当前位置:网站首页>Attack and defense world web WP
Attack and defense world web WP
2022-07-05 13:43:00 【Sex sex ~ ~】
One 、 subject
1.view_source
2.robots
3.backup
4.cookie
5.disabled_button
Two 、 Their thinking
1.view_source
Open topic scenario
Check the source code according to the Title Description
There are four ways to view the source code of web pages
(1) Right click to view the source code
(2)Ctrl+U
(3)Fn+F12( open web Developer tools )
(4)Shift+Ctrl+I( open web Developer tools )
You can see it by selecting any one of the operations flag:
2.robots
Let's first get to know robots What is the protocol :
robots The agreement is also called robots.txt( Unified lowercase ) It's a kind of storage in Website In the root directory ASCII Coded text file , It usually tells the network Search engine Walkers for ( also called Web spider ), What content in this website should not be obtained by the roamer of search engine , What can be obtained by the rover .
Open topic scenario : Enter... After the URL /rotobs.txt
Disallow effect : Used to describe that search engine spiders are not allowed to crawl and crawl url;
Since access is not allowed , Then let's input it at the back of the original website f1ag_1s_h3re.php Then visit to get flag
3.backup
Open topic scenario
Now enter index.php, There was no response after the interview
Common backup file suffixes are :“.git” 、“.svn”、“ .swp”“.~”、“.bak”、“.bash_history”、“.bkf”
Then enter the backup file suffix after the web address , Try one by one , When the input .bak Will download a file
Open in Notepad
4.cookie
Open topic scenario
Cookie The original purpose of birth is to store web Status information in , For the convenience of the server .
I understand. cookie Is used to store data .
Fn+F12 open web Developer tools , My understanding is that cookie It's used to store data , So find the storage and click to view cookie
See a value is cookie.php Enter after the original website /cookie.php Then visit
Open as required web Developer tools view http response Find out
5.disabled_button
Open topic scenario
Change it into a button that can be pressed according to the requirements of the topic
Fn+F12 open web Developer tools to view web source code
It is found that there is disabled Delete it , Then the button on the web page can be pressed , appear
边栏推荐
- MATLAB论文图表标准格式输出(干货)
- Solution to the prompt of could not close zip file during phpword use
- A detailed explanation of ASCII code, Unicode and UTF-8
- Redis6 data type and operation summary
- The real king of caching, Google guava is just a brother
- Idea remote debugging agent
- The development of speech recognition app with uni app is simple and fast.
- 真正的缓存之王,Google Guava 只是弟弟
- Data Lake (VII): Iceberg concept and review what is a data Lake
- 网络安全-HSRP协议
猜你喜欢
[深度学习论文笔记]使用多模态MR成像分割脑肿瘤的HNF-Netv2
"Baidu Cup" CTF competition in September, web:upload
Could not set property 'ID' of 'class xx' with value 'XX' argument type mismatch solution
What are the private addresses
French scholars: the explicability of counter attack under optimal transmission theory
Introduction to Chapter 8 proof problem of njupt "Xin'an numeral base"
【云资源】云资源安全管理用什么软件好?为什么?
stm32逆向入门
法国学者:最优传输理论下对抗攻击可解释性探讨
NFT value and white paper acquisition
随机推荐
内网穿透工具 netapp
Go array and slice
Go pointer
Programmer growth Chapter 8: do a good job of testing
FPGA 学习笔记:Vivado 2019.1 添加 IP MicroBlaze
Aikesheng sqle audit tool successfully completed the evaluation of "SQL quality management platform grading ability" of the Academy of communications and communications
When using Tencent cloud for the first time, you can only use webshell connection instead of SSH connection.
Binder communication process and servicemanager creation process
Rocky basic command 3
记录一下在深度学习-一些bug处理
JS to determine whether an element exists in the array (four methods)
stm32逆向入门
Zhubo Huangyu: it's really bad not to understand these gold frying skills
Network security HSRP protocol
Get you started with Apache pseudo static configuration
asp.net 读取txt文件
Idea set method annotation and class annotation
百度杯”CTF比赛 2017 二月场,Web:爆破-2
49. 字母异位词分组:给你一个字符串数组,请你将 字母异位词 组合在一起。可以按任意顺序返回结果列表。 字母异位词 是由重新排列源单词的字母得到的一个新单词,所有源单词中的字母通常恰好只用一次。
Interviewer soul torture: why does the code specification require SQL statements not to have too many joins?