I have to guess the name of a pdf file in a server that everyday change:
03 October
link ..../dlpdf.php?pdf=0910039mKuKImq.pdf
04 October
link ..../dlpdf.php?pdf=0910048NOY6179.pdf
As you can see the first 6 digits represent the day and the other 8 digits change everyday.
I'm quite sure that there are some relations about these digits but I can't understand what:
091003 ---> 9mKuKImq
091004 ---> 8NOY6179
Do you see anything ?!?
Differential analysis
6 posts • Page 1 of 1
Differential analysis
by giudf on Sun Oct 04, 2009 1:45 pm
([msg=30433]see Differential analysis[/msg])
- giudf
- New User
- Posts: 11
- Joined: Thu Oct 01, 2009 4:09 pm
Re: Differential analysis
by Goatboy on Sun Oct 04, 2009 3:26 pm
([msg=30439]see Re: Differential analysis[/msg])
If you can look at the underlying PHP code that is generating the name, that could reveal a pattern.
Mundus Vult Decipi
-
Goatboy - Moderator
- Posts: 123
- Joined: Mon Jul 07, 2008 9:35 pm
Re: Differential analysis
by sanddbox on Sun Oct 04, 2009 3:45 pm
([msg=30442]see Re: Differential analysis[/msg])
Collect more data first of all.
____________________________________________________________________________________
Make easy money! - http://tinyurl.com/y9xopqb
Make easy money! - http://tinyurl.com/y9xopqb
- sanddbox
- Poster
- Posts: 155
- Joined: Sat Jul 04, 2009 5:20 pm
- Location: To noobs: <hr> for easy xss testing.
Re: Differential analysis
by giudf on Mon Oct 05, 2009 3:41 am
([msg=30476]see Re: Differential analysis[/msg])
2day the 5th October the link is
link ..../dlpdf.php?pdf=091005euEefdJU.pdf
So the summary is:
091003 ---> 9mKuKImq
091004 ---> 8NOY6179
091005 ----> euEefdJU
Any realtionship ?!?
I'm becoming crazy
link ..../dlpdf.php?pdf=091005euEefdJU.pdf
So the summary is:
091003 ---> 9mKuKImq
091004 ---> 8NOY6179
091005 ----> euEefdJU
Any realtionship ?!?
I'm becoming crazy
- giudf
- New User
- Posts: 11
- Joined: Thu Oct 01, 2009 4:09 pm
Re: Differential analysis
by Goatboy on Mon Oct 05, 2009 9:05 am
([msg=30480]see Re: Differential analysis[/msg])
giudf wrote:2day the 5th October the link is
link ..../dlpdf.php?pdf=091005euEefdJU.pdf
So the summary is:
091003 ---> 9mKuKImq
091004 ---> 8NOY6179
091005 ----> euEefdJU
Any realtionship ?!?
I'm becoming crazy
I have an idea of what may be going on:
When you upload a file via a PHP script, the file must first be saved under a temporary directory, usually /tmp. While in this directory, it also has a temporary, randomly-generated name. For example, if you upload alaska.jpg, it may become /tmp/eR5d12fg.jpg before it can be saved. What may be happening is the PHP is making the final name be the six-digit date plus the randomly-generated temporary name.
The reason I say this is because, although I am no cryptographer, I can't see any correlation in the names, except that they all have 8 places. Does this idea make sense to anyone else?
Mundus Vult Decipi
-
Goatboy - Moderator
- Posts: 123
- Joined: Mon Jul 07, 2008 9:35 pm
Re: Differential analysis
by faazshift on Mon Oct 05, 2009 9:42 am
([msg=30484]see Re: Differential analysis[/msg])
Goatboy wrote:When you upload a file via a PHP script, the file must first be saved under a temporary directory, usually /tmp. While in this directory, it also has a temporary, randomly-generated name. For example, if you upload alaska.jpg, it may become /tmp/eR5d12fg.jpg before it can be saved. What may be happening is the PHP is making the final name be the six-digit date plus the randomly-generated temporary name.
The reason I say this is because, although I am no cryptographer, I can't see any correlation in the names, except that they all have 8 places. Does this idea make sense to anyone else?
Yeah, that definitely seems like whats going on. Or at least the characters look like they were randomly generated to uniquely identify the file.
- faazshift
- New User
- Posts: 35
- Joined: Wed Jun 03, 2009 3:55 pm
- Location: Riverton, Utah
6 posts • Page 1 of 1
Who is online
Users browsing this forum: No registered users and 0 guests