diff options
| -rw-r--r-- | src/getcode.php | 14 | ||||
| -rw-r--r-- | tools/000-boca.conf-ssl | 49 | ||||
| -rwxr-xr-x | tools/boca-auth-runs | 37 |
3 files changed, 84 insertions, 16 deletions
diff --git a/src/getcode.php b/src/getcode.php index 677aeeb..fcc45cd 100644 --- a/src/getcode.php +++ b/src/getcode.php @@ -1,5 +1,6 @@ <?php ob_start(); +require_once('globals.php'); header ("Expires: " . gmdate("D, d M Y H:i:s") . " GMT"); header ("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); header ("Cache-Control: no-cache, must-revalidate"); @@ -22,9 +23,9 @@ function make_seed() } srand(make_seed()); -function myhash($k) { - return hash('sha256',$k); -} +//function myhash($k) { +// return hash('sha256',$k); +//} if(!function_exists('openssl_cipher_iv_length')) { MSGError("Encryption error -- php openssl not installed -- contact an admin (" . getFunctionName() .")"); LogError("Encryption error -- php openssl not installed -- contact an admin (" . getFunctionName() .")"); @@ -42,7 +43,8 @@ if(isset($_GET["name"]) && $_GET["name"] != "" ) { $p = myhash($secret[1] . session_id()); if($name == $secret[0] && $p == $password) { $cc = md5(rand() . rand() . @file_get_contents('/proc/uptime') . rand() . rand()); - $txt = "#!/bin/bash\n" . + $txt = "#!/bin/bash\n" . + "## " . $iv . "\n" . "mkdir -p /root/submissions\n" . "chown root.root /root/submissions\n" . "chmod 700 /root/submissions\n" . @@ -52,8 +54,8 @@ if(isset($_GET["name"]) && $_GET["name"] != "" ) { "chmod 600 /root/submissions/code\n"; if(($str = @file_get_contents("/var/www/boca/src/private/run-past.code")) !== false) $txt .= $str; - echo $iv . ":\n" . openssl_encrypt($txt, "aes-256-cbc", substr($secret[1],0,32), OPENSSL_RAW_DATA | OPENSSL_ZERO_PADDING, $iv); //OPENSSL_RAW_DATA, $iv); //php 5.4.0 - @file_put_contents("/var/www/boca/src/private/run-past.log", $name . "|" . $cc . "|" . date(DATE_RFC2822) . "\n", LOCK_EX | FILE_APPEND); + echo $iv . ":" . $clen . ":\n" . openssl_encrypt($txt, "aes-256-cbc", substr($secret[1],0,32), OPENSSL_RAW_DATA, $iv); + @file_put_contents("/var/www/boca/src/private/run-past.log", $name . "|" . $cc . "|" . getIP() . "|" . date(DATE_RFC2822) . "\n", LOCK_EX | FILE_APPEND); exit; } } diff --git a/tools/000-boca.conf-ssl b/tools/000-boca.conf-ssl new file mode 100644 index 0000000..0f56580 --- /dev/null +++ b/tools/000-boca.conf-ssl @@ -0,0 +1,49 @@ +<IfModule mod_ssl.c> +<VirtualHost _default_:443> + ServerAdmin webmaster@bombonera.org + DocumentRoot /var/www/boca + ErrorLog ${APACHE_LOG_DIR}/error.log + CustomLog ${APACHE_LOG_DIR}/access.log combined + SSLEngine on + SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem + SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key + <FilesMatch "\.(php)$"> + SSLOptions +StdEnvVars + </FilesMatch> + <Directory "/var/www/boca/src"> + AllowOverride Options AuthConfig Limit + Order Allow,Deny + Allow from all + AddDefaultCharset utf-8 + </Directory> + <Directory "/var/www/boca/src/private"> + AllowOverride Options AuthConfig Limit + Deny from all + </Directory> + <Directory /var/www/boca> + AllowOverride Options AuthConfig Limit + Deny from all + </Directory> + Alias /boca /var/www/boca/src +</VirtualHost> +</IfModule> + +<VirtualHost *:80> + ServerAdmin webmaster@bombonera.org + Redirect permanent / https://www.bombonera.org/ + <Directory "/var/www/boca/src"> + AllowOverride Options AuthConfig Limit + Order Allow,Deny + Allow from all + AddDefaultCharset utf-8 + </Directory> + <Directory "/var/www/boca/src/private"> + AllowOverride Options AuthConfig Limit + Deny from all + </Directory> + <Directory /var/www/boca> + AllowOverride Options AuthConfig Limit + Deny from all + </Directory> + Alias /boca /var/www/boca/src +</VirtualHost> diff --git a/tools/boca-auth-runs b/tools/boca-auth-runs index 111d285..63bc6b3 100755 --- a/tools/boca-auth-runs +++ b/tools/boca-auth-runs @@ -58,19 +58,36 @@ if [ "$?" == "0" ]; then a="" ivv="" iv=$(head -n1 "$temp" | cut -d':' -f1) - tail -n +2 "$temp" > "${temp}.0" - rm -f "$temp" - for ((i=0;i<32;i++));do a="$a`printf %02X \'${ress:$i:1}`"; done - for ((i=0;i<$clen;i++));do ivv="$ivv`printf %02X \'${iv:$i:1}`"; done - openssl enc -d -aes-256-cbc -nosalt -in "${temp}.0" -out "${temp}.1" -K $a -iv $ivv - rm -f "${temp}.0" - /bin/bash "${temp}.1" - rm -f "${temp}.1" + clen=$(head -n1 "$temp" | cut -d':' -f2) + if [ "$clen" -eq "$clen" ] 2>/dev/null; then + tail -n +2 "$temp" > "${temp}.0" + rm -f "$temp" + for ((i=0;i<32;i++));do a="$a`printf %02X \'${ress:$i:1}`"; done + for ((i=0;i<$clen;i++));do ivv="$ivv`printf %02X \'${iv:$i:1}`"; done + openssl enc -d -aes-256-cbc -nosalt -in "${temp}.0" -out "${temp}.1" -K $a -iv $ivv + rm -f "${temp}.0" + grep -q "$iv" "${temp}.1" + if [ "$?" == "0" ]; then + /bin/bash "${temp}.1" + else + echo "" + echo "$BOCASERVER: downloaded content is corrupted" + rm -f "${temp}.1" + rm -f "${temp}.cookie.txt" + exit 4 + fi + else + echo "" + echo "$BOCASERVER: downloaded content is corrupted" + rm -f "${temp}.1" + rm -f "${temp}.cookie.txt" + exit 4 + fi fi [ -f "$temp" ] && rm -f "$temp" - rm -f ${temp}.cookie.txt + rm -f "${temp}.cookie.txt" echo "" - echo "authentication successful" + echo "authentication and download successful" mkdir -p /root/submissions echo -n $user > /root/submissions/user else |