Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- // Congratulations!!
- // I put this on Pastebin as a bonus for any adventurers who think to look here.
- $password = $_REQUEST['BadSantaPassword'];
- // Determine is IP address is odd or even
- $ip = $_SERVER["REMOTE_ADDR"];
- $split = explode(".", $ip);
- $lastOctet = $split[3];
- $SantaIP = $_SERVER['REMOTE_ADDR'];
- $CookieAuthValue = ($_COOKIE[Authenticated]);
- $CookieLevelValue = ($_COOKIE[ReachedLevelThree]);
- // Suggests potential command injection
- echo "<p align=right>", system('date'), "</p>";
- if (strpos($password, 'gibson') !== false)
- {
- // if the password tried is "gibson" tell them the directory
- echo "<h2>Very good! Santa's list can be found at \\gibson\\</h2>";
- echo '<br><img src="images/IMG_9619.JPG" width="1024" height="768" alt="" border="0">';
- }
- elseif (strpos($password, 'Gibson') !== false)
- {
- // if the password tried is "Gibson" tell them the directory
- echo "<h2>Very good! Santa's list can be found at \\gibson\\</h2>";
- echo '<br><img src="images/IMG_9619.JPG" width="1024" height="768" alt="" border="0">';
- }
- elseif (strpos($password, 'Santa') !== false)
- {
- // if they try a string with "Santa" sends them to a site that used to have the creds but was recently deleted. <REDACTED>
- echo '<h2><a href="http://icecreamrally.com/BadSanta/creds.html">Bad Santa Credentials</a></h2><br>';
- echo '<br><img src="/images/treeAnim.GIF" width="368" height="450" alt="" border="0">';
- }
- elseif ($CookieAuthValue != 0)
- {
- // If the cookie.authenticated value has been modified
- echo '<h2>Everyone is allowed to be in Bad Santa\'s world! But you\'ll need to go way back to get authentication information for what you are looking for.</h2><br>';
- echo '<br><img src="/images/santaPostCard.jpg" width="530" height="700" alt="" border="0">';
- }
- elseif (strpos($password, 'santa') !== false)
- {
- // if they try a string with "Santa" sends them to a site that used to have the creds but was recently deleted. <REDACTED>
- echo '<h2><a href="http://icecreamrally.com/BadSanta/creds.html">Bad Santa Credentials</a><br></h2>';
- echo '<br><img src="/images/treeAnim.GIF" width="368" height="450" alt="" border="0">';
- }
- elseif (stripos($password, 'script') !== false)
- {
- // Moch XSS
- echo "<h2>XSS may not be very useful in this adventure.</h2>";
- echo '<br><img src="/images/IMG_9618.JPG" width="1080" height="1538" alt="" border="0">';
- }
- elseif (stripos($password, 'pass') !== false)
- {
- // entered a variation of password
- echo "<h2>Brute force attacks may not be very useful in this adventure.</h2>";
- echo '<br><img src="/images/rabbitAnim.GIF" width="450" height="338" alt="" border="0">';
- }
- elseif (strlen($password) < 1)
- {
- // If no value selected
- echo "<h2>You'll need to enter a password. No blanks allowed!</h2>";
- echo '<br><img src="/images/santaanim1.GIF" width="188" height="188" alt="" border="0">';
- }
- elseif ($_COOKIE["Authenticated"] ==! 0)
- {
- // If the authenticated cookie is tampered with
- echo "<h2>Cookie manipulation will not help in this adventure, but nice try!</h2>";
- echo '<br><img src="/images/santaanim2.GIF" width="188" height="188" alt="" border="0">';
- }
- // Provides different messages for odd and even IP addresses
- elseif ($lastOctet % 2 !== 0)
- {
- // output for even
- echo "<h2>The password you tried is incorrect</h2>";
- echo '<br><img src="/images/IMG_9617.JPG" width="1080" height="1494" alt="" border="0">';
- echo "<br><font color='white'>";
- $i = 0;
- $SantaCount = rand(1, 35);
- //<REDACTED>
- // sderc is "creds" spelled backwards
- setcookie("sderc", "WW91IG5lZWQgdG8gZ28gd2F5IGJhY2sgdG8gZmluZCB0aGUgcmVtb3ZlZCBjcmVkZW50aWFscw");
- while ($i < $SantaCount)
- {
- $SantaCount--;
- $i++;
- echo $password, "<br>";
- }
- echo "</font>";
- }
- else
- {
- // output for odd
- echo "<h2>It doesn't look like any web injection attacks are going to work here...</h2>";
- echo '<br><img src="/images/IMG_9617.JPG" width="1080" height="1494" alt="" border="0">';
- // advises user to "hack the gibson" refering to the directory the actual list is in
- // laog is "goal" spelled backwaards
- setcookie("laog", "V2hlbiBwb3NzaWJsZSwgaGFjayB0aGUgZ2lic29u");
- }
- echo "</h2>";
- // Inserts the search string in to the database after a string reverse to see what happens with SQLi attempts.
- $servername = "localhost";
- $username = "root";
- $DBpassword = "<REDACTED>";
- $dbname = "mysql";
- // Create connection
- $conn1 = new mysqli($servername, $username, $DBpassword, $dbname);
- // Check connection
- if ($conn1->connect_error) {
- die("Connection failed: " . $conn1->connect_error);
- }
- // Reveres input making the SQLi vuln undetectable to automated scanners but readily obvious with manual inspection with the ODBC error
- $loggedQuery = (strrev($password));
- // logs password input and IP. Vulnerable to SQLi
- $sql = "INSERT INTO BadSantaQueries (BadSantaQueryString, BadSantaQueryIP) VALUES ('$loggedQuery', '$SantaIP')";
- if ($conn1->query($sql) === TRUE) {
- echo "<p>IP Address Logged";
- } else {
- echo "Error: " . $sql . "<br>" . $conn1->error;
- }
- $conn->close();
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement