当前位置:网站首页>-Web direction attack and defense world
-Web direction attack and defense world
2022-07-05 13:54:00 【Cwxh0125】
The first question is view_source
Title Description :X The teacher asked Xiaoning to check the source code of a web page , But Xiaoning found that the right mouse button seems to be useless
“F12” Look at the source code in the viewer and find flag.
The second question is robots agreement
Title Description :X The teacher said in class Robots agreement , Xiaoning is dozing off in class , Hurry to teach Xiao Ning Robots What is the agreement .
Robots agreement , Also known as the crawler protocol 、 Robot protocol, etc , The whole is called “ Exclusion criteria for web crawlers (Robots Exclusion Protocol)”. Website through Robots The protocol tells search engines which pages to grab , Which pages can't be crawled . It's also Robots There are two ways of using , One is to tell search engines which pages you can't catch ( By default, others can be caught ); One is to tell search engines which pages you can only crawl ( By default, others cannot be caught ).
View the robots.txt file Here's the picture
next Manually open this file that cannot be crawled
Third question . backup
Title Description :X The teacher forgot to delete the backup file , He sent Xiao Ning to find out the backup files , Let's help Xiao Ning !
The suffix of the backup file is .bak
Check the backup file of the modified file /index.php.bak
Open it and you'll see flag
Fourth question cookie
Title Description :X The teacher told Xiao Ning that he was cookie There's something in it , Xiao Ning thought doubtfully :‘ Is that what sandwich biscuits mean ?’
Cookie It's a plain text file saved on the client side . such as txt file . The so-called client is our own local computer . When we use our computer to access web pages through a browser , The server will generate a certificate and return it to my browser and write it to our local computer . This certificate is cookie. Generally speaking cookie All are plain text files written by the server to the client .
Open here cookie Find a cookie.php file open
Fifth question .disabled_button
Title Description :X The teacher talked about the front-end knowledge in class today , Then I give you a button that you can't press , Xiao Ning is surprised to find that the button can't be pressed , How on earth can I press it ?
disabled Property specification should disable input Elements .
Forbidden input Elements are not available , You can't click .
Delete " disable="" " Then you can click the button , After clicking, the effect is as follows
Sixth question .weak_auth
Title Description : Xiaoning wrote a login verification page , Set a password at will .
Investigate the explosion of passwords
Method 1 : Because it is set casually Try some simple passwords
Method 2 : utilize burp Brute force
First, casually lose
use burp Grab the bag
Use a dictionary Brute force
According to the byte length and the returned data Find the password
Question seven .simple_php
Title Description : Xiaoning heard that php Is the best language , So she wrote a few lines after a simple study php Code .
Give to separately a b assignment obtain flag
The eighth question .get_post
Title Description :X The teacher told Xiao Ning that HTTP There are usually two request methods , Do you know which two ?
Use get and post The ginseng
Question 9 .xff_referer
Title Description :X The teacher told Xiao Ning that xff and referer It can be forged .
X-Forwarded-For(XFF) Is used to identify the pass HTTP agent or Load balancing Way to connect to Web The server The most original client IP Address Of HTTP Request header field . Squid Developers of the caching proxy server were the first to introduce this HTTP Header fields , And by the IETF stay HTTP The draft standardization of header fields was formally proposed .
HTTP Referer yes header Part of , When browser towards web The server When the request is sent , Usually with Referer, Tell the server which page is linked from , The server can therefore obtain some information for processing .
According to the topic tips Forgery xff referer utilize burp
use burp forge ip After execution, it is prompted by the arrow Then forge referer
forge referer
obtain flag
Question 10 .webshell
Title Description : Xiaoning Baidu php In a word , It's very interesting , And put it in index.php in
Their thinking : After entering the page, you can see a In a word, Trojans Check the use of the back door Use the ant sword
Connect with an ant sword
When you go in, you can see flag
Eleventh questions .command_execution
Title Description : Xiao Ning wrote a ping function , But didn't write waf,X The teacher told her it was very dangerous , Do you know why .
Web Application protection system ( Also known as : Website Application level intrusion prevention system . english :Web Application Firewall, abbreviation : WAF). utilize The international A generally accepted saying :Web application A firewall It's through the execution of a series of HTTP/HTTPS Of The security policy Come for Web An application that provides protection .------- Baidu Encyclopedia
There is no hint of waf You can try to inject vulnerabilities Inject success
use find Look for The name is flag The file of
find home There is a flag.txt Attempt to read command :cat
Twelfth questions .simple_js( Refer to the answer )
Title Description : Xiaoning found a web page , But I always input the wrong password .(Flag The format is Cyberpeace{xxxxxxxxx} )
First read the source code
Look at two for loop Find out no matter what Will output the wrong password
So the real password should be in the arrow below
First use the string python With the , Get array [55,56,54,79,115,69,114,116,107,49,50],exp as follows .
s="\x35\x35\x2c\x35\x36\x2c\x35\x34\x2c\x37\x39\x2c\x31\x31\x35\x2c\x36\x39\x2c\x31\x31\x34\x2c\x31\x31\x36\x2c\x31\x30\x37\x2c\x34\x39\x2c\x35\x30"
print (s)
Separate the obtained figures ascii Handle , Available string 786OsErtk12,exp
. standard flag Format , available Cyberpeace{786OsErtk12}
边栏推荐
- In addition to the root directory, other routes of laravel + xampp are 404 solutions
- French scholars: the explicability of counter attack under optimal transmission theory
- PHP generate Poster
- Liste des liens (simple)
- Attack and defense world web WP
- 49. Grouping of alphabetic ectopic words: give you a string array, please combine the alphabetic ectopic words together. You can return a list of results in any order. An alphabetic ectopic word is a
- JS takes key and value from an array object to form a new object
- What happened to the communication industry in the first half of this year?
- RK3566添加LED
- Routing in laravel framework
猜你喜欢
几款分布式数据库的对比
基于微信小程序的订餐系统
RK3566添加LED
Kotlin协程利用CoroutineContext实现网络请求失败后重试逻辑
那些考研后才知道的事
These 18 websites can make your page background cool
Kotlin collaboration uses coroutinecontext to implement the retry logic after a network request fails
Self built shooting range 2022
Jetpack Compose入门到精通
In addition to the root directory, other routes of laravel + xampp are 404 solutions
随机推荐
PostgreSQL Usage Summary (PIT)
Hide Chinese name
面试官灵魂拷问:为什么代码规范要求 SQL 语句不要过多的 join?
ZABBIX monitoring
[public class preview]: basis and practice of video quality evaluation
js 从一个数组对象中取key 和value组成一个新的对象
Integer = = the comparison will unpack automatically. This variable cannot be assigned empty
Deep copy is hard
UE source code reading [1]--- starting with problems delayed rendering in UE
Operational research 68 | the latest impact factors in 2022 were officially released. Changes in journals in the field of rapid care
UE源码阅读[1]---由问题入手UE中的延迟渲染
真正的缓存之王,Google Guava 只是弟弟
Laravel dompdf exports PDF, and the problem of Chinese garbled code is solved
When using Tencent cloud for the first time, you can only use webshell connection instead of SSH connection.
MySQL if else use case use
研究生可以不用学英语?只要考研英语或六级分数高!
Kafaka log collection
Why do I support bat to dismantle "AI research institute"
Recommendation number | what are interesting people looking at?
Laravel框架运行报错:No application encryption key has been specified