-
Notifications
You must be signed in to change notification settings - Fork 0
/
natas11.php
68 lines (60 loc) · 2.14 KB
/
natas11.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
<?php
$cookie = "ClVLIh4ASCsCBE8lAxMacFMZV2hdVVotEhhUJQNVAmhSEV4sFxFeaAw%3D";
$defaultData = array( "showpassword"=>"no", "bgcolor"=>"#ffffff");
$desiredData = array( "showpassword"=>"yes", "bgcolor"=>"#ffffff");
/**
* Performs XOR operation on the given parameters.
*
* @param in1 the first input
* @param in2 the second input
* @return the result of XOR operation
*/
function xor_encrypt($in1, $in2) {
$outText = '';
for($i=0; $i<strlen($in1); $i++) {
$outText .= $in1[$i] ^ $in2[$i % strlen($in2)];
}
return $outText;
}
/**
* Returns true if the given string starts with the given start string.
*
* @param string the string to be checked
* @param startString the pattern to see if the given string starts with
* @return true if the given staring starts with the given start string
*/
function starts_with($string, $startString){
$len = strlen($startString);
return (substr($string, 0, $len) === $startString);
}
/**
* Returns a repetetive pattern in the given string.
*
* @param in the input
* @return the repetetive pattern in the given string
*/
function get_repetetive_pattern($in){
$pattern = '';
for($i=1; $i<strlen($in); $i++){
if($in[$i] == $in[0]){
$len = $i - 0;
$wrongPattern = 0;
$candidatePattern = substr($in, 0, $len);
for ($j=0; $j<strlen($in); $j=$j+$len){
if (!starts_with($candidatePattern, substr($in, $j, $len))){
$wrongPattern = 1;
break;
}
}
if ($wrongPattern == 0){
$pattern = $candidatePattern;
break;
}
}
}
return $pattern;
}
$key = get_repetetive_pattern(xor_encrypt(json_encode($defaultData), base64_decode($cookie)));
$cookieToSet = base64_encode(xor_encrypt(json_encode($desiredData), $key));
$password = shell_exec("curl --silent --user natas11:U82q5TCMMQ9xuFoI3dYX61s7OZD9JKoK --cookie data=$cookieToSet http://natas11.natas.labs.overthewire.org/ | grep 'The password for natas12 is' | grep -Eo [A-Za-z0-9]{32}");
print("The password for natas12 is: $password");