SC 205: Hardcoded Secrets (15 pts)

What You Need

Making an HTML Form

On your cloud Linux server, execute this command: 
sudo nano /var/www/html/SC205.htm
Paste in this code, as shown below. 
<html>
<body>
<form action="SC205.php">
    Password: <input name="password"><p>
    <input type="submit">
</form>
</body>
</html>
Save the file with Ctrl+X, Y, Enter.

Linking to /tmp

On your cloud Linux server, execute this command: 
sudo ln -s /tmp /var/www/html/tmp
This makes files in the /tmp directory visible via HTTP requests.

This is not a productive thing to do for normal operations--just a sleazy hack so I can test your code easily.

Making a PHP Script

Now we'll make a simple login script with a hardcoded password.

On your cloud Linux server, execute this command: 

sudo nano /var/www/html/SC205.php
Paste in this code, as shown below. 
<?php

$nopassword = 0;
if (!isset($_REQUEST['password'])) {
	$nopassword = 1;
} else {
	$password = $_REQUEST['password'];
	if (strlen($password) < 1) {
		$nopw = 1;
	}
}
	
if ($nopassword == 1) {
	die("<h2>Error: Must specify password!!</h2>");
}

if ($password == "OPENSESAME") {
	echo("<h2>Welcome!  You sent the correct password!</h2>");
}  else {
	die("<h2>Error: Incorrect password!!</h2>");
}

# MAKE THIS SCRIPT CODE VISIBLE
system("cp /var/www/html/SC205.php tmp/SC205.txt 2>&1");

?>

Save the file with Ctrl+X, Y, Enter.

Testing your Form Manually

In a Web browser, open this URL, replacing the IP address with the external IP of your server:
http://35.222.29.122/SC205.htm
Enter a Password of OPENSESAME into the form, as shown below, and click the Submit button.

The next page shows the "Welcome" message, as shown below.

Send an incorrect password. Verify that it's rejected, as shown below.

In a Web browser, open this URL, replacing the IP address with the external IP of your server:
http://35.222.29.122/tmp/SC205.txt
Verify that your PHP source code is visible, as shown below.

Testing your Form Automatically

In a Web browser, open this page:
https://samlols.samsclass.info/SC/SC205.htm
Enter the URL to your PHP page in the form for flag SC 205.1, as shown below, and click the Submit button.

Flag SC 205.1: Login Functionality (5 pts)

The flag appears, as shown below.

Using Environment Variables

We'll store the password in an Environment Variable, visible to the apache2 web server.

On your cloud Linux server, execute this command: 

sudo nano /etc/apache2/envvars
Add this line to the end of the file, as shown below: 
export PASSWORD_205=OPENSESAME

Save the file with Ctrl+X, Y, Enter.

On your cloud Linux server, execute this command: 

sudo service apache2 restart

Making a PHP Script

Now we'll make a simple script to view the environment variable in PHP.

On your cloud Linux server, execute this command: 

sudo nano /var/www/html/test205.php
Paste in this code, as shown below. 
<?php

$p = getenv("PASSWORD_205");
echo "Password is $p";

?>

Save the file with Ctrl+X, Y, Enter.

Viewing the Environment Variable from PHP

In a Web browser, open this URL, replacing the IP address with the external IP of your server:
http://35.222.29.122/test205.php
The password is visible, as shown below,

Fixed Code

Modify your script to use the environment variable and avoid hardcoded passwords.

Leave the code intact that copies your source code to a .txt file in the /tmp folder.

When it's working, run the test in the box below to get the flag.

Flag SC 205.2: Password in Environment Variable (10 pts)

In a Web browser, open this page:

https://samlols.samsclass.info/SC/SC205.htm
Enter the URL to your PHP page in the form for flag SC 205.2 and submit the form. If your code is correct, the flag will appear.

Posted 3-29-24