web1 Source code

Use this question directly F12 Check the source code to get flag

web2 js Foreground interception

Open cannot view source code ,F12, The right mouse button doesn't work .

Four ways ：

1. Ctrl+U
2. Ctrl+Shift+I（ According to ）
3. Set up - More tools -web Developer tools
4. Add before the website view-source View source code

obtain flag

web3

Two ways

1. Tips for catching bags , Agent grabs bag , Then send it to the right mouse button repeater, Click on GO, see response, obtain flag
2. F12, The Internet , Response head , find flag

web4 robots Backstage leaks

hint: Someone always writes the background address to robots, Help the black and rich guys lead the way .( The essence is a gentleman's agreement )

url Input /robots.txt, Enter... At the prompt /flagishere.txt, obtain flag

web5 PHPS Source code leakage

hint:phps Source code leaks can sometimes help 

visit /index.phps, Download backup files , obtain flag

web6 Source code compressed package leak

hint: Unzip the source code to the current directory , Test ok , Call it a day 

visit www.zip Download the source code , Decompression is obtained. fl000g.txt, What's inside is fake flag, You need access to get the truth flag

web7 git Version control divulges source code

visit /.git/

web8 svn Version control divulges source code

visit /.svn/`

web9 vim Temporary file disclosure

In the use of vim Unexpected exit at , A backup file will be generated in the directory ( Swap file ), The format is . file name .swp, visit /index.php.swp Download backup files , obtain flag

web10 cookie Let the cat out of the

F12 - The Internet - cookie - flag

web11 domain name txt Record leakage

Domain names can also hide information , such as ctfshow.com Just hide a message

Resolve the domain name according to the prompt ctfshwo.com, website http://www.jsons.cn/nslookup/

web12

Here we continue to visit directly robots.txt, Continue to visit according to the information continue to visit /admin The password is at the bottom of the previous web page Obtained after successful input falg！！

web13 Disclosure of internal technical documents

 There should be no sensitive information in the technical documents , After deployment to the production environment, modify the default password in time 

Watch the web page , At the bottom document There are hyperlinks . After opening, I found the user name , Password and website , Visit the website directly and return 404, According to the website prompt , visit /system1103/login.php, Log in and get flag

web14 The editor is not configured properly

 Sometimes the source code can inadvertently reveal important (editor) Information about , The default configuration kills people 

visit /ediotr, Found a compiler , Click to upload the picture , You can see it in it /var/www/html/nothinghere/ There is fl000g.txt file , visit /nothinghere/fl000g.txt, obtain flag

web15 Password logic error

 Public information, such as email , May cause information leakage , Have serious consequences 

visit /admin, Forget the password , Just submit your city , According to the of the web page QQ mailbox , find QQ Number , Add friends to get the address Xi'an , Reset to get the password admin7789. Login username admin, You can get flag

web16 Probe leak

 For test probes , Delete in time after use , May cause information disclosure 

According to the prompt , visit /tz.php, Click on phpinfo, find flag

web17 CDN through

 Through heavy caching , Find the ctfer.com The real IP, Submit  flag{IP Address }

Command window ping ctfer.com obtain IP The address submission is incorrect , The official said ping www.ctfer.com, It's not good to try ,ping ctfshow.com Get the right ip Address .

web18 js Leakage of sensitive information

A little game ,Crtl+U visit js Source code , Click on src="js/Flappy_js.js", Find out about flag The sentence of

if(score>100){
var result = .....;
}

Found a string of unicode code , Decode to get You win , Go to Yaoyao Yipi to have a look , visit 110.php, obtain flag

web19

1、 Directly view the page source code , Found a piece of comment code , The user name and password have been given in the code , But if a form is submitted, the password will be encrypted , So use hackbar Tools ,POSTA Submit username=admin&pazzword=a599ac85a73384ee3219fa684296eaa62667238d608efa81837030bd1ce1bf04 , obtain flag.
2、 After viewing the source code , notice AES encryption
namely AES Encrypted as a599ac85a73384ee3219fa684296eaa62667238d608efa81837030bd1ce1bf04
take key and iv( Offset ) Take it to AES Decryption is flag

web20 Database malicious download

mdb Documents are early asp+access The database file of the framework , A file leak is equivalent to the database being stripped .

7238d608efa81837030bd1ce1bf04 take key and iv`( Offset ) Take it to AES Decryption is flag

web20 Database malicious download

mdb Documents are early asp+access The database file of the framework , A file leak is equivalent to the database being stripped .

In the early asp+access The database file of the schema is db.mdb, Direct view url Add path /db/db.mdb Download the file , Open search with Notepad flag that will do