Expiring PHP Info

expiring_phpinfo.php

<?php 
header('Cache-Control: private');
$token_hash = $_GET["token"];
$shared_secret = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaa";
$expected_hash = "cccccccccccccccccccccccccccccc";
$expiring_hash = hash_hmac("sha256", date("Ymd"), $shared_secret);
$hashed_value = hash_hmac("sha256", $expiring_hash.$token_hash, $shared_secret);
if (hash_equals($expected_hash, $hashed_value) ) {
  phpinfo();
} else {
  http_response_code(403);
  die('Forbidden');
}

/*
Instructions:
Generate Secrets and then replace the placeholder values aaaaaa and cccccc on the 
server side php script, and run the request side command to generate the token needed
when making a web request against the server side script. Once you have the token_hash
you can use that value in the web request /info.php?token=xxxxxx

Because the current date is used in the compared hash value, once a new date is reached 
the token will no longer be valid, and new secrets should be regenerated.


# Generate Secrets
php -r '
$shared_secret = bin2hex(random_bytes(32));
$token = bin2hex(random_bytes(32));
$token_hash = hash_hmac("sha256", $token, $shared_secret);
$expiring_hash = hash_hmac("sha256", date("Ymd"), $shared_secret);
$hashed_value = hash_hmac("sha256", $expiring_hash.$token_hash, $shared_secret);
echo "shared_secret: $shared_secret\n";
echo "token: $token\n";
echo "hashed_value: $hashed_value\n";
'



# Request Side
php -r '
$shared_secret = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaa";
$token = "bbbbbbbbbbbbbbbbbbbbbbbbbbbbbb";
$token_hash = hash_hmac("sha256", $token, $shared_secret);
echo "token_hash: $token_hash\n";
'



# Server Side
php -r '
$token_hash = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"; # $_GET["token"]
$shared_secret = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaa";
$expected_hash = "cccccccccccccccccccccccccccccc";
$expiring_hash = hash_hmac("sha256", date("Ymd"), $shared_secret);
$hashed_value = hash_hmac("sha256", $expiring_hash.$token_hash, $shared_secret);
if (hash_equals($expected_hash, $hashed_value) ) {
    echo "hashes match\n";
}
'

*/