Web novice problem of attacking and defending the world
2020-11-08 09:40:10 【osc_5emtajt2】
Through self-study for a month web Theoretical knowledge , Also on web After a preliminary understanding of the basic loopholes of , I began to attack and defend the world of brush topic journey . in order to
The senior's task Summing up the knowledge, I wrote this article wp Among them also draw lessons from the idea of a few big man on the net . Let's not talk much nonsense and get to the point .
The first question is view_source
Just in CTF web There must be some uncertainty about the direction , Source code habits , But the first question found that the right mouse button can not be used , The simplest way to view source code has been disabled . But don't panic , We have another artifact , Developer toolbar , Click on the web page F12, Call up to view the source code ,flag It's hidden in it .
This question examines the way we look at the source code , There are only two ways to solve this problem . Here I refer to the data to summarize the way to query the source code .
1. The simplest way is to click the right mouse button to query .
2. use F12 Open the developer toolbar to view .
3. use PHP Script to query .
4 Can pass JS Code to view .
The second question is robots
The title description is obvious , Namely Robots agreement , But I just started Don't understand ,
Everyone laughs and everyone is Xiaoning , There's too much basic knowledge , Now we are looking for the materials to review . therefore Robots What does the agreement mean . Baidu Encyclopedia link I put here robots agreement If you are interested, you can have a look at it yourself , In popular terms, it means robots.txt Give the reptile a range to crawl , The equivalent of a crawler restraint . Since the title reminder is robots agreement , So we open the website robots.txt Go and see what's inside
It was found that there was flag The file of .PHP The name of the file is known , We can open files directly on the website without a crawler .
obtain flage. In fact, this question is about Robort Understanding of the agreement , A very basic problem .
Third question backup
At the beginning, I asked for some questions , Find a backup file , How to find ...
But when I open the real URL , The subject slapped the answer on my face , It's a basic question .
indx The backup file is directly used indx The suffixes of the backed up files are tested one by one . The common suffixes of backup files are .gif .svn .swp .~ .bak .bash_hidtory .bkf After the URL After adding these suffixes, one experiment found that .bak There is .
Here's what I've done over and over again, and there's three files .
Open the notepad and you get Flag
This topic is to investigate the mastery of backup files , The title is simple. .
Fourth question cookie
Another question to write the answer on your face , Go directly to the web page and open the developer toolbar to find the web page cookie.
When you see the prompt, open this PHP file
notice http There's a flag.
But we should not confine ourselves to writing the title , among cookie And how to use cookie To do something, we should understand .cookie In fact, it is a user certificate , The server uses this to determine the identity of the user , But when hackers take advantage of our cookie It's hard for us to disguise ourselves . The most typical vulnerability is CSRF Loophole .CSRF Vulnerability Details If you are interested, you can learn something about .
Fifth question disabled_button
The title page looks like this , The stem has given us a clue disable Property is disabled , We guess at form Some of the elements in are disabled . So is it what we're guessing , Let's get into the topic and have a look at
See this, we open the source code of the page to see
stay 19 OK, we found that there was disable The existence of , We delete it to get
Found it can click on , When we click, we get what we want flage.
Therefore, the purpose of this study is to let us understand HTML The role of each tag element of , Focus on the foundation .
Sixth question weak_auth
The title gives an obvious hint of weak password problem , In this topic, we need to use tools other than browser , I was highly recommended by my schoolmaster for its powerful function .
Let's start with a simple experiment with the login of the web page
When we log in with a random password
Found that the alert user name is admin, Then the rest is left to the tools . But it's important to remember that the choice of dictionary to crack is particularly important , I was writing this question because of the wrong choice of dictionary , Test tens of thousands of samples , Still no answer . Bad memory . After our constant attempts, we finally got the code 123456
In the end, I got flag.
This question is actually to examine the use of tools , If you can't use tools ... One hour self-study starts , Don't ask me how I know , Asking is for nothing .
Sixth question simple_php
The title here probably means
C Language is the best language Xiao Hong wrote a PHP Code then let's solve the problem and click into the page, and we find that Who am I? Where am I? What happened . Why? a0 a It's not a constant ,b>1234b It's not a number ？？ So omnipotent Baidu came out , This involves PHP According to the basic grammar of PHP When a string is valued as a numeric value , The results and types are as follows : If the string does not contain ’.’,’e’,’E’ And its numerical value is in the range of shaping , The string is treated as int To take a value , In all other cases, it is used as float To take a value , The beginning of the string determines its value , If the string starts with a legal value , Then use this value , Otherwise, it's worth 0 Such as ：“0e11”"0e22" When comparing , This kind of string will be recognized as the number of science and Technology Law , therefore 0 To the power of zero .“A”==0 When comparing , Will A Convert it to a number , Forced conversion , because A Is string , The result of the transformation is 0 Nature and 0 equal .“1A”==1 When comparing 1A Convert it to a number 1; but “A1“==1 It turns out to be false, That is to say "A1" Transformed into 0.
So among them a It's converted to when it's cast 0 But it's not a number , Empathy 1234b, The effect is the same . So in URL I'll add ？a=a&&b=12345a Will come to flag
The knowledge involved in this question is PHP The weak type problem of , I don't know much about this as a beginner
This question I also refer to this big man's blog this question solution Blog links It also gives an understanding of PHP Weak type place Learn more PHP Weak type
Question seven get_post
get,post Are two common ways to send a request So we open the topic
The title is simple and clear get send out a=1, So we are URL Followed by ？a=1 send out
So we're using post send out b=2, Because I'm using Google browser post Request can only be used postman Plugins send , I spent a lot of time working on this plug-in Open send post request b=2,
Get what we want flag. In fact, there is no difficulty in this question , It's just an investigation get,post The implementation of the . Review two ways to submit forms .
The eighth question webshell
The problem of Trojan horse is obvious , This is a very dangerous behavior , For example, I smashed my own house , Never imitate , OK, let's get to the point , Actually, it is to test our use of kitchen knife software . Entering the topic, we find that
The content of Trojan horse is given directly. Let's show our protagonist kitchen knife ,
Click Add to
Get into html You can see flag
Open to get flag.
For reasons of time , Just let this out for the time being 8 The analysis of the problem , In fact this 8 All the problems involve big knowledge, the most basic part of which is, for example, the eighth question webshell There are many kinds of classifications of , These questions just let us know CTF There's a simple understanding , I also found my own knowledge loopholes when doing these questions , So I hope I can try to improve myself after reading the analysis . I'll post the rest on my next blog , For the first time, I hope you can point out my mistakes .
- C++ 数字、string和char*的转换
- Won the CKA + CKS certificate with the highest gold content in kubernetes in 31 days!
- C + + number, string and char * conversion
- C + + Learning -- capacity() and resize() in C + +
- C + + Learning -- about code performance optimization
C + + programming experience (6): using C + + style type conversion
Latest party and government work report ppt - Park ppt
Online ID number extraction birthday tool
Field pointer? Dangling pointer? This article will help you understand!
GVRP of hcna Routing & Switching
- LeetCode 91. 解码方法
- Seq2seq implements chat robot
- [chat robot] principle of seq2seq model
- Leetcode 91. Decoding method
- HCNA Routing＆Switching之GVRP
- GVRP of hcna Routing & Switching
- HDU7016 Random Walk 2
- [Code+＃1]Yazid 的新生舞会
- CF1548C The Three Little Pigs
- HDU7033 Typing Contest
- HDU7016 Random Walk 2
- [code + 1] Yazid's freshman ball
- CF1548C The Three Little Pigs
- HDU7033 Typing Contest
- Qt Creator 自动补齐变慢的解决
- HALCON 20.11：如何处理标定助手品质问题
- HALCON 20.11：标定助手使用注意事项
- Solution of QT creator's automatic replenishment slowing down
- Halcon 20.11: how to deal with the quality problem of calibration assistant
- Halcon 20.11: precautions for use of calibration assistant
- "Top ten scientific and technological issues" announced| Young scientists 50 ² forum
- Reverse linked list
- JS data type
- Remember the bug encountered in reading and writing a file
- Singleton mode
- 在这个 N 多编程语言争霸的世界，C++ 究竟还有没有未来？
- In this world of N programming languages, is there a future for C + +?
- js Promise
- js 数组方法 回顾
- ES6 template characters
- js Promise
- JS array method review
- 【Golang】️走进 Go 语言️ 第一课 Hello World
- [golang] go into go language lesson 1 Hello World