- 博客(19)
- 收藏
- 关注
原创 R-TEMIS: 1
信息收集netdiscover -r 192.168.1.0/24 主机发现nmap 扫描开启http ssh mysql目录扫描发现easy.txt查看文件 , brainfuck 密文解密,得到一组账号密码登录成功来到Home目录下,发现隐藏的user,passhydra mysql 暴力破解mysql 连接 得到root 密码得到root权限...
2021-06-28 23:04:44 121
原创 vulnhub FIRSTBLOOD: 1 记录
DescriptionA VERY beginner friendly box with a LOT of hand holding.Once the system grabs an IP, head straight to the web port before scanning.You will find your first set of instructions which starts the guided process.Created in Virtualbox.Goal: Get
2020-09-23 21:10:25 175
原创 vulnhub FUNBOX: 1记录
DescriptionBoot2Root ! This is a reallife szenario, but easy going. You have to enumerate and understand the szenario to get the root-flag in round about 20min.This VM is created/tested with Virtualbox. Maybe it works with vmware.If you need hints, ca
2020-09-23 14:39:42 381
原创 vuln KB-VULN: 1记录
DescriptionMachine Level : MediumDescription : ENUMERATION ENUMERATION and ENUMERATION! This VM is running on VirtualBox. And has 2 flags:user.txt and flag.txt.靶机:192.168.34.162端口扫描源码中发现usernamehydra 爆破 ssh ,得到密码登录成功,家目录下就一个用户查看sysadmin 目录,得
2020-09-23 09:43:41 442
原创 vulnhub STAR WARS CTF: 1 记录
DescriptionStar Wars themed CTF for beginnerskali:192.168.157.128靶机:192.168.34.153端口扫描nmap -A -p- 192.168.34.153目录爆破:dirb http://192.168.34.153.提示说 你需要找到密码查看源码发现一串base64 解码发现没有用查看wordpress查看admin发现robots.txt有提示看不懂查看主页的图片,是图片隐写利用工具setgs
2020-09-22 13:36:21 411 1
原创 vulnhub funbox3 记录
Funbox3DescriptionBoot2Root ! Easy going, but with this Funbox you have to spend a bit more time. Much more, if you stuck in good traps. But most of the traps have hints, that they are traps.Have fun...This works better with VirtualBox rather than VMwa
2020-09-21 21:42:05 502
原创 vulnhub Hacker Fest 2019 记录
Hacker Fest 2019DescriptionBack to the TopThe machine was part of my workshop for Hacker Fest 2019 at Prague.Difficulty level of this VM is very “very easy”. There are two paths for exploit it.kali:192.168.34.153靶机:192.168.34.162端口扫描nmap -A -p- 192
2020-09-20 21:18:40 226
原创 vulnhub EVM 记录
DescriptionThis is super friendly box intended for Beginner'sThis may work better with VirtualBox than VMware靶机ip:192.168.34.163kali ip:192.168.34.153端口扫描目录爆破发现/wordpress使用spscan扫描wpscan --url http://192.168.34.163/wordpress --enumerate u暴力破
2020-09-20 13:25:41 170
原创 vulnhub MONITORING: 1 记录
靶机ip 192.168.34.155nmap 扫描访问页面搜索nagios框架利用msf查看设置选项发现USERNAME测试密码为admin,登录成功运行查看权限
2020-09-17 23:01:23 371
原创 vulnhub cherry:1记录
DescriptionDifficulty: EasyTested: VMware Workstation 15.x Pro (This works better with VMware rather than VirtualBox)Goal: Get the root shell i.e.(root@localhost:~#) and then obtain flag under /root).Information: Your feedback is appreciated - Email: s
2020-09-17 20:56:29 368 5
原创 攻防世界 Web_python_template_injection 记录
模板注入:将用户的输入进行渲染,在{{}}里,他将我们的代码进行了执行。' '是一个字符串类型的对象在python中所有类都继承object使用__mor__找到object__subclasses__()找到其所有子类其中<class ‘site._Printer’>包含os模块可以执行系统命令__init__初始化类,__globals__查找所有的方法及变量及参数将os.popen(command)读入字符串最后得到flag...
2020-09-16 21:06:00 106
原创 ctf.show web7,8,10
web7查看列表文章发现?id= 判断为sql注入当有空格时会报错,用/**/绕过,得到注入点盲猜flag from flagweb8测试发现过滤了空格,逗号,and当url判断为真时有回显数据库视角:进行盲注substr(database(),1,1) 等同于substr(database()from 1 for 1)写python 脚本import requestsimport res = r'<h4>If</h4>'flag = ''
2020-09-13 13:30:00 992 2
原创 合天Weekly第二十一周 | 你的空格哪去了
分析代码可以看出是sql注入;首先使用order by 看下有几列,这里空格被过滤使用/**/绕过;当输入4的时候不回显所以为3列提示flag在’falg’表里构造payload:-1’union/**/select/**/1,flag,3/**/from/**/flag#
2020-08-28 17:27:08 756
原创 CTF-论剑场 web21
web21右键查看源代码这里利用php://input 给$user传值,然后利用下面include()函数包含class.phpphp://filter/read=convert.base64-encode/resource=class.php将class.php的源码转换为base64编码;没读出来抓包看一下
2020-08-26 13:51:42 261
原创 合天weekly 17~20 变量覆盖
合天weekly 17~20 变量覆盖第十七周 | 给你扔了串代码首先判断为POST提交,是否$_POST[‘flag’]传参,然后利用foreach()函数遍历get和post传参并进行赋值,最后判断$_POST[‘flag’] !== $flag(这里一定相等,不会成立,所以这里的die($_403) 不会执行),最后输出$flag,并执行die($_200)。foreach遍历post的时候会将$flag的值覆盖,所以我们利用foreach遍历get传参时将$flag的值传给$_200最后执行
2020-08-22 15:05:50 583
空空如也
空空如也
TA创建的收藏夹 TA关注的收藏夹
TA关注的人