Hackthissite Basic-Writeup
来源:互联网 发布:对阿里云的理解 编辑:程序博客网 时间:2024/05/01 06:29
Address:
www.hackthissite.org
Recently , I just writeup some simple CTF at www.hackthissite.org
The Basic Missions Writeup:
Basic-1:
lookup the source of the page
Basic-2:
when you looked up the source , you might realize ...
just remenber ,there is no password file ...
Basic-3:
lookup the source of the page , you will find a password.php , just open it.
Basic-4:
lookup the source , you will find the password could be mailed to someone's E-mail
So , just change the E-mail address into yours ...
Basic-5:
The same as 4th.
Basic-6:
the top one function , is to encrypet the word , you can just have a try .
the encrypetion is : the No.X word will be add X-1
eg. 123 => 135
Basic-7:
Notice , this is Mentioned as : the system is Unix
Unix command will be used :
;ls -a
And the password file shown
Basic-8:
Notice , this web is made by PHP
The php script command might work :
<!--#exe cmd = "ls .."-->
And the password file shown
basic-9:
the same as 8th.
But the 8th page will be used .
<!--#exe cmd = "ls ../../9"-->
Basic-10:
It might be difficult at the first ;
lookup your cookies , you will find one named with '10' , yes , that's it !
all you need to do , is changing the vaule into 'yes'
Here is the javascript to achieve it .
javascript:document.cookie='level10_authorized=yes'
Basic-11:
Refresh the page at some times , you will find the name of the song always be changed ;
Then you could test whether there is any other page.
When you input "index.php";
There is an authentication page .
So , in the same way there might be some other files .
Take some try :
/a /b /c /e
and you will find a way with /e
( Search the song you may find , all of the songs are singed by one person : Elton John )
follow the folder and you will find /e/l/t/o/n/
and you might think there must be some files which are Hidden !!
try to input '.'
there is a PHP script , it hides two files :
DaAnswer.* .htaccess
The answer is in .htaccess
www.hackthissite.org
Recently , I just writeup some simple CTF at www.hackthissite.org
The Basic Missions Writeup:
Basic-1:
lookup the source of the page
Basic-2:
when you looked up the source , you might realize ...
just remenber ,there is no password file ...
Basic-3:
lookup the source of the page , you will find a password.php , just open it.
Basic-4:
lookup the source , you will find the password could be mailed to someone's E-mail
So , just change the E-mail address into yours ...
Basic-5:
The same as 4th.
Basic-6:
the top one function , is to encrypet the word , you can just have a try .
the encrypetion is : the No.X word will be add X-1
eg. 123 => 135
Basic-7:
Notice , this is Mentioned as : the system is Unix
Unix command will be used :
;ls -a
And the password file shown
Basic-8:
Notice , this web is made by PHP
The php script command might work :
<!--#exe cmd = "ls .."-->
And the password file shown
basic-9:
the same as 8th.
But the 8th page will be used .
<!--#exe cmd = "ls ../../9"-->
Basic-10:
It might be difficult at the first ;
lookup your cookies , you will find one named with '10' , yes , that's it !
all you need to do , is changing the vaule into 'yes'
Here is the javascript to achieve it .
javascript:document.cookie='level10_authorized=yes'
Basic-11:
Refresh the page at some times , you will find the name of the song always be changed ;
Then you could test whether there is any other page.
When you input "index.php";
There is an authentication page .
So , in the same way there might be some other files .
Take some try :
/a /b /c /e
and you will find a way with /e
( Search the song you may find , all of the songs are singed by one person : Elton John )
follow the folder and you will find /e/l/t/o/n/
and you might think there must be some files which are Hidden !!
try to input '.'
there is a PHP script , it hides two files :
DaAnswer.* .htaccess
The answer is in .htaccess
0 0
- Hackthissite Basic-Writeup
- Hackthissite Javascript-Writeup
- HackThisSite/Basic 1解决方案
- HackThisSite/Basic 2解决方案
- HackThisSite/Basic 3解决方案
- HackThisSite/Basic 4解决方案
- HackThisSite/Basic 5解决方案
- HackThisSite/Basic 6解决方案
- HackThisSite/Basic 7解决方案
- hackthissite basic 1-11
- hackthissite(Basic missions level1-10)攻略
- hackthissite-basic(1~11)全攻略
- JarvisOJ basic部分WriteUp
- Jarvis OJ writeup Basic
- ISCC2014 Basic(基础关)Writeup
- hackthissite realistic mission 1
- hackthissite realistic mission 2
- Hackthissite realistic 6
- git cmd list 5
- Linux 系统下的 proc 目录
- spring 常缺的包
- node.js认识学习四:node之初之体验
- 第三章 数据预处理
- Hackthissite Basic-Writeup
- hdu 2033 人见人爱A+B (java)
- 文件描述符合套接字有什么关系???
- OC语言内存管理
- C++静态库与动态库
- 使用Docker registry镜像创建私有仓库
- IDF实验室:包罗万象--图片里的英语
- C++友元(1) - 友元类与友元函数
- Maxwin-z/XListView-Android(下拉刷新上拉加载)源码解析(二)
