sudo nano /var/www/html/SC205.htm
Paste in this code,
as shown below.
<html>
<body>
<form action="SC205.php">
Password: <input name="password"><p>
<input type="submit">
</form>
</body>
</html>
Save the file with Ctrl+X, Y, Enter.
sudo ln -s /tmp /var/www/html/tmp
This makes files in the /tmp directory
visible via HTTP requests.
This is not a productive thing to do for normal operations--just a sleazy hack so I can test your code easily.
On your cloud Linux server, execute this command:
sudo nano /var/www/html/SC205.php
Paste in this code,
as shown below.
<?php
$nopassword = 0;
if (!isset($_REQUEST['password'])) {
$nopassword = 1;
} else {
$password = $_REQUEST['password'];
if (strlen($password) < 1) {
$nopw = 1;
}
}
if ($nopassword == 1) {
die("<h2>Error: Must specify password!!</h2>");
}
if ($password == "OPENSESAME") {
echo("<h2>Welcome! You sent the correct password!</h2>");
} else {
die("<h2>Error: Incorrect password!!</h2>");
}
# MAKE THIS SCRIPT CODE VISIBLE
system("cp /var/www/html/SC205.php tmp/SC205.txt 2>&1");
?>
Save the file with Ctrl+X, Y, Enter.
http://35.222.29.122/SC205.htmEnter a Password of OPENSESAME into the form, as shown below, and click the Submit button.
http://35.222.29.122/tmp/SC205.txtVerify that your PHP source code is visible, as shown below.
https://samlols.samsclass.info/SC/SC205.htmEnter the URL to your PHP page in the form for flag SC 205.1, as shown below, and click the Submit button.
Flag SC 205.1: Login Functionality (5 pts)
The flag appears, as shown below.
On your cloud Linux server, execute this command:
sudo nano /etc/apache2/envvars
Add this line to the end of the file,
as shown below:
export PASSWORD_205=OPENSESAME
On your cloud Linux server, execute this command:
sudo service apache2 restart
On your cloud Linux server, execute this command:
sudo nano /var/www/html/test205.php
Paste in this code,
as shown below.
<?php
$p = getenv("PASSWORD_205");
echo "Password is $p";
?>
Save the file with Ctrl+X, Y, Enter.
http://35.222.29.122/test205.phpThe password is visible, as shown below,
Leave the code intact that copies your source code to a .txt file in the /tmp folder.
When it's working, run the test in the box below to get the flag.
Flag SC 205.2: Password in Environment Variable (10 pts)
In a Web browser, open this page:
https://samlols.samsclass.info/SC/SC205.htmEnter the URL to your PHP page in the form for flag SC 205.2 and submit the form. If your code is correct, the flag will appear.
Posted 3-29-24