The Token Challenge

Legend has it if you find the four Tokens, you can summon Nyan Cat to grant you one wish

Your goal is to capture as many tokens (from victim) as possible. They are token0, token1, token2 and token31337, where the number appended implies its difficulty.

Rules:

>>> Start here <<<

Find @filedescriptor or filedescriptor@gmail.com to grant you wishes instead.

Hall of fame

Level 31337 (are you trying to trick me into submitting 0day?)

@SecurityMB (done in 1 browser with unexpected approach)

Level 2 (a tough one!)

@SecurityMB (done in all browser)

@kinugawamasato (done in 2 browsers)

@BenHayak (done in all browsers)

@Raz0r (done in 1 browser)

Level 1 (hmm sneaky stuff)

@SecurityMB (done in 2 browsers)

@kinugawamasato (done in 1 browser)

@BenHayak (done in 1 browsers)

@cgvwzq (done in 1 browser)

@Raz0r (done in 2 browser)

Level 0 (meh easy as ABC)

@SecurityMB (done in all browsers)

@kinugawamasato (done in 1 browser)

@BenHayak (done in all browsers)

@cgvwzq (done in all browsers)

@Raz0r (done in all browsers)

Source Code:

<?php header('Content-Type: text/html; charset=utf-8'); header('X-UA-Compatible: IE=edge'); header('X-XSS-Protection: 0'); $ua = $_SERVER['HTTP_USER_AGENT']; $token0 = hash('md5', $ua); $token1 = hash('adler32', $ua); $token2 = hash('sha1', $ua); $token31337 = hash('sha256', $ua); if (!isset($_GET['token0']) || $_GET['token0'] !== $token0) header("Location: ?token0=$token0#token1=$token1"); ?> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <link rel="stylesheet" href="<?php echo htmlspecialchars($_SERVER['PHP_SELF']); ?>/../styles.css"> <title>The Chamber</title> <meta name="token2" content="<?php echo $token2; ?>"> </head> <body> <script src="<?php echo htmlspecialchars($_SERVER['PHP_SELF']); ?>/../scripts.js"></script> <script type="text/debug">;{"token31337":"<?php echo $token31337; ?>"}</script> </body> </html>