当前位置:网站首页>Web novice problem of attacking and defending the world

Web novice problem of attacking and defending the world

2020-11-08 09:40:10 osc_5emtajt2

Through self-study for a month web Theoretical knowledge , Also on web After a preliminary understanding of the basic loopholes of , I began to attack and defend the world of brush topic journey . in order to The senior's task Summing up the knowledge, I wrote this article wp Among them also draw lessons from the idea of a few big man on the net . Let's not talk much nonsense and get to the point .

The first question is view_source
Just in CTF web There must be some uncertainty about the direction , Source code habits , But the first question found that the right mouse button can not be used , The simplest way to view source code has been disabled . But don't panic , We have another artifact , Developer toolbar , Click on the web page F12, Call up to view the source code ,flag It's hidden in it .
 Insert picture description here

This question examines the way we look at the source code , There are only two ways to solve this problem . Here I refer to the data to summarize the way to query the source code .
1. The simplest way is to click the right mouse button to query .
2. use F12 Open the developer toolbar to view .
3. use PHP Script to query .
4 Can pass JS Code to view .



The second question is robots
 Insert picture description here The title description is obvious , Namely Robots agreement , But I just started Don't understand , Everyone laughs and everyone is Xiaoning , There's too much basic knowledge , Now we are looking for the materials to review . therefore Robots What does the agreement mean . Baidu Encyclopedia link I put here robots agreement If you are interested, you can have a look at it yourself , In popular terms, it means robots.txt Give the reptile a range to crawl , The equivalent of a crawler restraint . Since the title reminder is robots agreement , So we open the website robots.txt Go and see what's inside
 Insert picture description here
It was found that there was flag The file of .PHP The name of the file is known , We can open files directly on the website without a crawler .
 Insert picture description here obtain flage. In fact, this question is about Robort Understanding of the agreement , A very basic problem .



Third question backup
 Insert picture description here At the beginning, I asked for some questions , Find a backup file , How to find ...
But when I open the real URL , The subject slapped the answer on my face , It's a basic question .

 Insert picture description here
indx The backup file is directly used indx The suffixes of the backed up files are tested one by one . The common suffixes of backup files are .gif .svn .swp .~ .bak .bash_hidtory .bkf After the URL After adding these suffixes, one experiment found that .bak There is .
 Insert picture description here Here's what I've done over and over again, and there's three files .
Open the notepad and you get Flag


 Insert picture description here
This topic is to investigate the mastery of backup files , The title is simple. .

Fourth question cookie
 Insert picture description here
Another question to write the answer on your face , Go directly to the web page and open the developer toolbar to find the web page cookie.
 Insert picture description here When you see the prompt, open this PHP file
 Insert picture description here notice http There's a flag.
But we should not confine ourselves to writing the title , among cookie And how to use cookie To do something, we should understand .cookie In fact, it is a user certificate , The server uses this to determine the identity of the user , But when hackers take advantage of our cookie It's hard for us to disguise ourselves . The most typical vulnerability is CSRF Loophole .CSRF Vulnerability Details If you are interested, you can learn something about .




Fifth question disabled_button

 Insert picture description here The title page looks like this , The stem has given us a clue disable Property is disabled , We guess at form Some of the elements in are disabled . So is it what we're guessing , Let's get into the topic and have a look at
 Insert picture description here
See this, we open the source code of the page to see
 Insert picture description here stay 19 OK, we found that there was disable The existence of , We delete it to get
 Insert picture description here Found it can click on , When we click, we get what we want flage.
 Insert picture description here
Therefore, the purpose of this study is to let us understand HTML The role of each tag element of , Focus on the foundation .





Sixth question weak_auth
 Insert picture description here

The title gives an obvious hint of weak password problem , In this topic, we need to use tools other than browser , I was highly recommended by my schoolmaster for its powerful function .

Let's start with a simple experiment with the login of the web page
 Insert picture description here

When we log in with a random password  Insert picture description here
Found that the alert user name is admin, Then the rest is left to the tools . But it's important to remember that the choice of dictionary to crack is particularly important , I was writing this question because of the wrong choice of dictionary , Test tens of thousands of samples , Still no answer . Bad memory . After our constant attempts, we finally got the code 123456
 Insert picture description here
In the end, I got flag.
This question is actually to examine the use of tools , If you can't use tools ... One hour self-study starts , Don't ask me how I know , Asking is for nothing .



Sixth question simple_php
 Insert picture description here The title here probably means C Language is the best language Xiao Hong wrote a PHP Code then let's solve the problem and click into the page, and we find that  Insert picture description here Who am I? Where am I? What happened . Why? a0 a It's not a constant ,b>1234b It's not a number ?? So omnipotent Baidu came out , This involves PHP According to the basic grammar of PHP When a string is valued as a numeric value , The results and types are as follows : If the string does not contain ’.’,’e’,’E’ And its numerical value is in the range of shaping , The string is treated as int To take a value , In all other cases, it is used as float To take a value , The beginning of the string determines its value , If the string starts with a legal value , Then use this value , Otherwise, it's worth 0 Such as :“0e11”"0e22" When comparing , This kind of string will be recognized as the number of science and Technology Law , therefore 0 To the power of zero .“A”==0 When comparing , Will A Convert it to a number , Forced conversion , because A Is string , The result of the transformation is 0 Nature and 0 equal .“1A”==1 When comparing 1A Convert it to a number 1; but “A1“==1 It turns out to be false, That is to say "A1" Transformed into 0.
So among them a It's converted to when it's cast 0 But it's not a number , Empathy 1234b, The effect is the same . So in URL I'll add ?a=a&&b=12345a Will come to flag
 Insert picture description here


The knowledge involved in this question is PHP The weak type problem of , I don't know much about this as a beginner
This question I also refer to this big man's blog this question solution Blog links It also gives an understanding of PHP Weak type place Learn more PHP Weak type

Question seven get_post

 Insert picture description here get,post Are two common ways to send a request So we open the topic

 Insert picture description here
The title is simple and clear get send out a=1, So we are URL Followed by ?a=1 send out

 Insert picture description here So we're using post send out b=2, Because I'm using Google browser post Request can only be used postman Plugins send , I spent a lot of time working on this plug-in  Insert picture description here Open send post request b=2,
 Insert picture description here Get what we want flag. In fact, there is no difficulty in this question , It's just an investigation get,post The implementation of the . Review two ways to submit forms .

The eighth question webshell
 Insert picture description here The problem of Trojan horse is obvious , This is a very dangerous behavior , For example, I smashed my own house , Never imitate , OK, let's get to the point , Actually, it is to test our use of kitchen knife software . Entering the topic, we find that
 Insert picture description here
The content of Trojan horse is given directly. Let's show our protagonist kitchen knife ,
 Insert picture description here



Click Add to  Insert picture description here
Get into html You can see flag
 Insert picture description here

Open to get flag.

For reasons of time , Just let this out for the time being 8 The analysis of the problem , In fact this 8 All the problems involve big knowledge, the most basic part of which is, for example, the eighth question webshell There are many kinds of classifications of , These questions just let us know CTF There's a simple understanding , I also found my own knowledge loopholes when doing these questions , So I hope I can try to improve myself after reading the analysis . I'll post the rest on my next blog , For the first time, I hope you can point out my mistakes .

版权声明
本文为[osc_5emtajt2]所创,转载请带上原文链接,感谢