sky's blog

2019 Hgame Web Week1

web writeup
字数统计: 146阅读时长: 1 min
2019/01/25 Share

谁吃了我的flag

按照题目描述

以及题目信息

容易想到是.index.html.swp
下载后得到flag

1
hgame{3eek_diScl0Sure_fRom+wEbsit@}

换头大作战


按照要求改http header即可得到flag

1
hgame{hTTp_HeaDeR_iS_Ez}

very easy web

拿到源码

1
2
3
4
5
6
7
8
9
10
11
12
13
14
<?php
error_reporting(0);
include("flag.php");

if(strpos("vidar",$_GET['id'])!==FALSE)
  die("<p>干巴爹</p>");

$_GET['id'] = urldecode($_GET['id']);
if($_GET['id'] === "vidar")
{
  echo $flag;
}
highlight_file(__FILE__);
?>

明显可以2次编码绕过

1
http://120.78.184.111:8080/week1/very_ez/index.php?id=%2576idar

得到flag

1
hgame{urlDecode_Is_GoOd}

can u find me?





得到flag

1
hgame{f12_1s_aMazIng111}

点击赞赏二维码,您的支持将鼓励我继续创作!
CATALOG
  1. 1. 谁吃了我的flag
  2. 2. 换头大作战
  3. 3. very easy web
  4. 4. can u find me?
Total : 225
2020
2019
2018
2017
web writeup crypto misc others cve paper ml IOT
web writeup crypto misc others paper