Re:从零开始的玄机的应急响应生活 第一章 应急响应-webshell查杀 12345靶机账号密码 root xjwebshell1.黑客webshell里面的flag flag{xxxxx-xxxx-xxxx-xxxx-xxxx}2.黑客使用的什么工具的shell github地址的md5 flag{md5}3.黑客隐藏shell的完整路径的md5 flag{md5} 2025-03-02 每日一题 #应急响应
Re:从零开始的BUU的web生活 [极客大挑战 2019]EasySQL 1admin' or 1=1# [极客大挑战 2019]Havefun f12看源码 12345678 <!--$cat=$_GET['cat'];echo $cat;if($cat=='dog'){ echo 'Syc{cat_cat_cat_ca 2025-03-01 每日一题 #web
ciscn&ccb-ISW 渗透 web-git ciscn&ccb-ISW 渗透 web-git 前言:个人打的最多的一个机子,赛后向学长和师傅要了wp整理复盘了一下 12题目共包含五处flag172.16.160.40 正常的思路是先进行nmap和dir nmap扫到了以下目录 123456789101112131415161718192021222324252627282930313233343536373839404142434 2025-03-18 渗透 #提权 #pop3 #git
ACECTF 2025 web Webrypto 12345I think we can all agree that most of us grew up watching the iconic cartoon Tom & Jerry. Every kid would feel that surge of adrenaline during the thrilling chases and chaotic 2025-02-28 ctf #jwt #php #crypto
Hgame2025-web Week1 web Level 24 Pacman 直接去找源码,控制台赋值 12_SCORE=100000_LIFE=true; 得到之后进行base64,栅栏密码解密 Level 47 BandBomb 1234上传恶意EJS文件 创建一个包含EJS代码的文件,内容为读取flag的代码:aaa.ejs <%= process.env.FLAG || require( 2025-02-22 ctf #ctf
BroncoCTF 2025-web Web Miku’s Autograph 1I am so proud of the fact that I have Miku's autograph. Ha! You don't! 抓包后会看到post发包会有jwt,找不到密钥,两个思路,hs256改为none或者爆破,写脚本伪造 12345678910111213141516171819202122232425262 2025-02-16 ctf #jwt #osint
ctfshow愚人杯2023 easy_signin 1https://87df7daa-eb80-48de-814d-63d0ab5a03f1.challenge.ctf.show/?img=aW5kZXgucGhw index.php进行编码 然后复制源码,base64解码 1234567891011121314151617181920212223<?php/*# -*- coding: utf-8 -*-# @A 2025-01-24 ctf #ctf
THM-Silver Platter Silver Platter INTRO 12345Think you've got what it takes to outsmart the Hack Smarter Security team? They claim to be unbeatable, and now it's your chance to prove them wrong. Dive into th 2025-01-22 渗透 #cve #提权
THM-Mr Robot CTF Mr Robot CTF nmap检测一下但是没找到什么有用信息,直接看网址80,没找到什么,简单的交互没什么用处。 用dirsearch扫一下 12345678910111213141516171819202122232425262728293031323334353637383940414243444546[21:23:55] 200 - 1KB - /admin/[21:23:55] 2025-01-21 渗透 #提权 #wordpress
春秋杯冬季赛2025 Web easy_flask 模板注入无waf 1{{x.__class__.__base__.__subclasses__()[133].__init__.__globals__['popen']('cat flag').read()}} 或者fenjing也可以 file_copy yakit抓包尝试报错看 2025-01-19 ctf #ctf