티스토리 뷰
19번 문제 : base 64 및 쿠키변조
안녕 게스트! 라는 문구를 출력해 주었다.
그리고 쿡시를 열어 보았더니
userid= base64코드가 들어가 있었다.
base64 코드에는 항상 끝에 =, == 이 들어가 있다
아스키코드값을 보면
= 는 ( %3D ) 이다.
일단 URL 디코딩을 한다음에
base64로 11번 디코드 해주니까
b2f5ff47436671b6e533d8dc3614845d7b774effe4a349c6dd82ad4f4f21d34ce1671797c52e15f763380b45e841ec3203c7c0ace395d80182db07ae2c30f034e358efa489f58062f10dd7316b65649ed41d8cd98f00b204e9800998ecf8427e
이렇게 나왔다. 이건 MD5 코드인데
MD5 코드는 32자리로 암호화가 된다. 위의 암호문을 32자리씩 끊어서 정렬해 놓은다음 MD5 디코딩을 하면
b2f5ff47436671b6e533d8dc3614845d -----------------> g
7b774effe4a349c6dd82ad4f4f21d34c -----------------> u
e1671797c52e15f763380b45e841ec32 ----------------> e
03c7c0ace395d80182db07ae2c30f034 ---------------> s
e358efa489f58062f10dd7316b65649e -----------------> t
d41d8cd98f00b204e9800998ecf8427e (이건 뭔지 모르겠다.)
이렇게 나온다.
이쯤 되면 감이 오지 않는가?
admin 으로 하여서 쿼리를 날려주면 된다!
a -----------------> 0cc175b9c0f1b6a831c399e269772661
d -----------------> 8277e0910d750195b448797616e091ad
m -----------------> 6f8f57715090da2632453988d9a1501b
i ------------------> 865c0c0b4ab0e063e5caa3387c1a8741
n -----------------> 7b8b965ad4bca0e41ab51de7b31363a1
d41d8cd98f00b204e9800998ecf8427e
위의 값을 다 연결하여 base64코드로 11번 인코드 해서
쿡시값으로 userid에 전달해주면
Vm0wd2QyUXlWa1pOVldScFVtMVNXVll3WkRSV1JsbDNXa2M1VjAxV2JETlhhMUpUVmpGS2RHVkVRbUZTVjJoeVZteFZlRll5VGtWUmJVWlhWakZLU1ZacVNqUlpWMUpYVW01T2FWSXdXbFJXYWtaTFUxWmFjVk5xVWxwV01VcEpWbTEwYTJGV1NuTlhiR2hhWVRGYU0xWnNXbXRXTVhCRlZXeHdWMDFFUlRCV2EyTXhWREZzVjFOdVVtaFNlbXhXVm0weGIxRXhjRmhsUjNSWVVqRktTVlZ0ZUZOVWJVcEdZMFZ3VjJKVVJYZFpla3BIVWpGT2RWVnNXbWhsYlhob1ZtMXdUMVV5UmtkVmJHaHNVakJhY1ZSV1duZE5SbFowWlVaT1ZXSkdjRnBWVjNCWFZqRktjMk5IYUZkaGExcG9Xa1ZhVDJOdFJraGhSazVwVjBkb1dWWnJXbGRaVm14WFZXdGtXR0pHY0ZsWmJGWmhWbFpXY1ZKdFJsUlNiR3cxV1ROd1YxWXdNWEpqUm1oV1RXNVNlbFpxU2tkamJVbzJVV3h3YkdFelFrbFdiWEJIVkRKTmVGZHVVbWxTYXpWeldXeG9iMkl4V1hoYVJFSm9UV3RzTkZadGRHdFdiVXB6VTI1T1ZtRnJTbWhXYkZwWFl6RldjMXBHYUdsU01VbzFWbXBLTkZReVJrZFRXR2hZWW0xNFdGUlhOVU5YUmxweFVtdHdiR0pWV2twV01uaGhZVWRGZUdOR2FGaGlSbHBvV1ZSS1QyTXlUa1phUmxwcFZqSm9lbGRYZUc5aU1rbDRWMjVTVGxKRlduSlVWbFp6VGtaYVYyRkhPV2hpUlhBd1dWVm9UMVp0Um5KT1ZsSmFUVlp3VkZacVJtdGtSa3AwWlVaa2FWSnNhM2hXTVZKUFpERlplRmRZWkU1V2JWSnhWV3hrVTFkR1VsaE9WemxxWWtad2VGVnRNVWRoTVVwelUyNW9WMVl6YUZoV2FrWmhaRlpHYzFWc2FHbFNia0p2VmpGYWExVXhXWGhXYmxaVllsVmFWRlJYTVc5a2JHUnpXa1JTV2xadFVraFdNalZUVkd4T1NHRkdRbFppV0U0MFZHeGFZV1JIVmtoa1JtUnBWbGhDU2xac1pEUmpNV1IwVTJ4c1ZWZEhhR0ZVVmxwM1lVWndSbHBHWkZSU2EzQjZWMnRrYzFVeVNrbFJiVVpYVFc1b1dGWnFSbEpsUm1SMVUyczFWMkpJUW5kV1YzUldUVlphYzFkdVRtRlNlbXh5V1d0YWQyVkdWblJrUkVKVlRXdHdTRmt3YUc5V01VbDZZVWhLVjFKNlJraFpNbmhyWXpKS1IxcEdaR3hoTVd0NVZtdGFZVmxYUlhoWFdHaFlZbXhhVmxsc1ZtRldSbXh6V2tjNVYxWnNjRWhXTW5ocllUQXhWMVpxVWxkTmFsWlVWa2Q0WVZKc1RuTmhSbFpYWWxaRmQxWnFSbUZXYlZaSVVtdG9VRlp1UWxoWldIQlhVMFprVlZGdFJtaE5WMUl3VlRKMGExZEhTbGhoUjBaVlZsWndNMWxWV25OT2JFcHpXa2QwVjJKRmNEWldiR1EwWVRKR1YxTlljRnBOTWxKWVdXeG9iMk5zVWxaYVJWcHNVbTFTZWxZeWN6RlhSa3BWVm14d1dGWnRVWGRWZWtaclVqRmFkVkpzVm1oTlJGWlpWbGN4TkdReVZuTmFTRXBYWVd0S1YxUlZVa2RXTVZKellVaE9WMDFWYkRaWlZWcHZWMnhhYzJORmVGcGxhMXB5Vm14YVIyTXhjRWRhUms1WFYwVktNbFp0TUhoa01VMTRWbGhvVldFeVVsVlpiWFIzVjFac1dXTklUbGhTYkVwWlZGWmpOV0V3TVZkalJteGFUVVpWTVZsVlpFdFdNV1J6WVVaa1RtRnNXazFXYWtKclV6RmtWMVp1VmxSaVJscFlXV3RvUTJJeFpITlhiVVpXVFZac05GZHJhRk5WTWtwSFYyNUNWbUpVVmtSVk1WcHJWbFpHZEdORk9WZGlXR2haVm1wR2IyUXlSa2RUYkd4b1VtMW9XRmxzYUc5Tk1WbDNWMjVLYkZKdFVubGFSV1IzWVZaSmVGTnFWbGRTTTJob1dWUktSMVl4WkhWVGJYQlRZbXRLV1ZkWGVHOWlNazV6Vld4YVdHSnJOVmhVVmxwaFRWWmFTR1ZIT1doV2EzQjZXVEJhVjFkR1duTlRhMmhoVWtWYVlWcFZaRXRUVmxKelYyMW9UbUpGY0RaV01XUXdXVmRSZUZkWWFGaFhSM2h5Vld0V1MxWXhVbFpWYTJSc1ZteHdNRmt3WkVkWFIwcEhZMFpvV2sxSGFHaFdha0Y0VWpKT1IxRnNXbWxYUjJoUlYxUktORmxYVFhsU2EyUmhVako0V0ZsVVNqQk9WbHB4VTJwU1YwMVhlRmhXVm1odlZrWmtTR0ZHWkZwaVdFMTRWakJhYzJOc1duVmFSM0JUWWtaWmVsWnRNVEJOUm1SSFYyNU9hbEpYYUZoWmJGSkdaREZhU0dNemFHcE5WMUl4V1RCYWExUnNXWGxoUkZwWVZqTlNhRlY2U2s5amF6VlhXa1pXYVZORlNscFdWRUpYVXpGT1YxcElUbGhpVlZwWFZGWmFkMDFHVm5Sa1NFNVhWakJ3U1ZaWGN6VldNa3BWVm10U1ZrMUdjR2haTVZwUFYxZEdSMVJyTlZkaWEwcGFWbTF3UjJJeVVYaFhibEpVWWtkb2IxVnFRbUZaVmxweFZHeE9hRkpzY0hsV01uaDNZa1pLZFZGclpGVk5WbkJRV1ZWa1YyTXhaSE5oUm1SVFVsWndiMVpyVWtkWGJWWkhWRzVXVkdKWGFFOVVWekZ2VjFaa1dHVkhPVlpOYTFwSVdXdG9SMVpIUlhwUmJrNVdZbFJXUkZVeWVHRlRSMVpJVDFkb1UxWkZXWGRYVmxacllqRlplRk51VGxSaVJVcFhWbXRXWVdGR2JEWlRhM1JUVFZad2VsWkhNVzlVYXpGV1kwWmFWMkV4Y0doWFZscE9aVVprZFZSc1pHbGlSWEJSVm0xNFUyTXlTWGhpU0VwWVltczFUMVJXV25OT1ZuQkdZVVU1V0ZJd2NGZFdiWEJUVjJzeFIxZHNVbGRoYTNCSVdUSjRhMk50VmtoU2JFNVhUVlZ3Vmxac1pEUlpWbGw1VkZob2FsSldjRkJXYlRGVFkwWnNWVkZ1V2s1V2JIQXdWRlpTVTJGRk1YTlhha0pYWWxoU2NsWnJXbXRUUjFaSFZteHdWMUpYT0hkV2JYQkhZekpPYzFwSVVsTmlXRUpVV1d0b1EwNUdXbFZUV0dSUFZteHdlbFV5TlU5aGJFcDBaVWRHVlZaV2NHaFpNbmhoWTFaT2NtUkdaRTVXV0VJMFZteGtOR0V4V1hkTlNHeG9VMGQ0V0ZSV1duZGhSbFkyVW0xMFUwMVdjREZXVjNoRFZqSktWMU51WkZkV2VrVjNXa1JHYTFZeFpIVlZhelZYVW10d1dWWkdaRFJUTVVsNFZXeGtXR0pIVWxkWmJGWjNVMnhXV0dWSE9WaGlWVlkxV1ZWV1UxWnJNWFZoUjJoYVpXdGFlbFJ0ZUV0ak1VNXlUbFprYVdFd2NHRldiWEJMVFVaWmVWUllhRmRpYkVwVVZqQmtORll4YkhOYVJ6bFlVbTE0V1ZremNFZFdWVEZaVVd4a1YwMXFWa3haYTFwTFpFWldkV05HWkZObGExWXpWbXhTUW1WR1NYbFVhMXBvVW0xU1ZGUlVTbTlpTVdSWFZXdGtWazFyTVRSWGEyaFBXVlpLZEdGR2JGWk5SbHBNVmpGYWExWXhWbkphUjNST1lURndTVmRYZEdGV01WVjVVMnRvVm1KcldtRldNR2hEVjBaYWNWSnRkR3BpU0VKSlZERmFWMkZIVm5KWFdHaFlWbXhhYUZscVJscGxWazV6WWtaYWFWWXlhRnBXYlRFMFpERmtSMWR1UmxOaVZWcHlWbTEwZDJWc1draE5XRTVvVWpGYWVsWXllRWRXTWtWNFkwZG9XRlpzY0U5YVZWcHJWMWRHU0ZKc1VsTlhSVXBhVmpGamQyVkdWWGxVYTJSWFlteEtjMVV3WkZOWFJteHlWMjFHVGxKdVFrZFhhMVpyVmpBeFJWSnNhRnBpYmtKTVZtMHhTMUl4VG5KVmJHUm9ZVEZ3YjFadGNFdFVNVTVJVW10a1dHRjZWbFJaYlhSSFRteGFjMXBFVWxwV2JGWTFWa1pvYjFkSFNuSk9WMmhXWWxSR1ZGbHFSbE5XVmtaeVYyMTRVMkpJUVhkWGExWnJUVVpSZUZOdVRtcFRSM2hXV1d0YWQyTnNXbk5hUlZwc1ZteGFlbGxyV25kaFZtUklZVVV4V0ZaRldtaFdha3BQVmpGS2RWVnNUbWxXTTJoUVZtMXdUMkl3TlhOWFdHeHJVbXh3VUZadGVFdGxWbEpYVjIxMGFHSkZjRmxaVlZwelYyeGFSbU5JV2xwTmJtaDZWbTE0WVZkWFJraGpSMnhYVmtaYVNWWnRkR3RPUm14WFZsaHNWR0V4Y0ZsV01HaERWMFphYzFkdVpGTk5Wa1kwVmpKMFQxWnRTa1pUYkZwVlZsWkdNMVZHUlRsUVVUMDk=
성공하게 된다!