sso
前の文字列から次の文字のkeyが決まってxorされる感じ?
1 use strict;
2 use warnings;
3 my $target = '{"User":"admin","Hash":"AA8K5.AZ9BzSw"} ';
4
5 my $info_url = 'http://188.40.18.87:5144/info.php?token=';
6
7 sub system_pipe {
8 my @args = @_;
9 open my $pipe, "-|", @args or return;
10 my @result = <$pipe>;
11 join "", @result;
12 }
13 sub info {
14 my $token = shift;
15 system_pipe qw(curl -s), $info_url.$token;
16 }
17
18 my $token = "69222e97316b9dd8f7d74a";
19 for my $i (length($token)/2 .. length($target)-1) {
20 print "----------------\n";
21 print "pos: $i\n";
22
23 my $result0 = info($token . "00");
24 printf "got: %02x\n", ord(substr($result0, $i, 1));
25 my $key = substr($result0, $i, 1);
26
27 $token .= unpack("H*", $key ^ substr($target, $i, 1));
28 print "token: $token\n";
29 print info($token . unpack("H*", $key ^ substr($target, $i, 1))), "\n";
30
31 sleep 1;
32 }
33 print "token: $token\n";
得られたtokenでadmin.phpにアクセスするだけ。
31C3_7eaf3fa7cf9e401357bc
passwordとは一体なんだったのか