3dub 4 rememberme write up - to know to do
You access to the URL below:
Then you see 3 links to other pages in the server below:
usernames.txt, passwords.txt, login form
links to username.txt and passwords.txt has same structure like below:
- http://rememberme.shallweplayaga.me/getfile.php?filename=[filename]&accesscode=[some_values(hex)]
access to usernames.txt looks succeed, but access to passwords.txt looks failed
accesscodes in the link to usernames.txt and passwords.txt are same, but only access to the link of usernames.txt is succeeded.
Specified access code was 60635c6862d44e8ac17dc5e144c66539.
This value is the MD5 hash of filename ( in this case, MD5 hash value of string "usernames.txt" ).
You can obtain the value of this filename string as the example command below(I executed the command on the Linux):
you will get the value 60635c6862d44e8ac17dc5e144c66539 as a result.
$ echo -n usernames.txt | md5sum
You can obtain the file by using getfile.php .