0x01. Enter the environment , View content

Pictured , Prompt whether the authentication is successful

Use dirsearch Make a sweep , Found to have index.php You can visit

0x02. Problem analysis

0x02_1. Source audit

Try http://61.147.171.105:53836/index.php, Still prompt whether the authentication is successful , The title says PHP2, Guess if index.phps.
Access link ：http://61.147.171.105:53836/index.phps, To present php Source code , Pictured ：

Code audit ：

1. Direct in id by admin Echo directly not allowed
2. When it comes to url Encoding admin, The function can echo Access granted Other results
3. It should be noted that , The browser can directly decode the results after one encoding
   therefore , The idea of the post audit topic is to make admin Carry out secondary coding .

0x02_2. Solve the problem

Use burpsuite Encoding , Pictured ：

Carry out secondary coding , Got admin The secondary code of is ：%25%36%31%25%36%34%25%36%64%25%36%39%25%36%65
Bring it to url Input in ：http://61.147.171.105:53836/index.php?id=%25%36%31%25%36%34%25%36%64%25%36%39%25%36%65, The results are shown in the figure ：

The final answer is ：cyberpeace{a42c178d69b50f367135a2b6e0c90ecb}