Showctf web primer series

show ctf web introduction 9

Background introduction ：

vim Medium swp namely swap file , Generated when editing a file , It is a hidden file . This file is a temporary exchange file , Used to back up the contents of the buffer , If the original file name is index.php, that swp The file named .index.php.swp. If the written file exits normally , The temporary exchange file will be deleted automatically .

It should be noted that you only read the original file , No content written , Then the temporary exchange file will not be generated .

Reading questions

See Tips ：

Guess that there may be vim Write a temporary exchange file that is left behind .swp. Direct input : url/index.php.swp

Found a file that can be downloaded , Download it and read it flag.

show ctf web introduction 10

Background introduction ：

IT Medium Cookie Not its original intention “ cookie ” It means , It's a simple text file saved in the client , This file is associated with a specific web Documents are linked together , Save the client's access to this Web The information in the document , When the client visits this again Web This information is available to the document when the document is created . because “Cookie” It has magical features that can be saved on the client , Therefore, it can help us realize the function of recording users' personal information .

Reading questions

See Tips ：

Firefox , Directly by F12：

But I got it flag It doesn't seem very similar ：

flag%7Bb1a3d097-aa07-41ae-8fb6-5def45755376%7D

Here's an explanation ：%7B and %7D yes URL The encoding only needs to be decoded directly ：

Be careful ： there flag Is dynamic .

show ctf web introduction 12

Reading questions

See Tips ：

Open the url like this ：

Click those buttons casually on the page , Many of them are just decorations , Guess this should be a static page , Try using the catalog blaster to blast the catalog , It took 20 Minutes of time , Come to nothing .

I don't know how to do it for a while , I just want to be related to the administrator . I tried admin.php, admin_login.php Neither. , When the test arrives admin The user name and password are required .

The user name doesn't have to be said , Must be admin, I just don't know what the password is , Slide the page to the bottom and find online help , ha-ha .

This number should be the password , Successfully log in and get flag.