Re:从零开始的玄机的应急响应生活
第一章 应急响应-webshell查杀 12345靶机账号密码 root xjwebshell1.黑客webshell里面的flag flag{xxxxx-xxxx-xxxx-xxxx-xxxx}2.黑客使用的什么工具的shell github地址的md5 flag{md5}3.黑客隐藏shell的完整路径的md5 flag{md5}
Re:从零开始的BUU的web生活
[极客大挑战 2019]EasySQL 1admin' or 1=1# [极客大挑战 2019]Havefun f12看源码 12345678 <!--$cat=$_GET['cat'];echo $cat;if($cat=='dog'){ echo 'Syc{cat_cat_cat_ca
ciscn&ccb-ISW 渗透 web-git
ciscn&ccb-ISW 渗透 web-git 前言:个人打的最多的一个机子,赛后向学长和师傅要了wp整理复盘了一下 12题目共包含五处flag172.16.160.40 正常的思路是先进行nmap和dir nmap扫到了以下目录 123456789101112131415161718192021222324252627282930313233343536373839404142434
ACECTF 2025
web Webrypto 12345I think we can all agree that most of us grew up watching the iconic cartoon Tom & Jerry. Every kid would feel that surge of adrenaline during the thrilling chases and chaotic
Hgame2025-web
Week1 web Level 24 Pacman 直接去找源码,控制台赋值 12_SCORE=100000_LIFE=true; 得到之后进行base64,栅栏密码解密 Level 47 BandBomb 1234上传恶意EJS文件 创建一个包含EJS代码的文件,内容为读取flag的代码:aaa.ejs <%= process.env.FLAG || require(&#x
BroncoCTF 2025-web
Web Miku’s Autograph 1I am so proud of the fact that I have Miku's autograph. Ha! You don't! 抓包后会看到post发包会有jwt,找不到密钥,两个思路,hs256改为none或者爆破,写脚本伪造 12345678910111213141516171819202122232425262
ctfshow愚人杯2023
easy_signin 1https://87df7daa-eb80-48de-814d-63d0ab5a03f1.challenge.ctf.show/?img=aW5kZXgucGhw index.php进行编码 然后复制源码,base64解码 1234567891011121314151617181920212223<?php/*# -*- coding: utf-8 -*-# @A
THM-Silver Platter
Silver Platter INTRO 12345Think you've got what it takes to outsmart the Hack Smarter Security team? They claim to be unbeatable, and now it's your chance to prove them wrong. Dive into th
