First of all, thanks to the ctf platform and everyone who asked the questions
Next, let's start the journey of ctf-web!
Table of contents
Cheers everyone ( •̀ ω •́ )y I look forward to seeing you again
web1
open environment
Right-click to view the source code
ctfshow{21bd494e-c81f-4bcf-9a94-6debd1a3d398} ( •̀ ω •́ ) y
web2
open environment
It is found that the right button cannot be opened, and F12 cannot open the source code
The first way to directly open the developer mode
The second is to add view-source directly to the website
ctfshow{f72805f7-8a10-462e-9d2b-24c4fb53f6fc} ( •̀ ω •́ )y
web3
open link
There is nothing in the source code
The prompt says to grab the package, then let's grab the package
If you want to grab the bag, you can try
You can also directly open the developer mode and find the specific protocol header in the network
get
ctfshow{fdafddbd-962b-4a7d-b6cb-9fbb2ea935a2} ( •̀ ω •́ ) y
web4
open link
the same page
hint
There is always someone who writes the background address into robots to help the black and rich bigwigs lead the way.
So direct link plus robots.txt
Found the storage file of the flag
So just open
ctfshow{0540e470-7e15-4db4-845a-5bd38718a576} ( •̀ ω •́ )y
web5
Tip: leaking phps source code can sometimes help
the same page
Add index.php after the php source code leak link
no use
Add an s directly after
You can download the PHP file
ctfshow{e8325868-bc77-4bc1-99d2-18dba88bf244} ( •̀ ω •́ )y
web6
Unzip the source code to the current directory, the test is normal, and the work is over
Since it said that it is to decompress the source code, it means that the source code package is in the current directory, so we directly download the source code package
just find some simple
success
Open the compressed package
Open txt and find the flag but can't submit the error
why why is it wrong
Why is there this file in the source package, because there is this file in the server
But the content is not necessarily the content in the source package, because others in the source package can be customized
So go directly to the file fl000g.txt
Access this txt file directly on the webpage
ctfshow{304fddca-9c57-4aa0-a444-bd4530f41452} ( •̀ ω •́ )y
web7
Here add .git directly after
get the flag
ctfshow{ac950fb6-21de-47d9-850b-d2eb0e33907b} ( •̀ ω •́ )y
点.开头的文件夹在Linux应该属于隐藏文件 因为隐藏了,所以很多时候就将他部署到网站里了 就会造成一些开发的信息源码泄露 为什么提示说 (版本控制很重要,但不要部署到生产环境更重要。) 因为.git她是一个版本的控制系统 她可以向多人进行协调 (避免代码覆盖)
web8
Familiar pages Familiar version control
We belong here. git is useless
At this time, it is necessary to change one. svn is also possible
ctfshow{62d3df55-54d3-4194-bbeb-a6c21bf2a465} (•̀ ω •́ )y
web9
vim This hint should be vim leaked
index.php first visit the home page
Revisit the swap file .swp
You can download directly after entering
Open to get flag
ctfshow{c3acfd66-e8e0-4951-9320-f6fb32e974c5} ( •̀ ω •́ )y
In the process of using vim normally, if it exits abnormally, a swp swap file will be generated
This swap file is an unparsed content in the atp server and can be turned into a binary download
So we can get his source code
web10
The prompts say that cookies are used.
Go directly to the web page F12 to open the console
got ctfshow%7B8fd0952a-0b4f-4014-8c60-5e2e9998854e%7D
not complete
can be in the hackbar
ctfshow{8fd0952a-0b4f-4014-8c60-5e2e9998854e} ( •̀ ω •́ )y
web11
Open the website directly
get flag
It can also be queried in domain name resolution (A/Txt/Cname/Mx/Srv/Aaaa...)
flag{just_seesee} ( •̀ ω •́ )y
web12
Open is a page of a website
Since there is a prompt, let's go directly to the administrator login interface
add admin after
get a login page
The normal account password cannot be opened
Scroll through the page to find the information
Account admin
Password 372619038
get flag
ctfshow{3a9cfe58-27f9-469a-9f01-e2831edaaeb2} ( •̀ ω •́ ) y
web13
技术文档里面不要出现敏感信息,部署到生产环境后及时修改默认密码
Open a web page that is a set-top box
We continue to use the method of the previous question and find that it is useless
Then look for information on the website
found at the tail
In the red frame, you will find that his initials are capitalized. Useless links
But his initials in the blue frame are lowercase and there is a link
then we open him
is a pdf document and the last page is a background address
Then we open directly
You will find that you can't access it (as for why I suggest you Baidu it is best)
paste behind pdf
get the landing page
Enter account password
get flag
ctfshow{ca9f2b11-4e67-4e8c-bf55-77668927d59d} ( •̀ ω •́ )y
web14
有时候源码里面就能不经意间泄露重要(editor)的信息,默认配置害死人
Since the prompt says the source code, you must check the source code.
Then you continue to search for editor according to the prompts
Let's try and see if we can access the editor
can be opened
Now that the editor is open, we can view the file directly
To open the file space, we must first visit their web files
Here you will see a nothing file which is too obvious
find a txt
you will get an address
We must be trying to find a way to visit him
It is added here that the front is the file path, and the latter is accessible.
get flag
ctfshow{83cf101c-3fe8-46da-b99a-c9ec3cd714f1} ( •̀ ω •́ )y
web15
公开的信息比如邮箱,可能造成信息泄露,产生严重后果
Open the link is a webpage that sells headphones
Since the prompt said email
We'll go directly to the email
Let's record this information first
Try again to see if you can directly access his backend
can access
Just forget the password because we don't know
have a secret
via email just now
We can directly QQ search to get his city, Xi'an
After submitting, get reset password
Go directly to log in to get the flag
ctfshow{bdfc7ba0-7bfe-484e-88e9-d0a409b70bbb} ( •̀ ω •́ )y
web16
对于测试用的探针,使用完毕后要及时删除,可能会造成信息泄露
Go directly to a probe file
Here I won't try them one by one for you. After all, there are a lot of function buttons. You can try it.
We are all about PHP related parameters and find phpinfo
open link
is such a form
Scroll down to find the information you need
get flag
ctfshow{416dcc73-bbf2-4c97-a1a8-bdd47774c506} ( •̀ ω •́ )y
web17
备份的sql文件会泄露敏感信息
There is obviously a database, and you can get the Flag by accessing the sql backup file according to the prompts
Principle: backup.sql
URL/backup.sql
get flag
ctfshow{a917d4f0-8d74-40c8-8e11-76f0922322e3} ( •̀ ω •́ )y
web18
is a little game
We can try to play first to know how he works
Getting 101 points will give you the flag
Let's look directly at the source code
view this file directly
"You win, go to Yaoyao Dianpi I love to eat skin"
Then we will visit 110.PHP
ctfshow{6ab84346-cd65-47bc-958c-7656b1982cbd} ( •̀ ω •́ )y
web19
密钥什么的,就不要放在前端了
View the source code directly
Parameters can be passed directly in HackBar
There is another way to directly decipher the code
Because he is aes code
find an online site
get password i_want_a_36d_girl
Enter account password
get flag
ctfshow{bf92b650-eac6-477c-9de0-e735c6d3c5ce} ( •̀ ω •́ )y
web20
mdb文件是早期asp+access构架的数据库文件,文件泄露相当于数据库被脱裤了。
Add db/db.mdb/ after
get to db.mdb
Open search flag
flag{ctfshow_old_database} ( •̀ ω •́ )y
It's not easy to create, please pay attention
Hope this article is helpful to you