buuctf
大白 | png图片改高度
png图片改高度
[外链图片转存失败(img-PojN2D3v-1567086301372)(evernotecid://74A3E6DA-E009-4797-AA60-5DEED9FE4F7A/appyinxiangcom/23464203/ENResource/p2321)]
基础破解 | archpr爆破
你竟然赶我走 | 打开
010editor打开 最后面flag
ningen | easy
binwalk
foremost
爆破
LSB | ss
[外链图片转存失败(img-3ZEH1eki-1567086301372)(evernotecid://74A3E6DA-E009-4797-AA60-5DEED9FE4F7A/appyinxiangcom/23464203/ENResource/p2322)]
[外链图片转存失败(img-73OkHr5k-1567086301373)(evernotecid://74A3E6DA-E009-4797-AA60-5DEED9FE4F7A/appyinxiangcom/23464203/ENResource/p2323)]
save bin
二维码扫描
rar | archpr爆破
qr | 二维码扫描
乌镇峰会种图 | 记事本打开
wireshark | 导出http对象
导出http对象
搜索flag
[外链图片转存失败(img-yRdrxVGS-1567086301373)(evernotecid://74A3E6DA-E009-4797-AA60-5DEED9FE4F7A/appyinxiangcom/23464203/ENResource/p2324)]
找到password
文件中的秘密 | 右键属性
假如给我三天光明
盲文
wav文件
audacity打开
摩尔斯密码
来首歌吧 | 摩尔斯密码
镜子里面的世界 | ss
[外链图片转存失败(img-hwXdn7em-1567086301374)(evernotecid://74A3E6DA-E009-4797-AA60-5DEED9FE4F7A/appyinxiangcom/23464203/ENResource/p2325)]
爱因斯坦
binwalk
foremost
图片属性
this_is_not_password
为解压密码
小明的保险箱
binwalk
foremost
爆破四位数字密码
FLAG
ss打开
[外链图片转存失败(img-KTNksaov-1567086301375)(evernotecid://74A3E6DA-E009-4797-AA60-5DEED9FE4F7A/appyinxiangcom/23464203/ENResource/p2326)]
save bin
解压缩 一个elf文件
ida打开看到hctf
strings 1 | grep “hctf”
easycap
追踪tcp流
被嗅探的流量
导出http对象
一个php文件 实际上不是php 用010editor打开 十六进制视图
flag
梅花香之苦寒来
010editor打开 后面很多0-9 a-f
with open('1.txt','r') as h:
h=h.read()
bb = ''
tem=''
for i in range(0,len(h),2):
tem='0x'+h[i]+h[i+1]
tem=int(tem,base=16)
bb += (chr(tem))
png图片改高度
[外链图片转存失败(img-PojN2D3v-1567086301372)(evernotecid://74A3E6DA-E009-4797-AA60-5DEED9FE4F7A/appyinxiangcom/23464203/ENResource/p2321)]
基础破解 | archpr爆破
你竟然赶我走 | 打开
010editor打开 最后面flag
ningen | easy
binwalk
foremost
爆破
LSB | ss
[外链图片转存失败(img-3ZEH1eki-1567086301372)(evernotecid://74A3E6DA-E009-4797-AA60-5DEED9FE4F7A/appyinxiangcom/23464203/ENResource/p2322)]
[外链图片转存失败(img-73OkHr5k-1567086301373)(evernotecid://74A3E6DA-E009-4797-AA60-5DEED9FE4F7A/appyinxiangcom/23464203/ENResource/p2323)]
save bin
二维码扫描
rar | archpr爆破
qr | 二维码扫描
乌镇峰会种图 | 记事本打开
wireshark | 导出http对象
导出http对象
搜索flag
[外链图片转存失败(img-yRdrxVGS-1567086301373)(evernotecid://74A3E6DA-E009-4797-AA60-5DEED9FE4F7A/appyinxiangcom/23464203/ENResource/p2324)]
找到password
文件中的秘密 | 右键属性
假如给我三天光明
盲文
wav文件
audacity打开
摩尔斯密码
来首歌吧 | 摩尔斯密码
镜子里面的世界 | ss
[外链图片转存失败(img-hwXdn7em-1567086301374)(evernotecid://74A3E6DA-E009-4797-AA60-5DEED9FE4F7A/appyinxiangcom/23464203/ENResource/p2325)]
爱因斯坦
binwalk
foremost
图片属性
this_is_not_password
为解压密码
小明的保险箱
binwalk
foremost
爆破四位数字密码
FLAG
ss打开
[外链图片转存失败(img-KTNksaov-1567086301375)(evernotecid://74A3E6DA-E009-4797-AA60-5DEED9FE4F7A/appyinxiangcom/23464203/ENResource/p2326)]
save bin
解压缩 一个elf文件
ida打开看到hctf
strings 1 | grep “hctf”
easycap
追踪tcp流
被嗅探的流量
导出http对象
一个php文件 实际上不是php 用010editor打开 十六进制视图
flag
梅花香之苦寒来
010editor打开 后面很多0-9 a-f
with open('1.txt','r') as h:
h=h.read()
bb = ''
tem=''
for i in range(0,len(h),2):
tem='0x'+h[i]+h[i+1]
tem=int(tem,base=16)
bb += (chr(tem))
with open('2.txt','w') as ff:
ff.write(bb)
1234567891011
[外链图片转存失败(img-YNWznUSR-1567086301375)(evernotecid://74A3E6DA-E009-4797-AA60-5DEED9FE4F7A/appyinxiangcom/23464203/ENResource/p2327)]
with open('2.txt','r') as f:
f = f.read()
b = open('3.txt','w')
for i in f.split('\n'):
b.write(i.lstrip('(').rstrip(')').replace(',',' ')+'\n')
12345
[外链图片转存失败(img-bveFTjxS-1567086301375)(evernotecid://74A3E6DA-E009-4797-AA60-5DEED9FE4F7A/appyinxiangcom/23464203/ENResource/p2328)]
gnuplot
plot ‘3.txt’
https://tu.sioe.cn/gj/huidu/
灰度处理
后门查杀
d盾扫一下
[外链图片转存失败(img-whpjC0No-1567086301376)(evernotecid://74A3E6DA-E009-4797-AA60-5DEED9FE4F7A/appyinxiangcom/23464203/ENResource/p2329)]
snake
binwalk
foremost
base64
https://blog.csdn.net/zz_Caleb/article/details/91973626
http://serpent.online-domain-tools.com/
[外链图片转存失败(img-Xyvb5Jvq-1567086301376)(evernotecid://74A3E6DA-E009-4797-AA60-5DEED9FE4F7A/appyinxiangcom/23464203/ENResource/p2330)]
a = '''C T F { w h o _ k n e w _ s e r
p e n t _ c i p h e r _ e x i s
t e d } .'''
print a.replace(' ','').replace(' ','').replace('\n','')
1234
荷兰宽带数据泄露
RouterPassView
打开
搜索username
九连环
binwalk
foremost
steghide info xx.jpg
steghide extract -sf xx.jpg
ko.txt
解压
另外一个世界
记事本打开
最后010
八个一组 转字符
import binascii
ff.write(bb)
1234567891011
[外链图片转存失败(img-YNWznUSR-1567086301375)(evernotecid://74A3E6DA-E009-4797-AA60-5DEED9FE4F7A/appyinxiangcom/23464203/ENResource/p2327)]
with open('2.txt','r') as f:
f = f.read()
b = open('3.txt','w')
for i in f.split('\n'):
b.write(i.lstrip('(').rstrip(')').replace(',',' ')+'\n')
12345
[外链图片转存失败(img-bveFTjxS-1567086301375)(evernotecid://74A3E6DA-E009-4797-AA60-5DEED9FE4F7A/appyinxiangcom/23464203/ENResource/p2328)]
gnuplot
plot ‘3.txt’
https://tu.sioe.cn/gj/huidu/
灰度处理
后门查杀
d盾扫一下
[外链图片转存失败(img-whpjC0No-1567086301376)(evernotecid://74A3E6DA-E009-4797-AA60-5DEED9FE4F7A/appyinxiangcom/23464203/ENResource/p2329)]
snake
binwalk
foremost
base64
https://blog.csdn.net/zz_Caleb/article/details/91973626
http://serpent.online-domain-tools.com/
[外链图片转存失败(img-Xyvb5Jvq-1567086301376)(evernotecid://74A3E6DA-E009-4797-AA60-5DEED9FE4F7A/appyinxiangcom/23464203/ENResource/p2330)]
a = '''C T F { w h o _ k n e w _ s e r
p e n t _ c i p h e r _ e x i s
t e d } .'''
print a.replace(' ','').replace(' ','').replace('\n','')
1234
荷兰宽带数据泄露
RouterPassView
打开
搜索username
九连环
binwalk
foremost
steghide info xx.jpg
steghide extract -sf xx.jpg
ko.txt
解压
另外一个世界
记事本打开
最后010
八个一组 转字符
import binascii
a = '''01101011
01101111
01100101
01101011
01101010
00110011
01110011'''
b = ''
for ii in a.split('\n'):
b += chr(int(ii,2))
print b
12345678910111213
神秘龙卷风
爆破
++++++.>+++++++++++++
ook
brainfuck
https://www.splitbrain.org/services/ook
面具下的flag
binwalk
foremost
7z解压vmdk
7z x filename
https://www.splitbrain.org/services/ook
刷新过的图片
F5-steganography
java Extract ./Misc.jpg -e misc
得到一个压缩包 伪加密直接解压
穿越时空的思念
audacity 打开
摩尔斯密码
Mysterious ✨
输入
122xyz
od也应该可以
webshell后门
d盾扫描
隐藏的钥匙
记事本
搜索flag
数据包中的线索
导出http对象
由开头”/9j/”,可知以下数据为jpg图片,“/9j/”经base64解码后结果为“\xff \xd8 \xff”,该三字节为jpg文件的开头三字节,所以可推断出以下文件为jpg文件。
data:image/jpeg;base64,
浏览器
菜刀666
导出http对象
压缩包 需要密码
图片 画着密码
https://4hou.win/wordpress/?paged=2&cat=1023
喵喵喵
ss得到png
[外链图片转存失败(img-BSze7Mml-1567086301376)(evernotecid://74A3E6DA-E009-4797-AA60-5DEED9FE4F7A/appyinxiangcom/23464203/ENResource/p2331)]
[外链图片转存失败(img-thOxtvcm-1567086301377)(evernotecid://74A3E6DA-E009-4797-AA60-5DEED9FE4F7A/appyinxiangcom/23464203/ENResource/p2332)]
修改高度
[外链图片转存失败(img-hvbdSnNI-1567086301377)(evernotecid://74A3E6DA-E009-4797-AA60-5DEED9FE4F7A/appyinxiangcom/23464203/ENResource/p2333)]
win10画图 反色
扫描二维码
下载一个压缩包
只能用winrar解压
ntfstreamseditor扫描
pyc文件
https://tool.lu/pyc/
反编译 得到加密脚本和c 逆向
def decrypt(c):
c = c[::-1]
flag = ''
for i in range(len(c)):
if i%2 == 0:
s = int(c[i])-10
else:
s = int(c[i])+10
s = chr(s^i)
flag += s
return flag
1234567891011
弱口令
压缩包打开 注释中不可见字符
复制到sublime text3 全选 显示摩尔斯密码
解码 转大写
解压
lsb隐写
lsb.py
蜘蛛侠呀 ✨
时间隐写
https://coxxs.me/642
http://yulige.top/?p=236
tshark -r out.pcap -T fields -e data >out.txt
lines = open("out00.txt",'rb').readlines()
files = open("out01.txt","wb")
for line in lines:
files.write(line.strip().decode('hex'))
files.close()
12345
01101111
01100101
01101011
01101010
00110011
01110011'''
b = ''
for ii in a.split('\n'):
b += chr(int(ii,2))
print b
12345678910111213
神秘龙卷风
爆破
++++++.>+++++++++++++
ook
brainfuck
https://www.splitbrain.org/services/ook
面具下的flag
binwalk
foremost
7z解压vmdk
7z x filename
https://www.splitbrain.org/services/ook
刷新过的图片
F5-steganography
java Extract ./Misc.jpg -e misc
得到一个压缩包 伪加密直接解压
穿越时空的思念
audacity 打开
摩尔斯密码
Mysterious ✨
输入
122xyz
od也应该可以
webshell后门
d盾扫描
隐藏的钥匙
记事本
搜索flag
数据包中的线索
导出http对象
由开头”/9j/”,可知以下数据为jpg图片,“/9j/”经base64解码后结果为“\xff \xd8 \xff”,该三字节为jpg文件的开头三字节,所以可推断出以下文件为jpg文件。
data:image/jpeg;base64,
浏览器
菜刀666
导出http对象
压缩包 需要密码
图片 画着密码
https://4hou.win/wordpress/?paged=2&cat=1023
喵喵喵
ss得到png
[外链图片转存失败(img-BSze7Mml-1567086301376)(evernotecid://74A3E6DA-E009-4797-AA60-5DEED9FE4F7A/appyinxiangcom/23464203/ENResource/p2331)]
[外链图片转存失败(img-thOxtvcm-1567086301377)(evernotecid://74A3E6DA-E009-4797-AA60-5DEED9FE4F7A/appyinxiangcom/23464203/ENResource/p2332)]
修改高度
[外链图片转存失败(img-hvbdSnNI-1567086301377)(evernotecid://74A3E6DA-E009-4797-AA60-5DEED9FE4F7A/appyinxiangcom/23464203/ENResource/p2333)]
win10画图 反色
扫描二维码
下载一个压缩包
只能用winrar解压
ntfstreamseditor扫描
pyc文件
https://tool.lu/pyc/
反编译 得到加密脚本和c 逆向
def decrypt(c):
c = c[::-1]
flag = ''
for i in range(len(c)):
if i%2 == 0:
s = int(c[i])-10
else:
s = int(c[i])+10
s = chr(s^i)
flag += s
return flag
1234567891011
弱口令
压缩包打开 注释中不可见字符
复制到sublime text3 全选 显示摩尔斯密码
解码 转大写
解压
lsb隐写
lsb.py
蜘蛛侠呀 ✨
时间隐写
https://coxxs.me/642
http://yulige.top/?p=236
tshark -r out.pcap -T fields -e data >out.txt
lines = open("out00.txt",'rb').readlines()
files = open("out01.txt","wb")
for line in lines:
files.write(line.strip().decode('hex'))
files.close()
12345
import base64
lines = open("out0.txt",'rb').readlines()
file1 = open("new",'wb')
result = ''
for line in lines[4:-4]:
result += line[9:].strip()
file1.write(base64.b64decode(result))
lines = open("out0.txt",'rb').readlines()
file1 = open("new",'wb')
result = ''
for line in lines[4:-4]:
result += line[9:].strip()
file1.write(base64.b64decode(result))
'''
result = ''
lines = open("out.txt",'rb').readlines()
print lines[4:-4]
'''
1234567891011121314
a = open("out01.txt",'rb').readlines()
file1 = open("result1",'wb')
for i in range(len(a)):
bb = a[i].strip()
if bb == a[i-1].strip():
continue
file1.write(bb+'\n')
1234567
解压 flag.gif
identify -format “%T” flag.gif
[外链图片转存失败(img-W46ai2jZ-1567086301377)(evernotecid://74A3E6DA-E009-4797-AA60-5DEED9FE4F7A/appyinxiangcom/23464203/ENResource/p2334)]
明显的二进制了,把20换0,把50换1.
binary转hex转ascii码
# coding:utf-8
import binascii
import hashlib
# import base64
# lines = open('result1.txt','rb').readlines()
# file = open('file','wb')
# flag = ''
# for line in lines[1:-1]:
# flag += line[9:]
# file.write(base64.b64decode(flag))
result = ''
lines = open("out.txt",'rb').readlines()
print lines[4:-4]
'''
1234567891011121314
a = open("out01.txt",'rb').readlines()
file1 = open("result1",'wb')
for i in range(len(a)):
bb = a[i].strip()
if bb == a[i-1].strip():
continue
file1.write(bb+'\n')
1234567
解压 flag.gif
identify -format “%T” flag.gif
[外链图片转存失败(img-W46ai2jZ-1567086301377)(evernotecid://74A3E6DA-E009-4797-AA60-5DEED9FE4F7A/appyinxiangcom/23464203/ENResource/p2334)]
明显的二进制了,把20换0,把50换1.
binary转hex转ascii码
# coding:utf-8
import binascii
import hashlib
# import base64
# lines = open('result1.txt','rb').readlines()
# file = open('file','wb')
# flag = ''
# for line in lines[1:-1]:
# flag += line[9:]
# file.write(base64.b64decode(flag))
a = open("11",'r')
b = a.read().replace("“",'').replace("”","").replace("20",'0').replace("50",'1').replace('6','')
b = a.read().replace("“",'').replace("”","").replace("20",'0').replace("50",'1').replace('6','')
bb = binascii.unhexlify(hex(int(b,2))[2:-1])
print 'flag{'+hashlib.md5(bb).hexdigest()+'}'
12345678910111213141516
identify -format “%s %T \n” flag.gif
我爱Linux
https://www.cnblogs.com/puluotiya/p/5462114.html
https://www.cnblogs.com/harmonica11/p/11365782.html
python序列化文件的数据
将FF D9后保存出来,将序列化文件读出来
import pickle
with open('q', 'rb') as f:
f= pickle.load(f)
data = list()
for i in range(len(f)):
tem = [' ']*100
data.append(tem)
for i, j in enumerate(f):
for m in j:
data[i][m[0]] = m[1]
for i in data:
print(''.join(i))
123456789101112
[外链图片转存失败(img-gNVt98SV-1567086301378)(evernotecid://74A3E6DA-E009-4797-AA60-5DEED9FE4F7A/appyinxiangcom/23464203/ENResource/p2335)]
usb ✨
https://wenku.baidu.com/view/b7889b64783e0912a2162aa4.html
rar文件结构
[外链图片转存失败(img-swFxOcqG-1567086301378)(evernotecid://74A3E6DA-E009-4797-AA60-5DEED9FE4F7A/appyinxiangcom/23464203/ENResource/p2336)]
[外链图片转存失败(img-69v6RI79-1567086301380)(evernotecid://74A3E6DA-E009-4797-AA60-5DEED9FE4F7A/appyinxiangcom/23464203/ENResource/p2337)]
https://blog.csdn.net/like98k/article/details/79533536
https://blog.csdn.net/qq_36609913/article/details/78578406
https://www.mygeocachingprofile.com/codebreaker.vigenerecipher.aspx
mappings = { 0x04:"A", 0x05:"B", 0x06:"C", 0x07:"D", 0x08:"E", 0x09:"F", 0x0A:"G", 0x0B:"H", 0x0C:"I", 0x0D:"J", 0x0E:"K", 0x0F:"L", 0x10:"M", 0x11:"N",0x12:"O", 0x13:"P", 0x14:"Q", 0x15:"R", 0x16:"S", 0x17:"T", 0x18:"U",0x19:"V", 0x1A:"W", 0x1B:"X", 0x1C:"Y", 0x1D:"Z", 0x1E:"1", 0x1F:"2", 0x20:"3", 0x21:"4", 0x22:"5", 0x23:"6", 0x24:"7", 0x25:"8", 0x26:"9", 0x27:"0", 0x28:"\n", 0x2a:"[DEL]", 0X2B:" ", 0x2C:" ", 0x2D:"-", 0x2E:"=", 0x2F:"[", 0x30:"]", 0x31:"\\", 0x32:"~", 0x33:";", 0x34:"'", 0x36:",", 0x37:"." }
nums = []
keys = open('usbdata.txt')
for line in keys:
if line[0]!='0' or line[1]!='0' or line[3]!='0' or line[4]!='0' or line[9]!='0' or line[10]!='0' or line[12]!='0' or line[13]!='0' or line[15]!='0' or line[16]!='0' or line[18]!='0' or line[19]!='0' or line[21]!='0' or line[22]!='0':
continue
nums.append(int(line[6:8],16))
keys.close()
output = ""
for n in nums:
if n == 0 :
continue
if n in mappings:
output += mappings[n]
else:
output += '[unknown]'
print 'output :\n' + output
print 'flag{'+hashlib.md5(bb).hexdigest()+'}'
12345678910111213141516
identify -format “%s %T \n” flag.gif
我爱Linux
https://www.cnblogs.com/puluotiya/p/5462114.html
https://www.cnblogs.com/harmonica11/p/11365782.html
python序列化文件的数据
将FF D9后保存出来,将序列化文件读出来
import pickle
with open('q', 'rb') as f:
f= pickle.load(f)
data = list()
for i in range(len(f)):
tem = [' ']*100
data.append(tem)
for i, j in enumerate(f):
for m in j:
data[i][m[0]] = m[1]
for i in data:
print(''.join(i))
123456789101112
[外链图片转存失败(img-gNVt98SV-1567086301378)(evernotecid://74A3E6DA-E009-4797-AA60-5DEED9FE4F7A/appyinxiangcom/23464203/ENResource/p2335)]
usb ✨
https://wenku.baidu.com/view/b7889b64783e0912a2162aa4.html
rar文件结构
[外链图片转存失败(img-swFxOcqG-1567086301378)(evernotecid://74A3E6DA-E009-4797-AA60-5DEED9FE4F7A/appyinxiangcom/23464203/ENResource/p2336)]
[外链图片转存失败(img-69v6RI79-1567086301380)(evernotecid://74A3E6DA-E009-4797-AA60-5DEED9FE4F7A/appyinxiangcom/23464203/ENResource/p2337)]
https://blog.csdn.net/like98k/article/details/79533536
https://blog.csdn.net/qq_36609913/article/details/78578406
https://www.mygeocachingprofile.com/codebreaker.vigenerecipher.aspx
mappings = { 0x04:"A", 0x05:"B", 0x06:"C", 0x07:"D", 0x08:"E", 0x09:"F", 0x0A:"G", 0x0B:"H", 0x0C:"I", 0x0D:"J", 0x0E:"K", 0x0F:"L", 0x10:"M", 0x11:"N",0x12:"O", 0x13:"P", 0x14:"Q", 0x15:"R", 0x16:"S", 0x17:"T", 0x18:"U",0x19:"V", 0x1A:"W", 0x1B:"X", 0x1C:"Y", 0x1D:"Z", 0x1E:"1", 0x1F:"2", 0x20:"3", 0x21:"4", 0x22:"5", 0x23:"6", 0x24:"7", 0x25:"8", 0x26:"9", 0x27:"0", 0x28:"\n", 0x2a:"[DEL]", 0X2B:" ", 0x2C:" ", 0x2D:"-", 0x2E:"=", 0x2F:"[", 0x30:"]", 0x31:"\\", 0x32:"~", 0x33:";", 0x34:"'", 0x36:",", 0x37:"." }
nums = []
keys = open('usbdata.txt')
for line in keys:
if line[0]!='0' or line[1]!='0' or line[3]!='0' or line[4]!='0' or line[9]!='0' or line[10]!='0' or line[12]!='0' or line[13]!='0' or line[15]!='0' or line[16]!='0' or line[18]!='0' or line[19]!='0' or line[21]!='0' or line[22]!='0':
continue
nums.append(int(line[6:8],16))
keys.close()
output = ""
for n in nums:
if n == 0 :
continue
if n in mappings:
output += mappings[n]
else:
output += '[unknown]'
print 'output :\n' + output
output :
KEYXINAN
[Finished in 0.1s]
KEYXINAN
[Finished in 0.1s]
123456789101112131415161718192021222324
binwalk xxx
foremost xxx
tshark -r key.pcap -T fields -e usb.capdata > usbdata.txt
ci{v3erf_0tygidv2_fc0}
fa{i3eei_0llgvgn2_sc0}
栅栏
flag{vig3ne2e_is_c00l}
sqltest 未完成
import requests
import os
import urllib
import re
oo = []
pp = []
a = os.listdir('.')
for ii in a:
vv = open(ii,'r')
if "This's Title!" in vv.read() and 'ascii(substr(((select concat_ws(char(94), flag)' in urllib.unquote(ii):
oo.append(urllib.unquote(ii))
for ii in oo:
# print ii
# print ii[ii.find('>')+1:]
print re.findall(r', (.*?),',ii)[1]
123456789101112131415
被劫持的神秘礼物
http过滤
追踪tcp流
import hashlib
print hashlib.md5('adminaadminb').hexdigest()
————————————————
版权声明:本文为CSDN博主「mo0rain」的原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接及本声明。
原文链接:https://blog.csdn.net/qq_41173457/article/details/100147514
binwalk xxx
foremost xxx
tshark -r key.pcap -T fields -e usb.capdata > usbdata.txt
ci{v3erf_0tygidv2_fc0}
fa{i3eei_0llgvgn2_sc0}
栅栏
flag{vig3ne2e_is_c00l}
sqltest 未完成
import requests
import os
import urllib
import re
oo = []
pp = []
a = os.listdir('.')
for ii in a:
vv = open(ii,'r')
if "This's Title!" in vv.read() and 'ascii(substr(((select concat_ws(char(94), flag)' in urllib.unquote(ii):
oo.append(urllib.unquote(ii))
for ii in oo:
# print ii
# print ii[ii.find('>')+1:]
print re.findall(r', (.*?),',ii)[1]
123456789101112131415
被劫持的神秘礼物
http过滤
追踪tcp流
import hashlib
print hashlib.md5('adminaadminb').hexdigest()
————————————————
版权声明:本文为CSDN博主「mo0rain」的原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接及本声明。
原文链接:https://blog.csdn.net/qq_41173457/article/details/100147514
buuctf的更多相关文章
- 刷题记录:[BUUCTF 2018]Online Tool
目录 刷题记录:[BUUCTF 2018]Online Tool 一.知识点 1.escapeshellarg和escapeshellcmd使用不当导致rce 刷题记录:[BUUCTF 2018]On ...
- BUUCTF 部分wp
目录 Buuctf crypto 0x01传感器 提示是曼联,猜测为曼彻斯特密码 wp:https://www.xmsec.cc/manchester-encode/ cipher: 55555555 ...
- buuctf misc 刷题记录
1.金三胖 将gif分离出来. 2.N种方法解决 一个exe文件,果然打不开,在kali里分析一下:file KEY.exe,ascii text,先txt再说,base64 图片. 3.大白 crc ...
- BUUCTF知识记录
[强网杯 2019]随便注 先尝试普通的注入 发现注入成功了,接下来走流程的时候碰到了问题 发现过滤了select和where这个两个最重要的查询语句,不过其他的过滤很奇怪,为什么要过滤update, ...
- buuctf misc wp 01
buuctf misc wp 01 1.金三胖 2.二维码 3.N种方法解决 4.大白 5.基础破解 6.你竟然赶我走 1.金三胖 root@kali:~/下载/CTF题目# unzip 77edf3 ...
- buuctf misc wp 02
buuctf misc wp 02 7.LSB 8.乌镇峰会种图 9.rar 10.qr 11.ningen 12.文件中的秘密 13.wireshark 14.镜子里面的世界 15.小明的保险箱 1 ...
- BUUCTF WEB-WP(3)
BUUCTF WEB 几道web做题的记录 [ACTF2020 新生赛]Exec 知识点:exec命令执行 这题最早是在一个叫中学生CTF平台上看到的类似,比这题稍微要复杂一些,多了一些限制(看看大佬 ...
- BUUCTF Crypto_WP(2)
BUUCTF Crypto WP 几道密码学wp [GXYCTF2019]CheckIn 知识点:Base64,rot47 下载文件后,发现一个txt文件,打开发现一串base64,界面之后出现一串乱 ...
- BUUCTF WEB
BUUCTF 几道WEB题WP 今天做了几道Web题,记录一下,Web萌新写的不好,望大佬们见谅○| ̄|_ [RoarCTF 2019]Easy Calc 知识点:PHP的字符串解析特性 参考了一下网 ...
- BUUCTF Crypto
BUUCTF 几道crypto WP [AFCTF2018]Morse 简单的莫尔斯密码,最直观的莫尔斯密码是直接采用空格分割的点和划线,这题稍微绕了一下使用的是斜杠来划分 所以首先将斜杠全部替换为空 ...
随机推荐
- java8的ConcurrentHashMap为何放弃分段锁,为什么要使用CAS+Synchronized取代Segment+ReentrantLock
原文地址:https://cloud.tencent.com/developer/article/1509556 推荐一篇 ConcurrentHashMap 和 HashMap 写的比较的的文章 j ...
- Java判断一个字符串是否有中文
Java判断一个字符串是否有中文一般情况是利用Unicode编码(CJK统一汉字的编码区间:0x4e00–0x9fbb)的正则来做判断,但是其实这个区间来判断中文不是非常精确,因为有些中文的标点符号比 ...
- Selenium3+python自动化012+日志logging基本用法、高级用法
1.关键字: login 登录 log 日志 logging python日志模块 2.什么叫日志: 日志用来记录用户行为或者代码的执行过程 3.日志使用的地方: 1.排错的时候需要打印很多细节来帮助 ...
- Appium+Python+Pycharm如何创建并运行自动化测试脚本【真机运行】
一.将测试机连接电脑,手机上会有一些提示,总之都允许就可以了,开始USB调试模式,之后打开cmd,输入adb devices,查看手机是否成功连接,如下图所示: 上图中可以看到,有一台设备已经成功连接 ...
- Activiti工作流学习之SpringBoot整合Activiti5.22.0实现在线设计器(二)
一.概述 网上有很多关于Eclipse.IDEA等IDE插件通过拖拽的方式来画工作流程图,个人觉得还是不够好,所以花点时间研究了一下Activiti在线设计器,并与SpringBoot整合. 二.实现 ...
- web前端技术阅读
2015年 <响应式web设计>--响应式布局,渐进增强,优雅降级 <javascript高级程序设计>--js基础 2016年 <javascript语言精粹>- ...
- 白面系列 mongoDB
mongoDB和redis一样,都是noSQL技术之一. redis是Key-Value存储,mongoDB是文档存储. 文档存储一般用类似json的格式存储,存储的内容是文档型的.文档是一组键值(k ...
- HTML表单处理
一.表单简介 表单的处理是一个多进程.首先创建一张表单,以供用固话输入详细的请求信息.接着,输入的数据被发送到服务器,在服务器里这些数据得到编译和错误检测.如果PHP代码识别出一个或多个需要重新输入的 ...
- 手机app测试要点(复制文)
一.简介 移动应用App已经渗透到每个人的生活.娱乐.学习.工作当中,令人激动.兴奋且具有创造性的各种App犹如雨后春笋般交付到用户手中.各类智能终端也在快速发布,而开发者对于全球移动设备的质量和性能 ...
- 【资源分享】Gmod日志记录脚本
*----------------------------------------------[下载区]----------------------------------------------* ...