World offensive and defensive novice Web & Crypto writeup
Others
2019-12-27 16:14:59
views: null
viewsource
- Direct f12, chrome or view-source added before url:
getpost
- Plus parameters directly on the line.
- POST parameters without tools directly add a form on the line.
robots
- View robots file will get a php file, obtained access flag.
backup
- Download file index.php.bak obtain flag.
cookie
- View cookie, you can know that there cookie.php, after visiting http get flag from the head.
- Source direct change, delete disabled attribute.
simplejs
- I write a lot of code is useless, in fact, is to fromCharCode read out one by one, directly to the fromCharCode decoding sub char on the line.
xff_Referer
- Fake X-Forwarded-For and Referer.
weak_auth
- Weak passwords, easily guess a few guessed.
webshell
- Use ant sword connection sweep catalog, download flag.txt obtain flag.
command_execution
- Command splicing, first find flag.txt with the find command, see the cat command.
simple_php
base64
caeser
Morse
- Morse code, into a -, 0 replaced.
Railfence
- Manual columns: prompt word is cyberpeace, certainly in the last closing brace
Not just Morse
- Morse code encryption plus bacon
Origin www.cnblogs.com/tiumo/p/11209972.html