CTF
web-easy_sql waf
information绕不过去,使用sqlmap注出表名
靶机
Description: Aragog is the 1st VM of 3-box HarryPotter VM series in which you need to find 2 horcruxes hidden inside the machine (total 8 horcruxes hidden across 3 VMs of the HarryPotter Series) and ultimately defeat Voldemort.
CTF
find_it robots.txt
When I was a child,I also like to read Robots.txt
Here is what you want:1ndexx.php .1ndexx.php.swp
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 <?php $link = mysql_connect('localhost', 'root'); ?> <html> <head> <title>Hello worldd!</title> <style> body { background-color: white; text-align: center; padding: 50px; font-family: "Open Sans","Helvetica Neue",Helvetica,Arial,sans-serif; } #logo { margin-bottom: 40px; } </style> </head> <body> <img id="logo" src="logo.png" /> <h1><?php echo "Hello My freind!"; ?></h1> <?php if($link) { ?> <h2>I Can't view my php files?!</h2> <?php } else { ?> <h2>MySQL Server version: <?php echo mysql_get_server_info(); ?></h2> <?php } ?> </body> </html> <?php #Really easy... $file=fopen("flag.php","r") or die("Unable 2 open!"); $I_know_you_wanna_but_i_will_not_give_you_hhh = fread($file,filesize("flag.php")); $hack=fopen("hack.php","w") or die("Unable 2 open"); $a=$_GET['code']; if(preg_match('/system|eval|exec|base|compress|chr|ord|str|replace|pack|assert|preg|replace|create|function|call|\~|\^|\`|flag|cat|tac|more|tail|echo|require|include|proc|open|read|shell|file|put|get|contents|dir|link|dl|var|dump/',$a)){ die("you die"); } if(strlen($a)>33){ die("nonono."); } fwrite($hack,$a); fwrite($hack,$I_know_you_wanna_but_i_will_not_give_you_hhh); fclose($file); fclose($hack); ?> 然后这TM居然是index.php的源码。。。
代码审计
环境搭建 1、下载laravel5.8版本的框架并在本地启动服务
CTF
前言 日常感谢赵总供题
easyflask 访问/file?file=/app/source获取源码