netrunner/webroot/login.php

<?php

if (isset($_POST['login']) && $_POST['login'] == 'Login') {
  if ( isset($_POST['username']) && !empty($_POST['username']) ) {
    if ( isset($_POST['password']) && !empty($_POST['password']) ) {

      $bdd = new mysqli("localhost", "cyber-zetatech-inc", "wY7nhg7xnzmCcJbfz3Gf89qyU5cvpr", "ctf-zetatech-inc");
      if ($bdd->connect_errno) {
          //echo "Echec lors de la connexion à MySQL : (" . $bdd->connect_errno . ") " . $bdd->connect_error;

          $state->return = 'error';
          $state->string = 'Connection error';
          $state_json = json_encode($state);
          echo $state_json;
      }

      $real_user = "puppet-master";

      $user = $_POST['username'];
      $pass = hash("sha256", $_POST['password']);
      $sql = "SELECT user,password FROM access WHERE user='".$user."' AND password='".$pass."'";
      //$sql = "SELECT user,password FROM access WHERE user='admin' OR 1=1 LIMIT 1 OFFSET 1";// AND password='".$pass."'";;

      // curl -X POST http://localhost/netrunner/login.php -d "password=admiefn&login=Login&username=admin' OR 1 LIMIT 1 OFFSET 1 #"

      //echo "\n";
      //echo $sql;
      //echo "\n\n";

      $res = mysqli_query($bdd, $sql);

      $num_row = mysqli_num_rows($res);
      $row=mysqli_fetch_assoc($res);
      //print_r($row);

      if ($_POST['username'] === "admin") {
        $state->return = 'false';
        $state->string = 'admin is desactivated. Use your login.';

      } elseif ( $num_row == 1 && $row['user'] === $real_user) {
        $state->return = 'true';
        $html_login = "<b>Welcome to your admin board <em>".$row['user']."</em></b> <br> <br>
        An error occurred while connecting to your implant <br> [Zetatech Neural Processor MK.II].
        <br> <br>
        Please approach a Zetatech center for an analysis.
        <br> <br>
        IMTLD{w3b_1nT3rf4ceS_4r3_3v1L}";
        $state->string = $html_login;

      } else {
        $state->return = 'false';
        $state->string = 'Access Denied';
      }
    } else {
      $state->return = 'password';
      $state->string = 'Password Missing';
    }
  }
  else {
    $state->return = 'username';
    $state->string = 'Username Missing';
  }

  $state_json = json_encode($state);
  echo $state_json;

} else { // DEBUG
  $state->return = 'form';
  $state->string = 'Submit form';
  $state_json = json_encode($state);
  echo $state_json;
}
first commit 2018-11-02 23:03:55 +00:00			`<?php`

			`if (isset($_POST['login']) && $_POST['login'] == 'Login') {`
			`if ( isset($_POST['username']) && !empty($_POST['username']) ) {`
			`if ( isset($_POST['password']) && !empty($_POST['password']) ) {`

			`$bdd = new mysqli("localhost", "cyber-zetatech-inc", "wY7nhg7xnzmCcJbfz3Gf89qyU5cvpr", "ctf-zetatech-inc");`
			`if ($bdd->connect_errno) {`
			`//echo "Echec lors de la connexion à MySQL : (" . $bdd->connect_errno . ") " . $bdd->connect_error;`

			`$state->return = 'error';`
			`$state->string = 'Connection error';`
			`$state_json = json_encode($state);`
			`echo $state_json;`
			`}`

			`$real_user = "puppet-master";`

			`$user = $_POST['username'];`
			`$pass = hash("sha256", $_POST['password']);`
			`$sql = "SELECT user,password FROM access WHERE user='".$user."' AND password='".$pass."'";`
			`//$sql = "SELECT user,password FROM access WHERE user='admin' OR 1=1 LIMIT 1 OFFSET 1";// AND password='".$pass."'";;`

			`// curl -X POST http://localhost/netrunner/login.php -d "password=admiefn&login=Login&username=admin' OR 1 LIMIT 1 OFFSET 1 #"`

			`//echo "\n";`
			`//echo $sql;`
			`//echo "\n\n";`

			`$res = mysqli_query($bdd, $sql);`

			`$num_row = mysqli_num_rows($res);`
			`$row=mysqli_fetch_assoc($res);`
			`//print_r($row);`

			`if ($_POST['username'] === "admin") {`
			`$state->return = 'false';`
			`$state->string = 'admin is desactivated. Use your login.';`

			`} elseif ( $num_row == 1 && $row['user'] === $real_user) {`
			`$state->return = 'true';`
			`$html_login = "<b>Welcome to your admin board <em>".$row['user']."</em></b> <br> <br>`
			`An error occurred while connecting to your implant <br> [Zetatech Neural Processor MK.II].`
			`<br> <br>`
			`Please approach a Zetatech center for an analysis.`
			`<br> <br>`
			`IMTLD{w3b_1nT3rf4ceS_4r3_3v1L}";`
			`$state->string = $html_login;`

			`} else {`
			`$state->return = 'false';`
			`$state->string = 'Access Denied';`
			`}`
			`} else {`
			`$state->return = 'password';`
			`$state->string = 'Password Missing';`
			`}`
			`}`
			`else {`
			`$state->return = 'username';`
			`$state->string = 'Username Missing';`
			`}`

			`$state_json = json_encode($state);`
			`echo $state_json;`

			`} else { // DEBUG`
			`$state->return = 'form';`
			`$state->string = 'Submit form';`
			`$state_json = json_encode($state);`
			`echo $state_json;`
			`}`