Brush title record: 2018HCTF & admin

Others 2019-08-30 10:47:50 views: null

table of Contents

Brush title record: 2018HCTF & admin

I. Introduction

After a summer of learning, it is regarded as a serious web dogs, but still real food. Starting today, every day at least one ctf seriously study the question, do see from wp to authenticate to the principle behind the research, quality, strive for each question have a harvest.

Second, the text

Recurring topic links: https://buuoj.cn/challenges
Reference Links: Three Solutions of a problem 2018HCTF & admin

1, problem-solving process

I could not even source code did not find it, do not say, did not expect to make every page view-source, the specific process see reference link it

2, problem-solving approach

(1) forging session

Reference links: client session due to security concerns
tool connection: https://github.com/noraj/flask-session-cookie-manager

(2) Unicode deceive

Knowledge Point: will follow the steps below nodeprep.prepare case conversion
ᴬ -> A -> a

(3) competitive conditions

Test did not succeed, but it may well be a train of thought

Guess you like

Origin www.cnblogs.com/20175211lyz/p/11432769.html
Recommended
TIOBE May list: Fortran “resurrected” into Top 10
GCC 14.1 released
Ranking
B. Little Girl and Game【1300 / 回文字符串 博弈论】
CIKERS Shane 20190613
"Javascript advanced programming" study notes - the constructor and prototype
beeline hiveserver2 start
springboot - Automatically backup mysql data every day
Data Storage Full Solution--Detailed Persistence Technology
Detailed Explanation of Spring Web MVC DispatcherServlet—Official Original
TCP / IP protocol layers structure and function
Command type literal pos: unknown; Fallback type literal pos: unknown] with root cause
Design of multifunctional curtain controller with indoor anti-theft alarm
Daily
More
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)

Code World

© 2018 codetd.com