Wargame/Webhacking.kr
[Webhacking.kr] old-06
cgy12306
2019. 9. 25. 13:31
ID는 guest이고, PW는 123qwe로 되어 있다.
view_source를 눌러 소스를 봐보자.
쿠키를 가져와서 user라는 값이 있으면 조건문 안으로 들어간다.
val_id와 pw에 값을 넣어주고, 이 값으로 base64 인코딩을 20번 돌려준다. 그 이후 1은 !, 2는 @, 3은 $, 4는 ^, 5는 &, 6은 *, 7은(, 8은 )로 값을 변경한다. 그리고 이 값들을 이용해 현재시간+86400까지 유효한 쿠키를 만들어낸다.
이 소스코드에서는 user와 password의 쿠키 값을 가져와서 변경해준 값을 원래대로 돌려주는 역할을 하고, 복구된 값을 출력한다. 그러면 우리가 인코딩하고 replace로 숫자가 특수문자로 변경된 후의 값을 쿠키로 집어넣으면 이 문제는 해결된다.
소스코드를 긁어서 인코딩을 하고, replace함수로 변경한 값을 출력해보자.
위에서 id는 admin이고, password는 nimda이어야 문제가 해결 되니 val_id에 admin을 넣고, val_pw에 nimda를 넣어주어야 한다.
뒷부분은 페이지 소스보기를 이용해서 확인해 보자.
개행을 사이에 두고 위에가 user의 쿠키이고, 아래가 password의 쿠키이다.
쿠키값을 넣어주면 clear된다.
chrome의 EditThisCookie를 이용해서 쿠키 값을 넣어주자.
import base64
user=b"admin"
pw=b"nimda"
for i in range(0,20):
user=base64.encodebytes(user)
pw=base64.encodebytes(pw)
print(user)
print(pw)
이 파이썬 코드는 admin과 nimda를 base64로 인코딩을 20번 돌리는 코드이다. 이 코드의 결과값은 byte단위로 표시되기 떄문에 결과값의 문자열만 뽑아서 replace를 써야한다. 그리고 코드안에 \n이라는 개행이 들어가 있어서 이 문자도 빈 문자로 만들어줘야 한다.
import base64
user="Vm0wd2QyUXlVWGxWV0d4V1YwZDRWMVl3WkRSV01WbDNXa1JTVjAxV2JETlhhMUpUVmpBeFYySkVU\nbGhoTVVwVVZtcEJlRll5U2tWVQpiR2hvVFZWd1ZWWnRjRUpsUmxsNVUydFdWUXBpUjJodlZGWldk\nMVpXV25GUmJVWlVUV3hLU1ZadGRHdFhRWEJwVW01Q1VGZFdaREJTCmJWWkhWMjVTYWxKVmNITlZi\nWGh6VGxaVmVXUkdaRmRWV0VKd1ZXcEtiMlJzV2tkYVNIQnJDazFzV2toV01qVlRZV3hLV0ZWdFJs\nZGgKYTBZMFZHeGFWbVZYVWtkYVJtUldWMFZLZDFaWGNFdGlNbEp6VjJ0a1lWTklRbkpEYXpGelYy\ndG9XR0V4Y0hKWFZscExVakZPYzFacwpWbGNLVFRBME1GWkhkR0ZoTWs1MFVtdGFZVkpzY0doVVZF\nSkxaREZhV0UxVVVtdE5WMUpZVjJ0YWIySkdTbk5qU0VwRVlYcEdlbFl5CmRHOVdNREZ4Vm14U1ds\nWXphRXhXTUZwWFl6RmFjd3BXYkdOTFZGUkJNRTFHV2tobFIwWlhZbFphV1ZaWGRHdFpWa3AwVld4\na1YwMUcKV2t4YVJFWmhWMGRPUm1SSGJFNWlSWEEyVm1wS01HRXhiRmRVYTJ4U1ltdHdSVmxZY0Vk\nbGJGbDVDbVJIT1ZkTlJFWjRWbTEwYjFZeApXalpTYTNoWFlsaG9jbGw2Um1GamQzQlhZa2RPVEZa\nR1VrSk5SVEZIVjJ0b2JGSXdXbGhaYkZwaFYxWmFXR1JIZEZwV2EzQXdWbGQ0CmExWXdNVWNLVjJ0\nNFlWSkZXbWhXTUdSUFVtMVNTR0pGTldsU1dFRXlWbTF3UzAxSFJYaGFSV2hVWVRKb1YxbHRkSGRT\nVm14WlkwVmsKV0ZKdGRETkRiR1IwVDFaa1RsSkZXalJXYlRFMFZURmtjd3BYV0hCb1VsaG9XRmxz\nVWtkVlJsVjRWMnhPYW1RelFsbFpiR1F3VkVaYQpkR1JHWkZwV2JIQllWako0VjFVeVNsWlhiVVpY\nWVd0YVRGVXhXbUZYUjFKSVQxZG9UbFpZUVhkWFZsWmhDbFF4V1hkTlZXTkxWakowCk5GbFdTa1pY\nYldoWFRVWldORlZzV2t0ak1VNXlUbFprYVZORlNrdFdiWEJMVFVac1dGSllhR2xTYlZKVldWUkdk\nMVpXYkhKWGEzUlQKVm0xNGVsWnROV3NLVjBaS2MySkVWa1JpVmtwSlZERmFhMVJzU2taWGFsSlhZ\nbFJGTUZaVVJtdGpkM0JZVjBoQ2IxVnNhRzlYUmxKVwpWMjVrV0ZKdGR6SlZiVEZIWVcxUmVsRnNh\nRnBoTWxKUVZrVmFZUXBTTVZaeVpFZHNUbFpyY0ZsV2FrbzBWakZWZVZOc1dsaGlWVnBZCldWZDBZ\nVlJHVlhoWGJVWllVakZLU2xaSGVHdFdNREZKVVd4d1dGWnNXbWhEYlVWNFYxaGtUbFpYVGt4V2Fr\nb3dDazVHV1hsVGEyUnEKVTBWd1dGUlZaRk5YUmxWM1drWk9WRkl3Y0VkVWJHUnpWVEZrUmxKWWJG\nZGlWRVl6VlhwQmVGTkdTbGxoUjJ4VFlsWktWMWRXVWt0TwpSbFY0WWtoU2ExTkhVbFFLVm0weE5G\nZHNhM2RXYlhOTFdXdGtTMUl5U2tWV2ExSnBWbXR3U2xaRVJtRmhNVkp6VTJ0YVdHRnNTbGhaCmJG\nSkdUVVphVlZKc2NHeFJXRUpWVmpCb1EySXhWbkZUYlRsWFRWZDRXUXBhUldSSFZteEtkR1I2U2xa\naVZFWklXVmN4VW1Wc1JuTmgKUm5Cb1RXeEtVVlpyVm1GWlVYQlRUVlphZVZVeWN6RlZNVnBHVjJ0\nc1YyRnJiM2RaYWtwR1pVWk9XVnBHYUdsV1IzaFhDbFp0Y0U5VQpiVlpIVld4YVdHSkhVbkpWYWta\nTFUxWndSbGR1WkZkTmExWTFXa2h3UjFkR1duTlhiV2hFWWxWV05GWXhhR3RVYkZwWVZHdDRWMkZy\nCmIzZERhelZIVjFoc1ZHRXlVbkVLVlRCV2QxZEdVbFphUms1WVVteFdNMVl5ZERCaGF6RlhWMjVz\nVldKR2NISldSM2hoVjFaR2RGSnMKWkdsV1JWbDZWbGh3UW1WR1RrZFRiR3hvVW0xb2NGbHJWbmRX\nVmxweFVXMTBUd3BTYkd3MFdXdG9TMWRIU2xaWGJGRkxWbTB3ZUU1RwpaSE5oTTJSWFlsaE9URlpx\nUW1GVE1rMTVVMnRXVjJFeFNuQldiWGgzVTJ4YVJWSnRSbWhOVmtwNlZUSjBZVmRIUm5OVGJHaGFD\nbUpHClNrZFVWVnBoVmxaS2RHUkhkRkpYUlVwVlZtcENhMkl5VGxkV2JrNW9VbXMxYjFWdGVHRmxV\nWEJYWWxSR1NGbFhNVXRUUjFJMlUyeGEKYVZaRldrbFhWbU40VlcxV2MxSnVUbWdLVW01Q2IxUlhl\nRXRWVmxweVZtMUdhR1F6UWxsVmFrWkxVMVpSZUZkcmRHaFdiSEI2V1RCUwpZVll3TVhWVmJscFhV\na1ZhY2xVd1drOWpNV1J6WVVkc1UwMVZjRmhEYkZwMFkwVTVWUXBOUkZaSVZsYzFTMWRIU2xsVmJr\nWmFZa1phCmFGVXdXbXRqYkdSMFpFWmtUbEpGV2t0V1ZtUXdaREZaZVZOcmFGVlhSMmhGV1d0VmVF\nNUdXWGxsUjNSWVVqQldORmxyVmpSV01WcEcKQ21JelpFUmhlbFpJV1d0YWExWkhSWGhqUm10TFYx\nZDRhMkl4WkVkVmJGcFlZa2RTVUZWdGVHRmxiRmw1WkVSQ2FHRjZSbGRVYkdoegpWbGRLUjJOSVNs\ncFdiVkpIV2tSS1QxTkdTbk1LV2tkc1dGSlZjRTVXYTFwWFdWZE5lRnBGWkZWaVIzaHdWVzF6TVZk\nV1ZuRlRiVGxYCllrZFNXVlJXVWxOV1FYQk9WbTEzTUZkWGRHOVRNV3hYVTJ0a1ZHSkdSa3hXYlRC\nM1pVVTFTQXBXYms1WVlteEtVRlpxVGs5VVJscHgKVVcxR1ZFMXJNVFZWTW5SWFZqSkZlRk50T1dG\nV00yaG9WMVphV21WWFVraFNiV2hPVm10d05sWlVTakJaVm1SSFdrVm9hRkp0ZUZoRApiVXBaQ21G\nSGFGcFdWbkI2V1RGYVMyTXlUa2hsUmxwWVVsVndWMVl4V2xOVE1rbDRWMWhvYVZKc1dsWlpiRkp6\nVjFaV2RHVkZkRmhSCldFSllWRmR3VjJOc1dYZFhhM1JyVm10YWVWbFZXbXNLVkcxS2NrMUlhRmhX\nYlU0MFZsY3hWMk14U25WV2JFMUxXV3RhZDJJeGJGVlUKYTA1c1ZteHdlVlp0TVVkWGJGWlpVV3hT\nVlZadFVsUlVWVnBYWkVVeFZWRnNWbWxTYmtJMVYxUkNZUXBqTVZsNVVtNUthRTB5YUZoVgphMVpo\nWVVad1JsZHJkRmhXTUhCSVZqSXhjMkZGTVZsUmJHaEVZa1p3TUZrd1ZUVmhVWEJPVm10d1NWWnFS\nbTlpTVdSSVUydGthbE5GCk5WZFpWM1JMQ21GR1ZYbGxSM1JxWWtkU01WZHJXbXRVYlVWNFYxUktW\nMVp0VWpOWFZscGFaVVprY2xkdGFFNU5iV2hHVjFkMFZtVkYKTlVkWFdHeHNVak5TV1ZWdE1WTlRW\nbEY0Vm1wU1YwMVdjREFLUTJ4U1dXRkZVbWxTYlhjd1ZtcEtOR0l4V2toU1dHeFdZbXRXVEZacwpa\nRFJoTVZWNVVtdGtXR0pzU25OVk1HUlRZekZzY2xkcmRFNVNiRXBZVm0xd1ExWnJNVVZTYkdSYVRV\nZG9Nd3BXYWtGNFpGZEdTVk5zCmNHaE5iRXBOVm1wQ1lWVXhaRmhTYTJOTFYydGFhMkZXU2xsUmF6\nVlhUVlp3Y2xwWGN6RldNV1JaWVVaT2FXRjZWbFpYVjNoclRrZE4KZUdKR2FHdFNXRkpXQ2xadGRG\nZE9WbVJaWTBoT1ZsVllRbGRXYm5CdVRsWkZlVmw2YkZGVlZ6ZzVRMmM5UFFvPQo="
pw="Vm0wd2QyUXlVWGxWV0d4V1YwZDRWMVl3WkRSV01WbDNXa1JTVjAxV2JETlhhMUpUVmpBeFYySkVU\nbGhoTVVwVVZtcEJlRll5U2tWVQpiR2hvVFZWd1ZWWnFRbUZUTWxKSVZtdGtXQXBpUm5CUFdWZDBS\nbVZHV25SalJVcHNVbXhzTlZVeWRGZFdVWEJwVWpKb2RsWkdaSHBrCk1sWkhWMjVTYWxKWFVtRldh\na0Y0VGxaVmVXUkdaRmRWV0VKd1ZXcEtiMlJzV2tkWGJHUnJDazFXY0ZoV01qVlRZV3hLV0ZWc1Zs\nVlcKTTJoTVZURmFZV1JIVWtkYVJscGhUVEJLZDFadGVHRmtNV1JYVjI1U1RsWkdTbkZEYXpGRlVX\ncFNWMDFxVmxSWlYzaExWbTFPU1ZScwpXbWtLVjBkb05sWkhlR0ZXYlZaWVZXdGtZVkp0VWxkV01G\nWkxaREZhV0dORmRHbE5iRXA2VmpKMGExZEhTa2hWYmtwRVlYcEdXRmt3CldtOVdNREZ4Vm10b1Yx\nWjZSa3hXYlhocll6RmFjd3BXYkdOTFZGUktiMVJXV2xWU2JVWmFWakZLU1ZaWGRHOWhNVXAwWVVa\nT1YwMUcKV2t4YVJFWmhWMFV4UlZKc1NrNVdiSEJKVmpKMFlXRXhiRmRUYTFwVVlrWktSVmxzVm5k\nWFJsbDVDbVJIT1ZkTlJFWjRWbTE0VTFkcwpXWHBoUlhoWFRWWndXRmw2Um1GamQzQlhZa2RPVEZk\nWGRHRmtNRFZ6VjJ0b2JGSXdXbGhaYkZwaFYxWmFXR1JIZEZwV2EzQXdWbGQ0CmExWXdNVWNLVjJ0\nNFlWSkZXbWhXTUdSUFVtMVNTR0pGTldsU1dFRXlWbTF3UzAxSFJYaGFSV2hVWVRKb1YxbHRkSGRT\nVm14WlkwVmsKV0ZKdGRETkRiR1IwVDFaa1RsSkZXalJXYlRFMFZURmtjd3BYV0hCb1VsaG9XRmxz\nVWtkVlJsVjRWMnhPYW1RelFsbFpiR1F3VkVaYQpkR1JHWkZwV2JIQllWako0VjFVeVNsWlhiVVpY\nWVd0YVRGVXhXbUZYUjFKSVQxZG9UbFpZUVhkWFZsWmhDbFF4V1hkTlZXTkxWakowCk5GbFdTa1pY\nYldoWFRVWldORlZzV2t0ak1VNXlUbFprYVZORlNrdFdiWEJMVFVac1dGTllhRlppYXpWV1dWUkti\nMkl4VlhkV2EzUlQKVm0xNFdsa3dWbXNLVjBaS2MySkVWa1JpVmxwSlZERmFiMVV3TVVkWFZFSllW\na1ZLZGxWNlJtdFNkM0JZWW1zMWNWVnNhRzlXTVd4WQpaRWRHVmxKdVFrZFdNblF3WVcxUmVsRnRh\nRlpoYTNCeVZrVmFhd3BXTVZaeVZHeG9hR1ZyV2tsV2Frb3dZakpGZUZOWVpGaGlWR3hXClZtcE9U\nbVZHVWxaWGJHUnJVakZLU1ZwRlduZFdNa1Y1WkhwR1dGWnNXbkpEYlVsNFYyeGtXR0V4YkV4V1ZF\nb3dDazVHV1hsVGEyUnEKVTBWd1dGUlZaRk5YUmxWM1drWk9WRkl3Y0VkVWJHUnpWVEZrUmxKWWJG\nZGlWRVl6VlhwQmVGTkdTbGxoUjJ4VFlsWktWMWRXVWt0TwpSbFY0WWtoU2ExTkhVbFFLVm0weE5G\nZHNhM2RXYlhOTFdXdGtTMUl5U2tWV2ExSnBWbXR3U2xaRVJtRmhNVkp6VTJ0YVdHRnNTbGhaCmJG\nSkdUVVphVlZKdGRHcGtNMEpaVmpCb1EySXhWbk5oUnpsWVVteEtWd3BXTWpWclYwWktkR1I2U2xa\naVZFWklXVmN4VW1Wc1JuTmgKUm5Cb1RXeEtVVlpyVm1GWlVYQlRUVlphZVZVeWN6RlZNVnBHVjJ0\nc1YyRnJiM2RaYWtwTFVqRk9XVnBHYUdsV1ZuQlpDbGRYZUc5VQpiVlpIVmxob1dHSlZXbGxWYWta\nTFUyeGFTR1ZIZEZkTlJFWktWVmQ0ZDFkR1duTlhiV2hFWWxWV05GWXhhR3RVYkZwWVZHdDRWMkZy\nCmIzZERhelZIVjFoc1ZHRXlVbkVLVlRCV2QxZEdVbFphUms1WVVteFdNMVl5ZERCaGF6RlhWMjVz\nVldKR2NISldSM2hoVjFaR2RGSnMKWkdsV1JWbDZWbGh3UW1WR1RrZFRiR3hvVW0xb2NGbHJWbmRX\nVmxweFVXMTBUd3BTYkd3MFdXdG9TMWRIU2xaWGJGRkxWbTB3ZUU1RwpaSE5oTTJSWFlsaE9URlpx\nUW1GVE1rMTVVMnRXVjJFeFNuQldiWGgzVTJ4YVJWSnRSbWhOVmtwNlZUSjBZVmRIUm5OVGJHaGFD\nbUpHClNrZFVWVnBoVmxaS2RHUkhkRkpYUlVwVlZtcENhMkl5VGxkV2JrNW9VbXMxYjFWdGVHRmxV\nWEJYWWxSR1NGbFhNVXRUUjFJMlUyeGEKYVZaRldrbFhWbU40VlcxV2MxSnVUbWdLVW01Q2IxUlhl\nRXRWVmxweVZtMUdhR1F6UWxsVmFrWkxVMVpSZUZkcmRHaFdiSEI2V1RCUwpZVll3TVhWVmJscFhV\na1ZhY2xVd1drOWpNV1J6WVVkc1UwMVZjRmhEYkZwMFkwVTVWUXBOUkZaSVZsYzFTMWRIU2xsVmJr\nWmFZa1phCmFGVXdXbXRqYkdSMFpFWmtUbEpGV2t0V1ZtUXdaREZaZVZOcmFGVlhSMmhGV1d0VmVF\nNUdXWGxsUjNSWVVqQldORmxyVmpSV01WcEcKQ21JelpFUmhlbFpJV1d0YWExWkhSWGhqUm10TFYx\nZDRhMkl4WkVkVmJGcFlZa2RTVUZWdGVHRmxiRmw1WkVSQ2FHRjZSbGRVYkdoegpWbGRLUjJOSVNs\ncFdiVkpIV2tSS1QxTkdTbk1LV2tkc1dGSlZjRTVXYTFwWFdWZE5lRnBGWkZWaVIzaHdWVzF6TVZk\nV1ZuRlRiVGxYCllrZFNXVlJXVWxOV1FYQk9WbTEzTUZkWGRHOVRNV3hYVTJ0a1ZHSkdSa3hXYlRC\nM1pVVTFTQXBXYms1WVlteEtVRlpxVGs5VVJscHgKVVcxR1ZFMXJNVFZWTW5SWFZqSkZlRk50T1dG\nV00yaG9WMVphV21WWFVraFNiV2hPVm10d05sWlVTakJaVm1SSFdrVm9hRkp0ZUZoRApiVXBaQ21G\nSGFGcFdWbkI2V1RGYVMyTXlUa2hsUmxwWVVsVndWMVl4V2xOVE1rbDRWMWhvYVZKc1dsWlpiRkp6\nVjFaV2RHVkZkRmhSCldFSllWRmR3VjJOc1dYZFhhM1JyVm10YWVWbFZXbXNLVkcxS2NrMUlhRmhX\nYlU0MFZsY3hWMk14U25WV2JFMUxXV3RhZDJJeGJGVlUKYTA1c1ZteHdlVlp0TVVkWGJGWlpVV3hT\nVlZadFVsUlVWVnBYWkVVeFZWRnNWbWxTYmtJMVYxUkNZUXBqTVZsNVVtNUthRTB5YUZoVgphMVpo\nWVVad1JsZHJkRmhXTUhCSVZqSXhjMkZGTVZsUmJHaEVZa1p3TUZrd1ZUVmhVWEJPVm10d1NWWnFS\nbTlpTVdSSVUydGthbE5GCk5WZFpWM1JMQ21GR1ZYbGxSM1JxWWtkU01WZHJXbXRVYlVWNFYxUktW\nMVp0VWpOWFZscGFaVVprY2xkdGFFNU5iV2hHVjFkMFZtVkYKTlVkWFdHeHNVak5TV1ZWdE1WTlRW\nbEY0Vm1wU1YwMVdjREFLUTJ4U1dXRkZVbWxTYlhjd1ZtcEtOR0l4V2toU1dHeFdZbXRXVEZacwpa\nRFJoTVZWNVVtdGtXR0pzU25OVk1HUlRZekZzY2xkcmRFNVNiRXBZVm0xd1ExWnJNVVZTYkdSYVRV\nZG9Nd3BXYWtGNFpGZEdTVk5zCmNHaE5iRXBOVm1wQ1lWVXhaRmhTYTJOTFYydGFhMkZXU2xsUmF6\nVlhUVlp3Y2xwWGN6RldNV1JaWVVaT2FXRjZWbFpYVjNoclRrZE4KZUdKR2FHdFNXRkpXQ2xadGRG\nZE9WbVJaWTBoT1ZsVllRbGRXYm5CdVRsWkZlVmw2YkZGVlZ6ZzVRMmM5UFFvPQo="
user=user.replace("\n","")
pw=pw.replace("\n","")
user=user.replace("1","!")
user=user.replace("2","@")
user=user.replace("3","$")
user=user.replace("4","^")
user=user.replace("5","&")
user=user.replace("6","*")
user=user.replace("7","(")
user=user.replace("8",")")
pw=pw.replace("1","!")
pw=pw.replace("2","@")
pw=pw.replace("3","$")
pw=pw.replace("4","^")
pw=pw.replace("5","&")
pw=pw.replace("6","*")
pw=pw.replace("7","(")
pw=pw.replace("8",")")
print(user)
print(pw)
나온 결과값을 입력해보자.
첫번째 결과값을 넣었더니 admin이라고 뜬다.
하지만 pw의 쿠키를 넣어주면 다음과 같이 뜬다.
이게 왜 이렇게 뜨는지 모르겠다....