Buu摸鱼日记21

 

buu摸鱼日记21

[GWCTF 2019]枯燥的抽奖

考的是伪随机,像个misc题,

https://github.com/lepiaf/php_mt_seed

工具mark一下

[BJDCTF 2nd]duangShell

居然是反弹shell,大开眼界

读取源码/.index.php.swp

<body>
    <center><h1>珍爱网</h1></center>
</body>
</html>
<?php
error_reporting(0);
echo "how can i give you source code? .swp?!"."<br>";
if (!isset($_POST['girl_friend'])) {
    die("where is P3rh4ps's girl friend ???");
} else {
    $girl = $_POST['girl_friend'];
    if (preg_match('/\>|\\\/', $girl)) {
        die('just girl');
    } else if (preg_match('/ls|phpinfo|cat|\%|\^|\~|base64|xxd|echo|\$/i', $girl)) {
        echo "<img src='img/p3_need_beautiful_gf.png'> <!-- He is p3 -->";
    } else {
        //duangShell~~~~
        exec($girl);
    }
}


duangshell的意思一直到看到wp才理解到

因为什么都用不了,所以就nc -e来直接反弹shell,就可以找flag了

有点好玩