当前位置:网站首页>Ctfshow web entry information collection
Ctfshow web entry information collection
2022-07-05 14:58:00 【Cwxh0125】
Catalog
web3
You can see it by grabbing the bag directly flag
web4
Try to access robots.txt
web5
Topic tips phps Source code leakage
download phps Open the source file
web6
According to the tip flag Put it in
Check the source code after downloading .
After submitting, it is found that there is something wrong Try to visit url/fl000g.txt obtain flag
web7
First, learn about version control
During code development , You often need to modify the source code many times , In this way, multiple versions of the same code are generated , In the development process, it is usually necessary to manage these multiple versions of code , So that it can be done when necessary Code rollback 、 Comparison between multiple versions 、 Multi person collaborative development 、 Code branch 、 Branch merging Wait for the operation .
Such demand exists in large numbers , As software becomes more and more complex 、 More and more code 、 More and more developers are involved , Version management is becoming more and more difficult , At this point, professional software is needed to manage the version , This process is called version control , The software that realizes version control is called version control software .
Common distributed version control software :Git
Common centralized version control software :CVS、SVN
visit url/.git
web8
Same as web7
web9
According to the prompt, we know that there is abnormal shutdown vim yes Linux A compiler in a system Abnormal shutdown will leave .swp file
web10
According to the tips, you can only examine this question cookie
Use burp Conduct url decode
web11
According to the prompt Domain name resolution
web12
Log in and you will see flag
web13
According to the prompts, find the user manual at the bottom of the page The second page is shown in the figure below
Follow the prompts to visit url/system1103/login.php
The login interface will appear Log in and get flag
web14
visit url/editor
See that you can upload files The first reaction is to try to upload the Trojan horse Then I found that I didn't have upload permission
In the upload space, in var/html/nothinghere Found in the fl000g.txt
visit url/nothinghere/fl000g.txt You can get flag
web15
The website page can see the administrator's QQ
Try to add You can get the location information And the secret protection problem is the city Log in after resetting the password You can get it. flag
web16
First, let's look at the probe
php Probes are used to probe space 、 Server health and PHP For information , The probe can view the hard disk resources of the server in real time 、 Memory footprint 、 network card Traffic 、 System load 、 Server time and other information
stay phpinfo Mid search flag You can find
web17
*.sql File is mysql Backup files exported from the database ;
Direct access url/backup.sql
Open to get flag
web18
On the surface, it looks like a simple game
But after me “ Gaowan ” After trying, I found it impossible And there is not even an integral page It means there is another way
see js file You can find the ciphertext
16 Hexadecimal decryption
visit url/110.php You can get flag
web19
Check the source code of the page according to the prompt
Get the user name and password But the error will appear after input
utilize burp post Pass parameters to bypass the front-end encryption web20
Find it after downloading flag.
complete
边栏推荐
- 亿咖通科技通过ISO27001与ISO21434安全管理体系认证
- 微帧科技荣获全球云计算大会“云鼎奖”!
- FR练习题目---综合题
- Dark horse programmer - software testing -10 stage 2-linux and database -44-57 why learn database, description of database classification relational database, description of Navicat operation data, de
- 1330:【例8.3】最少步数
- 有一个强大又好看的,赛过Typora,阿里开发的语雀编辑器
- Coding devsecops helps financial enterprises run out of digital acceleration
- Stm32+bh1750 photosensitive sensor obtains light intensity
- 【NVMe2.0b 14-9】NVMe SR-IOV
- useMemo,memo,useRef等相关hooks详解
猜你喜欢
30岁汇源,要换新主人了
PyTorch二分类时BCELoss,CrossEntropyLoss,Sigmoid等的选择和使用
How to choose the appropriate certificate brand when applying for code signing certificate?
安装配置Jenkins
可视化任务编排&拖拉拽 | Scaleph 基于 Apache SeaTunnel的数据集成
危机重重下的企业发展,数字化转型到底是不是企业未来救星
Implement a blog system -- using template engine technology
Mongdb learning notes
Crud de MySQL
机器学习笔记 - 灰狼优化
随机推荐
Fr exercise topic --- comprehensive question
注意!软件供应链安全挑战持续升级
[detailed explanation of Huawei machine test] character statistics and rearrangement
我想咨询一下,mysql一个事务对于多张表的更新,怎么保证数据一致性的?
外盘入金都不是对公转吗,那怎么保障安全?
我这边同时采集多个oracle表,采集一会以后,会报oracle的oga内存超出,大家有没有遇到的?
What are the domestic formal futures company platforms in 2022? How about founder metaphase? Is it safe and reliable?
NBA赛事直播超清画质背后:阿里云视频云「窄带高清2.0」技术深度解读
Want to ask the big guy, is there any synchronization from Tencent cloud Mysql to other places? Binlog saved by Tencent cloud MySQL on cos
webRTC SDP mslabel lable
Coding devsecops helps financial enterprises run out of digital acceleration
Isn't it right to put money into the external market? How can we ensure safety?
长列表优化虚拟滚动
Is the securities account given by the head teacher of qiniu school safe? Can I open an account?
在Pytorch中使用Tensorboard可视化训练过程
PHP - fatal error: allowed memory size of 314572800 bytes exhausted
危机重重下的企业发展,数字化转型到底是不是企业未来救星
安装配置Jenkins
Run faster with go: use golang to serve machine learning
Brief introduction of machine learning framework