santhacklaus/netrunner
1
0
Fork 0
Code
63e0e28e1f
netrunner/webroot/zetatech-admin.php
Aymeric Sorek 7828640ed9 Prod version CTF
2019-01-29 22:21:05 +01:00

72 lines
2.5 KiB
PHP
Raw Blame History

<?php
if (isset($_POST['login']) && $_POST['login'] == 'Login') {
$state = new \stdClass();
if ( isset($_POST['username']) && !empty($_POST['username']) ) {
if ( isset($_POST['password']) && !empty($_POST['password']) ) {
$bdd = mysqli_connect('database:3306', 'cyber-zetatech-inc', 'wY7nhg7xnzmCcJbfz3Gf89qyU5cvpr', 'ctf-zetatech-inc');
//$bdd = new mysqli("database", "cyber-zetatech-inc", "wY7nhg7xnzmCcJbfz3Gf89qyU5cvpr", "ctf-zetatech-inc", 3306);
if (mysqli_connect_errno()) {
$state->return = 'error';
$state->string = 'Connection error';
$state_json = json_encode($state);
echo $state_json;
return;
}
$real_user = "puppet-master";
$user = $_POST['username'];
$pass = hash("sha256", $_POST['password']);
$sql = "SELECT user,password FROM access WHERE user='".$user."' AND password='".$pass."'";
// curl -X POST http://localhost/netrunner/login.php -d "password=admiefn&login=Login&username=admin' OR 1 LIMIT 1 OFFSET 1 #"
$res = mysqli_query($bdd, $sql);
$num_row = mysqli_num_rows($res);
$row=mysqli_fetch_assoc($res);
if ($_POST['username'] === "admin") {
$state->return = 'false';
$state->string = 'admin is desactivated. Use your login.';
} elseif ( $num_row == 1 && $row['user'] === $real_user) {
$state->return = 'true';
$html_login = "<b>Welcome to your admin board <em>".$row['user']."</em></b> <br> <br>
An error occurred while connecting to your implant <br> [Zetatech Neural Processor MK.II].
<br> <br>
Please approach a Zetatech center for an analysis. You can use maintenance access with your Access Key to check general informations.
<br> <br>
IMTLD{w3b_1nT3rf4ceS_4r3_3v1L} <br>
<div class=\"row\">
<a id=\"key\" href=\"./e91ac60004c77904ad889a5762a68b06e53b7c21.html\">[Access Key]</a>
</div>";
$state->string = $html_login;
} elseif ( $num_row == 1 && $row['user'] === 'admin') {
$state->return = 'false';
$state->string = 'admin is desactivated. Use your login.';
} else {
$state->return = 'false';
$state->string = 'Access Denied';
}
} else {
$state->return = 'password';
$state->string = 'Password Missing';
}
}
else {
$state->return = 'username';
$state->string = 'Username Missing';
}
$state_json = json_encode($state);
echo $state_json;
}
View Git Blame Copy Permalink