin', '*****@*****.**', 'Wizard1234'), 'casi' => array('Casi', 'Casi', '*****@*****.**', 'casiisaccasiisac'), 'jannn' => array('L', 'Jan', '*****@*****.**', 'essenlol123'), 'ulla' => array('Kalele', 'Ulla', '*****@*****.**', 'Hannover!!'), 'test' => array('test', 'test', '*****@*****.**', '11111111'), 'admin' => array('test', 'test', '*****@*****.**', '11111111'), 'desiree' => array('Reelity', 'Daisy', '*****@*****.**', '.SOLAME.'), 'strider' => array('', '', '*****@*****.**', 'hahackah'), 'wildgoat' => array('', '', '*****@*****.**', 'iliketrains'), 'synergy' => array('', '', '*****@*****.**', 'syn.synack.ack'), 'fastfloats' => array('', '', '*****@*****.**', 'GMPDEV111'), 'teeest' => array('', '', '*****@*****.**', 'test'), 'lostchall' => array('', '', '*****@*****.**', 'PassWordPass!"§'), 'Weezer' => array('', '', '*****@*****.**', 'Weeeeeeeee'), 'olga' => array('Olga', 'Olga', '*****@*****.**', 'Pass123')); $i = 0; GDO::table('DLDC_User')->createTable(true); foreach ($users as $username => $data) { list($lastname, $firstname, $email, $password) = $data; $user = DLDC_User::instance($username, $password, $email, $firstname, $lastname); $minscore = $username === 'dloser' ? 90 : 0; $user->setVar('wechall_userid', --$i); $user->setVar('level', rand($minscore, 100)); $user->insert(); } ### WC continues GDO::setCurrentDB($db1); $score = 5; $url = "challenge/dloser/disclosures/index.php"; $creators = "gizmore,dloser"; $tags = 'Exploit'; WC_Challenge::installChallenge($title, DLDC_SOLUTION, $score, $url, $creators, $tags, true, WC_Challenge::CHALL_CASE_S); require_once "challenge/html_foot.php";