TYS 0x02 - PHP in 2019?! Are you insane!?

This post is part of the Test Your Skills series. You can find an introduction here. And an overview of all TYS’s currently available is over here.


There is a reason for everything!

PHP was one of the first web-specialized languages (created 1994) broadly used. Even today, 25 years later, PHP is powering at least parts of most of the web based applications on the internet (~80% - check https://w3techs.com/).

PHP is a language with many faces. In this challenge you might get to know a new one - if you like it or not.

Challenge

In this challenge you are facing the SuperAwesomeAPI! This API has been developed in PHP, implements a key based authentication and provides authorized users with system monitoring capabilities. The scope of this assignment is as follows:

Some rules

OK. Let’s get cracking!

First you need the actual code and supporting files to run the SuperAwesomeAPI. Download the static files and run them like follows:

1
2
3
$> mkdir TYS_0x02 && cd TYS_0x02 && mv ../tys_0x02_files.tar.bz2 .
$> tar xvpf tys_0x02_files.tar.bz2
$> docker run -p 80:80 -v $(pwd):/app/ webdevops/php-nginx:alpine-php7

Once you have the docker container running (thanks webdevops team!) you should be able to browse to http://127.0.0.1/ as well as query the API with curl:

1
2
$> curl http://127.0.0.1/
<pre> [*] Usage: http://localhost/?cmd=< who OR last OR id OR gid OR uname OR calendar >&key=< api key > </pre>

Have fun hunting, feel free to post your approach / write-up and let me know if you have any questions, feedback or general comments in the respective twitter thread over here:
https://twitter.com/mytty_project/status/1111957534993195008


Verify the files you download with:

md5sum     b017c84c521da7c5c6d499a1fc11b8ea                                  cdn/tys/tys_0x02_files.tar.bz2
sha1sum    cca966dedde429860c3b43c6cc6bb1ad3a62b975                          cdn/tys/tys_0x02_files.tar.bz2
sha256sum  7a32a63b49bdb4596492d44213554a2a08be28389222ef4995c649d2106bb590  cdn/tys/tys_0x02_files.tar.bz2