打开网址是一串代码,代码审计:
<?php
$miwen="a1zLbgQsCESEIqRLwuQAyMwLyq2L5VwBxqGA3RQAyumZ0tmMvSGM2ZwB4tws";
function encode($str){
$_o=strrev($str);
// echo $_o;
for($_0=0;$_0<strlen($_o);$_0++){
$_c=substr($_o,$_0,1);
$__=ord($_c)+1;
$_c=chr($__);
$_=$_.$_c;
}
return str_rot13(strrev(base64_encode($_)));
}
highlight_file(__FILE__);
/*
逆向加密算法,解密$miwen就是flag
*/
?>
思路就是写解密的算法:
<?php
function decode($str){
$s = base64_decode(strrev(str_rot13($str)));
for($_0=0;$_0<strlen($s);$_0++){
$_=substr($s,$_0,1);
$n=ord($_)-1;
$c=chr($n);
$cc=$cc.$c;
}
$o_=strrev($cc);
echo $o_;
}
$miwen="a1zLbgQsCESEIqRLwuQAyMwLyq2L5VwBxqGA3RQAyumZ0tmMvSGM2ZwB4tws";
decode($miwen);
?>
拿到flag: