Insomni'hack 2019: phpain
I participated at the Insomni'hack CTF 2019 with some colleagues. One of the challenges that we solved was the phpain challenge. I'd like to give a description here and explain how I solved it. This was one of the easiest challenges that most teams solved. Given was a network IP address and the source code of the page. With this information you can also try to solve it. So I downloaded the source code, which was PHP and I just found this obfuscated code, when opening it in Notepad: View of source code in Notepad So as you can see, this is nicely obfuscated code. As I was working on Windows, I suspected that the file endings were note working, so I opened it in Visual Studio: Opening the obfuscated file in Visual Studio My first idea was to manually de-obfuscate this. But given the size of the file, that idea was quickly discarded. Also, I wanted to try out how this works, because I was not used to PHP. The first statement probably takes the uninitialized variable