- 博客(19)
- 资源 (1)
- 收藏
- 关注
RSS订阅原创 BUUCTF [*CTF2019]otaku
One day,you and your otaku friend went to the comic expo together and he had a car accident right beside you.Before he died,he gave you a USB hard disk which contained this zip.Please find out his last wish.提示:The txt is GBK encoding.首先这道题 原题提示了编码是GBK..
2020-09-25 17:32:27
1712
1
原创 序列化 反序列化 那些函数的执行顺序
<?php class test{ public $name = 'P2hm1n'; function __construct(){ echo "__construct()"; echo "<br><br>"; } function __destruct(){ echo "__destruct()"; echo "<br><br>"; }.
2020-09-14 17:17:03
623
原创 攻防世界:反序列化 Web_php_unserialize
<?php class Demo { private $file = 'index.php'; public function __construct($file) { $this->file = $file; } function __destruct() { echo @highlight_file($this->file, true); } function __wakeup() { .
2020-09-14 16:52:28
500
原创 [网鼎杯 2020 青龙组]AreUSerialz
<?phpinclude("flag.php");highlight_file(__FILE__);class FileHandler { protected $op; protected $filename; protected $content; function __construct() { $op = "1"; $filename = "/tmp/tmpfile"; $content = "He.
2020-09-13 19:27:52
104
原创 [安洵杯 2019]easy_serialize_php
上来就给源码<?php$function = @$_GET['f'];function filter($img){ $filter_arr = array('php','flag','php5','php4','fl1g'); $filter = '/'.implode('|',$filter_arr).'/i'; return preg_replace($filter,'',$img);}if($_SESSION){ unset($_SESSIO
2020-09-13 17:24:09
140
原创 [网鼎杯 2020 朱雀组]phpweb 待续
抓包看参数 联想到函数 读index.php代码func=file_get_contents&p=index.php<?php $disable_fun = array("exec","shell_exec","system","passthru","proc_open","show_source","phpinfo","popen","dl","eval","proc_terminate","touch","escapeshellcmd","escapesh...
2020-09-13 17:10:27
511
原创 MISC 拼图 工具 linux下使用
https://github.com/nemanja-m/gaps下载后将文件夹解压放入虚拟机进入目录安装这几个pip install matplotlibpip install numpypip install opencv-pythonpip install pytestpip install pillow每个装完后记录对应的版本后然后在requirement.txt里改成自己的版本号numpy==改opencv-python==改matplotlib...
2020-09-12 22:35:14
478
原创 [WUSTCTF2020]朴实无华
浏览器标题有乱码 编码调成unicoderobots.txt : /fAke_f1agggg.php访问后啥也没有 用burp看 这里必须采用代理拦截 不拦截啥都看不到burp里右边响应头里有提示,/fl4g.php然后代码审计//level1if(isset($_GET['num'])){$num=$_GET['num'];if(intval($num)<2020&&intval($num+1)...
2020-09-12 20:00:31
230
原创 GWCTF 2019]枯燥的抽奖
php伪随机<?php#这不是抽奖程序的源代码!不许看!header("Content-Type:text/html;charset=utf-8");session_start();if(!isset($_SESSION['seed'])){$_SESSION['seed']=rand(0,999999999);}mt_srand($_SESSION['seed']);$str_long1="abcdefghijklmnopqrstuvwxyz0123456789ABCDEF...
2020-09-12 16:13:00
519
原创 [NPUCTF2020]ReadlezPHP 看答案懂了
看代码./time.php?source<?php#error_reporting(0);classHelloPhp{public$a;public$b;publicfunction__construct(){$this->a="Y-m-dh:i:s";$this->b="date";}publicfunction__destruct(){$a=$...
2020-09-12 13:07:00
518
原创 2020-09-12duangshell
</head><body><center><h1>珍爱网</h1></center></body></html><?phperror_reporting(0);echo"how can i give you source code? .swp?!"."<br>";if(!isset($_POST['girl_friend'])) {die(...
2020-09-12 13:03:03
296
原创 极客大挑战 2019]RCE ME
给了源码,过滤了大小写数字,小于40长度error_reporting(0);if(isset($_GET['code'])){$code=$_GET['code'];if(strlen($code)>40){die("ThisistooLong.");...
2020-09-12 10:35:58
297
原创 [GKCTF2020]EZ三剑客-EzWeb
打开后看源代码下边提示?secret 随意提交一个参数,看回显一堆ip信息类似ipconfigssrf
2020-09-12 09:56:33
214
1
原创 [MRCTF2020]套娃 看答案几乎懂了
代码审计 绕过 _ 可以用空格或者点.<!--//1st$query = $_SERVER['QUERY_STRING'];if( substr_count($query, '_') !== 0 || substr_count($query, '%5f') != 0 ){ die('Y0u are So cutE!');}if($_GET['b_u_p_t'] !== '23333' && preg_match('/^23333$/', $_GET['b_...
2020-09-12 09:00:18
811
原创 [CISCN2019 华北赛区 Day1 Web5]CyberPunk
查看页面源代码,在下方发现提示,?file= 使用php伪协议,读index.php,base64转码,下边是原来的源代码,解码后看上边的,从原始代码中可以看到其它几个php文件顺便把他们也读了index.php<?phpini_set('open_basedir', '/var/www/html/');// $file = $_GET["file"];$file = (isset($_GET['file']) ? $_GET['file'] : null);if (isse..
2020-09-11 21:08:53
185
空空如也
TA创建的收藏夹 TA关注的收藏夹
TA关注的人