Bugkuctf-web21 (detailed problem solving ideas and steps)

Examine the subject

The title has no information , Just encourage you not to give up ,never give up.

F12 pick up information

No additional information , Refreshed a few times , There is nothing new .

Burp suite Grab the bag

There's a hint 1p.html , So the GET The parameter is changed to 1p.html , Get a bunch of JS Code

decode

therefore , Online decoding

There are still comments after decoding , Try to use base64 decode

After decoding , Found new information , There are some functions and judgment statements , There are also many percent signs

It can be seen that , It also needs to be URL decode

analysis PHP Code

obtain PHP The code is as follows , There are always some functions that you don't understand , Just check it directly

";if(!$_GET['id']) { header('Location: hello.php?id=1'); exit(); } $id=$_GET['id']; $a=$_GET['a']; $b=$_GET['b']; if(stripos($a,'.')) { echo 'no no no no no no no'; return ; } $data = @file_get_contents($a,'r'); if($data=="bugku is a nice plateform!" and $id==0 and strlen($b)>5 and eregi("111".substr($b,0,1),"1114") and substr($b,0,1)!=4) { $flag = "flag{
    ***********}" } else { print "never never never give up !!!";
}


?>

structure payload

 Parameter is ：    /hello.php?id=0e&a=php://input&b=.123542

 Variable a, Upload files 
 Variable b, The initial letter is a dot , It's not equal to 4,”111“ Splice with a point , It can be done with ”1114“ Regular matching 

I didn't intend to write , Later, I felt that this problem was still very good , So I wrote , If it helps , Welcome to like comment collection .