HBH Timed 6

Quote

Your objective is to get the second result from the Google UK © search engine for the word: matrix and post back the URL of the second result, encoded in base64, as follows: url=base64_encoded_url

Don't forget to change the CURLOPT_COOKIE option value to your own cookie.

Notice: I have to admit that I wasn't sober when I wrote this piece of code, it's not very effective really.
However it did finish the challenge for me after several attempts, if the script doesn't work just reply here, so I can make some modifications.

<?php
while(true){

$curl = curl_init();

curl_setopt($curl, CURLOPT_URL,"http://www.hellboundhackers.org/challenges/timed/timed6/index.php");

curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);

curl_setopt($curl, CURLOPT_FOLLOWLOCATION, 1);

curl_setopt($curl, CURLOPT_REFERER,"http://www.hellboundhackers.org/challenges/timed/timed5/index.php");

curl_setopt($curl, CURLOPT_VERBOSE, 1);

curl_setopt($curl, CURLOPT_COOKIE,"fusion_user=xxx.xxxxxxxxx; PHPSESSID=xxxxxxxxxxxx;");

curl_setopt($curl, CURLOPT_USERAGENT, "Mozilla/5.0 (X11; U; Linux i686; it; rv:1.8.1.5) Gecko/20070713 Firefox/2.0.0.5");

$result = curl_exec($curl);

curl_close($curl);

@preg_match_all('/<strong>([a-z]+)<\/strong> and/',$result,$aMatches);

@preg_match_all('/the ([a-z]+) result/',$result,$aResults);

// search

$sSearch = $aMatches[1][0];

// offset

$sOffset = $aResults[1][0];

$aOffset = array();

$aOffset['first'] = "1";

$aOffset['second'] = "2";

$aOffset['third'] = "3";

$aOffset['fourth'] = "4";

$aOffset['fifth'] = "5";

$aOffset['sixth'] = "6";

$aOffset['seventh'] = "7";

$aOffset['eighth'] = "8";

$aOffset['ninth'] = "9";

$aOffset['tenth'] = "10";

$iOffset = $aOffset[$sOffset];

echo "trying string ".$sSearch." as ".$iOffset."
\n";

//flush();

//ob_flush();

$curl1 = curl_init();

curl_setopt($curl1, CURLOPT_URL,"http://www.google.co.uk/search?hl=nl&q=".$sSearch."&btnG=Google+zoeken&meta=");

curl_setopt($curl1, CURLOPT_POST, 0);

curl_setopt($curl1, CURLOPT_RETURNTRANSFER, 1);

curl_setopt($curl1, CURLOPT_FOLLOWLOCATION, 1);

curl_setopt($curl1, CURLOPT_COOKIE,"fusion_user=xxx.xxxxxxxxx; PHPSESSID=xxxxxxxxxxxx;");

curl_setopt($curl1, CURLOPT_USERAGENT, "Mozilla/5.0 (X11; U; Linux i686; it; rv:1.8.1.5) Gecko/20070713 Firefox/2.0.0.5");

curl_setopt($curl1, CURLOPT_REFERER,"http://www.hellboundhackers.org/challenges/timed/timed6/index.php");

$result1 = curl_exec($curl1);

curl_close($curl1);

@preg_match_all("/<a href=\"(.*)\"/Ui",$result1,$aMatches1);

$iTemp = 0;

$sTemp = "";

for($x=0;$x<count($aMatches1[1]);$x++){

if($aMatches1[1][$x][0]!="h"){

continue;

}

if(ereg("google",$aMatches1[1][$x])){

continue;

}

$iTemp++;

if($iTemp==$iOffset){

$sTemp .= $aMatches1[1][$x];

break;

}

$sPrev = $sTemp;

$curl2 = curl_init();

curl_setopt($curl2, CURLOPT_URL,"http://www.hellboundhackers.org/challenges/timed/timed6/index.php");

curl_setopt($curl2, CURLOPT_RETURNTRANSFER, 1);

curl_setopt($curl2, CURLOPT_FOLLOWLOCATION, 1);

curl_setopt($curl2, CURLOPT_POST, 1);

curl_setopt($curl2, CURLOPT_POSTFIELDS, "url=".base64_encode($sPrev));

curl_setopt($curl2, CURLOPT_REFERER,"http://www.hellboundhackers.org/challenges/timed/timed6/index.php");

curl_setopt($curl2, CURLOPT_VERBOSE, 1);

curl_setopt($curl2, CURLOPT_COOKIE,"fusion_user=xxx.xxxxxxxxx; PHPSESSID=xxxxxxxxxxxx;");

curl_setopt($curl2, CURLOPT_USERAGENT, "Mozilla/5.0 (X11; U; Linux i686; it; rv:1.8.1.5) Gecko/20070713 Firefox/2.0.0.5");

$result2 = curl_exec($curl2);

curl_close($curl2);

if(!ereg("Wrong string",$result2)){

echo"gotcha!!!!!";

break;

}

echo "failed
\n";

}

?>