附件:apache2.log
下载一看,一堆乱码,看样子是base64编码
写个python脚本解码一下
import base64
import re
import urllib.parse
logs = ''
with open('D:\\download\\ctf\\Apache2-hard.log', 'r') as f:
for line in f.readlines():
re_b64 = base64.b64decode(line.encode()).decode()
re_url = urllib.parse.unquote(re_b64)
logs += re_url
print(logs)
看结果,应该是sql bool盲注的流量,什么是bool盲注自行移步SQL注入 · 语雀 (yuque.com)
总之,根据sql注入的原理,我们要捕获如下的值
再度编写python脚本提取这部分的值
import base64
import re
import urllib.parse
logs = ''
p = re.compile(r'!=(\d+),')
with open('D:\\download\\ctf\\Apache2-hard.log', 'r') as f:
for line in f.readlines():
re_b64 = base64.b64decode(line.encode()).decode()
re_url = urllib.parse.unquote(re_b64)
logs += re_url
res = [chr((int(x))) for x in p.findall(logs)]
print(''.join(res))
拿到flag:flag{dhasiudg2332136}