今天又是快樂星期六滑板日,很享受在長板上滑行的感覺
你各位,我發現我昨天不知道在嗨什麼
以為昨天就是鐵人連續發文第10天
結果今天才是,哈哈哈哈
我們今天一樣解 Web
我會寫的比較趕喔,因為我現場寫,而且現在11點
我要跟時間賽跑~
I sent out 2 invitations to all of my friends for my birthday! I'll know if they get stolen because the two invites look similar, and they even have the same md5 hash, but they are slightly different! You wouldn't believe how long it took me to find a collision. Anyway, see if you're invited by submitting 2 PDFs to my website. http://mercury.picoctf.net:48746/
Hints
1.Look at the category of this problem.
2.How may a PHP site check the rules in the description?
這是連結點下去的樣子
有一個表格,我們可以上傳2個文件看看
<div class="jumbotron">
<p class="lead"></p>
<div class="row">
<div class="col-xs-12 col-sm-12 col-md-12">
<h3>See if you are invited to my party!</h3>
</div>
</div>
<br/>
<div class="upload-form">
<form role="form" action="/index.php" method="post" enctype="multipart/form-data">
<div class="row">
<div class="form-group">
<input type="file" name="file1" id="file1" class="form-control input-lg">
<input type="file" name="file2" id="file2" class="form-control input-lg">
</div>
</div>
<div class="row">
<div class="col-xs-12 col-sm-12 col-md-12">
<input type="submit" class="btn btn-lg btn-success btn-block" name="submit" value="Upload">
</div>
</div>
</form>
</div>
</div>
我們剛剛上傳2個相同文件,可以來找邏輯
┌──(user@kali)-[/media/sf_CTFs/pico/It_is_my_Birthday]
└─$ echo test > test.txt
┌──(user@kali)-[/media/sf_CTFs/pico/It_is_my_Birthday]
└─$ curl -F 'file1=@test.txt' -F 'file2=@test.txt' -F 'submit=Upload' http://mercury.picoctf.net:50970/index.php
Not a PDF!
這網站認出我們上傳的其中一個文件,會不會好奇
怎麼確認文件類型?
最快速的方法就是檔名寫清楚
┌──(user@kali)-[/media/sf_CTFs/pico/It_is_my_Birthday]
└─$ mv test.txt test.pdf
┌──(user@kali)-[/media/sf_CTFs/pico/It_is_my_Birthday]
└─$ curl -F 'file1=@test.pdf' -F 'file2=@test.pdf' -F 'submit=Upload' http://mercury.picoctf.net:50970/index.php
Files are not different!
這是個用 PHP 寫的站,然後阿他有點複雜
我不太會解釋,時間問題我先省略
┌──(user@kali)-[/media/sf_CTFs/pico/It_is_my_Birthday]
└─$ php -r "echo md5('240610708');"
0e462097431906509019562988736854
┌──(user@kali)-[/media/sf_CTFs/pico/It_is_my_Birthday]
└─$ php -r "echo md5('QNKCDZO');"
0e830400451993494058024219903391
┌──(user@kali)-[/media/sf_CTFs/pico/It_is_my_Birthday]
└─$ php -r "var_dump(md5('240610708') == md5('QNKCDZO'));"
bool(true)
記得 md5 hash 嗎?
┌──(user@kali)-[/media/sf_CTFs/pico/It_is_my_Birthday]
└─$ echo -n "240610708" > f1.pdf
┌──(user@kali)-[/media/sf_CTFs/pico/It_is_my_Birthday]
└─$ echo -n "QNKCDZO" > f2.pdf
┌──(user@kali)-[/media/sf_CTFs/pico/It_is_my_Birthday]
└─$ md5sum f1.pdf f2.pdf
0e462097431906509019562988736854 f1.pdf
0e830400451993494058024219903391 f2.pdf
┌──(user@kali)-[/media/sf_CTFs/pico/It_is_my_Birthday]
└─$ curl -F 'file1=@f1.pdf' -F 'file2=@f2.pdf' -F 'submit=Upload' http://mercury.picoctf.net:50970/index.php -s | egrep -o "picoCTF{[^}]+}"
picoCTF{c0ngr4ts_u_r_1nv1t3d_73b0c8ad}
flag 就出來囉~
呼,好趕我知道這篇沒寫完整,有空再回來補
先讓我發文,感謝各位喔
知道是要做出兩個md5 hash相同的pdf
想請問要怎麼找到md5 hash相同的pdf?
還有f1跟f2的md5 hash看起來明明就不一樣,為什麼php比對結果是True?
感謝 m(_ _)m
==跟===不一樣,==時會進行型別轉換再比對,所以兩個0E開頭的字串會被認為是科學記號,然後0E多少都是0,因此在php中兩者相等,希望有幫助到你