当前位置:网站首页>Ctfshow web entry explosion
Ctfshow web entry explosion
2022-07-05 14:58:00 【Cwxh0125】
web21
First, enter an account password casually
Grab the bag
The account name and password entered are base64 Encrypted , Decoding found that its form is ——admin: password , Next, construct payload
Using a custom iterator The first paragraph is admin The second paragraph is “:” The third paragraph is the password for downloading the title attachment Conduct base64 After encryption, it can be exploded
web22
web23
Open to see php Code , First analyze the code , You can know token By md5 encryption , And its first = Fourteenth = 17th ,( first place + Fourteenth + 17th )/ first place = 31st place
php Script
<?php
error_reporting(0);
$a="asdfghjklqwertyuiopzxcvbnm1234567890";
for($i=0;$i<36;$i++){
for($j=0;$j<36;$j++){
$token=$a[$i].$a[$j];
$token = md5($token);
if(substr($token, 1,1)===substr($token, 14,1) && substr($token, 14,1) ===substr($token, 17,1)){
if((intval(substr($token, 1,1))+intval(substr($token, 14,1))+substr($token, 17,1))/substr($token, 1,1)===intval(substr($token, 31,1))){
echo $a[$i].$a[$j];
exit(0);
}
}
}
}
?>
After running, get 3j The ginseng token=3j
web24
mt_scrand(seed) This function means , By distributing seed seeds , Then the seeds have , by mt_rand() Generate random Count
stay kali Run on Or by php Script
Run a pseudo-random number 1155388967 Pass on ?r=1155388967 Can get flag
web25
web26
Direct input I can't find out
Blow up the password
After blasting
边栏推荐
- CODING DevSecOps 助力金融企业跑出数字加速度
- maxcompute有没有能查询 表当前存储容量的大小(kb) 的sql?
- 【华为机试真题详解】欢乐的周末
- Run faster with go: use golang to serve machine learning
- 危机重重下的企业发展,数字化转型到底是不是企业未来救星
- 【leetcode周赛总结】LeetCode第 81 场双周赛(6.25)
- Differences between IPv6 and IPv4 three departments including the office of network information technology promote IPv6 scale deployment
- Install and configure Jenkins
- leetcode:881. lifeboat
- C language -- structure and function
猜你喜欢
[JVM] operation instruction
美团优选管理层变动:老将刘薇调岗,前阿里高管加盟
华为哈勃化身硬科技IPO收割机
基于TI DRV10970驱动直流无刷电机
Fr exercise topic - simple question
Super wow fast row, you are worth learning!
How can I quickly check whether there is an error after FreeSurfer runs Recon all—— Core command tail redirection
Crud de MySQL
leetcode:881. 救生艇
Penetration testing methodology
随机推荐
PostgreSQL 13 installation
开挖财上的证券账户可以吗?安全吗?
Section - left closed right open
启牛证券账户怎么开通,开户安全吗?
Coding devsecops helps financial enterprises run out of digital acceleration
Reconnaissance des caractères easycr
Strong connection component
手写promise与async await
MySQL之CRUD
FR练习题目---综合题
Fr exercise topic --- comprehensive question
你童年的快乐,都是被它承包了
Total amount analysis accounting method and potential method - allocation analysis
CPU设计相关笔记
注意!软件供应链安全挑战持续升级
be careful! Software supply chain security challenges continue to escalate
Photoshop插件-动作相关概念-非加载执行动作文件中动作-PS插件开发
Photoshop插件-动作相关概念-ActionList-ActionDescriptor-ActionList-动作执行加载调用删除-PS插件开发
CPU design practice - Chapter 4 practical task 2 using blocking technology to solve conflicts caused by related problems
【NVMe2.0b 14-9】NVMe SR-IOV