![](https://img-blog.csdnimg.cn/20201014180756925.png?x-oss-process=image/resize,m_fixed,h_64,w_64)
OverTheWire
文章平均质量分 89
小莫神和他的的
这个作者很懒,什么都没留下…
展开
-
OverTheWire的natas游戏(21-34)
natas solution(21-34)Natas Level 20 → Level 21Username: natas21URL: http://natas21.natas.labs.overthewire.org这一关涉及到一个共享session的知识点,算是本关的收获吧。进入页面后看到提示Note: this website is colocated with http://natas21-experimenter.natas.labs.overthewire.org在看原创 2021-07-18 10:33:02 · 703 阅读 · 6 评论 -
OverTheWire的natas游戏(13-20)
natas solution(13-20)Natas Level 12 → Level 13Username: natas13URL: http://natas13.natas.labs.overthewire.org这一关和上一关非常相似,不同的在于<?phpif(array_key_exists("filename", $_POST)) { $target_path = makeRandomPathFromFilename("upload", $_POST["fil原创 2021-07-08 13:45:37 · 275 阅读 · 0 评论 -
natas solution(12)
natas solution(12)Natas Level 11 → Level 12Username: natas12URL: http://natas12.natas.labs.overthewire.org这一关还算简单,不过对于思想上又有一些启发。首先进入界面是选择一个文件并且上传,那么我们可以试着上传一个后门看看,编写payload<?phppassthru('cat /etc/natas_webpass/natas13');?>上传发现被改成了 xxxx原创 2021-07-04 18:04:21 · 130 阅读 · 3 评论 -
OverTheWire的natas游戏(11)
natas solution(11)Username: natas11URL: http://natas11.natas.labs.overthewire.org全部的源码就不放上来了,实在有点多<?$defaultdata = array( "showpassword"=>"no", "bgcolor"=>"#ffffff");$data = loadData($defaultdata);if(array_key_exists("bgcolor",$_REQ原创 2021-07-04 16:05:59 · 159 阅读 · 2 评论 -
OverTheWire的natas游戏(6-10)
natas solution(6-10)Natas Level 5 → Level 6Username: natas6URL: http://natas6.natas.labs.overthewire.org这一关不难,但是有一点可以讲一讲的。进去之后要我们往框框里输入东西后提交。不过旁边就有源码,直接看看源码吧<?include "includes/secret.inc";if(array_key_exists("submit", $_POST)) { if($s原创 2021-07-02 17:07:39 · 171 阅读 · 1 评论 -
OverTheWire的natas游戏(0-5)
natas solution(0-5)这是一个关于web安全的闯关游戏,通过闯关学习相关知识Natas teaches the basics of serverside web-security.Each level of natas consists of its own website located at http://natasX.natas.labs.overthewire.org, where X is the level number. There is no SSH login. To原创 2021-06-28 13:40:38 · 214 阅读 · 1 评论 -
OverTheWire的bandit游戏(21-34)
bandit solution(21-34)Bandit Level 20 → Level 21Level GoalThere is a setuid binary in the homedirectory that does the following: it makes a connection to localhost on the port you specify as a commandline argument. It then reads a line of text from the原创 2021-06-25 19:21:28 · 759 阅读 · 0 评论 -
OverTheWire的bandit游戏(11-20)
bandit solution(11-20)Bandit Level 10 → Level 11Level GoalThe password for the next level is stored in the file data.txt, which contains base64 encoded data这一题非常的简单只需要简单的使用base64解码即可andit10@bandit:~$ lsdata.txtbandit10@bandit:~$ cat data.txtVGhlIHB原创 2021-06-19 23:41:31 · 1056 阅读 · 1 评论 -
OverTheWire的bandit游戏(0-10)
bandit solution(0-10)这是一个Linux command教学游戏Bandit Level 0Level GoalThe goal of this level is for you to log into the game using SSH. The host to which you need to connect is bandit.labs.overthewire.org, on port 2220. The username is bandit0 and the pass原创 2021-06-12 20:17:09 · 622 阅读 · 1 评论