MISC杂项签到
http://139.224.54.27/webco1a/+_+.pcapng
用wireshark打开流量包,追踪TCP流,发现是一个webshell的流量,看到webshell控制端查看了远程服务器上的两个关键文件:function.py和flag
cat function.py:
#!/usr/bin/env python
# coding:utf-8
__author__ = 'Aklis'
from Crypto import Random
fromCrypto.Cipher import AES
import sys
import base64
def decrypt(encrypted, passphrase):
IV = encrypted[:16]
aes = AES.new(passphrase, AES.MODE_CBC, IV)
returnaes.decrypt(encrypted[16:])
def encrypt(message, passphrase):
IV = message[:16]
length = 16
count = len(message)
padding = length - (count % length)
message = message + '\0' * padding
aes = AES.new(passphrase, AES.MODE_CBC, IV)
returnaes.encrypt(message)
IV = 'YUFHJKVWEASDGQDH'
message = IV + 'flag is hctf{xxxxxxxxxxxxxxx}'
printlen(message)
example = encrypt(message, 'Qq4wdrhhyEWe4qBF')
print example
example = decrypt(example, 'Qq4wdrhhyEWe4qBF')
print example
cat flag:
mbZoEMrhAO0WWeugNjqNw3U6Tt2C+rwpgpbdWRZgfQI3MAh0sZ9qjnziUKkV90XhAOkIs/OXoYVw5uQDjVvgNA==
flag明显是个base64编码后的字符串,将其解码后再用function.py和decrypt函数解密:
运行得到flag
Web2099年的flag
由ios99想到改user-agent,抓包改一下
WebRESTFUL
先用PUT方法传个参
查了一下RESTful,发现是一种web软件架构,是一种分层结构