- Earth,Solar system,Milky Way
- 904756917@qq.com
- https://daolgts.github.io
-
bytectf2019 wp
web ezcms www.zip 得到题目源码 hash 长度拓展攻击 首先是简单的 hash 长度拓展攻击,成为 admin 1 2 3 4 5 6 7 8 9 from hashpumpy import...
writeup Published {{moment(1568800623000).fromNow()}} -
SUCTF2019 wp
web CheckIn .user.ini 构成后门文件 这里用了 asp_tags 绕过 <? ,也可以使用 <script language='php'> easyphp 1 2 3 4 5 ...
writeup Published {{moment(1567001388000).fromNow()}} -
西湖论剑2019 wp
web babyyt3 查看页面源代码发现提示 dir.php 利用 php://filter/read=convert.quoted-printable-encode/resource= 伪协议来读php文件的源码 index.php 1 2 3 ...
writeup Published {{moment(1554728326000).fromNow()}} -
安恒2月赛my email的imap_open() RCE
0x00 前言 2019安恒2月月赛的my email题目,自己做的时候没有思路,看了wp才了解是imap_open() RCE漏洞 0x01 imap_open() imap_open() 是php来处理邮件的函数 题目利用的 imap_open() 漏洞,第一个参...
writeup Published {{moment(1552055068000).fromNow()}} -
SWPUCTF wp
用优惠码 买个 X ? source.php 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 ...
writeup Published {{moment(1548680598000).fromNow()}} -
LCTF wp
2018LCTF bestphp’s revenge 思路:session反序列化->soap类(ssrf+crlf)->call_user_func激活soap类 index.php 1 2 3 4 5 6 7 8 9 ...
writeup Published {{moment(1547644374000).fromNow()}} -
省赛_上海大学生ctf_HCTF wp
省赛科来杯 Misc Crack it 给了个shadow文件,使用 john (kali自带)破解 进制转换 写python脚本转化下 1 2 3 4 5 6 7 8 9 10 11 12 13 ...
writeup Published {{moment(1542123119000).fromNow()}} -
中科大hackergame2018 wp
签到题 提交 hackergame2018 ,但表单限制了长度,在url里补全就可以 猫咪问答 真·了解校史 并不是web题 游园会的集章卡片 拼图 猫咪和键盘 下载得到的源码分块平移一下得到正常的源码 按源码中给出的命令编译一下,运行得到fla...
writeup Published {{moment(1539693582000).fromNow()}} -
picoCTF wp
HEEEEEEERE’S Johnny! 给了passwd和shadow文件,就是破解linux用户密码 passwd 1 root:x:0:0:root:/root:/bin/bash shaodw 1 ro...
writeup Published {{moment(1539587096000).fromNow()}} -
护网杯 wp
迟来的签到题 easy xor??? 提示xor,base64解码后异或 写个脚本爆破下 1 2 3 4 5 6 7 8 9 10 import base64 str=base64.b64decode(&...
writeup Published {{moment(1539440390000).fromNow()}} -
9月 CTF wp
noxCTF web Reference 改下reference头 MyFileUploader 文件名写两次php hiddenDOM 查看页面源代码,有段混淆了的js和提示了flag位置 1 2 3 4 5 ...
writeup Published {{moment(1537885286000).fromNow()}} -
unset_记一道CTF题
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 ...
writeup Published {{moment(1536143236000).fromNow()}} -
Overthewire natas wp
url : http://overthewire.org/wargames/natas/ level 1 gtVrDuiDfck831PqWsLEZy5gyDz1clto level 2 ZluruAthQk7Q2MqmDeTiUij2ZvWy2mBi ...
writeup Published {{moment(1535611909000).fromNow()}} -
Overthewire bandit wp
看着网上的攻略和视频把这个通关了,学到了linux和git的命令,挺有意思的,一些简单的关卡就不写了,只写写学到的姿势 url : http://overthewire.org/wargames/bandit/ level 1 每一关都需要找到ssh密码或者密钥文...
writeup Published {{moment(1534747674000).fromNow()}} -
8.12-8.18 ctf wp
原来的一道题的增强版,考察条件竞争,一直没做出来 http://202.112.51.184:9005 php伪协议读源码 1 http://202.112.51.184:8004/index.php?page=php://filter/read=co...
writeup Published {{moment(1534662688000).fromNow()}} -
省赛培训班wp
web贪吃蛇 查看源码 1 2 3 4 5 6 7 8 9 10 11 12 13 //对话 if (len <= 60 && len % 10 == 0 ) {...
writeup Published {{moment(1533544408000).fromNow()}} -
杭电hgame wp
Are you from Europe? 描述 证明血统的时候到了 URL http://123.206.203.108:10001/European.html 点金链接自己先抽了好多次,并没有ssr,看到“只有拥有 SSR 的真正欧皇才配兑换 flag ...
writeup Published {{moment(1517733035000).fromNow()}} -
实验吧 wp
实验吧 后台登陆 http://www.shiyanbar.com/ctf/2036 题目链接 http://ctf5.shiyanbar.com/web/houtai/ffifdyop.php 页面源代码中有提示 1 2 3 ...
writeup Published {{moment(1517646231000).fromNow()}} -
NCTF wp
1. NCTF php decode 见到的一个类似编码的shell,请解码 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 <?php function...
writeup Published {{moment(1517559831000).fromNow()}}