Anyone able to figure this one out and can give a hint? The path doesn’t seem to be magic hashes as I have tried all the sha256 magic hashes I could find.
Any one get anywhere with this? No idea how to solve this up to now…
Finally got it…A hint for anyone else coming across this is make sure you follow through and understand exactly what the source code is doing…
When considering the problem with Krelkripto, it may be worth considering non-standard encryption methods or using other cryptography methods besides SHA256 hashing. Try to consider other encryption algorithms or cryptography approaches that could be used in this context.
So it is more than just the hashing algorithms? I have tried all of the magic numbers from the provided github list and it doesnt yield any success. is there something else to add onto? not sure what is missing here.
I don’t understand what you are saying
Have you solved it?
Any more “hints”? I did read the code. Can’t get the gimmick. Is it in the password even?
After wasting almost a day i found that the solution is soo simple… no need for different algorithms etc… just dont assume that the username is admin…
If you’re still stuck, then consider the array of possibilities that could get you pass the authentication
I have solved the exercise. For me the key to the exercise was to understand this piece of code from profile.php
:
if(strpos($_SESSION['username'], 'admin') != false) {
$content = get_admin_info();
}
In short the strpos
function checks if the word admin
is included in the value of $_SESSION['username']
. That means that if you provide a username
with the value Hello_admin_64
you would get a true
.
Looking at the rest of the code you can see that when you enter a non-existent username
like Hello_admin_64
you get a null
. I think this hint is more than enough to solve the exercise.