iloveflag-blog

123456789101112131415161718192021<?phpheader(“content-type:text/html;charset=utf-8”);show_source(__FILE__);echo ‘<pre>’;include(‘u/ip.php’);include(‘flag.php’);if (in_array($_SERVER[‘REMOTE_ADDR’],$ip)){die(“您的ip已进入系统黑名单”);}var_dump($ip);if ($_POST[substr($flag,5...

安装go语言环境和gityum install golang git -y go env检测环境是否正确 git下载ngrok源码cd /usr/local/ git clone https://github.com/inconshreveable/ngrok.git 配置环境变量export GOPATH=/usr/local/ngrok/ export NGROK_DOMAIN=”iloveflag.com” 生成证书:cd /usr/local/ngrok openssl genrsa -out rootCA.key 2048 openssl req ...

直接拉取中文仓库： https://github.com/debiancn/repo 搜狗输入法：im-config 改为fictx ctrl+空格 切换输入法 sublime python+php环境配置插件: 配置c环境:http://www.mingw.org/

做了安恒月赛后深受打击,要做点题提高一下观察respond包里面有个base64加密的flag 手速要快,肯定是要脚本了: 123456789101112import requests,base64url="http://d14acf28eaad4509867c8e946fb41af8f417e367a8d847ec.game.ichunqiu.com/"a=requests.session()r=a.get(url)flag=base64.b64decode(r.headers['flag...

压缩包打开看crc32 前面三个文本合起来就是压缩包密码 通过crc去还原文本内容 每一个都有很多种可能 通过python整合一下 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657list1=["05J728","0EvF7h","2ysXnu","3y2iul","R9DrOf","WQkoQX"...

svn泄露,工具获得源码 在login发现sql注入,waf把’变成\ 令人疑惑的是为什么要加一个\才能有结果,主要思考逻辑结构: payload1:or 1=1# 单引号内都是当做字符串去查询 payload2:or 1=1#’ 本地复现: 1234567891011121314151617181920<?php $dbServername="localhost";$dbUser="root";$dbPassword="";$dbName="...

安装epel扩展源： sudo yum -y install epel-release   建立仓库:vi /etc/repos.d/nginx.repo   写入源: [nginx] name=nginx repo baseurl=http://nginx.org/packages/centos/$releasever/$basearch/ gpgcheck=0 enabled=1 重启:systemctl restart nginx   yum install...

看过来,你踩到的坑我这里都有 看到源码第一反应应该是写入webshell到服务器上,写php木马的烂招式肯定是没用了,23333 参考大佬的exp:<a href=”https://github.com/orangetw/My-CTF-Web-Challenges/blob/master/hitcon-ctf-2017/babyfirst-revenge/exploit.py“ target=”_blank” rel=”nofollow” https://github.com/orangetw/My-CTF-Web-Challenges/blob/master/hitc...

记一下,不然每次都忘了 yum install httpd restart yum install mysql mysql-server -y yum install php php-fpm -y yum install php-mysql php-gd php-imap php-ldap php-odbc php-pear php-xml php-xmlrpc -y service php-fpm restart service mysqld restart service httpd restart     mysql设置密码: mysqladmin -u roo...

filter-文件包含例题:http://4.chinalover.sinaapp.com/web7/index.php 参考:https://blog.csdn.net/qq_35544379/article/details/78230629 发现有一个get file的的文件包含,但是要如何获取flag呢?一直想不通 悄咪咪地搜索了下write up payload为http://4.chinalover.sinaapp.com/web7/index.php?file=php://filter/read=convert.base64-encode/resource=index.php...