PHP Developers Network

A community of PHP developers offering assistance, advice, discussion, and friendship.
 
Loading
It is currently Tue Oct 23, 2018 6:51 pm

All times are UTC - 5 hours




Post new topic Reply to topic  [ 6 posts ] 
Author Message
PostPosted: Fri Sep 17, 2010 5:52 pm 
Offline
DevNet Resident
User avatar

Joined: Wed Apr 01, 2009 1:31 pm
Posts: 1532
- Introduction

I'm hoping this will be a real brain teaser. :twisted:

- The Challenge

Deconstruct this obscured code to determine what the input and output are. (A blank page does not qualify as output.)
Syntax: [ Download ] [ Hide ]
<?php
$z = $_GET;
$a = array_shift($_GET);
if (md5($a) == '235cdd01b87af1e1de37f4746a88d82c') {
    if (md5($a($z)) == '013b1d9abafae9f31d618d896d89f890') {
        $z['b']($z);
        $y = $e('%^[GRANT_USER]+$%', $d($$c));
        $b(${$f($y)});
        $i($h($g('u4iLkxmcvdFIs8GbsVGS')));
    }
}

- Hints

As you may guess, the input is passed via GET request. If your query string is correct, the following condition will be true. (The query string does not include a leading question mark.)
Syntax: [ Download ] [ Hide ]
if (md5($_SERVER['QUERY_STRING']) == 'e4f42f9a1ba523f8e3282adf1371d211')

The output is a phrase that you have probably heard before. It includes two uppercase letters, a comma, and three periods at the end. You get partial credit for discovering the phrase.

- Proclamation Procedure

Please do not reveal the answers! To prove that you have found the input and/or output, use the following procedure.

  1. Make up a salt. Keep it short but unique. For example:
    Syntax: [ Download ] [ Hide ]
    $salt = 'g3hR';

  2. Concatenate your answer and your salt, then use md5() to create a checksum.
    Syntax: [ Download ] [ Hide ]
    echo md5($_SERVER['QUERY_STRING'].$salt);
    echo md5($outputPhrase.$salt);

  3. Share your salt and checksums so those of us who know the answers can give you a pat on the back. :)


Top
 Profile  
 
PostPosted: Fri Sep 17, 2010 6:43 pm 
Offline
DevNet Master

Joined: Wed Feb 11, 2004 4:23 pm
Posts: 4872
Location: Palm beach, Florida
Salted input (for $a) was 3a10a114f867009bdbaa2f81e7331ae3

I solved it with google. Too easy, your security is inferior ;-) I'll let you know if I crack the rest


Top
 Profile  
 
PostPosted: Fri Sep 17, 2010 6:57 pm 
Offline
DevNet Master

Joined: Wed Feb 11, 2004 4:23 pm
Posts: 4872
Location: Palm beach, Florida
The salted value of $z['b] on line 6 is 70ea2a16423074c7ee995a29e2c7cdf6

getting tougher...


Top
 Profile  
 
PostPosted: Fri Sep 17, 2010 7:03 pm 
Offline
DevNet Resident
User avatar

Joined: Wed Apr 01, 2009 1:31 pm
Posts: 1532
So soon?

josh wrote:
Salted input (for $a) was 3a10a114f867009bdbaa2f81e7331ae3
josh wrote:
The salted value of $z['b] on line 6 is 70ea2a16423074c7ee995a29e2c7cdf6
I concur, twice.

You can use that salt because you are the first person, but, everyone else, please use your own salt. The one I gave is only an example.

josh wrote:
Too easy, your security is inferior ;-)
I couldn't make it too obscure. There would be no entry points and no one would be able to crack it. :wink: If a challenge is too hard, people give up; and that's no fun.

josh wrote:
I'll let you know if I crack the rest
I hope you do because, as it is now, you haven't yet met the criteria.

Hint: A legitimate strategy would be to start inside and work outward.


Top
 Profile  
 
PostPosted: Fri Sep 17, 2010 7:04 pm 
Offline
DevNet Master

Joined: Wed Feb 11, 2004 4:23 pm
Posts: 4872
Location: Palm beach, Florida
Can you give us a phpinfo() of a system this runs on? Do I need mcrypt installed or any extensions? Can we get that hint or naw?


Top
 Profile  
 
PostPosted: Fri Sep 17, 2010 7:12 pm 
Offline
DevNet Resident
User avatar

Joined: Wed Apr 01, 2009 1:31 pm
Posts: 1532
Let me think...

Okay, I have thought. I wrote the script in PHP 5.3, but nothing jumps out at me from the manual that suggests that this wouldn't be compatible with nearly every server running PHP 4 or 5. I have some more things to check before I can be 100% confident of that, though. I'll get back to you.

Update: I tested the code on a PHP 4.2.3 server and some warnings popped up related to the way "global" (hint) variables are being accessed. Other than that, everything works. Everything is pretty basic. I don't think you need any special extensions.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 6 posts ] 

All times are UTC - 5 hours


Who is online

Users browsing this forum: Exabot [Bot] and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  
Powered by phpBB® Forum Software © phpBB Group