sudo nano /var/www/html/SC205.htm
Paste in this code,
as shown below.
<html>
<body>
<form action="SC205.php">
Password: <input name="password"><p>
<input type="submit">
</form>
</body>
</html>
Save the file with Ctrl+X, Y, Enter.
sudo ln -s /tmp /var/www/html/tmp
This makes files in the /tmp directory
visible via HTTP requests.
This is not a productive thing to do for normal operations--just a sleazy hack so I can test your code easily.
On your cloud Linux server, execute this command:
sudo nano /var/www/html/SC205.php
Paste in this code,
as shown below.
<?php
$nopassword = 0;
if (!isset($_REQUEST['password'])) {
$nopassword = 1;
} else {
$password = $_REQUEST['password'];
if (strlen($password) < 1) {
$nopw = 1;
}
}
if ($nopassword == 1) {
die("<h2>Error: Must specify password!!</h2>");
}
if ($password == "OPENSESAME") {
echo("<h2>Welcome! You sent the correct password!</h2>");
} else {
die("<h2>Error: Incorrect password!!</h2>");
}
# MAKE THIS SCRIPT CODE VISIBLE
system("cp /var/www/html/SC205.php tmp/SC205.txt 2>&1");
?>
Save the file with Ctrl+X, Y, Enter.
http://35.222.29.122/SC205.htmEnter a Password of OPENSESAME into the form, as shown below, and click the Submit button. The next page shows the "Welcome" message, as shown below. Send an incorrect password. Verify that it's rejected, as shown below. In a Web browser, open this URL, replacing the IP address with the external IP of your server:
http://35.222.29.122/tmp/SC205.txtVerify that your PHP source code is visible, as shown below.
https://samlols.samsclass.info/SC/SC205.htmEnter the URL to your PHP page in the form for flag SC 205.1, as shown below, and click the Submit button.
Flag SC 205.1: Login Functionality (5 pts)
The flag appears, as shown below.
On your cloud Linux server, execute this command:
sudo nano /etc/apache2/envvars
Add this line to the end of the file,
as shown below:
export PASSWORD_205=OPENSESAME
Save the file with Ctrl+X, Y, Enter.
On your cloud Linux server, execute this command:
sudo service apache2 restart
On your cloud Linux server, execute this command:
sudo nano /var/www/html/test205.php
Paste in this code,
as shown below.
<?php
$p = getenv("PASSWORD_205");
echo "Password is $p";
?>
Save the file with Ctrl+X, Y, Enter.
http://35.222.29.122/test205.phpThe password is visible, as shown below,
Leave the code intact that copies your source code to a .txt file in the /tmp folder.
When it's working, run the test in the box below to get the flag.
Flag SC 205.2: Password in Environment Variable (10 pts)
In a Web browser, open this page:
https://samlols.samsclass.info/SC/SC205.htmEnter the URL to your PHP page in the form for flag SC 205.2 and submit the form. If your code is correct, the flag will appear.
Posted 3-29-24