[CTF/Network Security] A detailed analysis of problem solving in the offensive and defensive world lottery
posture
Use AWVS to scan the application and scan for git leaks
AWVS (Acunetix Web Vulnerability Scanner) is a well-known network security scanning tool designed to identify and assess security vulnerabilities and weaknesses in web applications.
So use github to get the directory structure source code
For details, please refer to: [Python/Network Security] Githack tool basic installation and detailed analysis of Git vulnerabilities
Key words found:
Code Audit:
Use the for loop to traverse the number array numbers, the loop variable i is from 0 to 6, a total of 7 loops.
In the loop body, use the if statement to judge whether the number at the current index position is equal to the number at the corresponding index position in the winning number array $win_numbers. If equal, increment the same_count variable by 1.
Use a switch statement to perform different processing based on the value of $same_count:
如果$same_count等于2,将$prize设为5。
如果$same_count等于3,将$prize设为20。
如果$same_count等于4,将$prize设为300。
如果$same_count等于5,将$prize设为1800。
如果$same_count等于6,将$prize设为200000。
如果$same_count等于7,将$prize设为5000000。
According to the title description, we must have 5,000,000 to buy flag
Then it involves the knowledge points of php weak comparison
=== 在进行比较的时候,会先判断两种字符串的类型是否相等,再比较
在进行比较的时候,会先将字符串类型转化成相同,再比较
for example:
$num1 = 5;
$num2 = '5';
// 弱比较 (==)
if ($num1 == $num2) {
echo "弱比较:\$num1 和 \$num2 相等\n";
} else {
echo "弱比较:\$num1 和 \$num2 不相等\n";
}
// 严格比较 (===)
if ($num1 === $num2) {
echo "严格比较:\$num1 和 \$num2 相等\n";
} else {
echo "严格比较:\$num1 和 \$num2 不相等\n";
}
Output result:
弱比较:$num1 和 $num2 相等
严格比较:$num1 和 $num2 不相等
In a weak comparison (==), PHP will first try to convert the two operands to the same type before comparing their values. In this case, the string '5' is converted to the integer 5, so $num1
and $num2
are considered equal.
In a strict comparison (===), not only are two values compared for equality, but they are also compared for the same type. Since $num1
they are integer types, $num2
but string types, their types are different, and the result of strict comparison is not equal.
Therefore, we can use the point of weak comparison to modify the judgment expression after capturing the packet
change into:
{
"action":"buy",
"numbers":[true,true,true,true,true,true,true]}
After clicking release, the amount increases:
click buy
Summarize
The above is a detailed analysis of [CTF/Network Security] offensive and defensive world lottery problem solving, readers can master it by themselves.
I am Qiu said , see you next time.