WHUCTF BlockChain wp

W

武大的比赛,第三题很有意思~ 智能合约? 那是啥 20 pt17 Solves附件题目描述:FLAG, 点击就送 下下来附件直接看源码,发现 flag 在链上存储,直接去这里查看即可 现在来做运算吧 198 pt3 Solves附件题目描述:无 压缩包里给了源码,先看怎么拿 flag: function GetTheFlag(string b64email) public{ require(tx.origin != msg.sender); require(unlock[msg.sender] == true); emit FLAG(b64email, " You got the flag!!"); } 两个 require,第一个用合约调用绕过,第二个可能需要我们先解锁,搜索一下 unlock,发现在 deposit 里可以改变状态: function...

2020 网鼎 Web wp

2

太菜了没进决赛呜呜呜,这次比赛宣传上是照着国内安全奥运会规格来着,但是实际运行起来问题多多。首先 py 就不说了,目前基本无解;其次是让我们队仨 web 手大早上起来看密码和 misc,中午才放出来第一个web题,这个操作是真的秀;最后不知道为啥主办方只让一个队伍同时开一个环境,导致我们只能到处去蹭别人的环境(这也加剧了 py 的程度),体验极差。希望主办方能重视这些问题,下次能给选手良好的做题体验。 notes 题目给了源码,主要功能就是实现了个留言板,有增删改查等操作。有个查询当前状态的功能可以执行 bash 命令: app.route('/status') .get(function(req, res) { let commands = { "script-1": "uptime", "script-2":...

SHARKY CTF Web wp

S

XXExternalXX Firstly, I found the LFI ( local file iclude ) in , so lets try to read some sensitive files like /etc/passwd. The server returns a null page which means our wish are shattered. But something good is that the administrator have not hide the error report so that we can figure out why it doesn’t show the file. According to the error, it seems the interface only accept a xml file...

SHARKY CTF BlockChain wp

S

This morning called by my teammate QiQi to attant this Sharky CTF, very pleasure to ak the BlockChain. Warmup code: pragma solidity = 0.4.25; contract Warmup { bool public locked; constructor() public payable { locked = true; } function unlock() public payable { require(msg.value == 0.005 ether); locked = false; } function withdraw() public payable { require(!locked); msg.sender.call...

WPICTF Web WP

W

👉😎👉 This challege confused me for a long time. Firstly, we can find some JavaScript source code in /static/zoop.js: // ATTENTION: READING THIS SOURCE CODE MAY NOT ONLY BURN YOUR EYES, IT IS IN VIOLATION OF OFFICIAL ZOOP CORP(TM) LTD. LLC OMGWTFBBQ POLICIES $(document).ready(() => { $('#send').click(() => { $('#send-indicator').css('visibility', 'visible'); $('#send-indicator')...

[WUSTCTF2020]TRAIN YOURSELF TO BE GODLY WP

[

质量非常高的一道题,由于不太熟悉 JSP,所以比赛的时候没怎么用心看,题目上了 BUU 之后发现复现起来比较困难,就写个 wp 帮助下其他师傅(骗骗流量)。 tomcat 目录穿越 Orange 师傅在 BlackHat 上有个议题(DEF CON 26 – Orange Tsai – Breaking Parser Logic Take Your Path Normalization Off and Pop 0Days Out,强烈推荐大家去看看),大意就是由于中间件的一些特性,导致了一些神奇的目录穿越现象。比如: 针对于本题的环境,题目是由 Nginx 做反向代理,真实的后端中间件是 Tomcat,两种中间件识别的路径不同,就会造成解析不一致的情况。引用上面 Orange 师傅的总结: 上图可知,Nginx 会解析...

[BUU] 刷题合集1

[

[BUUCTF 2018]Online Tool 访问得到源码: <?php if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) { $_SERVER['REMOTE_ADDR'] = $_SERVER['HTTP_X_FORWARDED_FOR']; } if(!isset($_GET['host'])) { highlight_file(__FILE__); } else { $host = $_GET['host']; $host = escapeshellarg($host); $host = escapeshellcmd($host); $sandbox = md5("glzjin". $_SERVER['REMOTE_ADDR']); echo 'you are...

MRCTF 2020 BlockChain Wp

M

SIMPLEREVEAL 区块链签到题,直接找到合约查看一下变量就行: Unwanted Coin 合约代码给出来了: pragma solidity >=0.6.1; contract Modcoin { mapping(uint256 => bool) public is_successful; function recvpay() public payable { require(((msg.value / 0.001 ether ) % 2 == 0 && ((msg.value % 0.001 ether) == 0)), "Not Accepting These Coins."); } function getflag(uint256 target) public { require((address(this).balance...

WUST-CTF2020 Web Wp

W

武科新生赛,由于 TaQini 师傅号丢了,所以共享了一波账号,被带了个第一,不得不说 TaQini Tql! CheckIn 这题有点恶心,上来就给你放音乐洗脑,还问你 Author 是谁,从题目连接处查到出题人 id,修改下 html 提交: 我怎么就想不到这种给博客引流的办法呢! 翻了翻博客,发现有一个 1970 年的文章,真的是远古博客,文末有一半 flag: 博客首页源代码有另一半: 耗费了我半天经历终于把这个题做了出来,此时不得不叹息出题人的良苦用心,赶紧拿起我的手机给出题人转了一笔辛苦费 admin 万能密码绕登录框,构造 xff 头,get post 传个参,最后给的地址排列组合一下就能拿到flag CV Maker 头像处文件上传,检查了内容,GIF89 文件头绕过直接 getshell。 easyweb...

MRCTF 2020 Web wp

M

北邮新生赛,纪念一下 Nep 登顶(大佬们都是单人打,就我们不要脸的组了个队) 23333 ez_bypass 直接给了源码: <?php include 'flag.php'; $flag='MRCTF{xxxxxxxxxxxxxxxxxxxxxxxxx}'; if(isset($_GET['gg']) && isset($_GET['id'])) { $id=$_GET['id']; $gg=$_GET['gg']; if (md5($id) === md5($gg) && $id !== $gg) { echo 'You got the first step'; if(isset($_POST['passwd'])) { $passwd=$_POST['passwd']; if (...

Imagin 丨 京ICP备18018700号-1


Your sidebar area is currently empty. Hurry up and add some widgets.