Read more writeups at kitctf.de
Challenge description:
Please use my shitty blog 🤎!
We are given a docker container running php. The only notable things about it, is that there is a readflag binary on the server and that the webroot is /var/www/html.
Other than that only index.php is interesting:
<?php // TODO: fully implement multi-user / guest feature :( $secret = 'SECRET_PLACEHOLDER'; $salt = '$6$'.substr(hash_hmac('md5', $_SERVER['REMOTE_ADDR'], $secret), 16).'$'; if(! isset($_COOKIE['session'])){ $id = random_int(1, PHP_INT_MAX); $mac = substr(crypt(hash_hmac('md5', $id, $secret, true), $salt), 20); } else { $session = explode('|', $_COOKIE['session']); if( !