Webhacking.kr 6번 문제 풀이

 

10점짜리 문제다.

 

id는 guest, pw는 123qwe이다.

 

view_source를 누르면 코드를 확인할 수 있다.

 

str_replace는 1번째 인수는 변경될 대상 문자, 2번째 인수는 변경할 문자, 3번째는 출력할 문자열? 이라고 보면 된다. 그러니까 1이 !, 2가 @ 이렇게 바뀔 예정.

 

일단 그냥 개발자 도구에 들어가서 쿠키 정보를 봤는데 이렇게 적혀있었다

 

 

user에는 Vm0wd%40QyUXlVWGxWV0d%5EV%21YwZDRWMVl%24WkRSV0%21WbDNXa%21JTVjAxV%40JETlhhMUpUVmpBeFYySkVUbGhoTVVwVVZtcEJlRll%26U%40tWVWJHaG9UVlZ%24VlZadGNFSmxSbGw%21VTJ0V%21ZXSkhhRzlVVmxaM%21ZsWmFjVkZ0UmxSTmJFcEpWbTEwYTFkSFNrZGpSVGxhVmpOU%21IxcFZXbUZrUjA%21R%21UyMTRVMkpIZHpGV%21ZFb%24dWakZhV0ZOcmFHaFNlbXhXVm%21wT%21QwMHhjRlpYYlVaclVqQTFSMXBGV%40xOVWJGcFlaSHBHVjFaRmIzZFdha%21poVjBaT%40NtRkhhRk%26sYlhoWFZtMHhORmxWTUhoWGJrNVlZbFZhY%40xWcVFURlNNVlY%21VFZSU%21ZrMXJjRWxhU0hCSFZqRmFSbUl%2AWkZkaGExcG9WakJhVDJOdFJraGhSazVzWWxob%21dGWnRNWGRVTVZGM%21RVaG9hbEpzY0ZsWmJGWmhZMnhXY%21ZGVVJsTk%26WbFkxVkZaU%21UxWnJNWEpqUld%5EaFUwaENTRlpxUm%21GU%40JVbDZXa%21prYUdFeGNHOVdha0poVkRKT%40RGSnJhR%40hTYXpWeldXeG9iMWRHV%40%26STldHUlZUVlpHTTFSVmFHOWhiRXB%2AWTBac%21dtSkdXbWhaTVZwaFpFZFNTRkpyTlZOaVJtOTNWMnhXYjJFeFdYZE%26WVlpUWVRGd%21YxbHJXa%24RUUmxweFVtMUdVMkpWYkRaWGExcHJZVWRGZUdOSE9WZGhhMHBvVmtSS%21QyUkdTbkpoUjJoVFlYcFdlbGRYZUc%26aU%21XUkhWMjVTVGxOSGFGQlZiVEUwVmpGU%21ZtRkhPVmhTTUhCNVZHeGFjMWR0U%40tkWGJXaGFUVzVvV0ZreFdrZFdWa%24B%2AVkdzMVYwMVZiekZXYlhCS%21RWZEZlRmRZWkU%21V%21ZscFVXV%24RrVTFsV%21VsWlhiVVpPVFZad%40VGVXlkREJXTVZweVkwWndXR0V%5EY0ROV%40FrWkxWakpPU%21dKR%21pGZFNWWEJ%40Vm%210U%21MxUXlUWGxVYTFwb%21VqTkNWRmxZY0ZkWFZscFlZMFU%21YVUxcmJEUldNalZUVkd%5Ea%21NGVnNXbFZXYkhCWVZHdGFWbVZIUmtoUFYyaHBVbGhDTmxkVVFtRmpNV%21IwVTJ0a%21dHSlhhR0ZVVnpWdlYwWnJlRmRyWkZkV%40EzQjZWa%40R%2ATVZkR%21NsWmpSV%24hYWWxoQ%21RGUnJXbEpsUm%21SellVWlNhRTFzU%40%26oV%21Z%2AQjRUa%40RHUjFaWVpHaFNWVFZWVlcxNGQyVkdWblJOVldSV%21RXdHdWMWxyVW%21GWFIwVjRZMGhLV%40xaWFVrZGFWV%21JQVTBVNVYxcEhhR%40hOU0VKMlZtMTBVMU%21%5EVVhsVmEyUlZZbXR%24YUZWdGVFdGpSbHB%5EVkcwNVYxWnNjRWhYVkU%21dllWVXhXRlZ%21Y0ZkTlYyaDJWMVphUzFJeFRuVlJiRlpYVFRGS0%26sWkdVa%40RWTVZwMFVtdG9VRlp0YUZSVVZXaERVMnhhYzFwRVVtcE%26WMUl%24VlRKMGExZEhTbGhoUjBaVlZucFdkbFl%24V%40%26KbFJtUnlXa%21prVjJFelFqWldhMlI%40VFZaWmVWTnJaR%40hOTW%21oWVdWUkdkMkZHV%40xWU%40JGcHNVbTFTTVZVeWN%2ARlhSa%24BaVVc%21b%21YxWXphSEpVYTJSSFVqRmFXVnBIYUZOV%21ZGWldWbGN%5ETkdReVZrZFdXR%24hyVWpCYWNGVnRlSGRsYkZsNVpVaGtXRkl%24VmpSWk%21GSlBWMjFGZVZWclpHRldNMmhJV%21RJeFMxSXhjRWhpUm%21oVFZsaENTMVp0TVRCVk%21VMTRWbGhvV0ZkSGFGbFpiWGhoVm%21%5Ec%40NscEhPV%24BTYkhCNFZrY%24dOVll%5EV%40%26OalJXaFlWa%21UxZGxsV%21ZYaFhSbFp%26WVVaa%21RtRnNXbFZXYTJRMFdWWktjMVJ%21VG%21oU%40JGcFlXV%24hhUm%21ReFduRlJiVVphVm0xU%21NWWlhkRzloTVVwMFlVWlNWVlpXY0dGVVZscGhZekZ%24UlZWdGNFNVdNVWwzVmxSS0%21HRXhaRWhUYkdob%21VqQmFWbFp0ZUhkTk%21WcHlWMjFHYWxacmNEQmFSV%21F%24VmpKS%40NsTnJhRmRTTTJob%21ZrUktSMVl%5EVG%26WVmJFSlhVbFJXV%21ZaR%21l%2ARmlNV%21JIWWtaV%21VsZEhhRlJVVm%21SVFpXeHNWbGRzVG%21oU%21ZFWjZWVEkxYjFZeFdYcFZiR%40hZVm%21%5Ed%21lWcFZXbXRrVmtwelZtMXNWMUl%2AYURWV0%21XUXdXVmRSZVZaclpGZGliRXB%26Vld0V%21MySXhiRmxqUldSc%21ZteEtlbFp0TURWWFIwcEhZMFpvV%40sxSGFFeFdNbmhoVjBaV%40NscEhSbGROTW%21oSlYxUkplRk%21%5EU%21hoalJXUmhVbXMxV0ZZd%21ZrdE%26iRnAwWTBWa%21dsWXdWalJXYkdodlYwWmtTR0ZHV%40xwaVdHaG9WbTE0YzJOc%21pISmtSM0JUWWtad0%26GWlhNVEJOUmxsNFYyNU9hbEpYYUZoV%40FrNVRWRVpzVlZGWWFGTldhM0I%40VmtkNFlWVXlTa%21pYV0hCWFZsWndSMVF%5EV%40tOVmJFSlZUVVF%24UFE9PQ%3D%3D

 

pw는Vm0wd%40QyUXlVWGxWV0d%5EV%21YwZDRWMVl%24WkRSV0%21WbDNXa%21JTVjAxV%40JETlhhMUpUVmpBeFYySkVUbGhoTVVwVVZtcEJlRll%26U%40tWVWJHaG9UVlZ%24VlZadGNFSmxSbGw%21VTJ0V%21ZXSkhhRzlVVmxaM%21ZsWmFjVkZ0UmxSTmJFcEpWbTEwYTFkSFNrZGpTRUpYWVRGd%40FGcFdXbUZrUjFaSFYyMTRVMkpIZHpGV%40EyUXdZekpHYzFOdVVtaFNlbXhXVm0weGIxSkdXbGRYYlhSWFRWaENSbFpYZUZOVWJVWTJVbFJDVjAxdVVuWlZha%21pYWkVaT%40NscEdhR%40xTTW%21ob%21YxWlNTMkl%5EU%40tkWGJHUllZbGhTV0ZSV%40FFTlNiRnBZWlVaT%21ZXSlZXVEpWYkZKRFZqQXhkVlZ%21V%40xaaGExcFlXa%21ZhVDJOc%40NFZGhSMnhUVFcxb%40IxWXhXbE%26UTWtsNFUydGtXR0pIVWxsWmJGWmhZMVphZEdSSFJrNVNiRm9%24V%40xWYVQxWlhTbFpYVkVwV%21lrWktTRlpxUm%21GU%40JVbDZXa%21prYUdFeGNHOVdha0poVkRKT%40RGSnJhR%40hTYXpWeldXeG9iMWRHV%40%26STldHUlZUVlpHTTFSVmFHOWhiRXB%2AWTBac%21dtSkdXbWhaTW%26oWFkxWkdWVkpzVGs%21WFJVcElWbXBLTkZReFdsaFRhMlJxVW%21%5Ed%21dGbHNhRk%26OTVZweFUydDBWMVpyY0ZwWGExcHJZVWRGZUdOR%40JGaGhNVnBvVmtSS%21RtVkdjRWxVYldoVFRXNW9WVlpHWTNoaU%21XUnpWMWhvWVZKR%21NuQlVWM%21J%2AVGxaYWRFNVZPVmRpVlhCSVZqSjRVMWR0U%40tkWGJXaGFUVlp%24YUZwRlpGTlRSa%24B%26VGxaT%40FWSnRPVE%26XTW%26oWFdWWlJlRmRzYUZSaVJuQnhWV%24hrVTFsV%21VsWlhiVVpPVFZad%40VGVXlkREJXTVZweVkwWndXR0V%5EY0hKWlZXUkdaVWRPUjJKR%40FHaE%26WbkJ%40Vm%210U%21MxUnRWa%40RqUld%5EVllsZG9WRlJYTlc%26V%21ZscEhXVE%26vYVUxWFVucFdNV%40h%40V%21ZaS%21IxTnVRbFZXTTFKNlZHeGFZV%21JGTlZaUFZtUnBWbGhDU%21ZacVNqUlZNV%21IwVTJ0a%21dHSlhhR0ZVVnpWdlYwWnJlRmRyWkZkV%40EzQjZWa%40R%2ATVZkR%21NsWmpSV%24hYWWxoQ%21RGUnJXbEpsUm%21SellVWlNhRTFzU%40%26oV%21Z%2ARTBaREZrUjJKSVRtaFNhelZQVkZaYWQyVkdWWGxrUkVKWFRWWndlVmt%24V%40%26kWFIwVjRZMFJPV%40%21FeVVrZGFWM%40hIWTIxS%21IxcEhiRmhTVlhCS%21ZtMTBVMU%21%5EVlhoWFdHaFlZbXhhVjFsc%21pHOVdSbXhaWTBaa%40JHSkhVbGxhVldNMVlWVXhXRlZyYUZkTmFsWlVWa%40Q0VDFOSFJrZFJiRnBwVmtWVmQxWnRjRWRWTVZwMFVtdG9VRlp0YUZSVVZXaERUbFphU0dWSFJtcE%26WMUl%24VlRKMGIyRkdTbk%26UYkdoVlZsWndNMVpyV%40%21GalZrcDBaRWQwVjJKclNraFdSM%40hoVkRKR%21YxTnVVbEJXUlRWWVZGYzFiMWRHWkZkWGJFcHNVbTFTZWxsVldsTmhWa%24AxVVd%5Ed%21YySllVbGhhUkVaYVpVZEtTVk%26zYUdoTk%21VcFZWbGN%5ETkdReVZrZFdiR%21JvVW%26wc%40IxUldXbmRsYkZsNVkwVmtWMDFFUmpGWlZXaExWMnhhV0ZWclpHRldNMmhJV%21RJeFMxSXhjRWRhUlRWT%21VsaENTMVp0TVRCVk%21VMTRWbGhvV0ZkSGFGbFpiWGhoVm%21%5Ec%40NscEhPV%24BTYkhCNFZrY%24dOVll%5EV%40%26SVmJHaFhWak%26OTVZaWGMzaGpNVTUxWTBaa%21RtRnNXbFZXYTJRMFlURk9SMVp%21VGxoaVJscFlXV%24RvUTFkV%21draGtSMFpxVFdzMWVsZHJhRk%26oTVVsNVlVaENWbUpIYUVOYVJFWnJWakZhZEU%26V%21ZrNVdia0YzVmxjd0%21WTXhXa%40hUYkdob%21VqQmFWbFp0ZUhkTk%21WcHlWMjFHYWxacmNEQmFSV%21F%24VmpKS%40NsTnJhRmRTTTJob%21ZrUktSMVl%5EVG%26WVmJFSlhVbFJXV%21ZaR%21l%2ARmlNV%21JIWWtaV%21VsZEhhRlJVVm%21SVFpXeHNWbGRzVG%21oU%21ZFWjZWVEkxYjFZeFdYcFZiR%40hZVm%21%5Ed%21lWcFZXbXRrVmtwelZtMXNWMUl%2AYURWV0%21XUXdXVmRSZVZaclpGZGliRXB%26Vld0V%21MySXhiRmxqUldSc%21ZteEtlbFp0TURWWFIwcEhZMFpvV%40sxSGFFeFdNbmhoVjBaV%40NscEhSbGROTW%21oSlYxUkplRk%21%5EU%21hoalJXUmhVbXMxV0ZZd%21ZrdE%26iRnAwWTBWa%21dsWXdWalJXYkdodlYwWmtTR0ZHV%40xwaVdHaG9WbTE0YzJOc%21pISmtSM0JUWWtad0%26GWlhNVEJOUmxsNFYyNU9hbEpYYUZoV%40FrNVRWRVpzVlZGWWFGTldhM0I%40VmtkNFlWVXlTa%21pYV0hCWFZsWndSMVF%5EV%40tOVmJFSlZUVVF%24UFE9PQ%3D%3D

 

 

 

 

view_source 아래 부분은 디코딩에 대한 내용이 적혀있고, $decode_id가 admin이고 $decode_pw가 nimda면 solve(6) 함수를 실행하는 것으로 보인다.

 

일단 base64 인코딩을 진행하는 코드 먼저 해석해보면 cookie 값이 user면,, id가 guest고 pw가 123qwe일때 i가 0부터 19될때까지 guest와 123qwe를 (즉 전부) base64 인코딩을 진행한다는 것.. 근데 그렇게 되면 인코딩을 20번이나 한다는건가..! 이건 파이썬 자동화 코드를 또 사용해야 하는거 같다. 결국 지금 이 페이지에 있는 쿠키값은 guest, 123qwe 인거고, 실제 정답은 admin,nimda인거 같다.

 

[webhacking.kr-old] 6번

자동화 코드 사용법은.. 이 분걸 참조했다. 그래도 base64 인코딩은 몇 번 해본적이 있어서 어렵지않게 한거 같다

 

 

이런식으로 결과가 나오면 쿠키값을 수정해주면 된다.