当前位置:网站首页>[CTF] AWDP summary (WEB)
[CTF] AWDP summary (WEB)
2022-07-05 01:14:00 【Sunlight_ three hundred and sixteen】
Catalog
【CTF】AWDP summary (Web)
What is? adwp?
AWDP It is a comprehensive assessment of team attack 、 Defense technology capability 、 The game mode of both attack and defense with real-time strategy . Each team is an attacker and a defender , Fully reflect the actual combat of the game 、 Real time and confrontation , Comprehensively consider the penetration ability and protection ability of the participating team .
In the game , Each team has the same virtual target machine , Team members should be responsible for GameBox attack , And submit the correct flag( Prove that you have the ability to attack the problem ); in the meantime , The platform launches an attack on the target aircraft of the team in a round system , Check whether the vulnerabilities of other players are successfully repaired , If the repair is successful, it is considered that the team has the defense ability of the vulnerability .
The scoring rules are as follows : During the competition, each team has the same starting score (10000 branch ), Score by the end of the game , Score as each team , From high to low in the ranking .
The participating team can obtain points in the following two ways :
1) Conquered : Submit GameBox Stored in flag;
2) defense : Successfully defend the attack of the platform on each target , And the service is normal .
At the same time, they will lose points in the following two ways :
1) Service exception : The team cannot maintain a GameBox The normal service of , Platform inspection failed ;
2) Violations, : The referee awarded a penalty for violating the competition discipline and discovering violations .
Six states
– Attacked , It means that this question has been typed , Delivered flag, The attack is successful . The attack process is actually ordinary ctf. Some topics will first give you all the source code for you to type , This is the white box , But there are still many problems in the white box. The defense is successful, but it can't be solved flag ha-ha . You can only type some questions in black box flag coming , The successful attack will give you the source code , Let you defend .
– Defended , After you get the source code , Put the vulnerability of this problem through modifying the source code , It has been completed , The referee's poc I can't solve this problem , Even if the defense is successful .
– Abnormal defense , Explain the process of defense , You have lost the services that the website should provide , It may be over defense , Or you may have deleted the key functions . If the defense is abnormal , Be sure to reset the environment at the first time , Otherwise, points will be deducted after the end of a round , The deduction of points is particularly hurt .
defense
Prepare for the game
1. Be fully prepared before the game , Put some loopholes waf All ready , for example :
function wafrce($str){
return !preg_match("/openlog|syslog|readlink|symlink|popepassthru|stream_socket_server|scandir|assert|pcntl_exec|fwrite|curl|system|eval|assert|flag|passthru|exec|chroot|chgrp|chown|shell_exec|proc_open|proc_get_status|popen|ini_alter|ini_restore/i", $str);
}
function wafsqli($str){
return !preg_match("/select|and|\*|\x09|\x0a|\x0b|\x0c|\x0d|\xa0|\x00|\x26|\x7c|or|into|from|where|join|sleexml|extractvalue|+|regex|copy|read|file|create|grand|dir|insert|link|server|drop|=|>|<|;|\"|\'|\^|\|/i", $str);
}
function wafxss($str){
return !preg_match("/\'|http|\"|\`|cookie|<|>|script/i", $str);
}
these waf It's a little crude , It's because we should ensure that the environment of the topic can't go wrong , The topic should provide normal services .
This is very important, very important , Directly decide whether you can quickly win the defense of the problem .
2.XFTP
The file upload tool should be ready
download :
link :https://pan.baidu.com/s/1eabfwy7b8TlM-0fquWAYxw
Extraction code :g32d
3.phpstudy etc. web Environmental Science
Configure local web Environmental Science , The more convenient, the better , Namely After getting the source code, you should be able to run locally very quickly , Don't be in a hurry when it comes to the game , All of a sudden, the domain name went wrong, and all of a sudden, the database went wrong . In the game , Time is minutes !!
4. Code audit tools
Seay Source code audit system and so on .
It can play an auxiliary role , Not very important .
For the first time waf
about awdp Come on , Defense is far more important than attack , Because it is a rotation system , Each round of successful defense or attack will add corresponding points , The more successful people , The less points you add in each round , And points are cumulative ,** There are fewer questions , I won't deduct the points I got before .** So time is particularly important . Some people's questions have just appeared 5 Defense succeeded in minutes , I've been eating a problem for a whole day , Add... From the first round 500 Add to the last round 50, It adds up to thousands of points .
So our strategy is , One topic , First analyze the general knowledge points , Command execution ?sql Inject ? Upload files ? then Add... To the source code at the first time waf.
waf The form of is not limited to the example shown above , Filter keywords , It can also be directly to input things Length limit , For example, limit the length of input and execution commands to less than 2. It can achieve the purpose of repairing the loopholes without damaging the problem environment . But it also depends on the specific topic , Some topics may be shorter than 2 It's destroying web Service led to defense failure .
Pay attention to the path of file upload
This question is very important !!!
During defense, we need to upload the files to be repaired to the server , Replace the file in the original server , So we need to know the specific path of the file , But generally speaking, the topic will not be given directly , The directories of different development languages and frameworks are also different .
This time we need a small tips:
Give examples :
mv -f explorer.php /www/html/
The file we want to replace is probably not in the root directory /www/html, So this example is chicken ribs
Then look in the root directory :
mv -f explorer.php $(dirname `find / -name 'explorer.php' 2>/dev/null`)/explorer.php
use find The command looks up the root directory named explorer.php
The file of , Then return his pathname (dirname)
2>/dev/null
The function of is to avoid returning some wrong information , For example, the search process will return errors such as insufficient permissions .
attack
There is nothing to say about attacks , Just fight ctf, Some questions are white boxes , You have to type out some questions first flag Only then has the source code .
That's all I thought of for the moment , It took so long to record , Because I have been taking exams .
Here's a tribute to the studio bosses who took me to fight awdp!
边栏推荐
- [wave modeling 2] three dimensional wave modeling and wave generator modeling matlab simulation
- 【大型电商项目开发】性能压测-性能监控-堆内存与垃圾回收-39
- Pandora IOT development board learning (RT thread) - Experiment 4 buzzer + motor experiment [key external interrupt] (learning notes)
- 无心剑英译席慕容《无怨的青春》
- Global and Chinese market of veterinary thermometers 2022-2028: Research Report on technology, participants, trends, market size and share
- Actual combat simulation │ JWT login authentication
- [Yocto RM]11 - Features
- Digital DP template
- Research Report on the overall scale, major producers, major regions, products and application segmentation of agricultural automatic steering system in the global market in 2022
- Database performance optimization tool
猜你喜欢
Applet live + e-commerce, if you want to be a new retail e-commerce, use it!
pycharm专业版下载安装教程
SAP ui5 application development tutorial 106 - how to improve the readability of SAP ui5 application routing URL trial version
BGP comprehensive experiment
Introduction to redis (1)
107. Some details of SAP ui5 overflow toolbar container control and resize event processing
【大型电商项目开发】性能压测-性能监控-堆内存与垃圾回收-39
I was beaten by the interviewer because I didn't understand the sorting
揭露测试外包公司,关于外包,你或许听到过这样的声音
The performance of major mainstream programming languages is PK, and the results are unexpected
随机推荐
Chia Tai International Futures: what is the master account and how to open it?
资深测试/开发程序员写下无bug?资历(枷锁)不要惧怕错误......
微信小程序:微群人脉微信小程序源码下载全新社群系统优化版支持代理会员系统功能超高收益
SAP ui5 application development tutorial 107 - trial version of SAP ui5 overflow toolbar container control introduction
107. SAP UI5 OverflowToolbar 容器控件以及 resize 事件处理的一些细节介绍
FEG founder rox:smartdefi will be the benchmark of the entire decentralized financial market
微信小程序:全网独家小程序版本独立微信社群人脉
A simple SSO unified login design
Global and Chinese markets of emergency rescue vessels (errv) 2022-2028: Research Report on technology, participants, trends, market size and share
Introduction to redis (1)
ROS command line tool
抓包整理外篇——————状态栏[ 四]
dotnet-exec 0.6.0 released
Arbitrum: two-dimensional cost
||Interview questions you will encounter
Talking about JVM 4: class loading mechanism
当产业互联网时代真正发展完善之后,将会在每一个场景见证巨头的诞生
Basic operation of database and table ----- phased test II
Senior Test / development programmers write no bugs? Qualifications (shackles) don't be afraid of mistakes
College degree, what about 33 year old Baoma? I still sell and test, and my monthly income is 13K+