Created
April 29, 2012 23:45
-
-
Save marcwickenden/2554075 to your computer and use it in GitHub Desktop.
Security B-Sides London 2012 Challenge 4
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
// encryption functions used for login | |
function encrypt($value, $key){ | |
if(!$value){return false;} | |
$text = $value; | |
$iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB); | |
$iv = mcrypt_create_iv($iv_size, MCRYPT_RAND); | |
$ciphertext = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $text, MCRYPT_MODE_ECB, $iv); | |
return trim(base64_encode($ciphertext)); //encode for db | |
} | |
function decrypt($value, $key){ | |
if(!$value){return false;} | |
$ciphertext = base64_decode($value); //decode cookie | |
$iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB); | |
$iv = mcrypt_create_iv($iv_size, MCRYPT_RAND); | |
$decrypttext = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, $ciphertext, MCRYPT_MODE_ECB, $iv); | |
return trim($decrypttext); | |
} | |
// iggy javvad paul wicky jimmy | |
$details = array('matt' => 'sqNGWoX72CjoZrWwtLopB6p2X25uUz8b3AFC/94am+w=', | |
'iggy' => 'ygRf/aB98OntNZWBGsuhjDud8bbf+o8km+0dZI1WRCU=', | |
'javvad' => 'sSsA95t2MM2uuCuJ7n5XOh/1tUaJ6n+0LeiEhQEoCjtYS4Mr7WUXAolXHLgumnPRx60XdKJv4awTgirGTMTx/Q==', | |
'paul' => 'yu7PEPH1GHIhpwOuRvNJ2d3d6cysZJ/gIejP7htGjKc=', | |
'wicky' => 'AUOVLNyMgq20nZb9kGf7IXxHRHf67yp8hyugDgALUHw=', | |
'jimmy' => 'l1E2OAhIKjAwIkiPF4xy3RTD3YKzSuVTLZMRTxJ74CI=' | |
); | |
foreach ($details as $k => $v) { | |
$key = 'R3allyR3allyS3cr3t'; | |
$user = $k; | |
$enc_password = $v; | |
$dec_password = decrypt($enc_password,$key); | |
print "$user:$dec_password\n"; | |
} | |
?> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment