WebFTP
https://github.com/wifeat/WebFTP
根据github的源码,去对网站进行分析,有写到初始账号
但是题目改了密码,登不进
然后下载到题目的Config.php.bak,看到版本是v2.3
出现了git泄漏,无法下载到文件,但是看到了目录结构
找到探针
http://114.115.185.167:32770/Readme/mytz.php
http://114.115.185.167:32770/Readme/mytz.php?act=phpinfo
直接找到flag
pklovecloud
源码:
<?php
include 'flag.php';
class pkshow
{
function echo_name()
{
return "Pk very safe^.^";
}
}
class acp
{
protected $cinder;
public $neutron;
public $nova;
function __construct()
{
$this->cinder = new pkshow;
}
function __toString()
{
if (isset($this->cinder))
return $this->cinder->echo_name();
}
}
class ace
{
public $filename;
public $openstack;
public $docker;
function echo_name()
{
$this->openstack = unserialize($this->docker);
$this->openstack->neutron = $heat