题目来源:WDCTF-2017 题目链接:https://adworld.xctf.org.cn/task/answer?type=misc&number=1&grade=1&id=4840&page=4 writeup 下载得到rar 解压得到没有扩展名的文件 刚拿到文件时完全没有思路 参考 https://blog.betamao.me/2017/09/17/2017-%E9%97%AE%E9%BC%8E%E6%9D%AF%E5%88%9D%E8%B5%9B-WP/ f…

题目来源:WDCTF-finals-2017 题目链接:https://adworld.xctf.org.cn/task/answer?type=misc&number=1&grade=1&id=4955&page=4 碎碎念 网上没找到这题的wp //也许是太简单了(?) 顺手写一份. writeup 下载得到PNG图片 Stegsolve检查LSB隐写发现zip 保存为zip 解压得到txt 对于开头好像有点熟悉 查阅了下立马就想起来了 上次写的图片和base64相互转…

进去网站之后发现连接都是包含类型的,就能想到文件包含漏洞(话说刚总结过就能遇到这题,也算是复习啦) 这里用php://filter/read=convert.base64-encode/resource=方法读源码,明面上一共有4个文件,index.php,about.php,services.php,contact.php 但是里面的flag都是假的,其中index.php有部分源码是这样的 包含限制了php后缀,并且%00截断被过滤了(话说这里这样过滤和不过滤没差别吧) 既然4个文件都没有f…

Isabella's Message Time Limit: 2000/1000 MS (Java/Others) Memory Limit: 32768/32768 K (Java/Others) Total Submission(s): 1365 Accepted Submission(s): 400 Problem Description Isabella and Steve are very good friends, and they often write letters to ea…

Isabella's Message Time Limit: 20 Sec  Memory Limit: 256 MB 题目连接 http://acm.hdu.edu.cn/showproblem.php?pid=4119 Description Isabella and Steve are very good friends, and they often write letters to each other. They exchange funny experiences, talk ab…

目录 漏洞利用原理 具体利用步骤 漏洞利用原理 read(, &s, 0x20uLL); if ( strstr(&s, "%p") || strstr(&s, "$p") )//只判断字符串中是不是有地址格式字符p { puts("do you want to leak info?"); exit(); } printf(&s, "$p");//没有的话,就能利用格式化字符串漏洞了 漏洞利用步…

public sealed class EncryptUtils { #region Base64加密解密 /// <summary> /// Base64加密 /// </summary> /// <param name="input">需要加密的字符串</param> /// <returns></returns> public static string Base64Encrypt(string input)…

近期准备参加CTF 一头雾水 开始练练手 https://2018game.picoctf.com/  这个网站挺适合新手的(据说面向高中生?? 惭愧惭愧) 前面几个比较简单 就从 Resources - Points: 50 - (Solves: 26288)这个开始 Resources - Points: 50 - (Solves: 26288) Solve: We put together a bunch of resources to help you out on our websit…

import java.io.UnsupportedEncodingException;import java.security.MessageDigest;import java.security.NoSuchAlgorithmException; public class MD5 {/* * MD5加密 */  public static String getDigest(String str) { MessageDigest messageDigest = null; try { mess…

Refer to http://www.tldp.org/HOWTO/SSL-Certificates-HOWTO/x64.html The content 1.2. What is SSL and what are Certificates? The Secure Socket Layer protocol was created by Netscape to ensure secure transactions between web servers and browsers. The pr…