学习学习!要开始疯狂写博客了
Hash长度扩展攻击 以MD5为例
Ctf题目 这是实验吧上的一道题目
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 <html> <body> <pre> $flag = "XXXXXXXXXXXXXXXXXXXXXXX"; $secret = "XXXXXXXXXXXXXXX"; // This secret is 15 characters long for security! $username = $_POST["username"]; $password = $_POST["password"]; if (!empty($_COOKIE["getmein"])) { if (urldecode($username) === "admin" && urldecode($password) != "admin") { if ($COOKIE["getmein"] === md5($secret . urldecode($username . $password))) { echo "Congratulations! You are a registered user.\n"; die ("The flag is ". $flag); } else { die ("Your cookies don't match up! STOP HACKING THIS SITE."); } } else { die ("You are not an admin! LEAVE."); } } setcookie("sample-hash", md5($secret . urldecode("admin" . "admin")), time() + (60 * 60 * 24 * 7)); if (empty($_COOKIE["source"])) { setcookie("source", 0, time() + (60 * 60 * 24 * 7)); } else { if ($_COOKIE["source"] != 0) { echo ""; // This source code is outputted here } } </pre> <h1>Admins Only!</h1> <p>If you have the correct credentials, log in below. If not, please LEAVE.</p> <form method="POST"> Username: <input type="text" name="username"> <br> Password: <input type="password" name="password"> <br> <button type="submit">Submit</button> </form> </body> </html>
逻辑大概是
