Mirrors/hacktricks
2
0
Fork 0
mirror of https://github.com/carlospolop/hacktricks synced 2024-11-15 01:17:36 +00:00
Code Issues Projects Releases Packages Wiki Activity

GitBook: [master] one page modified

Browse source
This commit is contained in:
CPol 2021-04-17 15:00:15 +00:00 committed by gitbook-bot
parent 01eced859f
commit f2ef309097
No known key found for this signature in database
GPG key ID: 07D2180C7B12D0FF
1 changed files with 15 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
pentesting/pentesting-web/php-tricks-esp/README.md
View file

@ -127,6 +127,21 @@ When you have the **usernames** of teh users of the machine. Check the address:
\*\*\*\*[**LFI and RCE using php wrappers**](../../../pentesting-web/file-inclusion/)\*\*\*\*
### **password\_hash/**password\_verify
This functions are typically used in PHP to **generate hashes from passwords** and to to **check** if a password is correct compared with a hash.
The supported algorithms are: `PASSWORD_DEFAULT` and `PASSWORD_BCRYPT` \(starts with `$2y$`\). Note that **PASSWORD\_DEFAULT is frequently the same as PASSWORD\_BCRYPT.** And currently, **PASSWORD\_BCRYPT** has a **size limitation in the input of 72bytes**. Therefore, when you try to hash something larger than 72bytes with this algorithm only the first 72B will be used:
```php
$cont=71; echo password_verify(str_repeat("a",$cont), password_hash(str_repeat("a",$cont)."b", PASSW
False
$cont=72; echo password_verify(str_repeat("a",$cont), password_hash(str_repeat("a",$cont)."b", PASSW
True
```
\*\*\*\*
## Code execution
**system\("ls"\);