<?php
/*
This is my script to complete the timed challenges #1, #2, #3, #4 & #5 from www.hellboundhackers.org

By Ross Markham
*/

if(!isset($_REQUEST['user']) || !isset($_REQUEST['pass'])){
$thispage = substr($_SERVER["SCRIPT_NAME"],strrpos($_SERVER["SCRIPT_NAME"],"/")+1);
echo ("
  <center>
    <form method=\"post\" action=\"./".$thispage."\">
      <small>
         name: <input type=\"text\" name=\"user\" value=\"\" /><br />
         pass: <input type=\"password\" name=\"pass\" value=\"\" /><br />
		 <input type=\"checkbox\" name=\"ChallBox1\" value=\"true\" checked \> Challenge #1<br />
		 <input type=\"checkbox\" name=\"ChallBox2\" value=\"true\" checked \> Challenge #2<br />
		 <input type=\"checkbox\" name=\"ChallBox3\" value=\"true\" checked \> Challenge #3<br />
		 <input type=\"checkbox\" name=\"ChallBox4\" value=\"true\" checked \> Challenge #4<br />
		 <input type=\"checkbox\" name=\"ChallBox5\" value=\"true\" checked \> Challenge #5<br />
		 <input type=\"checkbox\" name=\"ChallBox6\" value=\"true\" checked \> Challenge #6<br />
         &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input type=\"submit\" value=\"Submit\" name=\"submit\" /><br />
      </small>
    </form>
  </center>
");
}else{
   $complete01 = 0;
   $complete02 = 0;
   $complete03 = 0;
   $complete04 = 0;
   $complete05 = 0;
   $complete06 = 0;
   $cookie=tempnam('','');
   
   // Login
   $url = 'http://www.hellboundhackers.org/index.php';
   $post = "user_name=".$_REQUEST['user']."&user_pass=".$_REQUEST['pass']."&remember_me=y&login=Login";
   fetch($url,$post,$cookie);
   $url = 'http://www.hellboundhackers.org/edit_profile.php';
   $loggedin = fetch($url,false,$cookie);
   if(strpos($loggedin, "Members only") !== false){ echo "Incorrect Username or Password <br />"; exit; }
   
   //Challenge 1
   while($complete01 == 0 && $_REQUEST['ChallBox1'] == "true"){
      $url = 'http://www.hellboundhackers.org/challenges/timed/timed1/index.php';
      $chall1 = fetch($url,false,$cookie);
      $explode = explode("string: ", $chall1);
      $string = explode(" and answer",$explode[1]); 
	  $string[0] = base64_decode($string[0]);
	  $url = 'http://www.hellboundhackers.org/challenges/timed/timed1/index.php?b64='.$string[0];
	  $chall1 = fetch($url,false,$cookie);
	  if ((strlen(strstr($chall1,"Congrats!"))>0)||(strlen(strstr($chall1,"You already beat this"))>0)) {
	     echo "Challenge 01 complete<br />";   
		 $complete01 = 1;
	  }else{
	     echo "Challenge 01 fail...<br />";
	  }
   }
   
   //Challenge 2
   while($complete02 == 0 && $_REQUEST['ChallBox2'] == "true"){
      $result = 0;
      $url = 'http://www.hellboundhackers.org/challenges/timed/timed2/index.php';
      $chall2 = fetch($url,false,$cookie);
      $explode = explode("string is: ", $chall2);
      $string = explode("<br /><br />",$explode[1]); 
	  $str = $string[0];
	  for($i=0;$i <= strlen($str); $i++){
	     if(is_numeric($str{$i})){ $result = $result + $str{$i}; }
	  }
	  $url = 'http://www.hellboundhackers.org/challenges/timed/timed2/index.php?check';
	  $post = "ans=".$result;
	  $chall2 = fetch($url,$post,$cookie);
	  if ((strlen(strstr($chall2,"Congrats!"))>0)||(strlen(strstr($chall2,"You already beat this"))>0)) {
	     echo "Challenge 02 complete<br />";   
		 $complete02 = 1;
	  }else{
	     echo "Challenge 02 fail...<br />";
	  }
   }
   
   //Challenge 3
   if( $_REQUEST['ChallBox3'] == "true"){
      $result = 0;
      $url = 'http://www.hellboundhackers.org/challenges/timed/timed3/data.txt';
      $chall3 = fetch($url,false,$cookie);
      $plaintext = explode(",", $chall3);
      for($i=0;$i <= count($plaintext); $i++){
	     $hashed[$i] = md5($plaintext[$i]);
      }
      $url = 'http://www.hellboundhackers.org/challenges/timed/timed3/index.php';
      $chall3 = fetch($url,false,$cookie);
      $pop = explode("string is: ", $chall3);
      $string = explode("<br />",$pop[1]); 
      $str = $string[0];	  
      for($i=0;$i <= count($hashed); $i++){
         if($str == $hashed[$i]){
		    $result = $i;
		    break;
	     }
      }
      $url = 'http://www.hellboundhackers.org/challenges/timed/timed3/index.php?check';
      $post = "ans=".$plaintext[$result];
      $chall3 = fetch($url,$post,$cookie);
      if ((strlen(strstr($chall3,"Congrats!"))>0)||(strlen(strstr($chall3,"You already beat this"))>0)) {
         echo "Challenge 03 complete<br />";   
      }else{
         echo "Challenge 03 fail... (have to try again in 5 mins)<br />";
      }
   }	  
	  
   //Challenge 4
   $attempt = 0;
   while($complete04 == 0 && $_REQUEST['ChallBox4'] == "true"){
      $url = 'http://www.hellboundhackers.org/challenges/timed/timed4/index.php';
      $chall4 = fetch($url,false,$cookie);
      $explode = explode("word is: <strong>", $chall4);
      $string = explode("</strong><br />",$explode[1]); 
	  $str = $string[0].$string[0];
	  $result = $str{0};
	  for($i=1;$i <= strlen($str); $i++){
	     if($i & 1){ 
		    $result .= $str{$i + 2}; 
		 }else{
		    $result .= $str{$i};
		 }
         if($result{$i} == $str{1} && $i > 1){ break; }
	  }
	  $url = 'http://www.hellboundhackers.org/challenges/timed/timed4/index.php?check';
	  $post = "ans=".$result;
	  $chall4 = fetch($url,$post,$cookie);
	  if ((strlen(strstr($chall4,"Congrats!"))>0)||(strlen(strstr($chall4,"You already beat this"))>0)) {
	     echo "Challenge 04 complete<br />";   
    	 $complete04 = 1;
	  }else{
	     echo "Challenge 04 fail... OR you've already completed it!<br />";
		 if($attempt == 10){ $complete04 = 1; }
		 $attempt++;
	  }
   }
   
   //Challenge 5
   while($complete05 == 0 && $_REQUEST['ChallBox5'] == "true"){
      $url = 'http://www.hellboundhackers.org/challenges/timed/timed5/index.php';
      $chall5 = fetch($url,false,$cookie);
      $explode = explode("to make ", $chall5);
      $string = explode("into ",$explode[1]); 
      if($string[0] > 1337){
	     $string[0] = $string[0] - 1337;
		 $string[0] = "minus_".$string[0];
	  }else{
	  	 $string[0] = 1337 - $string[0];
		 $string[0] = "plus_".$string[0];
	  }
	  $url = 'http://www.hellboundhackers.org/challenges/timed/timed5/index.php?password='.$string[0];
	  $chall5 = fetch($url,false,$cookie);
	  if ((strlen(strstr($chall1,"Congrats!"))>0)||(strlen(strstr($chall5,"You already beat this"))>0)) {
	     echo "Challenge 05 complete<br />";   
		 $complete05 = 1;
	  }else{
	     echo "Challenge 05 fail...<br />";
	  }
   }
   
}

function fetch($url,$post=false,$cookie=false,$timeout=30) {
   $ch = curl_init();
   curl_setopt($ch, CURLOPT_URL, $url);
   if ($cookie) {
      curl_setopt($ch, CURLOPT_COOKIEJAR, $cookie);
      curl_setopt($ch, CURLOPT_COOKIEFILE, $cookie);
   }
   if ($post) {
      curl_setopt($ch, CURLOPT_POSTFIELDS, $post);
      curl_setopt($ch, CURLOPT_POST, TRUE);
   }
   curl_setopt($ch, CURLOPT_TIMEOUT, $timeout);
   curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
   curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6");
   curl_setopt($ch, CURLOPT_FOLLOWLOCATION, TRUE);
   //curl_setopt($ch, CURLOPT_HEADER, TRUE); //debug
   $output=curl_exec($ch);
   curl_close($ch);
   return $output;
}

?>