https://webhacking.kr/challenge/js-6/?id=admin
https://webhacking.kr/challenge/js-6/?id=test or 1=1
https://webhacking.kr/challenge/js-6/?id=admin%00or%001=1
https://webhacking.kr/challenge/js-6/?id=admin%00
https://webhacking.kr/challenge/js-6/?id=%00admin
test
-> ZTM1OGVmYTQ4OWY1ODA2MmYxMGRkNzMxNmI2NTY0OWVlMTY3MTc5N2M1MmUxNWY3NjMzODBiNDVlODQxZWMzMjAzYzdjMGFjZTM5NWQ4MDE4MmRiMDdhZTJjMzBmMDM0ZTM1OGVmYTQ4OWY1ODA2MmYxMGRkNzMxNmI2NTY0OWU%3D
password
ODM4NzhjOTExNzEzMzg5MDJlMGZlMGZiOTdhOGM0N2EwY2MxNzViOWMwZjFiNmE4MzFjMzk5ZTI2OTc3MjY2MTAzYzdjMGFjZTM5NWQ4MDE4MmRiMDdhZTJjMzBmMDM0MDNjN2MwYWNlMzk1ZDgwMTgyZGIwN2FlMmMzMGYwMzRmMTI5MDE4NmE1ZDBiMWNlYWIyN2Y0ZTc3YzBjNWQ2OGQ5NTY3OTc1MjEzNGEyZDllYjYxZGJkN2I5MWM0YmNjNGI0M2IwYWVlMzU2MjRjZDk1YjkxMDE4OWIzZGMyMzE4Mjc3ZTA5MTBkNzUwMTk1YjQ0ODc5NzYxNmUwOTFhZA%3D%3D
- a ->
MGNjMTc1YjljMGYxYjZhODMxYzM5OWUyNjk3NzI2NjE%3D - ad ->
MGNjMTc1YjljMGYxYjZhODMxYzM5OWUyNjk3NzI2NjE4Mjc3ZTA5MTBkNzUwMTk1YjQ0ODc5NzYxNmUwOTFhZA%3D%3D - adm ->
MGNjMTc1YjljMGYxYjZhODMxYzM5OWUyNjk3NzI2NjE4Mjc3ZTA5MTBkNzUwMTk1YjQ0ODc5NzYxNmUwOTFhZDZmOGY1NzcxNTA5MGRhMjYzMjQ1Mzk4OGQ5YTE1MDFi - d ->
ODI3N2UwOTEwZDc1MDE5NWI0NDg3OTc2MTZlMDkxYWQ%3D
ここで、 aを入力した時のハッシュ化された値:MGNjMTc1YjljMGYxYjZhODMxYzM5OWUyNjk3NzI2NjE が ad を入力した時の値MGNjMTc1YjljMGYxYjZhODMxYzM5OWUyNjk3NzI2NjE4Mjc3ZTA5MTBkNzUwMTk1YjQ0ODc5NzYxNmUwOTFhZA の前半部分であることがわかる。
また、後半の 4Mjc3ZTA5MTBkNzUwMTk1YjQ0ODc5NzYxNmUwOTFhZAが password を入力した時の最後の文字列と一致している
admi ->
MGNjMTc1YjljMGYxYjZhODMxYzM5OWUyNjk3NzI2NjE4Mjc3ZTA5MTBkNzUwMTk1YjQ0ODc5NzYxNmUwOTFhZDZmOGY1NzcxNTA5MGRhMjYzMjQ1Mzk4OGQ5YTE1MDFiODY1YzBjMGI0YWIwZTA2M2U1Y2FhMzM4N2MxYTg3NDE%3Ddmin ->
ODI3N2UwOTEwZDc1MDE5NWI0NDg3OTc2MTZlMDkxYWQ2ZjhmNTc3MTUwOTBkYTI2MzI0NTM5ODhkOWExNTAxYjg2NWMwYzBiNGFiMGUwNjNlNWNhYTMzODdjMWE4NzQxN2I4Yjk2NWFkNGJjYTBlNDFhYjUxZGU3YjMxMzYzYTE%3Daadmi ->
MGNjMTc1YjljMGYxYjZhODMxYzM5OWUyNjk3NzI2NjEwY2MxNzViOWMwZjFiNmE4MzFjMzk5ZTI2OTc3MjY2MTgyNzdlMDkxMGQ3NTAxOTViNDQ4Nzk3NjE2ZTA5MWFkNmY4ZjU3NzE1MDkwZGEyNjMyNDUzOTg4ZDlhMTUwMWI4NjVjMGMwYjRhYjBlMDYzZTVjYWEzMzg3YzFhODc0MQ%3D%3D
ここまでで、文字列の長さが偶数か奇数かで変わる? ということがわかる。
kadmi ->
OGNlNGIxNmIyMmI1ODg5NGFhODZjNDIxZTg3NTlkZjMwY2MxNzViOWMwZjFiNmE4MzFjMzk5ZTI2OTc3MjY2MTgyNzdlMDkxMGQ3NTAxOTViNDQ4Nzk3NjE2ZTA5MWFkNmY4ZjU3NzE1MDkwZGEyNjMyNDUzOTg4ZDlhMTUwMWI4NjVjMGMwYjRhYjBlMDYzZTVjYWEzMzg3YzFhODc0MQ%3D%3Dkdmin ->
OGNlNGIxNmIyMmI1ODg5NGFhODZjNDIxZTg3NTlkZjM4Mjc3ZTA5MTBkNzUwMTk1YjQ0ODc5NzYxNmUwOTFhZDZmOGY1NzcxNTA5MGRhMjYzMjQ1Mzk4OGQ5YTE1MDFiODY1YzBjMGI0YWIwZTA2M2U1Y2FhMzM4N2MxYTg3NDE3YjhiOTY1YWQ0YmNhMGU0MWFiNTFkZTdiMzEzNjNhMQ%3D%3D
kadminの末尾と、admiの先頭を確認すると、ハッシュ化されたadminの文字列がわかった。
MGNjMTc1YjljMGYxYjZhODMxYzM5OWUyNjk3NzI2NjE4Mjc3ZTA5MTBkNzUwMTk1YjQ0ODc5NzYxNmUwOTFhZDZmOGY1NzcxNTA5MGRhMjYzMjQ1Mzk4OGQ5YTE1MDFiODY1YzBjMGI0YWIwZTA2M2U1Y2FhMzM4N2MxYTg3NDE3YjhiOTY1YWQ0YmNhMGU0MWFiNTFkZTdiMzEzNjNhMQ%3D%3D
-> 正解!
page:https://minegishirei.hatenablog.com/entry/2024/08/15/193748
