ctfshow - information gathering

Language 2023-04-16 23:56:05 views: null

web1

Right click to view the source code to get the flag

web2

The right button is disabled, you can ctrl+u to view the source code to get the flag

web3

Capture the packet to get the flag

[External link picture transfer failed, the source site may have an anti-theft link mechanism, it is recommended to save the picture and upload it directly (img-MJqqnzT8-1672724024637)(ctfshow information collection.assets/image-20230103110640937.png)]

web4

The topic hints that in robots, you can scan it out with dirsearch

[External link picture transfer failed, the source site may have an anti-theft link mechanism, it is recommended to save the picture and upload it directly (img-hWuxwuWG-1672724024638) (ctfshow information collection.assets/image-20230103111135364.png)]

Visit robots.txt

[External link picture transfer failed, the source site may have an anti-theft link mechanism, it is recommended to save the picture and upload it directly (img-I9itdJn8-1672724024639) (ctfshow information collection.assets/image-20230103111213754.png)]

Then visit /flagishere.txt to get the flag

web5

The title prompts that the source code is leaked, and then scan it with dirsearch

[External link image transfer failed, the source site may have an anti-leeching mechanism, it is recommended to save the image and upload it directly (img-xIMlEEY4-1672724024639) (ctfshow information collection.assets/image-20230103112332329.png)]

Visit index.phps to get the flag

web6

Or scan with dirsearch

[External link picture transfer failed, the source site may have an anti-leeching mechanism, it is recommended to save the picture and upload it directly (img-5wRzGb2X-1672724024640) (ctfshow information collection.assets/image-20230103112809860.png)]

Visit www.zip

[External link picture transfer failed, the source site may have an anti-theft link mechanism, it is recommended to save the picture and upload it directly (img-tR2NmWBT-1672724024640) (ctfshow information collection.assets/image-20230103112856519.png)]

Visit /fl000g.txt to get the flag

web7

Git leaks or use dirsearch to scan them out

[External link picture transfer failed, the source site may have an anti-leeching mechanism, it is recommended to save the picture and upload it directly (img-ggcOxlfT-1672724024641) (ctfshow information collection.assets/image-20230103113234788.png)]

Just visit

web8

Continue to scan with dirsearch

[External link picture transfer failed, the source site may have an anti-leeching mechanism, it is recommended to save the picture and upload it directly (img-oX7hveOj-1672724024641)(ctfshow information collection.assets/image-20230103113423446.png)]

Just visit

web9

Same steps as above, scan out /index.php.swp

web10

Find the flag in the cookie

insert image description here

web11

Official tip: Domain names can actually hide information, for example, flag. ctfshow .com hides a message

Due to dynamic updates, the txt record will change, and the question directly gives the answer

web12

Scanned out robots.txt with dirsearch

[External link picture transfer failed, the source site may have an anti-theft link mechanism, it is recommended to save the picture and upload it directly (img-RPdlXkWY-1672724024642) (ctfshow information collection.assets/image-20230103115028460.png)]

Go to /admin/ again, there is a login page, which requires an account number and password, guess the account number is admin, pull to the bottom to find the password

[External link picture transfer failed, the source site may have an anti-leeching mechanism, it is recommended to save the picture and upload it directly (img-KzIWI3PG-1672724024642) (ctfshow information collection.assets/image-20230103115523268.png)]

web13

found at the bottom of the page

[External link picture transfer failed, the source site may have an anti-leeching mechanism, it is recommended to save the picture and upload it directly (img-lMdLagZN-1672724024642) (ctfshow information collection.assets/image-20230103120140070.png)]

Click to find the login address and account password, log in to get the flag

web14

Visit the editor according to the title prompt

[External link picture transfer failed, the source site may have an anti-leeching mechanism, it is recommended to save the picture and upload it directly (img-QogZw65K-1672724024643) (ctfshow information collection.assets/image-20230103130515003.png)]

You can read any file

web15

Visit the /admin page (can be scanned by dirsearch) to find the background login system, click to change the password

[External link picture transfer failed, the source site may have an anti-leeching mechanism, it is recommended to save the picture and upload it directly (img-FySxoxfA-1672724024643) (ctfshow information collection.assets/image-20230103131102417.png)]

Ask in which city, there is a QQ at the end of the homepage

[External link picture transfer failed, the source site may have an anti-leeching mechanism, it is recommended to save the picture and upload it directly (img-6COosFef-1672724024643) (ctfshow information collection.assets/image-20230103131128837.png)]

Found in Xi'an after searching

[External link picture transfer failed, the source site may have an anti-leeching mechanism, it is recommended to save the picture and upload it directly (img-nMYD6NrQ-1672724024644) (ctfshow information collection.assets/image-20230103131153549.png)]

After submitting, you will get the password, user name teacher admin, log in and get the flag

web16

Visit /tz.php (dirsearch can scan)

[External link picture transfer failed, the source site may have an anti-theft link mechanism, it is recommended to save the picture and upload it directly (img-2byJnLXA-1672724024644)(ctfshow information collection.assets/image-20230103131748894.png)]

Click to enter phpinfo and search for ctfshow to get the flag

web17

Access backup.sql (dirsearch can be scanned)

web18

View js

[External link picture transfer failed, the source site may have an anti-theft link mechanism, it is recommended to save the picture and upload it directly (img-zi38BDYV-1672724024644) (ctfshow information collection.assets/image-20230103132036450.png)]

unicode decoding dedaoflag

web19

view source code

[External link picture transfer failed, the source site may have an anti-leeching mechanism, it is recommended to save the picture and upload it directly (img-WL8EajdW-1672724024645) (ctfshow information collection.assets/image-20230103132355270.png)]

Submit to get the flag

[External link picture transfer failed, the source site may have an anti-leeching mechanism, it is recommended to save the picture and upload it directly (img-7iBPiPGB-1672724024645) (ctfshow information collection.assets/image-20230103132415350.png)]

web20

unicode decoding dedaoflag

web19

view source code

insert image description here

Submit to get the flag

[External link image transfer...(img-7iBPiPGB-1672724024645)]

web20

Visit /db/db.mdb and open the search flag with Notepad

Guess you like

Origin blog.csdn.net/qq_63928796/article/details/128531717
Recommended
The number of MaxKB GitHub Stars, an open source knowledge base question and answer system based on large language models, exceeded 5,000!
Ranking
Getting the basic concepts of ROS + catkin Profile
Spring Learning (2) --- Assembling Beans in the IoC Container
js to get the src attribute of the image regularly
STM32 is based on CubeIDE and HAL library basics entry study notes: Bluetooth WIFI STM32 connects to Alibaba Cloud
Short video learning - 3, pandas simple use of pivot_table
Print directory of project configuration log, output log
Understand the difference between vi and vim in Linux in 3 minutes
1 + x certificate Web front-end development HTML5 special exercises
mangodb save and insert the difference
7-1 Family tree processing (50 points) (binary tree solution)
Daily
More
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)

Code World

© 2018 codetd.com