RSS
 

Posts Tagged ‘php’

Rewriting mobeigi.com with React

20 Jul 2020

Learning React

Recently I have spent some time learning React as it is the front end library of choice at my workplace Atlassian. Learning React was quite easy and intuitive. I used a handful of resources and one I’d like to heavily recommend to beginners is React.js Essential Training by Eve Porcello. Previously, all of my websites had been written in PHP and while I am very comfortable with PHP and do enjoy writing it. However, I do see the immense value in writing reusable components and the benefits of conditional rendering.

React Pros

Here are the things I like about React:

  • Reusable components
  • Conditional rendering (for performance and user experience, also no more custom XMLHttpRequest (XHR) requests
  • Typescript integration (find bugs by devs at compile time rather than by customers at runtime)
  • Flexible and powerful styling options (inline styling, styled components, css modules)
  • Helpful addon packages that just work (axios, react router)
  • API driven architecture (decoupling front end and back end using API’s)
  • React Developer Tools addon provides some nice features such as profiling

React Cons

Some things that bothered me (nothing major though!):

  • Lot of boilerplate code to get a simple app running (although create-react-app (CRA) helps with this).
  • Tracking down errors can be very tough
  • Harsh linting rules (use more relaxed linting rules or else you won’t be able to use best practices at times!)

Rewriting mobeigi.com

To fully appreciate React I rewrote my website (landing page) from scratch in React.

The source code is available here:
https://github.com/mobeigi/mobeigi.com

It is a pretty simple site with only a few features:

  • Standing landing page with links to social networks
  • A page to show off my trading history
  • A popup dialog to download my Resume (password protected)
  • A link to my blog

In the end I was able to reproduce a clone of my original website in React.

Both the new and old versions looked almost identical:

mobeigi.com React Rewrite Side by Side

mobeigi.com React Rewrite Side by Side Mobile

Differences include:

  • New website addressed some styling issues (such as button onhover text not contrasting with button background colour)
  • New website is properly responsive using rem for sizing and em for padding (old website was partially responsive using pixels for sizing).
  • And not much else!

Finally, I decided to use Lighthouse from the Google Developer tools window to analyse my website to see the performance before and after the change.
The desktop profile was used.

Old Website:
Lighthouse Old Mobeigi.com Website

New Website:

Lighthouse New Mobeigi.com Website

So overall not a huge difference for such a small website but a step in the right direction.

 
No Comments

Posted in Website Development

 

Hackvent 2019: Day 23

24 Dec 2019
CTF: Hackvent 2019
Link to challenge: https://academy.hacking-lab.com
Date Completed: 23 December 2019

Challenge

HV19.23 Internet Data Archive

Solution

We are presented with the following website:

We are allowed to enter a username and select some data to download except the flag which is classified. Upon doing this a unique zip file is generated for us containing our files and we are also provided with a password that allows us to open the encrypted zip file.

By playing around with the website we learn the following things:

  • Usernames are truncated to be at most 12 characters long (alphanumberis)
  • Passwords are always 12 digits (alphanumeric) and look like this: BxxRGJAMpmbJ
  • All links to download files contain the input username with -data appended. Example for username of mohttp://whale.hacking-lab.com:23023/tmp/mo-data.zip
  • Can pass in req instead of req[] as PHP post argument to trigger PHP error:
  • Can pass in username[] instead of username as PHP post argument to make name be parsed as Array: http://whale.hacking-lab.com:23023/tmp/Array-data.zip
  • We cannot use the username Santa (it is explicitly disallowed!)

We shortly find out that the tmp directory where files are hosted has indexing on and we can see all the files that are being created. By sorting by oldest files first we discover two interesting files:

We download Santa-data.zip and discover that it contains a file called flag.txt! However, we do not know the password for this archive.
Assuming alphanumerics are used as the charset for the password our bruteforce complexity is 62^12 which not feasible.

Next, we inspect the phpinfo for any valuable information, we take note of the PHP version 7.4.1 and that the sodium module is loaded (although this doesn’t matter).

Next we write a password generator script to generate a lot of tokens:

After generating 1000 passwords we run frequency analysis on the payload and discover that certain characters never appear. These characters are 0, 1, l, I, N, n, O, o. Perhaps these characters are committed as they look similar to other characters. Eliminating this characters from our charset brings down our bruteforce complexity to 54^12 which is still not feasible.

We note the title of the challenge page IDA Pro and after researching for IDA Pro PRNG we come across this interesting article:
https://devco.re/blog/2019/06/21/operation-crack-hacking-IDA-Pro-installer-PRNG-from-an-unusual-way-en/

The author describes the same exact charset that is in use here so we try to use the same approach to break the PRNG used to encrypt the Santa-data.zip file. We decide to use PHP for this with the same version 7.4.1 as the challenge website to ensure consistency.

We make the following bruteforce.php script:

This script simply generates a random 12 length password using the first 12 bytes of randomness generated by the RNG for each seed between 0 to 2^32. However, we cannot save this data to disk easily so we will instead stream the data to a ZIP cracking utility like John the Ripper to attempt to crack the file on the fly.

We run:

After about 2 minutes we have a successful crack:

Thus our password is Kwmq3Sqmc5sA and the original seed used was 4333287.
We open flag.txt to get our daily flag!

Flag:  HV19{Cr4ckin_Passw0rdz_like_IDA_Pr0}

 
No Comments

Posted in Hackvent 2019

 

Fix PHP 500 Internal Server Error when using date()

31 May 2016

For a particular project I was working on, I set up a website with a really simple script that used the php date() function. However, the use of the date() function resulted in a 500 internal server error. After some testing, I determined this was caused because of a configuration in php.ini. There was an invalid value for the date.timezone setting.

This is what my php.ini file looked like:

Now if date.timezone is set to an invalid timezone (one that does not exist) then it produces a 500 internal server error. However, Australia/Sydney is a valid timezone and should not result in that behaviour.

I then wrote a little script to see what timezones PHP was recognizing:

This resulted in the following output:

Note that Australia/Sydney is missing from the list. Finally I realised that the timezone file for Australia/Sydney was missing on the box (for some unknown reason).

I was using Centos 6.7 and needed to obtain and replace the missing Sydney timezone file so it was available here:

After making this change and restarting php and apache, the issue was solved!

 
No Comments

Posted in Server Management

 

Simple PHP File Download Script

18 Dec 2015

So I recently added a download.php script to my website so that I could force downloads of files instead of having users access them through an indexed directory or through their browser.

I found various scripts online but none of them were as clean as I’d have liked them to be so I wrote my own simple script after a bit of research.

In my setup, the download.php file sits at the root of my website and the filevault folder sites one level higher on the web server. This setup ensures users cannot hotlink to files or directly access them, the script must be used. A benefit of this is that you can add restrictions like allowing a file to be accessed by people from a particular country or by those who have a certain cookie set. If you do not have access to the directory above your websites root directory then you are forced into putting your filevault at the websites root directory.

This is the simple PHP File download script:

Usage

The following link would force the download of that_file.txt

Demo

You can also download the above script (using the script!):
Download download.php Script

 
8 Comments

Posted in Programming