natas solution(6-10)
Natas Level 5 → Level 6
Username: natas6
URL: http://natas6.natas.labs.overthewire.org
这一关不难,但是有一点可以讲一讲的。进去之后要我们往框框里输入东西后提交。不过旁边就有源码,直接看看源码吧
<?
include "includes/secret.inc";
if(array_key_exists("submit", $_POST)) {
if($secret == $_POST['secret']) {
print "Access granted. The password for natas7 is <censored>";
} else {
print "Wrong secret";
}
}
?>
一个非常敏感的函数include猜测可能是文件包含但是看到下面的代码又没有相关的灵感。而且这个secret在哪呢?根据前面关卡的思路来看看includes目录?http://natas6.natas.labs.overthewire.org/includes/看到返回的错误是403这是一个非常有用的信息,这表明存在该目录但是我们没有权限访问,那我们再看看includes/secret.inc呢?
进去之后看到
<?
$secret=FOEIUWGHFEEUHOFUOIU
?>
很明了了吧,直接把这串字符串提交过去
Access granted. The password for natas7 is 7z3hEENjQtflzgnT29q7wAvMNfZdh0i9
那么这里有一个知识点就是后缀为.inc的这个文件
What is an .inc and why use it?
可以看到这是一个用于php项目里的后缀,根据高赞回答,这个后缀是一个习惯:当一个文件要被其他php文件include时就会使用.inc作为后缀。
.inc是.include的缩写。
It has no meaning, it is just a file extension. It is some people’s convention to name files with a .inc extension if that file is designed to be included by other PHP files, but it is only convention.
It does have a possible disadvantage which is that servers normally are not configured to parse .inc files as php, so if the file sits in your web root and your server is configured in the default way, a user could view your php source code in the .inc file by visiting the URL directly.
Its only possible advantage is that it is easy to identify which files are used as includes. Although simply giving them a .php extension and placing them in an includes folder has the same effect without the disadvantage mentioned above.
最低0.47元/天 解锁文章
3819
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
