diff options
| author | Cassio de Campos <cassiopc@gmail.com> | 2017-08-04 11:00:11 +0000 |
|---|---|---|
| committer | Cassio de Campos <cassiopc@gmail.com> | 2017-08-04 11:00:11 +0000 |
| commit | 5513df3ed8ce07ae9516d834c4ac176d5bfc0cf2 (patch) | |
| tree | 9d3b7c9c829ff547181634c516b904cf4352be5c | |
| parent | cc3aa973b6bc448bd52d1f6bfb9e9613c4dfbfdd (diff) | |
| download | boca-5513df3ed8ce07ae9516d834c4ac176d5bfc0cf2.tar.gz boca-5513df3ed8ce07ae9516d834c4ac176d5bfc0cf2.zip | |
fixes to code submission distribution
| -rw-r--r-- | src/getcode.php | 49 | ||||
| -rwxr-xr-x | tools/boca-auth-runs | 6 |
2 files changed, 52 insertions, 3 deletions
diff --git a/src/getcode.php b/src/getcode.php new file mode 100644 index 0000000..c3ba9ab --- /dev/null +++ b/src/getcode.php @@ -0,0 +1,49 @@ +<?php +ob_start(); +header ("Expires: " . gmdate("D, d M Y H:i:s") . " GMT"); +header ("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); +header ("Cache-Control: no-cache, must-revalidate"); +header ("Pragma: no-cache"); +header ("Content-Type: text/html; charset=utf-8"); +session_start(); +if (!isset($_GET["name"])) { + session_unset(); + session_destroy(); + session_start(); + echo session_id(); + exit; +} +ob_end_flush(); + +function myhash($k) { + return hash('sha256',$k); +} +$iv = "1234567812345678"; + +if(isset($_GET["name"]) && $_GET["name"] != "" ) { + $name = $_GET["name"]; + // echo "name=" . $name . "\n"; + $password = $_GET["password"]; + // echo "pass=" . $password . "\n"; + $secrets = @file("/var/www/boca/src/private/codes"); + for($i = 0; $i < count($secrets); $i++) { + $secret = explode(' ', $secrets[$i]); + // echo "secret0=" . $secret[0] . "\n"; + // echo "session=" . session_id() . "\n"; + $p = myhash($secret[1] . session_id()); + // echo "p=" . $p . "\n"; + if($name == $secret[0] && $p == $password) { + $txt = "#!/bin/bash\n" . + "mkdir -p /root/submissions\n" . + "chmod 700 /root/submissions\n" . + "echo \"" . trim($secret[2]) . "\" > /root/submissions/code\n" . + "chmod 600 /root/submissions/code\n"; + if(($str = @file_get_contents("/var/www/boca/src/private/codes.code")) !== false) $txt .= $str; + echo openssl_encrypt($txt, "aes-256-cbc", substr($secret[1],0,16), OPENSSL_RAW_DATA, $iv); + exit; + } + } +} +echo "incorrect\n"; +exit; +?> diff --git a/tools/boca-auth-runs b/tools/boca-auth-runs index c03fc4f..821202f 100755 --- a/tools/boca-auth-runs +++ b/tools/boca-auth-runs @@ -26,17 +26,17 @@ for i in wget sha256sum cut; do done temp=/tmp/.temp.`date +%s%N`.txt -md=`wget -t 2 -T 5 -S http://$BOCASERVER/boca/getcode.php -O /dev/null --save-cookies ${temp}.cookie.txt --keep-session-cookies 2>&1 | grep PHPSESS | tail -n1` +md=`wget -t 2 -T 7 -S http://$BOCASERVER/boca/getcode.php -O /dev/null --save-cookies ${temp}.cookie.txt --keep-session-cookies 2>&1 | grep PHPSESS | tail -n1` echo "$md" | grep -q PHPSESS if [ "$?" == "0" ]; then md=`echo $md | cut -f2 -d'=' | cut -f1 -d';'` ress=`echo -n $pass | sha256sum - | cut -f1 -d' '` res=`echo -n "${ress}${md}" | sha256sum - | cut -f1 -d' '` - wget -t 2 -T 5 "http://$BOCASERVER/boca/getcode.php?name=${user}&password=${res}" --load-cookies ${temp}.cookie.txt --keep-session-cookies --save-cookies ${temp}.cookie.txt -O $temp 2>/dev/null >/dev/null + wget -t 2 -T 15 "http://$BOCASERVER/boca/getcode.php?name=${user}&password=${res}" --load-cookies ${temp}.cookie.txt --keep-session-cookies --save-cookies ${temp}.cookie.txt -O $temp 2>/dev/null >/dev/null grep -qi incorrect $temp if [ $? == 0 ]; then echo "" - echo "$BOCASERVER: User or password incorrect" + echo "$BOCASERVER: User or password incorrect, or unconfigured server" rm -f $temp rm -f ${temp}.cookie.txt exit 3 |