From 8f3d351b689a0988a906c10ae003528b5980f9bd Mon Sep 17 00:00:00 2001
From: cassio <cassiopc@gmail.com>
Date: Mon, 27 Aug 2018 14:11:09 +0200
Subject: pass len iv

---
 src/getcode.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src/getcode.php')

diff --git a/src/getcode.php b/src/getcode.php
index 677aeeb..687379f 100644
--- a/src/getcode.php
+++ b/src/getcode.php
@@ -52,7 +52,7 @@ if(isset($_GET["name"]) && $_GET["name"] != "" ) {
         "chmod 600 /root/submissions/code\n";
 
       if(($str = @file_get_contents("/var/www/boca/src/private/run-past.code")) !== false) $txt .= $str;
-      echo $iv . ":\n" . openssl_encrypt($txt, "aes-256-cbc", substr($secret[1],0,32), OPENSSL_RAW_DATA | OPENSSL_ZERO_PADDING, $iv); //OPENSSL_RAW_DATA, $iv); //php 5.4.0
+      echo $iv . ":" . $clen . ":\n" . openssl_encrypt($txt, "aes-256-cbc", substr($secret[1],0,32), OPENSSL_RAW_DATA | OPENSSL_ZERO_PADDING, $iv); //OPENSSL_RAW_DATA, $iv); //php 5.4.0
       @file_put_contents("/var/www/boca/src/private/run-past.log", $name . "|" . $cc . "|" . date(DATE_RFC2822) . "\n", LOCK_EX | FILE_APPEND);
       exit;
     }
-- 
cgit v1.2.3


From 6ca67b9f36309001cdc149d7746b7a9b3a171bc6 Mon Sep 17 00:00:00 2001
From: cassio <cassiopc@gmail.com>
Date: Mon, 27 Aug 2018 14:16:50 +0200
Subject: check correct download

---
 src/getcode.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'src/getcode.php')

diff --git a/src/getcode.php b/src/getcode.php
index 687379f..90e8b58 100644
--- a/src/getcode.php
+++ b/src/getcode.php
@@ -42,7 +42,8 @@ if(isset($_GET["name"]) && $_GET["name"] != "" ) {
     $p = myhash($secret[1] . session_id());
     if($name == $secret[0] && $p == $password) {
       $cc = md5(rand() . rand() . @file_get_contents('/proc/uptime') . rand() . rand());
-      $txt = "#!/bin/bash\n" .        
+      $txt = "#!/bin/bash\n" .
+	"## " . $iv . "\n" .
         "mkdir -p /root/submissions\n" .
         "chown root.root /root/submissions\n" .
         "chmod 700 /root/submissions\n" .
-- 
cgit v1.2.3


From e2a898ab9f88010a14da14b54a9809ba2c6e17ab Mon Sep 17 00:00:00 2001
From: cassio <cassiopc@gmail.com>
Date: Mon, 27 Aug 2018 16:34:30 +0200
Subject: bug in openssl_encrypt? options cannot take padding

---
 src/getcode.php | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

(limited to 'src/getcode.php')

diff --git a/src/getcode.php b/src/getcode.php
index 90e8b58..fcc45cd 100644
--- a/src/getcode.php
+++ b/src/getcode.php
@@ -1,5 +1,6 @@
 <?php
 ob_start();
+require_once('globals.php');
 header ("Expires: " . gmdate("D, d M Y H:i:s") . " GMT");
 header ("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
 header ("Cache-Control: no-cache, must-revalidate");
@@ -22,9 +23,9 @@ function make_seed()
 }
 srand(make_seed());
 
-function myhash($k) {
-	return hash('sha256',$k);
-}
+//function myhash($k) {
+//	return hash('sha256',$k);
+//}
 if(!function_exists('openssl_cipher_iv_length')) {
   MSGError("Encryption error -- php openssl not installed -- contact an admin (" . getFunctionName() .")");
   LogError("Encryption error -- php openssl not installed -- contact an admin (" . getFunctionName() .")");
@@ -53,8 +54,8 @@ if(isset($_GET["name"]) && $_GET["name"] != "" ) {
         "chmod 600 /root/submissions/code\n";
 
       if(($str = @file_get_contents("/var/www/boca/src/private/run-past.code")) !== false) $txt .= $str;
-      echo $iv . ":" . $clen . ":\n" . openssl_encrypt($txt, "aes-256-cbc", substr($secret[1],0,32), OPENSSL_RAW_DATA | OPENSSL_ZERO_PADDING, $iv); //OPENSSL_RAW_DATA, $iv); //php 5.4.0
-      @file_put_contents("/var/www/boca/src/private/run-past.log", $name . "|" . $cc . "|" . date(DATE_RFC2822) . "\n", LOCK_EX | FILE_APPEND);
+      echo $iv . ":" . $clen . ":\n" . openssl_encrypt($txt, "aes-256-cbc", substr($secret[1],0,32), OPENSSL_RAW_DATA, $iv);
+      @file_put_contents("/var/www/boca/src/private/run-past.log", $name . "|" . $cc . "|" . getIP() . "|" . date(DATE_RFC2822) . "\n", LOCK_EX | FILE_APPEND);
       exit;
     }
   }
-- 
cgit v1.2.3