问题
I am trying to follow this post to decrypt a session cookie from a Capture the Flag event as a learning exercise
How to decrypt cookie?
Here is my php script that I put together for the very first time in my life in php
#!/usr/bin/php
<?php
echo 'Hello World!';
$cookie = 'eyJpdiI6ImFUQ0FvMWFSVlNvTmhlQjdLWGw1Z1E9PSIsInZhbHVlIjoicFh6Q09iTDl0K0huWU1Nc1NYVmxSY2hPRGU5Vk85dDJyYUpRbUVjRWg5R0JxYkVobkF3YkZVcVQrakFFUmxaVnZrTjFST3F3RTZ4akpDZEpvUFJiQXc9PSIsIm1hYyI6IjlhYmJhMTY3MWMxYWI3YjJmNmFjMmNkZWE0MWZmMmVhNTNiMjI5ZWY3NzUwNzQ0ZjAzMGQ1ZGU0YzVhNjJmZGYifQ==';
$cookie_contents = json_decode( base64_decode( $cookie, true ));
print_r($cookie_contents);
$value = base64_decode( $cookie_contents->value );
var_dump($value);
$iv = base64_decode( $cookie_contents->iv );
var_dump($iv);
$clear = unserialize(openssl_decrypt($value, \Config::get( 'app.cipher' ), \Config::get( 'app.key' ), OPENSSL_RAW_DATA, $iv));
var_dump($clear);
echo "Cookie contents (Session ID): $clearn";
?>
and here is the output with some Errors
Hello World!stdClass Object
(
[iv] => aTCAo1aRVSoNheB7KXl5gQ==
[value] => pXzCObL9t+HnYMMsSXVlRchODe9VO9t2raJQmEcEh9GBqbEhnAwbFUqT+jAERlZVvkN1ROqwE6xjJCdJoPRbAw==
[mac] => 9abba1671c1ab7b2f6ac2cdea41ff2ea53b229ef7750744f030d5de4c5a62fdf
)
ڶ¢PGс©±! "¥|9²,IueEǎ
U¾CuDꮓ¬c$'I
yy"ng(16) "i0£VU*
PHP Fatal error: Class 'Config' not found in /home/code/php/test.php on line 12
I am not able to fix the Fatal Error and I need guidance in how to decrypt a flag hidden in the cookie.
来源:https://stackoverflow.com/questions/55165915/decrypting-non-https-session-cookie-error