-
Notifications
You must be signed in to change notification settings - Fork 2
/
index.php
88 lines (71 loc) · 7.19 KB
/
index.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
<?php
include "challenge.php";
$challenges[0] = new Challenge(0, "Welcome!", "Welcome to the Mark's Pentest Challenge! There is a password hidden in every level. If you are stuck, there is always a hint under the login box, or if that is not enough, drop me a mail. <br>If you have no more time just save the url of the level and continue when you want. <br> Happy Hacking!","<!-- Ennyn Durin aran Moria. Pedo mellon a minno -->", "<a href=\"https://www.youtube.com/watch?v=DgHCM68KkPY\" target=\"_blank\">https://www.youtube.com/watch?v=DgHCM68KkPY</a> and the webserver can not speak elvish. ","challenge1-friend","friend");
$challenges[1] = new Challenge(1, "Level 1", "The password is hidden somewhere","<input type=\"hidden\" name=\"correctPassword\" value=\"gettingstarted\">", "<a href=\"https://www.w3.org/wiki/HTML/Elements/input/hidden\" target=\"_blank\">https://www.w3.org/wiki/HTML/Elements/input/hidden</a>","challenge2-gettingstarted","gettingstarted");
$challenges[2] = new Challenge(2, "Level 2", "<i>\"It is better to create than to learn! Creating is the essence of life.\"<br>\"If you must break the law, do it to seize power: in all other cases observe it.\"</i>","<input type=\"hidden\" name=\"encodedPassword\" value=\"ktcxkxsxkxrx\">", "The quotes are not coming from Kevin D. Mitnick, but then who is the author? And what does he do with computer security?","challenge3-venividivici","venividivici");
$challenges[3] = new Challenge(3, "Level 3", "<i>\"Isn’t it, sure there are grays, when you come right down to it, at its core beneath every choice is either a 1 or a 0. You either do something or you don’t. You walk out that door, you decided to do nothing, to say nothing, which means you do not come back. You leave, you are no longer apart of this. You become a zero. If you stay, you wanna change the world, you become a yes, you become a 1. I’ll ask you again, are you a 1 or a 0?\"</i>","<input type=\"hidden\" name=\"encodedPassword\" value=\"01101101_01110010_01110010_01101111_01100010_01101111_01110100\">", "The computer works with binary numbers, so it has to convert the characters of the password to binary. But how does it do that? Maybe the American Standard Code for Information Interchange has to do something with that?","challenge4-mrrobot","mrrobot");
$challenges[4] = new Challenge(4, "Level 4", "<i>\"Hey soldier! Where is my uniform? - Check in the Uniform Resource Locator\"</i>","<input type=\"hidden\" name=\"encodedPassword\" value=\"%75%72%6c%73%61%72%65%67%72%65%61%74\">", "Url stands for Uniform Resource Locator and is used as the address of the websites. But they are very polite, and whenever someone tries to make them say something #$@&%*! they find a way to save their good manner ;) Check this <a href=\"http://www.w3schools.com/tags/ref_urlencode.asp\" target=\"_blank\">website.","challenge4-urlsaregreat","urlsaregreat");
$challenges[5] = new Challenge(5, "Level 5", "<i>\"-This is Rogue Two. this is Rogue Two. Captain Solo, so you copy? Commander Skywalker, do you copy? This is Rogue Two.<br>-Good morning. Nice of you guys to drop by.<br>-Echo Base64... this is Rogue Two. I found them. Repeat, I found them.\"</i>","<input type=\"hidden\" name=\"encodedPassword\" value=\"dGhlb3JpZ2luYWx0cmlsb2d5aXN0aGViZXN0\">", "Base64... what was that? A typo or a hint? And UTF-8 FTW!","challenge6-theoriginaltrilogyisthebest","theoriginaltrilogyisthebest");
$challenges[6] = new Challenge(6, "Level 6", "<i>\"I believe that if you show people the problems and you show them the solutions they will be moved to act.\"<br>\"If you can't make it good, at least make it look good.\"</i>","<input type=\"hidden\" name=\"encryptedPassword\" value=\"E957AF63A4DFDC83AAD3B435B51404EE\">", "If something looks fixed length, that may be a hash, right? But hashes are supposed to be unbreakable. Hm, maybe not in this case","challenge7-win","win");
$challenges[7] = new Challenge(7, "Level 7", "<i>\"The greatest weakness of computer security is the human factor\" \"There is no patch for stupidity.\"</i>","<input type=\"hidden\" name=\"encryptedPassword\" value=\"5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8\">", "Even if the system administrators are doing their best, implementing really secure protocols that will not save them from human stupidness and laziness.","challenge8-password","password");
$challenges[8] = new Challenge(8, "Congratulation!", "You are done with my challenges.<br>Enter and start exploring the real world!","<input type=\"hidden\" name=\"password\" value=\"is_empty\">", "It is empty, just click login :)","veryverysecretstuff213549567587564","");
//select the actual challenge
$challengeId = 0; //if site not site, or not matching to anything
if(isset($_GET["site"])){
if($_GET["site"] == "veryverysecretstuff213549567587564"){header("Location: theveryrealworld.php");die();}
for($i = 0; $i < count($challenges); $i++){
if($_GET["site"] == $challenges[$i]->nextUrl){
$challengeId = $i + 1;
break;
}
}
}
$ch = $challenges[$challengeId];
//check password and redirect
if(isset($_POST["password"])){
if($ch->checkPasswordAndRedirect($_POST["password"]) == 0) $message = "Wrong password, try again.";
}
?>
<!DOCTYPE html>
<!--[if lt IE 7]> <html class="lt-ie9 lt-ie8 lt-ie7" lang="en"> <![endif]-->
<!--[if IE 7]> <html class="lt-ie9 lt-ie8" lang="en"> <![endif]-->
<!--[if IE 8]> <html class="lt-ie9" lang="en"> <![endif]-->
<!--[if gt IE 8]><!--> <html lang="en"> <!--<![endif]-->
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
<title>Mark's Pentest Challenge</title>
<link rel="stylesheet" href="css/style.css">
<!--[if lt IE 9]><script src="//html5shim.googlecode.com/svn/trunk/html5.js"></script><![endif]-->
<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.12.0/jquery.min.js"></script>
</head>
<body>
<section class="container">
<div class="login" id="challenge">
<h1><?php echo $ch->getTitle(); ?></h1>
<?php if(isset($message)) echo "<font color=\"red\">".$message."</font><br>\n"; ?>
<?php echo $ch->getText()."\n"; ?>
<form method="post" action="">
<?php echo $ch->getFormField()."\n"; ?>
<p><input type="password" name="password" value="" placeholder="Password"></p>
<p class="submit">Solved by <?php echo $ch->getSolvedBy()."\n";?> <input type="submit" name="commit" value="Login"></p>
</form>
</div>
<div class="login-help">
<p>Need a hint? <a href="javascript:void(0);" onclick="$('#hint').show(1000);">Click here!</a>.</p>
</div>
<div class="login" id="hint" style="display:none">
<p>
<?php echo $ch->getHint()."\n";?>
<br>Remember! The passwords are always meaningful words with all lowercase letters. You don't need to install any program, there are online tools for everything needed to complete these challenges.
</p>
</div>
</section>
<section class="about">
<p class="about-author">
Design is based on the code of <a href="http://thibaut.me" target="_blank">Thibaut Courouble</a> -
<a href="http://www.cssflow.com/mit-license" target="_blank">MIT License</a><br>
Original PSD by <a href="http://www.premiumpixels.com/freebies/clean-simple-login-form-psd/" target="_blank">Orman Clark</a>
</section>
</body>
</html>