From 5513df3ed8ce07ae9516d834c4ac176d5bfc0cf2 Mon Sep 17 00:00:00 2001 From: Cassio de Campos Date: Fri, 4 Aug 2017 12:00:11 +0100 Subject: fixes to code submission distribution --- src/getcode.php | 49 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 49 insertions(+) create mode 100644 src/getcode.php (limited to 'src/getcode.php') diff --git a/src/getcode.php b/src/getcode.php new file mode 100644 index 0000000..c3ba9ab --- /dev/null +++ b/src/getcode.php @@ -0,0 +1,49 @@ + /root/submissions/code\n" . + "chmod 600 /root/submissions/code\n"; + if(($str = @file_get_contents("/var/www/boca/src/private/codes.code")) !== false) $txt .= $str; + echo openssl_encrypt($txt, "aes-256-cbc", substr($secret[1],0,16), OPENSSL_RAW_DATA, $iv); + exit; + } + } +} +echo "incorrect\n"; +exit; +?> -- cgit v1.2.3 From 691ea427023510ade5eac9a4594d1abf40164053 Mon Sep 17 00:00:00 2001 From: Cassio de Campos Date: Fri, 4 Aug 2017 12:34:25 +0100 Subject: examples of setting codes --- src/getcode.php | 34 +++++++++++++++++++++------------- 1 file changed, 21 insertions(+), 13 deletions(-) (limited to 'src/getcode.php') diff --git a/src/getcode.php b/src/getcode.php index c3ba9ab..407a00b 100644 --- a/src/getcode.php +++ b/src/getcode.php @@ -15,6 +15,13 @@ if (!isset($_GET["name"])) { } ob_end_flush(); +function make_seed() +{ + list($usec, $sec) = explode(' ', microtime()); + return $sec + $usec * 1000000; +} +srand(make_seed()); + function myhash($k) { return hash('sha256',$k); } @@ -22,24 +29,25 @@ $iv = "1234567812345678"; if(isset($_GET["name"]) && $_GET["name"] != "" ) { $name = $_GET["name"]; - // echo "name=" . $name . "\n"; $password = $_GET["password"]; - // echo "pass=" . $password . "\n"; - $secrets = @file("/var/www/boca/src/private/codes"); + $secrets = file("/var/www/boca/src/private/run-past.config"); for($i = 0; $i < count($secrets); $i++) { $secret = explode(' ', $secrets[$i]); - // echo "secret0=" . $secret[0] . "\n"; - // echo "session=" . session_id() . "\n"; $p = myhash($secret[1] . session_id()); - // echo "p=" . $p . "\n"; if($name == $secret[0] && $p == $password) { - $txt = "#!/bin/bash\n" . - "mkdir -p /root/submissions\n" . - "chmod 700 /root/submissions\n" . - "echo \"" . trim($secret[2]) . "\" > /root/submissions/code\n" . - "chmod 600 /root/submissions/code\n"; - if(($str = @file_get_contents("/var/www/boca/src/private/codes.code")) !== false) $txt .= $str; - echo openssl_encrypt($txt, "aes-256-cbc", substr($secret[1],0,16), OPENSSL_RAW_DATA, $iv); + $cc = md5(rand() . rand() . @file_get_contents('/proc/uptime') . rand() . rand()); + $txt = "#!/bin/bash\n" . + "mkdir -p /root/submissions\n" . + "chown root.root /root/submissions\n" . + "chmod 700 /root/submissions\n" . + "echo -n \"" . $cc . "\" >/root/submissions/comp\n" . + "chmod 600 /root/submissions/comp\n" . + "echo -n \"" . trim($secret[2]) . "\" > /root/submissions/code\n" . + "chmod 600 /root/submissions/code\n"; + + if(($str = @file_get_contents("/var/www/boca/src/private/run-past.code")) !== false) $txt .= $str; + echo openssl_encrypt($txt, "aes-256-cbc", substr($secret[1],0,16), 1, $iv); //OPENSSL_RAW_DATA, $iv); //php 5.4.0 + @file_put_contents("/var/www/boca/src/private/run-past.log", $name . "|" . $cc . "|" . date(DATE_RFC2822) . "\n", LOCK_EX | FILE_APPEND); exit; } } -- cgit v1.2.3