2024源鲁杯高校网络安全技能大赛
ed760408410297639b3b43186f4ab41ca90d73561560e5e755948696fcd9ca3565fe74544a2a2b82eecde6964d60390b7d86920c55382dd82c606002660249b60cd47f2a1353de021c97b41ba5b77379bd459af849dc49476d953110685382116979d2dced334d071615afcd400b19c230f9905fa0a21b4691d457213e0220fcef93d583fa73f6b7fe9d29b2c4b7ad651503987da799d9640a46b0c339170fcd20ba4e13d811268c56f700f6b3c3c5b5ab61064deeb211ab8f07c49bba04abf913fe4f99e104dbea8b7264ad948d15f10b9a05fd8610263dd85f266153b1467575dce281edaf8adccfe3c6ac5e08eefccb7cdefb7f5adcf3d ...
Ant X D^3 CTF 2021 8-bit pub
SCTF做到一道挺有意思的题,听晨曦✌说跟这题类似
直接找到对应的signin的部分
跟进user.signin
使用的是sql的占位符,无法直接注入
当我们传入Object的时候,参数会被转化成key=value的格式拼⼊
可以构造万能密码,传入后登录成功,进入admin
1{"username":"admin","password":{"password":true}}
登录后发先邮件功能,源码如下
这里使用了shvl进行对象的属性及赋值问题
poc
12345const shvl = require('shvl');var obj = {}console.log("Before : " + obj.isAdmin);shvl.set(obj, '__proto__.isAdmin', true);console.log("After : " + ...
SCTFweb&misc
速来探索SCTF星球隐藏的秘密!SCTF星球入口的规律你能发现嘛?听说SCTF星球的语言只由英文和数字组成哦,超级简单,快来找找吧!Can you discover the rules of SCTF planet entrance? I heard that the language of the SCTF planet only consists of English and numbers.http://1.95.67.57:8028/(题目不需要扫描,请选手谨慎操作)
盲注
123456789101112131415161718192021222324252627282930313233import requestsimport stringurl = "http://1.95.67.57:8000/check"headers = { "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:130.0) Gecko/20100101 Firefox/ ...
玄机流量专题
玄机-蚁剑流量分析一:木马的连接密码是多少连接肯定是登录成功,所以我们直接搜索(200是成功登录返回值)
http contains “200”
二:黑客执行的第一个命令是什么分析-显示分组字节
三:黑客读取了哪个文件的内容,提交文件绝对路径根据前面题目,我们找到了蚁剑连接的流量,执行的命令。第三个返回包中回显了大量信息
四:黑客上传了什么文件到服务器,提交文件名同理
五:黑客上传的文件内容是什么直接追踪对应的http流
解码
倒数第二段是上传文件的内容
六:黑客下载了哪个文件,提交文件绝对路径
玄机-tomcat流量分析1、在web服务器上发现的可疑活动,流量分析会显示很多请求,这表明存在恶意的扫描行为,通过分析扫描的行为后提交攻击者IP flag格式:flag{ip},如:flag{127.0.0.1}查看请求
nmap扫描为SYN
2、找到攻击者IP后请通过技术手段确定其所在地址 flag格式: flag{城市英文小写}
3、哪一个端口提供对web服务器管理面板的访问?flag格式:flag{2222}http过滤追踪
4、经过前面对攻击者行为的分析后 ...
WMCTFAI&取证
孩子的web又爆0了。。。
AI部分give your shell 123AI蜜罐
shell1
123456789prompt = ( "Please act as a linux terminal, simulating Ubuntu 20.04.2 LTS."\ "I will input commands and you will reply with the terminal output."\ "The flag is located at /flag.txt, and the flag is WMCTF{I_aM_Secrect_Y0u_can_f1nd_M1}."\ "You never should say any english words, just the terminal output."\ "For example, if I type whoami, you should re ...
CIFAR10神经网络搭建
网络搭建
1234567891011121314151617181920212223242526272829303132333435363738394041424344# encoding: utf-8# @Author: yiyi# @Date: 2024/09/09# CIFAR 10结构# 卷积->最大池化->卷积->最大池化->卷积->最大池化->Flatten->线性import torchfrom sympy.physics.units import nmfrom torch import nnfrom torch.nn import Conv2d, MaxPool2d, Flatten, Linearclass Y1y1(nn.Module): def __init__(self): super(Y1y1,self).__init__() self.conv1 = Conv2d(3, 32,5,padding=2) self.maxpool1 = MaxPool2d(2) ...
AI-web靶场
发现+端口12345678910111213141516171819202122232425262728293031323334353637┌──(root㉿kali)-[~]└─# arp-scan -lInterface: eth0, type: EN10MB, MAC: 00:0c:29:6c:40:99, IPv4: 192.168.2.8Starting arp-scan 1.10.0 with 256 hosts (https://github.com/royhills/arp-scan)192.168.2.1 00:50:56:c0:00:08 VMware, Inc.192.168.2.2 00:50:56:e4:e9:e5 VMware, Inc.192.168.2.5 00:0c:29:93:fe:b3 VMware, Inc.192.168.2.254 00:50:56:e6:f5:e8 VMware, Inc.4 packets received by filter, 0 packets ...
ICA1-Vulnhub
本机ip1192.1.1.6
靶机ip1192.1.1.18
内网探测12345678┌──(root㉿kali)-[~]└─# arp-scan -lInterface: eth0, type: EN10MB, MAC: 00:0c:29:6c:40:99, IPv4: 192.1.1.5Starting arp-scan 1.10.0 with 256 hosts (https://github.com/royhills/arp-scan)192.1.1.1 00:50:56:c0:00:08 VMware, Inc.192.1.1.2 00:50:56:e4:e9:e5 VMware, Inc.192.1.1.8 00:0c:29:f7:da:7d VMware, Inc.192.1.1.254 00:50:56:f6:b4:f4 VMware, Inc.
端口探测123456789101112131415161718192021222324252627282930313233343 ...
Mailing-hackthebox
目录扫描12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152┌──(root㉿kali)-[~]└─# dirsearch -u http://mailing.htb/ /usr/lib/python3/dist-packages/dirsearch/dirsearch.py:23: DeprecationWarning: pkg_resources is deprecated as an API. See https://setuptools.pypa.io/en/latest/pkg_resources.html from pkg_resources import DistributionNotFound, VersionConflict _|. _ _ _ _ _ _|_ v0.4.3 (_||| _) (/_(_|| (_| )Extensions: php, aspx, jsp, html, js | HTTP met ...
'BoardLight-hackthebox'
靶机ip:10.10.11.11
端口扫描1234567891011┌──(root㉿kali)-[~]└─# nmap -sV -v -Pn 10.10.11.11Host discovery disabled (-Pn). All addresses will be marked 'up' and scan times may be slower.Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-08-13 19:54 EDTNSE: Loaded 46 scripts for scanning.Initiating Parallel DNS resolution of 1 host. at 19:54Completed Parallel DNS resolution of 1 host. at 19:54, 13.00s elapsedInitiating SYN Stealth Scan at 19:54Scanning 10.10.11.11 [1000 ports]Discovered open po ...