Looking into the PHP code and decoding hexadecimal

If I now check console/index.phps I can see PHP code and how it is working in regards to users, passwords, cookies and mfa

I can also look at console/functions.phps While looking through this I see that there is a config.php, im going to add the (s). Under function I can see the user is described in hexadecimal (bin2hex) but below that when returning $user there was no function or definition for LOGIN_USER. So i decided to check out the php page

"@fred lets talk about ways to make this more secure but still flexible"

below that is a function – The function is saying if the hash of the password inputted is valid, return the substring of the hash with the last 3 digits equal to '001'

In config.phps page – Login user is clearly defined in hexadecimal. Initially I was going to save it somewhere but I can actually decode it in my terminal with echo (hexadecimal)

echo (hexadecimal) | xxd -r -p"

xxd creates a hex dump of a given file or standard input. It can also convert a hex dump back to its original binary form.

-r reverses it and -p prints it out.

PreviousRecon NextPython script and Bash script

Last updated 2 years ago