#4 byte to have an rce import os WELCOME = ''' _ _ _ _ _ _ _ _ _ | | (_) (_) (_) | | | | | || | | |__ ___ __ _ _ _ __ _ __ ___ _ __ _ __ _ _| | | | ___ ___| | || |_ | '_ \ / _ \/ _` | | '_ \| '_ \ / _ \ '__| |...
· 【misc】[HNCTF 2022 WEEK2]calc_jail_beginner_level4.1(JAIL) --沙盒逃逸,python模板注入变换 · 【misc】[HNCTF 2022 Week1]calc_jail_beginner_level1(JAIL) --沙箱逃逸,python模板注入 · [HNCTF 2022 Week1]calc_jail_beginner_level2(JAIL) · Jail 【Python沙箱逃逸问题合集】 · HNCTF...
121,115,116,101,109]).decode()](bytes([115,104]).decode())进行尝试,后面发现bytes函数被禁用了,可以用另外的函数代替().__class__.__base__.__subclasses__()[-4].__init__.__globals__[bytearray([115,121,115,116,101,109]).decode()](bytearray([115,104]).decode(...
[Week1]Interesting_http 首先是post传参 然后want=flag需要admin验证,改cookie 然后是本地验证,加xff NSSCTF{3caa079f-e3c5-4198-a26e-72c82617dea0} [Week1]2048 游戏题,考察js泄露 直接找就找到flag了 NSSCTF{53160c888e25c3f828b23e316a7ae083} [Week1]easy_upload 直接上传个马 NSSCTF{95a44373-0...
calc_jail_beginner_level6.1 题目描述 题目没有给出远程pyjail的代码。连上远程后,有如下回显: _ _ _ _ _ _ _ __ | | (_) (_) (_) | | | | | / / | |__ ___ __ _ _ _ __ _ __ ___ _ __ _ __ _ _| | | | ___ ___| |/ /_ | '_ \ / _ \/ _` | | '...
calc_jail_beginner 题目描述 题目给出了远程pyjail的代码: #Your goal is to read ./flag.txt #You can use these payload liked `__import__('os').system('cat ./flag.txt')` or `print(open('/flag.txt').read())` WELCOME = ''' _ ___ _ _ _ _ | | | ___| (_) | | (_)...
calc_jail_beginner_level4(JAIL) payload open(bytes([46, 47, 102, 108, 97, 103]).decode()).read()* [WEEK2]laKe laKe laKe(JAIL) 题目代码 #You finsih these two challenge of leak #So cool #Now it's time for laKe!!! import random from io import StringIO import sys sys.addaudit...
except: pass 有长度限制,接着再来看backdoor函数: def backdoor(): print("Please enter the admin key") key = input(">") if(key == fake_key_var_in_the_local_but_real_in_the_remote): code = input(">") try: print(eval(code)) ...
· 【misc】[HNCTF 2022 WEEK2]calc_jail_beginner_level4(JAIL) --沙盒逃逸,python模板注入 · 【misc】[HNCTF 2022 Week1]python2 input(JAIL) --沙盒逃逸,python2环境 · [HNCTF 2022 Week1]calc_jail_beginner_level2(JAIL) · 【十五】breakpoint()函数(1) - 3 · python调用shell命令 ...
分类:misc GGBomb 粉丝-6关注 -0 +加关注 0 0 «上一篇:【misc】[NSSRound#12 Basic]Secrets in Shadow --linux提权,shadow文件hash爆破 »下一篇:【misc】[HNCTF 2022 WEEK2]calc_jail_beginner_level4(JAIL) --沙盒逃逸,python模板注入