buu摸鱼日记21
[GWCTF 2019]枯燥的抽奖
考的是伪随机,像个misc题,
https://github.com/lepiaf/php_mt_seed
工具mark一下
[BJDCTF 2nd]duangShell
居然是反弹shell,大开眼界
读取源码/.index.php.swp
<body>
<center><h1>珍爱网</h1></center>
</body>
</html>
<?php
error_reporting(0);
echo "how can i give you source code? .swp?!"."<br>";
if (!isset($_POST['girl_friend'])) {
die("where is P3rh4ps's girl friend ???");
} else {
$girl = $_POST['girl_friend'];
if (preg_match('/\>|\\\/', $girl)) {
die('just girl');
} else if (preg_match('/ls|phpinfo|cat|\%|\^|\~|base64|xxd|echo|\$/i', $girl)) {
echo "<img src='img/p3_need_beautiful_gf.png'> <!-- He is p3 -->";
} else {
//duangShell~~~~
exec($girl);
}
}
duangshell的意思一直到看到wp才理解到
因为什么都用不了,所以就nc -e来直接反弹shell,就可以找flag了
有点好玩
PREVIOUSBuu摸鱼日记之二十
NEXTBuu摸鱼日记之22