University of Science and Technology to recruit a new platform WriteUp

Others 2019-10-02 05:38:06 views: null

0x01 Intro

High school summer vacation along with younger brother secretly mixed with a university of science and technology team recruit new group group announcement, there are welcome address their platform, they made do with school brother together, most of the subject is relatively simple, just right for me to do this chicken dish, It will be recorded as follows WriteUp

0x02 Web

Get

 

 

 

Look at the subject name can get to know the use of mass participation can be obtained flag

When the incoming id = 3 can be obtained flag

 

 

 

Post

 

 

 

Similar to the previous question, but replaced the post of mass participation

Open hackbar in the post data in the past to pass id = 3

 

 

 

Of course, also be other parameter passing method post way

As modified by f12 in the network, CURL, write scripts, etc.

Here is a post script mass participation was py

import requests

r = requests.post('http://47.98.139.42:8083/post.php', data={'id' : '3'})

print(r.text)

 

Ip spoofing

 

 

 

Open only found this sentence

 

That site is now only allowed to visit a local address, so we have to fake ip address

Analyzing the viewer server ip have the following three methods are generally

l HTTP_CLIENT_IP head yes, but unsuccessfully standard, the server may not have achieved.

l HTTP_X_FORWARDED_FOR standard is defined to identify the client through the HTTP proxy client IP address, the format: clientip, proxy1, proxy2. And explained http://zh.wikipedia.org/wiki/X-Forwarded-For

l REMOTE_ADDR is reliable, it is the last handshake with your server IP, is caused by a proxy server, it may be their own reverse proxy.

We can fake ip by modifying the X-Forwarded-For or Clint-Ip http header

 

The following presentations to modify the X-Forwarded-For by firebug

First, press F12 to open firebug, click on the network, select Edit and resend

 

 

 

 

 

After sending in the response can be seen flag

 

Of course, can also be used to modify burp capture head and put the package to get the flag, not in this demo

Cookie deception

 

The topic can be found modify cookie

 

 

 

Capture, modify the cookie field, add a package

 

 

 

Bingo

302 jumps

 

 

 

302 Jump to: when the domain name or URL temporarily abandoned, in order to facilitate this domain name or URL can be redirected to the new domain name or url.

Tap the title will jump to other pages after the flag, rather than the flag points to /redirect.php

 

 

 

 

 

 

We can jump to block 302 via packet capture, you can also get information directly to the page with curl, resulting flag

 

 

 

Referer

 

 

 

 

 

 

Burp capture, modify http referer header field is https://www.google.com to

 

 

 

HTTP Response

 

 

 

According to the meaning of problems, you should view the response server flag

 

 

 

or

 

 

 

or

 

import requests
r = requests.get('http://47.98.139.42:8083/HTTPResponse.php')
print(r.headers)

 

To be continued

 

Guess you like

Origin www.cnblogs.com/r3t7rn/p/11616592.html
Recommended
The “35-year-old curse” of Chinese coders
蘭雅 CorelDRAW 插件 2024.5.1 国际劳动节版,免费下载
Ranking
Methods and Practices of Manufacturing Data Quality Improvement
Serial port upgrade program for efficient transmission of large firmware
Use KITTI to run LIOSAM and complete the EVO evaluation
Calling methods on string literals (Java)
ActiveMQ and Spring integration (4)
You have to know the HTTPS! ! !
PAT whether Structures and Algorithms 7-4 with a binary search tree (40 rows streamlined structure)
el-upload brings request background
UVA - 1204 Fun Game-like pressure dp
2019-12-28
Daily
More
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)
2024-04-26(22)
2024-04-25(32)

Code World

© 2018 codetd.com