f9yx0du 发表于 2024-7-11 18:42:06

php代码简单审计


    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">本例子来自攻防世界题目:web2</p>
    <div style="color: black; text-align: left; margin-bottom: 10px;"><img src="https://pic4.zhimg.com/80/v2-6d0ef6ab414d8f63764aa44950d5d153_720w.webp" style="width: 50%; margin-bottom: 20px;"></div>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">题目写的很清楚了,<span style="color: black;">便是</span>让<span style="color: black;">咱们</span>逆一个加密算法,将密文解密后<span style="color: black;">便是</span>flag。</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">咱们</span>来看encode函数,strrev函数是将字符串<span style="color: black;">次序</span>颠倒过来(如将asdf改成fdsa),并返回一个指向这个颠倒的字符串的指针(<span style="color: black;">这儿</span>应该就<span style="color: black;">寓意</span>着返回的字符串不可修改)。<span style="color: black;">而后</span>for循环经历了strlen($_o)次,<span style="color: black;">这儿</span>看不出什么,<span style="color: black;">那样</span>就继续向下看,substr函数之前有介绍过,看代码<span style="color: black;">发掘</span>其经历了颠倒的字符字符串的每一个字符,并将其截取为$_c,<span style="color: black;">而后</span>将<span style="color: black;">每一个</span>字符转化为ascii码后加一再转化回去(分别<span style="color: black;">运用</span>ord和chr函数,两个函数过于简单在<span style="color: black;">这儿</span>就不赘述了),最后再将所有字符拼接在<span style="color: black;">一块</span>(php中的.<span style="color: black;">表率</span>字符串的拼接,<span style="color: black;">这儿</span><span style="color: black;">便是</span>把所有循环得到的字符又拼接回去)。</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">最后,他将处理好的字符串进行base64加密,再颠倒<span style="color: black;">次序</span>,再<span style="color: black;">运用</span>rot13加密,在<span style="color: black;">这儿</span>提一嘴rot13加密,其<span style="color: black;">便是</span>凯撒<span style="color: black;">暗码</span>移位数为13的<span style="color: black;">状况</span>(<span style="color: black;">然则</span>将<span style="color: black;">体积</span>写<span style="color: black;">掰开</span>分别成环),<span style="color: black;">因为</span>有26个英文字母,<span style="color: black;">因此</span>两次相同rot13加密算法后就得到了原本的密文。</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">因此</span>对算法的逆就很简单了</p>
    <div style="color: black; text-align: left; margin-bottom: 10px;"><img src="https://pic2.zhimg.com/80/v2-356f1aa8f18228b072716fc1299961e9_720w.webp" style="width: 50%; margin-bottom: 20px;"></div>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">得到结果:flag:{NSCTF_b73d5adfb819c64603d7237fa0d52977}</p>




wrjc1hod 发表于 7 小时前

顶楼主,说得太好了!
页: [1]
查看完整版本: php代码简单审计