Host: 192.168.136.133
drone: 192.168.136.150
ECB (Electronic Code Book) / codebook mode
is the 8-byte data in accordance with the DES encryption or decryption period to give an eight-byte ciphertext or plaintext, the last paragraph of less than 8 bytes, 8 words in accordance with the needs of make up calculation section, after the sequence in accordance with the calculated data can be together. Simultaneously and each segment data.
Features:
1. Simple. Conducive to parallel computing. The error will not be transmitted.
2. plaintext can not hide the pattern;
repetitions in Show Message On May in cipher text / plain text message that appears in the ciphertext repeated
3 may be an active attack on the plaintext;
encrypted message blocks become independent attack weakness / weakness due to encrypted message blocks being independent
Nmap, dirb scanning
open index.php and login.php
do first simple landing
can get an encrypted cookie value
next to any user name that eight-digit landing
to get a cookie encrypted base64 of
its b64decode in python library
>>>import base64
>>>base64.b64decode(“GkzSM2vKHdf5me4Zu3zq/Fg==”)
'\x1aL\xd23k\xca\x1d\xd7\xf9\x99\xee\x19\xbb|\xea\xfcX\xc8\xa3\xc0\xb5[m\x06\xdaY|\xa7\xcf\xa2QX9'
Get another user, added based on the original admin
similarly are then b64decode
give
\ x1aL \ xd23k \ xca \ x1d \ xd7 \ x982 \ x10o \ xc6pq \ xe4 \ x11 \ xaa \ xb6 / 2 \ x91 \ xe9 \ xf3
elapsed and no comparison of admin users add, \ x982 \ x10o \ xc6pq \ xe4 \ x11 \ xaa \ xb6 / 2 \ x91 \ xe9 \ xf3 admin encrypted cookie value of
the inverse solution to give
>>>import base64
>>>base64.b64encode(“\x982\x10o\xc6pq\xe4\x11\xaa\xb6/2\x91\xe9\xf3”)
mDIQb8ZwceQRqrYvMpHp8w==
The cookie value get changed admin