sudo apt update
sudo apt install apache2 -y
sudo systemctl enable apache2
sudo apt install php libapache2-mod-php php-cli -y
sudo a2enmod php8.2
sudo nano /var/www/html/phpinfo.php
Paste in this code,
as shown below.
<?php
phpinfo();
?>
Save the file with Ctrl+X, Y, Enter.
https://console.cloud.google.comAt the top left, click the three-bar icon.
Point to "Compute Engine" and click "VM instances", as shown below.
On the "VM instances" page, click the name of your server, as shown below.Note your External IP address, outlined in yellow in the image below. You'll need it later.
On the next page, in the "Network interfaces" section, click your Network name, which is probably "default", as shown below. On the "VPC network details" page, on the left side, click Firewall, as shown below. On the "Firewall policies" page, look at the firewall rules, as shown below. If there is a firewall rule allowing port 80 ingress, as shown at the bottom of the image above, no change is needed.If not, at the top, click "CREATE FIREWALL RULE" and enter these values:
Flag SC 200.1: phpinfo (10 pts)
In a Web browser, open this URL, replacing the IP address with the external IP of your server:http://35.222.29.122/phpinfo.phpThe flag is covered by a green rectangle in the image below.
Error messages should be turned off for a real production server, however, since all they do is help attackers.
In your phpinfo.php page, find the path to your PHP configuration file, outlined in red in the image above,
On your cloud Linux server, edit your configuration file, with a command like this:
sudo nano /etc/php/8.2/apache2/php.ini
Scroll to the bottom of the file
(you can do that by pressing Esc+/)
and paste in this line,
as shown below.
display_errors = on
Save the file with Ctrl+X, Y, Enter.
sudo service apache2 restart
sudo nano /var/www/html/bad.php
Paste in this code,
as shown below.
<?php
phpinfox();
?>
Save the file with Ctrl+X, Y, Enter.
Flag SC 200.2: Error (10 pts)
In a Web browser, open this URL, replacing the IP address with the external IP of your server:http://35.222.29.122/bad.phpThe flag is covered by a green rectangle in the image below.
Posted 3-10-24
Name of second flag updated 6-21-24