[PHP] Small problem with cURL

Recently, I've been attempting to create a new timed challenge. I've nearly finished it, but I still have this problem when a user would submit the password. The problem is that my challenge page generates a random password every time a user checks the page. Imagine you use cURL to request the page, to obtain a certain string. Then, you script something which transforms the string in the password. If you would do another cURL request (to submit the answer), the right password would already have been changed, thus making it virtually impossible to complete the challenge. The page must somehow remember the last password sent, to check with that password if a user would submit the answer (using POST method). I've already got some ideas on how to solve this, I'm just wondering what would be the most efficient way. How do you guys think about this?

Thanks in advance;)

Just of the top of my head… but since its a TIMED chall… why not just store data like the i.p, and a copy of the string localy for a few seconds?

Yeah I thought of storing the pass in a textfile, I merely wondered how the other Timed challenges handled this.

GTADarkDude wrote: Yeah I thought of storing the pass in a textfile, I merely wondered how the other Timed challenges handled this.

That… I simple can't say…

Though shouldn't be to hard to find out here :)

EDIT

Its probibly somthing along the lines of when the script is run, it will remain 'open' untill the time expires…

If the user returns the info in that time, done ^^

Maybe miles off… but makes sense to me <,<

save it as a session that expires in a few seconds.

then it just means the user has to make sure they include cookie in their next header.

i know the timed challenges we use dont use any files or database space to save temp passwords etc.

i think session is your best bet.

OK, thanks Mr_Cheese. I guess I can call it finished now.:)

As for submittting the actual challenge: do I have to send an admin a PM with the code or how are challenges usually submitted?

you put it all in a ZIP file, along with a txt explaining the challenge, how to complete it, point out where the "challenges complete" code should go, etc etc.

then you send it to: mr_cheese@hellboundhackers.org

i shall flag it as a challenge, send it to the right developer and it will be queued for release.

I think we have a few challenges queued at the moment, so it should be released in a few weeks time.

and as always, a note is added to your profile saying you completed the challenge, and the equivalent amount of points are added to your profile. (so you basically get double points for a challenge you create)

Mr_Cheese wrote: I think we have a few challenges queued at the moment, so it should be released in a few weeks time. Sorry to kind of hijack this thread, but what are the other challenges waiting for? I know Moshbat submitted a new pen-testing one a few weeks ago. Are we waiting for a certain developer to check them? Are they still being tested? What? Before my EM ran out, there was still only one challenge in the beta phase, and it has recently been added to the site.

I've said it before, and I'll say it again. If you're short-handed and need someone else to help, I'll be glad to. I've got tons of free time and helping out around here is always enjoyable.

And i'm kinda curious about the outcome of my encryption.