No video
Type Juggling Magic: Why PHP thinks 0 and "password" are the same [Capture The Flag Fundamentals]
Рет қаралды 6,044
Күн бұрынWhen you declare a variable in PHP, you don’t need to define its type - you just declare it. If variables are used as part of a comparison, in order to compare them, PHP needs to guess what those variables represent. After making this guess, PHP will convert the variables to some common data type to then perform the actual comparison.
This can result in unexpected behaviour, which as we’ve seen before and from a security is perspective is almost always a bad idea.
🏆 The 247CTF channel is dedicated to teaching Capture The Flag fundamentals. If you want to improve your technical skills and succeed in Capture The Flag competitions, make sure to subscribe!
🏁 The 247CTF is a free Capture The Flag learning environment where you can improve your technical skills by solving challenges and recovering flags. You can join now for free at 247CTF.com/.
📺 Subscribe for more Capture The Flag videos!
🏆 Solve CTF Challenges ➝ 247CTF.com/
🐦Stay up to date ➝ / 247ctf
🥰 Support the 247CTF ➝ / 247ctf
💬 Discuss and learn ➝ / discord
📌Free flag ➝ 247CTF{9719c5ddf317154473d334f47a77ac6a}
📝 Icons made by Freepik & Monkik from Flaticon.com
🚨 247CTF’s channel videos are intended for educational purposes only. Methods and techniques discussed are not to be used for illegal activities against unauthorised systems.
@247CTF 4 жыл бұрын
👍 Liking this video will increase your ability to solve CTF challenges by 0e100000% 👍
@RhyanGarrison 4 жыл бұрын
Always use that === for strict comparison with PHP!
@247CTF 4 жыл бұрын
Equality vs identity 👌
@bourbon3406 4 жыл бұрын
Didn't know 247CTF had a channel! This is cool. Subbed
@andkiek 4 жыл бұрын
Love this channel!
@zerosploit 4 жыл бұрын
More please! I love the videos
@247CTF 4 жыл бұрын
Ok.. Will release a new video today since you asked so nicely 🤘
@zerosploit 4 жыл бұрын
@@247CTF i cant wait
@louisbarasa5741 4 жыл бұрын
Neat stuff🔥🔥🔥.
@247CTF 4 жыл бұрын
Thanks 🔥
@ctfs09 Жыл бұрын
I guess you need to release new version of this video
@247CTF Жыл бұрын
You think everyone has updated?
@ctfs09 Жыл бұрын
@@247CTF sooner or later they will and they have to
@nameless3704 3 жыл бұрын
Great Video! What about that? if ($user_input == substr(md5($user_input), 0, 24)
@247CTF 3 жыл бұрын
It shouldn't make any difference right? The leading bytes enable this 'attack', not the trailing bytes.
@nameless3704 3 жыл бұрын
@@247CTF yeah, you're right. I've figured it out this challenge today. I've wrote a python script that is able to brute force a string that begin with '0e' and if also his md5 begin '0e' it return the strings that satisfies the condition. The string in question is: 0e1111111223334448888 --> md5 hash: 0e876388751226915717729537293291 Thank you so much for your reply.
@247CTF 3 жыл бұрын
Nice work!
247CTF
Рет қаралды 6 М.
SALEM EPISODES
Рет қаралды 669 М.
247CTF
Рет қаралды 7 М.
CryptoCat
Рет қаралды 3,6 М.
Intigriti
Рет қаралды 1,8 М.
Penetration Testing In Arabic (Mosaa)
Рет қаралды 1,4 М.