Ctfshow web entry information collection

Catalog

web3

​web4

​ web5

  web6

web7

 web8

web9

​web10

 web11

web12​

 web13

 web14

 web15

 web16

​web17​

web18

web19

web20

web3

You can see it by grabbing the bag directly flag

web4

Try to access robots.txt

web5

Topic tips phps Source code leakage

download phps Open the source file

 web6

According to the tip flag Put it in

Check the source code after downloading .

  After submitting, it is found that there is something wrong   Try to visit url/fl000g.txt obtain flag

web7

First, learn about version control

During code development , You often need to modify the source code many times , In this way, multiple versions of the same code are generated , In the development process, it is usually necessary to manage these multiple versions of code , So that it can be done when necessary Code rollback 、 Comparison between multiple versions 、 Multi person collaborative development 、 Code branch 、 Branch merging Wait for the operation .

Such demand exists in large numbers , As software becomes more and more complex 、 More and more code 、 More and more developers are involved , Version management is becoming more and more difficult , At this point, professional software is needed to manage the version , This process is called version control , The software that realizes version control is called version control software .
Common distributed version control software ：Git

Common centralized version control software ：CVS、SVN

visit url/.git

 web8

Same as web7

web9

According to the prompt, we know that there is abnormal shutdown    vim yes Linux A compiler in a system Abnormal shutdown will leave .swp file

web10

According to the tips, you can only examine this question cookie

  Use burp Conduct url decode

 web11

According to the prompt Domain name resolution

web12

Log in and you will see flag

 web13

According to the prompts, find the user manual at the bottom of the page The second page is shown in the figure below

Follow the prompts to visit url/system1103/login.php

The login interface will appear Log in and get flag

 web14

visit url/editor

  See that you can upload files The first reaction is to try to upload the Trojan horse   Then I found that I didn't have upload permission

In the upload space, in var/html/nothinghere Found in the fl000g.txt

 visit  url/nothinghere/fl000g.txt   You can get flag

 web15

The website page can see the administrator's QQ

  Try to add    You can get the location information    And the secret protection problem is the city     Log in after resetting the password   You can get it. flag

 web16

First, let's look at the probe

php Probes are used to probe space 、 Server health and PHP For information , The probe can view the hard disk resources of the server in real time 、 Memory footprint 、 network card Traffic 、 System load 、 Server time and other information

stay phpinfo Mid search flag You can find

 web17

*.sql File is mysql Backup files exported from the database ;

Direct access url/backup.sql

  Open to get flag

web18

On the surface, it looks like a simple game

But after me “ Gaowan ” After trying, I found it impossible   And there is not even an integral page    It means there is another way

  see js file   You can find the ciphertext

16 Hexadecimal decryption

  visit url/110.php  You can get flag

web19

  Check the source code of the page according to the prompt

Get the user name and password   But the error will appear after input

utilize burp post Pass parameters to bypass the front-end encryption web20

  Find it after downloading flag.

complete