function www_basic_go(WC_Challenge $chall, $url, $content)
{
if (false === ($response = GWF_HTTP::getFromURL($url))) {
echo GWF_HTML::error('WWW Basics', $chall->lang('err_file_not_found'));
} elseif ($response !== $content) {
echo GWF_HTML::error('WWW Basics', $chall->lang('err_wrong', array(htmlspecialchars($response), htmlspecialchars($content), strlen($response), strlen($content))));
} else {
$chall->onChallengeSolved(GWF_Session::getUserID());
}
}
function wcc_ip6_check_answer(WC_Challenge $chall, $answer, $level)
{
require_once 'solutions.php';
if ($level === count($solutions)) {
$ip = $_SERVER['REMOTE_ADDR'];
if (GWF_IP6::isV6($ip)) {
$chall->onChallengeSolved(GWF_Session::getUserID());
}
return false;
}
return in_array(strtolower($answer), $solutions[$level], true);
}
function www_rewrite_go(WC_Challenge $chall, $url)
{
$n1 = rand(1000000, 1000000000) . rand(1000000, 1000000000);
$n2 = rand(1000000, 1000000000) . rand(1000000, 1000000000);
$solution = bcmul($n1, $n2);
$url .= $n1 . '_mul_' . $n2 . '.html';
if (false === ($response = GWF_HTTP::getFromURL($url))) {
echo GWF_HTML::error('WWW Rewrite', $chall->lang('err_file_not_found'));
} elseif ($response !== $solution) {
echo GWF_HTML::error('WWW Rewrite', $chall->lang('err_wrong', array(htmlspecialchars($response), htmlspecialchars($solution), strlen($response), strlen($solution))));
} else {
$chall->onChallengeSolved(GWF_Session::getUserID());
}
}
function shadowlamb3solver(WC_Challenge $chall, $answer)
{
if (!GWF_Session::isLoggedIn()) {
echo GWF_HTML::error('Shadowlamb', 'Better login first!');
return;
}
$code = WC5Lamb_Solution::validateSolution3($answer, GWF_Session::getUserID());
switch ($code) {
case 1:
echo GWF_HTML::message('Shadowlamb', $chall->lang('msg_right'));
$chall->onChallengeSolved(GWF_Session::getUserID());
break;
default:
echo GWF_HTML::error('Shadowlamb', $chall->lang('err_wrong_' . $code));
break;
}
}
/**
* Exploit this!
* @param WC_Challenge $chall
* @param unknown_type $username
* @param unknown_type $password
* @return boolean
*/
function auth1_onLogin(WC_Challenge $chall, $username, $password)
{
$db = auth1_db();
$password = md5($password);
$query = "SELECT * FROM users WHERE username='******' AND password='******'";
if (false === ($result = $db->queryFirst($query))) {
echo GWF_HTML::error('Auth1', $chall->lang('err_unknown'), false);
# Unknown user
return false;
}
# Welcome back!
echo GWF_HTML::message('Auth1', $chall->lang('msg_welcome_back', htmlspecialchars($result['username'])), false);
# Challenge solved?
if (strtolower($result['username']) === 'admin') {
$chall->onChallengeSolved(GWF_Session::getUserID());
}
return true;
}
function sidologyRemixCheckAnswer(WC_Challenge $chall, $answer)
{
if (false !== ($error = $chall->isAnswerBlocked(GWF_User::getStaticOrGuest()))) {
echo $error;
return;
}
$solution = '726f3a30c8ae485b4f34d5ff0fed05552d3da60b';
# :) HappyCracking!
$hash = $answer;
for ($i = 0; $i < 100000; $i++) {
$hash = sha1($hash);
}
// echo "$hash<br/>\n";
if ($hash === $solution) {
$chall->onChallengeSolved();
} else {
echo WC_HTML::error('err_wrong');
}
}
function crackcha_answer(WC_Challenge $chall)
{
if ('' === ($answer = Common::getGetString('answer', ''))) {
echo $chall->lang('err_no_answer');
return;
}
if (false === ($solution = GWF_Session::getOrDefault('WCC_CRACKCHA_CHARS', false))) {
echo $chall->lang('err_no_problem');
return;
}
if ($answer === $solution) {
crackcha_increase_solved();
echo $chall->lang('msg_success', array(GWF_Session::getOrDefault('WCC_CRACKCHA_SOLVED', 0), WCC_CRACKCHA_NEED));
if (crackcha_solved()) {
GWF_Module::loadModuleDB('Forum', true, true);
Module_WeChall::includeForums();
$chall->onChallengeSolved(GWF_Session::getUserID());
}
} else {
echo $chall->lang('msg_failed', array($answer, $solution));
}
GWF_Session::remove('WCC_CRACKCHA_CHARS');
}
/**
* Exploit this! It is the same as MySQL-I, but with an additional check, marked with ###
* @param WC_Challenge $chall
* @param unknown_type $username
* @param unknown_type $password
* @return boolean
*/
function auth2_onLogin(WC_Challenge $chall, $username, $password)
{
$db = auth2_db();
$password = md5($password);
$query = "SELECT * FROM users WHERE username='******'";
if (false === ($result = $db->queryFirst($query))) {
echo GWF_HTML::error('Auth2', $chall->lang('err_unknown'), false);
return false;
}
#############################
### This is the new check ###
if ($result['password'] !== $password) {
echo GWF_HTML::error('Auth2', $chall->lang('err_password'), false);
return false;
}
# End of the new code ###
#############################
echo GWF_HTML::message('Auth2', $chall->lang('msg_welcome_back', array(htmlspecialchars($result['username']))), false);
if (strtolower($result['username']) === 'admin') {
$chall->onChallengeSolved(GWF_Session::getUserID());
}
return true;
}
function hashgame_check_answer(WC_Challenge $chall, $answer, array $list1, array $list2)
{
$solutions = array_merge(hashgame_longest_two($list1), hashgame_longest_two($list2));
$answers = explode(',', $answer);
if (count($answers) !== 4) {
echo GWF_HTML::error('HashGame', $chall->lang('err_answer_count', array(count($answers))), false);
// return false;
}
if (count($answers) > 4) {
echo GWF_HTML::error('HashGame', $chall->lang('err_answer_count_high', array(count($answers))), false);
$answers = array_slice($answers, 0, 4);
}
$correct = 0;
foreach ($answers as $word) {
$word = trim($word);
foreach ($solutions as $i => $solution) {
if ($word === $solution) {
unset($solutions[$i]);
$correct++;
break;
}
}
}
if ($correct === 4) {
$chall->onChallengeSolved(GWF_Session::getUserID());
} else {
echo GWF_HTML::error('HashGame', $chall->lang('err_some_good', array($correct)), false);
}
}
