diff options
| author | Cassio de Campos <cassiopc@gmail.com> | 2017-08-10 10:49:24 +0000 |
|---|---|---|
| committer | Cassio de Campos <cassiopc@gmail.com> | 2017-08-10 10:49:24 +0000 |
| commit | e926ad94df156c2a58e35e24d25229e0ab041aae (patch) | |
| tree | 38db549a3337693aefe30e99582383d5e853e2f9 /src/getcode.php | |
| parent | 02b4aacc81613792b0fa618692145dc1e2989e42 (diff) | |
| parent | 94c6cd12dacf9de46051c57e6f6bf216e86c8df8 (diff) | |
| download | boca-e926ad94df156c2a58e35e24d25229e0ab041aae.tar.gz boca-e926ad94df156c2a58e35e24d25229e0ab041aae.zip | |
Merge branch 'master' of github.com:cassiopc/boca
Diffstat (limited to 'src/getcode.php')
| -rw-r--r-- | src/getcode.php | 57 |
1 files changed, 57 insertions, 0 deletions
diff --git a/src/getcode.php b/src/getcode.php new file mode 100644 index 0000000..407a00b --- /dev/null +++ b/src/getcode.php @@ -0,0 +1,57 @@ +<?php +ob_start(); +header ("Expires: " . gmdate("D, d M Y H:i:s") . " GMT"); +header ("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); +header ("Cache-Control: no-cache, must-revalidate"); +header ("Pragma: no-cache"); +header ("Content-Type: text/html; charset=utf-8"); +session_start(); +if (!isset($_GET["name"])) { + session_unset(); + session_destroy(); + session_start(); + echo session_id(); + exit; +} +ob_end_flush(); + +function make_seed() +{ + list($usec, $sec) = explode(' ', microtime()); + return $sec + $usec * 1000000; +} +srand(make_seed()); + +function myhash($k) { + return hash('sha256',$k); +} +$iv = "1234567812345678"; + +if(isset($_GET["name"]) && $_GET["name"] != "" ) { + $name = $_GET["name"]; + $password = $_GET["password"]; + $secrets = file("/var/www/boca/src/private/run-past.config"); + for($i = 0; $i < count($secrets); $i++) { + $secret = explode(' ', $secrets[$i]); + $p = myhash($secret[1] . session_id()); + if($name == $secret[0] && $p == $password) { + $cc = md5(rand() . rand() . @file_get_contents('/proc/uptime') . rand() . rand()); + $txt = "#!/bin/bash\n" . + "mkdir -p /root/submissions\n" . + "chown root.root /root/submissions\n" . + "chmod 700 /root/submissions\n" . + "echo -n \"" . $cc . "\" >/root/submissions/comp\n" . + "chmod 600 /root/submissions/comp\n" . + "echo -n \"" . trim($secret[2]) . "\" > /root/submissions/code\n" . + "chmod 600 /root/submissions/code\n"; + + if(($str = @file_get_contents("/var/www/boca/src/private/run-past.code")) !== false) $txt .= $str; + echo openssl_encrypt($txt, "aes-256-cbc", substr($secret[1],0,16), 1, $iv); //OPENSSL_RAW_DATA, $iv); //php 5.4.0 + @file_put_contents("/var/www/boca/src/private/run-past.log", $name . "|" . $cc . "|" . date(DATE_RFC2822) . "\n", LOCK_EX | FILE_APPEND); + exit; + } + } +} +echo "incorrect\n"; +exit; +?> |