ctfshow_vip Restricted topics

robots Backstage leaks

hint: Someone always writes the background address to robots, Help the black and rich guys lead the way .

url Input /robots.txt, Enter... At the prompt /flagishere.txt, obtain flag

Open cannot view source code ,F12, The right mouse button doesn't work .

Four ways ：

1. Ctrl+U
2. Ctrl+Shift+I（ According to ）
3. Set up - More tools -web Developer tools
4. Add before the website view-source View source code

obtain flag

Protocol header information disclosure

Two ways

1. Tips for catching bags , Agent grabs bag , Then send it to the right mouse button repeater, Click on GO, see response, obtain flag
2. F12, The Internet , Response head , find flag

PHPS Source code leakage

hint:phps Source code leaks can sometimes help 

visit /index.phps, Download backup files , obtain flag

Source code compressed package leak

hint: Unzip the source code to the current directory , Test ok , Call it a day 

visit www.zip Download the source code , Decompression is obtained. fl000g.txt, What's inside is fake flag, You need access to get the truth flag

git Version control divulges source code

visit /.git/

svn Version control divulges source code

visit /.svn/`

vim Temporary file disclosure

In the use of vim Unexpected exit at , A backup file will be generated in the directory ( Swap file ), The format is . file name .swp, visit /index.php.swp Download backup files , obtain flag

cookie Let the cat out of the

F12 - The Internet - cookie - flag

domain name txt Record leakage

 Domain names can also hide information , such as ctfshow.com  Just hide a message 

Resolve the domain name according to the prompt ctfshwo.com, website http://www.jsons.cn/nslookup/

Publication of sensitive information

 Sometimes the public information on the website , It is the password commonly used by administrators 

Follow the prompts to find useful information , user name admin, The password is the phone number at the bottom 372619038, visit /admin, obtain flag

Disclosure of internal technical documents

 There should be no sensitive information in the technical documents , After deployment to the production environment, modify the default password in time 

Watch the web page , There are hyperlinks

After opening, I found the user name , Password and website , Visit the website directly and return 404, According to the website prompt , visit /system1103/login.php, Log in and get flag

The editor is not configured properly

 Sometimes the source code can inadvertently reveal important (editor) Information about , The default configuration kills people 

visit /ediotr, Found a compiler , Click to upload the picture , You can see it in it /var/www/html/nothinghere/ There is fl000g.txt file , visit /nothinghere/fl000g.txt, obtain flag

Password logic error

 Public information, such as email , May cause information leakage , Have serious consequences 

visit /admin, Forget the password , Just submit your city , According to the of the web page QQ mailbox , find QQ Number , Add friends to get the address Xi'an , Reset to get the password admin7789. Login username admin, You can get flag

Probe leak

 For test probes , Delete in time after use , May cause information disclosure 

According to the prompt , visit /tz.php, Click on phpinfo, find flag

CDN through

 Through heavy caching , Find the ctfer.com The real IP, Submit  flag{IP Address }

Command window ping ctfer.com obtain IP The address submission is incorrect , The official said ping www.ctfer.com, It's not good to try ,ping ctfshow.com Get the right ip Address .

js Leakage of sensitive information

A little game ,Crtl+U visit js Source code , Click on src="js/Flappy_js.js", Find out about flag The sentence of

Found a string of unicode code , Decode to get You win , Go to Yaoyao Yipi to have a look , visit 110.php, obtain flag

Front end key disclosure

Crtl+U View source code , Find user name and password

    <!--
    error_reporting(0);
    $flag="fakeflag"
    $u = $_POST['username'];
    $p = $_POST['pazzword'];
    if(isset($u) && isset($p)){
    
        if($u==='admin' && $p ==='a599ac85a73384ee3219fa684296eaa62667238d608efa81837030bd1ce1bf04'){
    
            echo $flag;
        }
}
    -->

According to the information, enter the user name and password on the web page to prompt errors . use hackbar post Pass parameters

username=admin&pazzword=a599ac85a73384ee3219fa684296eaa62667238d608efa81837030bd1ce1bf04

Database malicious download

mdb Documents are early asp+access The database file of the framework , A file leak is equivalent to the database being stripped .

In the early asp+access The database file of the schema is db.mdb, Direct view url Add path /db/db.mdb Download the file , Open search with Notepad flag that will do