Welcome to HBH! If you have tried to register and didn't get a verification email, please using the following link to resend the verification email.

Some cURL help?

  1. Home
  2. Forum
  3. Programming
  4. Some cURL help?

ghost's Avatar

ghost

0 0

Hi all,

I'm currently messing about with cURL and am having a problem with cookie validation. At the moment i am wanting to display HBH as if i went to it direct. So for this i need a valid cookie and user agent right? Any help with why the following code isn't working (i've starred my specific details out)?

<?php
$curl = curl_init();

curl_setopt($curl, CURLOPT_URL, "http://www.hellboundhackers.org/index.php");
curl_setopt($curl, CURLOPT_COOKIE, "PHPSESSID=************; fusion_user=*****.*****************");
curl_setopt($curl, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.11) Gecko/20071127 Firefox/2.0.0.11");
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($curl, CURLOPT_VERBOSE, 1);

$page = curl_exec($curl);
curl_close($curl);
echo $page;
?>

GTADarkDude's Avatar

GTADarkDude

Member
0 0

Well I can't directly see a flaw in the script or anything… You are a 100% certain you have the CURL library installed correctly? If in doubt, check phpinfo(). Please try with an URL like 'http://www.google.com/' and skip the cookie line and see if it that works.


ghost's Avatar

ghost

0 0

Yes, defo installed and if i remove the cookie line it does fetch the page but with "please register etc". With the cookie line in i just get a blank page, no error or anything.


SySTeM's Avatar

SySTeM

-=[TheOutlaw]=-
20 0

Try adding CURLOPT_FOLLOWLOCATION, TRUE


ghost's Avatar

ghost

0 0

Its not the cookie ID and i've tried adding that and still no joy system?


SySTeM's Avatar

SySTeM

-=[TheOutlaw]=-
20 0 
<?php
$curl = curl_init();

curl_setopt($curl, CURLOPT_URL, "http://www.hellboundhackers.org/index.php");
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($curl, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($curl, CURLOPT_COOKIE, "PHPSESSID=session; fusion_user=id.hash");
curl_setopt($curl, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.11) Gecko/20071127 Firefox/2.0.0.11");
curl_setopt($curl, CURLOPT_VERBOSE, 1);

$page = curl_exec($curl);
curl_close($curl);
echo $page;
?>```

That works fine for me.

ghost's Avatar

ghost

0 0

If he is not running it from his computer then he will surely encounter a cookie problem… Because cookies are ip based… I have the same problem, and I couldn't do the timed challenges here since I can't do it from my computer because of my slow internet connection…


ghost's Avatar

ghost

0 0

Ahhh how stupid of me, no i have been running the script from my external web server. Thanks for the help guys, ill get php installed on my local and give it a bash.


ghost's Avatar

ghost

0 0

MrMayhem wrote: Ahhh how stupid of me, no i have been running the script from my external web server. Thanks for the help guys, ill get php installed on my local and give it a bash.

You could do that, or you can make your script login to the server. Not sure if CURL has a Post request function (don't use it), but if it doesn't, here's the rfc that should help: http://www.w3.org/Protocols/rfc2616/rfc2616.html


ghost's Avatar

ghost

0 0

Easy, just install XAMPP (LAMPP in Linux), enable curl in apache/bin/php.ini and give it a spin on your local machine.


ghost's Avatar

ghost

0 0

Yep did that the other day and got a couple of the timed challenges done now!


ghost's Avatar

ghost

0 0

Awesome! Keep it coming^^


ghost's Avatar

ghost

0 0

It's actually quite addictive but frustrating at the same time, best way to learn though. And for anyone that says they cant attempt the timed challenges…I only started learning PHP a couple of weeks ago so there's no excuse!


ghost's Avatar

ghost

0 0

No there is an excuse at least for me… I'm on a 64kbps down and 8kbps up connection… So what do you expect?!!!


ghost's Avatar

ghost

0 0

Okay okay that's fair enough! But you know what I mean :ninja:


spyware's Avatar

spyware

Banned
0 0

454447415244 wrote: No there is an excuse at least for me… I'm on a 64kbps down and 8kbps up connection… So what do you expect?!!!

Get a remote shell. Or, complain :).


ghost's Avatar

ghost

0 0

Hehe, brute forcing the database would be easier! :p By the way, why the login form is not anti-bots?! Anyone can try and brute force any account!


elmiguel's Avatar

elmiguel

Member
2,795 1

I decided to try PHP and cURL. I thought it would be good practice to redo the timed challenges. (note: i have completed all but timed 7, almost done.) But, when I try this script I get a blank page:


<?php

$curl = curl_init();

curl_setopt($curl, CURLOPT_URL, "http://www.hellboundhackers.org/challenges/timed/timed1/index.php");
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($curl, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($curl, CURLOPT_COOKIE, "PHPSESSID=session; fusion_user=id.hash;");
curl_setopt($curl, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.2) Gecko/20090729 Firefox/3.5.2 (.NET CLR 3.5.30729)");
curl_setopt($curl, CURLOPT_VERBOSE, 1);

$page = curl_exec($curl);
curl_close($curl);

echo $page;
?>

I also tried using fsockopen(). But, it will not insert the fusion_user. It inserts the cookie: PHPSESSID.


<?php
$url = "/challenges/timed/timed1/index.php";
$fp = fsockopen("www.hellboundhackers.org", 80, $errno, $errstr, 30);
if (!$fp) {
    echo "$errstr ($errno)<br />\n";
} else {
    $out = "GET $url HTTP/1.1\r\n";
    $out .= "Host: www.hellboundhackers.org\r\n";
    $out .= "Cookie: PHPSESSID=session\r\n";
    $out .= "Cookie: fusion_user=id.hash\r\n";
    $out .= "Connection: Close\r\n\r\n";
    fwrite($fp, $out);
    while (!feof($fp)) {
        echo fgets($fp, 1024);
    }
    fclose($fp);
}
?>

korg's Avatar

korg

Admin from hell
0 0

Use: $page = curl_exec($curl); echo $page

Your closing curl before it echoes.


ghost's Avatar

ghost

0 0

korg wrote: Use: $page = curl_exec($curl); echo $page

Your closing curl before it echoes. Hm, would that really matter though? As long as the call to curl_exec is made before the connection closes, and the return of that gets stored in $page, it shouldn't matter when $page is used, even after curl_close is called. Unless I'm mistaken.

@OP: elmiguel, you don't need the verbose, followlocation, or useragent options for the timed challenges. So I think your problem is how you're sending cookies. The only cookie you need to send is your fusionid. The PHPSESSID (except for Timed 7) and _csuid cookies are unnecessary, so you might as well not include the PHPSESSID cookie in the cookie option.


elmiguel's Avatar

elmiguel

Member
2,795 1

Tried echoing it out before closing. Still blank, I will try some regex matches to it later and see if is storing the data correctly or not. Just don't understand why it's blank; weird.


korg's Avatar

korg

Admin from hell
0 0

I've never closed curl before all functions are done. Also You should include the fusion_user and phpsession id. I had some problems connecting without them both, Anyway this works fine for me:


    $curl = curl_init(); 
    curl_setopt($curl, CURLOPT_URL,"http://www.hellboundhackers.org/challenges/timed/timed1/index.php"); 
    curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1); 
    curl_setopt($curl, CURLOPT_FOLLOWLOCATION, 1); 
    curl_setopt($curl, CURLOPT_VERBOSE, 1); 
    curl_setopt($curl, CURLOPT_COOKIE,"fusion_user=xxxxxxxxxxxxxxxx;     PHPSESSID=xxxxxxxxxx;"); 
    curl_setopt($curl, CURLOPT_USERAGENT, "Mozilla/5.0 (X11; U; Linux i686; it; rv:1.8.1.5) Gecko/20070713 Firefox/2.0.0.5"); 
$page = curl_exec($curl);
echo $page
    
?>

p4plus2's Avatar

p4plus2

Member
0 0

Also if you look in the code bank I think system_meltdown wrote a CURL class. You could give that a shot if all else fails. Then if you get his class to work try working backwards from that.


ghost's Avatar

ghost

0 0

korg wrote: Also You should include the fusion_user and phpsession id. I had some problems connecting without them both Are you sure you needed phpsessid? I used Perl for all the timed challenges except 7, and I only needed the fusion_user cookie. Though I did use PHP and cURL for Timed 7, and I did need the PHPSESSID cookie, but that was only to handle retrieving the barcode image.


elmiguel's Avatar

elmiguel

Member
2,795 1

I have read over system's class and function for cURL. Both, give the same result as well as trying the other revisions. It just echos out a blank page.

And yes you do need to use the PHPSESSID and the fusion_user. I have seen a sample script from another challenge done in php it required both. I am starting to wonder if the cURL is not working properly although I followed the instructions fro installing it to the "t". Any other suggestions on why this could be happening? (system?)


korg's Avatar

korg

Admin from hell
0 0

Did you try my script exacty as it is. If it still didn't work you may have a problem in your curl install.


elmiguel's Avatar

elmiguel

Member
2,795 1

Yeah I did, I starting to think its the install. I will do it later when I get home and do it on my computer. Work computer sucks anyway. :p


ghost's Avatar

ghost

0 0

Hey elmiguel, what was the language you originally used to complete the challenges?


elmiguel's Avatar

elmiguel

Member
2,795 1

Javascript with GreaseMonkey 1-5, and Python 6,8. Working on Timed 7 in python. ver: Python 2.6.2


ghost's Avatar

ghost

0 0

elmiguel wrote:

I also tried using fsockopen(). But, it will not insert the fusion_user. It inserts the cookie: PHPSESSID.


<?php
$url = "/challenges/timed/timed1/index.php";
$fp = fsockopen("www.hellboundhackers.org", 80, $errno, $errstr, 30);
if (!$fp) {
    echo "$errstr ($errno)<br />\n";
} else {
    $out = "GET $url HTTP/1.1\r\n";
    $out .= "Host: www.hellboundhackers.org\r\n";
    $out .= "Cookie: PHPSESSID=session\r\n";
    $out .= "Cookie: fusion_user=id.hash\r\n";
    $out .= "Connection: Close\r\n\r\n";
    fwrite($fp, $out);
    while (!feof($fp)) {
        echo fgets($fp, 1024);
    }
    fclose($fp);
}
?>

The reason for that is that you have set "Cookie: " twice. Only set it once and include the whole needed part like so: PHPSESSID=<whatever you've got>; fusion_user=<whatever you've got>; You also need to include "User-Agent: whatever" for HBH to take you seriously. This doesn't even have to be your real user agent, you can put anything there. Like: User-Agent: suck me off hbh, I don't have a proper user agent!

Edit: and don't forget your \r\n.


elmiguel's Avatar

elmiguel

Member
2,795 1

This is what I am getting with fsockopen and adding in the user agent:



HTTP/1.1 302 Found Date: Mon, 10 Aug 2009 21:33:02 GMT Server: Apache X-Powered-By: PHP/5.0.4 Set-Cookie: PHPSESSID=&lt;session id&gt;; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: fusion_visited=TRUE; expires=Tue, 10 Aug 2010 21:33:02 GMT; path=/ Set-Cookie: fusion_user=deleted; expires=Sun, 10 Aug 2008 21:33:01 GMT; path=/ Set-Cookie: fusion_lastvisit=deleted; expires=Sun, 10 Aug 2008 21:33:01 GMT; path=/ Location: ../../../index.php Content-Length: 0 Connection: close Content-Type: text/html

using :


&lt;?php
$url = &quot;/challenges/timed/timed1/index.php&quot;;
$fp = fsockopen(&quot;www.hellboundhackers.org&quot;, 80, $errno, $errstr, 30);
if (!$fp) {
    echo &quot;$errstr ($errno)&lt;br /&gt;&#92;n&quot;;
} else {
    $out = &quot;GET $url HTTP/1.1&#92;r&#92;n&quot;;
    $out .= &quot;Host: www.hellboundhackers.org&#92;r&#92;n&quot;;
    $out .= &quot;User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.2) Gecko/20090729 Firefox/3.5.2 (.NET CLR 3.5.30729)&#92;r&#92;n&quot;;
    $out .= &quot;Cookie: PHPSESSID=session id;fusion_user=id.hash&#92;r&#92;n&quot;;
    $out .= &quot;Connection: Close&#92;r&#92;n&#92;r&#92;n&quot;;
    fwrite($fp, $out);
    while (!feof($fp)) {
        echo fgets($fp, 1024);
    }
    fclose($fp);
}
?&gt;

ghost's Avatar

ghost

0 0

elmiguel wrote: This is what I am getting with fsockopen and adding in the user agent:



HTTP/1.1 302 Found Date: Mon, 10 Aug 2009 21:33:02 GMT Server: Apache X-Powered-By: PHP/5.0.4 Set-Cookie: PHPSESSID=&lt;session id&gt;; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: fusion_visited=TRUE; expires=Tue, 10 Aug 2010 21:33:02 GMT; path=/ Set-Cookie: fusion_user=deleted; expires=Sun, 10 Aug 2008 21:33:01 GMT; path=/ Set-Cookie: fusion_lastvisit=deleted; expires=Sun, 10 Aug 2008 21:33:01 GMT; path=/ Location: ../../../index.php Content-Length: 0 Connection: close Content-Type: text/html

Well did your session run out and you got logged out before you tried it? Either way, just take whatever cookies you have now, stickem in there and try again to make sure.


elmiguel's Avatar

elmiguel

Member
2,795 1

No I logged out , cleared my cache and tried again. Put in the new cookies. But, still nothing, really odd.


elmiguel's Avatar

elmiguel

Member
2,795 1

Hmmmm, works at home, must be something on my works network. Could anything be causing this from a network setting?


ghost's Avatar

ghost

0 0

elmiguel wrote: Hmmmm, works at home, must be something on my works network. Could anything be causing this from a network setting? Remember, the cookies here are IP based. If you were trying to use cookies you got from home over where you work, they won't work.


ghost's Avatar

ghost

0 0

-Kurt- wrote: Remember, the cookies here are IP based. If you were trying to use cookies you got from home over where you work, they won't work. Seems to me he was trying at work first and then at home, not the other way around. Anyhow, it's still true and elmiguel, I'm not sure exactly what you did when you put in new cookies, but clearing the cache won't get rid of old cookies. Clearing the cookies will do that however. What you got was a redirect header (302) which is supposed to show you the way to the main page on HBH. So the connection is fine, either way it must've been your cookies getting fucked up.


elmiguel's Avatar

elmiguel

Member
2,795 1

To restate what I said about the cache, is that I meant cookies (sorry been a long day). I was trying at work. I was thinking that my cURL install may have been messed up or something was being stop by my works network settings. Its seems like it has to be something with the redirect with the 302 error as COM stated. I will look into tomorrow at work.


ghost's Avatar

ghost

0 0

elmiguel wrote: Its seems like it has to be something with the redirect with the 302 error as COM stated. I will look into tomorrow at work. I wouldn't say 302 constitutes an error, as said, all it does is indicate a redirect with the necessary information to where (the "Location:" part). It's the best way to handle redirects when necessary as it doesn't depend on support for scripts or meta tags. As I said odds are that you just fucked something up with your cookies at work, your work's network should have nothing to do with it as the requests are going through. If you're tired you might've just made a copy paste mistake or forgotten to save it properly or anything like that. Can happen to anyone.


elmiguel's Avatar

elmiguel

Member
2,795 1

Well it seems to be working this morning. Thanks for all you help. Seems like my cookies were behaving themselves. =]