Website was hacked
Came bugku; open "Web site was hacked" This question is;
Page is shown;
Such contact with the subject, the general background scanning from the viewpoint;
Sword background scanning tool
Links: https://pan.baidu.com/s/1bebPE9aNEVnV1_o1fgAMvA
Extraction code: w46z
Scan http://123.206.87.240:8002/webshell/ results are as follows and found a website background:
Open this website:
I found the password, then had to think of burpsuite, brute force method.
Then we break it, enter a random string of characters: hacck
Errors, failed password entry.
burpsuite caught package:
sent to intruder;
Do It:
Select the following options; after all, is the basis for the title.
He began to run password, and soon came out a different length.
hack password is him,
Input can be obtained flag.
flag{hack_bug_ku035}
System Administrator
Open link;
And the previous question a little similarities.
Found base64 password; decrypt too: test123
Just enter a user name and password test123;
Too:
burpsuite have to capture:
The For-Forwarded-the X-
the X-Forwarded-the For-: XFF short head, it represents a client-side HTTP request that is true IP, only this time will be added through the HTTP proxy server or load balancing. It is not defined in the standard RFC request header information, you can find a detailed description of the development in squid caching proxy server documentation.
Standard format as follows: X-Forwarded-For: client1, proxy1, proxy2
Fake IP:
Go a little prompting region-related parameters set incorrectly.
I guess we just casually enter a user name is not entered correctly.
With burp blasting it; get the correct user name: admin.
Go repeatergo about to give flag.
flag{85ff2ee4171396724bae20c0bd851f6b}
web4
Open link:
随便提交了个数据 :
查看源码:
很明显是url编码了。
解码得到一串代码:
var p1 = 'function checkSubmit(){var a=document.getElementById("password");if("undefined"!=typeof a){if("67d709b2b';
var p2 = 'aa648cf6e87a7114f1"==a.value)return!0;alert("Error");a.focus();return!1}}document.getElementById("levelQuest").onsubmit=checkSubmit;';
eval(unescape(p1) + unescape('54aa2' + p2));
根据代码含义:得提交如下数据:
67d709b2b54aa2aa648cf6e87a7114f1
提交后得到flag。
KEY{J22JK-HS11}
输入密码查看flag
和上面的爆破一样的套路。
注意题目:5位数字密码。
爆破得到如下:
flag{bugku-baopo-hah}
这道题就很轻松地解了出来。。。难以置信
祝读者有好收获。