- Problem path
- Problem information
-
Problem solving
[Problem path]
https://dreamhack.io/wargame/challenges/1113
php7cmp4re
Description php 7.4로 작성된 페이지입니다. 알맞은 Input 값을 입력하고 플래그를 획득하세요. 플래그 형식은 DH{} 입니다.
dreamhack.io
[Problem information]
[Problem solving]
1. First, I accessed the web server. There was a page where you can get input1 and input2.
2. Second, I downloaded the problem file. There were three php files in it. When I checked the code, the check.php file specified the conditions of input1 and input2.
3. It seems that the flag is echoed only when both input1 and input2 conditions are suitable. The conditions are summarized in the following table.
| Input | Length | Size |
| input_1 | input_1 < 4 | input_1 < "8" && input_1 < "7.A" && input_1 > "7.9" |
| input_2 | input_2 < 3 && input_2 > 1 | input_2 < 74 && input_2 > "74" |
Looking at input1, I guessed that it was an ASCII code value because it was compared with the letters "8", "7.A", and "7.9". Therefore, referring to the ASCII code table, it was confirmed that the number of characters ranging from
7.: to 7.@, which is larger than the letter 9 and smaller than the letter A, and has less than 4 characters, can be put into input1. It has been confirmed that input2 can contain numbers ranging from 7: to 7~, which are 2 characters and larger
than the letter 4 and smaller than the number 4.
4. I simply put in the input value according to the conditions.
The flag was derived as follows.
'Wargame & CTF > dreamhack' 카테고리의 다른 글
| [Webhacking] what-is-my-ip (0) | 2024.03.30 |
|---|---|
| [Webhacking] Type c-j (0) | 2023.09.29 |
| [Webhacking] Flying Chars (0) | 2023.08.22 |
| [Webhacking] devtools-sources (0) | 2023.08.21 |
| [Webhacking] session-basic (0) | 2023.08.13 |