Skip to content

Instantly share code, notes, and snippets.

@cianmce
Created February 14, 2018 16:24
Show Gist options
  • Save cianmce/a087abeb1754c0983797da5f5ab29730 to your computer and use it in GitHub Desktop.
Save cianmce/a087abeb1754c0983797da5f5ab29730 to your computer and use it in GitHub Desktop.
<?php
/*
Run using:
SECRET="Some super secret text" php -S localhost:8000
Goal:
Find out what the SECRET env is
*/
if (empty($_POST['hmac']) || empty($_POST['host'])) {
header('HTTP/1.0 400 Bad Request');
exit;
}
$secret = getenv("SECRET");
if (isset($_POST['nonce']))
$secret = hash_hmac('sha256', $_POST['nonce'], $secret);
$hmac = hash_hmac('sha256', $_POST['host'], $secret);
if ($hmac !== $_POST['hmac']) {
header('HTTP/1.0 403 Forbidden');
exit;
}
exec("host ".$_POST['host']);
?>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment