[Day10] Web 小快乐
今天又是快乐星期六滑板日,很享受在长板上滑行的感觉
你各位,我发现我昨天不知道在嗨什麽
以为昨天就是铁人连续发文第10天
结果今天才是,哈哈哈哈
我们今天一样解 Web
我会写的比较赶喔,因为我现场写,而且现在11点
我要跟时间赛跑~
It is my Birthday (100 points)
I sent out 2 invitations to all of my friends for my birthday! I'll know if they get stolen because the two invites look similar, and they even have the same md5 hash, but they are slightly different! You wouldn't believe how long it took me to find a collision. Anyway, see if you're invited by submitting 2 PDFs to my website. http://mercury.picoctf.net:48746/
Hints
1.Look at the category of this problem.
2.How may a PHP site check the rules in the description?
这是连结点下去的样子
有一个表格,我们可以上传2个文件看看
<div class="jumbotron">
<p class="lead"></p>
<div class="row">
<div class="col-xs-12 col-sm-12 col-md-12">
<h3>See if you are invited to my party!</h3>
</div>
</div>
<br/>
<div class="upload-form">
<form role="form" action="/index.php" method="post" enctype="multipart/form-data">
<div class="row">
<div class="form-group">
<input type="file" name="file1" id="file1" class="form-control input-lg">
<input type="file" name="file2" id="file2" class="form-control input-lg">
</div>
</div>
<div class="row">
<div class="col-xs-12 col-sm-12 col-md-12">
<input type="submit" class="btn btn-lg btn-success btn-block" name="submit" value="Upload">
</div>
</div>
</form>
</div>
</div>
我们刚刚上传2个相同文件,可以来找逻辑
┌──(user@kali)-[/media/sf_CTFs/pico/It_is_my_Birthday]
└─$ echo test > test.txt
┌──(user@kali)-[/media/sf_CTFs/pico/It_is_my_Birthday]
└─$ curl -F '[email protected]' -F '[email protected]' -F 'submit=Upload' http://mercury.picoctf.net:50970/index.php
Not a PDF!
这网站认出我们上传的其中一个文件,会不会好奇
怎麽确认文件类型?
最快速的方法就是档名写清楚
┌──(user@kali)-[/media/sf_CTFs/pico/It_is_my_Birthday]
└─$ mv test.txt test.pdf
┌──(user@kali)-[/media/sf_CTFs/pico/It_is_my_Birthday]
└─$ curl -F '[email protected]' -F '[email protected]' -F 'submit=Upload' http://mercury.picoctf.net:50970/index.php
Files are not different!
这是个用 PHP 写的站,然後阿他有点复杂
我不太会解释,时间问题我先省略
┌──(user@kali)-[/media/sf_CTFs/pico/It_is_my_Birthday]
└─$ php -r "echo md5('240610708');"
0e462097431906509019562988736854
┌──(user@kali)-[/media/sf_CTFs/pico/It_is_my_Birthday]
└─$ php -r "echo md5('QNKCDZO');"
0e830400451993494058024219903391
┌──(user@kali)-[/media/sf_CTFs/pico/It_is_my_Birthday]
└─$ php -r "var_dump(md5('240610708') == md5('QNKCDZO'));"
bool(true)
记得 md5 hash 吗?
┌──(user@kali)-[/media/sf_CTFs/pico/It_is_my_Birthday]
└─$ echo -n "240610708" > f1.pdf
┌──(user@kali)-[/media/sf_CTFs/pico/It_is_my_Birthday]
└─$ echo -n "QNKCDZO" > f2.pdf
┌──(user@kali)-[/media/sf_CTFs/pico/It_is_my_Birthday]
└─$ md5sum f1.pdf f2.pdf
0e462097431906509019562988736854 f1.pdf
0e830400451993494058024219903391 f2.pdf
┌──(user@kali)-[/media/sf_CTFs/pico/It_is_my_Birthday]
└─$ curl -F '[email protected]' -F '[email protected]' -F 'submit=Upload' http://mercury.picoctf.net:50970/index.php -s | egrep -o "picoCTF{[^}]+}"
picoCTF{c0ngr4ts_u_r_1nv1t3d_73b0c8ad}
flag 就出来罗~
The flag: picoCTF{c0ngr4ts_u_r_1nv1t3d_73b0c8ad}
呼,好赶我知道这篇没写完整,有空再回来补
先让我发文,感谢各位喔
<<: DAY10 Line Messaging API 的各种讯息格式
[从0到1] C#小乳牛 练成基础程序逻辑 Day 24 - String操纵术I 遍历综合技 Trim()
Scrabble串起来 | 字串=字元阵列 | 去头去尾 ...
Day14 用 100 寸超大萤幕写 Code 的感觉 - 用 metatable 改变预设行为
前两天我已经学会用 CC: Tweaked 电脑读取磁片和播放音乐 今天我要来写 Code 啦 !!...
[Day14] swift & kotlin 实作篇!(5) 基本版面配置
swift 接下来~就让我们还拉一下版面吧 设定背景 首先点选左侧 Main.storyboard ...
[ Day 3 ] - 运算式与运算子
运算式与运算子 运算式 透过运算子进行运算而得到指定的结果值 运算子的介绍 这边会列出几个简单算是常...
单元测试相关
单元测试相关 https://wolkesau.medium.com/ecd69a7ff588 用J...