pwnable.kr col之write up

最新推荐文章于 2021-02-25 20:34:30 发布

weixin_34344677

最新推荐文章于 2021-02-25 20:34:30 发布

阅读量78

点赞数

原文链接：http://www.cnblogs.com/liuyimin/p/7268714.html

版权

Daddy told me about cool MD5 hash collision today.
I wanna do something like that too!

ssh col@pwnable.kr -p2222 (pw:guest)

先看源代码：

 1 #include <stdio.h>
 2 #include <string.h>
 3 unsigned long hashcode = 0x21DD09EC;
 4 unsigned long check_password(const char* p){
 5     int* ip = (int*)p;
 6     int i;
 7     int res=0;
 8     for(i=0; i<5; i++){
 9         res += ip[i];
10     }
11     return res;
12 }
13 
14 int main(int argc, char* argv[]){
15     if(argc<2){
16         printf("usage : %s [passcode]\n", argv[0]);
17         return 0;
18     }
19     if(strlen(argv[1]) != 20){
20         printf("passcode length should be 20 bytes\n");
21         return 0;
22     }
23 
24     if(hashcode == check_password( argv[1] )){
25         system("/bin/cat flag");
26         return 0;
27     }
28     else
29         printf("wrong passcode.\n");
30     return 0;
31 }

函数大体意思是，输入20个字节的数，在check_password里把char转换为int类型，，char为1字节，Int为4字节，这样5次循环正好是20个字节，且这20个字节之和为0x21DD09EC,

将0x21dd09ec分解为5个16进制数组

于是我们输入正确的密码，得到flag!

转载于:https://www.cnblogs.com/liuyimin/p/7268714.html

weixin_34344677

关注

0
点赞
踩
0

收藏

觉得还不错? 一键收藏
0
评论
pwnable.kr col之write up

Daddy told me about cool MD5 hash collision today.I wanna do something like that too!ssh col@pwnable.kr -p2222 (pw:guest)先看源代码： 1 #include <stdio.h> 2 #include <string.h...
复制链接

扫一扫