본문 바로가기
컴퓨터/webhacking.kr

webhacking.kr 6번

by 싱판다 2012. 12. 23.


문제를 접근하면 아이디와 패스워드가 나와있고 위에 base64가 나와있다. 뭔가 암호를 시키라는 문제 같다. 이번 문제도 index.phps를 통하여 소스를 살펴보도록 하겠다.


<html>

<head>

<title>Challenge 6</title>

</head>

<body>

 

<?

if(!$_COOKIE[user]){

  $val_id="guest";

  $val_pw="123qwe";

 

  for($i=0;$i<20;$i++){

    $val_id=base64_encode($val_id);

    $val_pw=base64_encode($val_pw);

  }

  $val_id=str_replace("1","!",$val_id);

  $val_id=str_replace("2","@",$val_id);

  $val_id=str_replace("3","$",$val_id);

  $val_id=str_replace("4","^",$val_id);

  $val_id=str_replace("5","&",$val_id);

  $val_id=str_replace("6","*",$val_id);

  $val_id=str_replace("7","(",$val_id);

  $val_id=str_replace("8",")",$val_id);

  

  $val_pw=str_replace("1","!",$val_pw);

  $val_pw=str_replace("2","@",$val_pw);

  $val_pw=str_replace("3","$",$val_pw);

  $val_pw=str_replace("4","^",$val_pw);

  $val_pw=str_replace("5","&",$val_pw);

  $val_pw=str_replace("6","*",$val_pw);

  $val_pw=str_replace("7","(",$val_pw);

  $val_pw=str_replace("8",")",$val_pw);

   

  Setcookie("user",$val_id);

  Setcookie("password",$val_pw);

   

  echo("<meta http-equiv=refresh content=0>");

 }

?>


<html>

<head>

<title>Challenge 6</title>

</head>

<body>

 

<?

  $decode_id=$_COOKIE[user];

  $decode_pw=$_COOKIE[password];

 

  $decode_id=str_replace("!","1",$decode_id);

  $decode_id=str_replace("@","2",$decode_id);

  $decode_id=str_replace("$","3",$decode_id);

  $decode_id=str_replace("^","4",$decode_id);

  $decode_id=str_replace("&","5",$decode_id);

  $decode_id=str_replace("*","6",$decode_id);

  $decode_id=str_replace("(","7",$decode_id);

  $decode_id=str_replace(")","8",$decode_id);

 

  $decode_pw=str_replace("!","1",$decode_pw);

  $decode_pw=str_replace("@","2",$decode_pw);

  $decode_pw=str_replace("$","3",$decode_pw);

  $decode_pw=str_replace("^","4",$decode_pw);

  $decode_pw=str_replace("&","5",$decode_pw);

  $decode_pw=str_replace("*","6",$decode_pw);

  $decode_pw=str_replace("(","7",$decode_pw);

  $decode_pw=str_replace(")","8",$decode_pw);

    

  for($i=0;$i<20;$i++)

  {

    $decode_id=base64_decode($decode_id);

    $decode_pw=base64_decode($decode_pw);

  }

 

  echo("ID : $decode_id<br>");

  echo("PW : $decode_pw<br>");

  

  if($decode_id=="admin" && $decode_pw=="admin")

  {

    @solve();

  }

?>

<!--

index.phps

-->

</body>

</html> 

 살펴보면 지금 문제 화면에서 나오는 아이디와 패스워드를 base64 20번 암호화 시키고 str_replace 함수를 이용하여 숫자들을 변환하고 그 값을 쿠키에 넣어 준다는 것을 알 수 있다.

그리고 refresh 시켜 쿠키값을 가지고 복호화 시키고 문자열을 바꿔주는데 아이디와 패스워드가 admin이면 문제가 풀린다는 것을 알 수 있었다. 그래서 위와 같이 코딩하여 admin을 암호화하고 변환한 뒤의 값을 찾아 쿠키에 넣어주어야 된다는 것을 알 수 있었다.

코딩으로 나온 값은

Vm0wd@QyUXlVWGxWV0d^V!YwZDRWMVl$WkRSV0!WbDNXa!JTVjAxV@JETlhhMUpUVmpBeFYySkVUbGhoTVVwVVZtcEJlRll&U@tWVWJHaG9UVlZ$VlZadGNFSmxSbGw!VTJ0V!ZXSkhhRzlVVmxaM!ZsWmFjVkZ0UmxSTmJFcEpWbTEwYTFkSFNrZGpSVGxhVmpOU!IxcFZXbUZrUjA!R!UyMTRVMkpIZHpGV!ZFb$dWakZhV0ZOcmFHaFNlbXhXVm!wT!QwMHhjRlpYYlVaclVqQTFSMWRyV@&kV0!ERkZVbFJHVjFaRmIzZFdha!poVjBaT@NtRkhhRk&sYlhoWFZtMXdUMVF$TUhoalJscFlZbGhTV0ZSV@FFTlNiRnBZWlVaT!ZXSlZXVEpWYkZKRFZqQXhkVlZ!V@xaaGExcFlXa!ZhVDJOc@NFZGhSMnhUVFcxb@IxWXhaREJaVmxsM!RVaG9hbEpzY0ZsWmJGWmhZMnhXY!ZGVVJsTk&WMUo!VmpKNFQxWlhTbFpYVkVwV!lrWktTRlpxUm!GU@JVbDZXa!prYUdFeGNHOVdha0poVkRKT@RGSnJhR@hTYXpWeldXeG9iMWRHV@&STldHUlZUVlpHTTFSVmFHOWhiRXB*WTBac!dtSkdXbWhaTVZwaFpFZFNTRkpyTlZOaVJtOTNWMnhXWVZReFdsaFRiRnBZVmtWd!YxbHJXa$RUUmxweFVtMUdVMkpWYkRaWGExcHJZVWRGZUdOSE9WZGhhMHBvVmtSS!QyUkdTbkpoUjJoVFlYcFdlbGRYZUc&aU!XUkhWMjVTVGxOSGFGQlZiVEUwVmpGU!ZtRkhPVmhTTUhCNVZHeGFjMWR0U@tkWGJXaGFUVzVvV0ZreFdrZFdWa$B*VkdzMVYySkdhM@hXYTFwaFZURlZlRmR!U@s!WFJYQnhWVzB^YjFZeFVsaE9WazVPVFZad@VGVXlkREJXTVZweVkwWndXR0V^Y0ROV@FrWkxWakpPU!dKR!pGZFNWWEJ@Vm!0U!MxUXlUWGxVYTFwb!VqTkNWRmxZY0ZkWFZscFlZMFU!YVUxcmJEUldNalZUVkd^a!NGVnNXbFZXYkhCWVZHdGFWbVZIUmtoUFYyaHBVbGhDTmxkVVFtRmpNV!IwVTJ0a!dHSlhhR0ZVVnpWdlYwWnJlRmRyWkZkV@EzQjZWa@R*TVZZd0!WWmlla!pYWWxoQ!RGUnJXbEpsUm!SellVWlNhVkp!UW&oV!YzaHJWVEZzVjFWc!dsaGlWVnBQVkZaYWQyVkdWWGxrUkVKWFRWWndlVmt$V@&kWFIwVjRZMFJPV@!FeVVrZGFWM@hIWTIxS!IxcEhiRmhTVlhCS!ZtMTBVMU!^VlhoWFdHaFlZbXhhVjFsc!pHOVdSbXhaWTBaa@JHSkhVbGxhVldNMVlWVXhXRlZyYUZkTmFsWlVWa@Q0YTFOR!ZuTlhiRlpYWWtoQ!NWWkdVa@RWTVZwMFVtdG9VRll&YUhCVmJHaERUbXhrVlZGdFJtcE&WMUl$VlRKMGExZEhTbGhoUjBaVlZucFdkbFl$V@&OT@JFcHpXa@R$YVZORlNrbFdNblJyWXpGVmVWTnVTbFJpVlZwWVZGYzFiMWRHWkZkWGJFcHNVbTFTZWxsVldsTmhWa$AxVVd^d!YySllVbGhhUkVaYVpVZEtTVk&zYUdoTk!VcFZWbGN^TkdReVZrZFdiR!JvVW&wc@IxUldXbmRsYkZsNVkwVmtWMDFFUmpGWlZXaExWMnhhV0ZWclpHRldNMmhJV!RJeFMxSXhjRWhpUm!oVFZsaENTMVp0TVRCVk!VMTRWbGhvV0ZkSGFGbFpiWGhoVm!^c@NscEhPV$BTYkhCNFZrY$dOVll^V@&OalJXaFlWa!UxZGxsV!ZYaFhSbFp&WVVaa!RtRnNXbFZXYTJRMFdWWktjMVJ!VG!oU@JGcFlXV$hhUm!ReFduRlJiVVphVm0xU!NWWlhkRzloTVVwMFlVWlNWVlpXY0dGVVZscGhZekZ$UlZWdGNFNVdNVWwzVmxSS0!HRXhaRWhUYkdob!VqQmFWbFp0ZUhkTk!WcHlWMjFHYWxacmNEQmFSV!F$VmpKS@NsTnJhRmRTTTJob!ZrUktSMVl^VG&WVmJFSlhVbFJXV!ZaR!l*RmlNV!JIWWtaV!VsZEhhRlJVVm!SVFpXeHNWbGRzVG!oU!ZFWjZWVEkxYjFZeFdYcFZiR@hZVm!^d!lWcFZXbXRrVmtwelZtMXNWMUl*YURWV0!XUXdXVmRSZVZaclpGZGliRXB&Vld0V!MySXhiRmxqUldSc!ZteEtlbFp0TURWWFIwcEhZMFpvV@sxSGFFeFdNbmhoVjBaV@NscEhSbGROTW!oSlYxUkplRk!^U!hoalJXUmhVbXMxV0ZZd!ZrdE&iRnAwWTBWa!dsWXdWalJXYkdodlYwWmtTR0ZHV@xwaVdHaG9WbTE0YzJOc!pISmtSM0JUWWtad0&GWlhNVEJOUmxsNFYyNU9hbEpYYUZoV@FrNVRWRVpzVlZGWWFGTldhM0I@VmtkNFlWVXlTa!pYV0hCWFZsWndSMVF^V@tOVmJFSlZUVVF$UFE9PQ==

으로 상당히 긴 값이 나왔다. 이 값을 쿠키에 id pw에 넣어주었다.


그러면 문제 페이지가 다음과 같이 바뀌며 풀리게 된다.

'컴퓨터 > webhacking.kr' 카테고리의 다른 글

webhacking.kr 10번  (0) 2012.12.24
webhacking.kr 7번  (0) 2012.12.23
webhacking.kr 5번  (0) 2012.12.23
webhacking.kr 4번  (0) 2012.12.23
webhacking.kr 3번  (0) 2012.12.23

관련글

댓글

티스토리툴바