table of Contents
Brush title record: 2018HCTF & admin
I. Introduction
After a summer of learning, it is regarded as a serious web dogs, but still real food. Starting today, every day at least one ctf seriously study the question, do see from wp to authenticate to the principle behind the research, quality, strive for each question have a harvest.
Second, the text
Recurring topic links: https://buuoj.cn/challenges
Reference Links: Three Solutions of a problem 2018HCTF & admin
1, problem-solving process
I could not even source code did not find it, do not say, did not expect to make every page view-source, the specific process see reference link it
2, problem-solving approach
(1) forging session
Reference links: client session due to security concerns
tool connection: https://github.com/noraj/flask-session-cookie-manager
(2) Unicode deceive
Knowledge Point: will follow the steps below nodeprep.prepare case conversion
ᴬ -> A -> a
(3) competitive conditions
Test did not succeed, but it may well be a train of thought