level 21
<?php //error_reporting(0); //require 'secret.php'; function encryptMessage($message, $key) { $ivSize = openssl_cipher_iv_length('aes-256-cbc'); $iv = openssl_random_pseudo_bytes($ivSize); $encrypted = openssl_encrypt($message, 'aes-256-cbc', $key, OPENSSL_RAW_DATA, $iv); $ivBase64 = base64_encode($iv); $encryptedBase64 = base64_encode($encrypted); return $ivBase64 . '.' . $encryptedBase64; } function decryptMessage($encryptedMessage, $key) { list($ivBase64, $encryptedBase64) = explode('.', $encryptedMessage, 2); //echo 'ivBase64' . $ivBase64 . '</br>'; //echo 'encryptedBase64' . $encryptedBase64 . '</br>'; $iv = base64_decode($ivBase64); $encrypted = base64_decode($encryptedBase64); $decrypted = openssl_decrypt($encrypted, 'aes-256-cbc', $key, OPENSSL_RAW_DATA, $iv); return $decrypted; } if ($_SERVER['REQUEST_METHOD'] == 'GET' && isset($_GET['black_hole_source_value'])) { setcookie('encrypted_message', encryptMessage('user', '123456'), time() + (86400 * 30), '/'); exit; } if (isset($_GET['key'])) { $encmsg = $_GET['encrypted_message']; $deckey = decryptMessage($encmsg, $_GET['key']); echo 'deckey = ' . $deckey . '</br>'; if ($deckey == 'user') { echo 'LEVEL_21'; }else{ header('HTTP/1.0 403 Forbidden'); echo 'false'; } } ?>
Leave a Comment