首先进入网站,是一个登录框,使用admin尝试一下。 之后对登录框做了一些常规的SQL注入也都是do not hack me! 但在登录后跳转的search.php页面的源代码中发现一段编码。 MMZFM422K5HDASKDN5TVU3SKOZRFGQRRMMZFM6KJJBSG6WSYJJWESSCWPJNFQSTVLFLTC3CJIQYGOSTZKJ2VSVZRNRFHOPJ5 发现是一段base32编码,解码后又是...
解密发现是base32+base64混合编码,并发现解密后的SQL语句,判断注入点为username select*fromuserwhereusername='$name' 尝试万能密码 显示do not hack me!,怀疑是字符被过滤 order by判断字段数,为4显示异常,确认字段数为3 尝试输出数据库语句,经过测试确认括号被过滤 查看源代码,发现确实or = | ()都被过滤了,...
题目描述: Hack the following server. http://10.0.106.(team number)/ User NamePassword guestpassword admin(Unknown) Note: You do not have to use way of brute force or DoS to solve this challenge. Please do not put a load on bandwidth or disk space. 题目给了一个网站,具备以下2种功能:...
播放MP3文件并不能听到什么有用的信息,我们尝试使用MP3Stego检查文件中使用隐藏了数据,使用MP3Stego的时候需要指定一个密码,这里使用原始图片中显示的MUSTNOTHACK字符串。打开cmd命令提示符,首先切换到C:\tools\MP3Stego\目录,然后执行命令MP3StegoDecode.exe -P MUSTNOTHACK -X C:\Stegano\4\stego\DO_NOT_LOOKING_...
Website Login(Do not brute force / hack this one)
<?php function escape($str){ $str = addslashes($str); return $str;} function check($tocheck){ $tocheck = trim(escape($tocheck)); if(strlen($tocheck)<5){ die("For God Sake, don't try to HACK me!!"); } if(strlen($tocheck)>11){ $tocheck = substr($tocheck, 0, 11); ...
If you always thought that firmware reverse-engineering sounds cool, and you also happen to own a MCH2022 badge, you should try and follow the intricately documented steps of [dojoe]’s writeup. Even for people with little low-level programming experience, repeating this hack is realistic than...
die('Do not hack me!'); } } } ?> 1. 2. 3. 4. 5. 6. 7. 8. 9. admin.php <?php if(empty($_SESSION['name'])){ session_start(); #echo 'hello ' + $_SESSION['name']; }else{ die('you must login with admin'); ...
HackTheBox The OG box site Boxes are curated to ensure quality Now has some CTF-style problems Now has courses to start learning TryHackMe Slightly easier boxes than HackTheBox Step-by-step challenges Now has "learning paths" to guide you through topics CybersecLabs Great collection of ...
近期在整理题目的时候,发现了一道质量不错的Web题,出自2019 TMCTF Final,特此记录一下。 信息搜集 题目描述: Hack the following server. http://10.0.106.(team number)/ User NamePassword guestpassword admin(Unknown) Note: You do not have to use way of brute force or DoS to solve this challenge...