CTF---Web entry nineth FALSE

Source: Internet
Author: User

False score: 10
    • Source: Ifuryst
    • Difficulty: Easy
    • Number of participants: 4567 people
    • Get flag:2144 People
    • Number of respondents: 2157 people
    • Problem solving pass rate: 99%
PHP Code Audit

HINT:SHA1 function have you ever really understood? I heard someone used MD5 to collide O (╯-╰) o

Format: ctf{}

Problem Solving Links: http://ctf5.shiyanbar.com/web/false.php

Original title Link: http://www.shiyanbar.com/ctf/1787

"Problem Solving Report"

  This is the beginning of the web I started to write the nineth question, open the problem link, the problem is Tao sha! Let's do a brief introduction:

hash function

Sha was proposed by NIST and the NSA in 1993, and the revised version was released in 1995, known as SHA-1, as the standard for the US DSA digital signature scheme

FIPS 180-1 1995,internet RFC3174, note that the algorithm is SHA, and the standard is called SHS, producing a 160-bit hash value

Now as the proposed hash algorithm, based on the design of MD4

The title means to pass in two values, the two values are not equal, and then their hash value is equal, this is a very contradictory thing, hash collision is not possible, there is no two different values, and then their hash value will be equal, how to do? This problem uses a flaw in the SHA function!

The default value of the SHA function is a string type, we can let it do not pass the string type, passing other types, such as we can pass an array, so it will return a false, two false will be equal, in this way can bypass the condition, the style is as follows:


And then we go back to the website and try it.

Get a flag directly, that's the key to the subject.

CTF---Web entry nineth FALSE

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.