Summer vacation training web

Enterprise 2023-09-19 04:53:44 views: null

1. yi_ge_webshell

After opening the link, the following page will appear.
Insert image description here
Code requirements: Use the incoming code to construct the getFlag() function. The length should be within 50 and does not contain letters, numbers, or underscores.
After searching a lot of information, I found that there is a webshell construction method that does not contain numbers and letters, XOR.
When two strings are XORed, the corresponding Ascii code is converted into a binary operation, and the final result is still a string. Therefore, the getFlag() function can be constructed using the XOR of non-alphanumeric strings.
Use python to run the script to directly get the XOR result of special characters.
Insert image description hereAccording to the XOR result, getFlag is constructed, but
Insert image description heredirectly putting the payload exceeds the limit:
Insert image description hereso consider direct XOR of strings. In addition, you need to construct a getFlag function, which involves how to bypass letters and numbers to call the function. After reading the article, I found that you can use Chinese characters
Insert image description hereto get the flag: SKCTF{yi_ge_sui_bian_xie_de_flag}

Here is the reference article

======================================================

2. ling_yi_ge_webshell

The code appears after opening the link:
Insert image description hereCompared with the question yi_ge_webshell, this question adds an additional $ that cannot appear in the code restriction. According to the XOR result, there are two combinations of this symbol to get the XOR, one is _XOR{, the other is {XOR_. But the code limits the occurrence of underscores, so this method doesn't work. Another tip is: the flag is in the root directory. After reading articles by several experts, I found that the knowledge point examined is Linux wildcards.

References about wildcards 1
References about wildcards 2
References about wildcards 3
Insert image description here Since flag is in the root directory, you can use the wildcard /???/???/ to construct the /bin/cat/ root directory file under. Put the code into the PHP markup, and add the following structure payload: ?code=?><?=/???/???/?>
Then you will get a bunch of code. Search SKCTF to get the flag, but I don’t understand the structure format very well. Why is it?>
Insert image description here
? flag: SKCTF{you_shi_yi_ge_sui_bian_xie_de_flag}

Refer to Wp and Mr. Mou’s articles.

========================================================

Guess you like

Origin blog.csdn.net/weixin_44236278/article/details/98310514
Recommended
Ranking
SpringBoot-integrate redis
[Sword pointing to offer] Interview question 03: Repeated numbers in an array
Arrangement "Offer Penalty for prove safety" string
Browser prevent the automatic generation of fill and Echo have been saved account solutions
Work hard and never slacken——2022 Yinmai Information Year-End Summary
Install jdk7 on Linux system
App common dependency management tools
EduCoder-Web程序设计基础-html5— 给表单组件添加说明-第1关:label标签相关概念
Machine learning - clustering - density clustering algorithm notes
Ant's large model is exposed, AI+ finance enters the "big model" era
Daily
More
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)
2024-04-26(22)
2024-04-25(32)
2024-04-24(30)
2024-04-23(30)
2024-04-22(5)
2024-04-21(0)

Code World

© 2018 codetd.com