CTFshow-Web入门模块-爆破-web23
题目源码
php代码爆破
<?php/*
# -*- coding: utf-8 -*-
# @Author: h1xa
# @Date: 2020-09-03 11:43:51
# @Last Modified by: h1xa
# @Last Modified time: 2020-09-03 11:56:11
# @email: h1xa@ctfer.com
# @link: https://ctfer.com*/
error_reporting(0);include('flag.php');
if(isset($_GET['token'])){$token = md5($_GET['token']);if(substr($token, 1,1)===substr($token, 14,1) && substr($token, 14,1) ===substr($token, 17,1)){if((intval(substr($token, 1,1))+intval(substr($token, 14,1))+substr($token, 17,1))/substr($token, 1,1)===intval(substr($token, 31,1))){echo $flag;}}
}else{highlight_file(__FILE__);}
?>php代码爆破
<?php
// 设置爆破范围
for ($i = 0; $i < 10000; $i++) {// 生成 MD5 哈希$token = md5($i);// 提取需要验证的字符$a = intval(substr($token, 1, 1)); // 第 1 个字符$b = intval(substr($token, 14, 1)); // 第 14 个字符$c = intval(substr($token, 17, 1)); // 第 17 个字符$d = intval(substr($token, 31, 1)); // 第 31 个字符// 检查条件 1:字符位置相等if (substr($token, 1, 1) === substr($token, 14, 1) && substr($token, 14, 1) === substr($token, 17, 1)) {// 检查条件 2:数学运算结果if ($a !== 0 && ($a + $b + $c) / $a === $d) {// 输出满足条件的结果echo "Found valid token: $i\n";echo "MD5 hash: $token\n";break; // 找到后退出循环}}
}
?>https://www.bejson.com/runcode/php/
https://00a5ad8c-664e-47f6-aed8-fe3f9a6954e9.challenge.ctf.show/?token=422
