Duel Field - Experiment Bar WEB NSCTF web200

Others 2022-05-23 13:26:52 views: 0

Topic link: http://www.shiyanbar.com/ctf/1760


This question is the real question of 2015NSCTF! Click on the topic link, you can see some topic descriptions and a piece of code:


So it seems that this question is a question about PHP auditing.

First observe the code, considering some students who have not learned PHP, let's first explain some of the important functions one by one:

1.strrev :

strrev is a function that flips a string.

2.substr:

substr is a function that takes a substring of a string. Its usage is strsub(str, start, length), the first parameter is a string, the second parameter is the starting position, and the third parameter is the length of the substring. Return The result is a substring of length length from the start position of the str string.

3.ord :

The parameter of the ord function is a string, and this function will return the Acsii code of the first character of the string.

3.chr:

The parameter of the chr function is an integer, and this function will return the character from the specified ASCII value.

4.".":

This is not actually a function, "." in strings is equivalent to "+" in our Java, which is used to concatenate strings.

5.base64_encode:

As the name suggests, the string parameter is base64 encoded, and the corresponding decoding function is base64_decode.

6.str_rot13

As the name suggests, the string parameter is encoded with ROT13, and ROT13 is the inverse of itself; that is, to restore ROT13, apply the same encryption algorithm.

After explaining these functions, let's look at this code again. I believe that students with a little programming foundation can see what this code does: first, reverse the original text, and then reverse each character value of the reversed string. +1, and then do base64 encoding, inversion and ROT13 encoding to get our ciphertext. To get the original text, because all operations are reversible, we only need to reverse these steps, the code is as follows:

<?php
	$_code = "a1zLbgQsCESEIqRLwuQAyMwLyq2L5VwBxqGA3RQAyumZ0tmMvSGM2ZwB4tws";
	$_code = str_rot13($_code);
	$_code = strrev($_code);
	$_code = base64_decode($_code);
	//echo $_code;
	$_ans = "";
	for($x = 0; $x < strlen($_code); $x++) {
		$t = substr($_code, $x, 1);
		$ t1 = word ($ t) - 1;
		$t = chr($t1);
		$_years = $_years. $t;
	}
	$_years = strrev($_years);
	echo $_years;
?>


Guess you like

Origin http://10.200.1.11:23101/article/api/json?id=326806506&siteId=291194637
Recommended
TIOBE May list: Fortran “resurrected” into Top 10
GCC 14.1 released
Ranking
B. Little Girl and Game【1300 / 回文字符串 博弈论】
CIKERS Shane 20190613
"Javascript advanced programming" study notes - the constructor and prototype
beeline hiveserver2 start
springboot - Automatically backup mysql data every day
Data Storage Full Solution--Detailed Persistence Technology
Detailed Explanation of Spring Web MVC DispatcherServlet—Official Original
TCP / IP protocol layers structure and function
Command type literal pos: unknown; Fallback type literal pos: unknown] with root cause
Design of multifunctional curtain controller with indoor anti-theft alarm
Daily
More
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)

Code World

© 2018 codetd.com