Bugku CTF web12(Web)

Others 2021-02-28 11:08:00 views: null

0. Open the web page and find that you need to enter the user name and password

Username uses admin

The password can be obtained by blasting, or you can view the comments

Decode dGVzdDEyMw== base64 to get the password: test123

 

1. Enter the user name and password

Unable to log in, it prompts that only the local administrator can access, which takes into account the use of the xff method to modify the IP to a local address

2. Use BurpSuite to capture packets

3. Add: X-Forwarded-For: send after 127.0.0.1

4. Get the flag: flag{9876894a5ec96ef77b6d54ba5cd983bf} (dynamic flag)

 

 

 

Guess you like

Origin blog.csdn.net/ChaoYue_miku/article/details/113991853
Recommended
Ranking
Linux关机和重启详解(shutdown、halt、poweroff、reboot、init)
Netty work notes 0007---NIO's three core component relationships
Knife4j tutorial
2021.10.29,内容:什么时候用接口和抽象类
How to solve the problem that changing the memory frequency causes the computer to become unusable?
SpringMVC Tutorial - Controller
linux learning skills -Linux 25 transport Vega paid special privileges and facl extension
Financial quarterly report evaluation report data automatic generation 1.0
Agile Development Series - The Values of Agile Development
scrapy achieve browsercookie Middleware
Daily
More
2024-05-19(0)
2024-05-18(31)
2024-05-17(6)
2024-05-16(23)
2024-05-15(5)
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)

Code World

© 2018 codetd.com