Daddy told me about cool MD5 hash collision today.
I wanna do something like that too! ssh col@pwnable.kr -p2222 (pw:guest)
先看源代码:
#include <stdio.h>
#include <string.h>
unsigned long hashcode = 0x21DD09EC;
unsigned long check_password(const char* p){
int* ip = (int*)p;
int i;
int res=;
for(i=; i<; i++){
res += ip[i];
}
return res;
} int main(int argc, char* argv[]){
if(argc<){
printf("usage : %s [passcode]\n", argv[]);
return ;
}
if(strlen(argv[]) != ){
printf("passcode length should be 20 bytes\n");
return ;
} if(hashcode == check_password( argv[] )){
system("/bin/cat flag");
return ;
}
else
printf("wrong passcode.\n");
return ;
}
函数大体意思是,输入20个字节的数,在check_password里把char转换为int类型,,char为1字节,Int为4字节,这样5次循环正好是20个字节,且这20个字节之和为0x21DD09EC,
将0x21dd09ec分解为5个16进制数组
于是我们输入正确的密码,得到flag!