function hashgame_check_answer(WC_Challenge $chall, $answer, array $list1, array $list2) { $solutions = array_merge(hashgame_longest_two($list1), hashgame_longest_two($list2)); $answers = explode(',', $answer); if (count($answers) !== 4) { echo GWF_HTML::error('HashGame', $chall->lang('err_answer_count', array(count($answers))), false); // return false; } if (count($answers) > 4) { echo GWF_HTML::error('HashGame', $chall->lang('err_answer_count_high', array(count($answers))), false); $answers = array_slice($answers, 0, 4); } $correct = 0; foreach ($answers as $word) { $word = trim($word); foreach ($solutions as $i => $solution) { if ($word === $solution) { unset($solutions[$i]); $correct++; break; } } } if ($correct === 4) { $chall->onChallengeSolved(GWF_Session::getUserID()); } else { echo GWF_HTML::error('HashGame', $chall->lang('err_some_good', array($correct)), false); } }
function crypto_dig1_ciphertext(WC_Challenge $chall) { WC_CryptoChall::checkPlaintext($chall->lang('plaintext'), true); $solution = WC_CryptoChall::generateSolution('The22_GHDIdiiiiEEEEZZ', true, true); $pt = $chall->lang('plaintext', array($solution)); $ct = crypto_dig1_encrypt($pt); return $ct; }
function crypto_trans1_ciphertext(WC_Challenge $chall) { WC_CryptoChall::checkPlaintext($chall->lang('plaintext'), true, true); $solution = WC_CryptoChall::generateSolution('The_GHSUBBBBEEEEZZ', true, true); $pt = $chall->lang('plaintext', array($solution)); $ct = crypto_trans1_encrypt($pt); $ct = str_replace(' ', ' ', $ct); return $ct; }
function www_basic_go(WC_Challenge $chall, $url, $content) { if (false === ($response = GWF_HTTP::getFromURL($url))) { echo GWF_HTML::error('WWW Basics', $chall->lang('err_file_not_found')); } elseif ($response !== $content) { echo GWF_HTML::error('WWW Basics', $chall->lang('err_wrong', array(htmlspecialchars($response), htmlspecialchars($content), strlen($response), strlen($content)))); } else { $chall->onChallengeSolved(GWF_Session::getUserID()); } }
function crypto_caesar_2_ciphertext(WC_Challenge $chall) { WC_CryptoChall::checkPlaintext($chall->lang('plaintext'), true); $solution = WC_CryptoChall::generateSolution('The_Foo!The!Bar_The!Lee', true, true); $pt = $chall->lang('plaintext', array($solution)); // $pt = strtoupper($pt); // $pt = preg_replace('/[^A-Z]/', '', $pt); $ct = crypto_caesar_2_encrypt($pt); return WC_CryptoChall::hexdump($ct); }
function ttr2_mail_me(WC_Challenge $chall, $email, $token) { $mail = new GWF_Mail(); $mail->setSender(GWF_BOT_EMAIL); $mail->setReceiver($email); $mail->setSubject($chall->lang('mail_subj')); $mail->setBody($chall->lang('mail_body', array($token))); $mail->sendAsHTML('*****@*****.**'); # cc me for testing purposes }
function crypto_caesar_1_ciphertext(WC_Challenge $chall) { WC_CryptoChall::checkPlaintext(strtoupper($chall->lang('plaintext'))); $solution = WC_CryptoChall::generateSolution('The Foo The Bar The Lee', true, true); $pt = $chall->lang('plaintext', array($solution)); $pt = strtoupper($pt); $pt = preg_replace('/[^A-Z ]/', '', $pt); $ct = crypto_caesar_1_encrypt($pt); return $ct; }
function www_rewrite_go(WC_Challenge $chall, $url) { $n1 = rand(1000000, 1000000000) . rand(1000000, 1000000000); $n2 = rand(1000000, 1000000000) . rand(1000000, 1000000000); $solution = bcmul($n1, $n2); $url .= $n1 . '_mul_' . $n2 . '.html'; if (false === ($response = GWF_HTTP::getFromURL($url))) { echo GWF_HTML::error('WWW Rewrite', $chall->lang('err_file_not_found')); } elseif ($response !== $solution) { echo GWF_HTML::error('WWW Rewrite', $chall->lang('err_wrong', array(htmlspecialchars($response), htmlspecialchars($solution), strlen($response), strlen($solution)))); } else { $chall->onChallengeSolved(GWF_Session::getUserID()); } }
function identity_filter(WC_Challenge $chall) { if (!isset($_POST['answer']) || !is_string($_POST['answer'])) { return; } $answer = $_POST['answer']; $answer = str_replace(array(' ', ','), '', $answer); $answer = strtolower($answer); $answer = str_replace('049', '0', $answer); if (strpos($answer, '17659598844') !== false) { echo GWF_HTML::error($chall->lang('title'), $chall->lang('err_home_phone')); } $_POST['answer'] = $answer; }
function math_pyramid_check(WC_Challenge $chall, $formula, $maxlen, $precision = 4) { error_reporting(E_ERROR); GWF_Debug::setDieOnError(false); GWF_Debug::setMailOnError(false); $len = strlen($formula); $tests = array('0' => 0, '1' => 0.2357, '3.14' => 7.2971, '10' => 235.7023, '100' => 235702.2604); $eval = new EvalMath(); $fa = "f(a) = {$formula}"; if (false === $eval->evaluate($fa)) { echo GWF_HTML::error('Math Pyramid', $chall->lang('err_formula', array(htmlspecialchars($fa)))); return false; } GWF_Debug::setDieOnError(true); GWF_Debug::setMailOnError(true); $back = GWF_HTML::message('Math Pyramid', $chall->lang('msg_formula', array(htmlspecialchars($fa))), false); $correct = 0; foreach ($tests as $a => $result) { $result2 = $eval->evaluate("f({$a})"); $result = sprintf('%.0' . $precision . 'f', $result); $result2 = sprintf('%.0' . $precision . 'f', $result2); if ($result === $result2) { $back .= GWF_HTML::message('Math Pyramid', $chall->lang('msg_correct', array($a, $result2, $result)), false); $correct++; } else { $back .= GWF_HTML::error('Math Pyramid', $chall->lang('err_wrong', array($a, $result2, $result)), false); } } require_once GWF_CORE_PATH . 'module/WeChall/WC_MathChall.php'; if ($chall->getID() > 0 && $correct === count($tests)) { if (false === WC_MathChall::insertSolution($chall->getID(), GWF_Session::getUserID(), $formula)) { $back .= GWF_HTML::err('ERR_DATABASE', array(__FILE__, __LINE__)); } else { $back .= GWF_HTML::message('Math Pyramid', WC_HTML::lang('msg_wmc_sol_inserted', array($len, WC_MathChall::getLimitedHREF($chall, $len))), false); } } # Check Len if ($len > $maxlen) { $back .= GWF_HTML::error('Math Pyramid', $chall->lang('err_too_long', array($len, $maxlen)), false); } echo $back; if ($correct === count($tests) && $len <= $maxlen) { if ($len < $maxlen) { echo GWF_HTML::message('Math Pyramid', $chall->lang('msg_new_record', array($len, $maxlen)), false); GWF_Settings::setSetting('WC_MATH_PYRAMID', $len); } $chall->onChallengeSolved(GWF_Session::getUserID()); } }
function bacon_encode(WC_Challenge $chall, $hidden) { $message = strtolower($chall->lang('message')); $len = strlen($hidden); $pos = -1; $a = ord('A'); for ($i = 0; $i < $len; $i++) { $c = ord($hidden[$i]); $bin = decbin($c - $a); $bin = sprintf('%05d', $bin); for ($j = 0; $j < 5; $j++) { $pos = bacon_next_pos($message, $pos); if ($bin[$j] === '1') { $message[$pos] = strtoupper($message[$pos]); } } } $pos++; $len = strlen($message); while ($pos < $len) { $message[$pos] = strtoupper($message[$pos]); $pos += 2; } return $message; }
function checkSolution(WC_Challenge $chall) { if (false === ($correct = GWF_Session::getOrDefault('cyrm_solution'))) { return htmlDisplayError($chall->lang('err_no_request')); } $timediff = microtime(true) - GWF_Session::get('cyrm_timeout'); $taken = sprintf('%.03fs', $timediff); if ($correct !== ($answer = Common::getGetString('solution', ''))) { return htmlDisplayError($chall->lang('err_wrong', array(htmlspecialchars($answer, ENT_QUOTES), $correct, $taken))); } $maxtime = 2.5; if ($timediff >= $maxtime) { return htmlDisplayError($chall->lang('err_slow', array($maxtime . 's', $taken))); } return htmlDisplayMessage($chall->lang('msg_correct', array($taken))); }
function checkSolution(WC_Challenge $chall) { if (false === ($correct = GWF_Session::getOrDefault('lg_solution'))) { return htmlDisplayError($chall->lang('err_no_req')); } $maxtime = LETTERGRID_MAX_TIME; $timediff = microtime(true) - GWF_Session::getOrDefault('lg_timeout', 0); if ($correct !== Common::getGet('solution')) { GWF_Session::remove('lg_timeout'); GWF_Session::remove('lg_solution'); return htmlDisplayError($chall->lang('err_wrong', array(htmlspecialchars(Common::getGet('solution'), ENT_QUOTES), $correct, $timediff, $maxtime))); } if ($timediff >= $maxtime) { return htmlDisplayError($chall->lang('err_slow', array($maxtime, $timediff))); } return htmlDisplayMessage($chall->lang('msg_correct', array($timediff))); }
function shadowlamb3solver(WC_Challenge $chall, $answer) { if (!GWF_Session::isLoggedIn()) { echo GWF_HTML::error('Shadowlamb', 'Better login first!'); return; } $code = WC5Lamb_Solution::validateSolution3($answer, GWF_Session::getUserID()); switch ($code) { case 1: echo GWF_HTML::message('Shadowlamb', $chall->lang('msg_right')); $chall->onChallengeSolved(GWF_Session::getUserID()); break; default: echo GWF_HTML::error('Shadowlamb', $chall->lang('err_wrong_' . $code)); break; } }
function wccgpg_doit(WC_Challenge $chall, $user) { if ($user === false) { echo GWF_HTML::error('GPG', $chall->lang('err_login'), false); return; } if (!$user->hasValidMail()) { echo GWF_HTML::error('GPG', $chall->lang('err_no_mail')); return; } $receiver = $user->getValidMail(); if (!function_exists('gnupg_init')) { echo GWF_HTML::error('GPG', $chall->lang('err_server')); return; } if (false === ($fingerprint = GWF_PublicKey::getFingerprintForUser($user))) { $url = GWF_WEB_ROOT . 'account'; echo GWF_HTML::error('GPG', $chall->lang('err_no_gpg', $url), false); return; } $solution = WC_CryptoChall::generateSolution('OHOYOUGOTGPG!', true, false); $mail = new GWF_Mail(); $mail->setSubject($chall->lang('mail_s')); $mail->setSender(GWF_BOT_EMAIL); $mail->setReceiver($receiver); $mail->setBody($chall->lang('mail_b', array($user->displayUsername(), $solution))); if (false === $mail->sendToUser($user)) { echo GWF_HTML::err('ERR_MAIL_SENT'); } else { echo GWF_HTML::message('GPG', $chall->lang('msg_mail_sent', array(htmlspecialchars($receiver)))); } }
function stalking_check_answer(WC_Challenge $chall, $answer) { $answer = mb_strtolower($answer); // To Lower $answer = str_replace(' ', '', $answer); // No Spaces $sections = explode(',', $answer); $sc = count($sections); if ($sc !== 4) { return $chall->lang('err_sections', array($sc)); } list($company, $coworker, $brother, $band) = $sections; if (stalking_company($company) && stalking_coworker($coworker) && stalking_brother($brother) && stalking_band($band)) { return false; } else { return $chall->lang('err_wrong'); } }
/** * Exploit this! * @param WC_Challenge $chall * @param unknown_type $username * @param unknown_type $password * @return boolean */ function auth1_onLogin(WC_Challenge $chall, $username, $password) { $db = auth1_db(); $password = md5($password); $query = "SELECT * FROM users WHERE username='******' AND password='******'"; if (false === ($result = $db->queryFirst($query))) { echo GWF_HTML::error('Auth1', $chall->lang('err_unknown'), false); # Unknown user return false; } # Welcome back! echo GWF_HTML::message('Auth1', $chall->lang('msg_welcome_back', htmlspecialchars($result['username'])), false); # Challenge solved? if (strtolower($result['username']) === 'admin') { $chall->onChallengeSolved(GWF_Session::getUserID()); } return true; }
public static function testSmiley(WC_Challenge $chall, $smiley, $path) { $back = true; # Test passed :S? # Generate test input :) $ues = str_replace('\\', '', $smiley); $ues = Common::regex('#/([^/]+)/#', $ues); $text = 'Test ' . $ues . '. Test ' . $ues; echo GWF_Box::box($text, $chall->lang('test_input')); # Generate test output :) if (NULL === ($out = self::replaceSmiley($smiley, $path, $text))) { $back = false; $out = $text; } # Output the test :) echo GWF_Box::box($out, $chall->lang('test_output')); return $back; }
function ttr2_submit(WC_Challenge $chall) { if ('' === ($answer = Common::getPostString('answer', ''))) { return; } $sessid = GWF_Session::getSessSID(); # First check all "custom" solutions $solutions = TTR2_Tokens::getSolutions($sessid); foreach ($solutions as $solution) { if ($solution['ttr_token'] === $answer) { echo GWF_HTML::message($chall->lang('title'), $chall->lang('msg_reset_own', array(htmlspecialchars($solution['ttr_email'])))); return; } } # Now lets check "THE" solution $solution = TTR2_Tokens::getSolution($sessid); $chall->setSolution($solution['ttr_token']); $chall->onSolve(GWF_User::getStaticOrGuest(), $answer); }
function crypto_sub1_ciphertext(WC_Challenge $chall) { WC_CryptoChall::checkPlaintext(strtolower($chall->lang('plaintext')), true, true); $solution = WC_CryptoChall::generateSolution('The_GHEEEEZZ', true); // var_dump($solution); $chars1 = array('A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z'); $chars2 = array('A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z'); shuffle($chars1); shuffle($chars2); $map = array(); for ($i = 0; $i < 26; $i++) { $map[$chars1[$i]] = $chars2[$i]; } $pt = $chall->lang('plaintext', array($solution)); $pt = strtoupper($pt); $pt = preg_replace('/[^A-Z ]/', '', $pt); $ct = crypto_sub1_encrypt($pt, $map); return $ct; }
function ludde_is_satisfied(WC_Challenge $chall) { # Missing POST var? if (!isset($_POST['username'])) { return $chall->lang('err_missing_var'); } # Submitted a string? if (!is_string($_POST['username'])) { return $chall->lang('err_var_type'); } # Valid username? if (!preg_match('/^[a-zA-Z]{1,16}$/', $_POST['username'])) { return $chall->lang('err_illegal_username', array(1, 16)); } # WTF! WTF! WTF! if (strlen($_POST['username']) > 16) { return true; } # Normal, OK and no error :) return false; }
function prog2CheckResult(WC_Challenge $chall) { if (false === ($user = GWF_Session::getUser())) { die($chall->lang('err_login')); } if (false === ($answer = Common::getGet('answer'))) { die($chall->lang('err_no_answer')); } $solution = GWF_Session::getOrDefault('prog2_solution', false); $startTime = GWF_Session::getOrDefault('prog2_timeout', false); if ($solution === false || $startTime === false) { die($chall->lang('err_no_request')); } $back = ""; if (trim($answer) !== $solution) { $back .= $chall->lang('err_wrong', array(htmlspecialchars($answer, ENT_QUOTES), $solution)); } else { $back .= $chall->lang('msg_correct'); } $timeNeeded = microtime(true) - $startTime; if ($timeNeeded > TIMELIMIT) { return $back . $chall->lang('err_timeout', array(sprintf('%.02f', $timeNeeded), TIMELIMIT)); } return trim($answer) === $solution ? true : $back; }
function crypto_sub2_ciphertext(WC_Challenge $chall) { WC_CryptoChall::checkPlaintext($chall->lang('plaintext'), true); $solution = WC_CryptoChall::generateSolution('The_GHttttttEEEEZZ', true, true); $chars1 = array(); for ($i = 0; $i < 256; $i++) { $chars1[] = chr($i); } $chars2 = array(); for ($i = 0; $i < 256; $i++) { $chars2[] = chr($i); } shuffle($chars1); shuffle($chars2); $map = array(); for ($i = 0; $i < 256; $i++) { $map[$chars1[$i]] = $chars2[$i]; } $pt = $chall->lang('plaintext', array($solution)); $ct = crypto_sub2_encrypt($pt, $map); return WC_CryptoChall::hexdump($ct); }
function checkSolution(WC_Challenge $chall) { // if (!User::isLoggedIn()) { // return htmlDisplayError("You need to login to submit a solution."); // } if (false === ($correct = GWF_Session::getOrDefault('lw_solution'))) { return htmlDisplayError($chall->lang('err_no_req')); } $answer = Common::getGet('solution'); $maxtime = 4.5; $timediff = microtime(true) - GWF_Session::getOrDefault('lw_timeout', 0); if ($answer !== $correct) { GWF_Session::remove('lw_timeout'); GWF_Session::remove('lw_solution'); $danswer = htmlspecialchars($answer, ENT_QUOTES); return htmlDisplayError($chall->lang('err_wrong', array($danswer, $correct, $timediff, $maxtime))); } if ($timediff >= $maxtime) { return htmlDisplayError($chall->lang('err_slow', array($maxtime, $timediff))); } return htmlDisplayMessage($chall->lang('msg_correct', array($timediff))); }
/** * Exploit this! It is the same as MySQL-I, but with an additional check, marked with ### * @param WC_Challenge $chall * @param unknown_type $username * @param unknown_type $password * @return boolean */ function auth2_onLogin(WC_Challenge $chall, $username, $password) { $db = auth2_db(); $password = md5($password); $query = "SELECT * FROM users WHERE username='******'"; if (false === ($result = $db->queryFirst($query))) { echo GWF_HTML::error('Auth2', $chall->lang('err_unknown'), false); return false; } ############################# ### This is the new check ### if ($result['password'] !== $password) { echo GWF_HTML::error('Auth2', $chall->lang('err_password'), false); return false; } # End of the new code ### ############################# echo GWF_HTML::message('Auth2', $chall->lang('msg_welcome_back', array(htmlspecialchars($result['username']))), false); if (strtolower($result['username']) === 'admin') { $chall->onChallengeSolved(GWF_Session::getUserID()); } return true; }
function crackcha_answer(WC_Challenge $chall) { if ('' === ($answer = Common::getGetString('answer', ''))) { echo $chall->lang('err_no_answer'); return; } if (false === ($solution = GWF_Session::getOrDefault('WCC_CRACKCHA_CHARS', false))) { echo $chall->lang('err_no_problem'); return; } if ($answer === $solution) { crackcha_increase_solved(); echo $chall->lang('msg_success', array(GWF_Session::getOrDefault('WCC_CRACKCHA_SOLVED', 0), WCC_CRACKCHA_NEED)); if (crackcha_solved()) { GWF_Module::loadModuleDB('Forum', true, true); Module_WeChall::includeForums(); $chall->onChallengeSolved(GWF_Session::getUserID()); } } else { echo $chall->lang('msg_failed', array($answer, $solution)); } GWF_Session::remove('WCC_CRACKCHA_CHARS'); }
function x169(WC_Challenge $chall) { $matrix = x169Matrix(); shuffle($matrix); $embed = $chall->lang('embed'); $el = strlen($embed); $ml = count($matrix); if ($el > $ml) { die('WHAT THE HACK!!!'); } $embed .= str_repeat('o', $ml - $el + 1); $i = 0; $out = ''; foreach ($matrix as $m) { $out .= mb_substr($embed, $i, 1, 'UTF8'); // $out .= substr($embed, $i, 1); $out .= $m; $i++; } return $out; }
public function form(WC_Challenge $chall, $warmail) { $data = array('setmail' => array(GWF_Form::SUBMIT, $chall->lang('btn_setmail'))); return new GWF_Form($this, $data); }
function salesman_check_answer_B(WC_Challenge $chall, $answer) { // if ($answer === 'cheat') // { // return true; // } if (0 === preg_match_all('/((\\d+)([A-Z]+))/i', $answer, $matches)) { echo $chall->lang('err_format') . PHP_EOL; return false; } GWF_Session::remove('WCC_TR_CU_LEVEL_HAS_PB'); $list = GWF_Session::get('WCC_TR_CU_LIST'); $amounts = $matches[2]; $names = $matches[3]; $len = count($names); $price = 0; $amount = 0; $stock = GWF_Session::getOrDefault('WCC_TR_CU_STOCK', 1); $stocks = array(); for ($i = 0; $i < $len; $i++) { $name = $names[$i]; $amt = $amounts[$i]; if (!is_numeric($amt)) { echo $chall->lang('err_item_num', array($name)) . PHP_EOL; continue; } $amt = (int) $amt; if ($amt < 0) { echo $chall->lang('err_item_num', array($name)) . PHP_EOL; continue; } if (isset($stocks[$name])) { $stocks[$name] += $amt; } else { $stocks[$name] = $amt; } if ($stocks[$name] > $stock) { echo $chall->lang('err_item_stock', array($stocks[$name], $name, $stock)) . PHP_EOL; continue; } $amount += $amt; if (!array_key_exists($name, $list)) { echo $chall->lang('err_item', array($name)) . PHP_EOL; continue; } $p = $list[$name]; $price += $amt * $p; } $correct = true; $correct_amt = salesman_itemcount(); if ($amount !== $correct_amt) { echo $chall->lang('err_item_count', array($amount, $correct_amt)) . PHP_EOL; $correct = false; } $correct_price = GWF_Session::get('WCC_TR_CU_PRICE'); if ($price !== $correct_price) { echo $chall->lang('err_price', array($price, $correct_price)) . PHP_EOL; $correct = false; } $now = microtime(true); $start = GWF_Session::get('WCC_TR_CU_TIME'); $needed = $now - $start; if ($needed > WCC_TR_CU_TIMEOUT) { echo $chall->lang('err_timeout', array(sprintf('%.02f', $needed), WCC_TR_CU_TIMEOUT)) . PHP_EOL; $correct = false; } return $correct; }
function train_regex_level_4(WC_Challenge $chall, $answer) { $solution = '/^(wechall4?)\\.(?:jpg|gif|tiff|bmp|png)$/'; $samples_good = array('wechall.jpg', 'wechall.gif', 'wechall.tiff', 'wechall.bmp', 'wechall.png', 'wechall4.jpg', 'wechall4.gif', 'wechall4.tiff', 'wechall4.bmp', 'wechall4.png'); $samples_bad = array('wechall', 'wechall4', 'wechall3.png', 'wechall4.jpf', 'wechallpng', 'wechallxjpg', 'wechall.jpg ', ' wechall.jpg', 'mechall.jpg', 'meechll.jpg', 'wechall44.jpg', 'wecdfss.jpg'); foreach ($samples_good as $t) { if (!preg_match($answer, $t, $matches)) { echo GWF_HTML::error('WeChall', $chall->lang('err_no_match', array($t)), false); return false; } $filename = Common::substrUntil($t, '.'); if (count($matches) !== 2 || $filename !== $matches[1]) { echo GWF_HTML::error('WeChall', $chall->lang('err_not_capturing'), false); return false; } } foreach ($samples_bad as $t) { if (preg_match($answer, $t, $matches)) { echo GWF_HTML::error('WeChall', $chall->lang('err_matching', $t), false); return false; } } if (strlen($answer) > strlen($solution)) { echo GWF_HTML::error('WeChall', $chall->lang('err_too_long', array(strlen($solution))), false); return false; } return true; }