-
Notifications
You must be signed in to change notification settings - Fork 2
/
mfa.php
116 lines (100 loc) · 4.1 KB
/
mfa.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
<?php
session_start();
if (!isset($_SESSION['csrf_token'])) {
$_SESSION['csrf_token'] = bin2hex(random_bytes(32));
}
require 'db.php';
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if (isset($_POST['csrf_token']) && $_POST['csrf_token'] === $_SESSION['csrf_token']) {
$_SESSION['csrf_token'] = bin2hex(random_bytes(32));
if (isset($_POST['mfa_token'])) {
$mfa_token = $_POST["mfa_token"];
if ($mfa_token === "123456") {
$message = "Congratulations, you completed the challenge! The flag is tcm{macrosAreUseful}";
$status = 1;
} else {
$message = "Incorrect MFA token!";
$status = 2;
}
} else {
$username = $_POST["username"];
$password = $_POST["password"];
if ($username === "jeremy" && $password === "letmein") {
$_SESSION["mfa_required"] = true;
$message = "Please enter the MFA token sent to your email.";
$status = 3;
} else {
$message = "Your username or password was incorrect!";
$status = 2;
}
}
} else {
$message = "Invalid token, please try again.";
$status = 2;
}
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>CSRF Tokens</title>
<link href="../assets/bootstrap.min.css" rel="stylesheet">
<link href="../assets/custom.css" rel="stylesheet">
</head>
<body>
<main>
<div class="container px-4 py-5" id="custom-cards">
<h2 class="pb-2 border-bottom"><a href="index.php">Labs</a> | MFA</h2>
<div class="alert alert-warning" role="alert">
<p class="mb-0">Target account: jeremy</p>
</div>
<?php
if ($status == 2) {
echo '<div class="alert alert-danger" role="danger"><p class="mb-0">' . $message . '</p></div>';
} elseif ($status == 1) {
echo '<div class="alert alert-success" role="success"><p class="mb-0">' . $message . '</p></div>';
}
?>
<?php
if (isset($_SESSION["mfa_required"]) && $_SESSION["mfa_required"]) {
?>
<div class="p-5 mb-4 bg-light rounded-3">
<h2>MFA Verification</h2>
<form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>" method="post">
<div class="mb-3 form-group">
<label for="mfa_token">MFA Token</label>
<input type="text" name="mfa_token" class="form-control" id="mfa_token" placeholder="Enter MFA Token">
</div>
<input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token']; ?>">
<div class="mb-3">
<button type="submit" class="btn btn-primary">Verify</button>
</div>
</form>
</div>
<?php } else { ?>
<div class="p-5 mb-4 bg-light rounded-3">
<h2>Login</h2>
<form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>" method="post">
<div class="mb-3 form-group">
<label for="username">Username</label>
<input type="text" name="username" class="form-control" id="username" aria-describedby="emailHelp" placeholder="Enter username">
</div>
<div class="mb-3 form-group">
<label for="password">Password</label>
<input type="password" name="password" class="form-control" id="password" placeholder="Password">
</div>
<input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token']; ?>">
<div class="mb-3">
<button type="submit" class="btn btn-primary">Submit</button>
</div>
</form>
</div>
<?php } ?>
</div>
</main>
<script src="../assets/popper.min.js"></script>
<script src="../assets/bootstrap.min.js"></script>
</body>
</html>